Electronic signature as legal evidence in litigation

In France, more than 2.5 billion documents are signed electronically each year, according to industry estimates. Yet when a commercial dispute erupts, one question repeatedly resurfaces: does electronic signature constitute solid evidence before a court? The answer is yes, subject to conditions. Between the Civil Code, the European eIDAS regulation and French case law which has intensified since 2016, the framework is precise — but complex. This article decrypts the admissibility conditions for an electronic signature in court proceedings, the different levels of evidence according to the type of signature, and the mistakes to avoid so that your document survives a judicial challenge.

Probative value of electronic signature: what French law says

Electronic signature is not a legal novelty. Since the law of 13 March 2000, French law has explicitly recognised electronic writing as a means of evidence, in the same way as paper. This recognition is now codified in articles 1366 and 1367 of the Civil Code, which establish two fundamental principles.

First principle: electronic writing has the same probative force as paper writing, provided that the person from whom it emanates is duly identified and that the integrity of the document is guaranteed. Second principle: a reliable electronic signature benefits from a legal presumption of validity. Article 1367 specifies that this reliability is presumed — that is, acquired without prior demonstration — when the signature complies with technical requirements fixed by decree.

In practice, this decree refers to the European eIDAS regulation, a detailed analysis of which can be found in our guide on the eIDAS 2.0 regulation. The mechanism is therefore as follows: a signature qualified within the meaning of eIDAS benefits from an irrebuttable presumption of validity under French law, shifting the burden of proof to the one who contests it.

The three levels of signature and their probative scope

The eIDAS regulation distinguishes three levels of signature, which do not offer the same robustness of evidence before a judge:

Simple electronic signature (SES) is based on electronic data attached to a document — typically an email or a ticked box. It has low probative value: in case of dispute, it is up to the one invoking it to prove its authenticity. It is suitable for acts of low value or in low-risk contexts.

Advanced electronic signature (AES) is linked in a unique manner to the signatory, allows for their identification, is created from data under their exclusive control and detects any subsequent modification. It offers significantly higher probative value and is suitable for the majority of commercial contracts. However, it does not benefit from automatic legal presumption.

Qualified electronic signature (QES) is created via a certified device and is based on a qualified certificate issued by a trust service provider (TSP) listed on the trust list of the Member State (Trust List). It is the only level that benefits from the legal presumption of validity provided for in article 1367 of the Civil Code. For further details on the differences between solutions, our comparison of electronic signature solutions details the offerings available on the market.

What courts actually examine

When an electronic signature is challenged in court, French magistrates typically examine five elements:

1. Identification of the signatory: by what mechanism was identity verified? A simple SMS OTP, a code sent by email, or biometric verification of an identity document?
2. Informed consent: was the signatory aware of the content of the document at the time of signing?
3. Document integrity: can the signed file prove that it has not been modified after signature (cryptographic seal, SHA fingerprint)?
4. Traceability: is there a time-stamped audit log, maintained by an independent third party, listing each action?
5. Preservation: is the document and associated evidence archived in conditions allowing their production in court years later?

Decisions rendered by commercial courts since 2018 show a clear trend: judges do not reject electronic signature in itself, but penalise gaps in traceability. A service provider unable to produce a complete audit log, or whose time-stamps are not certified, sees their document weakened, or even excluded.

The burden of proof in case of dispute

The question of the burden of proof is strategically decisive in any dispute involving an electronic signature. The regime differs depending on the level of signature used.

Presumption of reliability and reversal of the burden

With a qualified signature, the law presumes its reliability. Concretely, if one party contests the signature, it is up to them to demonstrate that the presumption should be discarded — for example by proving that the certificate was expired, that the provider was not qualified, or that the signature creation device was compromised. This inversion is considerable: it protects the beneficiary of the signature.

With an advanced or simple signature, the operator invoking the signature must, conversely, positively establish its reliability. They must produce all elements enabling identification of the signatory: IP address of connection, certified time-stamp, identity verification log, recorded explicit consent. This is why the choice of signature provider and the quality of their audit log are legal variables, not merely technical ones.

