The eIDAS regulation (EU 910/2014) establishes the legal framework for electronic identification, authentication and trust services across the European Union. Since its introduction, it has shaped how citizens, businesses and public authorities interact digitally across borders. With the upcoming eIDAS 2.0 revision introducing the European Digital Identity Wallet, this regulation is set to become even more significant.
Two pillars of eIDAS
The eIDAS regulation rests on two pillars. The first pillar covers electronic identification (eID). It establishes a framework for the mutual recognition of national electronic identification schemes across EU member states. When a citizen can identify themselves electronically in one member state, that identification should be recognized and accepted in other member states for accessing public services.
The second pillar covers trust services. These are commercial services that provide assurance about the identity of parties in electronic transactions. Trust services include electronic signatures, electronic seals, time stamps, electronic delivery services, and website authentication certificates. The regulation defines different assurance levels for these services and establishes a supervisory framework to ensure their reliability.
Three levels of electronic signatures
eIDAS defines three levels of electronic signatures, each with different legal standing. A simple electronic signature is any data in electronic form that is attached to or logically associated with other electronic data. This includes typed names in emails or clicking an "I agree" button.
An advanced electronic signature provides stronger assurance. It must be uniquely linked to the signatory, capable of identifying the signatory, created using data under the signatory's sole control, and linked to the signed data so that any subsequent change is detectable.
A qualified electronic signature meets the highest requirements. It is created using a qualified electronic signature creation device and is based on a qualified certificate issued by a trust service provider supervised under eIDAS. Qualified electronic signatures have the same legal effect as handwritten signatures throughout the EU.
eIDAS 2.0 and the European Digital Identity Wallet
The eIDAS 2.0 revision introduces the European Digital Identity Wallet (EDIW). Every EU member state will be required to offer at least one digital identity wallet to its citizens and residents. These wallets will allow individuals to store and present identity credentials, driving licenses, diplomas and other verified attributes in a standardized, privacy-respecting manner.
For organizations, the EDIW creates both obligations and opportunities. Public sector organizations will be required to accept the wallet for identification and authentication. Private sector organizations in regulated industries (banking, telecommunications, healthcare) will also need to integrate wallet-based authentication. This requires technical preparation, including adaptation of identity verification processes and integration with wallet infrastructure.
Implications for Dutch organizations
In the Netherlands, DigiD serves as the primary electronic identification mechanism for government services. Under eIDAS, DigiD is notified at the "substantial" assurance level, meaning it must be recognized across the EU. The transition to eIDAS 2.0 and the EDIW will affect how DigiD evolves and how organizations currently relying on DigiD need to adapt.
Organizations providing services that require identity verification should begin assessing the impact of eIDAS 2.0 on their processes. This includes evaluating current authentication mechanisms, understanding the technical requirements for wallet integration, and planning for the transition period.
Secure Audit helps organizations navigate the compliance implications of eIDAS and prepare for the changes that eIDAS 2.0 will bring. Contact us to discuss how electronic identification requirements affect your organization.
About the author
Partner | IT Auditor