The regulatory landscape in the EU is undergoing significant expansion with the rollout of new implementing acts as part of the revised eIDAS (EU 2024/1183). The European Union is working on finalizing the drafts before publishing the final versions. Even though a concrete timeline is still pending, the expected outcome is clear: In the long run, the amendments to the revised eIDAS regulation aim to strengthen digital security, interoperability, and trust, unlocking new business potential.
What’s the long-term goal?
Until now, EU member states have followed their rules regarding digital identification, e.g., for electronic signatures. This fragmented approach is set to change. The eIDAS implementing acts introduce new robust (technical) standards, stricter requirements, and harmonized identity verification workflows across the EU. For instance, the human eye won’t suffice to verify a person’s identity manually. Instead, additional digital verification methods such as AI-based recognition or NFC validation will be required and become the norm.
By creating a standardized regulatory framework, trust service providers will be empowered to deliver more secure, user-friendly, and eIDAS-compliant services throughout Europe, such as qualified electronic signatures (QES). This approach supports digitizing business processes and fosters greater trust in digital transactions and services.
Standardizing trust services
To ensure safety and interoperability, the EU is planning to introduce and standardize two additional trust services, creating new growth opportunities for TSPs and their partners:
- Management of remote qualified electronic signature creation devices (rQSCDs)
rQSCDs are eIDAS-certified systems that generate electronic signatures or seals without relying on a locally stored private key. Instead, the key lives in a secure server infrastructure like a hardware security module (HSM) and can only be accessed remotely via the internet. To initiate the signing process, the signee has to authenticate themselves. Articles 29a(2) and 39(a) outline all (technical) requirements for managed rQSCD providers.
rQSCDs are ideal solutions where electronic signatures must abide by high legal and security standards. At the same time, they meet the demand for user-friendly, convenient, and flexible digital processes, including signing legally binding documents wherever you want. For example, rQSCDs can be integrated into industry-specific SaaS platforms like HR, finance, or legal-tech tools to enable users to remotely sign documents like employment contracts, loan agreements, or notarizations. With the new regulation, accessing rQSCDs as a service from trusted providers will be possible without owning the devices.
- Qualified electronic registered delivery services
Companies often require accurate proof of content, dispatch, and successful delivery when sending sensitive messages. Traditionally, this has been handled via paper-based registered letters. Qualified electronic registered delivery services will fulfill this role through the digital route. This way, companies can track the authoritative delivery of their messages in real-time while maintaining integrity, security, and liability, avoiding the risk of manipulation and disputes, and reducing waste. All requirements, standards, and technical specifications, as well as the certification process, are described in Article 44(2).
Especially in strictly regulated industries and cases, a qualified electronic registered delivery service creates an official way of communication where it is mandatory, including dunning notices, termination and administrative notices, tax declarations, finance, insurance, healthcare, and justice-related content. After all, companies must ensure they have legal proof of delivery if the recipient claims they did not receive any documents. In addition, this service streamlines contract management and supports audit-ready reporting.
Prepare for what’s coming
The introduction of these new services will gradually create a new market. Businesses in this space should become familiar with the regulatory requirements early and consider partnering with an experienced provider.
If you want to know more about the latest changes and amendments to the eIDAS regulation and Implementing Acts, you can find a detailed overview in our State of the 2025 eIDAS Implementing Acts cheat sheet.