eIDAS 1 to 2 Transition: Impact on Signature in 2025

On 20 May 2024, Regulation (EU) 2024/1183 — commonly called eIDAS 2 — was published in the Official Journal of the European Union, progressively repealing Regulation No. 910/2014 (eIDAS 1). This text represents the most structuring reform of digital identity and electronic signature in Europe since 2016. For French enterprises using electronic signature solutions in their contractual workflows, the transition is not a mere formality: it involves technical, legal, and organizational adjustments whose horizon extends until 2026 and beyond. Understanding the eIDAS 1 to eIDAS 2 transition and its impact on electronic signature in 2025 has therefore become a priority for legal, IT, and HR departments. This article deciphers the fundamental changes in the framework, the precise transition timeline, and the concrete measures to take to remain compliant.

What the eIDAS 2 Regulation Fundamentally Changes

From the 2014 Regulation to the 2024 Overhaul: Why a Revision Was Necessary

eIDAS 1 had laid the foundations for mutual recognition of electronic signatures within the Union. Three hierarchical levels — simple (SES), advanced (AdES), and qualified (QES) — structured the probative value of signatures, backed by a list of trust service providers (TSL). However, in ten years, two major gaps became apparent.

First, the original regulation applied essentially to relations with public administrations (G2B, G2C). It created no direct obligations in private transactions (B2B, B2C), leaving a regulatory vacuum that each Member State filled in a heterogeneous manner. Second, the rise of digital services — mobile applications, open banking, telemedicine — revealed the absence of a portable and interoperable digital identity system at the continental level.

eIDAS 2 addresses these two challenges by introducing the European Digital Identity Wallet (EUDIW) and by expanding the scope of trust services to new use cases: qualified electronic archiving, qualified attribute attestations, qualified electronic registers (including certified blockchain applications).

The New Categories of Qualified Trust Services

Regulation eIDAS 2 extends the list of qualified trust services (article 3 and revised annex IV). Beyond signatures, seals, and timestamps already recognized by eIDAS 1, now qualified are:

• Qualified electronic archiving services (art. 34 bis): obligation to preserve the integrity and readability of signed documents over the long term, with enhanced requirements for service providers (QTSP).
• Services for managing qualified remote signature creation devices (QRCD): reinforced framework for remote signature solutions via cloud Hardware Security Module (HSM).
• Qualified attribute attestations: mechanism allowing a trusted third party to certify attributes of an entity (e.g., lawyer status, doctor status) without revealing the complete identity.
• Qualified electronic registers: recognition of distributed registers under strict auditability and resilience conditions.

For users of electronic signature solutions, this expansion means that the qualified trust services available on the market will diversify, and that the criteria for selecting a service provider (QTSP) must integrate these new capabilities.

EUDIW: The Digital Identity Wallet as Signature Infrastructure

The most visible innovation in eIDAS 2 remains the EUDIW. Each Member State must make available to its citizens and residents a free digital identity wallet, interoperable with all other Member States, by 26 November 2026 (deadline for national compliance according to article 5 bis). This wallet will enable:

• authenticating the user with a high assurance level (LoA High) without resorting to a third-party identification provider;
• electronically signing documents with qualified value (QES) directly from the wallet;
• sharing selective identity attributes (selective disclosure), thus respecting the data minimization principle of the GDPR.

For enterprises, the EUDIW theoretically simplifies identity verification procedures prior to qualified signature, eliminating friction from video identification or in-person identification. In practice, impact will depend on the pace of national deployment — France launched in 2025 a pilot experiment as part of the "France Identité" program.

Precise Transition Timeline from eIDAS 1 to eIDAS 2

The Regulatory Milestones to Know

Regulation 2024/1183 came into force on 20 May 2024, but its application is progressive. Here are the key deadlines:

| Date | Event | |------|-------| | 20 May 2024 | Publication in OJ, formal entry into force | | 20 November 2024 | 6-month deadline for adoption of implementing acts by the Commission (EUDIW technical specifications) | | End 2025 | Publication of revised ETSI standards (EN 319 411-1/2, EN 319 401) integrating eIDAS 2 requirements | | 26 May 2026 | Deadline for Member States' compliance with new categories of qualified services | | 26 November 2026 | Mandatory provision of EUDIW by each Member State | | 2027-2028 | Complete revision of national trust lists (TSL) and accreditation of new QTSP |

eIDAS 1 remains valid and signatures issued under its regime retain their full legal value. There is no obligation to re-sign existing documents. However, qualified trust service providers must renew their accreditation according to the new technical standards by 2027.

What Does Not Change and What to Monitor

Continuity is a cardinal principle of the transition. The three signature levels (SES, AdES, QES) are maintained with their definitions unchanged. The presumption of equivalence with a handwritten signature attached to QES (article 25 eIDAS 1, repeated in article 27 eIDAS 2) remains in force. The probative value of your current electronic signatures is not called into question.

What to monitor instead: implementing acts published by the European Commission throughout 2025-2026 will set the precise technical specifications of the EUDIW and new service categories. These level 2 texts have considerable practical importance for integrators and software publishers. For enterprises using electronic signature in their HR or legal processes, it is recommended to request from your service provider a roadmap for eIDAS 2 compliance.

Concrete Impact on Enterprises and Their Signature Solutions

Which Workflows Are Priority Concerns?

The transition from eIDAS 1 to eIDAS 2 does not have the same impact depending on the signature level used. For enterprises, three situations can be distinguished:

Simple electronic signature (SES): used for low-value amendments, receipts, internal forms. No obligation for immediate updates. Evidentiary rules remain governed by the Civil Code (art. 1366-1367) and not directly by eIDAS.

Advanced electronic signature (AdES/AdESQC): enterprises using B2B solutions for commercial contracts, dematerialized employment contracts or real estate deeds must verify that their service provider maintains compliance with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES), and EN 319 142 (PAdES) in their revised versions for eIDAS 2. These standards will be published by ETSI by end of 2025.

Qualified electronic signature (QES): qualified service providers (QTSP) must undergo new eIDAS 2 accreditation. The transitional period allows a reasonable deadline (until 2027), but calls for tender launched from 2025 should integrate an eIDAS 2 compliance clause in selection criteria. For organizations comparing available options, the comparison of electronic signature solutions allows you to assess publishers' maturity on this topic.

New Requirements for Qualified Trust Service Providers (QTSP)

eIDAS 2 tightens requirements applicable to QTSP on three major points:

1. System security: mandatory alignment with NIS2 (Directive (EU) 2022/2555) for QTSP, now classified as essential entities. This translates into incident notification obligations within 24 hours, annual security audits, and business continuity plans.

1. Enhanced liability: article 13 eIDAS 2 broadens the liability regime of QTSP. In case of proven breach, the burden of proof is reversed: the service provider must prove it did not commit negligence, not the other way around.

1. Mandatory interoperability: QTSP must expose standardized APIs compatible with EUDIW to enable native integration of identity wallets. This requirement will accelerate the modernization of integration interfaces available to developers.

For enterprises considering a change of service provider in this context, migrating from DocuSign or YouSign to an eIDAS 2 compliant solution is an approach that deserves to be anticipated now rather than urgently in 2027.

Personal Data and eIDAS 2: Articulation with GDPR

EUDIW collects and processes identity data of a personal nature. Regulation eIDAS 2 explicitly provides (recital 11 and article 5 bis §14) that the entire system must comply with GDPR (Regulation (EU) 2016/679). Several points of attention:

• Selective disclosure: the wallet must allow the user to share only the strictly necessary attributes for the transaction (minimization principle, art. 5(1)(c) GDPR). For a contract signature, only verification of majority could be shared without revealing the complete date of birth.
• Transfers outside the EU: identity data processed in the context of EUDIW cannot be transferred outside the EEA except with appropriate safeguards (art. 46 GDPR). Service providers using American cloud infrastructure must document their compliance.
• Signature log retention: archiving signature evidence must comply with retention periods proportionate to the nature of the document. The new qualified archiving service in eIDAS 2 provides a technical framework to meet this requirement.

Enterprises managing international employment contracts are particularly affected by this GDPR/eIDAS 2 articulation, especially when signatories reside outside the EU.

Legal Framework Applicable to the eIDAS 1 to eIDAS 2 Transition

Reference Texts

The transition rests on a body of texts that it is essential to master:

At the European level:

• Regulation (EU) No. 910/2014 (eIDAS 1): still in force until its progressive repeal by eIDAS 2. Defines the three signature levels (SES, AdES, QES) and the QTSP regime.
• Regulation (EU) 2024/1183 (eIDAS 2): entered into force on 20 May 2024. Substantially modifies eIDAS 1 without immediately repealing it. Provisions relating to EUDIW apply upon publication of implementing acts.
• Regulation (EU) 2016/679 (GDPR): applies fully to processing of identity data in the context of EUDIW and signature processes. Article 5 bis §14 of eIDAS 2 explicitly recalls this subordination.
• Directive (EU) 2022/2555 (NIS2): imposes enhanced cybersecurity obligations on QTSP, now classified as essential entities. Transposed into French law by Ordinance No. 2024-821 of 20 June 2024 (in implementing decree phase).

