Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
Docless Verification
Consent Verification
NFC Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
QES
AML Screening
Transaction Monitoring
Adverse Media
Business AML Screening
PEP & RCA
Sanctions
Watchlist
Behavioural Biometrics
Device Fingerprinting
Biometric Face Authentication
MFA
Fraud Hub
Onboarding
Ongoing Monitoring
KYC
KYB
KYI
Age Assurance
Identity Verification
Workforce IAM
Candidate Verification
Compliance
Fraud prevention
Trust & safety
Global expansion
Product Managers
Compliance Officers
Fraud Analysts
Developers
Deepfake
Bonus Abuse / Promotion Abuse
Account Takeover
Synthetic Identity Fraud
Document Fraud
Impersonation Fraud
Multi-Accounting
Fraud Networks
Chargeback Fraud
Money Mule Activity
Party Fraud
Regulatory & Compliance Risks
Fintech
Crypto
iGaming
Forex
Social Network
Marketplace
Banking
Gig Economy
Payments
Ride Hailing
Adult Content
Blind Spot Audit
Deepfake Detector
Liveness Spoofs
Document Originality
Document Deepfake
Global Trust Platform
Journey Builder
Case Management
Shufti AI
Fraud Analytics
Vendor Comparison
Brand Personalisation
IDV Modes
AI Compliance Co-Pilot
OCR
Secure Capture
Deployment Options
Identity Methods
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Supported Documents
Supported Countries
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
About
Career
Press Release
Certifications
Partnership
Awards
Events & Webinar
Interactive Demo
Podcast Studio
Spotlight Studio
The Missing Link Between Identity Verification and Qualified Signatures in European Onboarding
London, United Kingdom, 23 June 2026— Knowing who a customer is solves only half of regulated onboarding.
The harder question is whether that verified identity can be carried over into a legally binding agreement that will withstand regulatory scrutiny, audits, or legal challenge.
Under the eIDAS Regulation, a Qualified Electronic Signature (QES), the only electronic signature with the same legal effect as a handwritten one across all 27 EU member states, under Article 25, draws its validity from the identity verification behind the Qualified Certificate.
Verification and signing are, in effect, a single evidentiary chain. When they run in separate systems from separate vendors, the chain breaks at the seam: the proof that a signature belongs to a genuinely verified person weakens, audit trails fragment, and fraud finds an opening.
To close this gap, Shufti, a global identity verification and AML compliance provider, has partnered with Evrotrust, a Qualified Trust Service Provider on the EU Trusted List, to enable a single onboarding journey.
Shufti handles identity verification, onboarding orchestration, and compliance controls; Evrotrust issues the Qualified Certificate and performs the qualified signing, available wherever QES is recognised under eIDAS. The result lets businesses carry a verified identity through to a legally binding, eIDAS-qualified signature in one auditable flow.
“The future of digital trust will be built through collaboration. Our collaboration with Shufti reflects a shared vision for the future of digital trust, one where security, compliance, and user experience go hand in hand. Together, we are creating a stronger foundation for businesses across Europe to grow with confidence,” said Konstantin Bezuhanov, CEO at Evrotrust.
Where The Gap Shows Up Across Regulated Sectors
The gap reads differently depending on where the business sits.
- Banking & lending: High-value agreements such as loans or mortgages often involve additional verification or signing steps depending on risk policy and jurisdictional requirements. Under eIDAS (Regulation (EU) No 910/2014), Qualified Electronic Signatures (QES) provide legal equivalence to handwritten signatures where implemented.
- Insurance: Long-term products such as life and pension policies rely on strong evidence of customer consent and signature integrity, particularly in cases where agreements are later challenged or disputed.
- Investment & wealth: Mandates and authorisations require a verifiable link between the identified client and the instruction or agreement under regulated advisory and execution frameworks.
- Crypto services: Under MiCA, providers remain subject to EU anti-money laundering requirements, including customer due diligence, requiring reliable evidence of customer identity and consent at the point of agreement.
