EU Defence Tenders 2026: Do EDIP and EDF Need QES?

Most EU defence tender submissions do not require a qualified electronic signature. EDIP and EDF proposals submit through the EU Funding & Tenders Portal, which signs via EU Login — an advanced electronic signature process, not QES. National defence procurement portals vary, but Directive 2014/24 sets AdES with a qualified certificate as the standard evidentiary level.

The European Defence Industry Programme (EDIP) received final Council approval on 8 December 2025 (Consilium press release, 08.12.2025). Its first call opens 31 March 2026 and closes around October 2026, with a total programme envelope of €1.5 billion for 2025–2027 (EDIP — European Commission). In parallel, the European Defence Fund (EDF) 2026 Work Programme, adopted by the Commission on 17 December 2025, earmarks €1 billion for collaborative defence R&D (EDF Work Programme 2026). Both submit through the same infrastructure: the EU Funding & Tenders Portal (FTOP).

For defence SMEs preparing a first bid, the signature requirement is one of the earliest practical questions. Many assume the answer is a qualified electronic signature (QES) — the eIDAS tier legally equivalent to a handwritten signature. The assumption creates unnecessary friction: firms either over-invest in QES issuance arrangements they do not need, or abandon the bid because they perceive QES as a blocker. The regulation does not actually say that.

The EU Funding & Tenders Portal: What Defence SMEs Actually Sign With

The FTOP is the Single Electronic Data Interchange Area for every programme managed by the European Commission, including EDIP, EDF, EDIRPA, and EUDIS. Every tender submission, grant signature, and declaration of honour goes through it.

The signing mechanism, documented in the Commission's own IT guidance for the portal, works as follows (F&T Portal eSignature — IT How To, Declaration of Honour — IT How To):

• The Project Legal Signatory (PLSIGN) — a named natural person pre-authorised by the beneficiary — logs into the portal with their personal EU Login account.
• The PLSIGN reviews the document on screen, then confirms with their EU Login password.
• The system generates a PDF with a digital seal, a timestamp, and the signatory's EU Login credentials embedded in the signature placeholder.

This is not a QES. EU Login is not a qualified trust service under eIDAS, and the signature is not produced with a qualified signature creation device. What it is, in practice, is an advanced electronic signature (AdES) as defined in Article 26 of eIDAS: uniquely linked to the signatory, capable of identifying the signatory, created under the signatory's sole control, and linked to the data so that any subsequent change is detectable.

The one FTOP flow that genuinely needs a QES is LEAR (Legal Entity Appointed Representative) appointment. The LEAR appointment letter must be signed with blue ink or QES and uploaded to the Participant Register as a scanned document. That is a one-off legal-entity onboarding step, separate from tender submission. After the LEAR is recorded, the legal entity appoints PLSIGNs and LSIGNs, who sign portal workflows via EU Login — no QES required.

For a defence SME submitting its first EDIP or EDF bid, the signature-level question collapses to this: do you have a LEAR recorded in the Participant Register? If yes, every subsequent submission is AdES via EU Login. If no, you need to complete LEAR appointment once, which accepts either a blue-ink paper signature or a QES on the uploaded letter.

What Directive 2014/24 Says About Signature Levels

The legal backbone of EU public procurement sits in Directive 2014/24/EU on public procurement. Article 22 governs the signature level contracting authorities can require from tenderers (Directive 2014/24/EU, Article 22 — EUR-Lex):

"Where the level of risks is assessed to require advanced electronic signatures as defined by Directive 1999/93/EC, contracting authorities shall accept advanced electronic signatures supported by a qualified certificate, taking into account whether those certificates are provided by a certificate services provider on a trusted list."

Two things follow. First, the evidentiary default for public procurement is AdES supported by a qualified certificate — not QES. Second, contracting authorities "shall not apply additional requirements that may hinder the use of those signatures" beyond verifying the certificate against the EU trusted list. An authority that silently insists on QES where Article 22 allows AdES-with-qualified-certificate is applying a prohibited additional requirement.

eIDAS Article 27 — electronic signatures in public services — tightens the ceiling further. Member States "shall not request signatures of a higher level than qualified electronic signature." QES is the maximum level a public service may require, not the baseline. In practice, for most calls — including the overwhelming majority of EDIP and EDF submissions via FTOP — the signature level sits one tier below that maximum.

