Share on :

LinkedIn

Over the last twenty years, electronic signatures have gradually spread to all sectors of the economy. Private and public alike, with relative discretion, against a backdrop of gradual digital transformation.

Since the beginning of the health crisis, we have seen an acceleration in the movement. Little by little, electronic signatures are being used by company employees. But they are also being used by elected representatives, agents and citizens, with a wide range of security needs.

Although the use of electronic signatures is simple, and their advantages (practicality, security, traceability, time savings, etc.) no longer need to be extolled, many organizations are still wondering how to deploy them.

Which documents are involved? How are they circulated ? What are the internal validation processes ? What is the volume involved? Who can sign? With what level of signature?

These are just some of the questions that need to be answered in order to draw up specifications in consultation with the IT department.

The right level of electronic signature for every application!

Electronic signatures are governed by two distinct sets of regulations:

 

Electronic signature regulations:the General Security Reference (RGS)

The Référentiel Général de Sécurité (RGS ) aims to reinforce security and confidence in exchanges within the administration and with citizens. It proposes three levels of security:

  • Elementary RGS*
  • RGS** standard
  • Reinforced RGS***

Note that the "Standard" and "Enhanced" levels require face-to-face verification of the signatory's identity and the use of a secure key (smart card or USB key).

 

Electronic signature regulations:the European eIDAS regulation

The European eIDAS regulation onelectronic identification and trust services provides for the generation of a simple, advanced or qualified signature. With this regulation, the European Union has established a legal basis for the use of electronic signatures in order to develop their use. It defines three levels of electronic signature:

  • Simple
  • Advance
  • Qualified

 

The "simple" electronic signature

It corresponds to the first stage of security, insofar as it only consists of "data in electronic form, which are attached to or logically associated with other data in electronic form, and which the signatory uses to sign".

Its main aim is not to discriminate against any form of electronic signature. Including the simple mention of a name at the end of an e-mail. This type of signature is not defined in French law.

 

The "advanced" electronic signature

It meets 4 requirements of the eIDAS regulation: it is unambiguously linked to the signatory, enabling the latter to beidentified; it offers a high level of confidence in its implementation by the signatory; and it guarantees the integrity of the resulting document. This level of signature offers the best compromise in terms of security, cost, ease of use and implementation.

 

Qualified" electronic signatures

It is the most secure of all electronic signatures, and the only one to offer the same legal value as a handwritten signature in all EU member states.

This is an advanced signature based on a qualified electronic signature certificate and a qualified signature creation device.

In concrete terms, this type of signature requires face-to-face verification of thesignatory's identity and the use of a secure key. It is mainly used for regulatory compliance purposes. The eIDAS-qualified electronic signature is recommended for contractual exchanges with foreign countries.

Lower-level signatures do not have the same value as handwritten signatures. They are nonetheless admissible as evidence in court.

Note that work is underway to update the RGS in order to simplify its articulation with the eIDAS regulation.

Ultimately, it's up to each party to assess the level of risk involved in the transaction. Or to gauge the reliability of the other party, in order to choose the level of electronic signature best suited to the transaction and its stakes.

Simple, advanced or qualified? According to the French Commercial Code, a "simple" electronic signature is sufficient. However, if there are real doubts about the other party, for example, in the case of an agreement with an unfamiliar or unfamiliar supplier or customer, it may be wise to opt for an "advanced" or "qualified" electronic signature.

Ultimately, it's up to each individual to assess the level of risk involved in the transaction.

Less paper and more time for customer service

Choosing and deployment of an electronic signature solution can benefit from support tailored to the functional and regulatory needs of organizations.

But its implementation offers a rapid ROI ("return on investment") with very significant benefits. These include savings on paper costs and shorter signature times for customers, suppliers and employees.