At the French level:

• Civil Code, articles 1366 and 1367: foundation of the probative value of writings in electronic form. Article 1366 establishes equivalence between electronic writing and paper under conditions. Article 1367 grants qualified signature (QES) the same probative force as a handwritten signature.
• Decree No. 2017-1416 of 28 September 2017: specifies conditions for using electronic signature in private deeds. Remains applicable during the transitional period.
• General Security Reference (RGS) v2: for French administrations, RGS imposes the use of solutions referenced by ANSSI. Its update to integrate eIDAS 2 is expected during 2026.

Applicable ETSI Technical Standards

ETSI standards constitute level 3 of the normative hierarchy. Current applicable versions:

• EN 319 132-1/2: XAdES format (advanced XML signatures)
• EN 319 122-1/2: CAdES format (advanced CMS signatures)
• EN 319 142-1/2: PAdES format (advanced PDF signatures)
• EN 319 401: general requirements for trust service providers
• EN 319 411-1/2: requirements for CAs issuing qualified certificates

These standards will be revised by end of 2025 to integrate the new eIDAS 2 requirements. Contracts with QTSP must include an update clause to revised versions at no additional cost.

Legal Risks of Non-Compliance

A signature issued by a service provider that would no longer be accredited after 2027 would not automatically lose its legal value for already-signed documents, but it would no longer benefit from the legal presumption of equivalence with a handwritten signature (art. 25 eIDAS). The burden of proving integrity and signer identity would then rest entirely on the enterprise in case of dispute. This evidentiary risk is particularly sensitive for deeds with long prescription periods (5 years in commercial matters, 30 years for real property rights).

Usage Scenarios: How Organizations Anticipate the eIDAS 2 Transition

Scenario 1: A 25-Employee Law Firm Streamlines Its Documentary Compliance

A law firm specializing in business law, with about 25 employees and intense signature activity for mandates, assignment deeds, and settlement agreements, used until 2024 an advanced signature solution (AdES) for all its flows. Upon announcement of eIDAS 2, the firm conducted an audit of its 1,200 annually signed documents to identify which ones needed QES according to its bar association's new recommendations.

Result: 15% of deeds (about 180 per year) were reclassified to qualified signature, which secured the evidentiary regime of these documents. The firm negotiated with its signature publisher a clause guaranteeing eIDAS 2 compliance upon publication of implementing acts, at no additional cost. Administrative time related to signer identity verification decreased by 40% thanks to anticipating EUDIW integration planned for 2026.

Scenario 2: A 150-Employee Industrial SME Secures Its Supplier Contracting Chain

An industrial SME managing about 350 supplier contracts per year — purchase orders, NDAs, framework contracts — operated with two distinct signature solutions for internal and external flows, creating audit evidence fragmentation. In the context of the eIDAS 2 transition and new qualified archiving requirements, the IT department decided to unify its platform.

By migrating to a single solution integrating qualified electronic archiving (future eIDAS 2 category), the SME reduced secure storage costs by 30% and consolidated signature evidence in a compliant digital vault. The entire document chain is now auditable in under 2 minutes during supplier controls — an increasingly common requirement from their order-placers in the automotive industry.

Scenario 3: A ~600-Bed Hospital Group Prepares for EUDIW Integration

A public hospital group used qualified electronic signature for its medical contracts and public procurement, in compliance with public procurement code obligations. With eIDAS 2, the IT service identified two priority issues: future integration of the "France Identité" wallet for physicians working as contractors in the facility, and NIS2 compliance of its QTSP.

The hospital group included in its 2025-2028 digital roadmap a specific "eIDAS 2 Compliance" workstream, with a provisional budget of €45,000 for technical migration and staff training. The goal is to be able to accept signatures via EUDIW upon national deployment scheduled for November 2026, thus reducing contracting timeframes with freelance healthcare professionals from 3 days to less than 4 hours on average according to available sector benchmarks.

Conclusion

The transition from eIDAS 1 to eIDAS 2 is not a break but a structured evolution, with a precise timeline extending until 2027. The impacts on electronic signature are real — expansion of qualified services, arrival of EUDIW, tightened NIS2 requirements for QTSP — but manageable once anticipated. Enterprises that act now benefit from a margin of maneuver to audit their workflows, secure their contracts with service providers, and train their teams without regulatory urgency pressure.

Certyneo supports enterprises in this transition with a clear eIDAS 2 compliance roadmap, signature formats kept up to date, and architecture ready for EUDIW integration. Ready to secure your signature flows in this new regulatory framework? Discover our offerings and start free on Certyneo.