eIDAS 1 to eIDAS 2 Transition: Impact on Digital Signatures in 2025

On 20 May 2024, Regulation (EU) 2024/1183 — commonly known as eIDAS 2 — was published in the Official Journal of the European Union, gradually replacing Regulation No. 910/2014 (eIDAS 1). This text represents the most significant reform of digital identity and electronic signature in Europe since 2016. For French companies using electronic signature solutions in their contractual workflows, the transition is not merely a formality: it entails technical, legal, and organisational adjustments with a timeline extending until 2026 and beyond. Understanding the eIDAS 1 to eIDAS 2 transition and its impact on electronic signatures in 2025 has therefore become a priority for legal, IT, and HR departments. This article deciphers the fundamental developments in the framework, the precise transition timeline, and concrete measures to take to remain compliant.

What eIDAS 2 Regulation Fundamentally Changes

From the 2014 Regulation to the 2024 Overhaul: Why a Revision Was Necessary

eIDAS 1 established the foundations for mutual recognition of electronic signatures within the Union. Three hierarchical levels — simple (SES), advanced (AdES), and qualified (QES) — structured the evidentiary value of signatures, supported by a list of trust service providers (TSL). However, over ten years, two major gaps emerged.

Firstly, the original regulation applied essentially to relationships with public administrations (G2B, G2C). It did not create direct obligations in private transactions (B2B, B2C), leaving a regulatory vacuum that each Member State filled heterogeneously. Secondly, the rise of digital services — mobile applications, open banking, telemedicine — revealed the absence of a portable, interoperable digital identity system at the continental level.

eIDAS 2 addresses these two challenges by introducing the European Digital Identity Wallet (EUDIW) and expanding the scope of trust services to new use cases: qualified electronic archiving, qualified attribute attestations, qualified electronic registers (including certified blockchain applications).

New Categories of Qualified Trust Services

eIDAS 2 extends the list of qualified trust services (Article 3 and revised Annex IV). In addition to signatures, seals, and qualified timestamps already recognised by eIDAS 1, the following are now qualified:

• Qualified electronic archiving services (Art. 34 bis): obligation to preserve the integrity and readability of signed documents over the long term, with strengthened requirements for service providers (QTSP).
• Qualified remote signature creation device management services (QRCD): strengthened oversight of remote signature solutions via cloud Hardware Security Module (HSM).
• Qualified attribute attestations: mechanism allowing a trust third party to certify attributes of an entity (e.g., lawyer status, physician qualification) without revealing the entire identity.
• Qualified electronic registers: recognition of distributed registers under strict auditability and resilience conditions.

For users of electronic signature solutions, this expansion means that the qualified trust services available in the market will diversify, and the criteria for selecting a service provider (QTSP) must incorporate these new capabilities.

The EUDIW: Digital Identity Wallet as Signature Infrastructure

The most visible innovation in eIDAS 2 remains the EUDIW. Each Member State must make available to its citizens and residents a free, interoperable digital identity wallet with all other Member States by 26 November 2026 (national compliance deadline under Article 5 bis). This wallet will enable:

• authenticating the user with high assurance level (LoA High) without resorting to a third-party identification provider;
• electronically signing documents with qualified value (QES) directly from the wallet;
• sharing selective identity attributes (selective disclosure), thereby respecting the data minimisation principle of the GDPR.

For companies, the EUDIW theoretically simplifies identity verification procedures prior to qualified signature, removing the friction of video identification or face-to-face identification. In practice, the impact will depend on the pace of national deployment — France launched in 2025 a pilot experiment as part of the "France Identité" programme.

Precise Timeline for eIDAS 1 to eIDAS 2 Transition

Regulatory Milestones to Know

Regulation 2024/1183 entered into force on 20 May 2024, but its application is progressive. Here are the key deadlines:

| Date | Event | |------|-------| | 20 May 2024 | Publication in the Official Journal, formal entry into force | | 20 November 2024 | 6-month deadline for adoption of implementing acts by the Commission (EUDIW technical specifications) | | End 2025 | Publication of revised ETSI standards (EN 319 411-1/2, EN 319 401) incorporating eIDAS 2 requirements | | 26 May 2026 | Deadline for Member States to comply with new categories of qualified services | | 26 November 2026 | Mandatory availability of EUDIW by each Member State | | 2027-2028 | Complete revision of national trust lists (TSL) and accreditation of new QTSP |

eIDAS 1 remains valid and signatures issued under its regime retain full legal value. There is no obligation to re-sign existing documents. However, qualified trust service providers must renew their accreditation according to new technical standards by 2027.

