Scope GuideEU

What eIDAS Covers eID, Trust Services, Wallets, and QWACs

eIDAS is the EU framework for cross-border electronic identification, European Digital Identity Wallets, and trust services used in electronic transactions.

Use this page to separate eIDAS-covered services from adjacent login, certificate, document, and identity workflows that may be governed mainly by contract, sector rules, GDPR, or national law.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
7

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

The EU eIDAS framework covers two linked areas: electronic identification used for access to online or offline services, and trust services that give legal and technical reliability to electronic transactions. The 2024 European Digital Identity Framework amendments add the European Digital Identity Wallet, electronic attestations of attributes, electronic archiving, electronic ledgers, and updated trust-service rules. A useful scope review starts with the service being offered or relied on, not with the technology label used by a supplier.

Section 1

Core eIDAS scope

Article 1 sets the basic perimeter: eIDAS covers recognition of electronic identification means under notified Member State schemes, provision and recognition of European Digital Identity Wallets, rules for trust services, and the legal framework for specified electronic transaction services.

Article 2 narrows that perimeter. The Regulation applies to electronic identification schemes notified by a Member State, to European Digital Identity Wallets provided by a Member State, and to trust service providers established in the Union. Trust services used exclusively inside closed systems created by national law or agreements between a defined set of participants are outside eIDAS trust-service scope.

  • In scope: notified electronic identification schemes, EUDI Wallets, trust service providers established in the EU, and regulated trust services.
  • In scope: electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery, website authentication certificates, electronic archiving, electronic attestations of attributes, signature and seal creation devices, and electronic ledgers.
  • Out of scope for eIDAS trust-service rules: closed-system trust services used only under national law or a private agreement among a defined participant group.
  • Not displaced by eIDAS: Union or national rules on contract validity, required legal form, procedural obligations, sector-specific form requirements, and data protection law.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports the Article 1 subject matter, Article 2 scope, and the list of electronic identification and trust-service categories covered by eIDAS.
Section 2

Electronic identification and relying parties

Electronic identification under eIDAS is not every login method. It is the use of person identification data in electronic form that uniquely represents a natural or legal person, or a representative, and is used for authentication. The cross-border recognition rules are tied to electronic identification schemes notified by Member States.

Relying parties are the organisations that rely on electronic identification, EUDI Wallets, other electronic identification means, or trust services. A normal account login, password reset, or customer identity check should be marked as eIDAS-relevant only when it uses a notified eID scheme, a wallet, or a regulated trust service.

  • Check whether the identity means comes from a Member State notified electronic identification scheme.
  • Record whether the relying party is a public service, a private service, a wallet-relying party, or a trust-service user.
  • Separate eIDAS authentication from ordinary account credentials, KYC checks, device authentication, and fraud-screening tools unless those flows use an eIDAS-covered means or service.
  • For wallet integrations, track the attributes requested, the user purpose, the relying-party registration basis, and the access certificate or equivalent authentication mechanism.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Defines electronic identification, electronic identification means, authentication, relying party, and the Member State notification basis for eID schemes.
Commission Implementing Regulation (EU) 2024/2977
Supports wallet person-identification and relying-party access-certificate details for issuing person identification data and attribute attestations to wallet units.
Section 3

Trust services covered by eIDAS

eIDAS trust services are electronic services normally provided for remuneration and listed in Article 3. The list includes certificates, validation, creation and preservation services for signatures and seals, remote signature or seal creation-device management, time stamps, registered delivery, electronic archiving, electronic attestations of attributes, and electronic ledgers.

The qualified status of a trust service is not a marketing description. A qualified trust service must meet the applicable eIDAS requirements, and a qualified trust service provider must be granted qualified status by the supervisory body. For qualified services, trusted-list status is central to validation and evidence.

  • Signatures: distinguish electronic, advanced, and qualified electronic signatures before promising legal equivalence or qualified validation.
  • Seals: treat legal-entity origin and integrity separately from a natural person's signature.
  • Time stamps: identify whether the service is an electronic time stamp or a qualified electronic time stamp.
  • Registered delivery: cover proof of sending, proof of receiving, and protection of transmitted data against loss, theft, damage, or unauthorised alteration.
  • Website authentication: identify whether the certificate is a certificate for website authentication or a qualified certificate for website authentication issued by a qualified trust service provider.
  • Newer trust-service categories: include electronic attestations of attributes, electronic archiving, and electronic ledgers when the service matches the eIDAS definitions.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Defines trust service, qualified trust service, trust service provider, qualified trust service provider, signatures, seals, time stamps, registered delivery, website authentication certificates, archiving, attestations, and ledgers.
ETSI EN 319 401 general policy requirements
Supports operational trust-service provider controls, including policies, practices, risk management, change notification, and continued verification information.
Section 4

Trusted lists, qualified status, and validation

Trusted lists are where EU Member States publish information about supervised qualified trust service providers and their qualified trust services. They are essential for checking whether a provider or service had qualified status at the time relevant to a signature, seal, certificate, delivery service, attestation, or other trust-service event.

