eIDAS 2 Calendar: EU Deployment 2026-2027

Introduction: Why the eIDAS 2 Calendar is Crucial for Your Organization

Since the entry into force of Regulation (EU) 2024/1183 — commonly called eIDAS 2 — the European framework for digital identity and electronic signature has undergone its most profound transformation since 2014. While the revised text is formally adopted, its operational deployment, spread between 2024 and 2027, now concentrates the attention of CIOs, legal teams and compliance managers. Understanding the official deployment calendar of eIDAS 2 throughout the European Union allows you to anticipate obligations, secure your contractual processes and avoid any compliance gaps. This article decrypts the key steps, expected implementing acts and concrete impacts for French and European companies.

---

1. Reminder: What is eIDAS 2 and Why This Revision?

1.1 The Limitations of eIDAS 1 (2014)

The original eIDAS regulation (No. 910/2014) laid the foundations for digital trust in Europe: mutual recognition of electronic signatures, creation of qualified (QES), simple (SES) and advanced (AdES) levels, and accreditation of Trust Service Providers (TSP). However, ten years of application have highlighted several major gaps:

• National fragmentation: less than 19% of European citizens used a cross-border electronic identification scheme in 2022 according to the European Commission.
• Absence of digital identity wallet: eIDAS 1 did not provide for a universal instrument allowing each citizen or business to prove their identity online in all Member States.
• Partial coverage: qualified electronic archiving services or attribute attestations were not harmonized.

1.2 The Structural Contributions of eIDAS 2

Adopted on April 11, 2024 and published in the Official Journal of the EU on April 30, 2024, Regulation (EU) 2024/1183 introduces notably:

• The European Digital Identity Wallet (EUDI Wallet): digital identity wallet that each Member State must provide to its citizens.
• New qualified trust services: qualified electronic attribute attestations, qualified electronic archiving, remote signature creation device management.
• Extension of scope: large online platforms (within the meaning of DSA regulation) will have to accept the EUDI Wallet for user authentication.
• Strengthened governance: creation of a stricter compliance certification framework for TSPs.

To deepen your understanding of the regulation's foundations, our comprehensive guide to eIDAS 2.0 details all regulatory changes.

---

2. The Official eIDAS 2 Deployment Calendar: Steps and Key Dates 2024-2027

Regulation eIDAS 2 structures its entry into application around a multi-stage mechanism: entry into force, implementing acts of the Commission, national transposition and effective deployment of tools. Here is the official roadmap.

2.1 Phase 1 — Entry into Force and Delegated Acts (May 2024 – End 2025)

| Date | Step | |---|---| | 30 April 2024 | Publication of Regulation (EU) 2024/1183 in the OJEU | | 20 May 2024 | Official entry into force (D+20 after publication) | | Q3-Q4 2024 | Launch of working groups on implementing acts (eIDAS 2 Toolbox) | | End 2024 | Publication of first technical specifications for EUDI Wallet (ARF — Architecture Reference Framework v1.4) | | Q1-Q2 2025 | Commission implementing acts on technical specifications of wallets (12-month deadline provided by Article 5a) | | Q3 2025 | Implementing acts relating to new qualified trust services |

The European Commission published in January 2025 the first batch of implementing acts on common technical specifications for the EUDI Wallet. These texts constitute the mandatory technical basis for Member States.

2.2 Phase 2 — Deployment of Pilot Projects and National Transpositions (2025-2026)

As part of the Large Scale Pilots (LSP) program, four consortiums have tested the EUDI Wallet since 2023 on more than 360 use cases across 25 Member States:

• EU Digital Identity Wallet Consortium (EUDIW) — 140+ entities
• NOBID — focused on digital payments
• POTENTIAL — identity and attributes
• DC4EU — diplomas and professional qualifications

The results of these pilots directly feed the implementing acts. On the national level, Member States have 24 months from the date of application of the implementing acts to deploy their national wallet. In practice, this means that the vast majority of national deployments are expected between mid-2026 and end-2026.

| Period | Expected Actions | |---|---| | Q1-Q2 2026 | Final adoption of remaining implementing acts (qualified archiving, attribute attestations) | | Q2 2026 | First production versions of EUDI Wallets in pioneering States (Germany, Netherlands, Spain) | | Q3-Q4 2026 | Progressive deployment across the 27 Member States — opening to professional users | | End 2026 | Obligations to accept EUDI Wallet for online public services (art. 5b) |

France, via the National Cybersecurity Agency (ANSSI) and the Interministerial Digital Directorate (DINUM), has engaged its adaptation work in 2025. The French wallet project is based on France Identité as a technical foundation.

