Schedule a demo
Log in
Log in

Tag: electronic signature

Categories
Blog articles Blog articles

Storage vs. archiving with probative value: what are the differences? 

archivage valeur probante coffre fort electronique

Since 2014, the eIDAS regulation has standardized and established a framework to ensure that electronic interactions between businesses in the European Union are safer, faster, and more efficient. This move towards digitization on a global scale, and more specifically in the legal sector, has led an increasing number of companies to accumulate sensitive digital documents: confidential internal documents, commercial contracts, shareholders agreements, etc.

These documents are subject to the same legal storage obligations as paper originals for the same length of time, to which sector-specific obligations are sometimes added. Moreover, these originals are subject to additional obligations linked to their digital format, which gives them the same probative value as the paper originals, under the condition that they are stored so that their integrity is preserved. The issue of legal security is therefore critical.

However, many legal professionals need to be made aware of the obligations and implications related to the conservation of sensitive documents. Between backup, storage, and archiving, here is an overview of existing solutions.

Difference between storage, backup and archiving

While the terms are often used interchangeably to refer to conservation, the technical and legal reality behind each is quite distinct.

Backup consists of making one or more identical copies of a file in a system, with the aim of being able to recover it in the event of loss or deterioration. This technique has no particular probative value and in no way guarantees the integrity of the file over time (i.e. its absence of modification or damage).

Storage is the collection and preservation of digital information in a way that facilitates its accessibility, and more specifically the sharing of files and documents for collaborative work. The term commonly refers to both the technology and the medium used. Indeed, information can be stored on several media: a computer, a USB key, a document cabinet, a Drive, a DMS, or even a Closd project. Whatever the medium, the documents are classified according to certain predefined criteria and benefit from more or less advanced security features. However, these systems do not meet legal storage requirements, since the content can easily be deleted or altered by different authorized users. Also, there is no guarantee of long-term integrity, especially in the event of breakdowns, changes of servers, disks, hacking, etc. You also have to take into account the risk linked to the habits of IT teams who sometimes think, wrongly, that an original paper document is always available in case of loss.

Finally, archiving meets legal and regulatory requirements. Particularly adapted to long-term conservation, the objective of archiving documents in an electronic safe is to preserve original documents electronically signed with reliable technology. The purpose is to be able to find them, for example in the event of litigation several years later, while guaranteeing their authenticity and integrity. Just like a physical archive room, the electronic archive or Electronic Archiving Solutions & System (EAS) must meet drastic security requirements in order to guarantee the integrity, confidentiality, availability, durability, and reversibility of the documents stored.


Schedule a demo

Archiving system: legal validity and functioning

3 criteria guarantee that an electronic document has the same value as a paper document:

  • the use of a reliable process (the European eIDAS regulation addresses this issue by listing all certified Trusted Service Providers for electronic signatures)
  • the ability to duly identify the signatories (strong authentication during the electronic signature: password, identity verification, SMS, etc.)
  • the conservation in such conditions as to guarantee the integrity of the document. This involves the possibility of demonstrating that the document has not been altered, is still complete, and that the medium carrying the information guarantees its stability and the desired durability.

More than just a need, archiving sensitive documents in an electronic safe is therefore a real legal obligation for law professionals. Their primary mission is to ensure the legal security of their clients. It is therefore the indispensable counterpart to any electronic signature technology.

Electronic archiving is based on 5 major principles:

  1. data integrity
  2. confidentiality
  3. availability
  4. durability
  5. reversibility

In the event of a dispute, a complete file of evidence regarding both the signature and its preservation will be required to prove that the file has not been altered. It will also be used to detail the process implemented to guarantee and maintain the integrity of the document during the preservation phase. It is therefore possible to ask the archiving service provider to extract one or more archives from the electronic safe in the original digital format, which will be transferred using an external medium.

For each archived document, service providers store several pieces of information about the document, such as:

  • The document and its name,
  • Standard metadata (data that can be used to describe the process that led to the creation of the information),
  • Custom metadata,
  • Fingerprints of the document and metadata,
  • Archival timestamp,
  • Archive lifecycle log and event log.

