Electronic Signature as Legal Evidence in Litigation

In France, more than 2.5 billion documents are signed electronically each year, according to industry estimates. Yet, when a commercial dispute arises, one question comes back repeatedly: does electronic signature constitute solid evidence before a court? The answer is yes, under certain conditions. Between the Civil Code, European eIDAS regulation and French case law that has developed since 2016, the framework is precise — but complex. This article decrypts the conditions for admissibility of an electronic signature in court proceedings, the different levels of evidence depending on the type of signature, and the mistakes to avoid so that your document survives a legal challenge.

Evidentiary value of electronic signature: what French law says

Electronic signature is not a legal novelty. Since the law of 13 March 2000, French law has explicitly recognised electronic documents as a means of evidence, on the same footing as paper. This recognition is now codified in articles 1366 and 1367 of the Civil Code, which establish two fundamental principles.

First principle: electronic documents have the same probative force as paper documents, provided that the person from whom they originate is duly identified and the integrity of the document is guaranteed. Second principle: reliable electronic signature benefits from a legal presumption of validity. Article 1367 specifies that this reliability is presumed — that is, established without prior demonstration — when the signature conforms to technical requirements set by decree.

In practice, this decree refers to the European eIDAS regulation, whose detailed analysis you can find in our guide to eIDAS 2.0 regulation. The mechanism is therefore as follows: a qualified signature within the meaning of eIDAS benefits from an irrebuttable presumption of validity under French law, shifting the burden of proof to the person who contests it.

The three levels of signature and their evidentiary scope

The eIDAS regulation distinguishes three levels of signature, which do not offer the same robustness in evidence before a judge:

Simple electronic signature (SES) is based on electronic data attached to a document — typically an email or a checked box. It has weak probative value: in case of dispute, it is up to the person invoking it to prove its authenticity. It is suitable for low-value acts or contexts with limited risk.

Advanced electronic signature (AES) is linked uniquely to the signatory, allows identification of the signatory, is created from data under their exclusive control and detects any subsequent modification. It offers significantly higher probative value and is suitable for most commercial contracts. However, it does not benefit from automatic legal presumption.

Qualified electronic signature (QES) is created via a certified device and relies on a qualified certificate issued by a trust service provider (TSP) appearing on the trust list of the Member State (Trust List). This is the only level that benefits from the legal presumption of validity provided for in article 1367 of the Civil Code. For further information on the differences between solutions, our comparison of electronic signature solutions details the offerings available on the market.

What courts actually examine

When an electronic signature is contested in court, French magistrates typically examine five elements:

1. Identification of the signatory: by what mechanism was identity verified? A simple SMS OTP, a code sent by email, or biometric verification against an identity document?
2. Informed consent: did the signatory have knowledge of the document's content at the time of signing?
3. Document integrity: can the signed file prove it was not modified after signature (cryptographic seal, SHA fingerprint)?
4. Traceability: is there a timestamped audit log, kept by an independent third party, listing each action?
5. Preservation: are the document and associated evidence archived in conditions allowing their production in court years later?

Decisions rendered by commercial courts since 2018 show a clear trend: judges do not reject electronic signature as such, but sanction gaps in traceability. A service provider unable to produce a complete audit log, or whose timestamps are not certified, sees its document weakened or even rejected.

The burden of proof in case of dispute

The question of burden of proof is strategically decisive in any dispute involving an electronic signature. The regime differs depending on the level of signature used.

Presumption of reliability and reversal of burden

With a qualified signature, the law presumes its reliability. Concretely, if a party contests the signature, it is up to them to demonstrate that the presumption should be set aside — for example by proving that the certificate was expired, that the provider was not qualified, or that the signature creation device was compromised. This reversal is considerable: it protects the beneficiary of the signature.

With an advanced or simple signature, the operator invoking the signature must conversely positively establish its reliability. It must produce all elements allowing identification of the signatory: IP address of connection, certified timestamp, identity verification log, recorded consent. This is why the choice of signature provider and the quality of its audit log are legal variables, not merely technical ones.