What Does Not Change and What to Monitor

Continuity is a cardinal principle of the transition. The three levels of signature (SES, AdES, QES) are maintained with their definitions unchanged. The presumption of equivalence with a handwritten signature attached to QES (Article 25 eIDAS 1, repeated in Article 27 eIDAS 2) remains in force. The evidentiary value of your current electronic signatures is not called into question.

What to monitor, however: implementing acts published by the European Commission throughout 2025-2026 will set the precise technical specifications for EUDIW and new service categories. These level 2 texts are of considerable practical importance for integrators and software publishers. For companies using electronic signatures in their HR or legal processes, it is recommended to ask your service provider for an eIDAS 2 compliance roadmap.

Concrete Impact on Companies and Their Signature Solutions

Which Workflows Are Concerned as Priority?

The eIDAS 1 to eIDAS 2 transition does not have the same impact depending on the signature level used. For companies, three situations can be distinguished:

Simple electronic signature (SES): used for low-value amendments, acknowledgements of receipt, internal forms. No immediate update obligation. Evidentiary rules remain governed by the Civil Code (Articles 1366-1367) and not directly by eIDAS.

Advanced electronic signature (AdES/AdESQC): companies using B2B solutions for commercial contracts, dematerialised employment contracts, or real estate acts must verify that their service provider maintains compliance with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES), and EN 319 142 (PAdES) in their revised versions for eIDAS 2. These standards will be published by ETSI by end 2025.

Qualified electronic signature (QES): qualified service providers (QTSP) must undergo new eIDAS 2 accreditation. The transition period allows a reasonable deadline (until 2027), but calls for tenders launched from 2025 onwards should integrate an eIDAS 2 compliance clause in selection criteria. For organisations comparing available options, the comparison of electronic signature solutions allows you to assess the maturity of publishers on this topic.

New Requirements for Qualified Trust Service Providers (QTSP)

eIDAS 2 tightens requirements applicable to QTSP on three major points:

1. Systems security: mandatory alignment with NIS2 (Directive (EU) 2022/2555) for QTSP, now classified as essential entities. This translates into obligations for incident notification within 24 hours, annual security audits, and implementation of business continuity plans.

1. Enhanced responsibility: Article 13 eIDAS 2 expands the liability regime for QTSP. In case of proven breach, the burden of proof is reversed: the service provider must demonstrate that it did not commit negligence, rather than the opposite.

1. Mandatory interoperability: QTSP must expose standardised APIs compatible with EUDIW to enable native integration of identity wallets. This requirement will accelerate the modernisation of integration interfaces available to developers.

For companies considering changing service providers in this context, migrating from DocuSign or YouSign to an eIDAS 2 compliant solution is a step that should be anticipated now rather than urgently in 2027.

Personal Data and eIDAS 2: Articulation with GDPR

EUDIW collects and processes personal identity data. eIDAS 2 explicitly provides (Recital 11 and Article 5 bis §14) that the entire system must be compliant with the GDPR (Regulation (EU) 2016/679). Several points of attention:

• Selective disclosure: the wallet must allow the user to share only attributes strictly necessary for the transaction (minimisation principle, Art. 5(1)(c) GDPR). For contract signing, only verification of majority could be shared without revealing the full date of birth.
• Transfers outside the EU: personal identity data processed as part of EUDIW cannot be transferred outside the EEA without appropriate safeguards (Art. 46 GDPR). Service providers using American cloud infrastructure must document their compliance.
• Signature log retention: archiving signature evidence must respect retention periods proportionate to the nature of the document. The new qualified archiving service eIDAS 2 provides a technical framework to meet this requirement.

Companies managing international employment contracts are particularly concerned by this GDPR/eIDAS 2 articulation, especially when signatories reside outside the EU.

Legal Framework Applicable to eIDAS 1 to eIDAS 2 Transition

Reference Texts

The transition rests on a layer of texts that it is essential to master:

At European level:

• Regulation (EU) No. 910/2014 (eIDAS 1): still in force until its gradual replacement by eIDAS 2. Defines the three signature levels (SES, AdES, QES) and the QTSP regime.
• Regulation (EU) 2024/1183 (eIDAS 2): entered into force on 20 May 2024. Substantially amends eIDAS 1 without immediately repealing it. Provisions relating to EUDIW apply upon publication of implementing acts.
• Regulation (EU) 2016/679 (GDPR): applies in full to the processing of identity data within the framework of EUDIW and signature processes. Article 5 bis §14 of eIDAS 2 explicitly recalls this subordination.
• Directive (EU) 2022/2555 (NIS2): imposes strengthened cybersecurity obligations on QTSP, now classified as essential entities. Transposed into French law by Ordinance No. 2024-821 of 20 June 2024 (awaiting implementing decree).