It is therefore essential for legal professionals to eliminate all risks of loss, alteration, or destruction during the long-term storage of files.

In case of litigation, it is also possible to request the definitive restitution of all documents entrusted to the service providers. This process is called reversibility and involves the total destruction of the archives concerned in the electronic safe and the emission of a certificate of destruction.


Schedule a demo

Which archiving solution for law professionals?

As a global player in the management of legal transactions, Closd integrates the technology of the French leader in electronic archiving, Arkhineo, into its SaaS solution. This allows customers to archive their documents and contracts signed electronically (via DocuSign and Certeurope technologies, certified as Trusted Service Providers) and to consult their archives directly from the platform on a dedicated, simple and intuitive interface

While Closd meets the first of the two conditions of admissibility of an electronic document as evidence, its partnership with Arkhineo allows to meet the third condition. The electronic safe guarantees the probative value and therefore the integrity of the signed digital documents for the duration of the legal obligations.

In the event of legal or administrative dispute, Closd also provides the proof of signature certificate, as well as the proof of archiving to justify the integrity of the document since its signature.

More than 250 customers from law firms, legal departments, accounting firms, investment banks, or investment funds trust Closd and Arkhineo for their dematerialized processes. Legal security is a key element for the sustainability of companies and their growth. Thanks to the Arkhineo archiving system via Closd, companies can secure their assets and those of their customers in an ultra-secure electronic safe, which creates new growth drivers and increases development opportunities.

Categories
Blog articles

Technical reliability and legal security of the electronic signature

If you’d like to put an end to never-ending signing sessions, late-night preparations and misplaced originals, you definitely should learn about electronic signature. 

Many industries have already adopted electronic signing (insurances, banks, notaries, among others); moreover, recent legal precedents have definitely been leaning toward a pragmatic yet supportive position regarding electronic signature over the past few years.

When it comes to electronic signatures, technology and law are closely intertwined: the better the technology used, the greater its probative value and its legal security. Thanks to the recent considerable technological and regulatory evolutions, it is nowadays highly unlikely that a reliable electronic signature can be legally challenged.

It is therefore by evaluating the robustness of an electronic signature technology that we can ensure its probative value; let us clear this topic up for you.

Brief reminder of the legal framework

The European eIDAS Regulation of July 23, 2014 introduced a standardized and robust technical-legal framework for “trust services” (such as electronic signatures). Applicable throughout the European Union since July 1, 2016, it defines three types of electronic signatures (Simple, Advanced or Qualified, depending on the reliability of the authentication process) and includes many new mandatory technical standards for each type of signature (published by the European Telecommunications Standards Institute (ETSI)).

Compliance with the regulatory and technical standards applicable to each type of signature is ensured by the certification issued by a national control authority to each service provider before it begins to operate. Once certified, the company becomes a “Trust Service Provider” (TSP). Regular audits are carried out thereafter.


Schedule a demo

The different types of electronic signatures

Legally, there is no difference in validity between “Simple”, “Advanced” and “Qualified” signatures. Their admissibility in court cannot be challenged in any European Union country. “Qualified” signature simply benefits from an increased presumption of reliability.

By default, a “Simple” signature does not meet the requirements of the “Advanced” or “Qualified” categories. The verification of the identity of the signatory is usually done by sending a One-Time Password (OTP) to the signatory’s cell phone after he or she clicks on a link received by email.

The signatory is the only one to have access to the code unless his/her mailbox AND cell phone have been compromised.

The “Advanced” signature must meet the following regulatory criteria:

  1. uniquely linked to the signatory;
  2. enable the signatory to be identified;
  3. created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her sole control; and
  4. linked to the data associated with that signature in a way that any subsequent change of the data is detectable.

In practice, these requirements are met by combining the sending of an OTP code on a mobile device, with another factor that establishes the signatory’s identity with certainty, such as automated ID verification.

In addition to the hacking of the mailbox and the theft of the cell phone, the forgery of an “Advanced” signature would require that the forger has at least a copy of the signatory’s ID.

