Shufti, Evrotrust link identity checks to qualified signatures across EU onboarding

Shufti and Evrotrust have teamed up to combine identity verification and Qualified Electronic Signatures in one onboarding flow across the 27 EU member states. The partnership is designed to strengthen auditability and compliance as Europe moves toward tighter eIDAS 2.0 and AML rules.

Why it matters: - Regulated businesses often verify a customer in one system and collect a legally binding signature in another. - That split can weaken the evidence trail, complicate audits, and leave room for fraud. - The new combined flow is meant to keep identity proof and qualified signing in one evidentiary chain across the EU.

What happened: - Shufti partnered with Evrotrust to create a single onboarding journey that combines identity verification with Qualified Electronic Signatures. - The workflow is available across all 27 EU member states where QES is recognized under eIDAS. - The companies say the process links verified identity directly to a qualified certificate and signature within one API flow.

The details: - Shufti handles identity verification, onboarding orchestration, and compliance controls. - Evrotrust, a Qualified Trust Service Provider on the EU Trusted List, issues the Qualified Certificate and performs the qualified signing. - Shufti verifies users through document and biometric checks, NFC-enabled document reads, or national eID schemes. - The verified data passes securely to Evrotrust, which signs a cryptographic hash of the document. - Only the hash is sent for signing, so the full document can remain inside the organization’s own environment. - The signed output is embedded in a PAdES-LTV file designed for long-term validation. - The signature remains verifiable for up to 20 years, while the supporting evidence package is retained for 10 years per signed document. - The legal effect of QES under eIDAS Article 25 extends across the EU and the wider EEA, including Iceland, Liechtenstein, and Norway. - A single verified session can cover multiple documents. - The organization keeps the full evidence package and audit trail, while the signer receives the finished signed document. - The flow works through one API across web and mobile. - Konstantin Bezuhanov, CEO at Evrotrust, said the collaboration reflects a shared vision for digital trust and stronger security, compliance, and user experience.

Between the lines: - Banking, insurance, investment, crypto, healthcare, real estate, and legal services all face the same core problem: proving that a signature belongs to the verified person. - The partnership is positioned as infrastructure for upcoming EU rule changes, not just a point solution for today’s onboarding. - Shufti says it is on a roadmap to ETSI TS 119 461 v2.1.1 certification ahead of the 19 August 2027 deadline. - The newer standard introduces a higher identity-proofing tier called the Extended Level of Identity Proofing. - From 10 July 2027, the EU’s Anti-Money Laundering Regulation is set to make QES, notified eIDs, and the EU Digital Identity Wallet primary methods for compliant onboarding, with remote video identification moving to a fallback role. - The partnership also anticipates eIDAS 2.0 journeys that pair eID and EUDI wallets with qualified signing. - Roger Redfearn-Tyrzyk, chief commercial officer at Shufti, said the company is extending its platform from identity, AML, and fraud into qualified electronic signatures through Evrotrust.

What's next: - Shufti is aiming for v2.1.1 certification before the 2027 ETSI deadline. - Organizations exploring QES-enabled onboarding can learn more at Shufti's website or speak with the Shufti team. - As EU Digital Identity Wallets roll out, regulated firms will still need onboarding orchestration, fraud controls, auditability, and signing in one process.

The bottom line: - Shufti and Evrotrust are betting that European onboarding will increasingly require identity verification and qualified signing to be bundled into one compliant workflow, not stitched together after the fact.