eIDAS 2.0: What’s Changing for QES in 2025-2026

What Is eIDAS 2.0?

eIDAS 2.0 refers to Regulation (EU) 2024/1183, which amends the original eIDAS Regulation (910/2014) that has governed electronic identification and trust services across the EU since 2016. Think of it as eIDAS 2.0—an upgraded version addressing limitations discovered during the first eight years of implementation.

Why Was an Update Needed?

The original eIDAS regulation achieved remarkable success in creating a legal framework for qualified electronic signatures and cross-border digital trust. However, gaps emerged:

Limited Adoption of National eID Schemes

By 2021, only 59% of EU residents could use a trusted electronic identity to access online services across borders. Member states could voluntarily notify national eID schemes, but many didn’t create comprehensive systems, leading to fragmentation.

Inconsistent Implementation

National supervisory bodies and conformity assessment organizations interpreted eIDAS requirements differently, creating varying security levels and trust standards across member states. A qualified signature provider certified in Germany might face different requirements than one in Italy.

Technological Gaps

The 2014 regulation didn’t anticipate how smartphones would become the primary digital identity device. Remote qualified signature creation was possible but cumbersome, requiring USB tokens or smart cards rather than integrated mobile solutions.

Limited Scope of Trust Services

Trust services like electronic archiving, electronic ledgers, and management of remote electronic signatures weren’t adequately covered, despite growing business demand for these capabilities.

The Game-Changer: European Digital Identity Wallets (EUDIW)

The centerpiece of eIDAS 2.0 is the European Digital Identity Wallet—a mobile application that will fundamentally change how Europeans prove their identity and sign documents digitally.

What Is the EUDIW?

The European Digital Identity Wallet is a smartphone app (or other personal device) that allows users to:

• Store and manage digital identity documents: National ID cards, driver’s licenses, professional qualifications, educational diplomas, health insurance cards, and more
• Prove identity without revealing unnecessary data: For example, prove you’re over 18 without showing your exact birthdate or full name
• Create qualified electronic signatures directly from your phone: No separate apps, USB tokens, or physical devices required
• Access both public and private services: Government portals, banking apps, e-commerce platforms, and business applications
• Use the same wallet across all EU countries: Your Belgian wallet works seamlessly in Spain, Germany, Italy, or any other member state

Mandatory Issuance by Member States

Unlike the original eIDAS, where national eID schemes were voluntary, eIDAS 2.0 requires all 27 EU member states to issue digital identity wallets to citizens who request them. This mandate ensures universal availability across the Union.

Member states have up to 24 months after the adoption of technical specifications (Implementing Acts) to provide these wallets. According to Article 5a, the European Commission must establish technical standards and certification requirements by November 21, 2024, meaning wallet deployment should begin in 2025, with full availability targeted for 2026.

Private Sector Must Accept EUDIW

eIDAS 2.0 goes further by requiring large online platforms to accept EUDIW for identity verification. This includes:

• Social media platforms
• E-commerce marketplaces
• Cloud services
• Sharing economy platforms
• Financial services providers

This mandatory acceptance ensures businesses can’t create proprietary identity silos, promoting interoperability and user choice throughout the digital economy.

Impact on Qualified Electronic Signatures

For businesses and individuals currently using qualified electronic signatures, eIDAS 2.0 brings both opportunities and new considerations.

Your Smartphone Becomes a QSCD

One of the most transformative technical changes: EUDIW includes Qualified Signature Creation Device (QSCD) functionality built into the wallet. This means:

• No external hardware required: Forget USB tokens, smart cards, or separate cryptographic devices
• Secure key storage in device enclave: Your private signing keys remain protected by your smartphone’s secure hardware
• Biometric authentication: Use fingerprint or facial recognition to authorize signatures
• Instant qualified signature creation: From document receipt to signed document in under a minute

Existing QES Methods Continue to Work

The introduction of EUDIW doesn’t invalidate current QES methods. Qualified Trust Service Providers like those offered through platforms like QES-Sign (itsme, Evrotrust, Adacom) will continue operating and remain fully compliant with eIDAS 2.0.

Enhanced Security Requirements

eIDAS 2.0 introduces stricter technical and operational requirements for qualified trust services, including:

• Harmonized conformity assessment: More consistent evaluation criteria across member states
• Mandatory incident reporting: QTSPs must report security breaches to supervisory authorities within specific timeframes
• Enhanced oversight: National supervisory bodies receive additional powers to ensure compliance
• Regular audits: More frequent conformity assessments to maintain qualified status

New Trust Services

eIDAS 2.0 expands qualified trust services to include:

Qualified Electronic Archiving

Ensures documents remain readable, authentic, and legally valid for decades, crucial for contracts with long retention requirements.

Qualified Electronic Ledgers

Provides tamper-proof records of data or transactions over time, supporting regulatory compliance and audit trails.

Management of Remote Electronic Signatures and Seals

Formalizes remote QES creation (like current methods) with clearer technical standards and security requirements.