From fintech and payments to healthcare, real estate, and legal services, the requirement is the same: a durable, verifiable link between identity and signature, which is exactly what this partnership delivers.
From Verified Identity To Qualified Signature
Shufti verifies the customer through document and biometric checks, NFC-enabled document reads, or national eID schemes. The verified details pass securely to Evrotrust, which issues the Qualified Certificate and signs the document. The signed result then returns through Shufti to the organisation and the customer, completing a single, verified journey from identity to signature. It includes:
- Only a cryptographic hash of the document is sent for signing, so the document itself never leaves the organisation’s environment.
- The signature is embedded in a PAdES-LTV file with long-term validation, keeping it verifiable for up to 20 years, while the supporting evidence package is retained for 10 years per signed document.
- Under eIDAS Article 25, the signature is automatically recognised across the EU-27 and the wider EEA, including Iceland, Liechtenstein, and Norway, so cross-border agreements close without separate legal review in each member state.
- Sequential multi-signatory workflows let each party verify independently and apply their own qualified signature, with individual timestamps.
- Verification, compliance, and signing land in a single audit trail returned to both the organisation and the customer.
- The service is API-first across web and mobile, with three routes into qualified signing.
If an agreement is later challenged, the organisation has a single defensible trail rather than two systems to reconcile.
“This partnership reflects how we’re building Shufti, one platform that handles identity, AML, and fraud, now extended to qualified electronic signatures through Evrotrust,” said Roger Redfearn-Tyrzyk, Chief Commercial Officer at Shufti. “Bringing QES into the platform gives regulated businesses a single trusted journey from onboarding through to legally binding signature, and lets us enable eID and EUDI wallets paired with qualified signing for fully compliant eIDAS 2.0 journeys.”
Built for what’s coming under eIDAS 2.0 and AMLR
The timing of the partnership aligns with major changes in Europe’s digital identity and compliance landscape.
From 10 July 2027, the EU’s Anti-Money Laundering Regulation (AMLR) will make Qualified Electronic Signatures, notified eIDs, and the EU Digital Identity Wallet the primary route for compliant onboarding, downgrading remote video identification to a fallback method.
A parallel shift comes from ETSI TS 119 461, the standard for identity proofing. Verification today is eIDAS-compliant under ETSI TS 119 461 v1. From 19 August 2027, v2.1.1 took full effect and raised the bar to its highest level, the Extended Level of Identity Proofing (LoIP). Shufti is on a roadmap to v2.1.1 certification ahead of that deadline, positioning it for eID and EUDI Wallet-based onboarding.
Redfearn-Tyrzyk further added: “Because we own our core technology, we adapt to regulatory change at speed, from the incoming AMLR single rulebook to evolving eIDAS requirements, far faster than legacy providers can. We’re proud to extend Shufti’s verification to Evrotrust’s clients and to bring qualified signing to ours.”
While EUDI Wallets take on a growing role, organisations will still need orchestration layers for onboarding, compliance checks, fraud prevention, auditability, and qualified signing. Qualified signatures don’t replace that journey; under the incoming rules, they become essential to it.
Organisations exploring QES-enabled onboarding can learn more at www.shufti.com.
About Shufti
Shufti is a global identity verification and AML compliance provider, helping businesses onboard customers and meet their regulatory obligations across more than 240 countries and territories. Built entirely in-house, its platform spans document verification, biometric verification, age verification, AML screening, deepfake detection, fraud prevention, and VideoIdent, with solutions tailored to regulated European markets.
Shufti’s passive liveness detection is certified to iBeta Level 3 (ISO/IEC 30107-3) with a 0% error rate, and the platform is certified to ISO 27001 and SOC 2 Type II, and is fully GDPR compliant.
Media Contact
Aroosa Virk
Brand and Communications Manager
Shufti
[email protected]
