eIDAS 1 to eIDAS 2 Transition: Impact on Signature in 2025

On May 20, 2024, Regulation (EU) 2024/1183 — commonly called eIDAS 2 — was published in the Official Journal of the European Union, progressively repealing Regulation No. 910/2014 (eIDAS 1). This text represents the most structurally significant reform of digital identity and electronic signature in Europe since 2016. For French companies using electronic signature solutions in their contractual workflows, the transition is not a mere formality: it implies technical, legal, and organizational adjustments whose timeline extends through 2026 and beyond. Understanding the transition from eIDAS 1 to eIDAS 2 and its impact on electronic signature in 2025 has thus become a priority for legal departments, CIOs, and HR directors. This article decrypts the fundamental changes in the framework, the precise transition timeline, and concrete measures to take to remain compliant.

What eIDAS 2 Regulation Fundamentally Changes

From the 2014 Regulation to the 2024 Overhaul: Why Revision Was Necessary

EIDAS 1 had laid the groundwork for mutual recognition of electronic signatures within the Union. Three hierarchical levels — simple (SES), advanced (AdES), and qualified (QES) — structured the probative value of signatures, backed by a list of trust service providers (TSL). But over ten years, two major gaps became apparent.

First, the original regulation applied essentially to relations with public administrations (G2B, G2C). It did not create direct obligations in private transactions (B2B, B2C), leaving a regulatory void that each Member State filled heterogeneously. Second, the rise of digital services — mobile applications, open banking, telemedicine — had revealed the absence of a portable and interoperable digital identity system at the continental level.

EIDAS 2 addresses these two challenges by introducing the European digital identity wallet (EU Digital Identity Wallet, EUDIW) and expanding the scope of trust services to new use cases: qualified electronic archiving, qualified attribute attestations, qualified electronic registers (including certified blockchain applications).

New Categories of Qualified Trust Services

Regulation eIDAS 2 extends the list of qualified trust services (Article 3 and revised Annex IV). In addition to signatures, seals, and qualified timestamps already recognized by eIDAS 1, the following are now qualified:

• Qualified electronic archiving services (Art. 34 bis): obligation to preserve integrity and readability of signed documents over the long term, with strengthened requirements for providers (QTSP).
• Qualified remote signature creation device management services (QRCD): strengthened framework for remote signature solutions via cloud HSM (Hardware Security Module).
• Qualified attribute attestations: mechanism allowing a trust third party to certify attributes of an entity (e.g., lawyer status, physician status) without revealing the entire identity.
• Qualified electronic registers: recognition of distributed ledgers under strict conditions of auditability and resilience.

For users of electronic signature solutions, this expansion means that the qualified trust services available on the market will diversify, and that the selection criteria for a provider (QTSP) must integrate these new capabilities.

The EUDIW: Digital Identity Wallet as Signature Infrastructure

The most visible innovation in eIDAS 2 remains the EUDIW. Each Member State must make available to its citizens and residents a free, interoperable digital identity wallet compatible with all other Member States by November 26, 2026 (deadline for national compliance according to Article 5 bis). This wallet will enable:

• authentication of the user with a high level of assurance (LoA High) without resorting to a third-party identification provider;
• electronic signing of documents with qualified value (QES) directly from the wallet;
• sharing of selective identity attributes (selective disclosure), thereby respecting the data minimization principle of the GDPR.

For companies, the EUDIW theoretically simplifies identity verification procedures prior to qualified signature, eliminating the friction of video identification or face-to-face identification. In practice, the impact will depend on the pace of national deployment — France launched in 2025 a pilot experiment within the framework of the "France Identité" program.

Precise Timeline of eIDAS 1 to eIDAS 2 Transition

Key Regulatory Milestones to Know

Regulation 2024/1183 entered into force on May 20, 2024, but its application is progressive. Here are the key milestones:

| Date | Event | |------|-------| | May 20, 2024 | Publication in OJEU, formal entry into force | | November 20, 2024 | 6-month deadline for adoption of implementing acts by the Commission (EUDIW technical specifications) | | End of 2025 | Publication of revised ETSI standards (EN 319 411-1/2, EN 319 401) integrating eIDAS 2 requirements | | May 26, 2026 | Deadline for Member States to comply with new categories of qualified services | | November 26, 2026 | Mandatory provision of EUDIW by each Member State | | 2027-2028 | Complete revision of national trust lists (TSL) and accreditation of new QTSPs |

EIDAS 1 remains valid and signatures issued under its regime retain their full legal value. There is no obligation to re-sign existing documents. However, qualified trust service providers must renew their accreditation according to new technical standards by 2027.