The same logic runs under eIDAS Article 25: a signature cannot be denied legal effect "solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures." Non-QES signatures are admissible; they carry evidentiary weight; they survive judicial scrutiny. This is the non-discrimination principle — and it is why the defence-tender-needs-QES assumption does not survive contact with the text of the regulation.

When QES Actually Applies in Defence Procurement

This post is a myth-buster, not a blanket "you never need QES" claim. There are four defence-adjacent flows where QES is the genuine answer.

1. LEAR appointment on the FTOP Participant Register — as described above. The LEAR letter upload accepts blue ink or QES.
2. A specific national defence portal that names QES in its call documents. Some Member States' national procurement portals, for specific call types, explicitly require QES. This is always stated in the call documents themselves. The rule of thumb for SMEs: read the signature-requirement clause in every call document, do not assume.
3. Framework agreement or high-value contract signature after award, in jurisdictions whose national procurement code requires QES for contracts above a value threshold. This is a post-award step, separate from bid submission. At that stage, the winning bidder signs the framework agreement; if the jurisdiction requires QES, the signatory turns to a Qualified Trust Service Provider for one-off issuance.
4. Some cross-border B2B defence-subcontracting flows where the prime requires a QES from the sub for the sub-contract itself. This is a private-law commercial decision, not a regulatory one — and it is often itself a hangover from the same QES-default assumption the public side has already moved beyond.

In each case, QES is a specific, documented requirement — not a default. If the tender documents, the FTOP workflow, the national portal FAQ, and the contract template all say AdES, then AdES is the correct level. Adding a QES on top of that does not strengthen the submission; it simply adds cost and delay.

National Defence Portals: A Mixed Picture

EU-level programmes (EDIP, EDF, EDIRPA, EUDIS) all route through FTOP and its EU Login AdES. National defence procurement is less uniform.

Germany passed the Act on Accelerated Planning and Procurement for the Bundeswehr on 15 January 2026 (Hogan Lovells commentary), simplifying procedures and expanding national-champion preferences while tightening access for non-EU bidders. Signature levels on the Bundeswehr's electronic procurement platform follow the German national eID and qualified-certificate infrastructure; call-specific requirements vary but AdES with a qualified certificate is broadly accepted.

France and Italy run national defence procurement through their respective national portals, with per-call signature-level specifications. French procurement commonly accepts AdES-with-qualified-certificate for bid submission; Italian procurement more often names firma digitale qualificata (QES) for contractual steps, reflecting the national preference embedded in Italy's electronic-signature practice.

European Defence Agency (EDA) procurement runs through the EDA Procurement Gateway and follows Directive 2014/24 principles — AdES-with-qualified-certificate as the procurement evidentiary default (EDA Procurement).

The mixed picture across national portals reinforces the rule for SME bidders: the signature level required is always in the call documents. A defence SME that reads every call's signature clause before preparing the bid will never be caught out. A defence SME that assumes a single signature type across all calls will sometimes over-invest and sometimes under-deliver.

What This Means for First-Time Defence Tender Bidders

The practical stack for a defence SME preparing to bid into EDIP, EDF, or a national defence call in 2026 is narrower than the folklore suggests.

• One-off, before any bid: complete LEAR appointment on the FTOP Participant Register. The LEAR letter accepts blue-ink paper signature or QES. Most SMEs complete this with blue ink and a scanned upload; some that already have QES infrastructure use QES. Either way, this is done once per legal entity.
• Per submission, every bid: the PLSIGN signs declarations of honour, proposal forms, and grant agreements via EU Login on FTOP. This is AdES. There is no additional signature requirement for the submission itself.
• Per document, as needed: when the bid includes attachments that must be signed by the bidder's authorised person (letters of commitment, letters of intent, affiliated-entity declarations), the signature-level required for those attachments is stated in the call documents. For most EU-level defence calls, AdES with a qualified certificate is sufficient. For the minority of cases where QES is named, one-off issuance from a QTSP covers the requirement.
• Post-award, at contract signature: follow the jurisdiction's rule. For EU-level grant agreements on FTOP, grant signature is via EU Login AdES. For national framework agreements, check the applicable national procurement code.

