The eIDAS Regulation (electronic IDentification, Authentication and trust Services) is one of the most important European texts on digital trust. Adopted on 23 July 2014, it has been directly applicable in all EU Member States since 1 July 2016. It is the legal foundation that allows the French INPI Guichet Unique to require an eIDAS qualified signature on its formalities.
Why an eIDAS regulation?
Before eIDAS, each Member State had its own framework for electronic signature, with diverging recognition rules and risks of cross-border non-recognition. Buying online in another EU country could pose problems with electronic signature.
The European Commission therefore proposed a directly applicable regulation (no national transposition required) covering:
- Electronic identification (eID): national digital identity schemes (FranceConnect+, German BundID, Spanish Cl@ve, etc.) recognised throughout the EU.
- Trust services: electronic signature, electronic seal, time stamp, registered electronic delivery, website authentication.
The eIDAS regulation completely replaced Directive 1999/93/EC on electronic signature, which was much weaker.
The 3 trust levels of electronic signature
Article 26 — Advanced electronic signature
An "advanced" signature must meet 4 cumulative criteria:
- Be uniquely linked to the signer.
- Allow the signer's identification.
- Be created using means that the signer can keep under their sole control.
- Be linked to the data so that any subsequent modification is detectable.
Article 28 — Qualified electronic signature
A "qualified" signature must be:
- An advanced signature within the meaning of Article 26.
- Created using a Qualified Signature Creation Device (QSCD).
- Based on a qualified electronic signature certificate issued by a Qualified Trust Service Provider (QTSP) listed on the EU Trust List.
Article 25 — Legal effects
This is the strongest text. Article 25.2 states that:
"A qualified electronic signature shall have the equivalent legal effect of a handwritten signature."
This is the foundation of eIDAS recognition. A qualified signature applied via Universign (or any other listed QTSP) has the same legal force as your wet ink signature.
Why does INPI specifically require qualified?
The Guichet Unique handles formalities that engage the French commercial register (RCS, RNE — Registre National des Entreprises) — a register with public legal value. A bad signature on a director change or business cessation could allow:
- Identity theft and fraudulent signatures to make a company disappear.
- Unauthorised share capital modifications.
- Unauthorised company hijacking.
To prevent this, INPI aligned its requirement on the highest European standard: an ANSSI-audited certificate, based on a strict PVID identity check, with a certified journey.
Mutual cross-border recognition
One of the foundations of eIDAS is the obligation of mutual recognition: a qualified signature issued in any EU Member State must be recognised by all the other Member States.
Concretely:
- A signature from a German listed provider is accepted by INPI.
- A signature from a Spanish listed provider is accepted by INPI.
- A signature from a French listed provider (Universign, Certigna, etc.) is accepted by all European public administrations.
This principle is at the heart of the European digital single market. It implies that you can theoretically choose any EU provider to sign your INPI formality. In practice, the convenience of a French-language identity journey leads most users to choose a French provider.
The "Qualified Trust Service Provider" status
The eIDAS regulation creates a strict legal status for "Qualified Trust Service Providers" (QTSPs). To obtain this status, a provider must:
- Pass an independent compliance audit against the eIDAS standard.
- Implement secure infrastructures (Hardware Security Modules certified Common Criteria).
- Have an audited identity verification process (PVID journey for France).
- Maintain certificate revocation lists (CRL/OCSP) accessible 24/7.
- Pass periodic recertification audits.
Once approved, the provider is added to the EU Trust List (see our dedicated article), the official list maintained by the European Commission and ANSSI for France.
Sign your formality eIDAS qualified.
€29 ex. VAT, qualified signature applied in 2 minutes via Universign (listed on EU Trust List). 100% accepted by INPI.
Sign my summary →The eIDAS 2 update (2024-2026)
Since June 2024, the eIDAS 2 Regulation (Regulation EU 2024/1183) has come into force, extending the original framework with:
- The European Digital Identity Wallet: each EU citizen can have a digital wallet integrating their identity, diplomas, driving licence, etc.
- Reinforced requirements on trust service providers.
- New trust services (electronic archiving, attribute attestation).
For INPI, this changes nothing in practice for now: the qualified signature requirement remains identical. The European Digital Identity Wallet should, in future versions, allow native signing without going through external providers — but this isn't yet operational in 2026.
Key articles to remember
| Article | Topic | Why important |
|---|---|---|
| Art. 3 | Definitions | Defines simple, advanced, qualified signatures. |
| Art. 25 | Legal effects | Qualified = handwritten. |
| Art. 26 | Advanced signature | 4 mandatory criteria. |
| Art. 28 | Qualified signature | Definition + QSCD requirement. |
| Art. 32 | Qualified validation | Mandatory validation criteria. |
| Art. 34 | EU Trust List | Establishes the official list of providers. |
FAQ
Why is eIDAS a regulation and not a directive?
A regulation is directly applicable in all EU Member States, with no national transposition needed. This guarantees a unified legal framework throughout the Union and avoids the divergences that the previous directive had caused.
Does eIDAS apply outside the EU?
The regulation only binds EU Member States. The UK (post-Brexit) maintains a parallel framework called "UK eIDAS" similar in principle. Switzerland has its ZertES regime. The US has the ESIGN Act / UETA, similar but different.
Are non-EU signatures accepted by INPI?
Generally no. INPI follows the eIDAS framework, so only signatures from QTSPs listed on the EU Trust List are accepted. A US signature, even very serious, is not recognised by default.
Is FranceConnect+ a "qualified" signature within eIDAS?
FranceConnect+ via La Poste Digital Identity at certified level produces an eIDAS qualified signature. The "certified" qualifier corresponds to substantial+ level in eIDAS, with a qualified signature certificate at the end of the journey. This is what makes FranceConnect+ acceptable for INPI.
Does eIDAS regulate other things than signature?
Yes. The eIDAS regulation also covers electronic seal (for legal entities), time stamp, registered electronic delivery (eDelivery), website authentication, certified electronic archiving. All these services have similar "qualified" levels.
Conclusion
The eIDAS Regulation 910/2014 is the legal foundation that allows electronic signature in Europe to have legal value equivalent to handwritten signature — provided the qualified level is reached. INPI's requirement to use this level for sensitive formalities is therefore neither arbitrary nor excessive: it directly applies European law to ensure the legal certainty of the French commercial register.