With the rise of digitalization in the legal sector, legitimized by the entry into force of the European eIDAS regulation in 2016 and accelerated by the 2020 pandemic, the electronic signature has become an everyday routine for legal professionals. This practice has won over many players, from business law firms to corporate legal departments, including their own clients, due to the great reliability and flexibility it brings in signing contracts or completing deals. For many lawyers and legal professionals, the electronic signature is the gateway to change management and a deeper transformation of their practice.
The use of electronic signatures has become quite common, but professionals must be familiar with its technical and legal implications. Unfortunately, the massive use of this technology has also led to cases of fraud and identity theft. It is therefore essential to understand the specificities of each level of electronic signature in order to make the best choice according to the situation and the type of file handled.
If you are part of a firm carrying out high-stakes operations, a large international group or a public administration, it is very likely that you have already heard of the qualified electronic signature. Less known and less in demand than the other levels of electronic signature (simple and advanced), its great probative force makes it useful for certain particularly sensitive contracts. It is therefore important to choose an electronic signature solution offering all the existing levels in order to find the best compromise between simplicity and security for each use case.
If you are not completely familiar with this term, follow the guide! Let’s take a look at the definition, the legal implications and the use cases of the qualified electronic signature.
What is a qualified signature?
General background
There are 3 levels of electronic signatures according to the eIDAS regulation, a European regulatory framework that came into force in 2016 to increase trust in dematerialized transactions between European Union (EU) Member states.
The difference between the different levels does not lie in their legal value, which is identical for all three, but in the degree of authentication of the signatories, and therefore in the probative value of the signatures:
- The simple electronic signature offers a low level of legal security. Its authentication system without identity verification or connection to a third-party platform makes it a quick way to sign documents of lesser importance, with no substantial risk of litigation or requiring any particular legal obligation as to the level of electronic signature required;
- The advanced electronic signature offers a high level of legal security. Its multi-step signatory authentication system (password, ID verification, then validation code by text message) is more suitable for important documents. It is the ideal combination of convenience and legal security;
- and finally, the qualified electronic signature, which offers a very high level of legal security and is suitable for signing contracts in a European context or in case of a significant litigation risk. However, its implementation is cumbersome and time-consuming for the signatories.
Definition
The qualified electronic signature (QES) offers the most advanced degree of authentication of the signatories and the most complete evidence file. According to the eIDAS regulation, “regarding qualified electronic signatures, they have the equivalent legal effect of handwritten signatures across all EU Members“. This does not mean that the other levels of signature are not equivalent to a handwritten signature, but that the qualified signature’s reliability is presumed. As for the other levels of signature, it all depends on the level of authentication of the signatories.
The qualified electronic signature must meet the requirements of the eIDAS regulation:
- the document must be signed using a secure signature generation device that is certified and approved for being used to generate QES;
- it must be based on a qualified certificate issued after face-to-face (physical or video) verification of the identity of the signatory by a competent and independent third party;
- The signing key must have been created by a qualified signing device and be provided by a qualified trust service provider.
In short, this could be described as an advanced electronic signature, with additional technical requirements, and therefore with an even more complete evidence file to prove the identity of the signatory. This type of signature is linked to the signatory and allows his identification unequivocally. Like the other signature levels, it also allows the detection of any modification of the document after its signature date. This protects the content against any risk of forgery.
The validity of the qualified signature is recognized in all EU Member states, and outside the EU according to the specificities of local law.
Functioning
The creation of a qualified electronic signature relies on a combination of software and a hardware element to create the electronic signature, ensuring its security, as well as the integrity and confidentiality of the data related to its creation.
The qualified electronic signature is accompanied by a qualified certificate, which validates the signatory’ identity and meets the requirements guaranteeing the signature’s validity.
This certificate is issued after a verification process that involves an AI-based identity check, followed by an identification dossier validation by a certified agent in less than 5 minutes. The provider issuing the certificate is independently controlled by a competent third party in each EU member state. In France, this is the ANSSI.