2.3 Phase 3 — Acceptance Obligations for the Private Sector (2027)

This is the most impactful step for businesses. Article 5b of eIDAS 2 imposes that certain private sector providers accept the EUDI Wallet for online identification in the following areas:

• Banking and financial services (account opening, KYC)
• Mobility (transport, vehicle rental)
• Energy (consumer contracts)
• Very large online platforms (within the meaning of DSA, > 45 million monthly users in the EU)
• Telecommunications

The mandatory acceptance deadline is set at 12 months after the wallet is made available in each Member State, which places the actual deadline for most sectors in the first half of 2027.

For companies that already use eIDAS-compliant electronic signature solutions, the challenge is to ensure the compatibility of their document flows with the new identity attributes from digital wallets.

---

3. Impact on Trust Service Providers (TSP) and SaaS Editors

3.1 New Obligations for Qualified TSPs

Qualified Trust Service Providers (QTSP) must update their certification practices to integrate the new categories of services introduced by eIDAS 2:

• Qualified electronic attribute attestations: digital driving license, diplomas, professional qualifications
• Qualified electronic archiving: service guaranteeing integrity over time of signed documents
• Remote Signature Creation Device (RQSCD) management: clarification of the framework for cloud solutions

QTSPs have up to 18 months after the publication of revised ETSI standards (expected Q2-Q3 2026) to comply with the new technical requirements, positioning the first effective re-certifications in 2027.

3.2 What This Means for User Businesses

If your organization uses a SaaS electronic signature provider — whether a certified QES solution or an advanced signature tool — several compliance questions arise right now:

1. Is your provider in the process of updating its certification to integrate eIDAS 2 requirements?
2. Are your signature workflows ready to receive identities from EUDI Wallets?
3. Does your archiving policy meet future qualified electronic archiving requirements?

Our analyses of the comparison of electronic signature solutions now integrate the eIDAS 2 roadmap criterion as a key differentiating factor.

3.3 Reference Technical Standards

The ETSI (European Telecommunications Standards Institute) is responsible for producing harmonized standards on which eIDAS 2 is based. The work program 2025-2027 covers notably:

• ETSI EN 319 411-1 and -2 (revised): policies and requirements for TSPs issuing certificates
• ETSI EN 319 132-1 (XAdES) and EN 319 122-1 (CAdES): advanced and qualified signature formats
• ETSI TS 119 500: trust framework for qualified electronic archiving services
• ISO/IEC 18013-5: mobile Driving Licence (mDL) attribute presentation protocol, adopted as the technical basis of EUDI Wallet

---

4. eIDAS 2 Calendar in France: Progress and Specific Obligations

4.1 The Role of ANSSI in National Governance

In France, ANSSI is the supervisory authority for Trust Service Providers under eIDAS. In the context of eIDAS 2, it leads:

• The adaptation of the General Security Reference (RGS) to integrate new qualified services
• Participation in the work of the eIDAS cooperation group (Article 46e of the regulation)
• Supervision of compliance audits of French QTSPs

ANSSI published in March 2025 a national roadmap specifying the steps for adapting the French framework to eIDAS 2, with a checkpoint scheduled for September 2026.

4.2 Obligations for Large French Businesses

French businesses exceeding DSA thresholds or operating in sectors targeted by Article 5b must engage in impact analysis right now. Recommended steps are:

1. Mapping of identification flows: identify processes where digital identity is required (KYC, contract signing, client portal access)
2. Evaluation of current providers: verify their eIDAS 2 compliance roadmap
3. Plan to update T&Cs and signature policies: anticipate integration of identity attributes from EUDI Wallets
4. Training for legal and IT teams: the technical and legal framework is evolving significantly

For companies managing significant contractual volumes, electronic signature tools in the enterprise must be evaluated for their ability to evolve toward eIDAS 2 without service disruption.

