Sign a SOW Electronically: Full Legal Value Under eIDAS 2026
An unsigned Statement of Work exposes your business to costly disputes. Discover how to sign your SOWs with full legal value under eIDAS compliance.
8 min
Regulation (EU) 910/2014 · Updated 2026
The eIDAS Regulation: everything you need to know about electronic signatures in Europe
Last updated
eIDAS regulation is the founding text of electronic signature in Europe. It defines three levels of signature (simple, advanced, qualified), establishes the legal value of electronic acts and regulates trust service providers. This guide explains everything you need to know to be compliant in 2026.
What is eIDAS and why was it created?
Before eIDAS, each Member State of the European Union had its own regulations on electronic signatures, creating a legal fragmentation that hindered cross-border transactions. An electronic signature valid in France was not necessarily recognized in Germany or Spain.
Regulation (EU) 910/2014, known as eIDAS (Electronic IDentification, Authentication and trust Services), was adopted on 23 July 2014 and became applicable on 1 July 2016. Because it is a regulation (and not a directive), it applies directly and uniformly in all 27 Member States, with no need for national transposition.
eIDAS pursues three main objectives: creating a single digital market in Europe through the mutual recognition of electronic identities, ensuring the legal security of cross-border electronic transactions, and establishing a framework of trust for digital services through qualified trust service providers (QTSP — Qualified Trust Service Provider).
The 3 levels of signature defined by eIDAS
eIDAS establishes a pyramid of three levels of electronic signature, each with its own technical requirements and probative value.
Level 1 — SESArticle 3(10) eIDAS
Simple Electronic Signature
Available on Certyneo
eIDAS requirements
- Data in electronic form linked to other data
- Used to sign (no specific technical requirement)
- May be a simple click, a ticked box or a typed name
Example uses
- Acceptance of T&Cs
- Online form
- Confirmation email
Legal standing
Basic contractual value, no legal presumption
Level 2 — AESArticle 26 eIDAS
Advanced Electronic Signature
Available on Certyneo
eIDAS requirements
- Uniquely linked to the signer
- Capable of identifying the signer
- Created using data under the signer's sole control
- Any subsequent change to the document is detectable
Example uses
- Employment contracts
- NDAs
- Commercial contracts
- Mandates
Legal standing
Strong probative value — recommended for material contracts
Level 3 — QESArticle 25(2) + Annex I eIDAS
Qualified Electronic Signature
Available on Certyneo
eIDAS requirements
- Meets every AES requirement
- Created by a qualified signature-creation device (QSCD)
- Based on a qualified certificate issued by a QTSP (EU trust list)
Example uses
- Digital authentic acts
- Large public procurement
- Regulated acts
Legal standing
Legal presumption equivalent to handwritten signature (art. 25 eIDAS)
eIDAS 2.0: what changed in 2024
The eIDAS Regulation was revised by Regulation (EU) 2024/1183, published in the EU's Official Journal on 30 April 2024 and in force on 20 May 2024. This revision modernises the original framework to address contemporary digital challenges: citizens' digital identity, sovereign cloud and resilience of trust service providers.
The flagship measure of eIDAS 2.0 is the European Digital Identity Wallet (EUDIW). By the end of 2026, each Member State must offer its citizens and residents an application to store and present certified identity credentials — digital equivalent of an ID card, driver's license, diplomas. This development will have a direct impact on qualified signature processes.
European Digital Identity Wallet (EUDIW)
eIDAS 2.0 introduces the European Digital Identity Wallet: every EU citizen will be able to store their certified identity attestations (ID card, driving licence, diplomas) in a mobile app that is interoperable across the EU.
Strengthened QTSPs
The requirements applicable to qualified trust service providers (QTSPs) are strengthened, in particular on cybersecurity, audits and business continuity.
New trust services
eIDAS 2.0 adds new qualified services: qualified electronic archiving, qualified attribute management and qualified electronic ledgers (certified blockchains).
Enhanced interoperability
Better mutual recognition of digital identities between Member States. Qualified signatures issued in any EU country are recognised everywhere.
How to be eIDAS-compliant in practice
eIDAS compliance does not come down to choosing a signature level. It requires reflection on the entire process: risk identification, tool selection, evidence retention and document governance.
