Trust Services

eIDAS Trust Services Explained: Qualified vs Non-Qualified 2026

Executive summary — The EU's eIDAS regulation classifies trust services into two tiers — qualified and non-qualified — with sharply different legal effects. Qualified services carry automatic cross-border recognition; non-qualified do not. This article walks through Annex II, III, and IV of eIDAS, explains the EU Trust List, and gives non-EU enterprises a framework for using qualified services in cross-border commerce.

Most enterprises encounter eIDAS for the first time through a single workflow — signing a contract with an EU counterparty, or processing a transaction with an EU-based service. They quickly discover that the EU's trust services regime is more nuanced than the simple 'is this signature valid' question they expected. The nuance lives in a single distinction: qualified versus non-qualified.

The eIDAS Framework in 60 Seconds

eIDAS — Regulation (EU) No 910/2014, updated by eIDAS 2.0 — is the EU's framework for what are trust services in 2026. It regulates electronic identification (Annex I covers eID schemes) and six categories of trust service (Annexes II–IV cover signatures, seals, timestamps, registered delivery, and website authentication).

Within each trust service category, eIDAS defines two tiers. Non-qualified services are legally valid but carry no automatic cross-border recognition. Qualified services — issued by a QTSP listed on a national trust list — receive automatic mutual recognition across all 27 EU member states, with strong legal presumptions in court.

Annex II, III, and IV: What's Inside

Annex II — Qualified Electronic Signatures

Defines the requirements for a qualified electronic signature creation device (QSCD): a hardware token or certified remote signing platform that holds the signer's private key under sole control. QES uses both a qualified certificate and a QSCD.

Annex III — Qualified Electronic Seals

Defines the equivalent requirements for qualified electronic seals — applied by legal entities (organisations) rather than humans. Seals attest to the document's origin and integrity.

Annex IV — Qualified Website Authentication Certificates

Defines qualified website authentication certificates (QWACs) that verify the identity of the legal entity behind a website — going beyond standard SSL/TLS to provide organisational identity assurance.

The EU Trust List

Every EU member state publishes a national trust list (TSL) of qualified trust service providers operating in its jurisdiction. The European Commission maintains an aggregated List of Trusted Lists (LOTL). Any QTSP listed there carries automatic recognition across the EU. Verifying provider qualification means checking the trust list — not relying on the provider's own marketing claims.

Why Non-EU Enterprises Should Care

Two reasons. First, any enterprise doing cross-border business with EU counterparties needs to understand whether its eSignature platform can produce signatures the EU will recognise. Second, eIDAS-style trust frameworks are now the global pattern — India, UAE, Singapore, Kenya, and others have implemented functionally similar regulations. Understanding eIDAS is the fastest path to understanding the broader category. Time-stamping in particular is a workhorse trust service detailed in time stamping services and qualified timestamps.

Looking at the platform layer? eMudhra's eMudhra trust services portfolio issues qualified and non-qualified trust services across multiple regulatory frameworks under a single licensed QTSP.

Looking Ahead — eIDAS 2.0

eIDAS 2.0 (Regulation 2024/1183) introduces the EU Digital Identity Wallet, expanded recognition for qualified attestations, and tightened QTSP obligations. The eIDAS 2.0 and the EU Digital Identity Wallet article walks through the implications for relying parties.

READY TO ISSUE EU-RECOGNISED TRUST SERVICES?
eMudhra's trust services portfolio covers qualified and non-qualified categories under a single licensed QTSP — with cross-jurisdictional coverage. Explore eMudhra trust services portfolio or Contact eMudhra team.

eMudhra Limited
About the Author

eMudhra Limited

eMudhra Editorial represents the collective voice of eMudhra, providing expert insights on the latest trends in digital security, cryptographic identities, and digital transformation. Our team of industry specialists curates and delivers thought-provoking content aimed at helping businesses navigate the evolving landscape of cybersecurity and trust services with confidence.

Ready to Try?

Talk to our team about how eMudhra can help secure your digital workflows with PKI, eSignatures and identity solutions.

Connect with sales