The qualified certificate often takes the form of an authentication key or a certified smart card, or ultra-secure certified cryptographic equipment installed in the qualified provider’s environment.
Legal implication
The qualified electronic signature has the same legal value and enforceability as the traditional handwritten signature in a court of law. It is therefore presumed to be valid and reliable in the event of a dispute, leading to a reversal of the burden of proof, in all the Member states of the European Union.
It cannot be refused on the grounds that it is an electronic signature, and its probative value is superior to that of the simple and advanced signature.
Benefits and drawbacks of the qualified signature
The main advantage of the signature lies in the quality of its proof and its unquestionable legal validity in the EU member states.
In this case, why opt for another type of signature than the qualified signature if it prevails technically and legally over any other?
Its main disadvantage is the rigorous identity verification process. Although the identity verification process may seem lengthy, it is guided step-by-step by artificial intelligence directly on the DocuSign platform and verified by a qualified agent, all within less than 15 minutes.
The certificate’s validity period, although variable, can last up to 3 years, significantly simplifying the process for future qualified signatures. Thanks to DocuSign’s Digital Identity Wallet (Wallet ID), users do not need to present their ID for each verification. They can simply log in to their digital identity wallet, and ID Verification will compare the verified name with the one indicated in the envelope.
Another notable disadvantage is its cost, which is on average higher than that of the simple and advanced signature. Its use is therefore reserved for very specific cases.
Use case
Widely favored by large market players, especially in the international corporate world, the qualified signature is a necessity for the realization of certain transactions tolerating very little legal uncertainty.
Examples of contracts requiring a qualified signature are, as listed by the ENISA (European Union Agency for Network and Information security):
- Signing a document/message to confirm origin (in organizations or governments)
- Signing of a document/ declaration (To relative or an accountant a mandate for a limited period of time, submitting declarations to government (which needs to be signed by mandated person, etc.)
- Signing of a (commercial) proposal (companies using signing of proposals/offers towards their clients, companies participating in the eProcurement-process of government and being more and more obliged to submit their offer electronically, etc.)
- Signing of an official document /attestation ( e-permits, attestation of residence, VAT-attestations, custom document, etc.)
- Signing of a legal consent / eMandate (general terms and conditions when becoming a client of a bank, giving an accountant a mandate to act on one’s behalf and to do financial transfers on one’s behalf, etc.)
- Signing of a contract (A person signing a rental or buying agreement, a company subscribing to an insurance contract, signing off for a government project-start, etc.)
How the electronic signature works at Closd
With the integration of the qualified signature, Closd is now able to support its customers in every deal by offering all types of electronic signatures.
Closd allows project managers to opt for the qualified signature when setting up their signing session, available through its partner DocuSign.
Signatories will be directed via an email link to authenticate on the Closd platform. Before signing the document, they will be redirected to an identity verification process. They must follow the steps required by artificial intelligence directly on their phone:
- Video capture of the document data and the user’s face
- Automated data verification
- Compilation of an evidence dossier and transmission of the decision by a qualified agent
This secure process, compliant with GDPR and ANSSI standards, is facilitated by DocuSign’s ID Verification Premiere service and takes on average less than 5 minutes.
Once the procedure is completed, the signer receives a confirmation email inviting them to sign the document(s) within 24 hours. If this period is exceeded, the verification must be repeated. After signing, the documents are made available on the Closd platform according to the sharing criteria defined during the signing session setup by the project manager.
This procedure, conducted by AI and a qualified agent, is valid for three years. For each new qualified signature, users who have already completed this process can simply sign by authenticating with their DocuSign Wallet ID, if they have chosen to activate it.
By offering all types of electronic signatures, Closd adapts to any legal practice, regardless of your needs or the size of your organization. Do not hesitate to contact our team to learn more about the qualified signature.