Les articles 1366 and 1367 of the Civil Code provide that the electronic signature has the same legal value than the handwritten signature. It is therefore admissible as evidence in court.
The eIDAS regulation, regulates the electronic signature in the European Union.
The regulation became applicable:
- September 29, 2015 for the notification and voluntary recognition of electronic identification means by Member States;
- July 1, 2016 for trust services and electronic documents;
- September 29, 2018 for the mandatory mutual recognition of electronic identification means by the Member States.
1. The security levels of electronic signatures
The eIDAS regulation defines four levels of security for electronic signatures.
The first two levels are:
- The simple (or basic) electronic signature
The simple electronic signature does not require any special requirements. in terms of security or the identification of the signatory, which makes it the lowest security level.
It is also very often used because it allows you to sign a document in a unsophisticated and swift. It is admissible in court, but it will however be impossible to demonstrate the identity of the signatory in the event of a dispute.
- Advanced electronic signature
The advanced signature has a higher level of security than the simple electronic signature by verifying the identity of the signatory. It must meet the following requirements:
- Be linked to the signatory in an unequivocal manner;
- Allow the signatory to be identified;
- Have been created using electronic signature creation data that the signatory can, with a high level of confidence, use under their exclusive control;
- Be linked to the data associated with this signature in such a way that any subsequent changes to the data are detectable.
When additional levels of signature validity are required, some providers offer two additional levels of electronic signature that comply with eIDAS requirements. In fact, the regulation defines two types of signatures based on certificates, for which authentication of the identity before it is issued is mandatory and which therefore constitute two levels whose security is higher than a simple electronic signature or an advanced electronic signature.
These two levels are:
- Advanced electronic signature with qualified certificate
Defined in Articles 26 and 28 of the eIDAS Regulation, advanced electronic signatures based on a qualified certificate require a higher level of security, identity verification and authentication to establish a link with the signatory.
It therefore has the same properties as an advanced electronic signature defined by Article 26 of the eIDAS Regulation but must also be based on a qualified certificate, issued by a qualified trust service provider meeting the requirements set out in Annex I of this same regulation.
- The qualified electronic signature
A qualified signature is the most secure type of digital signature. It must meet these two requirements:
- The process of issuing the digital certificate is only possible once theidentity of the signatory verified in person (face-to-face).
- The signature is created using a very secure device termed QSCD (Qualified Signature Creation Device). It is in this device that the qualified signature certificate is located. The QSCD was a physical device based on smart card technology. Nowadays, it is now legal for this QSCD to be a cloud system managed by a trusted service provider.
This device is the subject of a certification decision by a national authority. THEThe legal effect of a qualified electronic signature is equivalent to that of a handwritten signature.
2. The issuance of qualified certificates
In order to obtain a qualified electronic signature certificate, the signatory must contact an Electronic Certification Service Provider (Certification Authority) or a Registration Authority approved by the latter, so that his identity can be verified. Thus, section 2 of theOrder of 22 March 2019 relating to the electronic signature of public procurement contracts provides that:
“The qualified electronic signature certificate falls into at least one of the following categories:
1° A qualified certificate issued by a qualified trust service provider meeting the requirements of the abovementioned regulation;
2° A certificate issued by a certification authority, French or foreign, which meets the equivalent requirements in Annex I of the abovementioned regulation.”
In addition, under Annex II of the eIDAS Regulation,”Any person physical can request a qualified electronic signature certificate, issued by a qualified trust service provider. Likewise, any legal person can request an electronic stamp certificate in accordance with the eIDAS regulation, issued by a qualified trust service provider.”
When the qualified electronic signature is issued by a certification authority, its process is presumed to be reliable. The control of these certification authorities is carried out by theANSSI (National Agency for Information System Security) in France and by equivalent bodies in each European country. The ANSSI is involved in the application of the regulation in two ways: as a security guarantor in the context of “electronic identification” and as a control body in the context of “trust services”.
3. The legal effects of electronic signatures
THEArticle 25 of the eIDAS Regulation Just specify the legal effects of electronic signatures depending on its nature. It provides that:
- The simple electronic signature cannot be denied in court simply because it is not qualified;
- The qualified electronic signature has the same legal value as a handwritten signature ;
- In the event that this signature is the subject of a certification issued by a Member State, the qualified nature of this signature is compulsorily recognized by all countries of the European Union.
Axiocap has partnered with Signaturit to allow the trustworthiness ofthe advanced electronic signature.
Signaturit uses a system of biometric data processing, which allows a unique identification of the signatory, in particular thanks to specific and accurate data such as the speed and speed of the signatory's path and the pressure exerted on the device when signing. The The consent of the signatory is mandatory and essential For the biometric data processing.
In accordance with General Data Protection Regulation (GDPR), which came into force on May 25, 2018, Signaturit has implemented various safety measures to ensure the adequate treatment of personal data and respects therefore the recommendations of the Commission Nationale de l'Informatique et des Libertés (CNIL) on the processing of biometric data.
Les biometric data are particularly Important During a litigation. In fact, Signaturit Will be able decipher the signatory's biometric data so that they can be presented to the corresponding court in case of legal proceedings.
Did you not find answers to your questions?
