eIDAS 2: The New European Regulation Explained in 2026

Introduction: Why eIDAS 2 Changes Everything for European Businesses

Entering into force on May 20, 2024, after a lengthy legislative process, the eIDAS 2 regulation — officially named Regulation (EU) 2024/1183 — represents the most ambitious reform ever undertaken in the field of electronic identification and trust services in Europe. It repeals and partially replaces the original eIDAS regulation of 2014 (No. 910/2014), while maintaining backward compatibility with existing infrastructure. For businesses that rely on eIDAS-compliant electronic signatures, this overhaul introduces new obligations, unprecedented opportunities, and a tight compliance timeline through 2026 and beyond. This article decrypts in depth the key provisions of the text, their operational implications, and how your organization can prepare for them.

---

What the eIDAS 2 Regulation Fundamentally Changes

From the 2014 Regulation to the 2024 Version: A Structural Overhaul

The original 2014 eIDAS regulation had laid the groundwork for mutual recognition of electronic identification schemes between Member States and established a unified legal framework for trust services (signature, seal, time-stamp, etc.). But ten years later, the shortcomings were glaring: low adoption rate of notified eIDs, fragmentation of national solutions, absence of a universal digital wallet for citizens, and above all inadequacy for web usage (GAFAMs excluded from the trust framework).

eIDAS 2 corrects these gaps along three major axes:

1. The European Digital Identity Wallet (EUDI Wallet) — each Member State must provide, by November 2026 at the latest, a digital wallet application enabling every European citizen or resident to securely store and present their identity attributes (identity card, driver's license, diplomas, etc.).
2. The expansion of qualified trust services — the text adds new qualified services: qualified electronic archiving services (QESAP), qualified electronic attestations of attributes (QEAA), qualified electronic ledgers (QLED), and remote signature creation device management services (QRCD).
3. The obligation for large platforms — providers of large online services (social networks, marketplaces) must accept the EUDI wallet for user authentication.

The EUDI Wallet: Architecture and Operation

The EUDI Wallet is at the heart of eIDAS 2. Concretely, it is a software application — delivered or certified by each Member State — based on a decentralized model for selective attribute presentation. The user only transmits data strictly necessary for the transaction (minimization principle, compliant with GDPR).

From a technical standpoint, the architecture is based on the Architecture Reference Framework (ARF), published by the European Commission and regularly updated by the Large Scale Pilot (LSP) which brings together four pilot consortiums (DC4EU, EWC, POTENTIAL, NOBID). The data formats adopted are primarily ISO/IEC 18013-5 (mDL/mDocs) and W3C Verifiable Credentials, ensuring cross-border interoperability.

For businesses, this means they will, in due course, be able to verify the identity of their customers or partners via the wallet without managing themselves the collection of supporting documents — thus significantly reducing KYC (Know Your Customer) friction and documentary fraud risks.

---

Trust Levels and the Signature Hierarchy: What Changes

Maintenance of the QES / AdES / SES Hierarchy

The electronic signature regime remains structured around three levels defined in Article 3 of eIDAS 2 (repeating the 2014 terminology but clarifying technical requirements):

• Simple Electronic Signature (SES): minimal probative value, suitable for routine acts.
• Advanced Electronic Signature (AdES): exclusive link to the signer, ability to detect any subsequent modification.
• Qualified Electronic Signature (QES): legal equivalent to handwritten signature throughout the EU (Article 25§2), issued via a qualified signature creation device (QSCD) on the basis of a qualified certificate.

The novelty lies in how QES can now be delivered via qualified remote signature creation services (QRCD), whose approval conditions are specified in Articles 29a and 29b of the revised text. This opens the way to 100% digital workflows for the most demanding acts — notarized contracts, electronic authenticated instruments — without requiring a physical smart card.

The Impact on Qualified Trust Service Providers (QTSP)

Providers such as Certyneo, which operate by relying on certified QTSPs, must anticipate the new audit requirements introduced by eIDAS 2. Article 24 now imposes enhanced controls on the subcontracting chain, and security incident notification requirements are explicitly aligned with those of the NIS2 directive (24-hour initial notification deadline). To deepen the understanding of the different signature levels in a B2B context, consult our comprehensive guide on electronic signatures in business.

