Artifact GuideEU

eIDAS electronic signatures legal effect, validation, and evidence

Use this page to distinguish simple, advanced, and qualified electronic signatures under eIDAS and to decide what proof a relying party should keep.

The focus is legal effect under Articles 25 to 28, qualified status in trusted lists, qualified-trust-service-provider checks, validation outputs, cross-border public-service recognition, and evidence that can be reviewed later.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

eIDAS does not make every electronic signature legally equivalent to a handwritten signature. It protects electronic signatures from being rejected only because they are electronic, defines advanced electronic signature requirements, and gives qualified electronic signatures the equivalent legal effect of handwritten signatures. For relying parties, the practical question is therefore not only whether a document was signed electronically, but which signature level was used and what validation evidence proves it.

Section 2

Qualified certificate and QTSP checks

The qualified part of QES depends on more than a certificate file being present. The certificate must be a qualified certificate for electronic signature, issued by a qualified trust service provider, and valid at the time of signing.

eIDAS Annex I lists the information a qualified certificate must contain, including an indication suitable for automated processing that it was issued as a qualified certificate for electronic signature, data identifying the qualified trust service provider and its Member State, the signatory name or clearly marked pseudonym, certificate validity dates, a unique certificate identity code, status-service information, and an indication when the related creation data is located in a qualified electronic signature creation device.

Qualified status is operationally checked through Member State trusted lists. eIDAS requires Member States to establish, maintain, and publish trusted lists with qualified trust service providers and qualified trust services, and ETSI explains that users benefit from the legal effect associated with a qualified trust service only when the service is listed as qualified.

  • Capture the certificate chain and the qualified-certificate indication used by the validator.
  • Record the QTSP name, Member State, service type, service status, status history, and trusted-list retrieval time.
  • Keep revocation and suspension evidence, because a revoked qualified certificate loses validity from the moment of revocation.
  • Treat a supplier attestation as supporting evidence only; the relying-party record should still include machine-readable trusted-list and validation outputs.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports qualified-certificate requirements, trusted-list publication duties, and certificate revocation effects.
ETSI TS 119 612 trusted lists
Supports the use of Member State trusted lists and service status history in signature validation.
ETSI trust service provider overview
Explains that trusted lists identify qualified trust service providers and services and that qualified status depends on the service being listed.
Section 3

Validation evidence a relying party should keep

For QES, eIDAS Article 32 describes what validation must confirm: the supporting certificate was qualified and valid at signing, the QTSP issued it, validation data corresponds to the relying-party data, the signatory data is correctly provided, any pseudonym is clear, the signature was created by a qualified electronic signature creation device, signed-data integrity is intact, and Article 26 advanced-signature requirements were met at signing.

For advanced electronic signatures based on qualified certificates, Article 32a follows a similar validation pattern but does not include the QSCD condition used for QES. That distinction matters when a workflow accepts AdES/QC but does not require full QES handwritten-signature equivalence.

A useful evidence pack should preserve the signed document or hash, signature format, validation policy, validation time, result, certificate chain, OCSP or CRL status data, trusted-list version or retrieval evidence, signatory identifier shown to the relying party, pseudonym indication if used, and any long-term validation or preservation material.

  • Store the validator output as a reviewable report, not only a pass/fail flag in an application log.
  • Record whether the result is SES, AES, advanced based on a qualified certificate, or QES.
  • Preserve the time basis used for validation, especially when revocation status is assessed after signing.
  • Escalate indeterminate results, missing revocation data, absent trusted-list status, unsupported formats, or unclear QSCD evidence before treating a signature as QES.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports the validation requirements for qualified electronic signatures and advanced electronic signatures based on qualified certificates.
ETSI TS 119 612 trusted lists
Supports using trusted lists as trust anchors and checking service-status changes during certificate path and signature validation.
Section 4

Cross-border recognition in public services

Article 27 addresses public-sector online services. If a Member State requires an advanced electronic signature for an online service offered by or on behalf of a public sector body, it must recognise advanced electronic signatures, advanced electronic signatures based on a qualified certificate, and qualified electronic signatures in the formats or methods defined by implementing acts.

If the public service requires an advanced electronic signature based on a qualified certificate, the Member State must recognise both that level and QES. For cross-border use of such public services, Member States may not request a higher security level than a qualified electronic signature.

For private contracts, eIDAS legal-effect rules still matter, but contract law, sector rules, formality requirements, and evidence practice may add separate questions. The page should therefore be used as an eIDAS signature-level and evidence guide, not as a substitute for transaction-specific legal review.

  • For a public-service workflow, record the requested signature level and accepted formats or methods.
  • For a cross-border process, verify that the relying party is not demanding a level above QES for the eIDAS public-service use case.
  • For private agreements, keep the eIDAS validation evidence together with the contract rule, governing law, counterparty acceptance terms, and signer-authority proof.
  • When a signature comes from another Member State, validate against the relevant trusted-list information rather than relying only on the local signing-platform label.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports cross-border public-service recognition rules for advanced and qualified electronic signatures.
European Commission eIDAS overview
Supports the broader eIDAS objective of secure cross-border electronic identification and trust services.
Section 5

Signature-level review checklist

Use this checklist when approving a signing workflow, onboarding a signature provider, or reviewing a disputed signed record. The aim is to preserve enough evidence to explain why the organization treated a signature as SES, AES, AdES/QC, or QES at the time it relied on it.

