Hello everyone and welcome to ZD Tech, ZDNet’s daily editorial podcast. My name is Clarisse Treilles and today I explain to you why electronic signatures do not all have the same legal value.
Companies and administrations that dematerialize their services quite naturally have more and more recourse to electronic signatures, instead of the good old pens. There is not one, but several techniques for approving the authenticity of a document, and at the same time the identity of the signatories, according to the regulatory constraints and the risks of litigation identified.
There are basically three levels of security, which professionals can refer to depending on the nature of the transactions and contracts they have in their hands.
The regulation on electronic identification and trust services for electronic transactions – also known as the “eIDAS” regulation – constitutes the legal basis defining these levels of security in the European market.
Auditing is not automatic
Without further ado, let’s take stock. At the bottom of the scale, we find the so-called “simple” signature. It is the most common. It can be for example a signature made on a tablet, with a stylus, the one found during an inventory of fixtures of entry and exit of a dwelling, or an estimate.
Who says simplicity also says lower level of security. In this case, the identity of the signatory can hardly be guaranteed.
A step above, we find the so-called “advanced” electronic signature. Its compliance is also not subject to an audit by a competent and independent third party, so all the guarantees provided by the service provider are again generally declarative. However, advanced signatures should in principle make it possible to identify the signatory. This may be, for example, a signature with confirmation by code received by SMS on a registered telephone number and linked to the identity of the signatory, or a signature with verification of the identity of the signatory by sending a copy of identity document.
Upstream risk analysis
Finally, the third and last category is the so-called “qualified” electronic signature. It is based on a qualified certificate to prove the identity of the signatory, and uses a device for creating qualified electronic signatures, to ensure the reliability of the information contained in the document to be signed.
This last level will be privileged during an authentic act such as court registries, in particular.
From a legal point of view, only the qualified electronic signature makes it possible to have a presumption of reliability inducing a reversal of the burden of proof. In other words, the qualified electronic signature is considered equivalent to a handwritten signature.
The National Information Systems Security Agency recommends carrying out a risk analysis to determine the appropriate level of electronic signature. This analysis takes into account several criteria such as the likelihood of the dispute, the seriousness of the dispute or the type of document.