The “Qualified” signature corresponds legally to an “Advanced” signature with reinforced technical requirements and requires a face-to-face verification of the identity of the signatory (by physical meeting or video conference). The advantages of the electronic signature (mobility, speed) are largely diminished by this process, which explains why the “Qualified” signature is not used much today (most providers do not even offer it).

Legal transaction management platform Closd integrates Simple and Advanced electronic signatures provided by DocuSign and CertEurope, both Qualified Trust Services Providers compliant with the eIDAS regulatory requirements.


Schedule a demo

Advanced electronic signature on legal transaction management platform Closd requires a triple authentication of the signatories:

  • Password-protected personal workspace;
  • Automated ID verification;
  • OTP code sent by text message.

An audit trail is also generated and archived for each identity verification and electronic signature.

These procedures meet legal and jurisprudential requirements and ensure the validity and probative value of signatures made on Closd.

The technology behind the signature

An electronic signature has no graphic representation. The image usually affixed to the document has only a symbolic value. Its validity and probative value lie in the digital data integrated into the document, which guarantees both its integrity and the authentication of the signatory:

  • An “encryption certificate” issued by a trusted authority that proves that the identity of the signatory has been previously and duly verified;
  • A “fingerprint” of the document (materialized by a unique character string) to ensure that it has not been modified since the signature (the slightest difference in the document would modify the generated fingerprint).
  1. The signatory proves his/her identity
  2. The provider emits a certificate proving the signatory’s identity
  3. A unique fingerprint is calculated for the document
  4. A signature server combines these elements to generate an electronic signature.

Once it is signed, the document is scanned by a PDF reader (such as Adobe Acrobat Reader) that determines whether the electronic signature is valid. When the document is opened, the PDF reader detects and verifies the digital signature data. Also:

  • It recalculates the “fingerprint” of the received document and ensures that it corresponds to the fingerprint of the document calculated at the time of its signature;
  • It inspects the “encryption certificate” to ensure that it is valid and that the identity of the signatory is certain.

If one of these two elements is missing or modified, a message automatically warns the user that the signature is not valid.


Schedule a demo

Why you can trust current technologies

The European eIDAS regulation has considerably simplified the situation: the certification of an electronic signature provider ensures that it complies with a set of regulatory and technical standards that guarantee the reliability of the process. The European Union’s updated “trust list” is available online.

The reliability of an electronic signature can therefore be easily proven by :

  • The certification of the service provider by a national agency for the security of information systems;
  • The evidence is constituted by the various authentication techniques of the signatory described above.

As far as the verification of an electronic signature by the PDF reader is concerned, it is based on a “chain of trust” principle. The encryption certificate is validated by the Certification Authority (CA) that issued it (the electronic signature provider), itself validated by an Authority with a higher level of trust, and so on, until it reaches a Root Certification Authority (Root CA), the final link in the chain (usually private companies acting as trusted third parties for a multitude of uses). The PDF reader is able to check the reliability of each level: if one of the links in the chain is missing, it will not validate the electronic signature.

In spite of all these factors, habits are difficult to change since the barriers to these technologies are essentially psychological. The idea that one can indubitably authenticate a remote signatory still has a long way to go. However, a reliable electronic signature is more complicated to forge than a handwritten signature. Moreover, it is the only reliable means of transmitting originals electronically: legal precedents in most countries frequently point out that a scanned original can neither authenticate the signature nor express consent.

How to switch from physical closing to e-closing

Anyone who works or has worked in a corporate law firm, an investment fund, or an investment bank knows what a “closing” involves: piles of documents to sign, carefully prepared by exhausted lawyers, a large amount of money transferred from one bank account to another, and once it is all done, a glass of champagne to celebrate the deal.

Although it represents the achievement of several months (or even years) of work, organizing a closing is often difficult to prepare for counsels and quite unpleasant to attend for the parties involved.

The reason is that practices are no longer in line with the needs and expectations of companies. The time has come to switch them to digital closing, or e-closing.

Closing: meaning and definition 

The closing is the final meeting of the parties involved in a legal transaction, where the agreements negotiated by the parties over many months are implemented and made effective. For example:

  • In the case of a business acquisition, the shares of the company are transferred from the seller to the buyer and the amount corresponding to the sale price is transferred in the opposite direction by bank transfer;
  • In the case of bank financing, the amount of the credit is transferred to the borrower, and the guarantees offered in exchange by the latter are put in place;
  • Finally, in the case of a fund raising, the capital increase of the company is legally completed and the agreement between the existing shareholders and the incoming investor comes into force.

