GDPR- and eIDAS-compliant e-signing

visma sign is GDPR and eIDAS complian e-signing service

E-signing is now part of everyday business. At the same time, it raises two essential questions: How can I be sure my agreements are legally valid, and how do I handle personal data collected during the signing process in a lawful way?

The answer lies in two key EU regulations: GDPR (data protection) and eIDAS (electronic identification and trust services). Visma Sign provides eIDAS-compliant AdES-level e-signatures based on strong authentication, while ensuring personal data is processed securely in line with GDPR.

As eIDAS 2.0 comes into force, Visma Sign will also ensure compatibility with the EUDI Wallet, safeguarding the legal validity of your agreements well into the future.

In this article, we focus in particular on the requirements of the eIDAS Regulation, its upcoming update eIDAS 2.0, and how Visma Sign meets these requirements at a high level.

eIDAS – the foundation of trust in electronic transactions

The eIDAS Regulation (EU 910/2014) establishes common rules for electronic identification and trust services, including electronic signatures. Its core purpose is to build trust in cross-border digital transactions and ensure that electronic signatures are legally recognised across the EU.

eIDAS defines three levels of electronic signatures, each with a different level of legal evidential value:

Level	Abbreviation	Description and requirements	Legal evidential value
1. Electronic signature	SES (Simple Electronic Signature)	A name in an email or an image of a signature. No identification required.	Moderate
2. Advanced electronic signature	AdES (Advanced Electronic Signature)	Uniquely linked to the signer and ensures document integrity (any changes can be detected).	Strong (demonstrable evidence)
3. Qualified electronic signature	QES (Qualified Electronic Signature)	The highest level. An AdES created using an eIDAS-approved device (QSCD) and certificate.	Fully equivalent to a handwritten signature (Article 25)

The purpose of Visma Sign is to ensure that the signing process meets the requirements of the AdES level, as strong authentication provides a solid foundation for legal validity.

eIDAS 2.0 – towards a unified European digital identity

The key element of the upcoming eIDAS reform (eIDAS 2.0) is the European Digital Identity Wallet (EUDI Wallet). This wallet will transform how citizens prove their identity and conduct digital transactions across borders.

What do eIDAS 2.0 and the EUDI Wallet mean for E-signing?

A new authentication method
The wallet will become a new, EU-wide interoperable way to authenticate users. If a service requires strong electronic identification, it must also accept the EUDI Wallet.
Increased use of QES
The wallet enables the creation of electronic signatures and seals, making the use of qualified electronic signatures (QES) more accessible and widespread. A QES is legally equivalent to a handwritten signature — crucial for highly regulated agreements.
New trust services
The regulation will also cover new qualified trust services, such as electronic archiving, further strengthening document integrity and long-term reliability.

Visma Sign closely follows the technical requirements introduced by eIDAS 2.0 and will naturally support the use of the EUDI Wallet for authentication and signing as soon as it becomes technically available.

How does Visma Sign meet eIDAS requirements?

Visma Sign combines its features to support both current and future eIDAS requirements:

1. Strong authentication (AdES)

By using bank credentials, mobile ID, or other national strong authentication methods, Visma Sign verifies the signer’s identity with a high level of assurance — fulfilling the requirements of an advanced electronic signature (AdES).
In the future, the EUDI Wallet will also be supported as an authentication method.

2. Document integrity and immutability

Both the current eIDAS regulation and eIDAS 2.0 require that any changes made to a signed document can be detected.

PAdES standard and digital sealing
Visma Sign uses the standardised PAdES format and embeds signature data directly into the document, ensuring its integrity. Any subsequent modifications are immediately visible.
Archiving
As eIDAS 2.0 places increased emphasis on electronic archiving, Visma Sign’s secure and encrypted storage supports the long-term evidential value of signed documents.

3. Comprehensive audit trail – evidence you can rely on

A legally robust audit trail is at the core of Visma Sign.

Event log
For every signature, Visma Sign records detailed information, including the signing time, authentication method used, and a unique document identifier.
Legal evidence
This audit trail serves as indisputable proof of the authenticity of the signing process and plays a key role in meeting eIDAS requirements in the event of a dispute.

GDPR and Visma Sign – security builds trust

E-signing always involves the processing of personal data. Visma Sign helps your organisation meet GDPR requirements in several ways:

Data minimisation
Only essential data is collected (such as name, email address, and identification data) to verify identity and legal validity.
Information security
Strong encryption, access control, and a European service environment protect personal data throughout the process.
Accountability
The audit trail and transparent processes generated by Visma Sign help your organisation demonstrate compliance with both GDPR and eIDAS.

Do you want to make sure your agreements stand up to legal standards now and in the future?

Start e-signing with Visma Sign today

Joni Laukkonen is a dedicated information security specialist with a passion for every aspect of cybersecurity. His curiosity and willingness to share knowledge drive continuous growth and learning within his team and the wider community.

You might also be interested in

eIDAS 2.0 in a nutshell – what you need to know

Digital contracting is safer than traditional signing

Practical tips for boosting your everyday workplace security