Electronic signature glossary

89 key terms to master electronic signatures, cryptography and eIDAS compliance.

Updated on 12 mai 2026.

Glossaire signature électronique — références et définitions

A

AES (Advanced Electronic Signature): The Advanced Electronic Signature (AES) is the second level defined by the eIDAS regulation. It must be uniquely linked to the signatory, enable their identification, be created using data under their sole control, and allow the detection of any subsequent modification to the document. In practice, Certyneo implements it via strong authentication (email + OTP SMS) and a timestamped audit trail. Understand signature levels →
Electronic archiving: Electronic archiving refers to the long-term storage of digital documents under conditions that guarantee their integrity, readability and evidentiary value. A probative archiving system allows signed documents and their audit trails to be kept for several years or even decades. On Certyneo, signed envelopes are retained for 10 years in compliance with legal requirements.
Authentication: Authentication is the process of verifying the identity of a user or system before granting them access to a service or authorising the placement of an electronic signature. It can be simple (password alone), strong (multi-factor) or biometric. The robustness of authentication directly determines the achievable signature level: an AES requires at least two distinct factors.
Strong authentication: Strong authentication (or multi-factor authentication, MFA) requires the presentation of at least two distinct pieces of identity evidence to verify a user's identity. In the context of an advanced electronic signature (AES), it typically involves a combination of email + OTP SMS, strengthening the link between the signed document and its author. This is one of the requirements set by the eIDAS regulation for advanced-level signatures.
Certification authority (CA): A certification authority (CA) is a trusted body that issues X.509 electronic certificates linking a public key to the identity of its holder. Qualified CAs are supervised by national authorities (ANSSI in France) and listed on the EU trust list. They form the backbone of the PKI and the chain of trust for qualified signatures.

B

Bearer token: A bearer token is an API access token that grants the bearer the right to access protected resources without additional verification. It is transmitted in the HTTP header Authorization: Bearer <token>. Certyneo's REST API uses bearer tokens to authenticate programmatic calls: creation of envelopes, status queries, downloading of signed documents. These tokens must be kept secret (never exposed client-side) and renewed regularly.
Biometrics: Biometrics encompasses identification techniques based on a person's physical or behavioural characteristics (fingerprint, facial recognition, handwritten trace, voice). In electronic signatures, a biometric signature can capture the handwritten trace on a touchscreen (speed, pressure, angle) to create a direct link between the signatory and their consent. Under eIDAS, biometrics alone is not sufficient to reach the advanced level (AES): it must be combined with strong authentication. Biometric data is considered sensitive under the GDPR and its processing requires explicit consent.

C

Electronic seal: An electronic seal is the equivalent of an electronic signature for legal entities (companies, public bodies). It guarantees the origin and integrity of a document issued on behalf of an organisation without involving an identified human signatory. The eIDAS regulation recognises simple, advanced and qualified electronic seals, on the same basis as signatures.
SSL / TLS padlock: The SSL/TLS padlock is the visual indicator displayed by the browser (padlock icon in the address bar) confirming that an encrypted TLS connection is established between the browser and the server. It attests that the data exchanged (documents, OTP codes, credentials) cannot be intercepted in plain text. Certyneo enforces TLS 1.3 across all its endpoints, making the padlock visible on all signature pages.
Electronic certificate: An electronic certificate is a digital file issued by a certification authority (CA) that associates a public key with the identity of its holder. It forms the foundation of the PKI and enables the verification of the authenticity and integrity of a digital signature. The validity of a certificate is time-limited and can be revoked in case of compromise.
Qualified certificate: A qualified certificate is an electronic certificate issued by a qualified trust service provider listed on the trust list of an EU Member State. It is mandatory for issuing qualified signatures (QES) within the meaning of the eIDAS regulation. Its assurance level is the highest recognised in the EU.
Encryption: Encryption is the process of transforming a readable message into an unreadable format (ciphertext) using an algorithm and a secret key. It protects the confidentiality of data in transit and at rest, and complements the hashing used to guarantee integrity in signatures. Certyneo uses TLS 1.3 to encrypt all communications between the browser and the servers.
Encryption at rest: Encryption at rest refers to the protection of stored data through encryption, so that it is unreadable without the decryption key, even in the event of unauthorised physical or logical access to the storage medium. Certyneo encrypts documents and their audit trails at rest (AES-256) on its infrastructure hosted in Germany, in compliance with GDPR requirements.
CLM (Contract Lifecycle Management): CLM (Contract Lifecycle Management) refers to the set of processes and tools covering the complete lifecycle of a contract: drafting, negotiation, internal approval, electronic signing, storage and renewal. A CLM solution centralises contracts in a single repository with deadline alerts, approval workflows and contractual exposure reports. Certyneo covers the signing phase and can be integrated into a third-party CLM via REST API: Certyneo receives the finalised document, manages the signing circuit, returns the signed PDF with a timestamped audit trail, and the CLM archives the definitive version.
Compliance: Compliance refers to adherence to the laws, regulations and standards applicable to an organisation. In the context of electronic signatures, it refers in particular to the eIDAS regulation, the GDPR, the Labour Code (for employment contracts), the ALUR law (real estate) and the professional ethics rules specific to certain professions. Non-compliance exposes the company to nullity of its acts and administrative sanctions.
Electronic consent: Electronic consent is the expression of a person's will, expressed digitally, to accept terms or sign a document. To have evidentiary value, this consent must be free, specific, informed and unambiguous, in accordance with the GDPR. In a signature workflow, clicking "Sign" constitutes the signatory's electronic consent.
CRL (Certificate Revocation List): A CRL (Certificate Revocation List) is a list published periodically by a certification authority listing certificates revoked before their expiry date, generally due to key compromise or identity change. When verifying a digital signature, the software consults the CRL (or uses OCSP) to ensure the signatory's certificate has not been revoked at the time of signing.