4.3 Alignment with Other European Regulations

The deployment of eIDAS 2 does not occur in isolation. It closely articulates with:

• GDPR (2016/679): identity attributes contained in EUDI Wallets constitute personal data subject to principles of minimization and purpose
• NIS 2 Directive (2022/2555): TSPs are essential entities under NIS 2 and must satisfy enhanced cybersecurity requirements
• DORA Regulation (2022/2554): financial institutions using trust services for their digital operations must integrate these dependencies in their ICT risk mapping
• Data Regulation (Data Act, 2023/2854): interoperability of identity data between sectors

Companies that have already engaged in NIS 2 compliance will find significant synergies with eIDAS 2 compliance, particularly on risk management and business continuity aspects.

---

5. Preparing Your Organization Now: The 2026 Checklist

5.1 For Legal and Compliance Teams

• [ ] Read Regulation (EU) 2024/1183 in its consolidated version and identify articles applicable to your sector
• [ ] Map contracts and processes requiring updates (signature clauses, retention policy)
• [ ] Verify the cross-border legal validity of your current electronic signatures in the eIDAS 2 context
• [ ] Anticipate integration of qualified attribute attestations (e.g., professional qualification verification for notarial or medical acts)

5.2 For IT Departments

• [ ] Assess compatibility of your technical stack with EUDI Wallet protocols (OpenID4VP, ISO 18013-5)
• [ ] Identify APIs to update with your electronic signature editors
• [ ] Schedule integration tests with pilot wallets available in 2026
• [ ] Set up monitoring of Commission implementing acts (notifications in the Official Journal of the EU)

5.3 For Business Teams

The expected gains from well-anticipated compliance are concrete: reduced friction in signature workflows through pre-verified identity from EUDI Wallet, accelerated KYC processes, and reduced identity verification costs. To assess the ROI of your transition, our electronic signature ROI calculator integrates parameters specific to eIDAS 2 compliance.

Finally, organizations considering migration from other solutions to a platform natively prepared for eIDAS 2 can consult our migration guide from DocuSign or YouSign to Certyneo, which details the technical and contractual steps of a seamless transition.

Legal Framework Applicable to eIDAS 2 Deployment

Founding Texts and Hierarchy of Standards

The deployment of eIDAS 2 is part of a stratified legal corpus whose mastery is essential for any organization subject to compliance obligations.

Regulation (EU) 2024/1183 of the European Parliament and of the Council — called "eIDAS 2" — constitutes the reference standard. It repeals and replaces Regulation (EU) No. 910/2014 (eIDAS 1) on the points it revises, while maintaining the validity of existing certifications during the transition periods provided in Articles 51 and following. Published in the Official Journal of the EU, Series L on April 30, 2024, it entered into force on May 20, 2024.

The French Civil Code, Articles 1366 and 1367, affirm the recognition of electronic signature as equivalent to handwritten signature when it satisfies conditions of signer identification and document integrity. These provisions are interpreted in light of European eIDAS law, which takes precedence under the principle of primacy of Union law.

Regulation (EU) 2016/679 (GDPR) applies in full to processing of personal data carried out under EUDI Wallet and trust services. Identity attributes (biographical data, qualifications, licenses) constitute personal data within the meaning of Article 4(1) of GDPR. The minimization principle (Art. 5(1)(c)) is particularly relevant: providers must only collect attributes strictly necessary for the transaction's purpose.

Directive (EU) 2022/2555 (NIS 2), transposed into French law by Law No. 2024-449 of May 21, 2024, classifies qualified trust service providers among essential entities subject to enhanced obligations for cyber risk management, incident notification and supply chain security.

