Sign a SOW Electronically: eIDAS 2026 Legal Value
An unsigned electronic SOW exposes your business to costly litigation. Discover how to sign your SOWs with full legal value under eIDAS.
8 min
Regulation (EU) No 910/2014 · Updated 2026
eIDAS Regulation: everything you need to know about electronic signatures in Europe
Updated on
The eIDAS regulation is the foundational text for electronic signatures in Europe. It defines three levels of signatures (simple, advanced, qualified), establishes the legal value of electronic documents, and regulates trust service providers. This guide explains everything you need to know to be compliant by 2026.
What is eIDAS and why was it created?
Before eIDAS, each Member State of the European Union had its own regulations on electronic signatures, creating legal fragmentation that hindered cross-border exchanges. An electronic signature valid in France was not necessarily recognized in Germany or Spain.
The Regulation (EU) No 910/2014, known as eIDAS (Electronic IDentification, Authentication and trust Services), was adopted on July 23, 2014 and entered into force on July 1, 2016. As a regulation (not a directive), it applies directly and uniformly in all 27 Member States, with no national transposition required.
eIDAS pursues three main objectives: to create a single digital market in Europe through mutual recognition of electronic identities, to guarantee legal certainty for cross-border electronic transactions, and to establish a framework of trust for digital services through qualified trust service providers (QTSP — Qualified Trust Service Provider).
The 3 signature levels defined by eIDAS
eIDAS establishes a pyramid of three levels of electronic signatures, each with its own technical requirements and probative value.
Level 1 — SESThe Commission shall adopt implementing acts laying down the rules for the application of this Regulation.
Simple Electronic Signature
Available on Certyneo
eIDAS Requirements
- Data in electronic form linked to other data
- Used for signing (no specific technical requirement)
- Can be a simple click, a checked box, or a name entered
Usage Examples
- Terms & Conditions acceptance
- Online form
- Confirmation email
Legal Value
Basic contractual value, no legal presumption
Level 2 — AESThe Commission shall adopt implementing acts laying down the rules for the application of this Regulation.
Advanced Electronic Signature
Available on Certyneo
eIDAS Requirements
- Uniquely linked to the signatory
- Allows identification of the signatory
- Created with data under the exclusive control of the signatory
- Any later modification of the document is detectable
Usage Examples
- Employment Contracts
- NDAs
- Commercial Contracts
- Powers of Attorney
Legal Value
Strong evidentiary value — recommended for important contracts
Level 3 — The ESFArticle 25(2) + Annex I eIDAS
Qualified Electronic Signature
Available on Certyneo
eIDAS Requirements
- Meets all requirements of AES
- Created by a qualified signature creation device (QSCD)
- Based on a qualified certificate issued by a QTSP (EU trust list)
Usage Examples
- Digital notarized acts
- Demanding public procurement
- Regulated acts
Legal Value
Legal presumption equivalent to handwritten signature (art. 25 eIDAS)
eIDAS 2.0: What's New in 2024
The eIDAS regulation was revised by Regulation (EU) 2024/1183, published in the EU Official Journal on April 30, 2024, and entered into force on May 20, 2024. This revision modernizes the initial framework to address contemporary digital challenges: digital identity of citizens, sovereign cloud, and resilience of trust service providers.
The flagship measure of eIDAS 2.0 is the European digital identity wallet (EUDIW). By the end of 2026, each Member State must offer its citizens and residents an application allowing them to store and present certified identity credentials — the digital equivalent of an ID card, driving license, diplomas. This evolution will have a direct impact on qualified signature processes.
Digital Identity Wallet (EUDIW)
eIDAS 2.0 introduces the European Digital Identity Wallet: every European citizen will be able to store their certified identity credentials (identity card, driver's license, diplomas) in a mobile application that is interoperable across the EU.
Strengthened QTSP Requirements
Requirements for qualified trust service providers (QTSP) are strengthened, particularly regarding cybersecurity, audits, and service continuity.
New Trust Services
eIDAS 2.0 adds new qualified services: qualified electronic archiving, qualified data attribution management, and qualified electronic register (certified blockchain).
Enhanced Interoperability
Better mutual recognition of digital identities between Member States. Qualified signatures issued in any EU country are recognized everywhere.
How to Be eIDAS-Compliant in Practice?
eIDAS compliance is not limited to choosing a signature level. It requires reflection on the entire process: risk identification, tool selection, proof retention and document governance.
