In the end it's mostly x509 certificates, an ETSI pADES PDF signature for example contains the signing x509 certificate (ETSI specifies extension OID's to the x509 certificates to contain personal numbers, country, etc).

The big question is how to let users properly handle their certificates so they won't get abused into being useless.

If I understood it correctly, the German current Ausweissapp seems to require NFC to read it from your personal id card together with a PIN code you got with the card, it's not entirely user-friendly since aligning the card with your phone seems to be prickly.

Swedish BankID handles it internally in their app (unlocked via PIN's) but they don't have a good way to use it to sign things (It all relies on the infrastructure even if they give out signature documents it's not compatible with pADES).

There's a new govt sponsored one that I assume will piggyback on the personal cards/passes that are readable via NFC.

Norway and Denmark iirc supports proper signatures but I don't think the certificates are under user control (someone correct me if I'm wrong here).

Now these things are mostly issues for document signatures, authentication is often handled via other flows.

What I skimmed from the article, it seems to be more in line with Swedish BankID and is actually fairly smooth for end users even if less secure than what they have now with Ausweissapp.

Most people wouldn't know what to do with a certificate, so governments build some stuff on top (like an official mobile app) which makes auth easier. It's usually just certificates underneath (not exposed to the user).

Eidas tries to harmonize these implementations across EU member states.

eIDAS is about making the electronic IDs emitted by the different EU governments intercompatible, so you can use a Slovenian certificate to authenticate into the German tax system, if you want to.