Frequently asked questions

If you can’t find your question here, please reach out to our team with your inquiry.

Business and Commercial use cases

Does eID Easy provide a CSC (Cloud Signature Consortium) API that can be used by other signing platforms such as DocuSign?

Yes, this is part of our core business - we connect all different signing and identity methods to various signature platforms, and in many cases, this also means translating to CSC on our side.

Besides Docusign, we already work with a wide range of portals, such as ZohoSign, Signnow, PandaDoc, and more. In addition, we have plugins for WordPress, Nextcloud, Microsoft SharePoint, and others.

Can I white-label eID Easy’s services or embed them under my brand?

Yes, eID Easy supports white-labeling and embedded integrations in many scenarios, allowing you to offer digital signing and identity verification under your own brand. However, the level of customization and branding flexibility can vary based on the identity method or signature provider involved.

We recommend contacting us to discuss your requirements and explore the best solution for your platform.

Does eID Easy support embedded signing flows in our own application or portal?

Yes. eID Easy supports embedded signing flows via a single API. You can integrate secure signature capture and identity verification directly into your website, maintaining full control over the user experience while ensuring legal compliance.

What is eID Easy?

eID Easy simplifies digital identity verification, eSignatures, and eSealing with a single API, eliminating the need for multiple integrations, contracts, and compliance headaches.

By connecting businesses to 80+ trusted QTSPs and identity providers worldwide, we ensure secure and legally compliant solutions for cross-border transactions.

How can eID Easy help my organization reduce compliance risks related to digital signatures and identity verification?

eID Easy reduces compliance risks by handling the complexities of regional laws and standards through pre-integrated, legally recognized trust service providers. It ensures each signature and authentication is aligned with relevant frameworks. 

Can eID Easy handle complex signing workflows like parallel or sequential signers?

Yes. eID Easy supports signing workflows with multiple signers in different sequences and roles, and offers callback mechanisms to manage transaction status.

Can eID Easy help with identity verification (KYC) during user onboarding?

Yes. eID Easy supports strong identity verification using national eIDs and QTSP-issued certificates, making it suitable for KYC processes in regulated industries like finance, telecom, and legal services.

What advantages does eID Easy offer compared to traditional paper-based or local signature solutions?

eID Easy eliminates manual processes, accelerates cross-border document handling, improves compliance with local and international laws (eIDAS, GDPR), and provides scalable automation for identity verification and signing. It also consolidates 80+ providers into one integration.

What are the most common use cases across eID Easy clients?

Typical use cases include signing employment contracts, onboarding users via eID authentication (KYC), issuing invoices or certificates with eSeals, signing procurement documents, executing international agreements, and authenticating government or academic documents.

Pricing and Plans

Are there any discounts available for businesses that need to comply with multiple jurisdictions for digital transactions?

Yes. Businesses requiring multi-jurisdictional compliance can benefit from consolidated pricing packages and potential volume discounts. eID Easy can bundle multiple regional methods into a single minimum consumption or committed-use package, making it easier and more affordable to support users across borders.

How does eID Easy provide a pricing structure that reflects regional differences in electronic signature requirements?

eID Easy’s pricing is region-aware and reflects the regulatory and infrastructure variations across markets. Each provider or eID method may have its own transaction fee, and the minimum consumption packages are tailored by region (e.g., DACH, Baltics, LatAm, APAC). This allows businesses to select the most cost-effective combination of methods based on their geographic requirements.

Does eID Easy offer customized pricing for high-volume signers or enterprise-scale integrations?

Yes. For enterprise clients or high-volume use cases, eID Easy offers customized pricing based on committed volumes. These tailored plans may include volume discounts, integration support, and method-specific optimizations to ensure the best value for long-term or large-scale deployments.

What regional pricing packages does eID Easy offer, and how can businesses choose the best option?

eID Easy offers region-specific pricing packages designed to align with local trust service providers and regulatory needs. Each package includes access to selected providers and methods relevant to that region:

  • LATAM – Covers trusted providers and methods commonly used across Latin America.
  • APAC – Focused on identity and signature solutions in the Asia-Pacific region.
  • EUROPE – Multiple sub-regional packages are available:
    • DACH (Germany, Austria, Switzerland)
    • NORDICS  (Sweden, Finland, Norway, Denmark, Iceland)
    • BALTICS (Estonia, Latvia, Lithuania)
    • BENELUX (Belgium, Netherlands, Luxembourg)
    • ALL EUROPE – Covers providers across all major EU countries.

