Qualified eIDAS Service Providers: The Official 2026 List

Why is the "qualified" eIDAS status decisive for your business?

Since the entry into force of the eIDAS Regulation (No. 910/2014), the European electronic signature market has been fundamentally restructured around a three-level hierarchy: simple electronic signature (SES), advanced electronic signature (AES), and qualified electronic signature (QES). The latter is the only one to benefit from a legal presumption of equivalence with handwritten signature in all Member States of the European Union.

For a company to be able to offer qualified signatures, it must necessarily have been audited and registered on the Trust List of its Member State. In France, it is the National Agency for Information Systems Security (ANSSI) that maintains this official register, republished in turn in the centralized European list managed by the European Commission.

Understanding this architecture is fundamental before signing any sensitive commercial contract. For more information on the regulatory foundations, our comprehensive guide to eIDAS 2.0 regulation details all the obligations and changes introduced by the revised eIDAS 2.0 Regulation (EU Regulation 2024/1183).

---

How are qualified trust service providers certified?

The path to the status of Qualified Trust Service Provider (QTSP) is demanding. It involves an audit conducted by an accredited Conformity Assessment Body (CAB), according to ETSI EN 319 401 (general requirements) and ETSI EN 319 411-2 standards for qualified certificates.

ANSSI qualification steps

1. Submission of the qualification file: the service provider submits its technical, security and organizational documentation to ANSSI.
2. Audit by an accredited CAB: a third-party organization — such as Bureau Veritas, LSTI or Apave Certification — verifies compliance on-site and on documents.
3. Qualification decision: ANSSI pronounces the qualification and registers the service provider on the French trust list (TL-FR).
4. Periodic renewal: the qualification is re-evaluated, generally every two years, to ensure the maintenance of requirements.

What does the audit actually verify?

The auditor examines in particular:

• The physical security of data centers hosting cryptographic keys (HSM modules certified CC EAL 4+ or FIPS 140-2 Level 3 minimum);
• The certification policies (CP) and certification practice statements (CPS) published by the service provider;
• Procedures for identity verification of signatories (face-to-face or remote identity verification compliant with EN 419 241-1 standard);
• Revocation management and availability of OCSP/CRL services.

These criteria explain why only a handful of players achieve and maintain this level of certification in France.

---

Qualified eIDAS service providers registered in France in 2026

The official list of qualified service providers is available at any time on the official European Commission portal (eidas.ec.europa.eu/efts), by filtering on "France" and the "QCertESig" (Qualified Certificate for Electronic Signature) service. Here are the actors that were registered in the register at the time of writing this article (June 2026):

French actors registered on the Trust List

| Service Provider | Type of qualified service | Particularity | |---|---|---| | Certigna (Dhimyotis) | Qualified certificates, qualified time-stamping | La Poste Group, eIDAS certified since 2016 | | Certinomis | Qualified certificates | La Poste subsidiary, public sector oriented | | ChamberSign France | Qualified certificates | Network of CCIs, strong SME/TPE anchoring | | Keynectis / DocuSign France | Qualified certificates | Acquired by DocuSign, maintaining ANSSI label | | Universign (Tessi) | Qualified certificates, time-stamping | Market pioneer, integrated in Tessi group | | Entrust (ex-Datacard) | Qualified certificates | International player, Trust List across multiple Member States | | Oodrive Sign | Qualified certificates | French sovereign editor, SecNumCloud qualified |

> Warning: this list is provided for information and guidance purposes only. Only the official Trust List of the European Commission is authoritative. Always verify current status on the ETSI portal before any contractual commitment.

Foreign service providers recognized in France via the European Trust List

By virtue of the mutual recognition principle established by Article 25 of the eIDAS Regulation, a qualified signature issued by a QTSP registered on the trust list of another Member State produces the same legal effects in France. Among frequently used non-French actors:

• Namirial (Italy): strong in remote qualified signature (QES remote signing);
• SwissSign (Switzerland): note that Switzerland is not a member of the EU; recognition is partial;
• Qualified.one / Asseco Data Systems (Poland): European public player, frequent in cross-border transactions.

