What is an electronic signature? Complete Guide 2026
Updated on
Electronic signature (or e-signature) allows you to sign documents digitally with the same legal value as a handwritten signature. This guide explains how it works, the three levels defined by the eIDAS regulation, its legal validity in France and Europe, and how to implement electronic signature in your organisation.
In brief
- Legal value = handwritten signature (art. 1367 Civil Code + eIDAS regulation EU 910/2014)
- 3 recognised levels: Simple (SES), Advanced (AES) and Qualified (QES)
- Valid in all 27 EU Member States — direct application without transposition
- How it works: signer identification + cryptographic fingerprint (hash) of the document
- Average ROI < 3 months — contract finalised in hours vs. 5 days by post
Definition: What is an electronic signature?
A electronic signature is a set of data in electronic form, which are attached to or logically associated with other data in electronic form and which the signer uses to sign. This definition, from the eIDAS regulation (regulation (EU) No. 910/2014), covers a broad spectrum of technical mechanisms, from the simplest (ticking a box, typing your name) to the most sophisticated (qualified cryptographic certificate).
Under French law, article 1367 of the Civil Code states that "a signature necessary for the completion of a legal act identifies the person who apposes it" and that, when it is electronic, it "consists of the use of a reliable identification process guaranteeing its link with the act to which it is attached". The reliability of the process is presumed for signatures qualified within the meaning of eIDAS.
Concretely, an electronic signature fulfils three functions: it identifies the signatory, it expresses their consent to the document's content, and it guarantees the integrity of the document (any modification after signing is detectable).
Electronic signature vs digital signature
The terms are often confused. Electronic signature is the legal concept (what engages the signer). Digital signature is the underlying cryptographic technique (document hash, asymmetric encryption with private key) that can be used to implement an advanced or qualified electronic signature. Every digital signature is an electronic signature, but the reverse is not true.
How does electronic signature work?
The mechanism rests on two pillars: the authentication of the signer and the integrity of the document.
To authenticate the signatory, one or more identification factors are used: trusted email address (single-use link), OTP code received by SMS, personal cryptographic certificate, etc. To guarantee integrity, a hash (fingerprint) of the document is calculated at the time of signing. If the document is subsequently modified, the hash no longer matches — the signature is then invalidated.
In solutions like Certyneo, the process relies on PDF processing libraries that integrate these cryptographic metadata directly into the file. A timestamped audit trail (action log) completes the system by recording each step: sending, opening, OTP validated, signing, etc.
From a technical standpoint, several security mechanisms strengthen the inviolability of the process: qualified timestamping (RFC 3161) applies certified time proof to each signature; TLS 1.3 encryption protects data in transit; the signatory's geolocation and IP address are recorded for traceability; finally, in certain workflows (AES/QES), behavioural biometric data (typing speed, pressure) complement the identity fingerprint.
The concept of non-repudiation is central: thanks to the timestamped and cryptographically signed audit trail, it is technically impossible for a signatory to deny having signed a document without falsifying the chain of evidence. With regard to archiving, French regulations (Decree 2016-1673) require retention for 10 years for most commercial documents — Certyneo ensures this archiving with probative value in sovereign hosting (EU).
The 3 levels of electronic signature according to eIDAS
The eIDAS regulation defines a hierarchy of three levels. The higher the level, the stronger the identification requirements and the more robust the legal presumption.
Simple Signature
Simple electronic signature
Examples
Web form, tick box, name typed on keyboard
Typical use cases
Quotes, internal orders, low-risk documents
Certyneo
Available on all Certyneo plans
Advanced Signature
Advanced electronic signature
Examples
OTP SMS + email, strong signer authentication
Typical use cases
Employment contracts, NDAs, major commercial contracts
Certyneo
Standard and Business plans — dual-channel OTP (email + SMS)
Qualified Signature
Qualified Electronic Signature
Examples
QTSP certificate + secure signature creation device
Typical use cases
Notarial acts, very high-value contracts, public procurement
Certyneo
Via QTSP partner on request — native integration on roadmap
Comparison table of 3 eIDAS levels
| Criterion | SES Simple | AES — Advanced | QES — Qualified |
|---|---|---|---|
| Signer identification | Email only | OTP SMS + email | QTSP + QSCD certificate |
| Document integrity | Basic | Cryptographic (hash) | Cryptographic (hash) |
| Qualified certificate required | No | No | Yes (eIDAS provider) |
| Presumption of handwritten equivalence | No | Partial | Full (art. 25 eIDAS) |
| Reversal of burden of proof | No | No | Yes (in favour of signer) |
| Typical use cases | Quotes, orders | HR contracts, NDAs, employment agreements | Notarial deeds, public procurement |
| Certyneo availability | All plans | Standard and Business | Via partner QTSP |
Key legal point — reversal of burden of proof: For QES only, article 25 of the eIDAS regulation establishes a legal presumption of equivalence with handwritten signature. In the event of a dispute, it is the challenger who must prove that the signature is invalid — not the signer who must prove its validity. This reversal is a considerable advantage in contractual disputes.
