Author: Mario Voge

eIDAS business opportunities: EU defines two new trust services

The regulatory landscape in the EU is undergoing significant expansion with the rollout of new implementing acts as part of the revised eIDAS (EU 2024/1183). The European Union is working on finalizing the drafts before publishing the final versions. Even though a concrete timeline is still pending, the expected outcome is clear: In the long run, the amendments to the revised eIDAS regulation aim to strengthen digital security, interoperability, and trust, unlocking new business potential.

What’s the long-term goal?

Until now, EU member states have followed their rules regarding digital identification, e.g., for electronic signatures. This fragmented approach is set to change. The eIDAS implementing acts introduce new robust (technical) standards, stricter requirements, and harmonized identity verification workflows across the EU. For instance, the human eye won’t suffice to verify a person’s identity manually. Instead, additional digital verification methods such as AI-based recognition or NFC validation will be required and become the norm.

By creating a standardized regulatory framework, trust service providers will be empowered to deliver more secure, user-friendly, and eIDAS-compliant services throughout Europe, such as qualified electronic signatures (QES). This approach supports digitizing business processes and fosters greater trust in digital transactions and services.

Standardizing trust services

To ensure safety and interoperability, the EU is planning to introduce and standardize two additional trust services, creating new growth opportunities for TSPs and their partners:

  • Management of remote qualified electronic signature creation devices (rQSCDs)
    rQSCDs are eIDAS-certified systems that generate electronic signatures or seals without relying on a locally stored private key. Instead, the key lives in a secure server infrastructure like a hardware security module (HSM) and can only be accessed remotely via the internet. To initiate the signing process, the signee has to authenticate themselves. Articles 29a(2) and 39(a) outline all (technical) requirements for managed rQSCD providers.

    rQSCDs are ideal solutions where electronic signatures must abide by high legal and security standards. At the same time, they meet the demand for user-friendly, convenient, and flexible digital processes, including signing legally binding documents wherever you want. For example, rQSCDs can be integrated into industry-specific SaaS platforms like HR, finance, or legal-tech tools to enable users to remotely sign documents like employment contracts, loan agreements, or notarizations. With the new regulation, accessing rQSCDs as a service from trusted providers will be possible without owning the devices.

  • Qualified electronic registered delivery services
    Companies often require accurate proof of content, dispatch, and successful delivery when sending sensitive messages. Traditionally, this has been handled via paper-based registered letters. Qualified electronic registered delivery services will fulfill this role through the digital route. This way, companies can track the authoritative delivery of their messages in real-time while maintaining integrity, security, and liability, avoiding the risk of manipulation and disputes, and reducing waste. All requirements, standards, and technical specifications, as well as the certification process, are described in Article 44(2).

    Especially in strictly regulated industries and cases, a qualified electronic registered delivery service creates an official way of communication where it is mandatory, including dunning notices, termination and administrative notices, tax declarations, finance, insurance, healthcare, and justice-related content. After all, companies must ensure they have legal proof of delivery if the recipient claims they did not receive any documents. In addition, this service streamlines contract management and supports audit-ready reporting.

Prepare for what’s coming

The introduction of these new services will gradually create a new market. Businesses in this space should become familiar with the regulatory requirements early and consider partnering with an experienced provider.

 

If you want to know more about the latest changes and amendments to the eIDAS regulation and Implementing Acts, you can find a detailed overview in our State of the 2025 eIDAS Implementing Acts cheat sheet.

 

Do you have any questions? Contact us!

More trust blog articles

05.06.2025

eIDAS business opportunities: EU...

The regulatory landscape in the EU is undergoing significant expansion with the...

Read more

15.05.2025

FAQ: Digital Healthcare - Top 5...

Read more

09.05.2025

What if healthcare in the EU were...

Europe is steadily moving toward a Health Union. Contrary to what the title...

Read more

05.05.2025

The future of Swiss eID: Swiyu and...

It remains to be seen whether a referendum will be held on the introduction of...

Read more

Latest blog posts