Share on :
A recent decision by the French Supreme Court (Cour de Cassation) on March 13, 2024 has set the record straight on the legal value of scanned signatures.
In this article, we've tried to break down this decision to help you see things more clearly, understand the key role played by the Civil Code in this case, understand the consistency of this decision with the eIDAS regulation, and make you aware of the need to prefer a secure electronic signature to a scanned signature to make your contracts more reliable and protect them.
A reminder of the facts
A ruling by the French Supreme Court (Cour de Cassation) on March 13, 2024 has reinforced the confusion surrounding the interpretation of French regulations on electronic signatures, but this ruling merely reaffirms the position of French judges.
In this case, a unilateral promise to sell had been signed using a scanned signature, but was not honored by its author.
As a reminder, a scanned signature consists in affixing an "image" of the signature to an electronic document. The appellant, who sought enforcement of the promise, was dismissed on appeal and his appeal in cassation was rejected on the grounds that a scanned signature does not enjoy the same reliability as an electronic signature within the meaning ofarticle 1367 of the French Civil Code.
In fact, she notes that a scanned signature cannot be used to identify the person who signed it, nor to prove his or her consent to the obligations arising from the deed.
Scanned signatures under the eIDAS regulation
The eIDAS regulation defines three levels of electronic signatures simple, advanced and qualified. A simple electronic signature consists of data in electronic form, attached to or logically associated with other data in electronic form, which the signatory uses to sign.
The scanned signature, like the tablet signature, can therefore be likened to a simple signature, representing the lowest level of security and electronic authentication.
What does the French civil code say?
Article 1367 states that "The signature required to perfect a juridical act identifies its author. It manifests his consent to the obligations arising from this act. When affixed by a public official, it confers authenticity on the act. When it is electronic, it consists in the use of a reliable identification process guaranteeing its link with the deed to which it is attached. The reliability of this process is presumed, until proof to the contrary, when the electronic signature is created, the identity of the signatory assured and the integrity of the document guaranteed, under conditions set by decree by the Conseil d'Etat".
As we can see, this definition of a signature, and more specifically of an electronic signature, sets the bar higher than a simple signature as defined by the eIDAS regulation, without excluding it. The only condition is the use of a reliable identification process guaranteeing its link withthe act to which it is attached.
The crucial role of the evidence file in this case
While a judge cannot refuse a signature on the grounds that it is a simple electronic signature, it is vital toprovide proof of its reliability. This can be done by means of a proof file supplied by the trust service provider who steers and accompanies the electronic signature process. In particular, this file must be able toattest to the identity of the signatory and guarantee the integrity of the data.
As an electronic signature does not benefit from a presumption of reliability, the proof file becomes absolutely essential to establish the reliability of the signature. It must containelements such as :
- The fingerprint of the signed file to verify that it has not been modified;
- Information identifying the signatory (surname, first name(s), etc.);
- Authentication information (cell phone number to send one-time password, FranceConnect connection token, etc.);
- The signatory's agreement to the general terms and conditions of use of the signature platform.
The relationship between article 1367 of the French Civil Code and the eIDAS regulation in this decision
The Cour de cassation reaffirms the decision of the Versailles Court of Appeal, pointing out that "the process of scanning signatures, while valid, cannot be equated with that used for electronic signatures, which benefit from a presumption of reliability under article 1367, paragraph 2, of the French Civil Code". This sentence could lead to confusion and suggest that scanned signatures are not recognized as electronic signatures within the meaning of the eIDAS regulation. But this is far from being the case.
Indeed, the French Supreme Court (Cour de cassation) did not call into question the qualification of a simple signature, confirming that the process of scanning signatures is "valid". While the French judges rarely invoke the eIDAS regulation, they do not question its application.
In their ruling of March 13, 2024, the judges confirmed the decision of the Court of Appeal, which had held that scanned signatures could not benefit from the presumption of reliability set out in article 1367. This interpretation also follows the provisions of the eIDAS regulation: only qualified signatures benefit from a presumption of reliability.
In this case, the plaintiff had failed to build a sufficient evidentiary case. Indeed, the injured company wished to demonstrate that this procedure was customary between the two companies, but this element was not validly demonstrated, according to the Court of Appeal. The scanned signature cannot therefore produce the effects of a signature within the meaning of article 1367 of the French Civil Code.
The simple signature with Lex Persona
A simple signature performed with Lex Persona's Lex Enterprise electronic signature solution, in front of a court of law, should not be subject to the same conclusion.
In fact, in the case of a simple electronic signature, Lex Enterprise offers a device that goes much further in terms of security and authentication, coming closer to an advanced electronic signature as defined by the eIDAS regulation, as well as an electronic signature as defined by article 1367 of the French Civil Code.
The electronic signature process offers a very high level of security:
- For each simple electronic signature, there is a corresponding electronic document seal, created using a certificate in the name of "Lex Persona" (instead of a nominative electronic signature certificate for an advanced or qualified electronic signature) . This seal guarantees the integrity of the document, withthe highest level of security available.
- In the case of electronic signatures on PDF documents in PAdES format, the signatory has the option of associating an image of his signature signature with the electronic signature, which can be captured on a touch screen or uploaded from his device.
- In the case of electronic signatures on PDF documents in PAdES format, the reason for electronic signature field includes the signatory's first and last name, as well as the identifier for the electronic signature transaction.
- The electronic signature is time-stamped by Lex Persona's eIDAS-qualified time-stamping service, which guarantees that the signature is perfectly valid when subsequently verified.
- The electronic signature can be conditioned by an authentication mechanism, such as an OTP sent by SMS, or a connection to FranceConnect, which guarantees the identity and authenticity of the signatory.
Finally, the proof file generated by Lex Persona that accompanies the signature transaction is particularly detailed and secure. What's more, its eIDAS-qualified sealing and time-stamping prevent any attempt at fraud involving the proof file itself. It includes, in particular, the following elements
- Information identifying the signatory (surname, first name, e-mail address, country of nationality or birth, if applicable). Additional information may be supplied, such as the signatory's legal entity, position, etc.
- The signatory's authentication method (e-mail OTP, SMS OTP, FranceConnect connection, Identité Numérique La Poste, internal or external SSO, etc.).
- Proof of signatory authentication (OTP validation, OpenID Connect token, etc.).
- Proof of acceptance by the signatory of the General Terms and Conditions of Use of the signature platform.
- Proof of delivery of signed documents in their entirety (if applicable).
- Electronic signature of documents to verify their integrity and authenticity.
- The signature transaction identification elements found in the signature itself.
In a nutshell
This recent decision highlights the key role played by Article 1367 of the French Civil Code in this case, providing a complementary requirement to the eIDAS regulation for the simple electronic signature level. While it is strongly recommended to use a secure electronic signature rather than a scanned signature, it is important to ensure that the trusted service provider you have chosen to support you in this process is able to provide you with a detailed, secure proof file, whatever the level of signature used.