In the ever-changing world of the legal industry, technological innovation stands out as a powerful ally, helping to redefine the way law professionals approach their daily tasks. While promising future topics such as artificial intelligence are making headlines in legal tech news, lawyers and legal professionals still have a long way to go before they can rightfully claim to be 100% paperless.
The digitalization of legal transactions holds many promises and can count on reliable, secure technologies to improve processes in the long term and eventually get rid of the heaps of documents and handwritten signatures. One of these innovations, the electronic signature, has proved to be a cornerstone of this digital transformation.
The electronic signature, which is legally as valid as a handwritten signature, transcends the physical boundaries of law firms and courts, bringing unprecedented efficiency, security and flexibility.
Among the various types of signatures available, the most popular with lawyers is the “advanced” or level 2 electronic signature. On the Closd legal project management platform, it accounts for 85% of all customer signatures. Its ease of use, high legal security and probative value make it a winning choice for a wide range of applications.
Find out more about its legal framework, how it works, and the various use cases in which you can use it ⬇
- What is an advanced electronic signature and legal framework
- How does advanced signing work?
- Electronic signature certificate
- Simple, advanced, qualified: which to choose?
- Use case
What is an advanced electronic signature?
At the international level, a crucial legal framework has taken shape, providing a solid foundation for the widespread adoption of electronic signatures. Notably, the eIDAS Regulation stands as a cornerstone in this domain, establishing standards and guidelines that harmonize the use of electronic signatures across European Union member states.
Recognizing the paramount importance of instilling trust in digital processes, these regulations acknowledge the value of advanced electronic signatures, equating their legal standing to that of traditional paper-based signatures.
Applicable throughout the European Union since July 1, 2016, the European eIDAS Regulation of July 23, 2014 provides a harmonized and robust technical and legal framework for all EU countries.
This regulation makes it easy to prove the reliability of electronic signature technology, and introduces several types of electronic signature (Simple, Advanced, Qualified). Each type of signature is accompanied by a number of new mandatory technical standards published by the European Telecommunications Standards Institute (ETSI).
Compliance with the regulatory and technical standards inherent to each level of electronic signature is ensured by the certification issued by a national supervisory authority to each service provider before it begins operations. Once certified, the company obtains the Trust Service Provider label, regularly confirmed by follow-up audits, and appears on a trust list published by the European Commission and the national authority of the country concerned.
The advanced electronic signature serves as a digital means to validate documents, contracts, or transactions with an emphasis on security, integrity, and non-repudiation. Its key features include:
- strong identification of signatories: to use an advanced electronic signature, signatories generally have to go through a rigorous three-step authentication process to prove their identity;
- document integrity: the advanced electronic signature guarantees that the signed document has not been altered after signing. Any alteration of the document would render the signature invalid;
- non-repudiation: once an advanced electronic signature has been affixed to a document, the signatory is generally unable to contest its validity or deny having signed the document. This reinforces confidence in the legal validity of the signature.
Advanced-level electronic signatures must meet the following regulatory criteria:
- be uniquely linked to the signatory;
- enable the signatory to be identified;
- have been created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her exclusive control; and
- be linked to the data associated with that signature in such a way that any subsequent modification of the data is detectable.
In practice, these requirements are met by combining the sending of an OTP code (One-time password) on a cell phone and the mailbox password with another factor that can be used to reliably identify the signatory, such as an automated ID check procedure.
It is important to remember that there is no difference in validity or legal value between the different levels of electronic signatures (Simple, Advanced and Qualified). The main difference lies in the qualified electronic signature, which is presumed to be valid and reliable in the event of a dispute, thus reversing the burden of proof.
In the case of the advanced electronic signature, the burden of proof would fall on the party claiming the reliability of the process used to sign the document. However, its admissibility in court cannot be contested within the EU, in accordance with the eiDAS regulation.
How does advanced signing work?
How advanced electronic signature works
This high level of security is achieved through a three-step signatory authentication process:
- connection to a personal area protected by a secure password ;
- automated ID verification;
- authentication using a one-time code (OTP) sent by SMS.
This authentication creates circumstantial evidence to ensure the identity of the signatory against usurpation.
In Closd, the advanced electronic signature process works as follows:
Electronic signature certificate
Once the document has been signed, the electronic signature service provider issues a signature certificate in the signatory’s name, which is incorporated into the signed document. This certificate is based on two asymmetrical encryption and decryption keys: a “private” key and a “public” key. These interdependent keys ensure the authentication of the signatory.
The signed document includes 3 elements:
- The original document;
- The fingerprint of the original document, which is encrypted with the “private” key.
- The signature certificate containing the “public” key.
The validity and probative force of the advanced electronic signature lies in the digital data embedded in the document, which guarantees both its integrity and the authentication of the signatory.
