With the rise of digitalization in the legal sector, legitimized by the entry into force of the European eIDAS regulation in 2016 and accelerated by the 2020 pandemic, the electronic signature has become an everyday routine for legal professionals. This practice has won over many players, from business law firms to corporate legal departments, including their own clients, due to the great reliability and flexibility it brings in signing contracts or completing deals. For many lawyers and legal professionals, the electronic signature is the gateway to change management and a deeper transformation of their practice.
The use of electronic signatures has become quite common, but professionals must be familiar with its technical and legal implications. Unfortunately, the massive use of this technology has also led to cases of fraud and identity theft. It is therefore essential to understand the specificities of each level of electronic signature in order to make the best choice according to the situation and the type of file handled.
If you are part of a firm carrying out high-stakes operations, a large international group or a public administration, it is very likely that you have already heard of the qualified electronic signature. Less known and less in demand than the other levels of electronic signature (simple and advanced), its great probative force makes it useful for certain particularly sensitive contracts. It is therefore important to choose an electronic signature solution offering all the existing levels in order to find the best compromise between simplicity and security for each use case.
If you are not completely familiar with this term, follow the guide! Let’s take a look at the definition, the legal implications and the use cases of the qualified electronic signature.
What is a qualified signature?
There are 3 levels of electronic signatures according to the eIDAS regulation, a European regulatory framework that came into force in 2016 to increase trust in dematerialized transactions between European Union (EU) Member states.
The difference between the different levels does not lie in their legal value, which is identical for all three, but in the degree of authentication of the signatories, and therefore in the probative value of the signatures:
- The simple electronic signature offers a low level of legal security. Its authentication system without identity verification or connection to a third-party platform makes it a quick way to sign documents of lesser importance, with no substantial risk of litigation or requiring any particular legal obligation as to the level of electronic signature required;
- The advanced electronic signature offers a high level of legal security. Its multi-step signatory authentication system (password, ID verification, then validation code by text message) is more suitable for important documents. It is the ideal combination of convenience and legal security;
- and finally, the qualified electronic signature, which offers a very high level of legal security and is suitable for signing contracts in a European context or in case of a significant litigation risk. However, its implementation is cumbersome and time-consuming for the signatories.
The qualified electronic signature (QES) offers the most advanced degree of authentication of the signatories and the most complete evidence file. According to the eIDAS regulation, “regarding qualified electronic signatures, they have the equivalent legal effect of handwritten signatures across all EU Members“. This does not mean that the other levels of signature are not equivalent to a handwritten signature, but that the qualified signature’s reliability is presumed. As for the other levels of signature, it all depends on the level of authentication of the signatories.
The qualified electronic signature must meet the requirements of the eIDAS regulation:
- the document must be signed using a secure signature generation device that is certified and approved for being used to generate QES;
- it must be based on a qualified certificate issued after face-to-face (physical or video) verification of the identity of the signatory by a competent and independent third party;
- The signing key must have been created by a qualified signing device and be provided by a qualified trust service provider.
In short, this could be described as an advanced electronic signature, with additional technical requirements, and therefore with an even more complete evidence file to prove the identity of the signatory. This type of signature is linked to the signatory and allows his identification unequivocally. Like the other signature levels, it also allows the detection of any modification of the document after its signature date. This protects the content against any risk of forgery.
The validity of the qualified signature is recognized in all EU Member states, and outside the EU according to the specificities of local law.
The creation of a qualified electronic signature is based on the combination of software and a hardware element, in order to create the electronic signature, to guarantee its security, as well as the integrity and confidentiality of the data related to its creation.
The qualified electronic signature is provided with a qualified certificate, i.e. an attestation allowing to validate the identity of the signatory and to meet the requirements guaranteeing the validity of the signature.
This certificate is issued after a face-to-face verification process with a qualified agent or through a certified remote identity verification service. The certificate must be issued by a Qualified Trust Service Provider (TSP), supervised and confirmed as European Trusted Provider (Qualified Electronic Signature Providers) via the EU Trusted List.
The qualified certificate often takes the form of an authentication key or a certified smart card, or ultra-secure certified cryptographic equipment installed in the qualified provider’s environment.
The qualified electronic signature has the same legal value and enforceability as the traditional handwritten signature in a court of law. It is therefore presumed to be valid and reliable in the event of a dispute, leading to a reversal of the burden of proof, in all the Member states of the European Union.
It cannot be refused on the grounds that it is an electronic signature, and its probative value is superior to that of the simple and advanced signature.
Benefits and drawbacks of the qualified signature
The main advantage of the signature lies in the quality of its proof and its unquestionable legal validity in the EU member states.
In this case, why opt for another type of signature than the qualified signature if it prevails technically and legally over any other?
Its main disadvantage is that the ID check of the signatory is rather cumbersome. However, although the identity verification process is longer (on average 5 to 10 minutes), it is guided step by step by an agent. Moreover, the validity period of the certificate can vary up to 3 years, which greatly simplifies the process for the next qualified signatures.
Another notable disadvantage is its cost, which is on average higher than that of the simple and advanced signature. Its use is therefore reserved for very specific cases.
Widely favored by large market players, especially in the international corporate world, the qualified signature is a necessity for the realization of certain transactions tolerating very little legal uncertainty.
Examples of contracts requiring a qualified signature are, as listed by the ENISA (European Union Agency for Network and Information security):
- Signing a document/message to confirm origin (in organizations or governments)
- Signing of a document/ declaration (To relative or an accountant a mandate for a limited period of time, submitting declarations to government (which needs to be signed by mandated person, etc.)
- Signing of a (commercial) proposal (companies using signing of proposals/offers towards their clients, companies participating in the eProcurement-process of government and being more and more obliged to submit their offer electronically, etc.)
- Signing of an official document /attestation ( e-permits, attestation of residence, VAT-attestations, custom document, etc.)
- Signing of a legal consent / eMandate (general terms and conditions when becoming a client of a bank, giving an accountant a mandate to act on one’s behalf and to do financial transfers on one’s behalf, etc.)
- Signing of a contract (A person signing a rental or buying agreement, a company subscribing to an insurance contract, signing off for a government project-start, etc.)
How the electronic signature works at Closd
With the integration of the qualified signature, Closd is now able to support its customers in every deal by offering all types of electronic signatures.
Closd allows project managers to opt for the qualified signature when setting up their signing session, available through its partner DocuSign.
The signatories will be led via a link by email to log in on the Closd platform. After signing the document on the DocuSign platform according to the usual process, the signatory will then be redirected to an identity verification process in several steps by videoconference, provided by our partner IDnow, a certified PVID (Remote Identity Verification Provider).
The next step is performed by a human agent who will remotely verify the identity of the signatory in several steps:
- Video capture of the document data and the user’s face
- Automated and manual verification of data
- Creation of an evidence file and transmission of the decision
This process, which complies with the GDPR, takes an average of just under ten minutes.
Once this procedure is completed, the user is asked to perform a final authentication by text message, then is redirected to the platform. The documents will be made available on the Closd platform according to the sharing criteria defined at the time of setting up the signing session by the Project Manager.
This procedure, guided step by step by an operator, is valid for two years. For each new qualified signature, the user who has already done this procedure will be able to simply login on the IDnow platform.
By offering all types of electronic signatures, Closd adapts to any legal practice, regardless of your needs or the size of your organization. Do not hesitate to contact our team to learn more about the qualified signature.