Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 32026R0248

Commission Implementing Regulation (EU) 2026/248 of 2 February 2026 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the formats of advanced electronic signatures and advanced electronic seals to be recognised by public sector bodies and repealing Commission Implementing Decision (EU) 2015/1506

C/2026/528

OJ L, 2026/248, 3.2.2026, ELI: http://data.europa.eu/eli/reg_impl/2026/248/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/reg_impl/2026/248/oj

European flag

Official Journal
of the European Union

EN

L series

2026/248

3.2.2026

COMMISSION IMPLEMENTING REGULATION (EU) 2026/248

of 2 February 2026

laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the formats of advanced electronic signatures and advanced electronic seals to be recognised by public sector bodies and repealing Commission Implementing Decision (EU) 2015/1506

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (1), and in particular Article 27(5) and Article 37(5) thereof,

Whereas:

(1)

Member States need to put in place the necessary technical means allowing them to process electronically signed or sealed documents that are required when using an online service offered by, or on behalf of, a public sector body.

(2)

Pursuant to Article 27 and Article 37 of Regulation (EU) No 910/2014, Member States that require an advanced electronic signature or an advanced electronic seal for the use of an online service offered by, or on behalf of, a public sector body, are to recognise advanced electronic signatures and advanced electronic seals, advanced electronic signatures and advanced electronic seals based on a qualified certificate and qualified electronic signatures and seals in specific formats, or in alternative formats validated pursuant to specific reference methods.

(3)

To facilitate cross-border validation of electronic signatures or seals, and to improve the cross-border interoperability of electronic transactions, Commission Implementing Decision (EU) 2015/1506 (2) laid down reference formats for advanced electronic signatures and advanced electronic seals to be supported by Member States. As a result of new technologies, practices, standards and technical specifications that have been developed, Implementing Decision (EU) 2015/1506 should be repealed. This Implementing Regulation should provide a list of standard formats and provisions for the recognition of those standard formats.

(4)

The standard formats listed should reflect established practices and be widely recognised within the relevant sectors. Where other advanced electronic signature or advanced electronic seal formats than those commonly technically supported are used to electronically sign or seal, methods for the validation across borders of advanced electronic signatures or advanced electronic seals should be provided. To enable the receiving Member States to rely on the validation methods of another Member State, it is necessary for the sending Member State to provide easily accessible information on those validation methods. Therefore, that information on the applicable validation method should be included in the electronic documents, in the advanced electronic signatures or advanced electronic seals, or in the electronic document containers.

(5)

Where advanced electronic signature or seal alternative validation methods suitable for automated processing are available in a public service of a Member State, such validation methods should be made available and provided to the receiving Member State. Nonetheless, the provisions of Article 27(1) and (2) and of Article 37(1) and (2) of Regulation (EU) No 910/2014 should still apply when the automated processing of alternative validation methods is not technically feasible.

(6)

To provide for comparable requirements for validation and to increase trust in the validation methods provided by Member States for other advanced electronic signature or seal formats than those commonly supported, the requirements set out in this Regulation for those validation methods, draw from the requirements for the validation of qualified electronic signatures and seals referred to in Article 32 and Article 40 of Regulation (EU) No 910/2014, and from the requirements for the validation of advanced electronic signatures and advanced electronic seals based on qualified certificates referred to in Article 32a and Article 40a of Regulation (EU) No 910/2014.

(7)

The Commission regularly assesses new technologies, practices, standards, or technical specifications. In accordance with Recital 75 of Regulation (EU) 2024/1183 of the European Parliament and of the Council (3), the Commission should review and update this Regulation, if necessary, to keep it in line with global developments, new technologies, standards or technical specifications and to follow the best practices on the internal market.

(8)

Member States requiring an advanced electronic signature, an advanced electronic signature based on a qualified certificate, an advanced electronic seal, or an advanced electronic seal based on a qualified certificate as set out in Article 27(1) and (2) and of Article 37(1) and (2) of Regulation (EU) No 910/2014, should recognise respectively advanced electronic signatures using formats or associated signature containers, or advanced electronic seals using formats or associated seal containers that comply with the technical specifications listed in this Regulation. Such obligation to recognise advanced electronic signatures or advanced electronic seals, when using an online service offered by, or on behalf of, a public sector body, should apply for as long as the validation of advanced electronic signatures or advanced electronic seals would be required by EU or national laws, starting from their creation. To provide Member States with sufficient time to amend their validation applications, the relevant requirements of this Regulation should become applicable only 12 months after the entry into force of this Regulation. To ensure the transition to state-of-the-art standards, the obligation to recognise newly created advanced electronic signatures or advanced electronic seals in the standard formats listed in Implementing Decision (EU) 2015/1506 should be limited in time, until 24 months after the entry into force of this Regulation.