French case law: key trends

Several recent decisions shed light on the position of French courts:

• CA Paris, 2021: the court validated an advanced electronic signature in a dispute over a distribution contract, noting that the provider produced a complete evidence file including SMS OTP, time-stamp and SHA-256 fingerprint of the document.
• Cass. com., 2022: the Court of Cassation recalled that the contest of an electronic signature must be explicitly reasoned by the claimant, and not merely alleged in a general manner.
• TJ Paris, 2023: a district court excluded a simple electronic signature in an employment law dispute, on the ground that the identity of the signatory was established only by an unverified email address, without OTP or dual authentication.

These decisions confirm a fundamental rule: it is the robustness of the evidence file, more than the format of the document, which determines the judicial outcome.

Building an evidence file that can be relied upon in court

Anticipating litigation does not mean being pessimistic; it is a matter of contractual rigour. Several practices can significantly strengthen the probative value of an electronic signature.

The evidence file: essential components

A solid evidence file must contain at minimum:

• The signed file with its cryptographic signature (PAdES format for PDFs, XAdES for XMLs), as defined by the ETSI EN 319 132 and ETSI EN 319 122 standards.
• The electronic certificate of the signatory, with its date of issue and period of validity.
• The complete audit log: each step of the process (invitation, document opening, OTP verification, signature click) time-stamped and certified by a trusted third party.
• Proof of identity: capture of identification data used (verified email, telephone number, scanned identity document if required).
• Qualified time-stamping: a time token issued by a Certification Authority compliant with eIDAS, guaranteeing that the signature was indeed affixed at the declared instant.

This documentary architecture is at the heart of what Certyneo automatically generates with each signature, as part of its compliance with our approach to electronic signature in business.

Preservation of evidence: duration and format

The preservation of evidence is often neglected, yet it conditions the defendability of a contract over time. In commercial law, disputes can arise up to five years after signature (general limitation period, article 2224 of the Civil Code). Some contracts — commercial lease, warranty, contractual liability — expose to even longer timeframes.

It is therefore advisable to preserve:

• The signed document in a durable format (PDF/A with embedded signature),
• The complete associated evidence file,
• In an archiving system guaranteeing long-term integrity (ideally compliant with NF Z 42-026 or eArchiving).

A SaaS provider that does not offer archiving guarantees beyond its commercial lifespan represents a real legal risk: if the business ceases operations, evidence may disappear. Systematically check reversibility and data export clauses in your service provider contracts — it is a criterion we detail in our guide for migrating from DocuSign or YouSign to Certyneo.

When to favour qualified signature?

Not all contracts require the maximum level. The choice of signature level should be proportionate to the legal and financial stake:

• Low-value contracts (purchase orders, T&Cs, internal confidentiality agreements): advanced signature sufficient.
• Significant commercial contracts (services > €10,000, annual framework agreements, rights transfers): advanced or qualified signature recommended depending on risk level.
• Acts requiring authentic or near-authentic form (certain notarial deeds, personal guarantees): qualified signature mandatory or electronic notarial deed.
• Employment law contracts (employment contract, agreed termination, amendment): the DGEFP recommends advanced signature at minimum, and several decisions from Labour Tribunals have penalised simple signatures.

For enterprises handling a significant volume of contracts, the Certyneo ROI calculator allows you to assess comparative costs based on the signature level chosen, integrating residual legal risk.

Legal framework applicable to evidence by electronic signature

The legal value of electronic signature in France rests on a stack of texts coherent with one another, the mastery of which is essential for anyone involved in a commercial dispute.

Civil Code, articles 1366 and 1367: these two articles form the foundation of electronic evidence law in France. Article 1366 assimilates electronic writing to paper writing so long as the person from whom it emanates is identifiable and its integrity is assured. Article 1367 grants a legal presumption of reliability to electronic signature compliant with regulatory requirements, reversing the burden of proof in favour of the person producing it.

eIDAS Regulation No 910/2014 (EU): directly applicable in all Member States since 1 July 2016, this regulation defines the three levels of signature (simple, advanced, qualified), technical requirements for each level, and the list of qualified trust service providers (TSPs). It establishes mutual recognition of qualified signatures across the Union, which is crucial for disputes involving parties from different Member States. The eIDAS 2.0 revision (Regulation 2024/1183) strengthens these requirements and introduces the European digital identity wallet (EUDIW).

Decree No 2017-1416 of 28 September 2017: this decree clarifies in French law the conditions of the presumption of reliability provided for in article 1367 of the Civil Code, by expressly referring to eIDAS requirements for qualified signature.

