eIDAS 2: The New European Regulation Explained for 2026

Introduction: Why eIDAS 2 Changes Everything for European Businesses

Coming into force on May 20, 2024 after lengthy legislative negotiations, the eIDAS 2 regulation — officially named Regulation (EU) 2024/1183 — represents the most ambitious reform ever undertaken in the field of electronic identification and trust services in Europe. It repeals and partially replaces the original eIDAS regulation of 2014 (No. 910/2014), while maintaining backward compatibility with the existing infrastructure. For businesses that rely on eIDAS-compliant electronic signatures, this overhaul introduces new obligations, unprecedented opportunities and a tight compliance timeline through 2026 and beyond. This article thoroughly decrypts the key provisions of the text, their operational implications and how your organization can prepare for them.

---

What eIDAS 2 Regulation Fundamentally Changes

From the 2014 regulation to the 2024 version: a structural overhaul

The original 2014 eIDAS regulation had laid the groundwork for mutual recognition of electronic identification schemes between Member States and established a unified legal framework for trust services (signature, seal, timestamp, etc.). But ten years later, the limitations were glaring: low adoption rates of notified eIDs, fragmentation of national solutions, absence of a universal digital wallet for citizens, and above all inadequacy to web usage (GAFAMs excluded from the trust framework).

eIDAS 2 corrects these gaps on three major axes:

1. The European digital identity wallet (EUDI Wallet) — each Member State must provide, no later than November 2026, a digital wallet application allowing any European citizen or resident to securely store and present their identity attributes (identity card, driver's license, diplomas, etc.).
2. The expansion of qualified trust services — the text adds new qualified services: qualified electronic archiving service management (QESAP), qualified identity attribute reports (QEAA), qualified electronic ledgers (QLED) and management of remote signature creation devices (QRCD).
3. The obligation for large platforms — large online service providers (social networks, marketplaces) must accept the EUDI wallet for user authentication.

The EUDI Wallet: architecture and operation

The EUDI Wallet is at the heart of eIDAS 2. Concretely, it is a software application — delivered or certified by each Member State — based on a decentralized model of selective attribute presentation. The user only transmits data strictly necessary for the transaction (minimization principle, compliant with GDPR).

From a technical perspective, the architecture is based on the specifications of the Architecture Reference Framework (ARF), published by the European Commission and regularly updated by the Large Scale Pilot (LSP) which brings together four pilot consortiums (DC4EU, EWC, POTENTIAL, NOBID). The data formats selected are primarily ISO/IEC 18013-5 (mDL/mDocs) and W3C Verifiable Credentials, ensuring cross-border interoperability.

For businesses, this means they will be able to verify the identity of their customers or partners through the wallet without managing the collection of supporting documents themselves — significantly reducing KYC (Know Your Customer) friction and documentary fraud risks.

---

Assurance Levels and Signature Hierarchy: What's Changing

Maintenance of the QES / AdES / SES hierarchy

The electronic signature regime remains structured around three levels defined in Article 3 of eIDAS 2 (replicating the 2014 terminology but clarifying technical requirements):

• Simple electronic signature (SES): minimal evidential value, suitable for routine acts.
• Advanced electronic signature (AdES): exclusive link to the signer, ability to detect any subsequent modification.
• Qualified electronic signature (QES): legal equivalent of a handwritten signature throughout the EU (Article 25§2), issued via a qualified signature creation device (QSCD) based on a qualified certificate.

The novelty lies in how QES can now be delivered via qualified remote signature services (QRCD), whose accreditation conditions are set out in Articles 29a and 29b of the revised text. This opens the door to 100% digital flows for the most demanding acts — notarized contracts, electronic authentic acts — without requiring a physical smart card.

The impact on qualified trust service providers (QTSP)

Providers such as Certyneo, which operate by relying on certified QTSPs, must anticipate the new audit requirements introduced by eIDAS 2. Article 24 now imposes enhanced controls on the sub-contracting chain, and security incident notification requirements are explicitly aligned with those of the NIS2 Directive (24-hour reporting deadline). To deepen the understanding of how different signature levels work in a B2B context, consult our comprehensive guide to electronic signatures in business.

