What is the difference between EAA and QEAA?

An Electronic Attestation of Attributes (EAA) is a general digital statement about user attributes that can be issued by any trusted entity. A Qualified Electronic Attestation of Attributes (QEAA) is a higher-assurance version issued specifically by a Qualified Trust Service Provider (QTSP) that has been audited and approved under eIDAS 2.0. QEAAs carry legal presumption of accuracy and are recognized across all EU member states, while EAAs may have more limited recognition.

Who can issue QEAAs for EUDI Wallets?

Only Qualified Trust Service Providers (QTSPs) that have been audited, certified, and listed in the EU Trusted Lists can issue QEAAs. These QTSPs may include government agencies (for documents like driving licenses), educational institutions (for diplomas), professional bodies (for licenses), and healthcare authorities (for medical credentials). The QTSP must verify the accuracy of the attributes before issuing a QEAA.

Are QEAAs legally binding across EU borders?

Yes. Under eIDAS 2.0, QEAAs issued by a QTSP in one member state are legally recognized across all EU member states. A QEAA diploma issued by a German university and stored in a German EUDI Wallet must be accepted by an employer in France or Spain with the same legal standing as the original paper document. This cross-border recognition is one of the key benefits of the qualified attestation framework.

How are QEAAs verified?

QEAA verification involves checking the digital signature of the issuing QTSP against their certificate in the EU Trusted Lists, validating that the QTSP is authorized to issue that type of attestation, checking that the attestation has not been revoked, and verifying the credential integrity. This process is automated within the EUDI Wallet ecosystem and happens in milliseconds.

QEAA (Qualified Electronic Attestation of Attributes)

QEAA

technical

Full Name: Qualified Electronic Attestation of Attributes

Definition

A Qualified Electronic Attestation of Attributes (QEAA) is a digitally signed statement about specific attributes of a natural or legal person, issued by a Qualified Trust Service Provider (QTSP) under the eIDAS 2.0 regulatory framework. QEAAs represent the highest assurance level for attribute attestations in the European digital identity ecosystem, carrying a legal presumption of accuracy and cross-border recognition across all EU member states. They are the digital equivalent of official documents such as university diplomas, professional licenses, medical prescriptions, company registrations, and government-issued certifications, designed to be stored in and presented from the EUDI Wallet.

QEAA Architecture and Issuance

The issuance of a QEAA follows a rigorous process defined by the eIDAS 2.0 regulation. The Qualified Trust Service Provider must first verify the accuracy of the attributes being attested. For a diploma, this means confirming with the university that the degree was awarded. For a professional license, it means verifying with the licensing authority that the license is current and valid. This verification step distinguishes QEAAs from self-asserted claims and gives them their high assurance level.

Once verified, the QTSP creates the attestation using a standardized data format, either the ISO mDoc format (used for mobile driving licenses) or the W3C Verifiable Credentials format with SD-JWT (Selective Disclosure JSON Web Token). The attestation is digitally signed using the QTSP's qualified electronic signature or seal, creating a tamper-proof credential that can be independently verified by any party with access to the EU Trusted Lists.

The signed QEAA is then delivered to the user's EUDI Wallet through the OpenID4VCI (Verifiable Credential Issuance) protocol. The wallet stores the QEAA in its secure storage, bound to the device's cryptographic keys. This binding ensures that even if the QEAA data were somehow copied, it could not be presented from a different device, as the presentation requires a cryptographic proof of possession using the device-bound private key.

Types of QEAAs in the EUDI Wallet

The EUDI Wallet is designed to hold a wide variety of QEAAs covering different aspects of a person's identity and qualifications. Government-issued QEAAs include mobile driving licenses, national identity attestations, residence permits, and social security cards. Educational QEAAs cover university diplomas, vocational qualifications, and professional certifications, enabling smooth cross-border recognition of qualifications under the EU's mutual recognition framework.

Healthcare QEAAs represent medical prescriptions, vaccination records, and health insurance cards, allowing patients to access healthcare services across EU borders. Professional QEAAs attest to licenses and authorizations, such as a lawyer's bar admission or a doctor's medical license. Corporate QEAAs can attest to a person's role within an organization, their power of representation, or their authority to sign contracts.

Each type of QEAA has a defined schema that specifies the required and optional attributes, the validity period, and the revocation mechanism. The schemas are developed through the EUDI Wallet Architecture and Reference Framework and published as technical specifications that QTSPs must follow when issuing attestations.

Verification and Cross-Border Recognition

QEAA verification is a multi-step process that provides high assurance to relying parties. The verifier first checks the digital signature on the QEAA against the QTSP's certificate, then validates the certificate chain up to a trusted root in the EU Trusted Lists. Next, the verifier checks whether the QEAA or the QTSP's certificate has been revoked using OCSP or CRL mechanisms. Finally, the verifier validates the holder binding by requesting a cryptographic proof from the wallet.

The cross-border recognition of QEAAs is one of the most transformative aspects of the eIDAS 2.0 framework. A professional qualification attested as a QEAA in one member state must be accepted by authorities and organizations in all other member states. This eliminates the lengthy apostille and translation processes currently required for cross-border document recognition, dramatically simplifying labor mobility, educational exchanges, and cross-border service provision within the EU.

The legal framework explicitly provides that QEAAs shall not be denied legal effect solely on the grounds that they are in electronic form or that they do not meet the requirements for qualified attestations. This ensures that QEAAs presented from an EUDI Wallet have the same legal standing as the corresponding paper documents, with the added benefits of instant verification, tamper detection, and selective disclosure capabilities.

What is QEAA?

QEAA: Qualified Electronic Attestation of Attributes

QEAA

Definition

QEAA Architecture and Issuance

Types of QEAAs in the EUDI Wallet

Verification and Cross-Border Recognition

Related Terms

Qualified Electronic Signature

Trust Service Provider

Frequently Asked Questions

Related Guides

→ Glossary Index

→ Qualified Electronic Signature

→ Trust Service Provider

Sources

⚠️ Independent Information