For any businesses and services transacting online, ensuring the authenticity of digital identities while combating financial crimes is a non-negotiable. One of the most significant regulatory frameworks that has shaped the digital identity verification space is the Electronic Identification, Authentication and Trust Services (eIDAS) regulation in the European Union (also known as EU 910/2014). eIDAS-compliant solutions support robust Know Your Customer (KYC) processes for enhanced security and compliance. As leaders in identity verification technology and solutions, we explore the history, significance, and impact of these regulations on digital trust and security in this blog.
Let’s take a deeper look at eIDAS 1.0 and eIDAS 2.0 — the electronic identification and trust services regulation.
What is eIDAS?
eIDAS, short for Electronic Identification, Authentication and Trust Services, is a regulatory framework introduced by the European Union to standardize the way electronic identification and trust services are used across EU member states. Established in 2014, eIDAS aims to enhance the security and reliability of electronic transactions by providing a cohesive set of standards for digital signatures (like QES), electronic seals, time stamps, e-delivery services, and website authentication. By ensuring that electronic identifications and trust services are interoperable and legally recognized across the EU, eIDAS facilitates seamless and secure digital interactions between individuals, businesses, and public authorities, thereby supporting the digital single market and fostering trust in online services.
Get help navigating the continent's patchwork of regulations. This blog will simplify and compare two potential paths businesses can take when choosing the right identity verification solution: certified identity solutions (such as the Onfido Compliance Suite) or nationally accredited solutions (such as those approved under PVID in France).
eIDAS regulation
While eIDAS was initiated a decade ago, it has proved resilient to changing technologies and business environments. The regulation has been reformed and is approaching a new iteration that will take effect by mid-2026 at the earliest.
eIDAS 1.0
eIDAS 1.0 arrived in 2014, and set out to enable secure and seamless electronic interactions between businesses, citizens, and public authorities across the EU. This established a pan-European framework for digital identity underpinned by 9 principles: user choice, privacy, interoperability and security, trust, convenience, user consent and control proportionality, counterpart knowledge and global scalability
It also covers the pan-European framework for trust services, to create, validate, and verify electronic signatures, time stamps, seals, and certificates. It established the regulation by which a trust service may provide authentication and preservation of created electronic signatures, certificates, and seals, bringing ID verification and trust services into the digital age and granting digital mechanisms the same status as their paper counterparts.
What does eIDAS mean for businesses? It provides the necessary framework for compliant customer due diligence (CDD), allowing financial services (or other regulated sectors) to verify the identity of a potential customer via their eID, and carry out checks on their financial records, complying with EU anti-money laundering(AML)requirements.
eIDAS also reduces time in document exchange and ensures security against loss, theft, damage or alteration. eSignature allows a contract to be signed with a verified eSignature, eSeal and applicable timestamp – and the client in turn can use their eSignature to complete the contract, enhancing trust in document origin and validity, and reducing costs through streamlined services.
Trust services in the EU must comply with eIDAS as an EU-registered entity under the supervision of a relevant supervisory body of an EU member state. The regulation has been adopted into UK law post EU-Exit and is overseen by the Information Commissioner’s Office (ICO) but there is no reciprocity agreement. That means that businesses operating in both jurisdictions must have separate entities submitting to supervision by a designated authority in an EU Member State in addition to the ICO.
By ensuring that these services are interoperable across EU member states, eIDAS has played a pivotal role in enhancing trust in online transactions and services, fostering digital single market growth.
eIDAS 2.0
The eIDAS 2.0 regulation is the EU’s proposal to make eIDAS fit for the second half of the 2020s and beyond. The regulation updates eIDAS by embracing new types of electronic trust services such as electronic seals and certificates for authentication and electronic documents. It also defines QTSPs – qualified trust service providers – responsible for ensuring that digital identities align with the updated regulation, including compliance with the eIDAS high-level security standards and obligations, and verified by a national supervisory body.
eIDAS 2.0 also establishes harmonized requirements for a universally-available and universally-recognized EU Digital Identity Wallet (EUDI). All private services operating in the EU that are legally required to authenticate their users are required to recognize and accept credentials presented by the EUDI. The ambition is to enable every European to have a set of digital identity credentials (such as ID cards, passports, professional certifications and driving licenses) recognized across the EU. Mobile applications or cloud services that provide reusable digital credentials can be utilized privately and securely for a variety of use cases.
eIDAS timeline
Each member state has to produce (through the public or private sector) both an EUDI wallet for its citizens AND the infrastructure to recognise credentials from other member states. Enabling legislation and a 30-month implementation period have us looking at entry into force in mid-2026 at the very earliest.
ETSI – the European Telecommunications Standards Institute – produced specific technical standards to facilitate the implementation of eIDAS 1.0 and will certainly be doing the same for eIDAS 2.0 to provide consistent technical requirements and ensure interoperability. These standards are an essential part of giving practical application to the eIDAS regulations.
The significance of eIDAS for digital identity verification
For Onfido and other companies specializing in identity verification, eIDAS represents a critical pillar that supports the development of secure, efficient, and compliant digital identity solutions. eIDAS provides the legal framework and standards for electronic identification and trust services, enabling Onfido to offer services that are recognized and trusted across the EU – critical in a regulatorily complex and divergent environment at the Member State level. Simultaneously, another pillar of EU compliance, the Anti Money Laundering Directive (AMLD) compels businesses to implement robust identity verification processes to prevent money laundering and terrorism financing, further underscoring the importance of Onfido's services.
The Onfido Compliance Suite
EU businesses face choices about how to ensure compliance with these regulations. Certified identity verification solutions, such as Onfido’s new Compliance Suite, cut through this complexity by leveraging qualified electronic signature (QES) and one-time password (OTP). Locally-accredited solutions might safeguard domestic operations, but Onfido's Compliance Suite unlocks a continent of possibilities. For financial services with pan-European ambitions or those who want the best possible UX to stand out in a crowded market, the choice is clear.
Discover how the Onfido Compliance Suite combines ETSI-certified identity verification (comprising document verification and biometric verification) plus QES in Onfido Studio, to create flexible, user-friendly, and compliant end-to-end workflows.
Read our EU KYC guide to learn what the future holds as directives, regulation and technology constantly evolve.
