Skip to main content

eIDAS Regulation (Electronic Identification and Trust Services), including eIDAS 2.0

eIDAS provides the EU framework for electronic identification and trust services such as qualified e-signatures, and eIDAS 2.0 adds the European Digital Identity Wallet. Compliance is supervised by national authorities, with loss of qualified status as a key sanction.

Jurisdiction
European Union

Overview

The eIDAS Regulation, Regulation (EU) No 910/2014, established a single EU framework for electronic identification (eID) and trust services such as electronic signatures, seals, timestamps, and website authentication certificates. It became applicable from 2016. Its goal was to enable secure, legally recognized electronic transactions across borders within the EU single market.

In 2024 the EU adopted a major revision known as eIDAS 2.0, which introduces the European Digital Identity Wallet (EUDI Wallet). The wallet will let citizens and businesses store and present verified identity attributes and credentials across member states and services, marking a significant expansion of the framework.

Who It Applies To

The original regulation applies to member states operating eID schemes and to trust service providers offering signatures, seals, timestamps, and certificates. It also affects relying parties, including online services that accept electronic identification or signatures. Under eIDAS 2.0, member states must provide an EUDI Wallet, and a wide range of large private platforms and regulated sectors will be required to accept the wallet for authentication.

Key Requirements

The regulation defines assurance levels for eID (low, substantial, high) and mandates cross-border recognition of notified schemes. It distinguishes qualified from non-qualified trust services, with qualified electronic signatures granted legal effect equivalent to handwritten signatures. Qualified trust service providers must meet strict security and audit requirements and be supervised. eIDAS 2.0 adds requirements for the EUDI Wallet, including user control, data minimization, interoperability, and obligations on relying parties to accept it.

Penalties for Non-Compliance

Member states designate supervisory bodies and set penalties for trust service providers that fail their obligations, including loss of qualified status. eIDAS 2.0 introduces requirements that penalties be effective, proportionate, and dissuasive, and supervisory authorities can suspend or withdraw qualified status and order corrective measures.

How to Comply

Trust service providers should meet the technical and audit standards for qualified services and undergo conformity assessment. Online services should support recognized eID and qualified signatures where relevant and prepare to accept the EUDI Wallet under eIDAS 2.0. Implement standards-based authentication and credential exchange, apply data minimization, and follow published technical specifications for wallet interoperability.