What Does Not Change and What to Watch

Continuity is a cardinal principle of the transition. The three levels of signature (SES, AdES, QES) are maintained with their unchanged definitions. The presumption of equivalence with a handwritten signature attached to the QES (Article 25 eIDAS 1, repeated in Article 27 eIDAS 2) remains in force. The probative value of your current electronic signatures is not called into question.

What to watch instead: implementing acts published by the European Commission throughout 2025-2026 will set precise technical specifications for the EUDIW and new service categories. These level 2 texts have considerable practical importance for integrators and software vendors. For companies using electronic signature in their HR or legal processes, it is recommended to request from your provider a roadmap for eIDAS 2 compliance.

Concrete Impact on Companies and Their Signature Solutions

Which Workflows Are Affected as a Priority?

The transition from eIDAS 1 to eIDAS 2 does not have the same impact depending on the level of signature used. For companies, three situations stand out:

Simple electronic signature (SES): used for low-value amendments, acknowledgments of receipt, internal forms. No immediate obligation to update. Probative rules remain governed by the Civil Code (art. 1366-1367) and not directly by eIDAS.

Advanced electronic signature (AdES/AdESQC): companies using B2B solutions for commercial contracts, dematerialized employment contracts, or real estate transactions must verify that their provider maintains compliance with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES), and EN 319 142 (PAdES) in their revised versions for eIDAS 2. These standards will be published by ETSI by end of 2025.

Qualified electronic signature (QES): qualified service providers (QTSP) will need to go through a new eIDAS 2 accreditation. The transitional period grants a reasonable timeline (until 2027), but tenders launched from 2025 onward should integrate an eIDAS 2 compliance clause in selection criteria. For organizations comparing available options, the comparison of electronic signature solutions allows you to assess vendor maturity on this topic.

New Requirements for Qualified Trust Service Providers (QTSP)

EIDAS 2 tightens requirements applicable to QTSPs on three major points:

1. System Security: mandatory alignment with NIS2 (Directive (EU) 2022/2555) for QTSPs, now classified as essential entities. This translates into obligations to notify incidents within 24 hours, annual security audits, and implementation of business continuity plans.

1. Strengthened Liability: Article 13 eIDAS 2 expands the liability regime for QTSPs. In case of proven breach, the burden of proof is reversed: the provider must demonstrate that it was not negligent, rather than the other way around.

1. Mandatory Interoperability: QTSPs must expose standardized APIs compatible with EUDIW to enable native integration of identity wallets. This requirement will accelerate the modernization of integration interfaces available to developers.

For companies considering changing providers in this context, migrating from DocuSign or YouSign to an eIDAS 2-compliant solution is an approach that should be anticipated now rather than urgently in 2027.

Personal Data and eIDAS 2: Articulation with GDPR

The EUDIW collects and processes personal identity data. Regulation eIDAS 2 explicitly provides (recital 11 and Article 5 bis §14) that the entire system must comply with the GDPR (Regulation (EU) 2016/679). Several points of attention:

• Selective disclosure: the wallet must allow the user to share only the attributes strictly necessary for the transaction (minimization principle, Art. 5(1)(c) GDPR). For contract signature, only verification of majority could be shared without revealing the complete date of birth.
• Transfers outside the EU: personal data processed in the context of the EUDIW can only be transferred outside the EEA with appropriate safeguards (Art. 46 GDPR). Providers using U.S. cloud infrastructure must document their compliance.
• Conservation of signature logs: archiving of signature evidence must respect the retention period proportionate to the nature of the document. The new qualified archiving service in eIDAS 2 provides a technical framework to meet this requirement.

Companies managing international employment contracts are particularly affected by this GDPR/eIDAS 2 articulation, especially when signatories reside outside the EU.

Legal Framework Applicable to eIDAS 1 to eIDAS 2 Transition

Reference Texts

The transition rests on a stack of texts that it is essential to master:

At European level:

• Regulation (EU) No. 910/2014 (eIDAS 1): still in force until its progressive repeal by eIDAS 2. Defines the three levels of signature (SES, AdES, QES) and the regime of QTSPs.
• Regulation (EU) 2024/1183 (eIDAS 2): entered into force on May 20, 2024. Substantially amends eIDAS 1 without immediately repealing it. Provisions relating to EUDIW apply upon publication of implementing acts.
• Regulation (EU) 2016/679 (GDPR): applies in full to the processing of identity data in the context of EUDIW and signature processes. Article 5 bis §14 of eIDAS 2 explicitly recalls this subordination.
• Directive (EU) 2022/2555 (NIS2): imposes strengthened cybersecurity obligations on QTSPs, now classified as essential entities. Transposed into French law by Ordinance No. 2024-821 of June 20, 2024 (decree implementation in progress).

