eIDAS 2 Calendar: EU Deployment 2026-2027

Introduction: Why the eIDAS 2 Calendar is Critical for Your Organization

Since the entry into force of regulation (EU) 2024/1183 — commonly known as eIDAS 2 — the European framework for digital identity and electronic signature has undergone its most profound transformation since 2014. While the revised text is formally adopted, its operational deployment, spanning 2024 to 2027, now commands the attention of CISOs, legal counsel, and compliance officers. Understanding the official deployment calendar for eIDAS 2 regulation across the European Union enables you to anticipate obligations, secure your contractual processes, and avoid any compliance gaps. This article deciphers the key stages, expected implementing acts, and concrete impacts for French and European businesses.

---

1. Reminder: What is eIDAS 2 and Why This Revision?

1.1 The Limitations of eIDAS 1 (2014)

The original eIDAS regulation (No. 910/2014) laid the foundations for digital trust in Europe: mutual recognition of electronic signatures, creation of qualified (QES), simple (SES), and advanced (AdES) levels, and accreditation of trust service providers (TSP). However, a decade of implementation revealed several major gaps:

• National Fragmentation: fewer than 19% of European citizens used a cross-border electronic identification scheme in 2022 according to the European Commission.
• Absence of Digital Identity Wallet: eIDAS 1 did not provide for a universal instrument allowing each citizen or business to prove their identity online across all member states.
• Partial Coverage: qualified electronic archiving services or attribute attestations were not harmonized.

1.2 The Structural Contributions of eIDAS 2

Adopted on April 11, 2024 and published in the Official Journal of the EU on April 30, 2024, regulation (EU) 2024/1183 introduces notably:

• The European Digital Identity Wallet (EUDI Wallet): digital identity wallet that each member state must offer to its citizens.
• New Qualified Trust Services: qualified electronic attribute attestations, qualified electronic archiving, remote signature creation device management.
• Extension of Scope: large online platforms (within the meaning of the DSA regulation) will be required to accept the EUDI Wallet for user authentication.
• Strengthened Governance: creation of a stricter compliance certification framework for TSPs.

To deepen your understanding of the regulation's fundamentals, our complete guide to eIDAS 2.0 details all regulatory developments.

---

2. The Official eIDAS 2 Deployment Calendar: Stages and Key Dates 2024-2027

eIDAS 2 regulation structures its entry into application around a multi-stage mechanism: entry into force, implementing acts of the Commission, national transposition, and effective deployment of tools. Here is the official roadmap.

2.1 Phase 1 — Entry into Force and Delegated Acts (May 2024 – End 2025)

| Date | Stage | |---|---| | April 30, 2024 | Publication of regulation (EU) 2024/1183 in the OJEU | | May 20, 2024 | Official entry into force (D+20 after publication) | | Q3-Q4 2024 | Launch of working groups on implementing acts (eIDAS 2 Toolbox) | | End 2024 | Publication of first technical specifications for EUDI Wallet (ARF — Architecture Reference Framework v1.4) | | Q1-Q2 2025 | Commission implementing acts on technical specifications of wallets (12-month deadline provided by article 5a) | | Q3 2025 | Implementing acts relating to new qualified trust services |

The European Commission published in January 2025 the first batch of implementing acts on the common technical specifications of the EUDI Wallet. These texts constitute the mandatory technical basis for member states.

2.2 Phase 2 — Pilot Project Rollout and National Transpositions (2025-2026)

As part of the Large Scale Pilots (LSP) program, four consortiums have tested the EUDI Wallet since 2023 on over 360 use cases across 25 member states:

• EU Digital Identity Wallet Consortium (EUDIW) — 140+ entities
• NOBID — focused on digital payments
• POTENTIAL — identity and attributes
• DC4EU — diplomas and professional qualifications

The results of these pilots directly feed into the implementing acts. On the national level, member states have 24 months from the entry into application of implementing acts to deploy their national wallet. In practice, this means that the vast majority of national deployments are expected between mid-2026 and end 2026.

| Period | Expected Actions | |---|---| | Q1-Q2 2026 | Final adoption of outstanding implementing acts (qualified archiving, attribute attestations) | | Q2 2026 | First production versions of EUDI Wallets in pioneer states (Germany, Netherlands, Spain) | | Q3-Q4 2026 | Progressive rollout across all 27 member states — opening to professional users | | End 2026 | Obligations to accept EUDI Wallet for online public services (art. 5b) |

France, via the National Information Systems Security Agency (ANSSI) and the Interministerial Digital Directorate (DINUM), began its adaptation work in 2025. The French wallet project builds on France Identité as its technical foundation.

