eIDAS Compliance

Seamless compliance with the Electronic Identification, Authentication, and Trust Services (eIDAS) regulation.

What eIDAS Means for Trust Services and Supporting Products

The eIDAS Regulation (EU) No 910/2014 establishes a legal framework for electronic identification and trust services for electronic transactions within the European Union. It provides legal certainty for digital transactions by ensuring that electronic signatures, seals, timestamps, and related trust services have the same legal standing as paper‑based processes.

eIDAS plays a central role in supporting the European Union’s Digital Single Market, enabling secure, interoperable, and legally recognized electronic transactions across borders. The regulation applies directly in all EU Member States and creates a unified internal market for electronic trust services.

Scope and Legal Effects of the eIDAS Regulation

The eIDAS Regulation defines a new class of electronic trust services (eTS) and establishes rules governing their legal validity and recognition across the EU.

Under eIDAS:

  • Electronic signatures and electronic seals are legally recognized across all Member States

  • Qualified electronic signatures based on qualified certificates issued in one Member State must be recognized in all others

  • Electronic seals provide assurance of the origin and integrity of documents issued by legal persons

Certificates for electronic signatures may only be issued to natural persons, while electronic seals are used by legal persons.

The regulation also establishes the legal and technical framework for remote qualified electronic signatures, enabling secure signing solutions beyond user‑managed devices.

Conformity Assessment Requirements Under eIDAS

To ensure compliance with eIDAS, qualified trust service providers (QTSPs) and the trust services they provide must undergo conformity assessment.

Conformity assessment must be performed by an accredited conformity assessment body, and the resulting assessment reports must be submitted to the relevant national supervisory body. This process ensures consistent application of eIDAS requirements across all EU Member States.

The eIDAS Regulation introduced conformity assessment terminology to support harmonized evaluation of qualified trust service providers and their services throughout the EU.

Qualified Signature and Seal Creation Devices (QSCDs)

Commission Implementing Decision 2016/650 defines standards for the security assessment of qualified signature and seal creation devices (QSCDs) in accordance with Articles 30(3) and 39(2) of the eIDAS Regulation.

The decision specifies mandatory standards for QSCD certification where signature creation data is held in a user‑managed environment, such as smart cards or USB tokens.

For remote qualified electronic signatures, where protection profiles and harmonized standards were not yet defined, the decision establishes a framework for alternative certification approaches applicable to server‑side and HSM‑based signing solutions. This was the original case, now PPs are available, but the alternative procedure still exist.

How QIMA Supports eIDAS Conformity Assessment

QIMA supports platforms and service providers in fulfilling eIDAS conformity assessment requirements.

QIMA has experience in:

  • Conformity assessment and consultation for qualified trust service providers (QTSPs) within the European Union

  • Common Criteria evaluation of qualified signature and seal creation devices (QSCDs), both client‑side and server‑side, in line with Commission Implementing Decision 2016/650

  • Common Criteria evaluation of software environments supporting remote qualified electronic signatures, in accordance with eIDAS Article 30(3)(b)

QIMA supports both on‑premise and remote trust service architectures and works with conformity assessment bodies as part of the evaluation and certification process.

Evolution of Standards and Trust Services Under eIDAS

Since the introduction of eIDAS, new standards and regulatory instruments have been developed in the area of electronic signatures and trust services.

eIDAS continues to provide the legal and technical foundation for trust services in the EU, supporting secure digital transactions, interoperability, and cross‑border recognition.

Talk to Our Cybersecurity Experts

If your products or services support electronic identification, authentication, or trust services and are subject to eIDAS requirements, QIMA can support conformity assessment and evaluation activities in line with the Regulation.

Contact us to discuss your requirements

Resources

In addition to core services, QIMA provides resources to help organizations understand cybersecurity requirements, build internal capability, and stay informed as regulations and threats evolve. These include:

  • Events including conference participation, where QIMA cybersecurity experts share insights through live sessions and on‑demand content

  • Training and workshops for development, security, and compliance teams

  • Downloads such as guides, infographics, and checklists supporting compliance and security improvement

  • Blogs providing updates on cybersecurity risks, regulatory developments, and best practices

  • Newsletters delivering insights and updates directly to subscribers

  • Frequently Asked Questions (FAQs) addressing common cybersecurity, evaluation, and certification topics