At French level:

• Civil Code, Articles 1366 and 1367: foundation of the probative value of writings in electronic form. Article 1366 establishes equivalence between electronic and paper writing under conditions. Article 1367 grants qualified signature (QES) the same probative force as a handwritten signature.
• Decree No. 2017-1416 of September 28, 2017: specifies the conditions for using electronic signature in acts under private seal. Remains applicable during the transition period.
• General Security Reference (RGS) v2: for French administrations, RGS requires the use of solutions referenced by ANSSI. Its update to incorporate eIDAS 2 is expected during 2026.

Applicable ETSI Technical Standards

ETSI standards constitute level 3 of the normative hierarchy. Current applicable versions:

• EN 319 132-1/2: XAdES format (advanced XML signatures)
• EN 319 122-1/2: CAdES format (advanced CMS signatures)
• EN 319 142-1/2: PAdES format (advanced PDF signatures)
• EN 319 401: general requirements for trust service providers
• EN 319 411-1/2: requirements for CAs issuing qualified certificates

These standards will be revised by end of 2025 to incorporate new eIDAS 2 requirements. Contracts with QTSPs must include a clause for updating to revised versions at no additional cost.

Legal Risks of Non-Compliance

A signature issued by a provider that would no longer be accredited after 2027 would not automatically lose its legal value for already-signed documents, but it would no longer benefit from the legal presumption of equivalence with a handwritten signature (Art. 25 eIDAS). The burden of proving the integrity and identity of the signer would then rest entirely on the company in case of dispute. This probative risk is particularly sensitive for acts with long prescription periods (5 years in commercial matters, 30 years for real estate property rights).

Usage Scenarios: How Organizations Anticipate eIDAS 2 Transition

Scenario 1: A 25-Person Law Firm Streamlines Its Documentary Compliance

A law firm specializing in business law, with approximately 25 employees and intensive signature activity on mandates, assignment acts, and settlement agreements, had used an advanced signature solution (AdES) for the entirety of its flows until 2024. Upon announcement of eIDAS 2, the firm conducted an audit of its 1,200 annually signed documents to identify those requiring QES under new bar association recommendations.

Result: 15% of acts (approximately 180 per year) were reclassified to qualified signature, which secured the probative regime of these documents. The firm negotiated with its signature editor a clause guaranteeing eIDAS 2 compliance upon publication of implementing acts, at no additional cost. Administrative time spent on signatory identity verification decreased by 40% thanks to anticipation of planned EUDIW integration for 2026.

Scenario 2: A 150-Employee Industrial SME Secures Its Supplier Contractual Chain

An industrial SME managing approximately 350 supplier contracts per year — purchase orders, NDAs, framework contracts — operated with two distinct signature solutions for its internal and external flows, creating fragmentation of audit evidence. In the context of the eIDAS 2 transition and new qualified archiving requirements, the IT department decided to unify its platform.

By migrating to a single solution incorporating qualified electronic archiving (future eIDAS 2 category), the SME reduced secure storage costs by 30% and consolidated signature evidence in a compliant digital safe. The entire documentary chain is now auditable in less than 2 minutes during supplier reviews — an increasingly common requirement from their ordering parties in the automotive industry.

Scenario 3: A Hospital Group with Approximately 600 Beds Prepares EUDIW Integration

A public hospital group used qualified electronic signature for its medical contracts and public procurement markets, in compliance with public procurement code obligations. With eIDAS 2, the IT department identified two priority challenges: future integration of the "France Identité" wallet for independent physicians intervening in the establishment, and NIS2 compliance of its QTSP.

The hospital group included in its 2025-2028 digital strategic roadmap a specific lot "eIDAS 2 compliance," with a provisional budget of 45,000 € for technical migration and staff training. The objective is to be capable of accepting signatures via EUDIW from national deployment planned for November 2026, thereby reducing contractualization delays with independent healthcare professionals from 3 days to less than 4 hours on average according to available sectoral benchmarks.

Conclusion

The transition from eIDAS 1 to eIDAS 2 is not a break but a structured evolution, with a precise timeline extending through 2027. The impacts on electronic signature are real — extension of qualified services, arrival of EUDIW, tightening of NIS2 requirements for QTSPs — but manageable as long as they are anticipated. Companies that act now benefit from a margin of maneuver to audit their workflows, secure their contracts with their providers, and train their teams without regulatory urgency pressure.

Certyneo supports companies in this transition with a clear eIDAS 2 compliance roadmap, signature formats kept up to date, and an architecture ready for EUDIW integration. Ready to secure your signature flows within this new regulatory framework? Discover our offerings and start for free on Certyneo.