---

Deployment Timeline and Business Obligations in 2025–2026

Key Deployment Milestones

Regulation (EU) 2024/1183 was published in the Official Journal of the EU on April 30, 2024, and entered into force on May 20, 2024. The implementing and delegated acts — essential for clarifying technical requirements — are published progressively:

| Deadline | Obligation | |---|---| | May 2024 | Entry into force of the regulation | | End of 2024 | Publication of implementing acts on ARF v2.0 | | Mid-2025 | Certification of first pilot EUDI Wallets | | November 2026 | Mandatory availability of an EUDI Wallet in each Member State | | 2027 | Mandatory acceptance by large online platforms |

What B2B Businesses Must Do Right Now

For businesses using electronic signature solutions, three priorities are essential in 2025–2026:

1. Audit their trust chain: verify that their signature provider is indeed listed on the Trusted List of their Member State, and that the certificates used comply with the revised ETSI EN 319 401 and EN 319 411-1 specifications.

2. Anticipate EUDI Wallet integration: businesses operating in regulated sectors (banking, insurance, health, real estate) will be among the first affected by identity verification flows via wallet. Preparing API integration as early as 2025 is recommended.

3. Review their retention policies: the new qualified electronic archiving service (QESAP) introduces long-term preservation standards that may become mandatory in certain sectors (public procurement, pharmaceutical sector). Our ROI calculator for electronic signatures allows you to assess the financial impact of upgrading your document infrastructure.

---

Interoperability, GDPR, and Digital Sovereignty Issues

eIDAS 2 and GDPR: Strengthened Complementarity

One of the major advances of eIDAS 2 is the explicit integration of data protection principles from the outset (privacy by design) in the EUDI wallet architecture. Article 5a§14 provides that the wallet does not allow providers to track user behavior during transactions. Issuers of qualified identity attributes (QEAA) are not informed of how the issued attestations are used — which constitutes a major break from current centralized models.

This architecture is called unlinkability (non-correlatability): two separate transactions by the same user cannot be linked without their consent. This guarantee exceeds GDPR minimum requirements while articulating perfectly with them.

The Geopolitical Dimension: Reclaiming Control over Online Identity

eIDAS 2 also responds to a sovereignty issue. Today, online authentication heavily relies on "Sign in with Google/Facebook/Apple" buttons, giving American tech giants a dominant position in managing European digital identities. By requiring very large platforms (within the scope of the Digital Services Act) to accept the EUDI Wallet as an authentication means, eIDAS 2 creates an interoperable and sovereign alternative.

For B2B businesses, this also means that eIDAS 2 compliance can become a supplier selection criterion in public and private tenders — similar to what ISO 27001 certification represents today in purchasing processes. If your organization is considering upgrading your current solution, our guide to migrating from DocuSign or YouSign to Certyneo outlines the steps for a controlled transition.

Legal Framework Applicable to eIDAS 2 and Electronic Signatures

Reference Texts

Regulation (EU) 2024/1183 of the European Parliament and of the Council of April 11, 2024, amending Regulation (EU) No. 910/2014 regarding the establishment of the European framework for digital identity (eIDAS 2). Published in the OJEU on April 30, 2024, entered into force on May 20, 2024.

Regulation (EU) No. 910/2014 (eIDAS 1): remains in force for its unmodified provisions, in particular the articles relating to "low," "substantial," and "high" assurance levels for notified identification schemes.

French Civil Code, Articles 1366 and 1367: electronic writing has the same probative force as paper writing provided that the person from whom it emanates is duly identified and the document is established under conditions guaranteeing its integrity. Qualified electronic signature (QES) within the meaning of eIDAS 2 meets these requirements by operation of law.

Regulation (EU) 2016/679 (GDPR): the processing of identity data within the EUDI wallet framework is subject to the principles of minimization (Art. 5§1c), purpose limitation (Art. 5§1b), and privacy by design (Art. 25). Qualified service providers exercise the status of separate data controllers for verification operations.