At French level:

• Civil Code, Articles 1366 and 1367: foundation of the evidentiary value of electronic writings. Article 1366 establishes the equivalence between electronic and paper writing subject to conditions. Article 1367 gives qualified signature (QES) the same evidentiary force as a handwritten signature.
• Decree No. 2017-1416 of 28 September 2017: specifies the conditions for using electronic signature in acts under private seal. Remains applicable during the transition period.
• General Security Reference Framework (RGS) v2: for French administrations, the RGS imposes the use of solutions referenced by ANSSI. Its update to incorporate eIDAS 2 is expected during 2026.

Applicable ETSI Technical Standards

ETSI standards constitute the level 3 of the normative hierarchy. Current applicable versions:

• EN 319 132-1/2: XAdES format (advanced XML signatures)
• EN 319 122-1/2: CAdES format (advanced CMS signatures)
• EN 319 142-1/2: PAdES format (advanced PDF signatures)
• EN 319 401: general requirements for trust service providers
• EN 319 411-1/2: requirements for CAs issuing qualified certificates

These standards will be revised by end 2025 to incorporate new eIDAS 2 requirements. Contracts with QTSP must include a clause for update to revised versions without additional cost.

Legal Risks of Non-Compliance

A signature issued by a service provider that would no longer be accredited after 2027 would not automatically lose its legal value for already-signed documents, but would no longer benefit from the legal presumption of equivalence with a handwritten signature (Article 25 eIDAS). The burden of proving the integrity and identity of the signatory would then rest entirely with the company in case of litigation. This evidentiary risk is particularly sensitive for acts with long prescription periods (5 years in commercial matters, 30 years for real property rights).

Use Case Scenarios: How Organisations Anticipate eIDAS 2 Transition

Scenario 1: A Law Firm of 25 Collaborators Streamlines Its Documentary Compliance

A law firm specialising in business law, with approximately 25 collaborators and intensive activity signing mandates, transfer deeds, and settlement protocols, had used an advanced signature solution (AdES) for all workflows until 2024. Upon announcement of eIDAS 2, the firm conducted an audit of its 1,200 annually signed documents to identify those requiring QES according to new bar association recommendations.

Result: 15% of acts (approximately 180 per year) were reclassified to qualified signature, which secured the evidentiary regime of these documents. The firm negotiated with its signature publisher a clause guaranteeing eIDAS 2 compliance upon publication of implementing acts, without additional cost. Administrative time related to signatory identity verification decreased by 40% through early anticipation of EUDIW integration planned for 2026.

Scenario 2: An Industrial SME of 150 Employees Secures Its Supplier Contractual Chain

An industrial SME managing approximately 350 supplier contracts per year — purchase orders, NDAs, framework agreements — operated with two distinct signature solutions for internal and external flows, creating audit evidence fragmentation. In the context of the eIDAS 2 transition and new qualified archiving requirements, the IT department decided to unify its platform.

By migrating to a single solution incorporating qualified electronic archiving (future eIDAS 2 category), the SME reduced secure storage costs by 30% and consolidated signature evidence in a compliant digital safe. The entire documentary chain is now auditable in less than 2 minutes during supplier audits — an increasingly stringent requirement of their ordering customers in the automotive industry.

Scenario 3: A Hospital Group of Approximately 600 Beds Prepares EUDIW Integration

A public hospital group used qualified electronic signature for its medical contracts and public procurements, in accordance with obligations under the public procurement code. With eIDAS 2, the IT service identified two priority issues: future integration of the "France Identité" wallet for freelance doctors intervening in the establishment, and NIS2 compliance of its QTSP.

The group included in its 2025-2028 digital strategic plan a specific batch "eIDAS 2 compliance", with a provisional budget of €45,000 for technical migration and staff training. The objective is to be able to accept signatures via EUDIW upon national deployment scheduled for November 2026, thereby reducing contracting delays with freelance healthcare professionals from 3 days to less than 4 hours on average according to available sector benchmarks.

Conclusion

The transition from eIDAS 1 to eIDAS 2 is not a rupture but a structured evolution, with a precise timeline extending until 2027. The impacts on electronic signature are real — extension of qualified services, arrival of EUDIW, toughening of NIS2 requirements for QTSP — but manageable as long as they are anticipated. Companies that act now benefit from room to manoeuvre to audit their workflows, secure their contracts with service providers, and train their teams without regulatory urgency pressure.

Certyneo supports companies in this transition with a clear eIDAS 2 compliance roadmap, signature formats kept up to date, and architecture ready for EUDIW integration. Ready to secure your signature flows in this new regulatory framework? Discover our offers and start free on Certyneo.