Businesses can select the package that matches their core markets. In addition:

  • Wide Coverage Provider Add-On – For occasional needs outside the selected regions, eID Easy offers optional access to wide-coverage providers like ADACOM, for an additional fee.
  • World Package – This option grants access to all current and future providers integrated by eID Easy, making it ideal for global businesses with diverse compliance needs.

Each package is available under both minimum consumption and commitment-based pricing models, offering flexibility based on expected usage and geographical reach.

Trust Service Providers

What is the difference between a Trust Service Provider (TSP) and a Qualified Trust Service Provider (QTSP), and what role do they play in QES?

A Trust Service Provider (TSP) is an entity that provides services like electronic signatures, eSeals, time-stamping, and identity verification. A Qualified Trust Service Provider (QTSP) is a TSP that meets stringent requirements defined by eIDAS and is accredited by a national supervisory authority. QTSPs are legally authorized to issue Qualified Certificates, which are required for Qualified Electronic Signatures (QES) — these signatures carry the same legal weight as handwritten ones in the EU.

How does eID Easy collaborate with QTSPs to ensure the validity and security of electronic signatures?

eID Easy collaborates with Qualified Trust Service Providers (QTSPs) and other local TSPs and CAs globally to ensure the security and validity of electronic signatures. Through integration with certified providers, including those outside the EU, eID Easy ensures that signatures meet legal and technical standards relevant to each jurisdiction. The platform leverages Qualified Signature Creation Devices (QSCDs) where applicable and supports multiple assurance levels.

What is a Certified Authority (CA), and what role does it play in digital security?

A Certified Authority (CA) is a trusted organization responsible for issuing digital certificates that verify the identity of users, websites, or organizations in the digital world. CAs play a critical role in public key infrastructure (PKI), ensuring secure communications through encryption and authentication. They act as a trusted third party to validate the authenticity of certificates, which are used to establish secure connections (e.g., SSL/TLS) and ensure the integrity and confidentiality of data exchanged over the internet.

What are the main types of certificates provided by Certified Authorities (CAs)?

The main types of certificates provided by Certified Authorities (CAs) include:

  • SSL/TLS Certificates
  • Code Signing Certificates
  • Email Certificates
  • Client Certificates
  • Document Signing Certificates

These certificates ensure secure transactions, authenticate identities, and maintain data integrity in a variety of digital applications.

What’s the difference between a Qualified Trust Service Provider (QTSP) and a Certificate Authority (CA)?

A QTSP provides qualified trust services, such as Qualified Electronic Signatures and Seals, under strict regulations (eIDAS) to ensure their legal validity in the EU. A CA, on the other hand, issues digital certificates for identity verification and encryption, but may not always meet the high standards required for qualified trust services under eIDAS. Not all CAs are QTSPs.

What are the legal requirements for a Qualified Trust Service Provider (QTSP) under eIDAS?

QTSPs must be accredited by national regulatory bodies and meet technical, operational, and security requirements as outlined by the eIDAS Regulation. They must provide services like QES creation, eSeals, and time-stamping, ensuring all services adhere to stringent security protocols.

eIDAS

What is eIDAS?

eIDAS (Electronic Identification, Authentication, and Trust Services) is an EU regulation that establishes a standardized framework for electronic identification, authentication, signatures, and trust services across EU member states. It ensures that digital transactions, including electronic signatures and seals, are legally recognized and secure for cross-border use.

How does eID Easy ensure compliance with eIDAS and other regional regulatory frameworks for electronic signatures and authentication?

eID Easy integrates only with Qualified Trust Service Providers (QTSPs) listed in the EU Trusted List, uses QSCDs for QES, supports AdES formats, and applies compliant signature containers like PAdES, XAdES, and ASiC-E. All services are built to ensure compliance across the EU and beyond.

How does eID Easy facilitate cross-border transactions while ensuring eIDAS compliance?