The document fingerprint ensures that the signed document has not been modified since it was signed, in which case the generated fingerprint would be modified.
Once the document has been signed, a PDF reader analyzes it to determine whether the electronic signature is valid, by recalculating the document’s fingerprint and inspecting the validity of the encryption certificate, thus proving the identity of the signatory. If one of these 2 elements is modified or missing, the PDF reader will warn the user that the electronic signature is invalid.
Information contained in the advanced certificate
An advanced electronic signature certificate contains crucial information for verifying the authenticity of the electronic signature, such as :
- information concerning the identity of the signatory;
- the signatory’s public key, used to verify the electronic signature and associated with a private key held by the signatory;
- a serial number, for unique identification;
- a validity period (start and expiry dates);
- name of the Certification Authority (CA) and information about the CA;
- Certificate policy and certification practice statement, which define the rules and procedures used to issue, manage and revoke certificates;
- revocation information in the event of loss, theft or other circumstances that render the electronic signature unreliable;
On the Closd platform, an authentication certificate is produced and archived for each ID check and electronic signature. This certificate groups together all the technical information relating to the identity verification carried out (image of the identity document provided, elements verified, validity of the MRZ code) or the electronic signature produced (envelope number, email address of the signatory, IP address, time stamp, technology used, etc.).
Simple, advanced, qualified: which to choose?
Advanced signature vs. simple electronic signature
L’intérêt d’avoir recours à la signature avancée plutôt qu’à la signature simple se trouve dans la charge de la preuve. D’un point de vue probatoire, l’ensemble de ces éléments va constituer un faisceau d’indices, qui s’ajoute à la certification délivrée par l’ANSSI. La contestation d’une signature électronique avancée nécessiterait de prouver, en plus du piratage de la boîte mail, le vol du mobile et le vol ou la falsification de la pièce d’identité du signataire. Le choix de cette signature se base sur l’alliance entre l’aversion au risque, avec l’assurance de délivrer le niveau de certitude juridique le plus élevé en cas de contestation, et la praticité qui est déterminée en fonction des cas d’usages.
The advantage of using an advanced signature rather than a simple signature lies in the burden of proof. From an evidential point of view, all these elements will constitute a body of evidence, in addition to the certification issued by a national authority. In order to contest an advanced electronic signature, it would be necessary to prove, in addition to the hacking of the mailbox, the theft of the cell phone and the theft or falsification of the signatory’s identity document. The choice of this signature is particularly recommended if you are expected to provide a high level of security in the event of a dispute.
Advanced signature vs. qualified electronic signature
The advanced signature is less restrictive than the qualified level (or advanced electronic signature based on a qualified certificate). This level involves the issuance of a certificate following a face-to-face verification process with a qualified agent, or by means of a certified remote identity verification service. This level of electronic signature is more complex, and is particularly well suited to cross-border or high-stakes deals (public procurement, public authorities, etc.), which can tolerate very little legal uncertainty.
On the Closd legal project management platform, a proof file is produced and archived for each ID check and electronic signature. These procedures meet legal and jurisprudential requirements and ensure the validity and probative value of signatures made on our platform.
Advanced electronic signatures are designed to comply with international legal regulations and standards. Among them, the European Union’s eIDAS regulation or the ESIGN Act in the USA. They can be used for a variety of documents, from commercial contracts to financial transactions, including those with high legal implications, thanks to their high level of legal security, for example:
- Commercial contracts: The advanced electronic signature is used to validate and authenticate commercial contracts, whether sales contracts, partnership agreements, franchise agreements, distribution contracts or other types of contract.
- Company takeover documents: During M&A transactions, advanced electronic signatures are used to validate important documents such as purchase agreements, share and asset transfer agreements, and other legal documents related to the transaction.
- Work contracts: When hiring new employees, work contracts can be signed electronically, enabling employers to comply with legal documentation requirements while simplifying the signature process for employees.
- Non-disclosure agreements (NDAs): NDAs are commonly used to protect confidential information in commercial transactions or negotiations. The advanced electronic signature guarantees that the parties agree to keep the information confidential.
- Litigation and settlements: Lawyers and parties involved in litigation can use advanced electronic signatures to authenticate settlement agreements and other legal documents related to dispute resolution.
- Regulatory compliance: companies and financial institutions use advanced electronic signatures to comply with government regulations, such as data protection regulations (like the GDPR in the EU) and financial transaction laws.
Advanced electronic signatures speed up processes, reduce the cost of handwritten signatures, and simplify document management, while maintaining a high level of security and reliability.
By offering all types of electronic signature, Closd adapts to all practices, whatever your needs or the size of your organization. To find out more about advanced signing, don’t hesitate to schedule a demo.