European eArchiving is a fundamental pillar of European trust services, designed to support and enable all other qualified digital services. European digital preservation will make qualified electronic archiving a mandatory step for companies and public administrations, ensuring interoperability, security, continuity, and evidentiary value recognized across all EU Member States. In this scenario, it is essential for companies and public administrations to rapidly align with the new European model, strengthening the governance of their information assets.
The qualified electronic archiving service, endowed with legal presumptions and a technically harmonized European framework, ensures that digital data and documents remain intact, readable, and traceable to their origin throughout the entire retention period. Its foundations are based on Commission Implementing Regulation (EU) 2025/2532, in force since 6 January 2026, and on the technical specification CEN TS 18170:2025, which defines functional requirements for designing and managing compliant, reliable, and interoperable archiving services. It is significant that the eIDAS Committee unanimously approved the draft regulation on 13 November 2025, confirming the Union’s clear intention to converge towards shared standards and solid evidentiary presumptions.
The regulatory context: from eIDAS 1.0 to eIDAS 2.0
The first version of eIDAS (Regulation EU 910/2014) represented a turning point for the digital trust ecosystem in Europe, introducing a uniform legal framework for electronic signatures, seals, timestamps, electronic registered delivery services (ERDS), and website authentication certificates, enabling the creation of a single digital market through interoperability and mutual recognition among Member States.
With eIDAS 2.0, published in 2024, the Union introduced new trust services – qualified electronic archiving, qualified electronic attribute attestations, electronic ledgers, and remote signature and seal creation devices – to address an increasingly complex digital market characterized by high data exchange.
The objective is twofold: to strengthen trust in digital transactions and to foster the creation of a unified European digital identity market without technical or regulatory barriers. In line with this approach, eIDAS 2.0 refers to specific Commission Implementing Acts to define in detail the technical and operational standards of the new services. For electronic archiving, Article 45j establishes the general framework, while Implementing Regulation (EU) 2025/2532 governs requirements, standards, and qualification procedures for providers.
The Implementing Act: Regulation (EU) 2025/2532
Implementing Regulation (EU) 2025/2532 fully operationalizes the new qualified eArchiving trust service, with implementing rules and standards ensuring European uniformity and interoperability. Its three core pillars are: establishing a solid legal trust framework, imposing high operational security requirements, and defining harmonized technical standards.
Thanks to the legal presumption of integrity and origin, documents archived with a qualified provider acquire full evidentiary value, significantly simplifying disclosure and verification procedures. This presumption, valid in all Member States, reduces grounds for dispute and strengthens the legal reliability of produced evidence. The mandatory use of qualified signatures, seals, and timestamps to attest critical archiving lifecycle events further enhances robustness.
To ensure interoperability and transparency, the regulation refers to recognized standards such as CEN TS 18170:2025 for service functional requirements and ISO 14721:2025 (OAIS) for long-term preservation. ETSI standards ensure correctness and verifiability of evidence, while the Commission may integrate additional technical specifications to support technological evolution.
Legal trust, operational security, and technical harmonization define an advanced digital preservation model, with evidentiary strength and rigor comparable to other qualified services.
Operational and security requirements: transparency, cryptography, NIS2 and termination plan
The Regulation outlines a comprehensive operational reliability model based on transparency, multi-layer security, and service continuity. Transparency obligations towards supervisory bodies and clients become structural: any significant change must be communicated at least one month in advance; service termination at least three months in advance, with a detailed plan ensuring continuity of preservation; clear and accessible contractual documentation forms part of the required guarantees.
Personnel must demonstrate up-to-date expertise, with at least annual training on threats, security, and regulation, in line with NIS2.
From a technical perspective, security requires certified key protection devices (Common Criteria EAL4+, EUCC, or FIPS 140-3 until 2030), continuous cryptographic robustness monitoring, and the ability to generate new OAIS- and CEN TS 18170-compliant AIP profiles in case of algorithm obsolescence. Qualified signatures, seals, and timestamps compliant with ETSI EN 319 421 are mandatory. Event logging must comply with ETSI EN 319 401, ensuring a complete and verifiable audit trail.
Operational cybersecurity includes quarterly vulnerability scans, annual penetration tests, system hardening, and mutual authentication of components. Incident management must align with NIS2. The Regulation also requires a detailed termination plan ensuring secure, verifiable, and interoperable data transfer to another provider or to the data owner, in compliance with OAIS and CEN TS 18170.
In Italy, updates to AgID Guidelines are expected to harmonize them with the Digital Administration Code (CAD) and NIS2. The issue of minimum capital requirements for QTSPs remains debated.
CEN TS 18170:2025 – Functional requirements for eArchiving services
CEN TS 18170:2025, published by CEN/TC 468 in 2025, is the first European standard entirely dedicated to e-archiving services and provides a harmonized framework of functional requirements applicable to both qualified and non-qualified services, enabling long-term preservation consistent with the principles of eIDAS 2.0.
The specification covers all phases of the digital document lifecycle – receipt, ingestion, storage, retrieval, and deletion – defining requirements to ensure durability, readability, accessibility, and independence from proprietary formats. Particular attention is paid to technological obsolescence through procedures for format migration, metadata preservation, and long-term integrity verification.