The broader picture this opens up is cross-border identity for the PLSIGN and for any co-signatories. EU Login uses EU-specific identity proofing that does not extend to non-EU-citizen co-bidders or non-EU consortium partners. For cross-border defence consortia — a typical shape for EDF projects that include a non-EU subcontractor — the signature on the portal is by the EU PLSIGN, but the commercial and technical documents underlying the bid may need signatures from non-EU partners. The EUDI Wallet covers 27 countries but not the other 153 who are routinely part of defence supply chains; biometric-passport-based identity verification covers that gap independent of any wallet.

For SMEs already handling cross-border signatures for non-EU subcontractors or counterparties, the AdES vs QES comparison in logistics covers the same distinction in the freight context — and defence supply chain identity covers it for the prime-and-sub workflow that EDIP and EDF participation typically generates. The post-quantum transition for eIDAS is the long-term signature-format question that will matter for defence contracts retained for ten or more years.

FAQ

Does EDIP require QES for tender submission? No. EDIP submissions go through the EU Funding & Tenders Portal, which signs via EU Login. That is an AdES process, not QES. The one FTOP step that needs QES (or blue-ink) is LEAR appointment, which is a one-off legal-entity onboarding, not a tender submission.

Does EDF require QES for proposal submission? No. Like EDIP, EDF 2026 submissions route through FTOP and use EU Login for signing. AdES is sufficient.

What is the minimum signature level for EU public procurement under Directive 2014/24? AdES supported by a qualified certificate. Contracting authorities must accept this level where the risk assessment calls for AdES, and must not apply additional requirements that would hinder its use.

When does QES actually matter in defence procurement? LEAR appointment; specific national defence calls that name QES in their call documents; post-award contract signature in jurisdictions whose procurement code requires QES above a value threshold; some private-law prime-to-subcontractor arrangements that carry over the QES assumption from older procurement practice.

Can a non-EU defence subcontractor sign a consortium agreement with AdES? Yes. The signature's legal admissibility under eIDAS does not depend on the signatory's citizenship; it depends on whether the signature meets the AdES technical criteria in Article 26. A passport-based digital identity enables AdES from any ICAO 9303 country. The EUDI Wallet does not reach non-EU citizens, but biometric-passport identity verification does.

Is AdES enough in court? Yes. eIDAS Article 25 prohibits courts from denying a signature legal effect "solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures." QES carries a specific legal presumption of integrity and of handwritten-signature equivalence; AdES carries evidentiary weight without that automatic presumption but is fully admissible.

Sources

EDIP

• European Defence Industry Programme — European Commission
• EDIP final approval — Consilium press release, 08.12.2025
• European defence industry programme — Council of the EU
• EDIP briefing — European Parliament Research Service

EDF

• European Defence Fund 2026 Work Programme — European Commission
• EDF — Official Commission page
• EDF on EU Funding & Tenders Portal

EU Funding & Tenders Portal signature mechanism

• EU Funding & Tenders Portal — home
• Grant signature — Online Manual
• Declaration of Honour — IT How To
• F&T Portal eSignature — IT How To

EU procurement and eIDAS legal framework

• Directive 2014/24/EU on public procurement — EUR-Lex
• Regulation (EU) No 910/2014 eIDAS consolidated — EUR-Lex
• European Commission eSignature FAQ

National defence procurement

• European Defence Agency — Procurement
• Germany defence procurement overhaul — Hogan Lovells (2026)
• Access to Defence Procurement — EDA

About the author

Gustav Poola is co-founder of IdentiGate. He focuses on the technical architecture of passport-chip identity verification, advanced electronic signature production under eIDAS, and the engineering of identity flows that survive regulator and auditor walk-back.