Company-wide digitalisation and document dematerialisation solutions have triggered the development of the electronic signature in France. It’s a phenomenon that has become so commonplace that even public organisations now authorise citizens to electronically sign administrative documentation.
How do you ensure the legal value of your electronic signature software?
Barring a few exceptions, all documentation can be electronically signed. That said, this development is still hampered by widescale unawareness across the board of the legalities involved in the electronic signature.
Contrary to popular thought, an electronic signature is not merely an image of your signature inserted on a digital document. This does not guarantee legal value. To avoid inconvenience, your electronic signature must have irrefutable legal value in any court of law. Practically speaking, this means being part of a specific legal framework and using a certified and trusted third-party software solution.
Let’s discover together how to use your electronic signature correctly!
A clearly defined regulation in force in France and Europe
From a legal standpoint, there is nothing new about the electronic signature. In fact, the electronic signature was first given legal value in 2000 with Article 1316-4 of the French Civil Code (“code civil”) (Article 1367 since 2016). An electronic signature is qualified according to specific conditions under French law. An electronic signature must clearly identify the signatory, and their unique link with the act to which it is attached.
In 2016, the eIDAS (Electronic IDentification And Trust Services) European Regulation strengthened the legal security of the electronic signature by providing a clear and consistent legal framework for the 28 European Union (EU) Member States. Under this EU regulation, Article 25.1 sets out the principle of non-discrimination. Put simply, it specifies that electronic signatures have a definite legal effect and are admissible in legal proceedings.
In technical terms, the regulation defines three types of electronic signature: namely, simple, advanced and qualified. Such signatures may be used in EU Member States and provide for additional regulations defining how they are used. The security, reliability and conditions of use of signatures differs from one category to another.
Introducing three levels of electronic signature: simple, advanced, and qualified
In technical terms, the eIDAS European Regulation defines three types of electronic signature which may be used in EU Member States and provide for additional regulations governing their use. The security, reliability and conditions of use of signatures differs from one category to another.
The “simple” electronic signature
Paradoxically, this is the least reliable but most commonly used signature method, recognised for its speed of execution and ease of use. A simple electronic signature does not require a signatory ID verification process. This type of signature is best suited for low-risk legal documentation such as website general terms and conditions and inventories. However, it’s important to remember that these signatures are not authorised under corporate law (French law).
The “advanced” electronic signature
More secure than the previous method, an advanced signature must fulfil several criteria such as the use of techniques for verifying signatory ID, certificates for collecting data via signatory ID, an evidence file intended to prove various security features of electronic signature creation as well as traceability of the signed document. An advanced electronic signature is best suited for use in commercial, legal and administrative documentation with low litigation risk.
The “qualified” electronic signature
A qualified electronic signature which provides the highest level of security, requires signatory visual ID verification, document security using encryption, and an additional qualified certificate issued by a service provider approved by the French Network and Information Security Agency (ANSSI). This is the perfect electronic signature solution for regulated transactions.
Top tips for selecting your trusted service provider
To operate within a specific legal framework that is suited to your organisation, we recommend drawing on the expertise of a certified and qualified electronic signature service provider.
Decision-makers should be notified that a list of fully-qualified and legally compliant service providers exists in France. This list, which is updated by ANSSI, is also communicated to the European Commission. It is highly recommended to work with a service provider who is both eIDAS-compliant and ANSSI-certified.
In addition to ANSSI qualification, the selection of an electronic signature solution must be done according to several priority criteria. Clearly, a key criterion involves the extent to which a solution complies with foreign legislation if your company operates or seeks to operate internationally. The next most important decision-making criteria concern the solution’s ease of use by teams, its potential for customisation and its flexibility.
Another point to consider is the solution’s integration into your applications. Solutions providing seamless integration into your company tools (SAP, Microsoft, etc.) require less effort, which in turn fosters adoption.
Lastly, the service provider’s ability to identify your signature needs based on the required level of complexity is a determining factor. Whether it’s simple, advanced or qualified, Oodrive recommends a solution that easily adapts your signatures to the legal risks involved.
At the national and European level, the legislator has provided a clear definition and precise framework for the electronic signature. Its purpose: gaining the same legal value recognition as that of a traditional signature. Against a backdrop of fast-developing electronic signature solutions, organisations must make decisions based on criteria that are not only legal, but also technical and structural. In this respect, priority should be given to their business activities, not forgetting their exposure to legal risks and signature needs.