2.3 Phase 3 — Acceptance Obligations for the Private Sector (2027)

This is the most impactful stage for businesses. Article 5b of eIDAS 2 requires that certain private sector providers accept the EUDI Wallet for online identification in the following domains:

• Banking and financial services (account opening, KYC)
• Mobility (transport, vehicle rental)
• Energy (consumer contracts)
• Very large online platforms (as defined by the DSA, > 45 million monthly active users in the EU)
• Telecommunications

The mandatory acceptance deadline is set at 12 months after the wallet becomes available in each member state, placing the real deadline for most sectors in the first half of 2027.

For businesses already using electronic signature solutions compliant with eIDAS, the challenge is ensuring the compatibility of their document workflows with new identity attributes from digital wallets.

---

3. Impact on Trust Service Providers (TSP) and SaaS Editors

3.1 New Obligations for Qualified TSPs

Qualified trust service providers (QTSP) must update their certification practices to integrate the new service categories introduced by eIDAS 2:

• Qualified Electronic Attribute Attestations: digital driving license, diplomas, professional qualifications
• Qualified Electronic Archiving: service guaranteeing long-term integrity of signed documents
• Remote Signature Creation Device Management (RQSCD): clarified framework for cloud-based solutions

QTSPs have until 18 months after publication of revised ETSI standards (expected Q2-Q3 2026) to comply with new technical requirements, positioning the first effective re-certifications in 2027.

3.2 What This Means for User Businesses

If your organization uses a SaaS electronic signature provider — whether a certified QES solution or an advanced signature tool — several compliance questions arise immediately:

1. Is Your Provider Updating Its Certification to integrate eIDAS 2 requirements?
2. Are Your Signature Workflows ready to receive identities from EUDI Wallets?
3. Does Your Archiving Policy meet future requirements for qualified electronic archiving?

Our analyses of the comparison of electronic signature solutions now integrate eIDAS 2 roadmap as a key differentiating factor.

3.3 Technical Reference Standards

ETSI (European Telecommunications Standards Institute) is responsible for producing the harmonized standards on which eIDAS 2 relies. The 2025-2027 work program covers notably:

• ETSI EN 319 411-1 and -2 (revised): policies and requirements for TSPs issuing certificates
• ETSI EN 319 132-1 (XAdES) and EN 319 122-1 (CAdES): advanced and qualified signature formats
• ETSI TS 119 500: trust framework for qualified electronic archiving services
• ISO/IEC 18013-5: mDL (mobile Driving Licence) attribute presentation protocol, adopted as the technical basis of EUDI Wallet

---

4. eIDAS 2 Calendar in France: Current Status and Specific Obligations

4.1 ANSSI's Role in National Governance

In France, ANSSI is the supervisory authority for trust service providers under eIDAS. In the context of eIDAS 2, it pilots:

• Adaptation of the general security reference framework (RGS) to integrate new qualified services
• Participation in eIDAS cooperation group work (article 46e of the regulation)
• Supervision of compliance audits for French QTSPs

ANSSI published in March 2025 a national roadmap specifying the steps for adapting the French framework to eIDAS 2, with a checkpoint scheduled for September 2026.

4.2 Obligations for Large French Businesses

French businesses exceeding DSA thresholds or operating in sectors targeted by article 5b must begin an impact analysis now. Recommended steps are:

1. Map Identification Flows: identify processes where digital identity is required (KYC, contract signing, customer portal access)
2. Evaluate Current Providers: verify their eIDAS 2 compliance roadmap
3. Update Terms and Signature Policies: anticipate integration of identity attributes from EUDI Wallets
4. Train Legal and IT Teams: the technical and legal framework is changing significantly

For businesses managing large contract volumes, enterprise electronic signature tools must be evaluated for their ability to evolve toward eIDAS 2 without service interruption.