ETSI EN 319 132 (XAdES) and ETSI EN 319 122 (CAdES), ETSI EN 319 162 (ASiC) standards: these technical standards define electronic signature formats recognised as compliant with eIDAS. They are enforceable in court as a technical reference framework for assessing the validity of a signature.

GDPR — Regulation No 2016/679: the collection and processing of biometric or identity data for the purposes of signatory verification must comply with the principles of data minimisation and purpose limitation. Any signature provider processing identity data must have explicit legal basis (contract performance, legal obligation or legitimate interest) and inform the user in compliance with articles 13 and 14 of the GDPR.

NIS2 Directive (2022/2555/EU): qualified trust service providers are now within the scope of entities essential or important within the meaning of NIS2. They are subject to enhanced information systems security obligations, which indirectly strengthens the robustness of the evidence they generate.

Legal risks in case of non-compliance: using a non-compliant signature solution exposes to several risks: rejection of the document by the judge, inability to invoke the presumption of reliability, engagement of contractual liability for lack of diligence, and in some cases, nullity of the deed if form was required under pain of nullity. In terms of evidence, the absence of a certified audit log can lead to an inequality of arms between the parties and irreparably weaken the position of the one producing the signature.

Usage scenarios: electronic signature put to the test of litigation

Scenario 1 — Law firm and contested engagement letter

A mid-size law firm of about twenty lawyers, specialising in mergers and acquisitions, has been using an advanced electronic signature solution for its engagement letters for two years. One of these engagements, valued at €85,000, is the subject of dispute: the client contests having signed the engagement letter under the conditions described, claiming lack of informed consent.

The firm produces before the commercial court the complete evidence file generated by its platform: certified time-stamp of sending, logs of document opening, OTP code sent to the telephone number provided by the client during onboarding, and cryptographic fingerprint of the file identical between sending and the version produced. The judge upholds the validity of the signature. Since the burden of proof was discharged by the firm, it is up to the client to demonstrate falsification — which they fail to do. The firm recovers its fee in full. Key lesson: a complete evidence file can swing a dispute in a few pages.

Scenario 2 — Industrial SME and supplier dispute over purchase order

An industrial SME managing about 300 supplier contracts per year migrated to simple electronic signature for its purchase orders, without enhanced identity verification. A supplier contests the receipt of a purchase order cancelled late, arguing they never signed the modified version.

The SME is unable to produce a certified audit log: its solution had only retained an email address as proof of identification. The commercial court, lacking sufficient evidence, applies the general rules of evidence and rules in favour of the supplier on the disputed point. The cost of resolving the dispute exceeds €40,000, to which lawyer's fees are added.

Following this dispute, the SME switches to an advanced signature solution with OTP and certified audit log. It reduces its rate of contractual disputes by 60% over the following two financial years, according to its internal assessment. Key lesson: the cost of a robust signature solution is marginal compared to the cost of a single poorly documented dispute.

Scenario 3 — Healthcare network and practitioner contracts

A hospital network of about 600 beds formalises its contracts with independent practitioners electronically. One of these contracts is contested during termination: the practitioner claims not to have received the special conditions incorporated into the signed document, alleging post-signature modification.

The platform used by the network generates signatures in PAdES format (PDF Advanced Electronic Signatures), compliant with the ETSI EN 319 132 standard. Each document revision creates a new cryptographic fingerprint. The court registry can verify, via an online signature validator recognised by the European Commission, that the document has not been modified since its signature. The challenge is rejected in summary proceedings. Key lesson: the technical format of the signature (PAdES, XAdES) directly conditions the verifiability of the document in court — a criterion often underestimated when choosing the solution.

Conclusion

Electronic signature is solid legal evidence in case of dispute — provided you choose the right level of signature, a reliable provider and preserve a complete evidence file. The legal presumption of reliability offered by qualified signature represents a decisive strategic advantage in court: it reverses the burden of proof to the contester. For contracts with more common stakes, an advanced signature combined with a certified audit log offers a very satisfactory level of protection before French commercial courts.

Do not leave your contracts exposed to challenge for lack of sufficient evidence. Certyneo automatically generates a certified, time-stamped and archived evidence file for each signature, in full compliance with eIDAS and the Civil Code. Create your Certyneo account free of charge and secure your contractual commitments today.