There is a Missing Link Between Identity Verification and Qualified Signatures in European Onboarding
Shufti and Evrotrust partner to combine identity verification and Qualified Electronic Signatures in a single onboarding journey across all 27 EU member states.
LONDON, UNITED KINGDOM, June 24, 2026 /EINPresswire.com/ -- Verifying who a customer is addresses only half of regulated onboarding.
The other half, carrying that verified identity through to a legally binding signature that can withstand regulatory scrutiny, audit, or legal challenge, has often been handled in a separate system.
Under the eIDAS Regulation, a Qualified Electronic Signature (QES), the only electronic signature with the same legal effect as a handwritten one across all 27 EU member states, under Article 25, draws its validity from the identity verification behind the Qualified Certificate. Verification and signing are, in effect, a single evidentiary chain. When they run in separate systems from separate vendors, the chain breaks at the seam: the proof that a signature belongs to a genuinely verified person weakens, audit trails fragment, and fraud finds an opening.
To close this gap, Shufti, a global identity verification and AML compliance provider, has partnered with Evrotrust, a Qualified Trust Service Provider on the EU Trusted List, to enable a single onboarding journey.
Shufti handles identity verification, onboarding orchestration, and compliance controls; Evrotrust issues the Qualified Certificate and performs the qualified signing, available wherever QES is recognised under eIDAS. The combined process allows a verified identity to be carried through to a qualified electronic signature within one workflow.
"The future of digital trust will be built through collaboration. Our collaboration with Shufti reflects a shared vision for the future of digital trust, one where security, compliance, and user experience go hand in hand. Together, we are creating a stronger foundation for businesses across Europe to grow with confidence," said Konstantin Bezuhanov, CEO at Evrotrust.
How Requirements Differ Across Regulated Sectors
The relevance of qualified signing varies by sector:
-Banking & lending: High-value agreements such as loans or mortgages often involve additional verification or signing steps depending on risk policy and jurisdictional requirements. Under eIDAS (Regulation (EU) No 910/2014), Qualified Electronic Signatures (QES) provide legal equivalence to handwritten signatures where implemented.
-Insurance: Long-term products such as life and pension policies rely on strong evidence of customer consent and signature integrity, particularly in cases where agreements are later challenged or disputed.
-Investment & wealth: Mandates and authorisations require a verifiable link between the identified client and the instruction or agreement under regulated advisory and execution frameworks.
-Crypto services: Under MiCA, providers remain subject to EU anti-money laundering requirements, including customer due diligence, requiring reliable evidence of customer identity and consent at the point of agreement.
Across fintech, payments, healthcare, real estate, and legal services, the underlying requirement is similar: a durable, verifiable link between identity and signature.
From Verified Identity To Qualified Signature:
Shufti verifies the customer through document and biometric checks, NFC-enabled document reads, or national eID schemes. The verified details pass securely to Evrotrust, which issues the Qualified Certificate and signs a cryptographic hash of the document. The resulting signature is then embedded back into the file. It includes:
-Only a cryptographic hash of the document is ever sent for signing, so the document itself can stay entirely within the organisation's own environment.
-The signature is embedded in a PAdES-LTV file with long-term validation, keeping it verifiable for up to 20 years, while the supporting evidence package is retained for 10 years per signed document.
-Under eIDAS Article 25, the signature is automatically recognised across the EU and the wider EEA, including Iceland, Liechtenstein, and Norway, so its legal standing holds in every member state without separate validation, even where the underlying transaction carries its own local rules.
-A single verified session can carry the signer through several documents at once, not just one.
-The organisation keeps the full evidence package and audit trail, while the signer receives the finished signed document.
-The whole flow runs through a single API across web and mobile.
Because verification and signing share a single record, a challenged agreement can be evidenced from one trail rather than reconciled across two systems.
"This partnership reflects how we're building Shufti, one platform that handles identity, AML, and fraud, now extended to qualified electronic signatures through Evrotrust," said Roger Redfearn-Tyrzyk, Chief Commercial Officer at Shufti. "Bringing QES into the platform gives regulated businesses a single trusted journey from onboarding through to legally binding signature, and lets us enable eID and EUDI wallets paired with qualified signing for fully compliant eIDAS 2.0 journeys."
Built for what's coming under eIDAS 2.0 and AMLR
The partnership comes amid changes to Europe's digital identity and compliance framework. From 10 July 2027, the EU's Anti-Money Laundering Regulation (AMLR) is set to make Qualified Electronic Signatures, notified eIDs, and the EU Digital Identity Wallet primary methods for compliant onboarding, with remote video identification moving to a fallback role.
A parallel change applies to ETSI TS 119 461, the standard for identity proofing. Verification currently operates under v1, which is eIDAS-compliant. From 19 August 2027, v2.1.1 takes effect and introduces a higher tier, the Extended Level of Identity Proofing (LoIP). Shufti has stated it is on a roadmap to v2.1.1 certification ahead of that deadline, positioning it for eID and EUDI Wallet-based onboarding.
Redfearn-Tyrzyk further added: "Because we own our core technology, we adapt to regulatory change at speed, from the incoming AMLR single rulebook to evolving eIDAS requirements, far faster than legacy providers can. We're proud to extend Shufti's verification to Evrotrust's clients and to bring qualified signing to ours."
As EU Digital Identity Wallets are introduced, organisations are still expected to require orchestration around onboarding, compliance checks, fraud prevention, auditability, and signing. Under the incoming rules, qualified signatures become a required element of that process rather than a replacement for it.
Organisations exploring QES-enabled onboarding can learn more at www.shufti.com or speak with the Shufti team.
About Shufti
Shufti is a global identity verification and AML compliance provider, helping businesses onboard customers and meet their regulatory obligations across more than 240 countries and territories. Built entirely in-house, its platform spans document verification, biometric verification, age verification, AML screening, deepfake detection, fraud prevention, and VideoIdent, with solutions tailored to regulated European markets.
Shufti's passive liveness detection is certified to iBeta Level 3 (ISO/IEC 30107-3) with a 0% error rate, and the platform is certified to ISO 27001 and SOC 2 Type II, and is fully GDPR compliant.
SOURCE SHUFTI
Aroosa Virk
Shufti
partnership@shuftipro.com
Visit us on social media:
LinkedIn
Bluesky
Instagram
YouTube
TikTok
X
VideoIdent Under Scrutiny: Are Your Regulatory Controls Truly Defensible Final
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