4.3 Articulation with Other European Regulations

eIDAS 2 deployment does not occur in isolation. It articulates closely with:

• The GDPR (2016/679): identity attributes contained in EUDI Wallets constitute personal data subject to principles of minimization and purpose limitation
• NIS 2 Directive (2022/2555): TSPs are essential entities under NIS 2 and must meet enhanced cybersecurity requirements
• DORA Regulation (2022/2554): financial institutions using trust services for digital operations must integrate these dependencies into their ICT risk mapping
• Data Regulation (Data Act, 2023/2854): interoperability of identity data across sectors

Businesses already engaged in NIS 2 compliance will find significant synergies with eIDAS 2 compliance, particularly on risk management and business continuity.

---

5. Prepare Your Organization Now: The 2026 Checklist

5.1 For Legal and Compliance Departments

• [ ] Read regulation (EU) 2024/1183 in its consolidated version and identify applicable articles for your sector
• [ ] Map contracts and processes requiring updates (signature clauses, retention policies)
• [ ] Verify cross-border legal validity of your current electronic signatures in eIDAS 2 context
• [ ] Anticipate integration of qualified attribute attestations (e.g., professional qualification verification for notarial or medical acts)

5.2 For IT Departments

• [ ] Assess compatibility of your technical stack with EUDI Wallet protocols (OpenID4VP, ISO 18013-5)
• [ ] Identify APIs to update with your electronic signature editors
• [ ] Plan integration tests with available pilot wallets in 2026
• [ ] Set up monitoring for Commission implementing acts (notifications in the Official Journal of the EU)

5.3 For Business Departments

Expected gains from well-anticipated compliance are concrete: reduced friction in signature processes through pre-verified identity from EUDI Wallet, accelerated KYC processes, and reduced identity verification costs. To evaluate your transition's return on investment, our electronic signature ROI calculator integrates parameters specific to eIDAS 2 compliance.

Finally, organizations considering migration from other solutions to a platform natively prepared for eIDAS 2 can consult our migration guide from DocuSign or YouSign to Certyneo, which details the technical and contractual steps of a seamless transition.

Applicable Legal Framework for eIDAS 2 Deployment

Founding Texts and Hierarchy of Norms

eIDAS 2's deployment is part of a stratified legal corpus, mastery of which is essential for any organization subject to compliance obligations.

Regulation (EU) 2024/1183 of the European Parliament and of the Council — called "eIDAS 2" — is the reference standard. It repeals and replaces regulation (EU) No. 910/2014 (eIDAS 1) on the points it revises, while maintaining the validity of existing certifications during transition periods provided for in articles 51 et seq. Published in the Official Journal of the EU Series L on April 30, 2024, it entered into force on May 20, 2024.

French Civil Code, articles 1366 and 1367, establish recognition of electronic signature as equivalent to handwritten signature when it meets conditions of signatory identification and document integrity. These provisions are interpreted in light of European eIDAS law, which takes precedence by virtue of the supremacy principle of Union law.

Regulation (EU) 2016/679 (GDPR) applies in full to personal data processing carried out within the EUDI Wallet and trust services framework. Identity attributes (biographical data, qualifications, licenses) constitute personal data within the meaning of article 4 §1 of the GDPR. The minimization principle (art. 5 §1 c) is particularly relevant: providers must only collect attributes strictly necessary for the transaction's purpose.

Directive (EU) 2022/2555 (NIS 2), transposed into French law by law No. 2024-449 of May 21, 2024, classifies qualified trust service providers among essential entities subject to enhanced obligations for cyber risk management, incident notification, and supply chain security.