Implementation Timeline: What Happens When

eIDAS 2.0 deployment follows a phased approach with specific deadlines:

What This Means for Different Stakeholders

For Businesses Using QES

If your organization currently uses qualified electronic signatures, consider these implications:

Opportunities

• Broader customer/partner adoption: When everyone has EUDIW, requesting QES from counterparties becomes frictionless
• Simplified onboarding: New employees or business partners can sign immediately without app downloads or provider selection
• Reduced support burden: Government-issued wallets reduce “how do I sign?” support tickets
• Enhanced security: Unified standards across the EU improve overall trust and security

Action Items

• Update acceptance systems: Ensure your document management and signature verification systems can recognize EUDIW-created qualified signatures
• Train staff: Prepare teams for dual QES methods during the 2025-2026 transition period
• Review contracts: Verify your QES provider’s eIDAS 2.0 compliance roadmap and update service agreements
• Monitor Implementing Acts: Stay informed about technical specifications published by the European Commission

For QES Providers (QTSPs)

Qualified Trust Service Providers face both challenges and opportunities:

• Coexistence with EUDIW: Providers will operate alongside government wallets, focusing on value-added services like workflow automation, bulk signing, API integration, and multi-method support
• Enhanced compliance requirements: Stricter conformity assessments and ongoing supervision necessitate increased investment in security and quality management
• New service opportunities: Expanded trust services (archiving, ledgers, remote signature management) create additional revenue streams
• Interoperability standards: Must ensure signatures work seamlessly with EUDIW and other providers

For HR Departments

Human resources teams will experience significant workflow improvements:

For Individuals

EU citizens gain unprecedented control over their digital identity:

• Universal access to QES: No need to research providers, compare options, or pay setup fees—your government provides the wallet
• Privacy by design: Share only necessary information (prove you’re over 18 without revealing your exact birthdate)
• One app for everything: Identity verification, document signing, credential storage, and service access in a single interface
• Reduced dependency on private platforms: Government-issued identity reduces reliance on tech company login systems

Concerns and Open Questions

Despite its promise, eIDAS 2.0 faces criticism and unresolved challenges:

Data Protection Concerns

Privacy advocates have raised concerns about EUDIW:

• Potential for surveillance: Centralized identity systems could enable tracking of citizen activities if improperly designed
• Data retention unclear: How long can data remain in digital wallets? What happens to archived identity credentials?
• No explicit safeguards against misuse: Critics argue the regulation lacks strong prohibitions against using wallet data for advertising or profiling

Security Requirements

IT security experts note that eIDAS 2.0 doesn’t define specific security standards for wallet implementations—these will come through Implementing Acts. Until technical specifications are published, questions remain about:

• Cryptographic algorithms required for qualified signatures in wallets
• Protection against malware on consumer smartphones
• Recovery mechanisms if wallet access is lost
• Prevention of cloning or unauthorized key extraction

Consistent Implementation

The original eIDAS suffered from inconsistent interpretation across member states. While eIDAS 2.0 aims to address this through more detailed technical specifications, achieving true harmonization across 27 countries remains challenging.

Private Sector Acceptance Requirements

While large online platforms must accept EUDIW, the regulation doesn’t specify technical integration details. Questions remain about:

• Cost and complexity of integration for businesses
• Liability when accepting wallet credentials
• Verification processes for signature validity
• Fallback mechanisms if wallet systems are unavailable

Comparison: eIDAS 1.0 vs. eIDAS 2.0

Understanding what’s changed helps businesses plan their transition:

Preparing for eIDAS 2.0: Practical Steps

Businesses should begin preparation now, even though full implementation is 18-24 months away:

Immediate Actions (2024-2025)

1. Assess current QES usage: Document which processes use qualified signatures, identify stakeholders, and map workflows
2. Verify provider compliance: Confirm your QES provider’s eIDAS 2.0 readiness and timeline for supporting EUDIW signatures
3. Review systems architecture: Ensure document management and signature verification systems can handle multiple QES sources (traditional QTSPs and EUDIW)
4. Monitor technical standards: Watch for Implementing Acts published by the European Commission, particularly wallet specifications
5. Budget for updates: Allocate resources for system modifications, staff training, and potential integration work

During Rollout (2025-2026)

1. Pilot EUDIW acceptance: Test wallet-based signatures in non-critical processes once your member state launches EUDIW
2. Update documentation: Revise signing procedures, user guides, and FAQ materials to reflect dual methods
3. Train staff: Ensure teams understand both traditional QES and EUDIW-based signatures
4. Communicate with stakeholders: Inform customers, partners, and employees about new signing options
5. Test verification processes: Validate that your systems correctly verify signatures from both sources

Post-Implementation (2027+)

1. Monitor adoption rates: Track which signature methods stakeholders prefer and optimize workflows accordingly
2. Evaluate provider strategy: Assess whether continued use of traditional QTSPs provides value or if EUDIW meets most needs
3. Leverage new trust services: Explore qualified archiving, ledgers, and remote signature management for additional compliance benefits
4. Review cost structure: Compare expenses under new ecosystem and adjust procurement strategies