---

Deployment Timeline and Business Obligations in 2025-2026

Key deployment milestones

Regulation (EU) 2024/1183 was published in the EU Official Journal on April 30, 2024 and came into force on May 20, 2024. The implementing and delegated acts — essential for clarifying technical requirements — are being published progressively:

| Deadline | Obligation | |---|---| | May 2024 | Entry into force of the regulation | | End 2024 | Publication of implementing acts on ARF v2.0 | | Mid-2025 | Certification of first pilot EUDI Wallets | | November 2026 | Mandatory availability of an EUDI Wallet in each Member State | | 2027 | Mandatory acceptance by major online platforms |

What B2B Businesses Must Do Now

For businesses using electronic signature solutions, three priorities emerge in 2025-2026:

1. Audit their trust chain: verify that their signature provider is on the Trusted List (QTSP) of their Member State, and that the certificates used comply with the revised ETSI EN 319 401 and EN 319 411-1 specifications.

2. Anticipate EUDI Wallet integration: businesses operating in regulated sectors (banking, insurance, healthcare, real estate) will be among the first affected by identity verification flows via wallet. Preparing integration APIs as of 2025 is recommended.

3. Revise their retention policies: the new qualified electronic archiving service (QESAP) introduces long-term preservation standards that may become mandatory in certain sectors (public procurement, pharmaceutical sector). Our ROI calculator for electronic signatures lets you assess the financial impact of upgrading your document infrastructure.

---

Interoperability, GDPR and Digital Sovereignty Issues

eIDAS 2 and GDPR: strengthened complementarity

One of the major advances of eIDAS 2 is the explicit integration of data protection principles from the outset (privacy by design) in the architecture of the EUDI wallet. Article 5a§14 provides that the wallet does not allow providers to track user behavior during transactions. Qualified identity attribute issuers (QEAA) are not informed of how the issued attestations are used — which represents a major departure from current centralized models.

This architecture is described as unlinkability (non-correlatability): two separate transactions carried out by the same user cannot be linked without their consent. This guarantee exceeds the minimum GDPR requirements while articulating perfectly with them.

The geopolitical dimension: regaining control over online identity

eIDAS 2 also addresses a sovereignty issue. Today, online authentication relies heavily on "Sign in with Google/Facebook/Apple" buttons, which gives American tech giants a dominant position in managing digital identities for Europeans. By requiring very large platforms (as defined by the Digital Services Act) to accept the EUDI Wallet as an authentication method, eIDAS 2 creates an interoperable and sovereign alternative.

For B2B businesses, this also means that eIDAS 2 compliance can become a supplier selection criterion in public and private calls for proposals — similar to what ISO 27001 certification represents today in procurement processes. If your organization is considering evolving its current solution, our migration guide from DocuSign or YouSign to Certyneo details the steps of a controlled transition.

Legal Framework Applicable to eIDAS 2 and Electronic Signatures

Reference texts

Regulation (EU) 2024/1183 of the European Parliament and of the Council of April 11, 2024, amending Regulation (EU) No. 910/2014 on the establishment of the European framework for digital identity (eIDAS 2). Published in the OJEU on April 30, 2024, came into force on May 20, 2024.

Regulation (EU) No. 910/2014 (eIDAS 1): maintained in force for its unchanged provisions, in particular the articles relating to "low", "substantial" and "high" levels of assurance for notified identification schemes.

French Civil Code, articles 1366 and 1367: electronic writing has the same probative force as paper writing provided that the person from whom it emanates is duly identified and that the document is drawn up under conditions guaranteeing its integrity. The qualified electronic signature (QES) as understood in eIDAS 2 satisfies these requirements as of right.

Regulation (EU) 2016/679 (GDPR): the processing of identity data under the EUDI wallet framework is subject to the principles of minimization (art. 5§1c), purpose limitation (art. 5§1b) and data protection by design (art. 25). Qualified providers act as separate data controllers for verification operations.

