---
title: "EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks"
canonical_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/attribute-attestations"
source_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/attribute-attestations"
author: "Sorena AI"
description: "What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify."
published_at: "2026-05-09"
updated_at: "2026-05-26"
keywords:
  - "EU eIDAS Regulation"
  - "eIDAS"
  - "electronic attestation of attributes"
  - "qualified electronic attestation of attributes"
  - "QEAA"
  - "EAA"
  - "EUDI Wallet"
  - "authentic sources"
  - "trusted lists"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks

What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.

*FAQ* *EU*

## EU eIDAS Regulation Attribute Attestations

Electronic attestations of attributes are eIDAS trust-service objects that let a user prove specific attributes, such as age, address, qualifications, mandates, permits, or company data, without turning every attribute proof into electronic identification.

This FAQ explains the difference between EAA, QEAA, and public-sector authentic-source attestations, plus the wallet, issuer, legal-effect, revocation, and relying-party checks that matter.

Under the amended eIDAS Regulation, an electronic attestation of attributes is not just a generic claim about a user. The regulation gives special treatment to qualified electronic attestations of attributes and to attestations issued by, or on behalf of, a public sector body responsible for an authentic source. A relying party should therefore check the category of attestation, the issuer's authority, the wallet presentation, the validity status, and whether the requested attributes are necessary for the service.

## What is an electronic attestation of attributes under eIDAS?

An electronic attestation of attributes is a regulated way to prove facts about a natural or legal person through the eIDAS trust-service framework. eIDAS covers electronic attestation of attributes alongside signatures, seals, timestamps, electronic documents, registered delivery, website authentication, archiving, and electronic ledgers.

The important distinction is the type of attestation. A non-qualified EAA can still have legal effect and evidentiary value, but a QEAA must meet Annex V requirements and be issued by a qualified trust service provider. A separate category covers attestations issued by, or on behalf of, a public sector body responsible for an authentic source; those must meet Annex VII and the additional Article 45f requirements.

- Treat EAA as attribute proof, not automatically as electronic identification.
- Classify the attestation as non-qualified EAA, QEAA, or public-sector authentic-source EAA before relying on it.
- For a QEAA, verify that the attestation identifies the qualified trust service provider, the subject, the attested attributes and their scope, validity period, unique attestation identity code, qualified signature or seal, supporting certificate location, and validity-status service.
- For a public-sector authentic-source EAA, verify the issuing public body, the authentic-source basis, the subject, the attested attributes, validity period, identity code, qualified signature or seal, supporting certificate, and status-check location.

Sources for this answer:

- [Regulation (EU) No 910/2014 (eIDAS), consolidated with the European Digital Identity amendments](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Supports the legal effect of EAAs and the Annex V and Annex VII content requirements for QEAAs and public-sector authentic-source attestations.
- [Regulation (EU) 2024/1183 establishing the European Digital Identity Framework](https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng?ref=sorena.io) - Amends eIDAS to add the European Digital Identity Wallet framework and the attribute-attestation provisions.

## Who can issue QEAAs and authentic-source attestations?

A QEAA is issued by a qualified trust service provider and must be able to show, in machine-processable form, that it is a qualified electronic attestation of attributes. eIDAS also requires Member States to make measures available so qualified trust service providers can verify certain public-sector attributes electronically, at the user's request, against authentic sources or recognised intermediaries.

A public-sector authentic-source attestation is different: it is issued by, or on behalf of, a public sector body responsible for the authentic source. The Member State must ensure those bodies meet a reliability and trustworthiness level equivalent to qualified trust service providers, notify them to the Commission, and make the public list available through a secure signed or sealed channel.

- For QEAAs, check the qualified trust service provider identity and whether the service has qualified status for the relevant attestation service.
- For public-sector authentic-source attestations, check whether the public body is responsible for the authentic source or designated to act on its behalf.
- For attributes such as address, age, nationality or citizenship, educational and professional qualifications, mandates, permits, licences, and company data, check whether the attribute relies on a public-sector authentic source and whether electronic verification is available.
- Do not accept issuer branding alone as proof of authority; check the attestation category, certificate, signature or seal, status information, and relevant trusted-list or registry information.