(9)

Regulation (EU) 2016/679 of the European Parliament and of the Council (4) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (5) apply to the personal data processing activities under this Regulation.

(10)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (6) and delivered its opinion on 21 October 2025 (7).

(11)

The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS REGULATION:

Article 1

Advanced electronic signature formats

1.   Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate in accordance with Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise advanced electronic signatures, using formats or associated signature containers, that comply with the technical specifications listed in Annex I to this Regulation.

2.   Member States shall recognise advanced electronic signatures, using formats or associated signature containers, that comply with the technical specifications listed in Annex II to this Regulation, where those electronic signatures were created before 23 February 2028.

Article 2

Alternative advanced electronic signature validation methods

1.   Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate in accordance with Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise formats of advanced electronic signatures other than those referred to in Article 1 of this Regulation, where:

(a)

the Member State, in which the trust service provider used by the signatory is established, offers other Member States signature validation methods for those formats; and

(b)

those validation methods shall be carried out in accordance with paragraph 2.

2.   The validation methods for alternative signature formats shall fulfil all the following conditions:

(a)

be, where possible, suitable for automated processing;

(b)

allow other Member States to validate the received electronic signature online, free of charge;

(c)

provide clear, comprehensive, easily understandable and accessible instructions to perform the validation;

(d)

be indicated in the signed document, in the electronic signature or in the electronic document container;

(e)

confirm the validity of an advanced electronic signature provided that:

the certificate supporting the advanced electronic signature was valid at the time of signing,

where the advanced electronic signature is supported by a qualified certificate, the qualified certificate supporting the advanced electronic signature was, at the time of signing, a qualified certificate for electronic signature in compliance with Annex I to Regulation (EU) No 910/2014 and issued by a qualified trust service provider,

the signature validation data corresponds to the data provided to the relying party,

the unique set of data representing the signatory is correctly provided to the relying party,

if a pseudonym was used at the time of signing, the use of any pseudonym is clearly indicated to the relying party,

where the advanced electronic signature is created by a qualified electronic signature creation device, the use of any such device is clearly indicated to the relying party,

the integrity of the signed data has not been compromised,

the requirements set out in Article 26 of Regulation (EU) No 910/2014 were met at the time of signing,

the system used for validating the advanced electronic signature provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

3.   The indication referred to in paragraph 2, point (d) shall enable relying parties to easily access the complete specifications of the signature validation method, free of charge.

Article 3

Advanced electronic seal formats

1.   Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate in accordance with Article 37(1) and (2) of Regulation (EU) No 910/2014, shall recognise advanced electronic seals, using formats or using associated seal containers, that comply with the technical specifications listed in Annex I to this Regulation.

2.   Member States shall recognise advanced electronic seals, using formats or using associated seal containers, that comply with the technical specifications listed in Annex II to this Regulation, where those electronic seals were created before 23 February 2028.

Article 4

Alternative advanced electronic seal validation methods

1.   Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate in accordance with Article 37(1) and (2) of Regulation (EU) No 910/2014, shall recognise formats of advanced electronic seals other than those referred to in Article 3 of this Regulation, where:

(a)

the Member State in which the trust service provider used by the creator of the seal is established offers other Member States seal validation methods for those formats; and

(b)

those validation methods shall be carried out in accordance with paragraph 2.

2.   The validation methods for alternative seal formats shall fulfil all the following conditions:

(a)

be, where possible, suitable for automated processing;

(b)

allow other Member States to validate the received electronic seal online, free of charge;

(c)

provide clear, comprehensive, easily understandable and accessible instructions to perform the validation;

(d)

be indicated in the sealed document, in the electronic seal or in the electronic document container; and

(e)

confirm the validity of an advanced electronic seal provided that:

the certificate that supports the advanced electronic seal was valid at the time of sealing,

where the advanced electronic seal is supported by a qualified certificate, the qualified certificate that supports the advanced electronic seal was, at the time of sealing, a qualified certificate for electronic seal in compliance with Annex III to Regulation (EU) No 910/2014 and issued by a qualified trust service provider,

the seal validation data corresponds to the data provided to the relying party,

the unique set of data representing the creator of the seal is correctly provided to the relying party,

if a pseudonym was used at the time of sealing, the use of any pseudonym is clearly indicated to the relying party,

where the advanced electronic seal is created by a qualified electronic seal creation device, the use of any such device is clearly indicated to the relying party,

the integrity of the sealed data has not been compromised,

the requirements set out in Article 36 of Regulation (EU) No 910/2014 were met at the time of sealing, and

the system used for validating the advanced electronic seal provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

3.   The indication referred to in paragraph 2, point (d) shall enable relying parties to easily access the complete specifications of the seal validation method, free of charge.

