From eIDAS 1 to eIDAS 2: What Changed and Why It Matters

The eIDAS Regulation has been a cornerstone of digital trust within the European Union since 2014. But nearly a decade later, a new version (eIDAS 2) has entered into force. This shift is not just an update: It is a response to practical limitations observed in the implementation of eIDAS 1. This article explains why the change was needed, what’s new in eIDAS 2, and the role that Qualified Electronic Archiving (QeA) now can play in the digital trust landscape.

eIDAS 1.0: Establishing the Foundation of Trust

Regulation (EU) 910/2014, commonly referred to as eIDAS 1.0, laid the legal foundation for electronic identification and trust services within the EU. It introduced key services such as electronic signatures, seals, timestamps, registered delivery, and website authentication.

Its core aim was threefold:

Establish a harmonised legal framework for electronic transactions
Build trust in digital services
Ensure interoperability across member states

One key innovation was the principle of non-discrimination: an electronic document could not be denied legal effect solely due to its digital format.

eIDAS 1 also introduced levels of trust:

Basic: Non-discrimination of electronic formats
Advanced: Valid equivalence to handwritten items if specific integrity and identification requirements are met
Qualified: The highest level, involving certificates from qualified trust service providers and offering a presumption of authenticity and legal equivalence to handwritten signatures

While eIDAS 1 made significant progress, it left gaps, particularly around the preservation of signed information and the evidentiary weight of digital documents over time.

Why eIDAS 2.0 Was Needed

Despite its strengths, eIDAS 1 wasn’t enough to support a truly digital economy. Key limitations became evident:

Many important documents, such as high-value contracts, continued to be signed on paper
KYC processes remained reliant on unverifiable documents
Preservation of digital signatures over time was not addressed sufficiently
Trust in data shared digitally was limited due to a lack of guarantees around authenticity and provenance

The COVID-19 pandemic accelerated the need for reliable digital alternatives. It also exposed the inefficiencies of cross-border digital workflows that lacked mutual trust. Belgium, through national laws like the Digital Act of 2016, tried to fill in some of these gaps, especially around electronic archiving.

eIDAS 2.0: A Framework for Authentic Information

eIDAS 2.0, formalised as Regulation (EU) 2024/1183, entered into force on 20 May 2024. It introduces a new layer of trust infrastructure to support the European digital economy and the European Digital Identity Wallet (EUDIW). It defines four new qualified trust services:

Qualified Electronic Archiving (QeA)
Qualified Electronic Ledger
Qualified Electronic Attestation of Attributes (QeAA)
Remote Signature and Seal Creation Devices (QSCD)

These services aim to facilitate data integrity, verifiability, and secure exchange between individuals, companies, and governments.

The Role of Qualified Electronic Archiving (QeA)

QeA fills a gap that eIDAS 1 left open. It formalises the conditions under which electronic information—signed or unsigned—can be preserved over time in a legally reliable way. The requirements for such a service include:

Confidentiality: Through access control and retention management
Integrity: Via immutability and fixity checks
Authenticity: Through metadata, provenance tracking, and evidence management
Availability: With long-term readability and security controls

QeA brings digital archiving out of the shadows. Previously, archiving was often a backend operation. Now it becomes a critical front-line component of digital evidence management, integrated from the moment information is created. This is what the EU refers to as “archiving by design.”

QeA will likely become mandatory for any document with a legal retention obligation and for documents that must be legally opposable to third parties across borders.

Aligning with Other Regulatory Developments

The introduction of QeA ties into other EU regulations:

NIS2: On cybersecurity and operational resilience
GDPR: For data protection and storage limitation
Single Digital Gateway: Facilitating intergovernmental data exchange
DORA: Specific to digital resilience in financial services

Each of these frameworks relies on authentic, long-term accessible information. QeA provides that backbone.

Looking Forward

The changes introduced by eIDAS 2 are about more than compliance. They represent a shift in how digital trust is built and maintained across borders and systems. For organisations, the time to act is now: implement or connect to a QeA-compliant system to future-proof digital operations.

Upcoming standards will only increase the expectations:

C2PA for provenance certification
ISO 24574 for secure digital vaults and access control

With QeA, the EU has completed a crucial puzzle piece—ensuring that digital information is not just valid today, but verifiable tomorrow.

Frederik Rosseel

Hi, I’m Frederik, CEO of Docbyte. Having pioneered solutions in digital archiving and qualified trust services for years, I distill that invaluable experience into writing. My goal is to help businesses achieve robust data security and seamless regulatory compliance through crystal-clear insights

Contact Us

At Docbyte, we take your privacy seriously. We’ll only use your personal information to manage your account and provide the products and services you’ve requested from us.

Solutions

Digital Archiving

Document Processing

Long Term
Preservation

Digital
Mailroom

Application
Retirement

Secure Document Collection

Featured Case Studies