TL;DR: eIDAS 2.0 expands qualified trust services, broadens digital identity wallet use, and targets wider adoption of secure electronic transactions across the UK and EU, according to GlobalSign and Prescient & Strategic Intelligence. The governance shift is less about document signing alone and more about tightening identity assurance, auditability, and consumer control across regulated digital workflows.
NHIMG editorial — based on content published by GlobalSign: eIDAS 2.0 and digital identity trust in the UK and EU
By the numbers:
- the proposal aims for at least 80% of EU citizens to have a digital identity system by 2030.
Questions worth separating out
Q: How should organisations govern qualified electronic signatures in regulated workflows?
A: Start by classifying which business processes actually require the legal strength of a qualified electronic signature.
Q: Why do digital identity wallets change IAM governance?
A: Because the wallet changes who presents the identity attributes, but not who is accountable for trusting them.
Q: What breaks when trust service provider governance is weak?
A: The legal and operational value of the signature weakens if the provider is not continuously assured, audited, and monitored.
Practitioner guidance
- Map regulated workflows by assurance level Separate transactions that require qualified electronic signatures from those that only need standard electronic authentication.
- Review QTSP governance as a supplier control Track approved trust service providers, evidence of periodic audit, and change in provider status as part of ongoing third-party governance.
- Align digital identity wallet attributes to minimum necessary use Identify which identity attributes are actually needed for each relying-party process, then block unnecessary data collection in downstream systems.
What's in the full article
GlobalSign's full article covers the operational detail this post intentionally leaves for the source:
- How qualified electronic signatures work across land transfer, e-invoicing, employment, and payment workflows.
- Why QTSP status matters for audit readiness, legal validity, and cross-border trust acceptance.
- Where digital identity wallets change consumer consent, attribute sharing, and relying-party verification.
- How eIDAS 2.0 affects PSD2, EPREL, and other regulated digital transaction paths.
👉 Read GlobalSign's analysis of eIDAS 2.0 and digital identity trust in the UK and EU →
eIDAS 2.0 and digital identity trust: what changes for IAM teams?
Explore further
eIDAS 2.0 is really an identity governance update, not just a signature update. The article focuses on signatures, but the operational effect is broader: it tightens how identities are asserted, how trust services are audited, and how evidence survives dispute. That places it squarely in IAM and digital trust governance, especially where regulated business processes depend on verifiable identity. Practitioners should read it as a governance change with legal consequences, not a document workflow feature.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who is accountable when digital identity proof fails in a regulated workflow?
A: Accountability sits with the relying party and the organisation that designed the trust process, not just the provider that issued the certificate. Frameworks like eIDAS and internal governance both matter because the business must prove why the trust decision was acceptable.
👉 Read our full editorial: eIDAS 2.0 raises the bar for digital identity trust in the UK and EU