eIDAS 2 Transition: Impact on Signature in 2025

On 20 May 2024, regulation (EU) 2024/1183 — commonly called eIDAS 2 — was published in the Official Journal of the European Union, progressively repealing regulation No 910/2014 (eIDAS 1). This text represents the most significant reform of digital identity and electronic signature in Europe since 2016. For French companies using electronic signature solutions in their contractual workflows, the transition is not a mere formality: it entails technical, legal and organisational adjustments spanning until 2026 and beyond. Understanding the eIDAS 1 to eIDAS 2 transition and its impact on electronic signature in 2025 has therefore become a priority for legal, IT and HR departments. This article decrypts the fundamental changes to the framework, the precise transition timeline and concrete measures to take to remain compliant.

What eIDAS 2 Regulation Fundamentally Changes

From the 2014 regulation to the 2024 overhaul: why a revision was necessary

EIDAS 1 had laid the foundations for mutual recognition of electronic signatures within the Union. Three hierarchical levels — simple (SES), advanced (AdES) and qualified (QES) — structured the evidential value of signatures, backed by a list of trust service providers (TSL). However, over a decade, two major gaps became apparent.

Firstly, the original regulation essentially applied to dealings with public administrations (G2B, G2C). It did not create direct obligations in private transactions (B2B, B2C), leaving a regulatory vacuum that each Member State filled heterogeneously. Secondly, the rise of digital services — mobile applications, open banking, telemedicine — had revealed the absence of a portable and interoperable digital identity system at the continental level.

EIDAS 2 addresses these two challenges by introducing the European Digital Identity Wallet (EUDIW) and expanding the scope of trust services to new use cases: qualified electronic archiving, qualified attribute attestations, qualified electronic registers (including certified blockchain applications).

The new categories of qualified trust services

Regulation eIDAS 2 extends the list of qualified trust services (article 3 and revised annex IV). In addition to signatures, seals and timestamps already recognised by eIDAS 1, the following are now qualified:

• Qualified electronic archiving services (art. 34 bis): obligation to preserve the integrity and readability of signed documents over the long term, with enhanced requirements for providers (QTSP).
• Qualified remote signature creation device management services (QRCD): enhanced framework for remote signature solutions via cloud HSM (Hardware Security Module).
• Qualified attribute attestations: mechanism allowing a trust third party to certify attributes of an entity (e.g. attorney status, doctor status) without revealing the entire identity.
• Qualified electronic registers: recognition of distributed registers under strict auditability and resilience conditions.

For users of electronic signature solutions, this extension means that qualified trust services available on the market will diversify, and that the selection criteria for a service provider (QTSP) must integrate these new capabilities.

The EUDIW: the digital identity wallet as signature infrastructure

The most visible innovation of eIDAS 2 remains the EUDIW. Each Member State must make available to its citizens and residents a free digital identity wallet, interoperable with all other Member States, by 26 November 2026 (deadline for national compliance according to article 5 bis). This wallet will enable:

• authentication of the user with a high level of assurance (LoA High) without recourse to a third-party identification provider;
• electronic signing of documents with qualified value (QES) directly from the wallet;
• sharing of selective identity attributes (selective disclosure), thus respecting the principle of data minimisation under GDPR.

For businesses, the EUDIW theoretically simplifies identity verification procedures prior to qualified signature, eliminating the friction of video identification or face-to-face identification. In practice, the impact will depend on the pace of national deployment — France launched in 2025 a pilot trial as part of the "France Identité" programme.

Precise timeline for eIDAS 1 to eIDAS 2 transition

The regulatory milestones to know

Regulation 2024/1183 entered into force on 20 May 2024, but its application is progressive. Here are the key deadlines:

| Date | Event | |------|-------| | 20 May 2024 | Publication in OJEU, formal entry into force | | 20 November 2024 | Deadline of 6 months for adoption of implementing acts by the Commission (technical specifications of EUDIW) | | End 2025 | Publication of revised ETSI standards (EN 319 411-1/2, EN 319 401) integrating eIDAS 2 requirements | | 26 May 2026 | Deadline for Member States to comply with new categories of qualified services | | 26 November 2026 | Mandatory availability of EUDIW by each Member State | | 2027-2028 | Complete revision of national trust lists (TSL) and accreditation of new QTSP |

EIDAS 1 remains valid and signatures issued under its regime retain their full legal value. There is no obligation to re-sign existing documents. However, qualified trust service providers will need to renew their accreditation according to new technical standards by 2027.

