Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
- FROM
- —
- CLOUD ACT
- MINOR
US-owned e-signature leader. Direct CLOUD Act exposure.
Skribble (Switzerland, Zurich, Swiss-hosted, CLOUD Act exposure: None) and Yousign (France, Caen, EU-headquartered, EU-hosted, CLOUD Act exposure: Minor) are the strongest European alternatives to DocuSign on the data-sovereignty axis; Skribble adds Swiss ZertES alongside eIDAS, and Yousign is the most-adopted French QTSP with the smoothest migration UX. Universign (France, Paris) and Signaturit (Spain, Barcelona) are longer-running QTSPs with deeper enterprise track records, but both are now US-private-equity-owned (Bain Capital and PSG Equity) and hosted at rest on AWS, so CLOUD Act exposure: Material. All are Qualified Trust Service Providers (QTSPs) on the EU Trusted List. DocuSign, Inc. (NASDAQ: DOCU) is US-incorporated; its standard product issues advanced signatures, not eIDAS-qualified signatures.
DISCLOSURE Some links on this site are affiliate links. We may earn a commission at no extra cost to you. Editorial signals and rankings are never influenced by affiliate relationships.
Ordered by feature parity and migration friction, which is weighted higher than feature breadth.
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
All 7 alternatives, benchmarked against DocuSign.
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.
Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.
E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).
| Product | Hosting | Sovereignty | Cert. | Pricing | Signals | Open |
|---|---|---|---|---|---|---|
|
DocuSign
benchmark · US
|
— |
US-LINKED | SOC 2 no EU framework |
Freemium |
E2E
Public DPA
Sub-processors
Open source
|
|
|
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
|
CAEN · FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
|
ZURICH · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
|
PARIS · FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.
|
BARCELONA · ES
Spain
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
|
US
United States
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
SOC 2
|
Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.
|
—
Norway
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
ISO/IEC 27018
+1 more
|
Paid |
Public DPA
Sub-processors
Open source
|
→ |
|
E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).
|
DUBLIN · IE
Ireland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | Yousign | Skribble | Universign | Signaturit (Namirial) | Eversign (Xodo Sign) | Signicat | Tresorit eSign |
|---|---|---|---|---|---|---|---|
| Qualified signature (QES) | Yes | Yes | Yes | Yes | No | Yes | Yes |
| Advanced signature (AES) | Yes | Yes | Yes | Yes | No | Yes | No |
| Audit trail | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Templates | Yes | No | Yes | Yes | Yes | No | |
| Bulk send | Yes | Yes | Yes | ||||
| In-person signing | Yes | Yes | Yes | Yes | |||
| ID verification | Yes | Yes | Yes | Yes | Yes | Yes | |
| API / webhooks | Yes | Yes | Yes | Yes | Yes | Yes | No |
Listed for transparency. Every product on this page is benchmarked against this baseline.
Listed for transparency. Every product on this page is benchmarked against this baseline.
US-owned e-signature leader. Direct CLOUD Act exposure.
DocuSign is the default e-signature platform for a generation of sales, legal, and HR teams. It is also a US-incorporated product (DocuSign, Inc., publicly listed on NASDAQ as DOCU), with sub-processors and primary infrastructure under US jurisdiction. A German procurement team writing a Schrems II transfer impact assessment, a French legal team requiring qualified electronic signatures (QES) under eIDAS for regulated contracts, or a European SaaS auditing how customer agreements get signed will all run into the same practical differentiator: European trust service providers issue QES that carries cross-EU legal equivalence to a handwritten signature, which DocuSign's standard advanced-signature product does not.
Skribble is the strongest Swiss option and the cleanest on sovereignty, supporting both eIDAS QES and Swiss ZertES with no US sub-processor in the data path (Switzerland, Zurich, Swiss-hosted, no CLOUD Act exposure); Yousign is the most-adopted French QTSP with the smoothest migration UX from DocuSign (France, Caen, EU-headquartered and EU-hosted, minor exposure, US-VC-funded); and Universign is the longer-running French QTSP with deeper enterprise references (France, Paris, EU-hosted), though as of July 2026 it and its sister brand Signaturit are US-private-equity-owned and hosted at rest on AWS, placing them at material CLOUD Act exposure. These are among the five alternatives mapped below, each checked against company ownership, data location, QTSP status under eIDAS, and a recognised European compliance framework (ISO 27001, BSI C5, EUCS, SecNumCloud).
What actually survives the move from DocuSign to a European e-signature platform?
What you gain (compared to DocuSign):
What doesn't come with it:
Six steps, most of them about templates and QTSP onboarding rather than the signing tool itself:
Here's the quickest route from your situation to a shortlist:
For e-signatures the decision usually turns on one axis: does the contract legally need QES-level recognition, or is AES enough so cost, language, or jurisdiction can decide instead; the table above sorts on exactly that.
For every product we read the public DPA, sub-processors document, hosting region declaration, and corporate ownership records. Each is timestamped. Signals are editorial, re-verified quarterly. We never accept self-attestation.
Reviewed by the EU Vetted editorial team · Editorial guidelines
Last verified July 2026