Legal validity in France and the European Union
In France, electronic signature has been recognised since the Law no. 2000-230 of 13 March 2000, which amended the Civil Code to establish electronic documents and electronic signatures as equivalent to their paper counterparts. Article 1366 specifies that electronic documents "have the same evidential value as documents on paper support".
At European level, the eIDAS regulation (EU) No. 910/2014 creates a unified legal framework for electronic signatures. Its article 25 establishes the principle of non-discrimination: "an electronic signature may not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form". Qualified signatures (QES) also benefit from a legal presumption equivalent to handwritten signature in all 27 Member States.
For standard documents (commercial contracts, employment contracts, quotations, NDA, mandates), an advanced signature (AES) offers an excellent balance between ease of use and legal security. Qualified signature (QES) is reserved for very high-value documents or situations where sectoral regulation explicitly requires it.
French reference texts
- Article 1366 of the Civil Code (electronic document)
- Article 1367 of the Civil Code (electronic signature)
- Decree No. 2017-1416 of 28 September 2017 (presumption of reliability)
European reference texts
- Regulation (EU) No. 910/2014 (eIDAS)
- Directive 1999/93/EC (repealed, previous framework)
- eIDAS Regulation 2.0 (2024 — digital identity wallet)
To ensure a service provider's compliance, ANSSI publishes the French trust list (TSL — Trust Service List) of qualified providers authorised to issue QES certificates. At European level, each Member State publishes its own TSL, all accessible via the European Commission's official portal (eidas.ec.europa.eu). Certyneo is ISO 27001 certified and hosts its data in the EU (Germany).
The benefits of electronic signature for businesses
Beyond legality, electronic signature profoundly transforms contractual and administrative processes.
Time savings
Un contrat qui prenait 5 jours (impression, envoi postal, retour) se finalise en quelques heures. Les rappels automatiques éliminent les relances manuelles.
Enhanced security
L'audit trail horodaté, le chiffrement TLS 1.3 et l'OTP double canal offrent un niveau de preuve supérieur au papier contre la falsification ou le déni.
Legal value
eIDAS compliance and article 1367 of the Civil Code. Signed documents have the same probative force as a handwritten signature and are admissible in French courts.
Cost reduction
Élimination des coûts d'impression, d'envoi, d'archivage physique et de gestion manuelle. Le ROI est généralement atteint en moins de 3 mois.
Complete traceability
Each step in the document lifecycle is recorded. You know exactly who opened, read and signed, and when, from which IP address.
GDPR compliance
Data hosted in Germany (EU) (European Union), documented retention period, right of access and erasure. GDPR compliance is built in natively.
Which documents and sectors can use electronic signatures?
Almost all contracts and legal documents can be electronically signed. A few exceptions remain (notarial deeds, handwritten wills) but they concern less than 5% of common commercial documents.
Human Resources
- Employment contracts (permanent, fixed-term, apprenticeships)
- Amendments and position changes
- Internal regulations, charters
- Employee confidentiality agreements (NDA)
Legal and Commercial
- NDA (non-disclosure agreements)
- Service and supply contracts
- Purchase orders and quotations
- Intellectual property assignment contracts
Real Estate
- Sales and management mandates
- Residential and commercial leases
- Preliminary sales agreements (excluding authentic deeds)
- Condition reports
Finance and Banking
- Account opening and KYC
- SEPA direct debit mandates
- Loan agreements (excluding notarised mortgage loans)
- General terms and amendments
Excluded documents (require authentic deed)
- ×Final property sales (notarised deed mandatory)
- ×Handwritten wills
- ×Marriage and divorce certificates (civil status deed)
- ×Certain real security deeds (mortgages)
5 common mistakes with electronic signatures (and how to avoid them)
Even though legally recognised, an electronic signature can be contested if implemented incorrectly. Here are the most frequent pitfalls encountered in business.
Using too low a level for the contract
Signing an employment contract or deed of transfer with SES (simple click) exposes the employer to a challenge risk. Rule: any contract with value > €1,500 or significant HR consequences must use at least AES with SMS OTP.
Ignoring the audit trail (proof log)
The signed document is only part of the proof. The audit trail — which documents each step (sending, opening, OTP verified, time, IP) — is the key evidence in case of dispute. Without it, it is impossible to reconstruct the chain of events before a court.
Not verifying the service provider's GDPR compliance
Biometric and identification data of signatories are sensitive personal data. Your service provider must absolutely host data in the European Union and have a GDPR-compliant DPA (Data Processing Agreement). Be wary of US-based solutions without EU hosting.
Confusing electronic signature with scanned signature
Scanning your handwritten signature and inserting it into a PDF has no legal value within the meaning of the eIDAS regulation. A true electronic signature is based on cryptographic mechanisms of integrity and authentication — not on an image.
Neglecting long-term archiving
Decree 2016-1673 requires retaining signature proofs for the entire legal life of the contract (10 years for commercial documents, 5 years for employment contracts). Your solution must guarantee archiving with evidential value, not just standard cloud storage.
How to implement electronic signature: step-by-step guide
With Certyneo, you can send your first document for signature in less than 5 minutes.