French case law: key trends

Several recent decisions clarify the position of French courts:

• Paris Court of Appeal, 2021: the court validated an advanced electronic signature in a dispute concerning a distribution contract, noting that the provider produced a complete evidence file including SMS OTP, timestamp and SHA-256 fingerprint of the document.
• Cass. com., 2022: the Court of Cassation recalled that contestation of an electronic signature must be explicitly motivated by the claimant, and not simply alleged generally.
• Paris District Court, 2023: a district court rejected a simple electronic signature in an employment law dispute, on the ground that the signatory's identity was established only by an unverified email address, without OTP or two-factor authentication.

These decisions confirm a substantive rule: it is the robustness of the evidence file, more than the document format, that determines the judicial outcome.

Building a defensible evidence file in court

Anticipating a dispute does not mean being pessimistic; it means exercising contractual rigour. Several practices can significantly strengthen the probative value of an electronic signature.

The evidence file: essential components

A sound evidence file must contain at minimum:

• The signed file with its cryptographic signature (PAdES format for PDFs, XAdES for XML), as defined by ETSI EN 319 132 and ETSI EN 319 122 standards.
• The signatory's electronic certificate, with its date of issue and period of validity.
• The complete audit log: each step of the process (invitation, document opening, OTP verification, signature click) timestamped and certified by a trusted third party.
• Proof of identity: capture of identification data used (verified email, telephone number, scanned identity document if required).
• Qualified timestamp: a time token issued by a Certification Authority compliant with eIDAS, guaranteeing that the signature was affixed at the declared moment.

This documentary architecture is at the heart of what Certyneo automatically generates with each signature, as part of its compliance with our approach to electronic signature in business.

Preservation of evidence: duration and format

Preservation of evidence is often neglected, yet it conditions the defensibility of a contract over time. Under commercial law, disputes can arise up to five years after signature (common law limitation period, article 2224 of the Civil Code). Some contracts — commercial leases, guarantees, contractual liability — expose to even longer periods.

You should therefore preserve:

• The signed document in a permanent format (PDF/A with embedded signature),
• The complete associated evidence file,
• In an archiving system guaranteeing long-term integrity (ideally compliant with NF Z 42-026 or eArchiving).

A SaaS provider that does not offer archiving guarantees beyond its commercial lifespan represents a real legal risk: if the company ceases operations, evidence may disappear. Systematically check the reversibility and data export clauses in your provider contracts — this is a criterion we detail in our guide to migrating from DocuSign or YouSign to Certyneo.

When to opt for qualified signature?

Not all contracts require the maximum level. The choice of signature level must be proportionate to the legal and financial stakes:

• Low-value contracts (purchase orders, T&Cs, internal confidentiality agreements): advanced signature sufficient.
• Significant commercial contracts (services > 10,000 €, annual framework agreements, rights assignments): advanced or qualified signature recommended depending on risk level.
• Acts requiring authentic or semi-authentic form (certain notarised acts, personal guarantees): qualified signature mandatory or electronic notarised deed.
• Contracts in employment law (employment contract, severance agreement, amendment): DGEFP recommends advanced signature at minimum, and several decisions from employment tribunals have sanctioned simple signatures.

For companies handling significant contract volumes, Certyneo's ROI calculator allows you to assess comparative costs depending on the signature level chosen, taking into account residual legal risk.

Applicable legal framework for proof by electronic signature

The legal value of electronic signature in France rests on a coherent set of texts, which mastery is essential for anyone involved in a commercial dispute.

Civil Code, articles 1366 and 1367: these two articles constitute the foundation of electronic evidence law in France. Article 1366 treats electronic documents as equivalent to paper documents as long as the person from whom they originate is identifiable and their integrity is assured. Article 1367 grants a legal presumption of reliability to electronic signature conforming to regulatory requirements, shifting the burden of proof to the benefit of the person producing it.

eIDAS Regulation n°910/2014 (EU): directly applicable in all Member States since 1 July 2016, this regulation defines the three levels of signature (simple, advanced, qualified), technical requirements for each level, and the list of qualified trust service providers (TSPs). It establishes mutual recognition of qualified signatures across the European Union, which is crucial for disputes involving parties from different Member States. The eIDAS 2.0 revision (Regulation 2024/1183) strengthens these requirements and introduces the European digital identity wallet (EUDIW).

Decree n°2017-1416 of 28 September 2017: this decree specifies under French law the conditions of the reliability presumption provided for in article 1367 of the Civil Code, by expressly referring to eIDAS requirements for qualified signature.

