TL;DR: eIDAS 2.0 expands cross-border digital identity, qualified signatures, and wallet-based trust across the EU, with mandatory EUDI Wallet acceptance rolling toward 2026 and new obligations for relying parties, QTSPs, and enterprise workflows, according to eMudhra. The compliance problem is now infrastructure-level, because identity acceptance, auditability, and jurisdictional enforceability must align at runtime, not just in policy.
NHIMG editorial — based on content published by eMudhra: eIDAS 2.0, the updated regulation for electronic identification and trust services in the European Union
By the numbers:
- All EU member states must issue digital wallets by September 2026, creating a unified framework for digital identity across borders.
- eIDAS 2.0 was first introduced in 2014 to harmonize digital trust across EU member states.
Questions worth separating out
Q: How should organisations prepare for eIDAS 2.0 in cross-border workflows?
A: Start by mapping where digital signatures, identity assertions, and attribute attestations cross jurisdictional boundaries.
Q: Why does EUDI Wallet support matter to IAM and compliance teams?
A: Because wallet support changes the identity acceptance model from a local technical decision into a regulated trust requirement.
Q: What breaks when relying-party systems are not ready for eIDAS 2.0?
A: Workflows may still function inside one business unit or country, but the signature may not be enforceable across borders.
Practitioner guidance
- Inventory all relying-party workflows Identify every application, workflow, and document process that accepts signatures or identity evidence from EU users or legal entities.
- Validate the full trust chain Test whether your systems can ingest QTSP-backed signatures, verify certificate status, and preserve audit evidence end to end.
- Align retention and audit controls Review logging, time stamping, certificate validation, and record retention so they support a challenge in another member state.
What's in the full article
eMudhra's full article covers the operational detail this post intentionally leaves for the source:
- How QTSP-integrated signature workflows map to specific enterprise document systems and approval paths.
- What eIDAS 2.0 compliance checks look like for cross-border signature acceptance and validation.
- How EUDI Wallet integration changes the technical control points in authentication and signing.
- What audit and compliance reporting needs to look like when signatures must be defensible across member states.
👉 Read eMudhra's guide to eIDAS 2.0 compliance and EUDI Wallet readiness →
eIDAS 2.0 compliance and EUDI Wallets: what changes for IAM teams?
Explore further
eIDAS 2.0 turns signature acceptance into identity governance. Once a relying party must recognise wallet-based credentials across borders, the control problem moves from document signing to trust orchestration. This is not just compliance overhead. It forces IAM, legal, and platform teams to agree on which identities, attributes, and certificates are authoritative in each workflow.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable for cross-border signature governance under eIDAS 2.0?
A: Accountability usually spans IAM, legal, compliance, and the owners of the business workflow that consumes the signature. If those groups do not share a control model, the organisation can satisfy parts of the process while failing the overall regulatory obligation.
👉 Read our full editorial: eIDAS 2.0 and EUDI Wallets are reshaping digital trust