When a Bangalore-based SaaS company sends a Data Processing Agreement to a German enterprise client, two legal worlds collide. The Indian team reaches for Aadhaar eSign — the country's most familiar paperless signature method. The German legal counsel responds: “We need eIDAS Qualified.” Suddenly, what looked like a routine signature step becomes a compliance gap that can delay closing by weeks.
This guide compares the Information Technology Act 2000 (India) and the eIDAS Regulation (European Union) — the two legal frameworks that define what makes an electronic signature valid in their respective jurisdictions. If your business signs contracts with European counterparts, this is the comparison no one else has put side-by-side.
Why this comparison matters in 2026
Three converging trends make this comparison urgent in 2026:
- India-EU trade is accelerating.The EU is now India's third-largest trading partner, and most of the growth comes from services — IT consulting, BPO, pharma R&D, manufacturing — where every engagement starts with a contract.
- The Digital Personal Data Protection Act, 2023 has now been operationally in force for several months in India, raising compliance expectations on both sides of the EU-India data flow.
- EU procurement teams increasingly enforce eIDAS QESfor contracts above €50,000, M&A side agreements, and any data processing arrangement that touches sensitive personal data.
The result: Indian businesses that previously got away with a simple Aadhaar eSign or a DocuSign click-to-sign now find themselves rejected at the procurement gate. Understanding both frameworks is no longer optional.
IT Act 2000 in one paragraph
India's electronic signature framework rests on the Information Technology Act, 2000, anchored by two pillars:
- Section 3 recognises Digital Signature Certificates (DSC) — public-key infrastructure (PKI) signatures issued by a licensed Certifying Authority (CA), typically delivered on a USB token (Class 2 or Class 3). DSCs are universally used for filings like GST returns, ROC filings, and income tax submissions.
- Section 3A recognises electronic signatures listed in Schedule II — primarily Aadhaar eSign, an OTP-based remote signing method backed by the UIDAI's Aadhaar database. eSign is delivered by licensed eSign Service Providers (ESPs) like C-DAC, CDSL, and NSDL, who in turn integrate with the Controller of Certifying Authorities (CCA).
Schedule I of the Act lists a small set of documents that cannot be signed electronically — most notably negotiable instruments (other than cheques), powers of attorney for property, trusts, wills, and contracts for the sale of immovable property. For everything else, a properly executed e-signature is legally equivalent to a wet signature under Section 5 of the Act.
The eIDAS Regulation in one paragraph
The EU's framework is Regulation (EU) No 910/2014, known as eIDAS. Unlike the IT Act, eIDAS defines three distinct levels of electronic signature, each with progressively stricter requirements:
| Level | Acronym | What it is |
|---|---|---|
| Simple Electronic Signature | SES | Any digital signal of consent. Admissible but low evidence quality. |
| Advanced Electronic Signature | AES | Uniquely linked to the signer, under their sole control, tamper-evident. |
| Qualified Electronic Signature | QES | An AES via a QSCD with a qualified certificate from a QTSP on the EU Trust List. |
Article 25(2) of eIDAS gives QES a privileged status: it is legally equivalent to a handwritten signature in all 27 EU Member States, with no further formality required. Lower-level signatures (SES, AES) are admissible but their evidentiary weight is decided on a case-by-case basis by each court.
Side-by-side comparison
| Aspect | IT Act 2000 | eIDAS Regulation |
|---|---|---|
| Highest legal level | Aadhaar eSign / DSC (PKI) | QES (Qualified) |
| Identity proofing | Aadhaar OTP / CA KYC | Face-to-face or notified eIDV |
| Signature device | Server-side ESP / USB token | QSCD certified CC EAL4+ |
| Audit trail standard | Varies by ESP | ETSI EN 319 series |
| Certificate issuer | CA licensed by CCA | QTSP on EU Trust List |
| International recognition | India only (Section 35 partial) | EU-wide automatic (Article 25) |
| Typical cost | ₹10-50 (Aadhaar eSign) | €4-10 (QES) |
The cross-border gap: when one framework isn't enough
The single most underestimated fact in cross-border signing: an Aadhaar eSign has no legal value in the EU under eIDAS, and a generic SES signature on DocuSign has no Schedule-II equivalence in India. Each framework defines the highest legal weight differently, and they do not automatically translate.
Scenario 1: EU client requires eIDAS QES on the master contract
Your German pharma client sends you a Master Services Agreement and a Data Processing Addendum. Their procurement template specifies “Qualified Electronic Signature per Article 26 of Regulation (EU) 910/2014.” Aadhaar eSign cannot satisfy this — it is not delivered by a QTSP on the EU Trust List, and there is no QSCD in the loop. You need to sign via a QES path.
