The EU enacted eIDAS 2.0 in 2024 — a significant update to the original 2016 regulation that introduced the European Digital Identity Wallet and expanded the scope considerably. Here's what changed, what stayed the same, and what businesses need to know.
What eIDAS 1.0 Established (And Still Applies)
Three tiers of electronic signature:
Simple Electronic Signature (SES) — any data in electronic form used to sign. A typed name or click on "I agree" qualifies. No specific legal requirements; evidential value depends on context.
Advanced Electronic Signature (AES) — uniquely linked to the signatory, capable of identifying them, created using data under their sole control, linked to signed data in a way that detects subsequent changes. Most commercial e-signature platforms produce AES-level signatures.
Qualified Electronic Signature (QES) — an AES created using a Qualified Signature Creation Device, based on a Qualified Certificate from a Trust Service Provider on the EU Trusted List. The only signature type explicitly equivalent to wet ink across all EU member states.
Cross-border recognition — a QES issued under one EU member state's framework is legally recognised in all others. A foundational achievement of eIDAS.
What eIDAS 2.0 Changes
1. The European Digital Identity (EUDI) Wallet The headline change. EU member states must make a EUDI Wallet available to all citizens and residents by 2026. The wallet stores digital identity documents, allows identity proof without oversharing, and enables QES directly from a smartphone without a separate certificate or smart card.
For e-signatures, once widely deployed, EU citizens will be able to sign documents with a QES using their phone — dramatically lowering the barrier to the highest level of signature.
2. Expanded trust services Electronic archiving services, electronic ledgers (including blockchain records), and electronic attestation of attributes are now regulated trust services.
3. Stronger QTSP requirements Enhanced cybersecurity, stricter audits, and new liability provisions for Qualified Trust Service Providers.
4. Sector mandates By 2026, banks, telecoms, and public services must accept EUDI Wallet identity attestations. Businesses in regulated sectors may need to update onboarding processes.
What the UK Retained Post-Brexit
The UK retained eIDAS 1.0 into domestic law. It does not incorporate eIDAS 2.0 changes including the EUDI Wallet. For cross-border UK-EU transactions requiring QES, you may need signatures from TSPs on both the EU Trusted List and the UK Trust List. For most commercial transactions where AES is sufficient, the practical impact is limited.
Cross-Border Recognition
| Signature Type | Within EU | EU to UK | UK to EU |
|---|---|---|---|
| SES | Admissible | Admissible | Admissible |
| AES | Admissible | Admissible | Admissible |
| QES | Equivalent to wet ink | Depends on UK recognition | Depends on EU recognition |
The Bottom Line
The e-signature framework you know is fundamentally unchanged. AES remains valid for commercial transactions. QES remains the gold standard where wet-ink equivalence is required. The EUDI Wallet will matter most for consumer-facing businesses in regulated sectors. For B2B professional services, the immediate practical impact is limited. Watch the EUDI Wallet timeline in your member states — when it arrives, it will make QES genuinely accessible to everyone.