Compliance CalendarEU

eIDAS 2 deadlines and compliance calendar

Track grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, pilots, Architecture and Reference Framework updates, annual supervision reports, and QTSP transitions.

Use the calendar to separate hard legal dates from programme milestones, assign owners, and keep evidence for wallet providers, relying parties, issuers, qualified trust service providers, legal, product, security, and compliance teams.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 26, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
9

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 26, 2026
Overview

This page is a practical eIDAS calendar, not a generic workflow. It lists only milestones grounded in official EU, Commission, EUR-Lex, ENISA, or ETSI material in the source set, and flags dependent dates where the legal trigger is an implementing act rather than a standalone calendar day. Timings in this page are source-linked; verify current legal source language before implementation decisions.

Section 1

Milestones to put on an eIDAS compliance calendar

Use one calendar row per legal or programme milestone, with the source, affected owner, evidence to keep, and dependency status. The most important distinction is whether the date is a fixed date in the Regulation, an annual reporting date, a transitional date for trust services, or a programme milestone from the EUDI Wallet implementation track.

Do not treat every EUDI Wallet news update as a compliance deadline. Treat Commission wallet implementing regulations, Article 5a wallet availability dependencies, Article 45 attribute deadlines, annual supervisory reports, and transitional QTSP measures as calendar items. Treat pilots, ARF publications, and reference implementation updates as evidence and readiness signals.

  • 3 June 2021: the Commission Recommendation started the toolbox workstream for the technical Architecture and Reference Framework, common standards, technical specifications, guidelines, and best practice.
  • 22 February 2022: the eIDAS expert group adopted and published the ARF outline for stakeholder feedback; the source states the outline was non-mandatory.
  • 10 February 2023: the Commission published ARF v1.0.0 as specifications for developing interoperable EUDI Wallet solutions.
  • April 2023 to 2025: four large-scale pilots tested EUDI Wallet technical specifications and use cases before Member State rollout.
  • 20 May 2024: the European Digital Identity Framework entered into force, amending eIDAS and adding the EUDI Wallet framework.
  • 21 November 2024: the Regulation set implementing-act deadlines for qualified electronic attestations of attributes, attribute catalogues, public-sector attestation interfaces, and wallet implementation dependencies.
  • 4 December 2024: the Commission page records publication of five EUDI Wallet implementing regulations covering core functionality, protocols and interfaces, person identification data and attestations, certification, and ecosystem notifications.
  • By 31 March each year: wallet supervisory bodies and Member States have annual reporting obligations for previous-calendar-year activity or statistics.
  • 21 May 2025: multiple implementing-act and guidance deadlines apply to trust-service standards, wallet supervision report formats, cooperation procedures, and mutual-assistance guidance.
  • 21 May 2026: the Commission review report is due, some transitional trust-service measures end, and pre-20 May 2024 QTSPs must submit conformity evidence for amended Article 24 requirements.
  • End of 2026 / 24 months from the relevant implementing acts: public Commission material summarises Member State wallet availability as by the end of 2026, while Article 5a frames the legal trigger as 24 months from specified implementing acts.
  • 21 May 2027: secure signature creation devices assessed under Directive 1999/93/EC continue to be considered qualified electronic signature creation devices only until this date.
Sources for this answer
Regulation (EU) 2024/1183 establishing the European Digital Identity Framework
Supports the eIDAS 2 legal trigger, wallet availability dependency, implementing-act dates, annual reporting dates, review date, and transitional trust-service dates.
European Commission - EUDI Wallet implementing regulations
Supports the 4 December 2024 publication milestone and the five implementing-regulation topic areas for the EUDI Wallet.
European Commission - EUDI Wallet pilot implementation
Supports the April 2023 large-scale pilot launch, pilot continuation through 2025, and the role of the reference implementation and ARF in wallet readiness.
Section 2

What each calendar owner should evidence

The calendar is useful only if each row tells an owner what changed and what proof to keep. For eIDAS 2, the same date can affect different teams in different ways: a wallet provider tracks certification and core functions, an issuer tracks person identification data and attestations, a relying party tracks registration and data-request controls, and a QTSP tracks Article 24, remote QSCD, certificate, preservation, timestamp, and website-authentication standards.

For dependent dates, record both the legal formula and the operational date used internally. For example, wallet availability should preserve the Article 5a dependency on implementing acts, while programme planning may also reference the Commission's public summary that Member States are to provide wallets by the end of 2026.

  • Wallet provider: keep the Article 5a requirement mapping, certification status, core functionality evidence, notification record, breach and incident escalation procedure, validation mechanism, and accessibility evidence.
  • Issuer or authentic-source owner: keep the person identification data and attribute model, the electronic attestation interface evidence, source authority proof, revocation process, and wallet issuance test records.
  • Relying party: keep registration status, lawful data-request purpose, authentication mechanism, selective-disclosure requirements, wallet validation checks, and records for erasure or suspicious-request handling.
  • Qualified trust service provider: keep amended Article 24 conformity evidence, supervisory-body notices for service changes or cessation, security-breach notification procedures, termination plan, certificate or service standard mapping, and annual reporting support.
  • Supervisory or public-sector owner: keep the annual 31 March report pack, cooperation and mutual-assistance records, notified body or public-sector-body evidence, and machine-readable publication evidence where required.
  • Programme owner: keep ARF version evidence, technical-specification decisions, pilot feedback, reference implementation dependencies, test coverage, and a clear line between non-mandatory toolbox material and binding implementing or delegated acts.
Sources for this answer
Regulation (EU) No 910/2014 consolidated with eIDAS 2 amendments
Supports the amended eIDAS obligations for wallet providers, relying parties, trust services, supervision, annual reporting, and transitional QTSP compliance evidence.
European Commission - EUDI Regulation overview
Supports the policy summary that Member States must provide EUDI Wallets by the end of 2026 and that wallets extend the eIDAS framework to public and private services.
European Commission - EUDI Wallet home
Supports practical ecosystem roles, wallet use cases, implementing-act navigation, and Commission wallet readiness material for issuers and service providers.
Section 3

Fixed dates and dependent triggers to track separately

Keep two columns in the calendar: one for fixed dates and one for dependent triggers. Fixed dates include dates such as 31 March annual reports, 21 May 2025 implementing-act or guidance deadlines, 21 May 2026 review and transition dates, and 21 May 2027 device-transition expiry. Dependent triggers include wallet availability and authentic-source verification measures that run from the entry into force of specified implementing acts.

This separation prevents a calendar from converting a legal dependency into an unsupported date. Where a source gives a programme shorthand such as end of 2026, keep that shorthand as a planning milestone and preserve the legal dependency beside it.

  • Fixed legal date: 21 November 2024 for specified EUDI Wallet and electronic attestation implementing acts in Articles 5a, 5c, 45d, 45e, and 45f.
  • Fixed publication milestone: 4 December 2024 for the Commission library page announcing five adopted EUDI Wallet implementing regulations.
  • Recurring fixed date: 31 March each year for wallet supervisory-body annual reports and Member State trust-service statistics reports.
  • Fixed legal date: 21 May 2025 for Commission formats and procedures for wallet supervisory reports, procedural cooperation, and multiple trust-service standard lists or guidance items.
  • Fixed legal date: 21 May 2026 for the Commission eIDAS review report and for several transitional measures affecting qualified certificates, remote qualified signature or seal creation device management, and QTSP conformity evidence.
  • Dependent legal trigger: Article 5a requires at least one European Digital Identity Wallet within 24 months of the entry into force of the relevant implementing acts.
  • Dependent legal trigger: Article 45e requires measures for electronic verification of public-sector authentic-source attributes within 24 months of the relevant implementing acts.
  • Fixed transition end: 21 May 2027 for secure signature creation devices previously assessed under Directive 1999/93/EC.
Sources for this answer
Regulation (EU) 2024/1183 establishing the European Digital Identity Framework
Supports the fixed dates and dependent legal triggers that should be separated in an eIDAS calendar.
European Commission - EUDI Wallet implementing regulations
Supports the 4 December 2024 publication date and implementing-regulation categories used as programme evidence.
Section 4

Source-check rules for maintaining this calendar

Before adding a new eIDAS calendar row, classify the source. EUR-Lex legal text supports binding dates and obligations. Commission wallet pages support programme milestones, ARF releases, pilots, technical specification navigation, and policy summaries. ENISA and ETSI material can support security, supervision, and standards context, but should not be used to invent statutory deadlines.

