English 
French 
eIDAS 2 is more than a legal update. It changes how digital trust is built across Europe by extending the trust-services framework and creating a clearer role for Qualified Electronic Archiving. This article explains what changed, why the shift matters, and what organisations should do now if they want their digital records to remain trustworthy over time.
Last reviewed: April 2026. This article has been updated to keep the explanation of eIDAS 2 and Qualified Electronic Archiving aligned with the current implementation context.
eIDAS 1.0: Establishing the Foundation of Trust
Regulation (EU) 910/2014, commonly referred to as eIDAS 1.0, laid the legal foundation for electronic identification and trust services within the EU. It introduced key services such as electronic signatures, seals, timestamps, registered delivery, and website authentication.
Its core aim was threefold:
- Establish a harmonised legal framework for electronic transactions
- Build trust in digital services
- Ensure interoperability across member states
One key innovation was the principle of non-discrimination: an electronic document could not be denied legal effect solely due to its digital format.
eIDAS 1 also introduced levels of trust:
- Basic: Non-discrimination of electronic formats
- Advanced: Valid equivalence to handwritten items if specific integrity and identification requirements are met
- Qualified: The highest level, involving certificates from qualified trust service providers and offering a presumption of authenticity and legal equivalence to handwritten signatures
While eIDAS 1 made significant progress, it left gaps, particularly around the preservation of signed information and the evidentiary weight of digital documents over time.
Why eIDAS 2.0 Was Needed
Despite its strengths, eIDAS 1 wasn’t enough to support a truly digital economy. Key limitations became evident:
- Many important documents, such as high-value contracts, continued to be signed on paper
- KYC processes remained reliant on unverifiable documents
- Preservation of digital signatures over time was not addressed sufficiently
- Trust in data shared digitally was limited due to a lack of guarantees around authenticity and provenance
The COVID-19 pandemic accelerated the need for reliable digital alternatives. It also exposed the inefficiencies of cross-border digital workflows that lacked mutual trust. Belgium, through national laws like the Digital Act of 2016, tried to fill in some of these gaps, especially around electronic archiving.
eIDAS 2.0: A Framework for Authentic Information
eIDAS 2.0, formalised as Regulation (EU) 2024/1183, entered into force on 20 May 2024. It introduces a new layer of trust infrastructure to support the European digital economy and the European Digital Identity Wallet (EUDIW). It defines four new qualified trust services:
- Qualified Electronic Archiving (QeA)
- Qualified Electronic Ledger
- Qualified Electronic Attestation of Attributes (QeAA)
- Remote Signature and Seal Creation Devices (QSCD)
These services aim to facilitate data integrity, verifiability, and secure exchange between individuals, companies, and governments.
The Role of Qualified Electronic Archiving (QeA)
QeA fills a gap that eIDAS 1 left open. It formalises the conditions under which electronic information—signed or unsigned—can be preserved over time in a legally reliable way. The requirements for such a service include:
- Confidentiality: Through access control and retention management
- Integrity: Via immutability and fixity checks
- Authenticity: Through metadata, provenance tracking, and evidence management
- Availability: With long-term readability and security controls
QeA brings digital archiving out of the shadows. Previously, archiving was often a backend operation. Now it becomes a critical front-line component of digital evidence management, integrated from the moment information is created. This is what the EU refers to as “archiving by design.”
QeA is especially relevant for records with long retention periods, cross-border evidential value, or a need for stronger integrity and origin guarantees over time.
Aligning with Other Regulatory Developments
The introduction of QeA ties into other EU regulations:
- NIS2: On cybersecurity and operational resilience
- GDPR: For data protection and storage limitation
- Single Digital Gateway: Facilitating intergovernmental data exchange
- DORA: Specific to digital resilience in financial services
Each of these frameworks relies on authentic, long-term accessible information. QeA provides that backbone.
What should organisations do next?
The practical next step is not to wait for the market to settle by itself. Organisations with long retention, regulated or cross-border records should now assess whether their current archive, preservation and evidence model is fit for the eIDAS 2 era.
For organisations, this makes long-term archiving and digital preservation part of the trust strategy rather than a separate storage decision. The same principle also applies at product level, where Docbyte Vault can help preserve evidence, integrity and access over time.
Upcoming standards will only increase the expectations:
- C2PA for provenance certification
- ISO 24574 for secure digital vaults and access control
With QeA, the EU has completed a crucial puzzle piece—ensuring that digital information is not just valid today, but verifiable tomorrow.
