eIDAS 2: The New European Regulation Explained for 2026

Introduction: Why eIDAS 2 Changes Everything for European Businesses

Entering into force on 20 May 2024 after a lengthy legislative process, Regulation eIDAS 2 — officially named Regulation (EU) 2024/1183 — represents the most ambitious reform ever undertaken in the field of electronic identification and trust services in Europe. It repeals and partially replaces the original eIDAS regulation of 2014 (No. 910/2014), whilst maintaining backward compatibility with the existing infrastructure. For businesses that rely on eIDAS-compliant electronic signature, this overhaul introduces new obligations, unprecedented opportunities and a tight compliance timeline until 2026 and beyond. This article provides an in-depth analysis of the regulation's key provisions, their operational implications and how your organisation can prepare for them.

---

What eIDAS 2 Fundamentally Changes

From the 2014 Regulation to the 2024 Version: A Structural Overhaul

The original eIDAS regulation of 2014 laid the foundations for mutual recognition of electronic identification schemes between Member States and established a unified legal framework for trust services (signature, seal, time-stamp, etc.). But ten years later, the limitations were glaring: low adoption rates of notified eIDs, fragmentation of national solutions, absence of a universal digital wallet for citizens, and above all inadequacy for web usage (GAFAMs excluded from the trust framework).

eIDAS 2 corrects these shortcomings on three major axes:

1. The European Digital Identity Wallet (EUDI Wallet) — each Member State must provide, no later than November 2026, a digital wallet application enabling any European citizen or resident to securely store and present their identity attributes (identity card, driving licence, diplomas, etc.).
2. Expansion of qualified trust services — the text adds new qualified services: qualified electronic archiving service management (QESAP), qualified identity attribute reports (QEAA), qualified electronic ledgers (QLED) and management of remote signature creation devices (QRCD).
3. Obligation for large platforms — providers of large online services (social networks, marketplaces) must accept the EUDI wallet for user authentication.

The EUDI Wallet: Architecture and Functioning

The EUDI Wallet is at the heart of eIDAS 2. In practical terms, it is a software application — delivered or certified by each Member State — which is based on a decentralised model for selective attribute presentation. The user transmits only the data strictly necessary for the transaction (minimisation principle, in line with GDPR).

From a technical standpoint, the architecture is based on the Architecture Reference Framework (ARF) specifications, published by the European Commission and regularly updated by the Large Scale Pilot (LSP), which brings together four pilot consortiums (DC4EU, EWC, POTENTIAL, NOBID). The data formats selected are primarily ISO/IEC 18013-5 (mDL/mDocs) and W3C Verifiable Credentials, ensuring cross-border interoperability.

For businesses, this means they will, eventually, be able to verify the identity of their customers or partners via the wallet without managing document collection themselves — significantly reducing KYC (Know Your Customer) friction and documentary fraud risks.

---

Trust Levels and the Signature Hierarchy: What Changes

Maintaining the QES / AdES / SES Hierarchy

The regime for electronic signatures remains structured around three levels defined in Article 3 of eIDAS 2 (adopting the terminology of 2014 but clarifying technical requirements):

• Simple Electronic Signature (SES): minimal probative value, suitable for routine acts.
• Advanced Electronic Signature (AdES): exclusive link to the signatory, possibility of detecting any subsequent modification.
• Qualified Electronic Signature (QES): legal equivalent of handwritten signature throughout the EU (Article 25§2), issued via a qualified signature creation device (QSCD) on the basis of a qualified certificate.

The novelty lies in how QES can now be delivered via qualified remote signature services (QRCD), with the conditions for approval detailed in Articles 29a and 29b of the revised text. This paves the way for 100% digital workflows for the most demanding acts — notarised contracts, electronic authentic acts — without the need for a physical smart card.

Impact on Qualified Trust Service Providers (QTSPs)

Providers such as Certyneo, operating with certified QTSPs, must anticipate the new audit requirements introduced by eIDAS 2. Article 24 now requires strengthened controls on the subcontracting chain, and security incident notification requirements are explicitly aligned with those of the NIS2 Directive (24-hour initial notification deadline). For a deeper understanding of how the different signature levels function in a B2B context, see our comprehensive guide to electronic signature in business.

