Ga naar inhoud

eIDAS 2.0 explained

eIDAS 2.0 explained: practical guide on eIDAS 2.0, trust services and compliance — for IT, privacy and leadership.

Book an informal conversation

ISO Ready helps you align policy, risk, and evidence — without endless document churn.

Run the ISO 27001 readiness scan

What changes with eIDAS 2.0?

The eIDAS revision introduces a European Digital Identity Wallet (EUDI), tighter rules for qualified trust service providers (QTSP) and more interoperability between member states. Organisations providing or consuming identity, signatures or trust services must reassess contracts, architecture and compliance.

eIDAS 2.0 does not replace ISO 27001 or NIS2 — it regulates digital identity and trust services. Security and privacy teams still need to collaborate: PKI, logging, incident response and data minimisation touch both worlds.

Who is affected?

Government and public services offering or accepting eID.

Financial sector — alongside DORA, strong identity and signature processes matter for onboarding and contracts.

SaaS and trust service providers delivering QES, timestamps, seals or wallet integrations.

Practical first steps

Inventory where you use eID, signatures or QTSP services today. Map vendors, contracts and data flows. Record overlap with GDPR, ISMS and any NIS2/DORA in one register — not parallel spreadsheets.

Checklist

  • Inventory eID, QES and QTSP use
  • Map vendors and trust list status
  • Link to ISMS, GDPR and risk register
  • Plan DPIA where wallet or identity data
  • Test fallback and incident scenarios

Practical next step

For eIDAS 2.0, ISO Ready links identity, trust and security measures in one ISMS — with actions, evidence and vendors toward audit. Run the readiness scan on iso-ready.nl.

More on eIDAS 2.0

Key takeaways

  • Inventory trust services and wallet use before major projects.
  • Link eIDAS to ISMS, GDPR and vendor register — one trail.
  • Test fallback and logging; QES outage is a business continuity scenario.

Veelgestelde vragen

When does eIDAS 2.0 apply to eIDAS 2.0 explained?
When you offer or consume digital identity, wallet attributes, QES or qualified trust services in the EU — alongside national implementation timelines.
Does eIDAS replace ISO 27001?
No. eIDAS regulates trust services; ISO 27001 helps the ISMS and evidence for security controls around PKI, logging and vendors.
How does this relate to national eID schemes?
National schemes remain; eIDAS 2.0 adds the EUDI wallet and EU-wide interoperability. Plan transition and fallback.
What role does GDPR play?
Identity and attribute data are personal data. DPIA, records and minimisation remain leading.
How do we start with eIDAS 2.0 explained?
Inventory current trust services, map vendors and link to ISMS and privacy records before rolling out new wallet or QES processes.

Run the ISO 27001 readiness scan

See where you stand before investing in documents or consultants.

Start the readiness scan