By unifying multiple QTSPs and CAs under one API, eID Easy allows users in different countries to authenticate and sign using their national eIDs while ensuring all transactions are legally valid under eIDAS.

eIDAS 2.0

What is eIDAS 2.0 and how does it differ from the original eIDAS Regulation?

eIDAS 2.0 is an update to the original eIDAS Regulation, adopted to address limitations in cross-border digital identity interoperability. It introduces the European Digital Identity Wallet and aims to provide all EU citizens and businesses with a universally accepted digital identity.

What are the main goals of eIDAS 2.0?
  • Enable every EU citizen and business to have a recognized digital identity.
  • Improve cross-border recognition of digital IDs.
  • Ensure high levels of security and privacy.
  • Support the adoption of digital public and private services across the EU.
How does eIDAS 2.0 enhance the role of QTSPs?

Under eIDAS 2.0, QTSPs can play a broader role, including issuing and verifying credentials that can be used within the European Digital Identity Wallet, beyond traditional QES services.

EUDIW (European Digital Identity Wallet)

What is the European Digital Identity Wallet (EUDIW)?

The European Digital Identity Wallet (EUDIW) is a secure, EU-regulated digital wallet that allows individuals and businesses to store and use their identity and official documents electronically. It enables cross-border authentication and transactions within the EU.

How does the EUDIW relate to eIDAS 2.0?

The EUDIW is a core component of eIDAS 2.0. It operationalizes the regulation by enabling citizens and businesses to identify and authenticate themselves online using a standardized digital identity solution that is recognized across EU Member States.

What kind of credentials can be stored in the European Digital Identity Wallet?

EUDIW can store a wide range of digital credentials such as personal ID information, driving licenses, professional qualifications, medical prescriptions, and digital signatures — all in a verifiable and standardized format.

Is the use of the EUDIW mandatory for EU citizens or businesses?

No, the use of EUDIW is voluntary, but Member States must offer a wallet to their citizens under eIDAS 2.0, and many services will accept it as a means of authentication.

eSignatures

What are the differences between Qualified Electronic Signatures (QES), Advanced Electronic Signatures (AdES), and Simple Electronic Signatures (SES)?

A Simple Electronic Signature (SES) is any electronic data that shows intent to sign, such as typing a name. It has the lowest assurance level. An Advanced Electronic Signature (AdES) must uniquely identify the signer, be under their sole control, and detect changes. A Qualified Electronic Signature (QES) is a type of AdES created with a Qualified Certificate issued by a QTSP and stored in a Qualified Signature Creation Device (QSCD). Under eIDAS, only QES has the same legal effect as a handwritten signature in all EU member states.

How does eID Easy ensure that eSignatures created are legally binding across multiple jurisdictions?

eID Easy uses internationally recognized signature formats (e.g., PAdES, XAdES) and works with QTSPs and compliant CAs to issue qualified and advanced signatures. This ensures that signatures meet the highest standards under eIDAS and are compatible with validation tools in different countries.

What types of eSignature methods are supported by eID Easy for both personal and business users?

eID Easy supports a wide range of electronic signature methods, including Simple Electronic Signatures (SES), Advanced Electronic Signatures (AdES), and Qualified Electronic Signatures (QES). We provide worldwide access to various authentication methods, such as eIDAS-compliant national eIDs, smart cards, USB tokens, mobile-based authentication solutions, and other region-specific digital identity methods.

How does eID Easy handle long-term validation (LTV) of electronic signatures?

eID Easy supports LTV by enabling time-stamping, signature integrity checks, and embedding necessary validation data into signature containers for future verifiability.

Can eID Easy generate and embed a digital signature timestamp (TSP) into signed documents?

Yes. eID Easy works with QTSPs that provide certified time-stamping services, enabling embedded timestamps within signed documents to prove the time of signing and support long-term validation.

What signature container formats does eID Easy support (e.g., PDF, PAdES, XAdES)?

eID Easy supports multiple signature containers including PDF (PAdES), XAdES (XML Advanced Electronic Signatures), CAdES (CMS Advanced Electronic Signatures), ASiC-E (Associated Signature Containers), and PKCS#1. These formats allow for maximum interoperability and legal validity across jurisdictions.

eID Authentication

How does eID Easy support and ensure eIDAS-compliant user authentication?

eID Easy integrates a wide range of eIDAS-compliant electronic identification (eID) methods, such as Smart-ID, Mobile-ID, ID cards, and other national schemes. These methods ensure strong identity verification, are GDPR-compliant, and meet eIDAS requirements for high-assurance authentication. Authentication is performed over secure, encrypted channels, with options for two-factor and multi-factor methods.