---

Deployment Timeline and Business Obligations in 2025-2026

Key Deployment Milestones

Regulation (EU) 2024/1183 was published in the EU Official Journal on 30 April 2024 and entered into force on 20 May 2024. The implementing and delegated acts — essential for clarifying technical requirements — are being published progressively:

| Deadline | Obligation | |---|---| | May 2024 | Regulation enters into force | | End 2024 | Publication of implementing acts on ARF v2.0 | | Mid-2025 | Certification of first pilot EUDI Wallets | | November 2026 | Mandatory EUDI Wallet availability in each Member State | | 2027 | Mandatory acceptance by large online platforms |

What B2B Businesses Should Do Now

For businesses using electronic signature solutions, three priorities must be addressed in 2025-2026:

1. Audit your trust chain: verify that your signature provider is indeed listed on the QTSP (Trusted List) of your Member State, and that the certificates used comply with the new revised ETSI EN 319 401 and EN 319 411-1 specifications.

2. Anticipate EUDI Wallet integration: businesses operating in regulated sectors (banking, insurance, healthcare, real estate) will be among the first affected by identity verification flows via wallet. Preparing API integration from 2025 is recommended.

3. Review your retention policies: the new qualified electronic archiving service (QESAP) introduces long-term preservation standards that may be mandatory in certain sectors (public procurement, pharmaceutical sector). Our ROI calculator for electronic signature allows you to assess the financial impact of upgrading your document infrastructure.

---

Interoperability, GDPR and Digital Sovereignty Issues

eIDAS 2 and GDPR: Enhanced Complementarity

One of the major advances of eIDAS 2 is the explicit integration of data protection principles from the design outset (privacy by design) into the architecture of the EUDI wallet. Article 5a§14 states that the wallet does not allow providers to track user behaviour during transactions. Issuers of qualified identity attributes (QEAA) are not informed of how the issued attestations are used — which constitutes a major break with current centralised models.

This architecture is called unlinkability (non-correlability): two distinct transactions carried out by the same user cannot be linked without their consent. This guarantee exceeds the minimum requirements of GDPR whilst aligning perfectly with it.

The Geopolitical Dimension: Regaining Control of Online Identity

eIDAS 2 also addresses a sovereignty issue. Today, online authentication heavily relies on "Sign in with Google/Facebook/Apple" buttons, which gives American tech giants a dominant position in managing European digital identities. By requiring very large platforms (in the sense of the Digital Services Act) to accept the EUDI Wallet as an authentication method, eIDAS 2 creates an interoperable and sovereign alternative.

For B2B businesses, this also means that eIDAS 2 compliance can become a supplier selection criterion in public and private tender processes — similar to what ISO 27001 certification represents today in procurement processes. If your organisation is considering evolving your current solution, our migration guide from DocuSign or YouSign to Certyneo details the steps of a managed transition.

Legal Framework Applicable to eIDAS 2 and Electronic Signature

Reference Texts

Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024, amending Regulation (EU) No. 910/2014 on establishing the framework for the European digital identity (eIDAS 2). Published in the OJEU on 30 April 2024, entered into force on 20 May 2024.

Regulation (EU) No. 910/2014 (eIDAS 1): maintained in force for its provisions not amended, in particular the articles relating to the "low", "substantial" and "high" levels of assurance for notified identification schemes.

French Civil Code, Articles 1366 and 1367: electronic documents have the same probative force as paper documents provided that the person from whom they emanate is duly identified and the document is drawn up in conditions guaranteeing its integrity. A qualified electronic signature (QES) within the meaning of eIDAS 2 meets these requirements by right.

Regulation (EU) 2016/679 (GDPR): the processing of identity data in the context of the EUDI wallet is subject to the principles of minimisation (Art. 5§1c), purpose limitation (Art. 5§1b) and privacy by design (Art. 25). Qualified service providers act as separate data controllers for verification operations.

Directive (EU) 2022/2555 (NIS2): transposed into French law by Ordinance No. 2024-528 of 12 June 2024, it imposes on qualified trust service providers obligations to manage cyber risks and notify incidents within 24 hours.

ETSI Standards:

• EN 319 132 (XAdES) and EN 319 122 (CAdES): advanced electronic signature formats.
• EN 319 401: general requirements for trust service providers.
• EN 319 411-1 and 411-2: policy and security requirements for CAs issuing qualified certificates.
• EN 319 521: requirements for qualified signature preservation services (QESAP).

Obligations and Legal Risks for Businesses

Any business using electronic signatures in a contractual context must ensure that the signature level chosen is appropriate to the value and nature of the act. For acts subject to a legal signature requirement (purchase undertakings, employment contracts, purchase orders exceeding certain thresholds), only QES or AdES based on a qualified certificate provides the presumption of reliability referred to in Article 26 of eIDAS 2.

In the event of a dispute, the burden of proof is reversed: if the signature is qualified, it is for the party contesting the document to prove its alteration; if it is simple or advanced without a qualified certificate, the burden of proof rests with the signatory invoking it. Failure to comply with traceability and integrity requirements may result in the act being null or the signature being unenforceable against a third party.

Use Scenarios: eIDAS 2 Applied to B2B Businesses

Scenario 1 — A Digital Transformation Consulting Firm (approximately 80 consultants)

A consulting structure deploying its consultants to clients across several Member States (France, Germany, Netherlands) must have each month orders for services, contract amendments and acceptance reports signed. Before eIDAS 2, managing cross-border identities created friction: refusal by some German clients to recognise certificates issued by a French QTSP, double authentication by email insufficient for sensitive acts.

With the deployment of the EUDI Wallet in 2026, consultants will be able to sign from their national wallet — recognised by right in all Member States — without any friction. The firm estimates a reduction of 60 to 70% of the time spent on document verification exchanges prior to signature, roughly 3 to 4 hours saved per consultant per month according to sector benchmarks published by McKinsey Digital (2024).

Scenario 2 — An SME Managing 350 Supplier Contracts Per Year

An SME in the industrial equipment sector, working with around a hundred European and Asian suppliers, must enter into contracts for orders, confidentiality agreements (NDAs) and framework agreements. Until now, 30% of these documents came back unsigned or with delays exceeding 10 business days.

By adopting an electronic signature solution compliant with eIDAS 2 with identity verification via qualified attributes (QEAA), the SME can enforce a signature workflow where the identity of the supplier's legal representative is automatically verified via the EUDI wallet, without manual data entry. Expected result: reduction of average signature time from 10 days to less than 48 hours, and a 40% reduction in disputes related to non-compliant signatures, based on ranges observed in ELENIUS 2025 reports on B2B paperless transition.

Scenario 3 — A Real Estate Group Managing Purchase Agreements in Several Countries

A network of real estate agencies operating in France, Spain and Portugal must regularly have purchase agreements signed between sellers and buyers of different nationalities. QES is required in certain contexts to guarantee equivalence with handwritten signature before a notary.

Thanks to eIDAS 2 and the interoperability of EUDI wallets, a Portuguese buyer can sign an agreement subject to French law using their national wallet, with a "high" level of assurance automatically recognised by the signature platform. The group reduces its travel and legalisation costs by approximately 800 to 1,200 euros per cross-border file, whilst reducing the time to finalise purchase agreements from 3 weeks to an average of 5 days. For sector-specific uses, our dedicated page on electronic signature in real estate details adapted workflows.

Conclusion

eIDAS 2 is not simply a regulatory update: it is a profound overhaul of how digital identity and electronic trust function in Europe. The EUDI Wallet, new qualified services, the interoperability requirement and alignment with NIS2 and GDPR form a coherent ecosystem that will transform the contractual processes and authentication methods of businesses by the end of 2026.

To remain compliant and competitive, B2B organisations must act now: audit their trust chain, select a provider aligned with new requirements and prepare their document flows for integration with the European digital wallet.

Certyneo supports you through this transition with eIDAS 2-compliant qualified electronic signature solutions, ready for 2026. Request a demo or create your account on Certyneo to secure your contracts today.