What does not change and what to monitor

Continuity is a cardinal principle of the transition. The three levels of signature (SES, AdES, QES) are maintained with unchanged definitions. The presumption of equivalence with a handwritten signature attached to QES (article 25 eIDAS 1, reproduced in article 27 eIDAS 2) remains in effect. The evidential value of your current electronic signatures is not called into question.

What to monitor instead: the implementing acts published by the European Commission throughout 2025-2026 will set the precise technical specifications of the EUDIW and new service categories. These level 2 texts are of considerable practical importance for integrators and software publishers. For companies using electronic signature in their HR or legal processes, it is recommended to request from your service provider an eIDAS 2 compliance roadmap.

Concrete impact on companies and their signature solutions

Which workflows are affected as a priority?

The transition from eIDAS 1 to eIDAS 2 does not have the same impact depending on the level of signature used. For companies, three situations stand out:

Simple electronic signature (SES): used for minor amendments, acknowledgements of receipt, internal forms. No immediate update obligation. Probative rules remain governed by the Civil Code (art. 1366-1367) and not directly by eIDAS.

Advanced electronic signature (AdES/AdESQC): companies using B2B solutions for commercial contracts, digitalised employment contracts or property transactions must verify that their service provider maintains compliance with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES) and EN 319 142 (PAdES) in their revised versions for eIDAS 2. These standards will be published by ETSI by the end of 2025.

Qualified electronic signature (QES): qualified service providers (QTSP) will need to obtain new eIDAS 2 accreditation. The transition period allows reasonable time (until 2027), but calls for tender launched from 2025 onwards should integrate an eIDAS 2 compliance clause in the selection criteria. For organisations comparing available options, the comparison of electronic signature solutions allows you to assess the maturity of publishers on this subject.

New requirements for qualified trust service providers (QTSP)

EIDAS 2 tightens requirements applicable to QTSP on three major points:

1. System security: mandatory alignment with NIS2 (directive (EU) 2022/2555) for QTSP, now classified as essential entities. This results in incident notification obligations within 24 hours, annual security audits and the establishment of business continuity plans.

1. Enhanced liability: article 13 of eIDAS 2 broadens the liability regime for QTSP. In case of proven breach, the burden of proof is reversed: the service provider must demonstrate that it did not commit negligence, not the other way around.

1. Mandatory interoperability: QTSP will be required to expose standardised APIs compatible with EUDIW to enable native integration of identity wallets. This requirement will accelerate the modernisation of the integration interfaces available to developers.

For companies considering switching service providers in this context, migrating from DocuSign or YouSign to an eIDAS 2 compliant solution is an approach that should be anticipated now rather than as an emergency in 2027.

Personal data and eIDAS 2: articulation with GDPR

The EUDIW collects and processes personal identity data. Regulation eIDAS 2 explicitly provides (recital 11 and article 5 bis §14) that the entire system must comply with GDPR (regulation (EU) 2016/679). Several points of attention:

• Selective disclosure: the wallet must allow the user to share only attributes strictly necessary for the transaction (principle of data minimisation, art. 5(1)(c) GDPR). For contract signature, only age verification could be shared without disclosing the full date of birth.
• Transfers outside the EU: personal data processed in the context of EUDIW cannot be transferred outside the EEA except with appropriate safeguards (art. 46 GDPR). Service providers using American cloud infrastructure must document their compliance.
• Signature log retention: the archiving of signature evidence must respect the retention period proportionate to the nature of the document. The new qualified archiving service in eIDAS 2 provides a technical framework to meet this requirement.

Companies managing international employment contracts are particularly affected by this GDPR/eIDAS 2 articulation, notably when signatories reside outside the EU.

Legal framework applicable to eIDAS 1 to eIDAS 2 transition

Reference texts

The transition is based on a stack of texts that are essential to master:

At European level:

• Regulation (EU) No 910/2014 (eIDAS 1): still in force until progressive repeal by eIDAS 2. Defines the three levels of signature (SES, AdES, QES) and the regime for QTSP.
• Regulation (EU) 2024/1183 (eIDAS 2): entered into force on 20 May 2024. Substantially amends eIDAS 1 without immediately repealing it. Provisions relating to EUDIW apply from publication of implementing acts.
• Regulation (EU) 2016/679 (GDPR): applies in full to the processing of identity data within the framework of EUDIW and signature processes. Article 5 bis §14 of eIDAS 2 explicitly recalls this subordination.
• Directive (EU) 2022/2555 (NIS2): imposes enhanced cybersecurity obligations on QTSP, now classified as essential entities. Transposed into French law by ordinance No 2024-821 of 20 June 2024 (implementing decree in progress).