Sources for this answer:

- [Regulation (EU) No 910/2014 (eIDAS), consolidated with the European Digital Identity amendments](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Supports issuer distinctions for QEAAs, authentic-source public-sector attestations, revocation effects, and the minimum list of attributes in Annex VI.
- [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Explains the trust-service-provider and trusted-list context used to check qualified trust services under eIDAS.
- [ETSI TS 119 612 trusted lists](https://www.etsi.org/standardssearch?ref=sorena.io) - Supports the relying-party need to authenticate and trust EU trusted lists and the Commission List of Trusted Lists when checking trust-service status.

## How should wallets and relying parties use attribute attestations?

For wallet use, eIDAS requires providers of electronic attestations of attributes to let EUDI Wallet users request, obtain, store, and manage attestations regardless of the Member State where the wallet is provided. Providers of QEAAs and public-sector authentic-source attestations must provide an interface with EUDI Wallets.

For relying parties, the practical check is not only whether a credential verifies cryptographically. The EUDI Wallet Architecture and Reference Framework describes an ecosystem in which wallets let users request attestations from trusted issuers, store them, and present them to relying parties with user control, selective disclosure, relying-party authentication, issuer authorisation checks, and revocation/status checks.

- Authenticate the relying party before the wallet presents attributes, and show the user whether the relying party is registered to receive the requested attributes.
- Request only attributes needed for the service, because selective disclosure and user approval are core wallet controls.
- Verify the issuer is authorised to issue the relevant attestation type; where available, inspect the issuer registration certificate or query the relevant registry.
- Check whether the attestation or its signing certificate has been revoked, because revoked QEAAs and public-sector authentic-source attestations lose validity from revocation and status must not revert.
- Keep the relying-party purpose, requested attributes, user approval, issuer authority check, certificate and status-check result, attestation validity period, and revocation outcome together as evidence of the relying decision.

Sources for this answer:

- [Regulation (EU) No 910/2014 (eIDAS), consolidated with the European Digital Identity amendments](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Supports wallet-interface duties, public-service substitution limits, revocation effects, and the separation rules for EAA service providers.
- [Commission Implementing Regulation (EU) 2024/2977 on PID and electronic attestations of attributes for EUDI Wallets](https://eur-lex.europa.eu/eli/reg_impl/2024/2977/oj/eng?ref=sorena.io) - Supports wallet requirements for requesting, storing, deleting, sharing, and presenting PID and EAAs, plus validity-status and revocation-management details.
- [European Commission - EUDI Wallet Architecture and Reference Framework](https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/latest/architecture-and-reference-framework-main.pdf?ref=sorena.io) - Supports relying-party, wallet, issuer-authorisation, selective-disclosure, user-control, and attestation-revocation checks in the EUDI Wallet ecosystem.

## Primary sources

- [Regulation (EU) No 910/2014 (eIDAS), consolidated with the European Digital Identity amendments](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Primary legal source for EAA legal effects, QEAA requirements, authentic-source attestations, wallet interfaces, revocation, and Annex V to VII data requirements.
  - Quote: "electronic attestation of attributes"
- [Regulation (EU) 2024/1183 establishing the European Digital Identity Framework](https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng?ref=sorena.io) - Amending regulation that adds the European Digital Identity Wallet and new trust-service framework elements to eIDAS.
  - Quote: "European Digital Identity Framework"
- [Commission Implementing Regulation (EU) 2024/2977 on PID and electronic attestations of attributes for EUDI Wallets](https://eur-lex.europa.eu/eli/reg_impl/2024/2977/oj/eng?ref=sorena.io) - Implementation source for wallet-issued PID and EAA data handling, interoperability, validity status, and revocation-management details.
  - Quote: "person identification data and electronic attestations of attributes"
- [European Commission - EUDI Wallet Architecture and Reference Framework](https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/latest/architecture-and-reference-framework-main.pdf?ref=sorena.io) - Technical architecture source for wallet roles, attestation providers, relying parties, selective disclosure, registration checks, and revocation/status checks.
  - Quote: "Architecture and Reference Framework"
- [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Trust-service-provider source for eIDAS qualified services, trusted-list context, and conformity-assessment ecosystem terminology.
  - Quote: "Certification Authorities and other Trust Service Providers"
- [ETSI TS 119 612 trusted lists](https://www.etsi.org/standardssearch?ref=sorena.io) - Trusted-list source for relying-party verification of trust-service status through signed trusted lists and the EU List of Trusted Lists model.
  - Quote: "Trusted Lists"

