The legal value of the electronic signature
The legal value of the electronic signature is recognised in particular by the eIDAS European regulation. It establishes a European framework with regard to electronic identification and trust services in order to offer companies and individuals the ability to legally sign their documents electronically. An electronic signature which complies with the standards imposed by the eIDAS regulation has the same evidentiary value as a handwritten signature.
As an eIDAS European regulation-qualified Trust Service Providers (TSP), Universign offers electronic signature, seal and timestamping services which guarantee the identification of the signatory and the integrity of the document. So, what is the applicable legal framework, and what is the legal value of the electronic signature?
Is the legal value of an electronic signature recognised in France ?
To demonstrate the legal value of an electronic signature, the signatory must be identified in a reliable way, and the integrity of the signed document must be guaranteed.
In France, the legal value of the electronic signature is established by Article 1367 of the Civil Code, giving it the same level of effectiveness as handwritten signatures:
Article 1367 of the Civil Code: “the signature necessary for the perfection of a legal act identifies its author. It demonstrates their agreement with the obligations which arise from this act. When this is carried out electronically, it consists in the use of a reliable identification procedure which guarantees its association with the act to which it is attached. The reliability of this procedure is assumed, except in the case of evidence to contrary, when the electronic signature has been created, the identity of the signatory has been assured and the integrity of the act guaranteed under the conditions established by decree in the Council of State.”
The electronic signature issued by a TSP such as Universign complies with these conditions and produces legal effects which render it admissible before a court of law, in the same way as a handwritten signature with enhanced legal value.
How does the eIDAS European regulation guarantee a person’s identification ?
The eIDAS European regulation No 910/2014 of 23 July 2014 aims to increase trust in electronic transactions within the internal market. It establishes a common basis for secure electronic interactions between citizens, companies and public bodies.
It primarily concerns public sector bodies and Trust Service Providers, like Universign, established within the European Union. In France, the National Agency for Computer Security (known as ANSSI) is the national body responsible for the implementation of this regulation.
The eIDAS regulation provides for three levels of signature: simple, advanced and qualified. However, the electronic signature is not just a technical matter. This is indeed a legal operation, but one which need not detract from the user experience. It’s for this reason that a fourth level has developed within the market: advanced with qualified certificate.
- The “simple” level is issued without any personal certification in the signatory’s name. Nevertheless, it can be produced as evidence in court. At Universign, thanks to the addition of an authentication step via an SMS code received by signatories and required in order to sign the document, the simple signature process is reinforced and acquires greater legal value in terms of the identification of signatories.
- The “advanced” level is based on more reliable means of identification. It requires the creation of a certificate issued in the signatory’s name, whose proof of identity has been checked by the Trust Service Provider.
- For the “advanced with qualified certificate” level, the certificate issued requires the signatory to transmit their identity document and meet face-to-face with an Appointed Registration Operator who will physically check the signatory’s identity.
As an eIDAS European regulation-qualified TSP, Universign offers simple, advanced and advanced with qualified certificate signature services, which include an identification procedure which can be assumed to be reliable and which guarantees the integrity of an electronic transaction. As such, they constitute legal evidence in the event of any dispute.
Finally, the qualified signature is established via a qualified certificate and a qualified signature-creation process, and benefits from an assumption of reliability. As a result, the electronic signature procedure is assumed to be reliable, thereby reversing the burden of proof. As such, anyone attempting to question a qualified signature procedure will have to prove its flaws in order to have this disqualified.
How does this technology guarantee the integrity of a document ?
In general, integrity is defined as the status of something which has retained its original condition, without alteration, and which has therefore not been modified. Electronic signatures require a guarantee of the integrity of documents; if this condition is not fulfilled, this may disqualify the signature in the event of any legal dispute.
When electronically signing a contract or invoice, the TSP uses a hash function to transform the text into a sequence of numbers and letters specific to this file: this is its hash value. Each document has its own specific hash value.
This final point is important, as it allows for the integrity of the document to be ensured. It is therefore one of the conditions which must be respected in order to grant legal value to electronic signatures. As such, if the file were to be fraudulently modified, its hash value would also be modified. Therefore, a simple comparison between the document’s hash value at the time of signature and at the time of verification will allow for its integrity to be confirmed.
What is the significance of qualified timestamping ?
In short, qualified timestamping guarantees the existence of a file at a given date, and that it has not been modified since that date (principle of integrity). Consequently, a document sealed with a qualified timestamp, as understood by European regulations, benefits from assumed accuracy with regard to its date, time and integrity before all European courts.
The Universign electronic signature and seal services automatically include a timestamping service which is qualified in accordance with the eIDAS European regulation. This allows for it to be demonstrated that the document has not been modified, establishes its anteriority and enforceability, and guarantees the traceability of all actions carried out.
On the other hand, non-qualified timestamping – for example, carried out based on a computer clock – exposes the user to greater risk from a legal point of view. This does not allow for the date of the file’s creation to be irrefutably proven and cannot guarantee its anteriority or integrity before a judge.
The legal value of the Universign electronic signature
As an eIDAS European regulation-qualified TSP, Universign offers simple, advanced and advanced with qualified certificate signature services, which automatically include a qualified timestamping service.
Universign’s role as a TSP is to offer you security guarantees, including legal guarantees, in order to provide you with electronic signature services which grant your documents evidentiary value in accordance with European regulations.