ETSI standards constitute the harmonized technical reference for eIDAS 2:

• ETSI EN 319 401: general requirements for TSPs
• ETSI EN 319 411-1/-2: policies for TSPs issuing qualified certificates
• ETSI EN 319 132-1: XAdES format (advanced XML signatures)
• ETSI EN 319 122-1: CAdES format (advanced CMS signatures)
• ETSI EN 319 162-1: ASiC format (signature containers)

Legal Risks in Case of Non-Compliance

Non-compliance with eIDAS 2 obligations exposes organizations to several risks:

1. Enforceability of signatures: an electronic signature executed via a non-compliant TSP may lose the legal presumption of validity, calling into question the probative value of signed contracts.
2. Administrative sanctions: national supervisory authorities (ANSSI in France) can impose corrective measures, compliance orders, or even withdrawal of accreditation for TSPs.
3. Contractual liability: companies using non-compliant tools may see their liability engaged toward clients and partners if a dispute concerns the validity of an electronically signed act.
4. Cumulative GDPR: non-compliant management of EUDI Wallet identity attributes can simultaneously expose to CNIL sanctions (up to 4% of annual global turnover).

Concrete Use Cases Facing the eIDAS 2 Calendar

Scenario 1 — An Intermediate Law Firm Managing Cross-Border Acts

A corporate law firm with fifteen lawyers regularly handling M&A operations involving counterparties in several EU Member States (Belgium, Netherlands, Spain) currently uses a qualified electronic signature solution for share purchase agreements and confidentiality protocols. With the eIDAS 2 deployment calendar, the firm anticipates two major changes by end-2026:

• Simplified identity verification: foreign counterparties will be able to present their identity attributes via their national EUDI Wallet, eliminating passport copy exchanges and redundant KYC procedures. According to estimates from Commission reports on LSPs, the time savings on the identity verification phase are estimated between 40% and 60% depending on the jurisdictions involved.
• Strengthened evidentiary value: acts signed with identities certified by qualified EUDI Wallets will benefit from an even stronger legal presumption, reducing the risk of judicial challenge in cross-border disputes.

The firm plans to migrate to a SaaS platform with a documented eIDAS 2 roadmap before Q3 2026, roughly six months before the first acceptance obligations.

Scenario 2 — An Industrial SME Managing High Volume of Supplier Contracts

An industrial equipment SME managing approximately 250 supplier contracts per year, of which 30% with non-French European partners, faces growing identity verification constraints when onboarding new suppliers. The current process — Kbis request, ID copy, manual verification — mobilizes on average 2.5 hours per file according to industry benchmarks from buyer federations.

With EUDI Wallet integration into its signature workflow by 2027, the SME projects:

• A 55 to 70% reduction in time spent on identity verification thanks to qualified attribute attestations (registration number, legal representation)
• An 80% decrease in document follow-ups with foreign suppliers
• Enhanced security against document fraud, as attributes are cryptographically verifiable

The SME has identified the need to update its general purchasing terms to integrate reference to eIDAS 2 attestations, in coordination with its legal counsel.

Scenario 3 — A Hospital Group Anticipating Compliance for Digital Medical Acts

A hospital group of approximately 900 beds across three sites must manage electronic signature of sensitive medical documents: informed consents, prescriptions, surgical reports and contracts with care providers. French regulations require qualified signature for certain medical acts with strong legal scope.

In the context of the eIDAS 2 calendar, the group anticipates the arrival of qualified attribute attestations for healthcare professional qualifications (RPPS number, specialty, practice establishment), which will allow:

• Automated verification of signer qualification (doctor, surgeon, pharmacist) without manual verification in professional directories
• Reduced risk of signature attribution error during replacements and on-call periods
• Facilitated portability of digital medical files between facilities, within the framework of the European Health Data Space (EHDS)

The group estimates that integrating EUDI Wallet flows into its Hospital Information System (HIS) represents a 12 to 18-month project, justifying the launch of technical studies in Q3 2026 for production deployment before sectoral acceptance obligations.

Conclusion

The eIDAS 2 deployment calendar in the European Union is now clearly marked: implementing acts finalized in 2026, EUDI Wallet national deployments between mid-2026 and end-2026, and private sector acceptance obligations starting in the first half of 2027. This roadmap leaves a concrete window of action for French and European companies, provided they engage now in compliance analysis, provider evaluation and update of contractual processes.

Waiting until 2027 to become compliant risks a rushed transition, with the costs and legal risks that implies. Certyneo, designed natively for eIDAS requirements and with active roadmap toward eIDAS 2, accompanies you from today in this transition. Get started free on Certyneo and secure your document flows in compliance with the European digital trust framework.