At French level:

• Civil Code, articles 1366 and 1367: basis for the evidential value of writings in electronic form. Article 1366 establishes the equivalence between electronic and paper writings under conditions. Article 1367 gives qualified signature (QES) the same probative force as a handwritten signature.
• Decree No 2017-1416 of 28 September 2017: clarifies the conditions for using electronic signature in acts under private deed. Remains applicable during the transition period.
• General Security Reference (RGS) v2: for French administrations, the RGS requires the use of solutions referenced by ANSSI. Its update to integrate eIDAS 2 is expected during 2026.

ETSI technical standards applicable

ETSI standards constitute level 3 of the normative hierarchy. Current applicable versions:

• EN 319 132-1/2: XAdES format (advanced XML signatures)
• EN 319 122-1/2: CAdES format (advanced CMS signatures)
• EN 319 142-1/2: PAdES format (advanced PDF signatures)
• EN 319 401: general requirements for trust service providers
• EN 319 411-1/2: requirements for CAs issuing qualified certificates

These standards will be revised by the end of 2025 to integrate new eIDAS 2 requirements. Contracts with QTSP should include a clause for updating to revised versions without additional cost.

Legal risks of non-compliance

A signature issued by a service provider that would no longer be accredited after 2027 would not automatically lose its legal value for already-signed documents, but it would no longer benefit from the legal presumption of equivalence with a handwritten signature (art. 25 eIDAS). The burden of proving the integrity and identity of the signatory would then rest entirely with the company in case of dispute. This probative risk is particularly sensitive for deeds with long prescription periods (5 years in commercial matters, 30 years for real property rights).

Usage scenarios: how organisations anticipate eIDAS 2 transition

Scenario 1: a law firm of 25 staff rationalises its document compliance

A law firm specialising in business law, with around 25 staff and an intensive flow of signature of retainers, deeds of assignment and settlement agreements, used until 2024 an advanced signature solution (AdES) for all its workflows. Upon announcement of eIDAS 2, the firm conducted an audit of its 1,200 documents signed annually to identify those requiring QES according to new recommendations from its bar association.

Result: 15% of deeds (approximately 180 per year) were reclassified to qualified signature, which helped secure the probative regime of these documents. The firm negotiated with its signature editor a clause guaranteeing eIDAS 2 compliance from publication of implementing acts, without additional cost. The administrative time related to identity verification of signatories decreased by 40% thanks to anticipation of EUDIW integration planned for 2026.

Scenario 2: an industrial SME of 150 employees secures its supplier contractual chain

An industrial SME managing approximately 350 supplier contracts per year — purchase orders, NDAs, framework agreements — operated with two distinct signature solutions for its internal and external flows, creating fragmentation of audit evidence. In the context of the eIDAS 2 transition and new qualified archiving requirements, the IT department decided to unify its platform.

By migrating to a single solution integrating qualified electronic archiving (future eIDAS 2 category), the SME reduced its secure storage costs by 30% and consolidated its signature evidence in a compliant digital safe. The entire document chain is now auditable in less than 2 minutes during supplier controls — an increasingly stringent requirement from their customers in the automotive industry.

Scenario 3: a hospital group of approximately 600 beds prepares EUDIW integration

A public hospital group used qualified electronic signature for its medical contracts and public procurement, in compliance with code of public procurement requirements. With eIDAS 2, the IT service identified two priority issues: future integration of the "France Identité" wallet for liberal doctors intervening in the establishment, and NIS2 compliance of its QTSP.

The hospital group inscribed in its IT strategic plan 2025-2028 a specific package "eIDAS 2 compliance", with a provisional budget of €45,000 for technical migration and staff training. The aim is to be in a position to accept signatures via EUDIW from national deployment planned for November 2026, thus reducing contractualisation times with liberal health professionals from 3 days to less than 4 hours on average according to available sector benchmarks.

Conclusion

The transition from eIDAS 1 to eIDAS 2 is not a break but a structured evolution, with a precise timeline extending until 2027. The impacts on electronic signature are real — extension of qualified services, arrival of EUDIW, tightening of NIS2 requirements for QTSP — but manageable as long as they are anticipated. Companies that act now benefit from room for manoeuvre to audit their workflows, secure their contracts with their service providers and train their teams without regulatory urgency pressure.

Certyneo supports companies in this transition with a clear eIDAS 2 compliance roadmap, signature formats kept up to date and an architecture ready for EUDIW integration. Ready to secure your signature flows in this new regulatory framework? Discover our offers and start for free on Certyneo.