EU eIDAS Regulation Applicability Test

The first question is whether the facts match the scope of eIDAS: notified electronic identification schemes, European Digital Identity Wallets provided by a Member State, or trust service providers established in the Union. If none of those actors or services is present, record the exclusion and identify any adjacent law or contractual requirement that still controls the workflow.

If a trust service is present, classify the exact service before assigning obligations. eIDAS covers services such as issuing, validating, and preserving certificates for signatures, seals, and website authentication; creating, validating, and preserving electronic signatures and seals; managing remote signature or seal creation devices; electronic timestamps; electronic registered delivery; electronic archiving; electronic attestations of attributes; and electronic ledgers.

For an electronic signature, do not assume that a signing ceremony is qualified. eIDAS gives any electronic signature evidentiary admissibility protection, but a qualified electronic signature has the equivalent legal effect of a handwritten signature. The applicability record must therefore show whether the signature is electronic, advanced, or qualified, and what certificate and device facts support that conclusion.

For seals and timestamps, use the same discipline. Qualified electronic seals depend on qualified certificates and qualified seal creation devices. Qualified electronic timestamps carry a presumption about the accuracy of the date and time and the integrity of the bound data, but only where the timestamp meets the eIDAS requirements, including linkage to Coordinated Universal Time and signing, sealing, or an equivalent method by the QTSP.

A certificate label is not enough. For qualified certificates for electronic signatures, electronic seals, and website authentication, the evidence should show the issuing QTSP, Member State, certificate identity code, status-check location, purpose, and whether the certificate is qualified for the claimed use.

Use EU trusted lists for status evidence where qualified status matters. ETSI TS 119 612 describes trusted lists and the List of Trusted Lists model used to access Member State trusted lists, select CA entries under the applicable trust policy, check service status changes, and load trust anchors for validation.

A wallet integration is in scope when the product relies on the European Digital Identity Wallet for public or private digital interaction, requests person identification data or electronic attestations of attributes, or presents itself as a wallet relying party. eIDAS defines a relying party as a natural or legal person relying on electronic identification, EUDI Wallets, other electronic identification means, or a trust service.

For relying parties, the practical classification is registration and data-request control. Article 5b requires relying parties intending to rely on wallets to register in the Member State where they are established, provide authentication information, contact details, and the intended wallet use including data to be requested, identify themselves to the user, and not request data other than the registered data indication.

Cross-border recognition is a separate conclusion from technical validation. eIDAS requires recognition across Member States for qualified trust services such as qualified certificates for signatures and seals, qualified remote-device management services, qualified validation and preservation services, qualified timestamps, QWACs, qualified registered delivery, qualified attestations of attributes, qualified archiving, and qualified ledgers.

The evidence record should prove both sides of the decision: why the service is qualified, and why the qualified service is recognised in the other Member State. That usually means linking the legal classification to the trusted-list or certificate evidence, validation result, and relying workflow.