eIDAS 2.0: what changes for electronic signatures in the EU

eIDAS 2.0 — formally Regulation (EU) 2024/1183 — was published in May 2024 and amends the original eIDAS regulation from 2014. Member states have until November 2026 to implement most provisions. If you're working with EU counterparties, operating in regulated sectors, or dealing with cross-border identity verification, here's what's actually changing.

What the original eIDAS established

The 2014 regulation created a three-tier electronic signature system: Simple Electronic Signatures (SES), Advanced Electronic Signatures (AES), and Qualified Electronic Signatures (QES). It established a framework of trusted service providers across EU member states. For most commercial contracts, SES remained sufficient and continues to be under eIDAS 2.0.

The EU Digital Identity Wallet (EUDI Wallet)

The most significant new addition is the EU Digital Identity Wallet — a mobile app that EU citizens and businesses can use to prove their identity online and sign documents at the QES level. Member states are required to make a EUDI Wallet available to all citizens by November 2026.

• The Wallet is a phone app managed by each member state
• Citizens can use it to authenticate online and produce QES-level signatures
• Cross-border recognition is mandatory: a French Wallet identity is accepted in Germany
• It replaces fragmented national eID schemes with a single cross-border standard
• QES via the Wallet has the legal standing of a handwritten signature across all EU member states

What doesn't change for most businesses

If your business signs standard commercial contracts — service agreements, NDAs, employment contracts, purchase orders — nothing material changes under eIDAS 2.0. SES remains valid, the requirements are the same, and your current e-sign tool's certificates are still recognised. The EUDI Wallet is primarily relevant for regulated sectors (financial services, healthcare, government procurement) and transactions that currently require QES.

Changes to trust service providers

eIDAS 2.0 introduces stricter requirements for qualified trust service providers (QTSPs) — the organisations that issue electronic certificates for AES and QES. New reporting obligations, incident notification standards, and identity verification requirements apply. This largely affects the infrastructure providers rather than end users of standard e-sign tools.

What eIDAS 2.0 means for UK businesses

The UK left the EU and operates under its own domestic framework — the Electronic Communications Act 2000 and subsequent statutory instruments. UK businesses signing contracts with EU counterparties should check whether a QES is required for specific document types under the governing law. For most commercial contracts, UK SES-level signatures are accepted by EU counterparties under existing practice, and vice versa.

The credibility signal

For businesses with EU clients or operating in regulated EU sectors, being conversant with eIDAS 2.0 is a credibility signal. Clients in financial services, healthcare, or public procurement increasingly ask whether signing workflows are eIDAS-compliant. Understanding the three tiers — and knowing that SES is sufficient for most use cases — means you can answer that question clearly.