ETSI EN 319 132 (XAdES) and ETSI EN 319 122 (CAdES), ETSI EN 319 162 (ASiC) standards: these technical standards define electronic signature formats recognised as compliant with eIDAS. They are enforceable in court as a technical reference framework for assessing the validity of a signature.

GDPR — Regulation n°2016/679: the collection and processing of biometric or identity data for the purposes of signatory verification must comply with the principles of data minimisation and purpose limitation. Any signature provider processing identity data must have an explicit legal basis (contract performance, legal obligation or legitimate interest) and inform the user in accordance with articles 13 and 14 of the GDPR.

NIS2 Directive (2022/2555/EU): qualified trust service providers are now within the scope of essential or important entities within the meaning of NIS2. They are subject to enhanced information systems security obligations, which indirectly strengthens the robustness of the evidence they generate.

Legal risks in case of non-compliance: using a signature solution non-compliant with eIDAS exposes to several risks: rejection of the document by the judge, inability to invoke the reliability presumption, engagement of contractual liability for failure to exercise due diligence, and in some cases, nullity of the deed if form was required on pain of nullity. In matters of evidence, the absence of a certified audit log can lead to unequal treatment between parties and irremediably weaken the position of the person producing the signature.

Use scenarios: electronic signature put to the test of litigation

Scenario 1 — Law firm and contested engagement letter

A specialist M&A law firm with about twenty associates, specialising in mergers and acquisitions, has been using an advanced electronic signature solution for its engagement letters for two years. One of these engagements, valued at €85,000 for a due diligence, becomes the subject of a dispute: the client contests having signed the engagement letter under the conditions described, alleging lack of informed consent.

The firm produces before the commercial court the complete evidence file generated by its platform: certified timestamp of transmission, logs of document opening, OTP code sent to the telephone number provided by the client during onboarding, and cryptographic fingerprint of the file identical between transmission and the version produced. The judge upholds the validity of the signature. The burden of proof having been discharged by the firm, it is up to the client to demonstrate the forgery — which it fails to do. The firm fully recovers its receivable. Key lesson: a complete evidence file can tip a dispute in a few pages.

Scenario 2 — Industrial SME and supplier dispute over purchase order

An industrial SME managing approximately 300 supplier contracts per year migrated to simple electronic signature for its purchase orders, without enhanced identity verification. A supplier contests receipt of a purchase order cancelled late, arguing it never signed the modified version.

The SME is unable to produce a certified audit log: its solution only retained an email address as proof of identification. The commercial court, lacking sufficient probative elements, applies the common law evidence regime and rules in the supplier's favour on the disputed point. The cost of resolving the dispute exceeds €40,000, plus attorney fees.

Following this dispute, the SME moves to an advanced signature solution with OTP and certified audit log. It reduces its contractual dispute rate by 60% over the following two years, according to its internal assessment. Key lesson: the cost of a robust signature solution is marginal compared to the cost of a single poorly documented dispute.

Scenario 3 — Healthcare group and practitioner contracts

A hospital group with approximately 600 beds formalises its contracts with independent practitioners electronically. One of these contracts is contested upon termination: the practitioner alleges not having received the special conditions incorporated into the signed document, invoking post-signature modification.

The platform used by the group generates signatures in PAdES format (PDF Advanced Electronic Signatures), compliant with ETSI EN 319 132 standard. Each document revision creates a new cryptographic fingerprint. The court office can verify, via an online signature validator recognised by the European Commission, that the document has not been modified since its signature. The contestation is rejected in interlocutory proceedings. Key lesson: the technical format of the signature (PAdES, XAdES) directly conditions the document's verifiability in court — a criterion often underestimated when choosing a solution.

Conclusion

Electronic signature is solid legal evidence in case of dispute — provided you choose the right level of signature, a reliable provider and keep a complete evidence file. The legal presumption of reliability offered by qualified signature represents a decisive strategic advantage in court: it shifts the burden of proof to the contester. For contracts with more common stakes, an advanced signature combined with a certified audit log provides a very satisfactory level of protection before French commercial courts.

Do not leave your contracts exposed to contestation due to insufficient evidence. Certyneo automatically generates a certified, timestamped and archived evidence file for each signature, in full compliance with eIDAS and the Civil Code. Create your Certyneo account for free and secure your contractual commitments today.