Skip to main content

eIDAS - Qualified certificates for electronic signatures and seals

Commission Implementing Regulation (EU) 2025/1945 establishes detailed rules under Regulation (EU) No 910/2014. This regulation aims to ensure consistent standards across EU Member States, enhancing trust and interoperability within the European Digital Identity ecosystem.

An electronic edition of the same is available here.

Article 1: Reference standards and specifications

  1. The reference standards and specifications referred to in Article 32(3) and Article 40 of Regulation (EU) No 910/2014 are set out in Annex I to this Regulation.

  2. The reference standards and specifications referred to in Article 32a(3) and Article 40a of Regulation (EU) No 910/2014 are set out in Annex II to this Regulation.

Article 2: Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 29 September 2025.

For the Commission

The President

Ursula VON DER LEYEN

ANNEX I - List of reference standards and specifications for the validation of qualified electronic signatures and of qualified electronic seals

The standards ETSI TS 119 172-4 V1.1.1 (2021-05) (1) ('ETSI TS 119 172-4'), and ETSI TS 119 102-2 V1.4.1 (2023-06) (2) ('ETSI TS 119 102-2') apply with the following adaptations:

  1. For ETSI TS 119 172-4 (1) 2.1 Normative references:
    • [1] ETSI EN 319 102-1 V1.4.1 (2024-06) 'Electronic Signatures and Trust Infrastructures (ESI)
    • Procedures for Creation and Validation of AdES Digital Signatures
    • Part 1: Creation and Validation'.
    • All references to 'ETSI TS 119 102-1 [1]' shall be understood as references to 'ETSI EN 319 102-1 [1]'.
    • [2] ETSI TS 119 612 V2.3.1 (2024-11) 'Electronic Signatures and Infrastructures (ESI)
    • Trusted Lists'.
    • [13] ETSI TS 119 101 V1.1.1 (2016-03) 'Electronic Signatures and Infrastructures (ESI)
    • Policy and security requirements for applications for signature creation and signature validation'.
    • (2) 4.2 Validation constraints and validation procedures, requirement REQ-4.2-03, section 'X.509 validation constraints', point c):
    • (i) If an end-entity certificate represents a trust anchor, the RevocationCheckingConstraints shall not be used.
    • (ii) If an end-entity certificate does not represent a trust anchor, the RevocationCheckingConstraints shall be set to 'eitherCheck' as defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.1.
    • (iii) If an end-entity certificate represents a trust anchor, the RevocationFreshnessConstraints defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.2 shall not be used.
    • (iv) If an end-entity certificate does not represent a trust anchor, the RevocationFreshnessConstraints defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.2 shall be used with a maximum value of 24 hours for the signing certificate. No value shall be set for the RevocationFreshnessConstraints for certificates other than the signing certificate, including certificates supporting time-stamps.
    • (3) 4.3 Requirements on signature validation and applicability rules checking practices
    • REQ-4.3-02 Signature validation applications shall be compliant with ETSI TS 119 101 [13].
    • (4) 4.4 Technical applicability (rules) checking process
    • REQ-4.4.2-03 If any of the checks specified in REQ-4.4.2-01 fails, then:
    • (a) the process stops
    • (b) the signature shall be technically determined as indeterminate, i.e. as neither an EU qualified electronic signature, nor as an EU qualified electronic seal
    • and
    • (c) the above result and the results of processes of all the intermediate processes shall be reflected in the signature applicability rules checking report.

ANNEX II - List of reference standards and specifications for the validation of advanced electronic signatures based on qualified certificates and of advanced electronic seals based on qualified certificates

The standards ETSI TS 119 172-4 V1.1.1 (2021-05) (1) ('ETSI TS 119 172-4'), and ETSI TS 119 102-2 V1.4.1 (2023-06) (2) ('ETSI TS 119 102-2') apply with the following adaptations:

  1. For ETSI TS 119 172-4 (1) 2.1 Normative references:
    • [1] ETSI EN 319 102-1 V1.4.1 (2024-06) 'Electronic Signatures and Trust Infrastructures (ESI)
    • Procedures for Creation and Validation of AdES Digital Signatures
    • Part 1: Creation and Validation'.
    • All references to 'ETSI TS 119 102-1 [1]' shall be understood as references to 'ETSI EN 319 102-1 [1]'.
    • [2] ETSI TS 119 612 V2.3.1 (2024-11) 'Electronic Signatures and Infrastructures (ESI)
    • Trusted Lists'.
    • [13] ETSI TS 119 101 V1.1.1 (2016-03) 'Electronic Signatures and Infrastructures (ESI)
    • Policy and security requirements for applications for signature creation and signature validation'.
    • (2) 4.2 Validation constraints and validation procedures, requirement REQ-4.2-03, section 'X.509 validation constraints', point (c):
    • (i) If an end-entity certificate represents a trust anchor, the RevocationCheckingConstraints shall not be used.
    • (ii) If an end-entity certificate does not represent a trust anchor, the RevocationCheckingConstraints shall be set to 'eitherCheck' as defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.1.
    • (iii) If an end-entity certificate represents a trust anchor, the RevocationFreshnessConstraints defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.2 shall not be used.
    • (iv) If an end-entity certificate does not represent a trust anchor, the RevocationFreshnessConstraints defined in ETSI TS 119 172-1 [3], clause A.4.2.1, table A.2 rows (m)2.2 shall be used with a maximum value of 24 hours for the signing certificate. No value shall be set for the RevocationFreshnessConstraints for certificates other than the signing certificate, including certificates supporting time-stamps.
    • (3) 4.3 Requirements on signature validation and applicability rules checking practices
    • REQ-4.3-02 Signature validation applications shall be compliant with ETSI TS 119 101 [13].
    • (4) 4.4 Technical applicability (rules) checking process
    • REQ-4.4.2-03 If any of the checks specified in REQ-4.4.2-01 fails, then:
    • (a) the process stops
    • (b) the signature shall be technically determined as indeterminate, i.e. as neither an advanced electronic signature based on EU qualified certificate, nor as an advanced electronic seal based on EU qualified certificate
    • and
    • (c) the above result and the results of processes of all the intermediate processes shall be reflected in the signature applicability rules checking report.
    • REQ-4.4.2-04 void.
    • REQ-4.4.2-05 void.
    • REQ-4.4.2-06 At that point of the TARC process, if the following conditions are met:
    • (a) the signing certificate is determined, at the best signature time, as an EU qualified certificate for electronic signatures (respectively for electronic seals), as specified in REQ-4.4.2-02 a)
    • and
    • (b) the result of the process performed as specified in clause 4.2 of the present document is TOTAL-PASSED,
    • then the digital signature shall be determined as technically suitable to implement an EU advanced electronic signature based on a qualified certificate (respectively an EU advanced electronic seal based on a qualified certificate), otherwise the signature shall not be determined technically either as an EU advanced electronic signature based on a qualified certificate, or as an EU advanced electronic seal based on a qualified certificate.