The checklist is intentionally evidence-oriented because the legal value of an electronic signature is usually tested after the transaction, when teams must reconstruct signer identity, document integrity, certificate status, provider status, and validation results.

Does eIDAS make every electronic signature equivalent to a handwritten signature?

No. eIDAS protects electronic signatures from being rejected solely because they are electronic, but only a qualified electronic signature has the equivalent legal effect of a handwritten signature under Article 25.

What makes an eIDAS electronic signature advanced?

An advanced electronic signature must be uniquely linked to the signatory, identify the signatory, be created using signature creation data under the signatory's sole control with a high level of confidence, and be linked to the signed data so later changes are detectable.

What evidence supports treating an eIDAS signature as qualified?

Keep the signed data, validation report, qualified certificate evidence, QTSP and qualified-service status from trusted lists, revocation or suspension status, signatory information, QSCD or remote-QSCD evidence, and the time basis used for validation.

  • Classify the required signature level: SES, AES, advanced electronic signature based on qualified certificate, or QES.
  • Identify the legal or business reason for that level: public-service rule, contract clause, sector requirement, risk decision, or counterparty requirement.
  • For AES, confirm and retain evidence for signatory link, signatory identification, sole-control creation data, and later-change detection.
  • For QES, confirm the qualified certificate, QTSP status, trusted-list service status, qualified device or remote-QSCD evidence, and Article 32 validation result.
  • For AdES/QC, confirm the qualified certificate and Article 32a-style validation requirements without overstating the result as QES unless QSCD evidence is present.
  • Keep the signed object or hash, signature format, validation report, certificate path, revocation data, trusted-list evidence, validation policy, validation time, and reviewer approval.
  • Define escalation triggers for revoked or suspended certificates, indeterminate validation, missing trusted-list status, unsupported formats, pseudonym ambiguity, or signer-authority gaps.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports the signature-level distinctions and validation criteria used in the checklist and FAQ answers.
ETSI TS 119 612 trusted lists
Supports trusted-list evidence for qualified status, service history, and trust-anchor use in validation.
Recommended next step

Build a signature-level and validation evidence record

Sorena can help turn SES, AES, AdES/QC, and QES determinations into cited provider checks, validation evidence, escalation rules, and records that product, legal, procurement, security, and compliance teams can review.

Research workflow
Open Research Copilot for eIDAS signatures

Ask source-linked questions about eIDAS signature levels, qualified certificates, QTSP status, trusted lists, and validation evidence.

Explore next step
Talk to Sorena
Talk through implementation

Review your signature workflow, provider evidence, validation outputs, and cross-border recognition questions with Sorena.

Explore next step
Primary sources

References and citations

ETSI trust service provider overview
portal.etsi.org
Referenced sections
  • Explains that trusted lists identify qualified trust service providers and services and that qualified status depends on the service being listed.
"provider/service will be qualified only if it appears in the trusted lists"
ETSI TS 119 612 trusted lists
etsi.org
Referenced sections
  • Supports trusted-list evidence for qualified status, service history, and trust-anchor use in validation.
"checked regularly for changes to the service status"
European Commission eIDAS overview
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the broader eIDAS objective of secure cross-border electronic identification and trust services.
"secure cross-border transactions"
Regulation (EU) No 910/2014 (eIDAS)
eur-lex.europa.eu
Referenced sections
  • Supports the signature-level distinctions and validation criteria used in the checklist and FAQ answers.
"Requirements for advanced electronic signatures"
Related guides

Explore more topics

eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services
Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes
Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks
Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties
Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties
Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
eIDAS penalties and fines for trust service providers
Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
eIDAS QES validation checks for relying parties
How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
eIDAS Qualified Trust Services: QTSP Selection
How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
eIDAS remote signature and cloud HSM controls for QTSPs
Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
eIDAS signature legal effect selector: SES, AES, AES-QC, or QES
Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer
Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
eIDAS trusted list validation: LOTL, QTSP status, and evidence
How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws
Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements
Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations
Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations
Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation
Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates
A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks
What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
EU eIDAS checklist for signatures, trust services, and wallets
Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation
FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
EU eIDAS QTSP authorization and supervision guide
How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence
Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence
Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence
How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
EUDI Wallet readiness for service providers under eIDAS
Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
EUDI Wallet Relying Parties under eIDAS
What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
EUDI Wallet Relying Party Onboarding Workflow under eIDAS
A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
EUDI Wallet Relying Party Registration Under eIDAS
What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
EUDI Wallet Technical Architecture Guide under eIDAS
Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence
Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
QWACs under eIDAS: website authentication certificates
A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs
A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
What is a qualified trust service provider under eIDAS?
How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
What is a QWAC under the EU eIDAS Regulation?
Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.