Everything you need to know about the revised eIDAS regulation

In June 2021, the EU Commission announced its plans for a revised eIDAS regulation. eIDAS (electronic IDentification, Authentication and trust Services) is the EU regulation 910/2014 on electronic identification and trust services in the EU. It came into force in 2014, so the revision is a major update to eIDAS. The past two years the Commission has been working on preparations, public surveys, expert committees and legal enhancements.

Yubico has taken an active role in the eIDAS revision and contributed to several expert surveys with comments and suggestions for enhancements, which have also been incorporated in the revised eIDAS legislation. The YubiKey is well positioned to play an important role in the emerging eIDAS ecosystem as in the case of the EU digital wallet for example, a YubiKey can be used to protect authentication credentials, which allow for portability and recovery of the EU digital wallet and its credentials. YubiKeys also supports WebAuthn solutions that cater to secure authentication for eIDAS remote signing services.

Major findings in the EU Commission’s analysis of the existing eIDAS regulation

National eID schemes have low adoption across borders.

  • The eID schemes can be approved on a national (domestic) level. Such national eID schemes can voluntarily be notified on the EU level, which allows for cross-border identification. Only 19 countries have notified their eID schemes on the EU level, however, so the notified eID schemes only cover around 59% of the EU population. In addition to this, the certification requirements differ between the EU member states, so the acceptance and interoperability of notified eIDs across the EU level is low. Therefore, the cross-border eIDs have a too narrow scope, the utilization is minimal, and the federation protocols do not scale. There are also privacy concerns. All electronic identities, which are typically digital certificates, contain a set of attributes about the holder. Citizens cannot limit what eID attributes they want to present for authentication, when it is sometimes only necessary to present a specific attribute (such as age). Domestic eID schemes are however a lot more successful. In particular, private actors that issue eIDs are processing billions of authentications and signatures per year in each country.

Gaps still exist for Qualified Trust Service Providers to authenticate securely.

  • The existing EU eIDAS regulation and technical standards for operating Qualified Trust Service Providers are considered to function properly, although certain technical and legal gaps need to be closed. When the eIDAS regulation was written in 2014, however, there were no available standards for how to operate signing devices by a trust service provider in a secure environment. So the legal eIDAS framework did not stipulate how a user can authenticate securely to a signing service provider to gain sole control of the signature process.

Need to Harmonize with the EU’s changing legal landscape.

Incorporate the latest technical standards.

  • The technical landscape has also changed since 2014. The most obvious change in people’s life is the increased use of mobile devices. The COVID-19 pandemic has accelerated the digitalization of our society, which has resulted in increased needs of strong authentication solutions. Blockchain technologies have matured, been enhanced and are now widely deployed, also for other use cases than cryptocurrencies. Last but not least, several new authentication solutions have been developed, such as FIDO2, WebAuthn, and OpenID Connect. Yubico is having a leading role in the design of these protocols, which are now impacting the authentication solutions on a global scale.

Major improvements to the revised eIDAS regulation

Mandatory for EU member states to provide EU digital identity wallets.

  • The most significant improvement is the EU digital identity wallet, which will be made available to all EU citizens. The use cases for the EU digital identity wallets are for example electronic driving license, electronic passport, electronic national ID-card, identification to online services or digital agreement signing. It will be mandatory for each EU member state to provide EU digital identity wallets to all citizens free of charge, as opposed to the current situation when eID schemes are voluntary. Private actors will also be allowed to issue EU digital identity wallets, in contrast to the current state where national certification authorities are dominating the issuance of eIDs. Privacy for the citizens will be an important topic for the revised eIDAS regulation. It will be voluntary for the citizens to get an EU digital identity wallet, and the users also will be able to select what attributes (such as age) they want to present to a validator.

The Common Toolbox will standardize the EU digital identity wallet.

Improved remote signature services.

  • In order to ensure sole control of secure remote signing processes, the eIDAS regulation will be updated with references to the CEN standard that regulate the operation and authentication to remote Qualified Signature Creation Devices.

Harmonization with other EU regulations.

The revised eIDAS regulation contains very ambitious enhancements, and caters for a greater rollout of electronic identities across the EU. The deadline for all EU member states to implement the new eIDAS regulation is June 2024.

Yubico will remain in the frontline for inventing solutions and products that are compliant with the EU regulations, please contact us for a consultation on how eIDAS regulations may affect your organization. For more information on Yubico’s contributions to the eIDAS ecosystem, please read our blog post on the eIDAS revision process and how the YubiKey is deployed with eIDAS solutions

Talk to our teamTalk to our team

Share this article:


  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet