eIDAS Regulation: Complete Guide to EU E-Signatures

If your business operates in or with the European Union, the eIDAS Regulation is the legal framework governing your electronic signatures. This guide explains the three signature levels, compliance requirements, and what it means for your business.

What Is eIDAS?

eIDAS (Electronic Identification, Authentication and Trust Services) is EU Regulation 910/2014, which entered into force on July 1, 2016. It replaced the earlier Electronic Signatures Directive (1999/93/EC) and established:

• A unified legal framework for electronic signatures, seals, and timestamps
• Three levels of electronic signatures with increasing security
• Cross-border recognition of electronic identification between member states
• Rules for trust service providers (TSPs)

Unlike a directive (which requires national implementation), eIDAS is a regulation — it applies directly and uniformly across all 27 EU member states.

The Three Levels of Electronic Signatures

Level 1: Simple Electronic Signature (SES)

The most basic level with no specific technical requirements.

Examples:

• Typing your name in a signature field
• Clicking “I Accept”
• Drawing a signature with your finger
• Pasting a scanned signature image

Legal status: Admissible as evidence in court, but doesn’t automatically equal a handwritten signature. A court may require additional evidence to prove its validity.

Use cases: Low-value contracts, internal approvals, terms acceptance, newsletters, and day-to-day business agreements.

Level 2: Advanced Electronic Signature (AES)

Must meet four requirements (Article 26):

1. Uniquely linked to the signer
2. Capable of identifying the signer
3. Created using data under the signer’s sole control
4. Linked to the data signed so any subsequent change is detectable

Legal status: Stronger evidentiary value than SES. Cannot be denied legal effect solely because it’s electronic.

Use cases: B2B contracts, employment agreements, vendor contracts, and transactions requiring higher assurance.

Level 3: Qualified Electronic Signature (QES)

The gold standard. An AES that additionally:

• Is created by a Qualified Electronic Signature Creation Device (QSCD)
• Is based on a Qualified Certificate issued by a Qualified Trust Service Provider (QTSP)

Legal status: Has the same legal effect as a handwritten signature across all EU member states (Article 25.2). This is the only type with automatic cross-border recognition.

Use cases: Real estate transactions, regulated financial services, notarial acts, and high-value contracts requiring the strongest legal certainty.

Comparison: SES vs. AES vs. QES

Trust Services Under eIDAS

eIDAS also regulates several trust services beyond e-signatures:

Qualified trust services are listed on the EU Trusted List, maintained by each member state.

eIDAS 2.0 (2024 Update)

The EU is rolling out eIDAS 2.0 (Regulation 2024/1183), which introduces:

• EU Digital Identity Wallet — every EU citizen will have access to a digital identity wallet
• Remote qualified signatures — easier access to QES via mobile wallets
• Electronic attestation of attributes — digitally verifiable credentials (diplomas, licenses, etc.)
• Updated trust framework — new requirements for trust service providers

eIDAS 2.0 is expected to significantly increase QES adoption by making it more accessible.

How WPsigner Supports eIDAS Compliance

WPsigner provides the tools you need for eIDAS-compliant electronic signatures:

• SES capability — Type, draw, or click to sign
• Audit trails — Timestamps, IP addresses, and document hashes for evidentiary support
• Self-hosted — Keep data within your jurisdiction for GDPR and eIDAS compliance
• No data export — Documents never leave your server, ensuring data sovereignty
• Tamper detection — Signed documents include integrity hashes

For transactions requiring AES or QES, WPsigner can be paired with qualified trust service providers.

Get started with WPsigner →