Go to main content
Certyneo
Free tool · 5 minutes

Are you eIDAS compliant? Assess your SME in 5 minutes

12 targeted questions about your electronic signature process. Receive a score out of 100, a list of your weak points and concrete recommendations — free and no sign-up required.

No sign-up · Your answers are not stored · 100% free

Why assess eIDAS compliance for your SME?

The eIDAS regulation (EU No. 910/2014) governs electronic signatures across the entire European Union. For an SME, being compliant means that your contracts signed online have the same legal value as a paper contract — a decisive advantage in case of dispute. Conversely, poor practices (plain email, scanned signature, lack of timestamping) expose the company to having its contracts invalidated in court.

This tool was designed by our legal team and technical experts. It covers the 12 points that determine whether an electronic signature is 'admissible' or 'contestable'. At the end of the questionnaire, you will know exactly where you stand — and what to change if necessary.

eidasChecklist.instructions

  1. 1

    eidasChecklist.questions.q1.text

    eidasChecklist.categories.legal · 12 eidasChecklist.points

  2. 2

    eidasChecklist.questions.q2.text

    eidasChecklist.categories.legal · 10 eidasChecklist.points

  3. 3

    eidasChecklist.questions.q3.text

    eidasChecklist.categories.tech · 10 eidasChecklist.points

  4. 4

    eidasChecklist.questions.q4.text

    eidasChecklist.categories.tech · 8 eidasChecklist.points

  5. 5

    eidasChecklist.questions.q5.text

    eidasChecklist.categories.tech · 8 eidasChecklist.points

  6. 6

    eidasChecklist.questions.q6.text

    eidasChecklist.categories.process · 10 eidasChecklist.points

  7. 7

    eidasChecklist.questions.q7.text

    eidasChecklist.categories.process · 8 eidasChecklist.points

  8. 8

    eidasChecklist.questions.q8.text

    eidasChecklist.categories.process · 7 eidasChecklist.points

  9. 9

    eidasChecklist.questions.q9.text

    eidasChecklist.categories.evidence · 10 eidasChecklist.points

  10. 10

    eidasChecklist.questions.q10.text

    eidasChecklist.categories.evidence · 7 eidasChecklist.points

  11. 11

    eidasChecklist.questions.q11.text

    eidasChecklist.categories.evidence · 5 eidasChecklist.points

  12. 12

    eidasChecklist.questions.q12.text

    eidasChecklist.categories.evidence · 5 eidasChecklist.points

eidasChecklist.progress

How to read your score

Three compliance bands, calculated on 100 points weighted by legal significance.

Score ≥ 80

Solid compliance

Your eIDAS system is mature. Your signatures are enforceable and most best practices are in place. Monitor especially regulatory changes (eIDAS 2.0 / EUDI Wallet).

Score 50 — 79

Partial compliance

The basics are there but certain weak points can weaken a contract in case of litigation. Focus on questions where you answered No as a priority — these are the blind spots.

Score < 50

At-risk compliance

Several critical elements are missing. The concrete risk: an important contract being declared invalid in court. Achieving compliance must be pursued quickly — the good news is that it is usually quick to implement.

The eIDAS framework for SMEs — the essentials

The eIDAS Regulation (EU No. 910/2014) came into force in 2016 and was strengthened by eIDAS 2.0 in 2024. It defines three levels of electronic signature: simple (SES), advanced (AES), and qualified (QES). For an SME, the AES level is sufficient in 95% of cases — it provides a presumption of reliability comparable to handwritten signature and is accepted as evidence before French courts.

Beyond the choice of signature level, compliance rests on five pillars: signer identification (KYC, OTP), document integrity (hashing, timestamping), audit evidence (who, when, from where), retention duration (10 years for commercial contracts), and accessibility (ability to provide documents to the administration or a judge).

SME-specific pitfalls

SMEs face three recurring compliance traps regarding eIDAS. First: the use of scanned signatures sent by email, which have no enhanced probative value. Second: the absence of internal policy on who can sign what (a junior sales manager signs a 200k€ contract without authority, the contract is voided). Third: dependence on a US provider subject to the Cloud Act, which is problematic for sensitive data (HR, health, defense).

What to do after this evaluation?

If your score is in the red, start with the questions you answered No to on the Legal and Evidence dimensions — these are the points that tip a contract between admissible and contestable. If you are in orange, focus on the blind spots identified. If you are in green, monitor eIDAS 2.0 developments (EUDI Wallet, qualified archiving) which expand requirements from 2027 onwards.

Frequently Asked Questions

Does this tool replace a professional legal audit?

No. This is a pedagogical self-assessment to quickly identify your strengths and weaknesses. For a formal binding audit (for example in response to legal proceedings or a call for tenders), consult a specialized lawyer or compliance audit firm.

Are my answers recorded?

No. The tool runs entirely in your browser. No answers are sent to our servers. If you close the page, your answers are lost. This is intentional — your data remains strictly with you.

What sources is this checklist based on?

The eIDAS regulation (EU 910/2014), eIDAS 2.0 (EU 2024/1183), the French Civil Code (art. 1366 and 1367), the Commercial Code (art. L123-22), and ETSI technical standards EN 319 122 (PAdES) and TS 119 511 (signature policy). Public, verifiable sources.

How long does it take to go from red to green?

For a standard SME, compliance typically takes 1 to 4 weeks, with the majority of time spent on internal training and updating terms and conditions. The technical deployment of a solution like Certyneo takes just a few hours.

Is the eIDAS 2.0 / EUDI Wallet score already included?

This version 1 of the checklist focuses on eIDAS 1.0 (2016) which covers 100% of current requirements. A version 2 will be published in 2027 to include eIDAS 2.0 requirements (European digital identity Wallet). For now, eIDAS 1.0 remains the applicable framework.