How does eID Easy ensure that the authentication process is protected against fraud, such as phishing or identity theft?

eID Easy mitigates fraud risks by using strong, government-backed eID methods (like Smart-ID, Mobile-ID, and national ID cards) that require cryptographic proof of identity. These methods typically involve two-factor authentication and rely on secure, tamper-proof hardware or mobile applications. Communication is encrypted end-to-end, and identity data is validated against trusted sources, reducing the risk of phishing or impersonation.

How does eID Easy incorporate multi-factor authentication (MFA) for added security during the authentication process?

eID Easy’s supported methods inherently include multi-factor authentication. Most national eIDs combine something the user has (e.g., a smart card or mobile SIM) with something the user knows (e.g., a PIN) or is (e.g., biometric verification via a trusted app). This ensures a high level of assurance for every authentication event.

eSealing

What is the process of applying an eSeal, and how does it differ from an eSignature in terms of legal and technical aspects?

An eSeal is similar to an eSignature, but it is applied by an entity (rather than an individual) to ensure document authenticity and integrity. Legally, it ensures that the document has not been altered since it was sealed.

How does eID Easy ensure the security and authenticity of eSeals?

eID Easy issues eSeals through QTSPs using secure cryptographic devices such as HSMs or cloud-based QSCDs. The process ensures that documents remain unchanged after sealing, and each eSeal can be cryptographically traced back to the entity that applied it. Audit trails and metadata support verification of seal integrity and authenticity.

Can eID Easy help automate eSealing for high-volume document generation?

Yes. eID Easy supports API-driven eSealing that allows organizations to seal large volumes of documents programmatically using secure, verifiable eSeals issued by QTSPs.

Are eSeals required for government documents or corporate certifications under eIDAS?

eIDAS does not explicitly mandate using eSeals for government documents or corporate certifications, but it recognizes them as a secure and legally valid method for ensuring document authenticity and integrity.

Technical and Support

How does eID Easy handle the technical requirements for integrating eIDAS-compliant solutions into existing enterprise platforms?

eID Easy simplifies integration with eIDAS-compliant services by offering a single unified API that aggregates a wide number of public and private eID providers. A full list of eID Easy supported methods is available here: https://www.eideasy.com/supported-methods. Their solutions are designed to be compatible with enterprise environments and meet the requirements for Qualified Electronic Signatures (QES) as per eIDAS regulations.

Does eID Easy offer SDKs or APIs for integrating electronic signatures and authentication services into custom applications?

Yes. eID Easy provides RESTful APIs and comprehensive documentation for integrating identity verification and digital signature services into websites and applications. 

Documentation is available at: https://docs.eideasy.com/

How does eID Easy manage certificate lifecycle and support signature validation?

eID Easy does not issue certificates directly; instead, it integrates with QTSPs that issue and manage qualified certificates. Private keys are stored in HSMs or QSCDs. Signature validation is supported via a REST API endpoint. Alternatively, signature validity can be checked with any EU-compliant validator.

What options for support and troubleshooting are available for businesses integrating eID Easy into their systems?

eID Easy provides technical support through support@eideasy.com and via the developer portal https://docs.eideasy.com. Custom support packages may also be available for enterprise clients. Real-time monitoring, status pages, and detailed documentation help businesses quickly identify and resolve integration issues.

Security and Privacy

What is the process for reporting a vulnerability in eID Easy's platform?