ETSI Standards constitute the technical reference framework for eIDAS 2:

• ETSI EN 319 401: general requirements for TSPs
• ETSI EN 319 411-1/-2: policies for TSPs issuing qualified certificates
• ETSI EN 319 132-1: XAdES format (XML advanced signatures)
• ETSI EN 319 122-1: CAdES format (CMS advanced signatures)
• ETSI EN 319 162-1: ASiC format (signature containers)

Legal Risks in Case of Non-Compliance

Failure to comply with eIDAS 2 obligations exposes organizations to several risks:

1. Signature Unenforceability: an electronic signature executed via a non-compliant TSP may lose the legal presumption of validity, calling into question the evidentiary value of signed contracts.
2. Administrative Sanctions: national supervisory authorities (ANSSI in France) may impose corrective measures, compliance orders, or even withdrawal of accreditation for TSPs.
3. Contractual Liability: businesses using non-compliant tools may incur liability to their clients and partners if a dispute arises concerning the validity of an electronically signed document.
4. Cumulative GDPR Exposure: non-compliant management of EUDI Wallet identity attributes may simultaneously expose organizations to CNIL sanctions (up to 4% of annual global turnover).

Concrete Use Scenarios Facing the eIDAS 2 Calendar

Scenario 1 — A Mid-Size Law Firm Managing Cross-Border Transactions

A corporate law firm with about fifteen attorneys regularly handling M&A transactions involving counterparties in multiple EU member states (Belgium, Netherlands, Spain) currently uses a qualified electronic signature solution for equity transfer documents and confidentiality agreements. With eIDAS 2's deployment calendar entry, the firm anticipates two major developments by end 2026:

• Simplified Identity Verification: foreign counterparties will be able to present their identity attributes through their national EUDI Wallet, eliminating passport copy exchanges and redundant KYC procedures. According to estimates from Commission reports on LSPs, the time savings in the identity verification phase are estimated at 40% to 60% depending on jurisdictions involved.
• Enhanced Evidentiary Value: documents signed with identities attested by qualified EUDI Wallets will benefit from an even more robust legal presumption, reducing litigation risk in cross-border disputes.

The firm plans to migrate to a SaaS platform with a documented eIDAS 2 roadmap before Q3 2026, approximately six months before the first acceptance obligations.

Scenario 2 — An Industrial SME Managing High-Volume Supplier Contracts

An industrial equipment SME managing about 250 supplier contracts annually, with 30% involving European partners outside France, faces growing identity verification constraints when onboarding new suppliers. The current process — request for business registration, identity copy of legal representative, manual verification — requires an average of 2.5 hours per file according to procurement federation sector benchmarks.

With EUDI Wallet integration into its signature workflow by 2027, the SME projects:

• A 55 to 70% reduction in time spent on identity verification thanks to qualified attribute attestations (registration number, legal representation)
• An 80% decrease in document follow-up requests with foreign suppliers
• Enhanced document fraud protection, with attributes being cryptographically verifiable

The SME has identified the need to update its general purchasing conditions to reference eIDAS 2 attestations, in coordination with its legal counsel.

Scenario 3 — A Hospital Group Anticipating Compliance for Digital Medical Acts

A hospital group with approximately 900 beds across three sites must manage electronic signature of sensitive medical documents: informed consents, prescriptions, operative reports, and contracts with care providers. French regulations require qualified signature for certain medical acts with significant legal implications.

In anticipation of the eIDAS 2 calendar, the group anticipates the arrival of qualified attribute attestations for healthcare professional qualifications (RPPS number, specialty, practice establishment), which will enable:

• Automated verification of signatory quality (physician, surgeon, pharmacist) without manual verification in professional directories
• Reduced error risk in signature attribution during substitutions and on-call shifts
• Facilitated portability of digital medical records between establishments, within the European health data space (EHDS)

The group estimates that integrating EUDI Wallet flows into its hospital information system (HIS) represents a 12 to 18-month project, justifying launch of technical studies by Q3 2026 for production implementation before sector-specific acceptance obligations.

Conclusion

The deployment schedule for eIDAS 2 regulation across the European Union is now clearly marked: implementing acts being finalized in 2026, deployment of national EUDI Wallets between mid-2026 and end 2026, and acceptance obligations for the private sector from the first half of 2027. This roadmap leaves a concrete window of action for French and European businesses, provided that compliance analysis, provider evaluation, and contractual process updates are initiated now.

Waiting until 2027 to achieve compliance risks an urgent transition, with attendant costs and legal risks. Certyneo, designed natively for eIDAS requirements and with an active roadmap toward eIDAS 2, supports you starting today in this transition. Start free on Certyneo and secure your document flows in compliance with the European digital trust framework.