Here is a practical checklist for companies wishing to secure their electronic signature processes in compliance with eIDAS:
Identify the right signature level for each document type
Use a solution whose provider hosts data within the EU
Retain the timestamped audit trail alongside every signed document
Make sure the signer is adequately identified for the chosen level
Have a documented retention policy (duration, access, destruction)
Check that the provider has a GDPR Data Processing Agreement (DPA)
For AES: implement an OTP or strong-authentication mechanism
For QES: engage a QTSP listed on a national trust list
Certyneo's approach to eIDAS compliance
Certyneo implements the SES (Simple Electronic Signature) and AES (Advanced Electronic Signature) levels of eIDAS regulation. Advanced signature is based on dual-factor authentication: a single-use link sent by email and an OTP code sent by SMS via our SMS OTP provider. This mechanism meets the four criteria of article 26 of eIDAS for advanced signature.
Every envelope generates a complete audit trail: timestamp of each action (sending, opening of the link, OTP validation, signature, optional refusal), the signer’s IP address and browser user-agent. This audit trail is embedded at the bottom of every page of the final PDF (audit footer) and retained for ten years.
Data is hosted in Germany (EU) (IONOS infrastructure), within the European Union, in line with digital-sovereignty requirements and the GDPR. Visit our security and compliance page for all the technical details.
Frequently asked questions about eIDAS
What is the eIDAS Regulation?
eIDAS (Electronic Identification, Authentication and Trust Services) is European Regulation (EU) 910/2014, which establishes a common legal framework for electronic signatures, electronic seals, timestamps, electronic registered delivery services and website authentication services in the European Union. It entered into force on 1 July 2016 and applies directly in all 27 Member States.
What is the difference between eIDAS and eIDAS 2.0?
eIDAS 2.0 (regulation (EU) 2024/1183, entered into force on 20 May 2024) modernizes eIDAS 1.0 by introducing notably the <linkGlossaryEudiWallet>European Digital Identity Wallet</linkGlossaryEudiWallet> (EUDIW — European Digital Identity Wallet), which will allow European citizens to store certified digital identity credentials. For businesses, eIDAS 2.0 strengthens the requirements of qualified trust service providers (QTSP) and improves cross-border interoperability.
Does a simple electronic signature have legal value under eIDAS?
Yes. Article 25 of eIDAS explicitly prohibits refusal of legal effects to an electronic signature solely on the grounds that it is in electronic form. A simple signature (<linkGlossarySes>SES</linkGlossarySes>) therefore has legal value, but it does not benefit from the legal presumption reserved for qualified signatures (QES). In the event of a dispute, it is up to whoever invokes the signature to prove its authenticity.
How do I know which eIDAS level to choose for my contracts?
The general rule is to calibrate the level to the legal and commercial risk of the document. For low-stakes everyday documents (quotes, internal orders), a simple signature is enough. For material commercial contracts, employment contracts, NDAs or mandates, advanced signatures (AES) are recommended. Qualified signatures (QES) are reserved for situations where the law explicitly requires them (certain administrative acts, large public procurement) or where the risk of challenge is at its highest.
How is Certyneo eIDAS-compliant?
Certyneo implements simple signature (<linkGlossarySes>SES</linkGlossarySes>) and advanced signature (<linkGlossaryAes>AES</linkGlossaryAes>) in accordance with eIDAS. Advanced signature is based on dual OTP email + SMS (our SMS OTP provider) that ties the signer to their act. Each envelope generates a timestamped audit trail integrated into the final PDF. Data is hosted in Germany (EU), in accordance with digital sovereignty requirements.
Does eIDAS apply to businesses outside the European Union?
eIDAS applies to trust services provided within the EU. A company established outside the EU that wishes its signatures to be recognized in the EU must use an eIDAS-compliant solution or a qualified trust service provider (QTSP) recognized in a Member State''s trust list. For international B2B exchanges, mutual recognition agreements exist with certain third countries.
Recommended articles
eIDAS 2: The New European Regulation Explained for 2026
The eIDAS 2 regulation reshapes the rules of digital identity in Europe for 2026. Discover what's changing for businesses and how to anticipate compliance.
9 min
eIDAS 2 Certification for Signature Service Providers 2026
The eIDAS 2 regulation imposes new requirements on trust service providers. Discover the complete certification pathway to remain compliant in 2026.
9 min
eIDAS 2 Digital Identity Wallet: 2026 Guide
The European EUDI Wallet transforms signature and authentication practices in enterprises. Discover everything you need to understand to anticipate regulatory changes in 2026.
9 min
eIDAS 2 Calendar: EU Deployment 2026-2027
The eIDAS 2 regulation enters its operational deployment phase in 2026-2027. Discover the key dates, obligations for businesses, and the complete roadmap.
9 min
eIDAS 2 vs eIDAS 1: Key Changes for SMEs
The eIDAS 2 regulation fundamentally reshapes the rules for electronic signatures and digital identity in Europe. Here's what every French SME needs to know before the end of 2026.
9 min