Create your account
Sign up to Certyneo in seconds with your email or via Google/Microsoft. No credit card required to get started.
Upload your document
Import your PDF or Word file. Certyneo automatically converts Word files to PDF optimised for signature.
Add signatories
Enter the name and email of each signatory. Set the signing order if needed and position the signature fields in the document.
Send the envelope
A secure email is sent to each signatory with a unique link. For advanced signature, the signatory also receives an OTP via SMS.
Track in real time
From your dashboard, track the status of each envelope: sent, opened, signed or refused. Automatic reminders re-engage inactive signatories.
Archive the final document
Once all signatories have signed, the final PDF (with integrated audit footer) is automatically archived for 10 years and accessible at any time.
Frequently asked questions about electronic signature
What is an electronic signature?
An electronic signature is a technical process allowing you to identify the author of a digital document and guarantee the integrity of that document. It is the legal equivalent of a handwritten signature within the meaning of eIDAS regulation (EU) No. 910/2014 and article 1367 of the French Civil Code.
Is electronic signature legal in France?
Yes. Electronic signature has been legally recognised in France since the Law of 13 March 2000 (article 1367 of the Civil Code) and throughout the European Union thanks to the eIDAS regulation. It has the same legal value as a handwritten signature provided that the conditions for identifying the signer and the integrity of the document are met.
What is the difference between simple, advanced and qualified signature?
The eIDAS regulation defines three levels. Simple signature (SES) corresponds to the basic level: click, tick a box or type your name. Advanced signature (AES) requires identification of the signer (SMS/email OTP, for example) and a unique link to the document. Qualified signature (QES) additionally requires a certificate issued by a qualified trust service provider (QTSP) and a secure signature creation device — it offers the strongest legal presumption.
Which documents can be signed electronically?
Almost all contractual and commercial documents can be signed electronically: employment contracts, quotations and purchase orders, NDAs, service contracts, amendments, mandates, agreements, assignment deeds. Certain authentic acts (notarial deeds, civil status acts) require specific conditions.
How does Certyneo's electronic signature work?
With Certyneo, the sender uploads their PDF document, adds signatories and defines fields. Each signatory receives a secure link by email. For an advanced signature (AES), a dual OTP email + SMS (from our SMS OTP provider) authenticates the signatory. The final PDF includes a timestamped audit footer and is archived for 10 years.
Is electronic signature valid throughout the EU?
Yes. The eIDAS regulation applies directly in all 27 EU Member States. A qualified signature issued in one member country is recognised in all other member states. Simple and advanced signatures also have probative value but may be subject to the judge's assessment.
How much does electronic signature cost with Certyneo?
Certyneo offers a free plan (5 envelopes/month), a Personal plan at AU$9/month, a Standard plan at AU$19/month and a Business plan at AU$39/month (Business) or AU$99/month (Business Pro). Advanced eIDAS signature (AES) is available from the Personal plan (AU$9/month).
What is an audit trail and what is it for?
The audit trail is a timestamped log of all actions performed on an envelope: sending, opening, viewing, signing, refusal, expiry. It constitutes proof of the chronology of events and strengthens the probative value of the signed document in case of dispute.
Is electronic signature really secure?
Yes, an electronic signature compliant with eIDAS is technically safer than a handwritten signature. It combines: (1) signer identification by SMS OTP or certificate, (2) cryptographic fingerprint (SHA-256 hash) of the document — any modification post-signature immediately invalidates the signature, (3) qualified timestamping certifying the exact time, (4) signed and encrypted audit trail preserving complete history. None of these protections exist for a paper signature.
How long should electronically signed documents be kept?
The duration depends on the nature of the document: 10 years for commercial contracts (art. L.110-4 French Commercial Code), 5 years for employment contracts, 30 years for property-related deeds. Decree 2016-1673 requires that archiving be carried out under conditions guaranteeing document integrity and readability. Certyneo ensures such archiving with probative value hosted in the European Union.
What is non-repudiation and why is it important?
Non-repudiation is the legal and technical property that prevents a signer from denying having appended their signature. It is guaranteed by the combination of: the timestamped and cryptographically signed audit trail, the OTP sent to the signer''s phone number (proof of possession), and the unique fingerprint of the document. In the event of legal dispute, non-repudiation constitutes a strong presumption in favour of the beneficiary of the signature.
What certifications and compliance standards should you check with a service provider?
For a reliable and compliant solution, verify: eIDAS qualification (ANSSI trust list for QES), ISO 27001 certification (information security), GDPR compliance with hosting in the EU, HDS compliance if you process health data, and ideally ANSSI SecNumCloud qualification for cloud-hosted solutions. Certyneo hosts all its data in Germany (EU).
Certyneo Legal Team
Electronic signature and contract law experts
This guide is written and maintained by Certyneo's legal and technical team, specialising in electronic contract law, eIDAS compliance and data protection (GDPR). Each article is reviewed quarterly to reflect the latest regulatory developments.
- Expertise in eIDAS Regulation (EU) No 910/2014
- GDPR compliance and hosting in the European Union
- Processing of more than 50,000 electronically signed documents
Last revision :