Directive (EU) 2022/2555 (NIS2): transposed into French law by Order No. 2024-528 of June 12, 2024, it imposes on qualified trust service providers obligations for risk management and incident notification within 24 hours.

ETSI Standards:

• EN 319 132 (XAdES) and EN 319 122 (CAdES): advanced electronic signature formats.
• EN 319 401: general requirements for trust service providers.
• EN 319 411-1 and 411-2: policy and security requirements for CAs issuing qualified certificates.
• EN 319 521: requirements for qualified signature preservation services (QESAP).

Legal Obligations and Risks for Businesses

Any business using electronic signatures in a contractual context must ensure that the signature level chosen is appropriate to the value and nature of the act. For acts subject to a legal requirement for a signature (promises of sale, employment contracts, purchase orders exceeding certain thresholds), only QES or AdES based on a qualified certificate provides the presumption of reliability referred to in Article 26 of eIDAS 2.

In case of dispute, the burden of proof is reversed: if the signature is qualified, it is up to the party contesting the document to prove its alteration; if it is simple or advanced without a qualified certificate, the burden of proof rests on the signer who invokes it. Non-compliance with traceability and integrity requirements may result in the nullity of the act or the unenforceability of the signature against a third party.

Usage Scenarios: eIDAS 2 Applied to B2B Businesses

Scenario 1 — A Digital Transformation Consulting Firm (Approximately 80 Consultants)

A consulting firm deploying its employees at clients in several Member States (France, Germany, Netherlands) must have consultants sign dozens of mission orders, contract amendments, and acceptance minutes each month. Before eIDAS 2, managing cross-border identities created friction: some German clients refusing to recognize certificates issued by a French QTSP, double authentication via email being insufficient for sensitive acts.

With the EUDI Wallet rollout in 2026, consultants will be able to sign from their national wallet — recognized by operation of law in all Member States — without any friction. The firm estimates a 60 to 70% reduction in time spent on document verification exchanges prior to signature, roughly 3 to 4 hours saved per consultant per month according to sector benchmarks published by McKinsey Digital (2024).

Scenario 2 — An Industrial SME Managing 350 Supplier Contracts per Year

An SME in the industrial equipment sector, working with approximately a hundred European and Asian suppliers, must formalize purchase orders, confidentiality agreements (NDAs), and framework contracts. So far, 30% of these documents came back unsigned or with delays exceeding 10 business days.

By adopting an electronic signature solution compliant with eIDAS 2 with identity verification via qualified attributes (QEAA), the SME can impose a signature workflow where the identity of the supplier's legal representative is automatically verified via the EUDI wallet, without manual entry. Expected result: average signature delay reduced from 10 days to less than 48 hours, and 40% decrease in disputes related to non-compliant signatures, based on ranges observed in ELENIUS 2025 reports on B2B digitalization.

Scenario 3 — A Real Estate Group Managing Sale Compromises in Multiple Countries

A network of real estate agencies operating in France, Spain, and Portugal must regularly have sellers and buyers of different nationalities sign preliminary contracts. QES is required in certain contexts to guarantee equivalence with a handwritten signature before a notary.

Thanks to eIDAS 2 and EUDI wallet interoperability, a Portuguese buyer can sign a compromise governed by French law using their national wallet, with a "high" assurance level automatically recognized by the signature platform. The group reduces its travel and legalization costs by approximately 800 to 1,200 euros per cross-border file, while reducing the time to conclusion of preliminary contracts from 3 weeks to 5 days on average. For sector-specific uses, our page dedicated to electronic signatures in real estate details adapted workflows.

Conclusion

eIDAS 2 is not merely a regulatory update: it is a profound overhaul of how digital identity and electronic trust function in Europe. The EUDI Wallet, new qualified services, the interoperability requirement, and alignment with NIS2 and GDPR form a coherent ecosystem that will transform contract and authentication processes for businesses by end of 2026.

To remain compliant and competitive, B2B organizations must act now: audit their trust chain, select a provider aligned with new requirements, and prepare their document flows for integration with the European digital wallet.

Certyneo supports you through this transition with eIDAS 2-compliant qualified electronic signature solutions, ready for 2026. Request a demo or create your account on Certyneo to secure your contracts today.