At eID Easy, we value the security community and encourage responsible reporting of vulnerabilities to help us keep our platform safe for everyone. If you discover a vulnerability in eID Easy’s systems, you are encouraged, as described in “Responsible Disclosure” to report it responsibly by emailing your findings to security@eideasy.com. To ensure responsible disclosure:

  • Do not exploit the vulnerability (e.g., by accessing, deleting, or modifying others’ data).
  • Do not disclose the issue publicly until it has been resolved.
  • Avoid physical security attacks, social engineering, DDoS, spam, or third-party application testing.
  • Provide sufficient details, such as affected URLs or IP addresses and a clear explanation of the issue, to help the security team reproduce and fix it.

eID Easy treats all reports confidentially and will not pursue legal action against researchers who follow these guidelines. However, note that there is no bug bounty or monetary compensation offered for disclosures.

How does eID Easy use encryption to ensure the confidentiality and integrity of electronic signatures and authentication data?

eID Easy employs industry-standard encryption protocols to protect both data in transit and at rest. All communication between client applications and eID Easy’s services is secured using HTTPS with TLS encryption, which safeguards data against interception and tampering during transmission. For electronic signatures, cryptographic standards such as RSA and ECDSA are used, with private keys securely stored in certified hardware security modules (HSMs) or qualified signature creation devices (QSCDs).

What measures does eID Easy implement to prevent unauthorized access or fraudulent use of private keys for eSignatures?

To prevent unauthorized access or misuse of private keys, eID Easy partners with certified Qualified Trust Service Providers (QTSPs) that use QSCDs for secure private key storage. Users must authenticate using strong two-factor authentication methods, such as Mobile-ID or Smart-ID, before initiating the signing process. At no point are private keys exposed to users or applications, which eliminates the risk of key compromise or fraudulent use

How does eID Easy handle the protection of personal and sensitive data during the eID authentication process?

eID Easy processes personal data in strict accordance with GDPR and eIDAS regulations. Only the minimum necessary personal data is transmitted and processed, and all communication is encrypted to protect sensitive information. Data is retained only as long as legally required and for justified purposes, ensuring privacy and compliance with European data protection standards.

How does eID Easy ensure secure data transmission when using eID authentication or eSignatures?

All data exchanged between client applications and eID Easy’s platform is transmitted over secure HTTPS connections using TLS encryption. This protects authentication tokens, session data, and other sensitive information from interception or session hijacking, ensuring the confidentiality and integrity of all transactions.

What is the process for revoking a qualified electronic signature if needed, and how is this managed by eID Easy?

The revocation of qualified certificates is managed by the issuing QTSPs in collaboration with eID Easy. Users or organizations can request revocation through identity verification processes defined by the QTSP. Once a certificate is revoked, it is added to revocation lists and cannot be used to create new qualified signatures, ensuring that compromised or outdated credentials are promptly invalidated.

Global and cross-border use

Can eID Easy be used globally, and how does it ensure cross-border legal compliance?

Yes. eID Easy is built around eIDAS and supports cross-border trust services within the EU. It also integrates with national eID schemes and international QTSPs and CAs, enabling signing and authentication for users in various jurisdictions. While QES is fully recognized within the EU, legal recognition outside the EU depends on local laws.

How does eID Easy ensure that digital transactions and electronic signatures are legally valid internationally?

Within the EU, QES is legally equivalent to handwritten signatures. For other regions, eID Easy supports local eID and CA integrations where available and ensures signatures conform to globally accepted standards, which increases the likelihood of recognition in non-EU countries.

How does eID Easy handle the challenges of complying with different digital signature laws in various countries?

eID Easy addresses global legal variation by integrating with both eIDAS-compliant Qualified Trust Service Providers (QTSPs) in the EU and locally recognized Certificate Authorities (CAs) and Trust Service Providers (TSPs) outside the EU. This allows the platform to tailor identity verification and signature creation to meet regional legal standards, such as eIDAS in the EU and local frameworks in LATAM, APAC, and other jurisdictions. 

We abstract these complexities behind a unified API, allowing customers to implement one solution that adapts automatically to the relevant legal and technical requirements of each region. Signature formats like PAdES, XAdES, CAdES, ASiC-E, and PKCS#1 further ensure legal and technical compatibility across borders.

What is the process for businesses to use eID Easy’s cross-border authentication services?

Businesses can integrate with eID Easy’s API to access a wide network of national eIDs, QTSPs, and global identity providers. By choosing a regional or global package (e.g., DACH, Nordics, LatAm, World Package), they can enable secure, legally compliant user authentication across borders—without managing separate integrations for each country.