Signatory Identity and Digital Proof

The heart of the matter

An electronic signature has value only if you can prove who affixed it. A simple click on "I accept" says nothing reliable about identity.

Identification techniques

Trusted email

Unique link sent. Only the mailbox holder can click. Foundation of simple electronic signature (SES).

OTP via SMS

Single-use code sent to the number. Combined with email, it is the standard for advanced electronic signature (AES).

Video KYC

Verification by videoconference: identity document, liveness test, OCR. Used for QES and regulated sectors.

Qualified certificate

Personal cryptographic certificate issued by a QTSP. Highest level, required for QES.

National digital identity

FranceConnect+, itsme (Belgium), SPID (Italy). EUDIW wallets will extend this option.

Assurance levels (LoA)

eIDAS defines three levels:

• Low: simple email → SES

• Substantial: dual factor → AES

• High: strict verification → QES

GDPR issues

Identification collects personal data. GDPR requires:

• Minimisation (collect only what is necessary)

• Documented retention period

• Right of access and erasure

• Legal basis (contract performance, Article 6.1.b)

Biometric data (video KYC) is sensitive — explicit consent required.

KYC and regulated sectors

Banks, insurance, crypto, real estate brokers are subject to AML-CFT. KYC requires:

• Identity document verification with OCR

• Liveness test (dynamic selfie)

• Cross-checking against sanctions databases (PEP, OFAC)

• Sometimes human operator via video

Mistakes to avoid

• Relying on email alone for sensitive contracts

• Storing identity documents indefinitely

• Failing to document legal basis

• Collecting more than necessary

Use case: opening a neo-bank account

• Enter information (name, address, occupation)

• Upload identity document + proof of address

• Liveness test: dynamic selfie

• Contract signature in AES with SMS OTP

In 10 minutes, account opened with "substantial" identification acceptable to the ACPR.

How Certyneo helps you

Certyneo natively offers email + SMS OTP identification (AES). For cases requiring enhanced KYC, video KYC integration is available: document verification, liveness test, sanctions cross-checking.

KYC data is hosted in the EU, encrypted, with documented retention periods in compliance with GDPR.

Discover the Certyneo electronic signature solution

FAQ

Is email alone enough for a valid signature?

Technically yes for SES. For a document with stakes, prefer AES with SMS OTP.

Does GDPR prohibit storing identity documents?

No, it regulates it. Legal basis, limited duration, enhanced security for sensitive data.

Can FranceConnect+ be used?

Yes, recognised as "substantial" level for AES or even QES.

Is video KYC mandatory for insurance?

Not as such, but the ACPR expects enhanced identification.

Sign with an identity from another EU country?

Yes, mutual recognition under eIDAS (itsme, SPID, nPA).

Conclusion

Identification is the weakest link in the chain of proof. Look after it according to the stakes, and your signature will be solid.

Try Certyneo to send, sign and track your documents online simply, quickly and securely.