Everything you need to know about the revised eIDAS regulation

In June 2021, the EU Commission announced its plans for a revised eIDAS regulation. eIDAS (electronic IDentification, Authentication and trust Services) is the EU regulation 910/2014 on electronic identification and trust services in the EU. It came into force in 2014, so the revision is a major update to eIDAS. The past two years the Commission has been working on preparations, public surveys, expert committees and legal enhancements.

Yubico has taken an active role in the eIDAS revision and contributed to several expert surveys with comments and suggestions for enhancements, which have also been incorporated in the revised eIDAS legislation. The YubiKey is well positioned to play an important role in the emerging eIDAS ecosystem as in the case of the EU digital wallet for example, a YubiKey can be used to protect authentication credentials, which allow for portability and recovery of the EU digital wallet and its credentials. YubiKeys also supports WebAuthn solutions that cater to secure authentication for eIDAS remote signing services.

Major findings in the EU Commission’s analysis of the existing eIDAS regulation

National eID schemes have low adoption across borders.

  • The eID schemes can be approved on a national (domestic) level. Such national eID schemes can voluntarily be notified on the EU level, which allows for cross-border identification. Only 19 countries have notified their eID schemes on the EU level, however, so the notified eID schemes only cover around 59% of the EU population. In addition to this, the certification requirements differ between the EU member states, so the acceptance and interoperability of notified eIDs across the EU level is low. Therefore, the cross-border eIDs have a too narrow scope, the utilization is minimal, and the federation protocols do not scale. There are also privacy concerns. All electronic identities, which are typically digital certificates, contain a set of attributes about the holder. Citizens cannot limit what eID attributes they want to present for authentication, when it is sometimes only necessary to present a specific attribute (such as age). Domestic eID schemes are however a lot more successful. In particular, private actors that issue eIDs are processing billions of authentications and signatures per year in each country.

Gaps still exist for Qualified Trust Service Providers to authenticate securely.

  • The existing EU eIDAS regulation and technical standards for operating Qualified Trust Service Providers are considered to function properly, although certain technical and legal gaps need to be closed. When the eIDAS regulation was written in 2014, however, there were no available standards for how to operate signing devices by a trust service provider in a secure environment. So the legal eIDAS framework did not stipulate how a user can authenticate securely to a signing service provider to gain sole control of the signature process.

Need to Harmonize with the EU’s changing legal landscape.

Incorporate the latest technical standards.

  • The technical landscape has also changed since 2014. The most obvious change in people’s life is the increased use of mobile devices. The COVID-19 pandemic has accelerated the digitalization of our society, which has resulted in increased needs of strong authentication solutions. Blockchain technologies have matured, been enhanced and are now widely deployed, also for other use cases than cryptocurrencies. Last but not least, several new authentication solutions have been developed, such as FIDO2, WebAuthn, and OpenID Connect. Yubico is having a leading role in the design of these protocols, which are now impacting the authentication solutions on a global scale.

Major improvements to the revised eIDAS regulation

Mandatory for EU member states to provide EU digital identity wallets.

  • The most significant improvement is the EU digital identity wallet, which will be made available to all EU citizens. The use cases for the EU digital identity wallets are for example electronic driving license, electronic passport, electronic national ID-card, identification to online services or digital agreement signing. It will be mandatory for each EU member state to provide EU digital identity wallets to all citizens free of charge, as opposed to the current situation when eID schemes are voluntary. Private actors will also be allowed to issue EU digital identity wallets, in contrast to the current state where national certification authorities are dominating the issuance of eIDs. Privacy for the citizens will be an important topic for the revised eIDAS regulation. It will be voluntary for the citizens to get an EU digital identity wallet, and the users also will be able to select what attributes (such as age) they want to present to a validator.

The Common Toolbox will standardize the EU digital identity wallet.

Improved remote signature services.

  • In order to ensure sole control of secure remote signing processes, the eIDAS regulation will be updated with references to the CEN standard that regulate the operation and authentication to remote Qualified Signature Creation Devices.

Harmonization with other EU regulations.

The revised eIDAS regulation contains very ambitious enhancements, and caters for a greater rollout of electronic identities across the EU. The deadline for all EU member states to implement the new eIDAS regulation is June 2024.

Yubico will remain in the frontline for inventing solutions and products that are compliant with the EU regulations, please contact us for a consultation on how eIDAS regulations may affect your organization. For more information on Yubico’s contributions to the eIDAS ecosystem, please read our blog post on the eIDAS revision process and how the YubiKey is deployed with eIDAS solutions

Talk to our teamTalk to our team

Share this article:


  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane