Digital Identity in European Freight: The Complete Guide to eCMR, eFTI, and Cross-Border Signing
Everything logistics leaders need to know about digital identity for freight — from eFTI compliance and signature levels to the non-EU identity gap.
July 2027 is approaching fast. The eFTI regulation will require every freight operator in the EU to exchange transport documents digitally with authorities. The eCMR — the electronic consignment note — is replacing paper across Europe's busiest freight corridors. Platforms exist. The legal framework is in place. The technology works.
Yet there is a problem that almost no one in the industry is talking about openly: digital identity. Not the document. The people signing it.
This guide brings together everything we have learned — from our own eCMR pilot, from working with logistics companies across Europe, and from studying the regulatory landscape in detail — into a single resource for logistics leaders preparing for the digital transition.
The Shift That Changes Everything
The scale of what is about to happen is worth pausing on. The European Commission estimates that digitising freight documentation will save the transport sector up to €1 billion per year. Independent research backs this up at the individual company level: a study for the Danish Ministry of Transport found that processing a paper CMR takes 23 minutes, while an eCMR takes 9. A separate automotive industry survey measured the cost at €6.23 per paper document versus €1.69 for eCMR — a 72% reduction.
The IRU estimates that the shift could free up 75 to 102 million work hours annually across European logistics — equivalent to 40,000 to 50,000 full-time administrative positions.
These numbers are real and independently verified. We break them down in detail, with full source citations, in our analysis of the real cost difference between paper CMR and eCMR.
But the savings only materialise if every party in the supply chain can actually sign the documents digitally. And that requires every party to have a digital identity.
The eCMR Is Not Just a Document — It Is a Signing Workflow
A paper CMR is simple: three carbon copies, a pen, a signature. The electronic version is fundamentally different. It is a digital workflow where multiple parties — shipper, carrier, driver, consignee — must authenticate and sign at different stages of the shipment.
Every signature requires identity verification. The eCMR protocol demands that the electronic signature ensures both authenticity (the signer is who they claim to be) and integrity (the document has not been altered since signing). This is not a checkbox exercise. It is a cryptographic requirement.
Large logistics operators with established IT systems can handle this for their own employees. The challenge emerges with subcontractors — and European freight runs on subcontracting. Carriers from Turkey, Ukraine, Moldova, and Central Asia transport a significant share of goods crossing EU borders. The eCMR protocol has been ratified by 38 countries, including many outside the EU. These carriers and their drivers must also sign digitally.
But with what identity?
Today, many eCMR platforms use workarounds: one-time access codes, SMS verification, or simple login credentials. At the most critical point in the supply chain — the physical handover of goods — the party involved often lacks a real, verifiable digital identity. When that party is a subcontractor from a third country, the gap becomes a liability.
Signature Levels: Why AES Is Sufficient (and Why That Matters)
One of the most common misconceptions in logistics is that eCMR requires a Qualified Electronic Signature (QES) — the most expensive and complex option under the eIDAS regulation. It does not.
The eIDAS framework defines three levels: Simple (SES), Advanced (AdES), and Qualified (QES). For eCMR and the vast majority of freight documentation, an Advanced Electronic Signature is legally sufficient. This is confirmed by industry practice across Europe — the Open Logistics Foundation's eCMR standard uses advanced electronic seals, and countries actively implementing eCMR (Spain, Benelux, Germany) rely on AdES-level signing.
The practical difference is significant. AdES can be generated remotely on a mobile device in seconds. QES typically requires a qualified certificate from an EU Trusted Service Provider, often involving hardware tokens or face-to-face verification. For a small Turkish carrier with ten drivers, the QES process is prohibitively burdensome. AdES delivers the same result — identity verification, PKI-based signature, document integrity, and traceability — without that burden.
But even AdES requires the signatory to have a verifiable digital identity. You cannot create an Advanced Electronic Signature anonymously.
We explain the differences between all three signature levels, with specific guidance on when to use each for logistics documents, in our detailed guide to AdES vs QES for logistics.
The EUDI Wallet: A Solution for Half the Problem
The EU is building a solution: the European Digital Identity Wallet (EUDI). By the end of 2026, all 27 member states must provide their citizens with a digital identity wallet. Banks, large online platforms, and public services will be required to accept it. The logistics sector is one of the first testing grounds — the Open Logistics Foundation is already developing a server-based European Business Wallet specifically for eCMR signing.
For transactions between EU parties, this will eventually be transformative. But the EUDI wallet has a structural limitation that directly affects freight: it only covers EU member states.
The CMR Convention has over 50 member countries. The eCMR protocol has been ratified by 38 — including Turkey, Ukraine, the United Kingdom, Belarus, Moldova, and Central Asian states. None of these countries will get the EUDI wallet. Their carriers and drivers will have no access to the European digital identity ecosystem.
This is not a niche edge case. EU-Turkey trade alone generates millions of freight movements per year. Add Ukraine, Morocco, the Western Balkans, and Central Asia, and the scale of the gap becomes clear: we are building a digital infrastructure for European logistics that requires a digital identity, but the most active non-EU users of that infrastructure are excluded from the solution.
Several member states are also unlikely to have fully functional wallets by the December 2026 deadline. The Netherlands has already signalled delays. Bulgaria has not begun development. The reality for the next several years will be uneven EUDI coverage even within the EU.
We analyse what the EUDI wallet covers and — critically — what it does not in our detailed examination of the EUDI identity gap.
The Missing Layer: Passport-Based Digital Identity
The gap between what EUDI covers (27 countries) and what European logistics needs (179 countries with biometric passports) requires a complementary layer of identity infrastructure.
The technology to bridge this gap already exists. Modern biometric passports contain NFC chips with cryptographically signed identity data, issued under the ICAO 9303 standard. These passports are in circulation in 179 countries. The chip cannot be forged. The data is signed by the issuing government. Reading it requires physical proximity to the passport.
At IdentiGate, we built our platform on this foundation. A driver — regardless of nationality — scans their biometric passport with a smartphone. In 90 seconds, they have a device-bound digital identity that can produce Advanced Electronic Signatures meeting eIDAS requirements. No hardware tokens. No dependency on national eID infrastructure. No EU citizenship required.
The key principle: EUDI is government infrastructure for EU citizens. Passport-based identity is available to anyone with a biometric passport, regardless of which country issued it. The two are complementary layers, not competitors.
A German warehouse operator signs with their EUDI wallet or national eID. A Turkish driver signs with their passport-based digital identity. Both signatures carry legal weight. Both identities are cryptographically verified. The eCMR is complete.
We describe how this works in practice — from our live eCMR signing pilot — in our article on cross-border digital identity for logistics.
Four Questions Every Logistics Leader Should Ask Today
If you are a carrier, freight forwarder, logistics provider, or eCMR platform operator, here is what you should be evaluating now.
Do your subcontractors have a digital identity? Not a user account or a login — an eIDAS-compliant identity that enables Advanced Electronic Signature. If the answer is no, and for most European carriers it is, you have a compliance gap by July 2027.
Do you know which signature level you actually need? Many companies assume QES is required for eCMR and overpay accordingly. For the vast majority of freight documents, AdES is legally sufficient — at significantly lower cost and complexity. Understanding this distinction can save substantial money across your operation.
How will you handle non-EU carriers? If your supply chain includes carriers from Turkey, Ukraine, Moldova, or any other non-EU country — and most European logistics operations do — the EUDI wallet will not cover them. You need an identity solution that works outside the EU ecosystem while remaining eFTI-compliant.
Are your systems ready? The eFTI architecture assumes that parties trust each other because they agree on identities, authentication, and access policies. This requires interoperable systems and unified data standards — both within the EU and across borders. The companies that start preparing in 2026 will be ready in 2027. The rest will be scrambling.
The Road Ahead
The digital transition of European logistics is not a technology problem. eCMR platforms exist. The eFTI regulation has been adopted. Signature solutions — including affordable AdES-based ones — are on the market.
What is missing is more fundamental: a digital identity for every party in the supply chain. For the driver confirming receipt of goods in Bratislava. For the subcontractor moving freight from Tallinn to Berlin. For the Turkish carrier crossing EU borders daily, but for whom no European digital identity wallet exists.
As long as this gap remains — both within the EU and with third countries — the full promise of eFTI and eCMR will remain partially unfulfilled. The technology is ready. The regulation is set. The question that remains is the most basic one in any transaction: who is on the other side?
Further reading from our blog:
- Cross-Border Digital Identity for Logistics: How Estonia's e-State Thinking Tackles Europe's eCMR Challenge
- AdES vs QES: Which Electronic Signature Level Does Your Logistics Business Actually Need?
- Paper CMR vs eCMR: The Real Cost of Not Going Digital
- The EUDI Wallet Covers 27 Countries. What About the Other 152?
IdentiGate is a cross-border digital identity and electronic signature infrastructure built in Tallinn, Estonia. We support biometric passports from 179 countries via a single API. Learn more at identigate.com