Article 5

Repeal

Implementing Decision (EU) 2015/1506 is repealed.

References to the repealed Decision shall be construed as references to this Regulation.

Article 6

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 1(1) and Article 3(1) shall apply from 23 February 2027.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 2 February 2026.

For the Commission

The President

Ursula VON DER LEYEN

(1)   OJ L 257, 28.8.2014, p. 73, ELI: http://data.europa.eu/eli/reg/2014/910/oj.

(2)  Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 235, 9.9.2015, p. 37, ELI: http://data.europa.eu/eli/dec_impl/2015/1506/oj).

(3)  Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework (OJ L, 2024/1183, 30.4.2024, ELI: http://data.europa.eu/eli/reg/2024/1183/oj).

(4)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).

(5)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37, ELI: http://data.europa.eu/eli/dir/2002/58/oj).

(6)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).

(7)   EDPS Formal comments on draft Implementing Regulation on application of Regulation (EU) No 910/2014 regarding formats of advanced electronic signatures and seals to be recognised by public sector bodies and repealing Implementing Decision (EU) 2015/1506.

ANNEX I

List of technical specifications for advanced electronic signatures referred to in Article 1(1) and for advanced electronic seals referred to in Article 3(1)

XAdES Baseline Profile

ETSI EN 319 132 -1 V1.3.1 (2024-07) (1)

CAdES Baseline Profile

ETSI EN 319 122 -1 V1.3.1 (2023-06) (2)

PAdES Baseline Profile

ETSI EN 319 142 -1 V1.2.1 (2024-01) (3)

JAdES Baseline Profile

ETSI TS 119 182 -1 V1.2.1 (2024-07) (4), with the following adaptation:

Clause 5.1.8 with title ‘The x5c (X.509 Certificate Chain) header parameter’ is replaced by the following:

‘5.1.8.   The x5c (X.509 Certificate Chain) header parameter

The x5c header parameter as defined in clause 4.1.6 of IETF RFC 7515 [2] shall be present in the JAdES signature, either as a signed or unsigned header parameter.

The x5c header parameter shall have the semantics specified in IETF RFC 7515 [2], clause 4.1.6.

The x5c header parameter shall have the syntax specified in IETF RFC 7515 [2], clause 4.1.6.’

List of technical specifications for associated signature containers referred to in Article 1(1) and for associated seal containers referred to in Article 3(1)

Associated Signature / Seal Container Baseline Profile

ETSI EN 319 162 -1 V1.1.1 (2016-04) (5)

ETSI EN 319 162 -2 V1.1.1 (2016-04) (6) for ASiC-E CAdES additional container as specified in clause 4.3.1.

(1)   https://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.03.01_60/en_31913201v010301p.pdf.

(2)   https://www.etsi.org/deliver/etsi_en/319100_319199/31912201/01.03.01_60/en_31912201v010301p.pdf.

(3)   https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.02.01_60/en_31914201v010201p.pdf.

(4)   https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.02.01_60/ts_11918201v010201p.pdf.

(5)   https://www.etsi.org/deliver/etsi_en/319100_319199/31916201/01.01.01_60/en_31916201v010101p.pdf.

(6)   https://www.etsi.org/deliver/etsi_en/319100_319199/31916202/01.01.01_60/en_31916202v010101p.pdf.

ANNEX II

List of technical specifications for advanced electronic signatures referred to in Article 1(2) and for advanced electronic seals referred to in Article 3(2)

XAdES Baseline Profile

ETSI TS 103 171 v.2.1.1 (1) with the exception of clause 9 and at conformance level B-Level, T-Level or LT-Level

CAdES Baseline Profile

ETSI TS 103 173 v.2.2.1 (2) with the exception of clause 9 and at conformance level B-Level, T-Level or LT-Level

PAdES Baseline Profile

ETSI TS 103 172 v.2.2.2 (3) with the exception of clause 9 and at conformance level B-Level, T-Level or LT-Level

List of technical specifications for associated signature containers referred to in Article 1(2) and for associated seal containers referred to in Article 3(2)

Associated Signature/Seal Container Baseline Profile

ETSI TS 103 174 v.2.2.1 (4)

(1)   http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf.

(2)   http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf.

(3)   http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf.

(4)   http://www.etsi.org/deliver/etsi_ts/103100_103199/103174/02.02.01_60/ts_103174v020201p.pdf.

ELI: http://data.europa.eu/eli/reg_impl/2026/248/oj

ISSN 1977-0677 (electronic edition)

Top