Qualified Electronic Signatures Integrated Across EUDI Wallets

All EUDI Wallets will support qualified electronic signatures with legal equivalence to handwritten signatures.

Understanding Qualified Electronic Signatures Under eIDAS 2.0

The eIDAS regulation establishes three tiers of electronic signatures, each with increasing levels of security, legal weight, and technical requirements. Simple electronic signatures encompass any data in electronic form attached to or associated with other data, such as a typed name at the bottom of an email. Advanced electronic signatures add requirements for unique linkage to the signatory and the ability to detect any subsequent alteration to the signed data.

Qualified Electronic Signatures (QES) represent the gold standard. They must be created using a Qualified Signature Creation Device (QSCD) that meets stringent hardware security requirements, based on a qualified certificate issued by a certified Trust Service Provider (TSP), and linked to the signatory through identity verification at the highest level of assurance. Only QES carries the explicit legal equivalence to handwritten signatures mandated by Article 25(2) of the eIDAS regulation.

The EUDI Wallet fundamentally changes the QES environment by making this highest level of electronic signature accessible to every EU citizen through their smartphone. Previously, obtaining a QES required purchasing hardware tokens, visiting registration authorities in person, and navigating complex technical setup procedures. The wallet integrates all these steps into a single, user-friendly application, democratizing access to legally binding digital signatures across the entire European population.

Technical Architecture of Wallet-Based Signatures

The EUDI Wallet implements qualified electronic signatures through a combination of local and remote cryptographic operations. Modern smartphones contain secure hardware elements, specialized chips that store cryptographic keys and perform signing operations in a tamper-resistant environment. The EUDI Wallet uses these secure elements as Qualified Signature Creation Devices, meeting the hardware security requirements specified in the eIDAS regulation and the CEN EN 419241 standard.

For devices that lack sufficiently certified secure elements, the EUDI Wallet supports a remote signing architecture. In this model, the user's signing key is stored in a Hardware Security Module (HSM) operated by a qualified trust service provider. The user authenticates to the HSM through their wallet using biometric verification, authorizes the specific signing operation, and the HSM generates the cryptographic signature remotely. The signed document is returned to the user's wallet and forwarded to the requesting party.

Both architectures support the standard signature formats required by European regulations: PAdES for PDF documents, XAdES for XML data, CAdES for binary data, and JAdES for JSON-based documents. The wallet automatically selects the appropriate format based on the document type being signed. Long-term validation (LTV) data, including timestamps and certificate revocation information, is embedded in the signature to ensure that the validity of signatures can be confirmed years or even decades after creation.

Use Cases Across Government and Private Sector

Government services represent the largest volume use case for EUDI Wallet signatures. Citizens can sign tax declarations, social security applications, building permit requests, and municipal service forms directly from their wallet. The European Commission estimates that EU citizens collectively submit over 2 billion signed government forms annually, many of which currently require physical signatures, postal submission, or visits to government offices. Digital signatures through the wallet eliminate these requirements entirely.

The banking and financial services sector is expected to be the primary private-sector adopter of wallet-based signatures. Account opening, loan applications, mortgage agreements, and investment mandates all require legally binding signatures. Currently, banks often use advanced electronic signatures that lack the full legal equivalence of QES, creating potential legal vulnerabilities in disputed transactions. EUDI Wallet QES provides banks with the highest level of legal certainty while dramatically improving the customer experience.

Real estate transactions, which involve some of the highest-value signatures in citizens' lives, are being transformed by wallet-based QES. Purchase agreements, mortgage deeds, and notarial acts can be signed digitally with full legal validity. Notaries in countries like France, Germany, and the Netherlands are developing workflows that integrate EUDI Wallet signatures into their electronic deed platforms, enabling remote property transactions that previously required all parties to be physically present.

Free Access and the Democratization of Digital Signatures

One of the most transformative aspects of the EUDI Wallet signature integration is the mandate for free citizen access. Article 6a of the revised eIDAS regulation requires member states to ensure that all citizens and residents have access to at least one qualified electronic signature at no cost. This provision directly addresses the economic barrier that has limited QES adoption across Europe, where commercial QES services typically cost between 30 and 200 euros per year.

The free access mandate is expected to dramatically increase QES usage across the EU. Currently, fewer than 5 percent of EU citizens have access to qualified electronic signatures, primarily concentrated in countries with advanced e-government systems like Estonia, Belgium, and Italy. By integrating QES into the EUDI Wallet and removing the cost barrier, the European Commission projects that QES adoption will reach 60 percent of the adult EU population within three years of wallet deployment.

The economic impact of widespread QES access is substantial. McKinsey estimates that fully digital, legally binding signature workflows could save the European economy between 15 and 25 billion euros annually through reduced paper handling, postal costs, travel for in-person signing, and administrative processing time. Small and medium enterprises stand to benefit disproportionately, as they currently bear the highest per-transaction costs for signature-dependent processes.

Trust Service Providers and the Certification Framework

Qualified Trust Service Providers (QTSPs) play a central role in the EUDI Wallet signature ecosystem. These are organizations certified by national supervisory bodies to issue qualified certificates for electronic signatures. Major European QTSPs including DocuSign (through its European entity), Swisscom Trust Services, InfoCert, and D-Trust are developing EUDI Wallet integration modules that enable certificate issuance directly into citizens' wallets.

The certification process for wallet-based signature services follows the European Telecommunications Standards Institute (ETSI) framework. QTSPs must undergo regular audits by conformity assessment bodies, maintain detailed records of all certificate operations, and meet stringent requirements for key protection and identity verification. The EUDI Wallet specification adds additional requirements for the interaction between the wallet application and the QTSP's infrastructure, ensuring a consistent user experience regardless of which trust service provider issued the certificate.

Member states are responsible for maintaining trusted lists of qualified trust service providers, which are published in a machine-readable format defined by ETSI TS 119 612. The EUDI Wallet automatically consults these trusted lists when verifying signatures, ensuring that only signatures based on certificates from currently qualified providers are accepted as QES. This dynamic trust model means that if a QTSP loses its qualification, all future verifications of their certificates will reflect this status change.