Directive (EU) 2022/2555 (NIS2): transposed into French law by ordinance No. 2024-528 of June 12, 2024, it imposes on qualified trust service providers obligations to manage cyber risks and notify incidents within 24 hours.

ETSI Standards:

• EN 319 132 (XAdES) and EN 319 122 (CAdES): advanced electronic signature formats.
• EN 319 401: general requirements for trust service providers.
• EN 319 411-1 and 411-2: policy and security requirements for CAs issuing qualified certificates.
• EN 319 521: requirements for qualified signature preservation services (QESAP).

Legal obligations and risks for businesses

Any business using electronic signatures in a contractual context must ensure that the chosen signature level is appropriate to the value and nature of the act. For acts subject to a legal signature requirement (offers to sell, employment contracts, purchase orders exceeding certain thresholds), only QES or AdES based on a qualified certificate provides the presumption of reliability referred to in Article 26 of eIDAS 2.

In the event of dispute, the burden of proof is reversed: if the signature is qualified, it is up to the party contesting the document to prove its alteration; if it is simple or advanced without a qualified certificate, the burden of proof rests with the signer who invokes it. Failure to comply with traceability and integrity requirements may result in the annulment of the act or the unavailability of the signature to a third party.

Use Cases: eIDAS 2 Applied to B2B Businesses

Scenario 1 — A digital transformation consulting firm (approximately 80 consultants)

A consulting structure deploying its employees with clients in several Member States (France, Germany, Netherlands) must have each month orders for services, contract amendments and acceptance minutes signed. Before eIDAS 2, managing cross-border identities generated friction: some German clients refused to recognize certificates issued by a French QTSP, dual email authentication insufficient for sensitive acts.

With the deployment of the EUDI Wallet in 2026, consultants will be able to sign from their national wallet — recognized outright in all Member States — without any friction. The firm estimates a reduction of 60 to 70% of the time spent on exchanging document verification prior to signature, approximately 3 to 4 hours saved per consultant per month according to sector benchmarks published by McKinsey Digital (2024).

Scenario 2 — An SME managing 350 supplier contracts per year

An SME in the industrial equipment sector, working with about one hundred European and Asian suppliers, must contractualize purchase orders, confidentiality agreements (NDAs) and framework contracts. So far, 30% of these documents came back unsigned or with delays exceeding 10 working days.

By adopting an electronic signature solution compliant with eIDAS 2 with identity verification via qualified attributes (QEAA), the SME can enforce a signature flow where the identity of the supplier's legal representative is automatically verified via the EUDI wallet, without manual entry. Expected result: reduction of average signature time from 10 days to less than 48 hours, and 40% reduction in disputes related to non-compliant signatures, based on ranges observed in ELENIUS 2025 reports on B2B dematerialization.

Scenario 3 — A real estate group managing purchase agreements in several countries

A network of real estate agencies operating in France, Spain and Portugal must regularly have preliminary contracts signed between sellers and buyers of different nationalities. QES is required in certain contexts to guarantee equivalence with a handwritten signature before a notary.

Thanks to eIDAS 2 and the interoperability of EUDI wallets, a Portuguese buyer can sign a preliminary contract subject to French law using their national wallet, with a "high" level of assurance automatically recognized by the signature platform. The group reduces its travel and legalization fees by approximately 800 to 1,200 euros per cross-border file, while reducing the time to conclude preliminary agreements from 3 weeks to 5 days on average. For sector-specific uses, our dedicated page on electronic signatures in real estate details adapted workflows.

Conclusion

eIDAS 2 is not just a simple regulatory update: it is a profound overhaul of how digital identity and electronic trust work in Europe. The EUDI Wallet, new qualified services, the obligation for interoperability and alignment with NIS2 and GDPR form a coherent ecosystem that will transform the contractual and authentication processes of businesses by the end of 2026.

To remain compliant and competitive, B2B organizations must act now: audit their trust chain, choose a provider aligned with the new requirements and prepare their document flows for integration with the European digital wallet.

Certyneo supports you in this transition with eIDAS 2-compliant qualified electronic signature solutions, ready for 2026. Request a demo or create your account on Certyneo to secure your contracts today.