An electronic signature made with a system as secure as Closd’s is more reliable than a handwritten signature. The entry into force of the eIDAS regulation has been a giant step in its generalization: The certification of an electronic signature provider is a trust factor and a guarantee of compliance with the rules established by European and national laws. The validity of an electronic signature made on Closd is therefore proved by:
- The certification of DocuSign and Certeurope as trust services providers; and
- The body of evidence made up of the triple authentication of signatories.
Regarding the verification of an electronic signature by PDF readers, it is based on a “chain of trust” principle. The encryption certificate is validated by the Certification Authority that issued it (i.e., the electronic signature service provider), itself validated by an authority with a higher level of trust and so on, until a Root Certification Authority is reached, the last link in the chain (generally private companies acting as trusted third party for numerous uses). The PDF reader is able to verify the reliability of each level: if one of the links in the chain is missing, it will not validate the electronic signature.
Under European law, the eIDAS regulation of July 23, 2014 has been a game changer. It is now easy to prove that an electronic signature technology is secure and reliable. It has implemented a new harmonized framework for digital trust services (among which the electronic signature) and provides that national courts cannot reject electronic signatures as evidence.
The eIDAS regulation has created three types of electronic signatures (Simple, Advanced and Qualified, depending mostly on the authentication process) and a system of certifications issued national supervisory authorities for each provider. Once certified, the provider obtains the label of “Trust Services Provider” and may operate in any member State. A trusted list of all certified providers is published and updated by the European Commission, making it easy for national judges to assess whether the electronic signature is secure.
The eIDAS regulation has allowed the electronic signature to boom in Europe. It is now a reference law that has inspired a lot of national regulations, even outside the European Union.
Legally, there is no difference in terms of validity between “Simple”, “Advanced” and “Qualified” signatures. Their legal effect and admissibility in court cannot be denied in any state within the European Union. The “Qualified” signature simply benefits from a presumption of reliability.
The “Simple” signature is, by default, that which does not meet the requirements of the “Advanced” or “Qualified” categories. Authentication of signatories usually results in sending a One-Time Password (OTP) to the signatory’s mobile phone after clicking on a link received by email.
The “Advanced” signature must meet the following requirements :
- It is uniquely linked to the signatory;
- It is capable of identifying the signatory;
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- It is linked to the data signed therewith in such a way that any subsequent changes in the data are detectable.
On Closd, these requirements are met by combining the transmission of an OTP code via mobile phone and the user’s email and password combination with two other factors, making it possible to establish with certainty the identity of the signatory: an automated ID verification and a secure password to access Closd.
From a probative point of view, these authentication methods create a solid body of evidence in addition to the eIDAS certification. Challenging a signature made on Closd would require proving the hacking of the mailbox, the theft of the mobile phone and the theft or falsification of a copy of the signatory’s identity document.
The “Qualified” signature legally corresponds to an “Advanced” signature with reinforced technical requirements and requires the issuance of a certificate following a face-to-face verification of the signatory’s identity (by physical meeting or videoconference). The advantages of the electronic signature (mobility and speed) can be greatly reduced by this process.