The European Commission publishes a central List Of Trusted Lists with links to the Member State trusted lists. Systems that validate qualified signatures, seals, website certificates, or other qualified trust services should treat trusted-list retrieval, signature or seal verification, service status, service history, and certificate validity status as evidence, not as a one-time procurement check.

  • Validate the provider, service type, qualified status, and status history against the applicable Member State trusted list.
  • Use the Commission List Of Trusted Lists as the entry point for EU Member State trusted lists.
  • Store the validation time, trusted-list version or sequence information, service status, certificate path, revocation or OCSP evidence, and validation policy used.
  • Re-check status for long-lived evidence because a service can be granted, withdrawn, ceased, revoked, or superseded over time.
Sources for this answer
ETSI TS 119 612 trusted lists
Supports the technical structure and use of trusted lists, including service status, service history, and the Commission List Of Trusted Lists model.
ETSI trust service providers and trusted lists
Explains that Member State trusted lists identify supervised qualified trust service providers and qualified trust services and are used to determine qualified status and status history.
Section 5

EUDI Wallet and attribute attestations

The EUDI Wallet is now part of the eIDAS framework. The Regulation defines it as an electronic identification means that lets the user securely store, manage, and validate person identification data and electronic attestations of attributes for presentation to relying parties and other wallet users, and to sign or seal with qualified electronic signatures or seals.

Attribute attestations are also within scope. A qualified electronic attestation of attributes is issued by a qualified trust service provider and must meet Annex V. Attestations issued by or on behalf of a public sector body responsible for an authentic source have a separate path and must meet Article 45f and Annex VII requirements. Implementations should therefore track the attestation type, issuer role, authentic source, revocation status, wallet interface, and whether the presentation request is limited to attributes needed for the use case.

  • Wallet providers: track wallet solution, wallet unit, wallet instance, secure cryptographic application, secure cryptographic device, certification status, and supervisory body interactions.
  • Providers of person identification data: issue person identification data under the relevant eID scheme and cryptographically bind it to the wallet unit.
  • Attestation providers: identify themselves to wallet units, include authentication and validation information, and publish revocation policies.
  • Relying parties: register the attributes they intend to request and support user control, selective disclosure, and request minimisation where the wallet architecture requires it.
  • Public-sector authentic-source attestations: confirm the public body, authentic source, qualified signature or seal support, revocation status, and interface with wallets.
Sources for this answer
Regulation (EU) 2024/1183 (European Digital Identity Framework)
Supports the eIDAS 2 additions for the EUDI Wallet, attribute attestations, wallet supervision, and updated trust-service categories.
Commission Implementing Regulation (EU) 2024/2977
Supports person identification data and electronic attestations of attributes issued to wallet units, including wallet-unit binding and provider authentication.
European Commission EUDI Wallet Architecture and Reference Framework
Supports the wallet ecosystem roles, relying-party registration concepts, selective disclosure, attestation-provider checks, and privacy risks for wallet presentations.
Section 6

Practical scope checklist

Use this checklist when a product, procurement, legal, identity, PKI, or security team needs to decide whether a workflow belongs on the eIDAS register. The aim is to classify the actual service and preserve the validation material needed later.

Avoid broad labels such as digital identity, e-signing, certificate, wallet, or secure delivery without naming the eIDAS category and the provider role.

Does eIDAS cover every electronic signature used in the EU?

No. eIDAS defines electronic signatures and gives legal effects to electronic, advanced, and qualified electronic signatures, but a signature is qualified only when it is an advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures.

Does eIDAS cover ordinary website TLS certificates?

Not as ordinary TLS certificates. eIDAS covers certificates for website authentication and qualified certificates for website authentication; the qualified category must be issued by a qualified trust service provider and meet Annex IV requirements.

What should a team check before relying on a qualified trust service?

Check the provider, service type, qualified status, and status history in the relevant Member State trusted list, using the Commission List Of Trusted Lists as the EU entry point, and keep the validation evidence with the transaction record.

