The EU’s updated eIDAS regulation introduces digital identity wallets that will reshape how electronic signatures are created and verified across Europe. Here’s what businesses need to know about the three signature tiers and key rollout deadlines.
Electronic signatures have become a routine part of doing business across Europe. Contracts, HR documents, and supplier agreements are now frequently signed digitally, rather than on paper.
But not all electronic signatures carry the same legal weight. Some are simple confirmations tied to an email address, while others involve verified identity checks, making them legally equivalent to handwritten signatures.
For more than a decade, these distinctions between electronic signatures and the legal weight they carry have been governed by the European Union’s Electronic Identification, Authentication and Trust Services (eIDAS) Regulation. The original regulation created a common legal framework for electronic identification and trust services across EU Member States.
eIDAS 2.0, formally Regulation (EU) 2024/1183, updates the original regulation and introduces a new system built around digital identity wallets. If your business relies on eSignature platforms, or will in the future, the change matters because it will gradually reshape how the most trusted forms of electronic signatures are created and verified across Europe.
What is eIDAS 2.0?
eIDAS 2.0 is the European Union’s updated framework for digital identity, electronic signatures and trust services.
The most significant change introduced by eIDAS 2.0 is the addition of the European Digital Identity Wallet (EUDI Wallet). Under the regulation:
- Each EU Member State must provide at least one digital wallet that citizens can use on a mobile device.
- Identity is verified once when the wallet is issued, rather than repeatedly with each service provider.
- Verified credentials can be reused across services and borders, allowing individuals to confirm identity or share official information when needed.
For businesses, the wallet model creates a new operational foundation for digital interactions. Instead of relying on provider-specific identity checks, organizations will increasingly interact with portable, verified digital identities that can be presented across platforms.
Why the original eIDAS regulation is being updated
The original eIDAS regulation, adopted in 2014, established clear legal standards for electronic identification and trust services across the EU, but real-world adoption was uneven. Limitations remained in cross-border use, and obtaining the highest level of electronic signature typically required multiple identity checks, certificate purchases, and, in some cases, dedicated hardware.
eIDAS 2.0 was introduced to address these barriers. The updated framework is designed to make verified identity easier to reuse across services and borders.
The three tiers of electronic signatures under eIDAS
One of the primary elements of the eIDAS framework is that it defines three levels of electronic signature, and which level of identity verification and legal assurance applies to each.
Importantly, eIDAS 2.0 does not change these categories. But it does change how the highest level of signature can be obtained.
Simple Electronic Signature (SES)
A Simple Electronic Signature is the most basic form of electronic signing and includes actions such as typing a name at the end of a document, clicking an “I agree” button, or inserting an image of a signature into a file. SES signatures are widely used in low-risk business workflows where convenience is a top priority.
Advanced Electronic Signature (AES)
An Advanced Electronic Signature provides more assurance than an SES that the signature is connected to a specific person. These signatures are commonly used in business contracts and agreements that warrant stronger identity assurance.
An AES must:
- Be uniquely linked to the signer
- Be capable of identifying the signer
- Be created using data that the signer controls
- Detect if the signed document has been changed after signing
Qualified Electronic Signature (QES)
A Qualified Electronic Signature is the highest standard defined under eIDAS and carries the same legal weight as a handwritten signature across the EU.
To qualify, the signature must:
- Be created using a qualified certificate issued by a Qualified Trust Service Provider (QTSP)
- Be created using a Qualified Electronic Signature Creation Device (QSCD), a certified environment that securely generates and protects the signing key. Under eIDAS 2.0, the EUDI Wallet is recognised as part of a local or remote QSCD managed by a QTSP, making it an active component of the signing process itself.
Under eIDAS 2.0, digital identity wallets are expected to streamline this process. Verified identity credentials stored in a wallet can be reused for high-assurance signatures, reducing the need for repeated verification.
How eIDAS 2.0 changes digital identity
The EUDI Wallet is one of several high-assurance pathways for identity proofing under eIDAS 2.0, alongside physical presence and existing national eID schemes.
Rather than repeatedly verifying identity across different services, individuals will be able to store verified credentials in their EUDI Wallet. Identity is confirmed when the wallet is issued, and then those credentials can be reused across services and EU Member States.
Each Member State will provide or approve its own wallets, but all wallets will meet the standards, protocols, and information exchange formats established under the current regulation.
The goal of eIDAS 2.0 is to make digital verification easier, more consistent, and more secure across borders.
The eIDAS 2.0 rollout: Where things stand now
By December 2026, every EU Member State must provide citizens with access to at least one digital identity wallet that meets the eIDAS 2.0 framework.
Large-scale pilot programs are testing how digital identity wallets can work in real-world scenarios, such as verifying academic credentials, opening bank accounts, or accessing public services across borders.
Another key deadline for businesses follows shortly after the initial rollout. By December 2027, certain regulated private-sector organizations, such as banks, telecommunications providers, and large online platforms, will be required to accept EUDI wallets.
The transition is well underway. Businesses that rely on digital identity verification and electronic signatures should consider this a preparation window.
What eIDAS 2.0 means for businesses using eSignature platforms
For many organizations, electronic signature workflows are already well established. Contracts, onboarding documents, internal approvals, and financial documents are often signed using platforms built around the original eIDAS framework. Most of these systems follow a process where a document is sent for signature, the signer’s identity is confirmed through the platform’s workflow, and the completed document is stored as a signed PDF.
That model continues to work under eIDAS. However, many existing platforms were designed around the certificate-based identity model. When a Qualified Electronic Signature is required, identity verification and certificates are typically handled through Qualified Trust Service Provider integrations.
As digital identity wallets become more widely adopted, the underlying model must adapt.
Instead of verifying identity separately within each signing workflow, organizations will interact with portable, verified digital identities that individuals can present directly from their wallets. This allows identity information to move across services and providers rather than being recreated each time a document is signed.
Platforms designed with this identity-first approach are likely to adapt more easily to the evolving regulatory landscape. For example, Lumin Sign’s Verified Digital Signing (VDS) is built around verifiable credential standards that align with the broader direction of the eIDAS 2.0 framework.
For organizations evaluating digital signing tools, the key question is whether a platform’s architecture can support a future where verified digital identity is reusable across transactions and services.
