Identity

eIDAS and digital trust in Europe

2025-05-18 | 5 min

eIDASlogo

I don't know if you know that the correct handling of the real identity of the subjects performing actions in information systems, such as the internet, is one of the major unsolved challenges in the history of digital services and security.

Solving the problem of knowing who is really on the other side of the wire, which entity will really respond if I have a problem with an online purchase, or answering the question; if I am one person, why do I have multiple identities on the internet? It is not simple and it creates an even bigger problem, it creates distrust to carry out ‘peer to peer’ transactions of a greater significance than talking to another person through a social network.

In a European Union that seeks to maximise B2B trade between SMEs, cohesion and international relations, ensuring the identity, integrity and authenticity of electronic transactions is not just a technical issue: it is a legal, strategic and trust requirement. This is where the eIDAS Regulation, the backbone of the digital identity ecosystem in the European Union, comes in.

In this article, I explain what role trust services play and how the new EUDI Wallet will change the way citizens and businesses operate digitally within the European single market.

What is the eIDAS Regulation?

First, a bit of history. The eIDAS Regulation (910/2014) established the legal framework for the secure use of electronic identification and trust services in cross-border electronic transactions within the union. Its purpose is to ensure that the digital identity of a person, company or public administration is recognised and valid throughout the EU, with the same level of security and legal value.

Trust services

The concept of trust services were at the heart of eIDAS and are legally backed technical mechanisms that allow digital transactions to be carried out with guarantees of authenticity, integrity, non-repudiation and confidentiality. They are offered by qualified providers and audited according to the requirements of the regulation.

The main trust services regulated by eIDAS are:

Electronic signature

Allows a person to digitally sign a document, with legal validity equivalent to a handwritten signature if it is a qualified signature.

In Spain, this has been possible for years through the FNMT digital certificates and the autofirma application.

Electronic seal

It works like a digital signature, but issued by a legal person (company, organisation). It ensures that the document has not been altered since it was issued.

In Spain, this can be done with digital certificates of company representation.

Electronic time stamp

Certifies the exact date and time when a document was signed or issued, generating legal evidence of its existence at a specific time.

These time services are offered by entities such as the Marine Observatory of San Fernando (Cádiz) which, in case you didn't know, has one of the most modern and accurate atomic clocks in the world. These services are accessed through signature applications such as auto-signature and government networks such as SARA/NEREA.

Certified electronic delivery services

Ensure the secure and accredited transmission of electronic documents between parties, including evidence of sending and receiving.

An example of this in Spain is the electronic notification services of the Public Administrations.

Certificates for website authentication

They allow verifying the identity of a website and protecting communication through secure protocols such as TLS/SSL, increasing user confidence. In this case, the qualification would be that a trusted entity such as a chamber of commerce or tax office signs a digital certificate from the FNMT so that you can attach it to your web page to create the HTTPS. Here we are behind schedule because most browsers do not yet trust the FNMT.

EUDI Wallet: the next generation of European digital identity

In order to evolve the current framework, the EU has proposed eIDAS 2.0, which introduces a ground-breaking element: the European Digital Identity Wallet (EUDI Wallet).

It is a secure and sovereign mobile application that implements a ‘digital wallet’ that will allow European citizens to:

  • Store their official digital identity (ID card, e-passport).
  • Add certificates, academic qualifications, professional licences.
  • Sign documents electronically.
  • Access public and private services in any EU country.
  • Control what personal data you share and with whom, without relying on US tech giants.

The EUDI Wallet will be interoperable in all member states and will be based on open standards and technologies such as blockchain, self-sovereign identity (SSI) and verifiable credentials.

What are the implications for businesses?

For businesses operating in Europe, this ecosystem offers great opportunities, but also technical and compliance challenges:

  • Adapting to the new electronic identification and authentication standards. In Spain, we have a head start in this area because we were pioneers.
  • Incorporate trust services in their signature, sealing or electronic delivery processes.
  • Ensure that our platforms and applications are ready to interoperate with the EUDI Wallet.
  • Comply with the privacy, security and digital sovereignty requirements of the regulations.

At GrayHats, we help organisations integrate trusted digital identity solutions, deploy qualified trust services and prepare for the new regulatory landscape with eIDAS 2.0.

blogpost

Por Javier Jiménez

CEO & Founder

© Grayhats | 2025-05-18

Certifications

We seek to reflect our commitment and quality through recognized certifications. Rigorous standards that guarantee our operational excellence.

Sello Pyme InnovadoraMinisterio de Ciencia e Innovación