DottiSign

eIDAS Explained: E-Signatures in the European Union

guides

eIDAS sounds intimidating. The reality is most European businesses only need the simplest tier. Here's the plain-English version.

If you're doing business in Europe and someone has told you e-signatures are 'complicated under eIDAS,' they are technically right and practically wrong. eIDAS is a tiered system — most business documents only need the simplest tier, which any reputable e-signature platform supports.

The short version

European Union (eIDAS Regulation 910/2014, plus eIDAS 2.0 updates): electronic signatures are legally enforceable for the overwhelming majority of business and personal documents. The exceptions are narrow and predictable. If you're using a reputable e-signature platform with an audit trail, you are almost certainly compliant.

The law itself

eIDAS came into force in 2016, replacing the older 1999 Electronic Signatures Directive. eIDAS 2.0, finalized in 2024, expanded the framework to include the EU Digital Identity Wallet and updated qualified services. The core three-tier signature framework (SES/AES/QES) remains the foundation.

What counts as a valid e-signature

  • Simple Electronic Signature (SES): a digital marking attached to data with intent to sign — sufficient for the vast majority of business contracts
  • Advanced Electronic Signature (AES): uniquely identifies the signer, detects any changes to the document — used for higher-stakes commercial contracts
  • Qualified Electronic Signature (QES): legally equivalent to a wet signature; requires a Qualified Trust Service Provider and identity verification — used for specific regulated documents
  • All three tiers are legally enforceable; the higher tiers just provide stronger evidence

What's still excluded

Some categories require wet signatures or notarization. Common exclusions include:

  • Some real estate transactions in specific member states still require notarization
  • Wills and certain inheritance documents in many member states
  • Documents requiring physical witnessing under specific national laws
  • Some employment contracts in countries with specific formalism requirements

What courts actually look at

If a signature is challenged, courts look for evidence that:

  1. The signer intended to sign (not accidentally clicked through)
  2. The signer is who they claim to be (audit trail with email/IP/timestamp)
  3. The document has not been altered after signing (cryptographic integrity)
  4. There is a record of the entire transaction (audit trail)

This is exactly what a proper audit trail captures: timestamps, IP addresses, the recipient's identity, and the unaltered final document.

Practical guidance

For 95% of business contracts — service agreements, NDAs, proposals, employment contracts in non-formalist jurisdictions — Simple Electronic Signature with a proper audit trail is sufficient under eIDAS. Don't let a vendor upsell you on QES unless your specific document type requires it. Common case: you do not need QES for a freelance contract, an SOW, a software license, or a supplier agreement.

Bottom line

The legal infrastructure for e-signatures has been settled for years. The question is no longer "is this legal" but "is my workflow capturing the evidence I'd need if it were ever challenged." Use a platform with a real audit trail — that single requirement covers 95% of the legal risk.

DottiSign captures full audit trails on every document, including signer IP, timestamps, and the unmodified signed PDF.

Ready to try DottiSign?