  • Name the covered category: notified eID scheme, EUDI Wallet, relying-party wallet integration, trust service, qualified trust service, QWAC, trusted-list validation, or attribute attestation.
  • Identify the actor: Member State, wallet provider, provider of person identification data, wallet-relying party, trust service provider, qualified trust service provider, supervisory body, browser provider, public-sector authentic-source body, or end user.
  • For signatures and seals, record whether the artifact is simple, advanced, or qualified and whether a qualified creation device or remote qualified creation-device management is involved.
  • For time stamps, registered delivery, website authentication, archiving, ledgers, and attestations, keep the exact service definition, provider status, certificate or attestation evidence, and validation result.
  • For qualified services, validate against trusted lists and save service status history, not only the supplier's certificate or sales material.
  • For wallet flows, save the relying-party registration or access certificate, requested attributes, user consent or approval record, issuer identity, revocation policy, and presentation validation output.
  • Mark as outside this eIDAS scope page where the workflow is only a private account login, unsigned document exchange, closed participant system, generic TLS certificate, or contract-form question with no eIDAS-covered service.
Sources for this answer
Regulation (EU) No 910/2014 (eIDAS)
Supports the checklist categories and FAQ distinctions for electronic signatures, website authentication certificates, trust-service roles, and closed-system exclusions.
ETSI trust service providers and trusted lists
Supports the practical instruction to verify qualified provider and service status through Member State trusted lists.
Recommended next step

Turn this eIDAS scope guide into a service register

Use the categories on this page to classify eID schemes, wallet integrations, trust services, QWACs, trusted-list checks, and attribute-attestation flows before assigning legal, product, PKI, and security work.

Research workflow
Open Research Copilot for eIDAS

Ask source-linked questions about eIDAS scope, trust-service categories, wallet integrations, and validation evidence using the cited sources on this page.

Explore next step
Talk to Sorena
Talk through implementation

Review whether a signature, seal, delivery, certificate, wallet, or attribute-attestation workflow is covered by eIDAS and what evidence should be kept.

Explore next step
Primary sources

References and citations

Commission Implementing Regulation (EU) 2024/2977
eur-lex.europa.eu
Referenced sections
  • Supports person identification data and electronic attestations of attributes issued to wallet units, including wallet-unit binding and provider authentication.
"electronic attestations of attributes"
ETSI EN 319 401 general policy requirements
etsi.org
Referenced sections
  • Supports operational trust-service provider controls, including policies, practices, risk management, change notification, and continued verification information.
"General Policy Requirements"
ETSI trust service providers and trusted lists
portal.etsi.org
Referenced sections
  • Supports the practical instruction to verify qualified provider and service status through Member State trusted lists.
"qualified status and the status history"
ETSI TS 119 612 trusted lists
etsi.org
Referenced sections
  • Supports the technical structure and use of trusted lists, including service status, service history, and the Commission List Of Trusted Lists model.
"Trusted Lists"
Regulation (EU) No 910/2014 (eIDAS)
eur-lex.europa.eu
Referenced sections
  • Supports the checklist categories and FAQ distinctions for electronic signatures, website authentication certificates, trust-service roles, and closed-system exclusions.
"certificate for website authentication"
Related guides

Explore more topics

eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services
Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes
Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks
Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties
Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties
Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
eIDAS electronic signatures: SES, AES, QES legal effect and evidence
A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
eIDAS penalties and fines for trust service providers
Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
eIDAS QES validation checks for relying parties
How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
eIDAS Qualified Trust Services: QTSP Selection
How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
eIDAS remote signature and cloud HSM controls for QTSPs
Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
eIDAS signature legal effect selector: SES, AES, AES-QC, or QES
Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer
Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
eIDAS trusted list validation: LOTL, QTSP status, and evidence
How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws
Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements
Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations
Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations
Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation
Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates
A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks
What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
EU eIDAS checklist for signatures, trust services, and wallets
Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation
FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
EU eIDAS QTSP authorization and supervision guide
How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence
Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence
Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence
How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
EUDI Wallet readiness for service providers under eIDAS
Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
EUDI Wallet Relying Parties under eIDAS
What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
EUDI Wallet Relying Party Onboarding Workflow under eIDAS
A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
EUDI Wallet Relying Party Registration Under eIDAS
What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
EUDI Wallet Technical Architecture Guide under eIDAS
Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence
Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
QWACs under eIDAS: website authentication certificates
A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
What is a qualified trust service provider under eIDAS?
How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
What is a QWAC under the EU eIDAS Regulation?
Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.