Qualified eIDAS Providers: The Official List 2026

Why is the "qualified" eIDAS status decisive for your business?

Since the entry into force of the eIDAS Regulation (No. 910/2014), the European electronic signature market has been deeply restructured around a three-tier hierarchy: simple electronic signature (SES), advanced electronic signature (AES), and qualified electronic signature (QES). The latter is the only one to benefit from a legal presumption of equivalence with handwritten signature throughout all Member States of the European Union.

For a company to be able to offer qualified signatures, it must imperatively have been audited and registered on the Trust List of its Member State. In France, it is the National Agency for Information Systems Security (ANSSI) that maintains this official register, republished in turn in the centralized European list managed by the European Commission.

Understanding this architecture is fundamental before signing any sensitive commercial contract. To learn more about the regulatory foundations, our comprehensive guide to eIDAS Regulation 2.0 details all the obligations and changes introduced by the revised eIDAS 2.0 Regulation (EU Regulation 2024/1183).

---

How are qualified trust service providers certified?

The path to Qualified Trust Service Provider (QTSP) status is demanding. It involves an audit conducted by an accredited Conformity Assessment Body (CAB), according to ETSI EN 319 401 (general requirements) and ETSI EN 319 411-2 standards for qualified certificates.

ANSSI qualification steps

1. Qualification file submission: the provider submits its technical, security and organizational documentation to ANSSI.
2. Audit by an accredited CAB: a third-party organization — such as Bureau Veritas, LSTI or Apave Certification — verifies compliance on-site and on documents.
3. Qualification decision: ANSSI pronounces the qualification and registers the provider on the French Trust List (TL-FR).
4. Periodic renewal: the qualification is re-evaluated, generally every two years, to ensure compliance is maintained.

What does the audit concretely verify?

The auditor examines in particular:

• The physical security of data centers hosting cryptographic keys (HSM modules certified CC EAL 4+ or FIPS 140-2 Level 3 minimum) ;
• The certification policies (CP) and certification practice statements (CPS) published by the provider ;
• The procedures for identity verification of signatories (face-to-face or remote identity verification compliant with EN 419 241-1 standard) ;
• Revocation management and availability of OCSP/CRL services.

These criteria explain why only a handful of players achieve and maintain this level of certification in France.

---

The qualified eIDAS providers registered in France in 2026

The official list of qualified providers can be consulted at any time on the official portal of the European Commission (eidas.ec.europa.eu/efts), filtering by "France" and the service "QCertESig" (Qualified Certificate for Electronic Signature). Here are the players that were listed in the register at the time of writing this article (June 2026):

French actors registered on the Trust List

| Provider | Type of qualified service | Particularity | |---|---|---| | Certigna (Dhimyotis) | Qualified certificates, qualified time-stamping | La Poste Group, eIDAS certified since 2016 | | Certinomis | Qualified certificates | La Poste subsidiary, focused on public sector | | ChamberSign France | Qualified certificates | Network of Chambers of Commerce and Industry, strong SME/TPE anchoring | | Keynectis / DocuSign France | Qualified certificates | Acquired by DocuSign, maintenance of ANSSI label | | Universign (Tessi) | Qualified certificates, time-stamping | Market pioneer, integrated into Tessi group | | Entrust (ex-Datacard) | Qualified certificates | International player, Trust List multi-Member States | | Oodrive Sign | Qualified certificates | French sovereign publisher, qualified SecNumCloud |

> Disclaimer: this list is provided for informational purposes only. Only the official Trust List of the European Commission is authoritative. Always verify the current status on the ETSI portal before any contractual commitment.

Foreign providers recognized in France via the European Trust List

By virtue of the principle of mutual recognition set out in Article 25 of the eIDAS Regulation, a qualified signature issued by a QTSP registered on the Trust List of another Member State produces the same legal effects in France. Among frequently used non-French players:

• Namirial (Italy): strong in remote qualified signature (QES remote signing) ;
• SwissSign (Switzerland): note that Switzerland is not an EU member; recognition is partial ;
• Qualified.one / Asseco Data Systems (Poland): European public player, frequent in cross-border markets.