To compare these solutions according to your business needs, consult our comparison of electronic signature solutions which analyzes price, compliance and API integration criteria.

---

How to choose the right qualified eIDAS service provider for your organization?

Being listed on the Trust List is a necessary but not sufficient condition. The choice of a QTSP must be based on several complementary criteria.

Technical and integration criteria

• REST API or SDK available: essential for automating signature in your business workflows (ERP, HRIS, CRM);
• Supported signature formats: PAdES for PDFs, XAdES for XMLs, CAdES for binary files — all standardized by ETSI EN 319 100;
• Service availability: SLA greater than 99.9% guaranteed contractually, with maintenance periods scheduled outside business hours;
• Data hosting: prefer hosting in France or the EU, ideally SecNumCloud qualified for sensitive data.

Legal and compliance criteria

• Verify that the service provider provides an up-to-date qualification report (less than 24 months old);
• Require a published certification policy (CP) publicly accessible and audited;
• Ensure that the general terms and conditions explicitly provide for the issuance of qualified certificates within the meaning of Annex I of the eIDAS Regulation.

Operational and support criteria

• Signatory enrollment procedure: face-to-face at an office, eIDAS-compliant video identification or NFC from an electronic identity document;
• French-language support with contractual response times;
• Training and documentation available for your legal and IT teams.

If your organization manages significant HR document flows, our page dedicated to electronic signature for HR teams details specific use cases (employment contracts, amendments, onboarding) and recommended signature levels by document type.

---

eIDAS 2.0: What changes for qualified service providers in 2026?

The eIDAS 2.0 Regulation (EU Regulation 2024/1183, gradually entering into application since May 2024) introduces several structural developments that directly impact QTSPs and their customers.

The European Digital Identity Wallet (EUDI Wallet)

Article 6a of the revised regulation requires Member States to provide, by September 2026, a digital identity wallet (EUDI Wallet) recognized throughout the EU. For qualified service providers, this means:

• The obligation to accept identity attributes from the wallet as proof of identity for signatory enrollment;
• The emergence of a new qualified service: the issuance of qualified attestations of attributes (Qualified Electronic Attestation of Attributes, QEAA).

New qualified services and scope expansion

eIDAS 2.0 expands the list of qualified trust services to include:

• Qualified electronic archiving services (QPDS, Article 45f);
• Remote signature creation device management services (QRCD).

These developments represent both a compliance constraint (tight deadlines for existing service providers) and a differentiation opportunity for newcomers capable of quickly integrating technical specifications published by ENISA and ETSI.

For businesses considering migration from an existing platform to a more compliant solution, our migration guide from DocuSign or YouSign to Certyneo presents concrete steps and regulatory vigilance points.

Applicable legal framework for qualified eIDAS service providers

eIDAS Regulation and European law

The legal foundation is the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (known as the "eIDAS Regulation"), as amended by Regulation (EU) 2024/1183 (eIDAS 2.0). This regulation is directly applicable in all Member States without national transposition.

Its key provisions for qualified service providers:

• Article 17: obligation for each Member State to designate a supervisory body (in France, ANSSI);
• Article 20: procedure for supervision, audit and registration on the trust list;
• Article 25: presumption of equivalence between QES and handwritten signature, with guaranteed legal effect throughout the EU;
• Annex I: requirements relating to qualified certificates for electronic signature;
• Annex II: requirements relating to qualified signature creation devices (QSCD).

French law

In domestic law, electronic signature is governed by:

• Civil Code, Articles 1366 and 1367: Article 1366 recognizes the probative value of electronic writing on condition of guaranteeing the identity of the author and the integrity of the document. Article 1367 specifies that electronic signature consisting of a reliable identification process benefits from a presumption of reliability when created in accordance with the implementing decree;
• Decree No. 2017-1416 of 28 September 2017: defines the conditions under which qualified electronic signature is presumed reliable in France, by explicitly referring to the eIDAS Regulation;
• Ordinance No. 2005-674 of 16 June 2005 relating to the accomplishment of certain contractual formalities by electronic means.