Key Takeaways

• eIDAS 2.0 is now law: Regulation (EU) 2024/1183 entered into force on May 20, 2024, establishing the legal framework for European Digital Identity Wallets and enhanced trust services across the EU.
• EUDIW transforms QES accessibility: By 2026, all EU citizens will have access to government-issued digital identity wallets capable of creating qualified electronic signatures directly from smartphones—no external apps or hardware required.
• Mandatory acceptance creates interoperability: Large online platforms must accept EUDIW for identity verification, and all member states must issue wallets to requesting citizens, ensuring universal availability and cross-border functionality.
• Existing QES methods remain valid: Qualified Trust Service Providers and current signature methods continue operating alongside EUDIW during the transition period and beyond, providing businesses with multiple compliant options.
• Preparation should start now: Even though full implementation is 18-24 months away, businesses should assess current systems, verify provider compliance, and plan for accepting signatures from both traditional QTSPs and EUDIW sources.
• Enhanced security and new services: eIDAS 2.0 introduces stricter conformity requirements for qualified trust services and expands coverage to include electronic archiving, ledgers, and remote signature management—creating new compliance and business opportunities.

Frequently Asked Questions

When will eIDAS 2.0 fully replace eIDAS 1.0?

eIDAS 2.0 doesn’t replace the original regulation—it amends it. Regulation (EU) 2024/1183 entered into force on May 20, 2024, but implementation is phased. EUDIW deployment should begin in 2025, with universal availability targeted for 2026. Many provisions will coexist with existing systems during a multi-year transition.

Will my current QES provider still work after eIDAS 2.0?

Yes. Qualified Trust Service Providers like those offered through QES-Sign (itsme, Evrotrust, Adacom) continue operating and remain fully compliant. eIDAS 2.0 adds EUDIW as an additional QES method but doesn’t invalidate existing approaches. Many businesses will use both systems during the transition and potentially beyond.

Do I need to wait for EUDIW to use qualified signatures?

Absolutely not. Continue using qualified electronic signatures through current providers. EUDIW won’t be widely available until 2026, and businesses need QES solutions today. Platforms offering pay-per-use QES (like QES-Sign, starting at €5 per signature) provide immediate access without subscriptions or long-term commitments.

How much will the European Digital Identity Wallet cost?

EUDIW will be provided to citizens free of charge by member states. This is explicitly stated in eIDAS 2.0. Citizens requesting a digital identity wallet should not pay fees for the wallet itself, though specific services accessed through the wallet may have associated costs determined by service providers.

What if someone doesn’t want a digital identity wallet?

EUDIW is voluntary for citizens—no one is forced to request or use a digital identity wallet. Traditional identification methods (physical ID cards, passports) remain valid. However, businesses and platforms may increasingly prefer or require digital identity verification for online services, making EUDIW highly beneficial even if not mandatory.

Will EUDIW work in non-EU countries?

EUDIW is designed primarily for use within the EU, EEA, and potentially countries with equivalency agreements. For truly global operations requiring QES in countries like the United States, China, Brazil, or Australia, businesses should continue using QTSPs with broad geographic coverage like Adacom (68 countries) or Evrotrust (58 countries).

How secure is creating QES on a smartphone?

EUDIW will use smartphone secure enclaves (like iOS Secure Enclave or Android StrongBox) to protect private signing keys, combined with biometric authentication. These hardware-based security features meet QSCD requirements under eIDAS. Technical specifications published via Implementing Acts will define exact security standards for wallet implementations.

Can businesses create their own digital identity wallets?

No. Only member states can issue European Digital Identity Wallets under eIDAS 2.0. Private companies can develop the wallet software (member states may outsource development), but issuance, certification, and oversight remain government responsibilities. This ensures trust, security, and cross-border interoperability.

Conclusion

eIDAS 2.0 represents the most significant evolution in European digital identity and trust services since the original regulation launched in 2016. The introduction of European Digital Identity Wallets will transform qualified electronic signatures from a specialized business tool into a ubiquitous capability accessible to every EU citizen via their smartphone.

For businesses currently using QES, this evolution brings tremendous opportunities: broader adoption among partners and customers, simplified onboarding processes, reduced friction in cross-border transactions, and enhanced security through harmonized standards. The transition period between 2025 and 2027 will see both traditional QTSP-based methods and new EUDIW signatures operating simultaneously, giving organizations flexibility in how they adapt.

The key to success is preparation. Understanding the timeline, assessing your current systems, verifying provider compliance, and planning for dual-method acceptance will position your organization to leverage eIDAS 2.0’s benefits while maintaining uninterrupted QES capabilities during the transition.

While challenges remain—particularly around privacy safeguards, security specifications, and consistent implementation across member states—the fundamental goal of eIDAS 2.0 is clear: creating a truly unified digital single market where electronic identities and qualified signatures work seamlessly across borders, platforms, and use cases.

Whether you’re an HR manager signing employment contracts, a lawyer executing legal documents, or a business owner negotiating international agreements, eIDAS 2.0 will make qualified electronic signatures more accessible, more secure, and more integrated into everyday European digital life.