Scenario 2: Indian counterparty requires Aadhaar eSign on the local copy
Some Indian government tenders, banks, and regulated entities require Aadhaar eSign or a CCA-licensed DSC for the locally-filed counterpart of the contract. Your EU client signs the global version via QES; you sign the locally-filed counterpart via Aadhaar eSign or DSC. This is dual signing — one contract, two signature paths, two evidentiary records.
Scenario 3: Cross-border M&A side agreements
For high-stakes side agreements (representations and warranties, escrow instructions, closing checklists), most acquirers' counsels in the EU now insist on QES across the board. A single QES executed by both parties simplifies enforcement in any EU court without the need to prove cross-border equivalence.
The pragmatic rule: if any party to the contract is incorporated in the EU and the contract may be litigated in the EU, default to QES. The marginal cost of a QES (€9.90 at Certyneo) is negligible compared to the cost of having a signature rejected during due diligence.
Choosing the right signature level
- Is any party incorporated or operating in the EU?
No → IT Act framework is sufficient. Use Aadhaar eSign or DSC.
Yes → continue. - Is the contract value below €5,000 AND the contract type is low-risk (NDA, service order, MSA refresh)?
Yes → AES is typically sufficient. SES may be accepted but evidentiary weight is lower.
No → continue. - Does the contract touch personal data, regulated activity (finance, healthcare, telecom), or M&A?
Yes → QES is the safe choice. Lower levels expose you to procurement rejections and litigation risk.
No → AES is typically sufficient. Verify the counterparty's signature template. - Does the contract need to be filed with an Indian authority?
Yes → also obtain an Aadhaar eSign or DSC counterpart for the local filing.
No → QES alone is sufficient.
How Certyneo's eIDAS QES fits Indian businesses
Certyneo is a French Qualified Trust Service Provider listed on the European Union's official Trust List. We deliver eIDAS-qualified signatures designed for cross-border commerce, including Indian businesses signing with EU clients.
- Pay-per-use pricing at €9.90 per QES signature — no subscription, no minimums, no annual commitments.
- EU data residency in Frankfurt and Paris — your contract data never leaves the EU, satisfying GDPR and your EU client's data-protection clauses.
- Mobile-first identity proofing that works from any Indian state. The signer scans their Indian passport (mandatory for QES — Aadhaar is not accepted by eIDAS rules), confirms a live selfie, and the entire identification completes in 4 to 7 minutes.
- Audit trail compliant with ETSI EN 319 series — accepted by courts in all 27 EU Member States.
- Invoice in INR via Wise or Razorpay, with GST handling on your side.
For a deeper walkthrough of how this works in practice, see our guide on signing European contracts from India or the QES for Indian businesses overview.
Frequently asked questions
Is an Aadhaar eSign valid in France or Germany?
No. Aadhaar eSign is recognised under Section 3A of the Indian IT Act 2000 but is not on the EU Trust List, has no QSCD, and is not delivered by a QTSP. EU courts will treat it as a Simple Electronic Signature (SES) at best, with low evidentiary weight. For contracts that may be litigated in the EU, use eIDAS QES.
Is an eIDAS QES valid in India?
Yes, with a caveat. Section 35 of the IT Act 2000 allows the Controller of Certifying Authorities to recognise certificates issued by foreign certifying authorities, and Indian courts have admitted foreign-issued digital signatures backed by demonstrable PKI infrastructure. For tendered or government-filed contracts, also produce an Indian counterpart via Aadhaar eSign or DSC.
Do I always need both?
No. If your contract is purely between an Indian party and an EU party, and is governed by the law of an EU Member State or a neutral jurisdiction (Singapore, Switzerland), a single QES executed by both parties is typically sufficient. Dual signing is only needed when the contract must be filed with an Indian authority that mandates Schedule-II signatures.
What documents cannot be signed electronically under Indian law?
Schedule I of the IT Act 2000 excludes:
- Negotiable instruments (other than cheques)
- Powers of attorney for real property
- Trusts
- Wills and testamentary dispositions
- Contracts for the sale or conveyance of immovable property
How long does the eIDAS QES identity verification take from India?
For a first-time signer, plan for 4 to 7 minutes. The flow is fully online: scan your Indian passport (machine-readable zone), pose for a live selfie, and complete an OTP confirmation. Your identity is then bound to your QES certificate. Subsequent signatures are instant.
Can I sign on behalf of my company under eIDAS?
Yes. eIDAS supports both natural-person and legal-person signatures. For corporate signing, your QES certificate is issued in your individual name but the contract clearly identifies the legal entity you represent. Your role (Director, Authorised Signatory, etc.) is recorded in the audit trail.
Is my company exposed if I sign an EU contract with only Aadhaar eSign?
Yes. The contract may still be enforceable as a matter of substantive law, but proving the signature in an EU court will be costly and uncertain. EU procurement and legal teams increasingly reject Aadhaar eSign during onboarding for exactly this reason. The €9.90 cost of a QES is insurance against this risk.