Protection of personal data

Enrollment and signature processes involve the processing of personal data (identity data, biometrics for video identification). The qualified service provider is subject to Regulation (EU) 2016/679 (GDPR) and must in particular:

• Designate a DPO if processing is on a large scale;
• Document the processing in the CNIL register;
• Frame transfers outside the EU with appropriate safeguards (standard contractual clauses, adequacy decision).

Cybersecurity and resilience

Since October 2024, the NIS2 Directive (2022/2555/EU) applies to qualified trust service providers, classified as essential entities. They must implement cyber risk management measures, notify significant incidents to ANSSI within 24 hours, and submit to regular audits. Non-compliance is subject to fines of up to 10 million euros or 2% of annual global turnover.

Technical reference standards

• ETSI EN 319 401: general requirements for trust service providers;
• ETSI EN 319 411-2: policy profile for qualified certificates;
• ETSI EN 319 132: XAdES signature formats;
• ETSI EN 319 122: CAdES signature formats;
• ETSI EN 319 162: PAdES signature formats (PDF).

Use cases: When is qualified eIDAS signature essential?

Scenario 1 — A law firm managing private deeds with high probative value

A mid-sized law firm with about twenty collaborators handles several dozen share transfers, settlement agreements and representations and warranties insurance (R&W) agreements each month. These documents involve sums often exceeding several hundred thousand euros and are likely to be disputed in court.

Before migrating to a qualified eIDAS service provider, the firm used an advanced signature solution (AES), which was sufficient for most routine documents. After an incident where the opposing party challenged the authenticity of a signature during litigation, the firm chose QES for all high-stakes documents. Result: 90% reduction in time spent producing signature evidence during contentious proceedings, thanks to the irrebuttable legal presumption attached to QES. The per-signature surcharge (approximately 2 to 5 € depending on volumes) was entirely absorbed by the reduction in litigation costs.

Scenario 2 — A mid-sized industrial company managing cross-border supplier contracts

A mid-sized enterprise (SME) in the industrial equipment sector, with suppliers established in France, Germany, Italy and Poland, previously had to send its master contracts by postal mail or organize in-person signing meetings, generating delays of 10 to 21 business days per contract.

By deploying a solution connected to a European QTSP registered on the Trust List, the company reduced the signature cycle to less than 48 hours on average. Mutual recognition between Member States guarantees legal value without need for additional legalization. Over a portfolio of 350 annual supplier contracts, the estimated gain in administrative and logistical costs exceeds 40,000 € per year, according to ranges consistent with sector studies published by ACFE and APQC.

Scenario 3 — A hospital group subject to health sector requirements

A hospital group with about 1,200 beds must electronically sign public procurement contracts, clinical research agreements and hospital practitioner contracts. These documents are subject to the Public Procurement Code, which requires an electronic signature compliant with the RGS (General Security Reference) at level ** or, since the digitization of public procurement, at an equivalent eIDAS level.

By relying on a QTSP registered on the French Trust List, the hospital group ensures compliance with Article R. 2132-7 of the Public Procurement Code while reducing the time to sign contracts from 15 days to less than 72 hours. API integration with the hospital information system (SIH) made it possible to automate sending and tracking documents, freeing up approximately 0.4 FTE on contract-related administrative tasks.

Conclusion

Choosing a qualified eIDAS service provider is not a simple software purchase: it is a strategic decision that engages the probative value of your documents, your organization's regulatory compliance and the trust of your business and institutional partners. In 2026, with the gradual entry into force of eIDAS 2.0 and new NIS2 obligations, the level of requirement is only increasing.

The essential points to remember: systematically verify registration on the official Trust List, require a published certification policy, and adapt the signature level (QES, AES, SES) to the legal stakes of each document.

Certyneo supports you in this process by giving you access to qualified certificates via registered QTSPs, a robust API integration and dedicated legal support. Ready to move to qualified signature? Request a demo or create your Certyneo account and bring your organization into compliance today.