Do not add penalties, thresholds, fines, or national supervision dates unless the grounding source directly states them. For this page, the grounded calendar focuses on EU-level eIDAS and eIDAS 2 dates; Member State wallet launch dates, national supervisory enforcement deadlines, and sector-specific acceptance dates need separate source support before publication.

  • Use EUR-Lex for binding eIDAS and eIDAS 2 articles, review dates, reporting dates, transitional measures, and implementing-act deadlines.
  • Use Commission EUDI Wallet pages for ARF publication dates, large-scale pilot milestones, reference implementation status, and the public end-2026 wallet readiness summary.
  • Use ENISA only for security and supervision context unless a specific ENISA source gives a calendar date relevant to the page.
  • Use ETSI standards for trust-service control and standards context, not as a substitute for legal application dates.
  • Store the source title, URL, source type, date claim, owner, dependency, affected role, and evidence artifact in every internal calendar row.
Sources for this answer
European Commission - EUDI Wallet Architecture and Reference Framework
Supports the 10 February 2023 ARF v1.0.0 publication milestone and the role of ARF material as technical implementation evidence.
European Commission - EUDI Wallet ARF outline
Supports the 3 June 2021 toolbox recommendation, 22 February 2022 ARF outline milestone, and the distinction between non-mandatory outline material and binding legal acts.
ENISA - Guidelines on supervision of qualified trust service providers
Supports using ENISA material as supervision context for QTSP oversight rather than as a source of new statutory calendar dates.
Recommended next step

Build an evidence-backed eIDAS calendar for wallets, QTSPs, issuers, and relying parties

Use the cited sources listed here to verify obligations and the supporting evidence requirements.

Research workflow
Open Research Copilot for eIDAS

Verify the following areas from the cited sources: eIDAS 2 dates, wallet implementation dependencies, QTSP transitions, and the cited Commission or EUR-Lex sources.

Explore next step
Talk to Sorena
Review your eIDAS calendar

Check whether your wallet, issuer, relying-party, or trust-service calendar separates legal deadlines from programme milestones and has evidence for each row.

Explore next step
Primary sources

References and citations

European Commission - EUDI Regulation overview
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the policy summary that Member States must provide EUDI Wallets by the end of 2026 and that wallets extend the eIDAS framework to public and private services.
"by the end of 2026"
European Commission - EUDI Wallet ARF outline
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the 3 June 2021 toolbox recommendation, 22 February 2022 ARF outline milestone, and the distinction between non-mandatory outline material and binding legal acts.
"non-mandatory"
European Commission - EUDI Wallet home
ec.europa.eu
Referenced sections
  • Supports practical ecosystem roles, wallet use cases, implementing-act navigation, and Commission wallet readiness material for issuers and service providers.
"same common specifications"
European Commission - EUDI Wallet pilot implementation
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the April 2023 large-scale pilot launch, pilot continuation through 2025, and the role of the reference implementation and ARF in wallet readiness.
"four large-scale pilot projects"
Related guides

Explore more topics

eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes
Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks
Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties
Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties
Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
eIDAS electronic signatures: SES, AES, QES legal effect and evidence
A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
eIDAS penalties and fines for trust service providers
Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
eIDAS QES validation checks for relying parties
How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
eIDAS Qualified Trust Services: QTSP Selection
How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
eIDAS remote signature and cloud HSM controls for QTSPs
Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
eIDAS signature legal effect selector: SES, AES, AES-QC, or QES
Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer
Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
eIDAS trusted list validation: LOTL, QTSP status, and evidence
How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws
Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements
Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations
Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations
Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation
Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates
A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks
What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
EU eIDAS checklist for signatures, trust services, and wallets
Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation
FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
EU eIDAS QTSP authorization and supervision guide
How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence
Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence
Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence
How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
EUDI Wallet readiness for service providers under eIDAS
Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
EUDI Wallet Relying Parties under eIDAS
What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
EUDI Wallet Relying Party Onboarding Workflow under eIDAS
A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
EUDI Wallet Relying Party Registration Under eIDAS
What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
EUDI Wallet Technical Architecture Guide under eIDAS
Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence
Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
QWACs under eIDAS: website authentication certificates
A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs
A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
What is a qualified trust service provider under eIDAS?
How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
What is a QWAC under the EU eIDAS Regulation?
Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.