Articles 1366 and 1367 of the Civil Code provide that the electronic signature has the same legal value as the handwritten signature. It is therefore admissible as evidence in court.
The eIDAS regulation, governs the electronic signature in the European Union.
The regulation has become applicable:
The eIDAS regulation defines four levels of security for electronic signatures.
The first two levels are :
The simple electronic signature does not require any particular security or identification of the signatory, making it the lowest level of security.
It is very often used because it allows to sign a document in a simple and fast way. It is admissible in court, but it will be impossible to prove the identity of the signatory in case of litigation.
The advanced signature has a higher degree of security than the simple electronic signature because of the verification of the identity of the signatory. It must meet the following requirements:
Where additional levels of signature validity are required, some vendors offer two additional levels of electronic signatures that comply with eIDAS requirements. Indeed, the regulation defines two types of signatures based on certificates, for which an authentication of the identity prior to its issuance is mandatory and which therefore constitute two levels with higher security than a simple electronic signature or an advanced electronic signature.
These two levels are :
Defined in Articles 26 and 28 of the eIDAS Regulation, the advanced electronic signature based on a qualified certificate requires a higher level of security, identity verification and authentication to establish a link with the signatory.
It therefore has the same properties as an advanced electronic signature defined by article 26 of the eIDAS regulation but must also be based on a qualified certificate, issued by a qualified trust service provider meeting the requirements set out in Annex I of the same regulation.
A qualified signature is the most secure type of digital signature. It must meet these two requirements:
This device is subject to a certification decision by a national authority. The legal effect of a qualified electronic signature is equivalent to that of a handwritten signature.
In order to obtain a qualified electronic signature certificate, the signatory must contact an Electronic Certification Service Provider (Certification Authority) or a Registration Authority approved by the latter, so that his identity can be verified. Thus, Article 2 of theOrder of March 22, 2019 on the electronic signature of public order contracts states that:
"The qualified electronic signature certificate falls into at least one of the following categories:
1° A qualified certificate issued by a qualified trust service provider meeting the requirements of the above-mentioned regulation;
2° A certificate issued by a French or foreign certification authority that meets the equivalent requirements of Annex I of the above regulation."
In addition, under Annex II of the eIDAS Regulation, "any naturalperson may request a qualified electronic signature certificate issued by a qualified trust service provider. Similarly, any legal person may request an eIDAS-compliant electronic seal certificate issued by a qualified trust service provider."
When the qualified electronic signature is issued by a certification authority, its process is presumed reliable. The control of these certification authorities is carried out by theANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) in France and by equivalent bodies in each European country. The ANSSI intervenes in two ways in the application of the regulation: as a security guarantor in the context of "electronic identification" and as a control body in the context of "trust services".
Article 25 of the eIDAS regulation specifies the legal effects of the electronic signature according to its nature. It provides that :
Axiocap has teamed up with Signaturit to make advanced electronic signatures reliable.
Signaturit uses a biometric data processing system, which allows a unique identification of the signatory, in particular thanks to specific and precise data such as the acceleration and speed of the signatory's trace and the pressure exerted on the device when he signs. The consent of the signer is mandatory and indispensable for the processing of biometric data.
In accordance with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, Signaturit has implemented various security measures to ensure the proper processing of personal data and therefore complies with the recommendations of the French National Commission on Information Technology and Civil Liberties (CNIL) on the processing of biometric data .
Biometric data is particularly important during litigation. Signaturit can decrypt the signatory's biometric data so that it can be presented to the relevant court in the event of legal proceedings.