A distinctive element of the standard is the obligation to produce automated integrity reports, particularly relevant in audit contexts, litigation, and compliance checks. CEN TS 18170 also emphasizes security, including access controls, event traceability, integration with other trust services, and the use of standardized protocols ensuring interoperability and data portability across systems and countries. Guidelines for energy-efficient solutions reflect the EU’s sustainability focus.
CEN TS 18170 is therefore a true enabler of trust: its adoption facilitates provider qualification, promotes mutual recognition, and offers public administrations and companies a solid framework to reduce legal risks and management costs.
Relationship between the Implementing Act and CEN TS 18170: a European convergence
Standards for e-archiving represent a balance between market needs, stakeholder contributions, and the EU’s objective of achieving a truly interoperable framework. The Implementing Act embraces this approach, integrating CEN TS 18170 as the reference standard for eArchiving and steering the entire European ecosystem toward modern, verifiable requirements aligned with NIS2.
CEN TS 18170 was selected because it provides comprehensive and updated coverage of the entire archiving lifecycle, integrating security, sustainability, and interoperability aspects with the OAIS model, the reference architecture for long-term preservation.
This “future-proof” approach avoids regulatory fragmentation, promotes solution scalability and integration with emerging technologies – such as distributed ledgers and automated audits – and enables a clear, efficient, and harmonized supervision and audit system.
Supporting ecosystem: eArchiving Initiative and EARK
The Implementing Act and CEN TS 18170 define what a compliant archiving service must do; the eArchiving Initiative and the EARK tradition clarify how to implement it operationally.
Launched by the European Commission for the 2022–2026 period, the eArchiving Initiative aims to ensure that digital data and documents are archived and preserved securely, legibly, and interoperably over the long term, in line with the OAIS model and CEN TS 18170. The initiative is based on key principles such as the adoption of open formats, interoperability by design, and the reduction of technological lock-in.
The DILCIS Board developed standardized information packages – Submission Information Package (SIP), Archival Information Package (AIP), and Dissemination Information Package (DIP) – which form the basis of the solutions promoted by the initiative and the eArchiving building block. The latter provides modular tools and operational documentation for implementing compliant processes.
The legacy of the EARK project, launched in 2014, significantly contributes to the body of specifications and open-source software now integrated into the initiative, ensuring continuity beyond the European funding cycle. The overall impact is substantial: reduced implementation costs for public administrations and providers, strengthened mutual trust among Member States, and greater convergence between national regulations and international standards. The result is a more mature, sustainable, and interoperable European digital preservation ecosystem.
Towards European archiving: strategic choices and operational implications
Digital preservation in Italy is undergoing profound transformation. The traditional dichotomy between the national model, based on the Digital Administration Code (CAD) and AgID Guidelines, and the European trust service is giving way to a new balance, in which conservators, public administrations, and companies must make strategic choices based on operational needs, risk levels, and ambitions. Some operators will prioritize national compliance continuity, others will aim for European recognition, while others may seek greater flexibility for the private market.
For QTSPs, adapting to the Implementing Act implies significant evolution: process revision, systematic integration of qualified evidence (signatures, seals, timestamps), mapping of CEN TS 18170 requirements, rigorous document lifecycle management, structured SLAs, maintenance of verifiable audit trails, metadata management according to European standards, technological migration plans, automated reporting, and periodic audits compliant with eIDAS 2 and NIS2. This requires investment in secure infrastructures (such as HSMs and advanced logging systems), qualified personnel, and continuous policy updates.
For public administrations and companies, qualified eArchiving offers tangible benefits: reduced legal risk, greater evidentiary certainty, simplified audit and compliance processes, operational continuity through open formats and modular specifications, absence of technological lock-in, and enhanced long-term documentary resilience. Alignment with European regulations also enables more solid and sustainable document governance capable of addressing technological evolution without compromising information asset protection.
Namirial’s role as a QTSP in long-term eArchiving
In this scenario, the role of a QTSP such as Namirial is strategic, having anticipated regulatory developments and already obtained certifications in eArchiving and Long-Term Archiving (LTA) in several EU and non-EU countries.
Within the EU, Namirial holds recognitions and certifications for archiving and LTA services in Germany, France, and Romania – markets characterized by advanced regulatory requirements and particular attention to evidentiary, security, and governance aspects. This multi-jurisdictional presence reflects a design approach based on European standards, interoperability, and compliance by design, fully aligned with eIDAS 2.0 principles.
The adoption of organizational and technical models aligned with OAIS and the functional requirements codified in CEN TS 18170:2025 enables Namirial to manage the entire lifecycle of digital documents, ensuring integrity, traceability, readability, and verifiability over time. Native integration of qualified signatures, seals, and timestamps further strengthens evidentiary value.
Looking ahead, Namirial is in an advanced phase toward eIDAS qualification for its eArchiving service – a natural evolution of a path already based on multi-country compliance, operational security, structured metadata management, and service continuity, including termination plan and portability requirements.
The experience gained in different regulatory contexts and alignment with emerging European standards position Namirial as a key player in the future qualified eArchiving ecosystem, capable of supporting public administrations and companies in cross-border scenarios, reducing legal risk, and enabling truly interoperable preservation models at EU level.