To compare these solutions according to your business needs, consult our comparison of electronic signature solutions which analyzes the criteria of price, compliance and API integration.

---

How to choose the right qualified eIDAS provider for your organization?

Being listed on the Trust List is a necessary condition, but not sufficient. The choice of a QTSP must be based on several complementary criteria.

Technical and integration criteria

• REST API or SDK available: essential to automate signature in your business workflows (ERP, HRIS, CRM) ;
• Supported signature formats: PAdES for PDFs, XAdES for XMLs, CAdES for binary files — all standardized by ETSI EN 319 100 ;
• Service availability: SLA greater than 99.9% contractually guaranteed, with maintenance windows scheduled outside business hours ;
• Data hosting: prefer hosting in France or in the EU, ideally qualified SecNumCloud for sensitive data.

Legal and compliance criteria

• Verify that the provider provides an up-to-date qualification report (less than 24 months old) ;
• Require a published certification policy (CP) publicly accessible and audited ;
• Ensure that the general terms and conditions explicitly provide for the issuance of qualified certificates within the meaning of Annex I of the eIDAS Regulation.

Operational and support criteria

• Signatory enrollment procedure: face-to-face at an agency, eIDAS-compliant video identification or NFC from an electronic identity document ;
• Support in your language with contractual response times ;
• Training and documentation available for your legal and IT teams.

If your organization manages significant HR document flows, our dedicated page on electronic signature for HR teams details specific use cases (employment contracts, amendments, onboarding) and recommended signature levels by document type.

---

eIDAS 2.0: what changes for qualified providers in 2026?

The eIDAS 2.0 Regulation (EU Regulation 2024/1183, progressively entering into force since May 2024) introduces several structural changes that directly impact QTSPs and their clients.

The European Digital Identity Wallet (EUDI Wallet)

Article 6a of the revised Regulation requires Member States to provide, by September 2026, a digital identity wallet (EUDI Wallet) recognized throughout the EU. For qualified providers, this means:

• The obligation to accept identity attributes issued from the wallet as proof of identity for signatory enrollment ;
• The emergence of a new qualified service: the issuance of qualified electronic attestations of attributes (Qualified Electronic Attestation of Attributes, QEAA).

New qualified services and scope expansion

eIDAS 2.0 expands the list of qualified trust services to include:

• Qualified electronic archiving services (QPDS, article 45f) ;
• Remote signature creation device management services (QRCD).

These changes represent both a compliance constraint (tight deadlines for existing providers) and an opportunity for differentiation for new entrants capable of quickly integrating the technical specifications published by ENISA and ETSI.

For organizations considering migration from an existing platform to a more compliant solution, our migration guide from DocuSign or YouSign to Certyneo presents concrete steps and regulatory vigilance points.

Legal framework applicable to qualified eIDAS providers

eIDAS Regulation and European law

The legal foundation is the Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014 on electronic identification and trust services for electronic transactions in the internal market (known as the "eIDAS Regulation"), as amended by Regulation (EU) 2024/1183 (eIDAS 2.0). This Regulation is directly applicable in all Member States without national transposition.

Its key provisions for qualified providers:

• Article 17: obligation for each Member State to designate a supervisory body (in France, ANSSI) ;
• Article 20: procedure for supervision, audit and registration on the Trust List ;
• Article 25: presumption of equivalence between QES and handwritten signature, with guaranteed legal effect throughout the EU ;
• Annex I: requirements relating to qualified certificates for electronic signature ;
• Annex II: requirements relating to qualified signature creation devices (QSCD).

French law

Under domestic law, electronic signature is governed by:

• Civil Code, articles 1366 and 1367: Article 1366 recognizes the evidentiary value of electronic writing provided it guarantees the author's identity and document integrity. Article 1367 specifies that electronic signature consisting of a reliable identification process benefits from a presumption of reliability when created in accordance with the implementing decree ;
• Decree No. 2017-1416 of September 28, 2017: defines the conditions under which qualified electronic signature is presumed reliable in France, explicitly referring to the eIDAS Regulation ;
• Ordinance No. 2005-674 of June 16, 2005 on the accomplishment of certain contractual formalities electronically.