A ritualized process

All parties are invited to the meeting, usually at one of the parties’ attorneys’ offices. Once the documents are signed, the money is transferred and the champagne flutes are empty, each party leaves with their original hard copies, so that the lawyers can scan the documents for their records and complete the “post-closing” formalities with the clerk of the relevant commercial court and/or the tax authorities.

Lawyers are in charge of organizing the closing. There are generally as many lawyers as there are parties, which can give rise to a challenging communication. The organization requires particular attention to detail and rigor, days or even weeks of preparation, very good coordination, complex logistics and, as an option, some sleepless nights. Obviously, the higher the stakes and the amounts involved, the more difficult and time-consuming the closing will be to prepare.

These purely “process” tasks are particularly time-consuming for counsel and are billed by the lawyers to their clients. Of course, given the stakes involved in the transactions, clients have very high expectations and want the closing to go smoothly, without worrying about the behind the scenes.

The constraints of traditional physical closing

In addition to the difficulties mentioned above, which are linked to the lack of an efficient collaborative tool, a physical closing process requires above all that the parties and their counsels are all available at the same time and in the same place. In the age of internationalized and instantaneous exchanges, where transactions often involve parties from all over the world, physical closing seems quite outdated.

Preparing a closing also requires considerable amounts of paper and ink as well as extensive reprographic work. The most sensitive and voluminous documents are bound in such a way that no page can be changed afterwards. However, closing documents are often renegotiated, modified and exchanged up to the last minute, involving urgent reprinting and, if necessary, binding work that could easily be avoided.

Finally, the lawyer often cannot bill his client for all the work involved in organizing the closing for commercial reasons, since these tasks have very little added value. His margin is then considerably reduced.

Simplify and secure transactions using E-closing

While digital transformation is currently affecting all sectors, law professionals are still struggling with it. Not even to mention the frustration of junior lawyers and trainees, who are often entrusted with the unpleasant tasks, including closing management.

However, the above arguments are leaning toward a change in practices, in conjunction with the technological and regulatory developments that now make this possible.

Adopting electronic signature for seamless closings

The electronic signature in particular has now reached a level of legal and technological security that is sufficient to widespread its use, even for sensitive transactions. 

The European Union’s eIDAS regulation (which harmonized electronic signature regulations throughout the European Union) that came into force in 2016 is accompanied by numerous new technical standards (published by the European Telecommunications Standards Institute (ETSI)) that ensure a very high level of technical security for electronic signature solutions. Electronic signature providers must receive certification from a national control authority that attests to compliance with regulatory and technical standards.

In addition, all the major economic powers also recognize the electronic signature as a perfectly valid and probative method.

A legal project management tool such as Closd, which considerably simplifies the closing process, is therefore the ideal solution for companies and their advisors.

Mixing traditionnal and e-closing for improved client experience

Despite its drawbacks, physical closing remains critical to the relationship between corporate counsels and their clients. This is when deals get done, and lawyers can showcase their work (and charisma) in order to secure future opportunities to work together again.

Understandably, lawyers don’t want to give that up. However, thanks to Closd, it is possible to physically gather those who can to sign the documents on a tablet, for example, while those who cannot attend are signing remotely. The closing is organized more quickly, while maintaining the relationship between the lawyer and his client. The latter should appreciate the efficiency of the process.

Moreover, the use of a digital solution can be very profitable for those who use it: in addition to savings (paper, ink, reprography service, etc.), productivity gains (faster processes, more transactions, reallocation of resources) and legal security (no more scanned signatures with no legal value), such a tool considerably improves the image and reputation of those who use it (digital transformation, innovation, eco-responsibility) and gives them a significant competitive advantage.

Schedule a demo

Blog

Join us

Legal notice

Privacy policy

+33 1 88 32 12 69
contact@closd.com

Already client ?
Contact us at support@closd.com

LINKEDIN
 TWITTER