## Topic Guides

- [eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services](/artifacts/eu/electronic-identification-and-trust-services-regulation/deadlines-and-compliance-calendar.md): Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
- [eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas2-vs-eidas.md): Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
- [eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks](/artifacts/eu/electronic-identification-and-trust-services-regulation/certificates-and-authentication.md): Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
- [eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist-and-evidence.md): Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
- [eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/compliance.md): Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
- [eIDAS electronic signatures: SES, AES, QES legal effect and evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-signatures-and-legal-effect.md): A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
- [eIDAS penalties and fines for trust service providers](/artifacts/eu/electronic-identification-and-trust-services-regulation/penalties-and-fines.md): Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
- [eIDAS QES validation checks for relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/qes-validation.md): How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
- [eIDAS Qualified Trust Services: QTSP Selection](/artifacts/eu/electronic-identification-and-trust-services-regulation/qualified-trust-services-and-qtsp-selection.md): How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
- [eIDAS remote signature and cloud HSM controls for QTSPs](/artifacts/eu/electronic-identification-and-trust-services-regulation/remote-signature-and-cloud-hsm-controls.md): Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
- [eIDAS signature legal effect selector: SES, AES, AES-QC, or QES](/artifacts/eu/electronic-identification-and-trust-services-regulation/signature-legal-effect-selector-workflow.md): Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
- [eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer](/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-service-role-scoping-workflow.md): Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
- [eIDAS trusted list validation: LOTL, QTSP status, and evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-list-validation.md): How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
- [eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-esign-and-ueta.md): Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
- [eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-etsi-en-319-401.md): Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
- [eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-gdpr-identity-data.md): Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
- [eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-nis2-trust-services.md): Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
- [Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-attestations-of-attributes.md): Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
- [EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/applicability-test.md): A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
- [EU eIDAS checklist for signatures, trust services, and wallets](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist.md): Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
- [EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq.md): FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
- [EU eIDAS QTSP authorization and supervision guide](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-authorization-and-supervision.md): How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
- [EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-due-diligence-workflow.md): Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
- [EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/requirements.md): Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
- [EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/trusted-lists.md): How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
- [EUDI Wallet readiness for service providers under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-readiness.md): Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
- [EUDI Wallet Relying Parties under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/eudi-wallet-relying-party.md): What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
- [EUDI Wallet Relying Party Onboarding Workflow under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/wallet-onboarding-workflow.md): A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
- [EUDI Wallet Relying Party Registration Under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-relying-party-registration.md): What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
- [EUDI Wallet Technical Architecture Guide under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-technical-architecture-guide.md): Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
- [QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qes-vs-ades.md): Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
- [QWACs under eIDAS: website authentication certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/qwacs.md): A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
- [What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs](/artifacts/eu/electronic-identification-and-trust-services-regulation/what-eidas-covers.md): A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
- [What is a qualified trust service provider under eIDAS?](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qualified-trust-service-provider.md): How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
- [What is a QWAC under the EU eIDAS Regulation?](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qwac.md): Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.

*Recommended next step*

*Placement: before sources*

## Turn eIDAS attribute-attestation checks into implementation evidence

Sorena can help translate EAA and QEAA requirements into issuer checks, wallet presentation controls, relying-party validation steps, and evidence fields tied to the sources on this page.

- [Open Research Copilot for EU eIDAS Regulation](/solutions/research-copilot.md): Ask source-linked questions about EAA, QEAA, EUDI Wallet, trusted lists, issuer checks, and relying-party validation using the cited sources on this page.
- [Talk through implementation](/contact.md): Review your attribute-attestation flow, source gaps, and EUDI Wallet relying-party checks with Sorena.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/attribute-attestations