Here is a practical checklist for companies wishing to secure their electronic signature processes in compliance with eIDAS:
Identify the appropriate signature level for each type of document
Use a solution whose provider hosts data within the EU
Preserve the timestamped audit trail with each signed document
Ensure that the signer is identified appropriately for the chosen level
Have a documented retention policy (duration, access, destruction)
Verify that the provider has a GDPR Data Processing Agreement (DPA)
For AES: implement an OTP mechanism or strong authentication
For QES: engage a QTSP listed on a national trust list
Certyneo's eIDAS Compliance Approach
Certyneo implements the SES (Simple Electronic Signature) and AES (Advanced Electronic Signature) levels of the eIDAS regulation. Advanced signature is based on two-factor authentication: a single-use link sent by email and an OTP code sent by SMS via our OTP SMS provider. This mechanism meets the four criteria of article 26 of eIDAS for advanced signature.
Each envelope generates a comprehensive audit trail: timestamp of each action (sending, link opening, OTP validation, signature affixation, possible refusal), signer's IP address, and browser user-agent. This audit trail is embedded at the bottom of each page of the final PDF (audit footer) and preserved for 10 years.
Data is hosted in Germany (EU) (IONOS infrastructure), within the European Union, in compliance with digital sovereignty requirements and the GDPR. Please see our security and compliance page for all technical details.
Frequently Asked Questions About eIDAS
What is the eIDAS regulation?
eIDAS (Electronic Identification, Authentication and Trust Services) is the European regulation (EU) No 910/2014 that establishes a common legal framework for electronic signatures, electronic seals, time stamps, electronic registered delivery services, and website authentication services in the European Union. It entered into force on July 1, 2016, and applies directly in all 27 Member States.
What is the difference between eIDAS and eIDAS 2.0?
eIDAS 2.0 (regulation (EU) 2024/1183, which entered into force on May 20, 2024) modernizes eIDAS 1.0 by introducing notably the European digital identity wallet (EUDIW — European Digital Identity Wallet), which will allow European citizens to store certified digital identity credentials. For businesses, eIDAS 2.0 strengthens requirements for qualified trust service providers (QTSP) and improves cross-border interoperability.
Does a simple electronic signature have legal value under eIDAS?
Yes. Article 25 of eIDAS explicitly prohibits refusing legal effects to an electronic signature on the sole ground that it is in electronic form. A simple signature (SES) therefore has legal value, but it does not benefit from the legal presumption reserved for qualified signatures (QES). In case of dispute, it is for the person relying on the signature to prove its authenticity.
How do I know which eIDAS level to choose for my contracts?
The general rule is to calibrate the level to the legal and commercial risk of the document. For standard documents with low stakes (quotes, internal orders), simple signature is sufficient. For important business contracts, employment contracts, NDAs or mandates, advanced signature (AES) is recommended. Qualified signature (QES) is reserved for situations where the law explicitly requires it (certain administrative deeds, large-scale public contracts) or when the risk of contestation is maximal.
How is Certyneo compliant with eIDAS?
Certyneo implements simple signature (SES) and advanced signature (AES) in compliance with eIDAS. Advanced signature is based on dual OTP email + SMS (our SMS OTP provider) that binds the signatory to their deed. Each envelope generates a timestamped audit trail integrated into the final PDF. Data is hosted in Germany (EU), in compliance with digital sovereignty requirements.
Does eIDAS apply to companies outside the European Union?
eIDAS applies to trust services provided in the EU. A company established outside the EU wishing its signatures to be recognized in the EU must use an eIDAS-compliant solution or a recognized qualified trust service provider (QTSP) in a Member State''s trust list. For international B2B exchanges, mutual recognition agreements exist with certain third countries.
Recommended Articles
eIDAS 2: The New European Regulation Explained in 2026
The eIDAS 2 regulation reshapes the rules of digital identity in Europe for 2026. Discover what changes for businesses and how to anticipate compliance.
9 min
eIDAS Regulation: Simple and Complete Explanation
What is the eIDAS regulation, what does it change, what are its 3 signature levels, and why it concerns every European company.
7 min
Advanced Electronic Signature (AES), Simple (SES) and Qualified (QES): The 3 eIDAS Levels
Advanced electronic signature (AES), simple (SES) or qualified (QES): the eIDAS regulation defines three levels. Comparison, legal value and recommended choice according to the document.
7 min
eIDAS 2 Certification for Signature Service Providers 2026
The eIDAS 2 regulation imposes new requirements on trust service providers. Discover the complete certification pathway to remain compliant in 2026.
9 min
eIDAS 2 Digital Identity Wallet: 2026 Guide
The European EUDI Wallet transforms digital signature and authentication practices in business. Discover how to anticipate the regulatory changes of 2026.
9 min