Personal data protection

Enrollment and signature processes involve the processing of personal data (identity data, biometrics for video identification). The qualified provider is subject to Regulation (EU) 2016/679 (GDPR) and must in particular:

• Appoint a DPO if processing is on a large scale ;
• Document processing in the CNIL register ;
• Govern transfers outside the EU with appropriate safeguards (standard contractual clauses, adequacy decision).

Cybersecurity and resilience

Since October 2024, the NIS2 Directive (2022/2555/EU) applies to qualified trust service providers, classified as essential entities. They must implement cyber risk management measures, notify significant incidents to ANSSI within 24 hours, and undergo regular audits. Non-compliance exposes them to fines up to 10 million euros or 2% of annual global turnover.

Reference technical standards

• ETSI EN 319 401: general requirements for trust service providers ;
• ETSI EN 319 411-2: policy profile for qualified certificates ;
• ETSI EN 319 132: XAdES signature formats ;
• ETSI EN 319 122: CAdES signature formats ;
• ETSI EN 319 162: PAdES signature formats (PDF).

Use scenarios: when is qualified eIDAS signature essential?

Scenario 1 — A law firm managing high-value private deeds

A business law firm of about twenty collaborators handles several dozen transfers of business shares, settlement agreements and representations and warranties agreements (R&W) each month. These deeds often commit sums well over several hundred thousand euros and may be challenged in court.

Before migrating to a qualified eIDAS provider, the firm used an advanced signature solution (AES), which was sufficient for most routine deeds. After an incident where the other party contested the authenticity of a signature during litigation, the firm chose QES for all high-stakes deeds. Result: 90% reduction in time spent producing signature evidence during contentious proceedings, thanks to the conclusive legal presumption attached to QES. The unit surcharge per signature (approximately 2 to 5 € depending on volumes) was entirely offset by lower litigation costs.

Scenario 2 — A mid-sized industrial company managing cross-border supplier contracts

A mid-sized industrial company (ETI) in the equipment sector, with suppliers established in France, Germany, Italy and Poland, had to send its framework contracts by postal mail or organize in-person signature meetings, generating delays of 10 to 21 business days per contract.

By deploying a solution connected to a European QTSP registered on the Trust List, the company reduced the signature cycle to less than 48 hours on average. Mutual recognition between Member States guarantees legal value without need for additional legalization. On a portfolio of 350 annual supplier contracts, the estimated savings in administrative and logistics costs exceed 40,000 € per year, according to ranges consistent with sectoral studies published by ACFE and APQC.

Scenario 3 — A hospital group subject to health sector requirements

A hospital group of approximately 1,200 beds must electronically sign public contracts, clinical research agreements and hospital practitioner contracts. These documents are subject to the Public Procurement Code, which requires an electronic signature compliant with the RGS (General Security Framework) at level ** or, since public procurement dematerialization, an equivalent eIDAS level.

By relying on a QTSP registered on the French Trust List, the group ensures compliance with Article R. 2132-7 of the Public Procurement Code while reducing the time to sign contracts from 15 days to less than 72 hours. API integration with the hospital information system (HIS) enabled automation of document sending and tracking, freeing approximately 0.4 FTE on contract-related administrative tasks.

Conclusion

Choosing a qualified eIDAS provider is not simply a software purchase: it is a strategic decision that affects the evidentiary value of your deeds, your organization's regulatory compliance, and the trust of your commercial and institutional partners. In 2026, with the progressive entry into force of eIDAS 2.0 and new NIS2 obligations, the level of requirement is only increasing.

Essential points to remember: systematically verify registration on the official Trust List, require a published certification policy, and adapt the signature level (QES, AES, SES) to the legal stakes of each document.

Certyneo supports you in this process by giving you access to qualified certificates via registered QTSPs, a robust integration API and dedicated legal support. Ready to move to qualified signature? Request a demo or create your account on Certyneo and bring your organization into compliance today.