D

Signature delegation: Signature delegation is the mechanism by which an authorised signatory (delegator) formally transfers their signing authority to a third party (delegate) for a defined period and scope. Under French law, a signature delegation must be explicit, formalised in writing and precisely mention the acts covered. On Certyneo, delegation is managed on the administration side: the delegator configures a signing role for the delegate; the audit trail records the effective signatory's identity and the legal basis of their delegation.
Dematerialisation: Dematerialisation refers to the replacement of paper documents and processes with their digital equivalents. It encompasses digitisation, native creation of electronic documents, and their signing via tools such as Certyneo. It enables the reduction of delays, costs and the environmental footprint of document processes. See the benefits of contract dematerialisation →
Distinguished Name (DN): The Distinguished Name (DN) is the unique identifier of a subject in an X.509 certificate. It is composed of hierarchical attributes: CN (Common Name, holder's name), O (Organisation), OU (Organisational Unit), C (Country, ISO code), etc. — for example CN=John Smith, O=Certyneo, C=GB. The signatory's DN is readable in the signature properties of a PDF validated in Adobe Acrobat Reader.
DPA (Data Processing Agreement): A DPA (Data Processing Agreement) is the contract required by Article 28 of the GDPR between a data controller (the client) and a processor (such as Certyneo). It specifies the purposes of processing, data categories, security measures, sub-processing conditions and obligations in case of breach. Concluding a DPA is mandatory before any processing of personal data of signatories. Certyneo provides a standard DPA annexed to the Terms of Service.

E

ECC (Elliptic Curve Cryptography): Elliptic Curve Cryptography (ECC) is an asymmetric cryptography approach based on the algebraic properties of elliptic curves. It offers security equivalent to RSA with significantly shorter keys (256-bit ECC ≈ 3072-bit RSA), reducing computational load. ECC is the preferred algorithm of TLS 1.3 (X25519 curve, P-256) and is increasingly used in certificates for digital signatures.
eIDAS: eIDAS (Electronic IDentification, Authentication and trust Services) is European Regulation No 910/2014 which establishes a common legal framework for electronic signatures, seals, time-stamping and other trust services in the EU. It defines three signature levels (simple, advanced, qualified) and creates the concept of qualified trust service providers. Learn more about eIDAS →
eIDAS 2.0: eIDAS 2.0 (EU Regulation 2024/1183, in force since 2024) is the major revision of eIDAS which notably introduces the European Digital Identity Wallet (EUDIW). It aims to extend the recognition of digital identities to all public and private services in the EU, and strengthens requirements for qualified providers. The digital identity of each European citizen will be carried by a certified mobile wallet by 2026.
Signature envelope: A signature envelope is the logical container grouping one or more documents to be signed, the list of signatories, the positioned signature fields, and the workflow configuration. On Certyneo, each envelope has its own lifecycle (draft, sent, pending, signed, refused, expired) and a timestamped audit trail.
Bulk sending (bulk signing): Bulk sending (or bulk signing) refers to the ability to send a document to many signatories simultaneously, or to send several distinct documents in a single operation. This functionality is essential for HR (employment contracts), insurance (endorsements) or real estate (mandates). On Certyneo, the API allows bulk sends to be orchestrated via a single programmatic call, each signatory receiving an individual link and their own audit trail.
ESIGN Act: The ESIGN Act (Electronic Signatures in Global and National Commerce Act, 2000) is the US federal law that recognises the legal validity of electronic signatures and online contracts in the United States. Complementary to UETA (the model law of the States), it establishes the principle that a signature cannot be refused solely because it is electronic. For transatlantic contracts, an eIDAS AES is generally recognised as ESIGN/UETA compliant, facilitating EU–US contractual exchanges.
EUDI Wallet (European Digital Identity Wallet): The European Digital Identity Wallet (EUDI Wallet) is the mobile application mandated by eIDAS 2.0. It allows EU citizens to store and share certified identity attributes (civil status, diplomas, driving licences) and perform qualified signatures (QES) from their smartphone. The EUDI Wallet will gradually replace FranceConnect+ in France by 2026–2027.

F

Hash function: A hash function is a one-way mathematical function that transforms an input of any size into a fixed-length output called a digest (or hash). Any modification, even of a single bit, produces a radically different digest. Modern functions (SHA-256, SHA-3) are collision-resistant. In digital signatures, the document is first hashed, then the digest is encrypted with the private key — which guarantees the integrity of the signed content.
FranceConnect: FranceConnect is the French government's digital identity service that allows citizens to authenticate with public or private online services using an existing identifier (Impots.gouv, Ameli, La Poste, MSA, Identité Numérique). A step above, FranceConnect+ is qualified as 'substantial' within the meaning of the eIDAS regulation and can be used to trigger an advanced (AES) or even qualified (QES) signature. By end 2026, FranceConnect+ will be progressively replaced by the digital identity carried by the European Wallet (EUDIW) provided for by eIDAS 2.0.

G

Document template: A template is a pre-configured standard document with its dynamic fields (signatories, dates, amounts, signature positions) that serves as the starting point for recurring envelopes. On Certyneo, templates industrialise high-volume workflows (employment contracts, NDAs, purchase orders): duplicate the template, fill in the case-specific variables, send. The free contract templates available at /modeles-contrats are designed to be downloaded and then instantiated as templates in your account.
GDPR (General Data Protection Regulation): The GDPR (General Data Protection Regulation, EU Regulation 2016/679) is the European regulation governing the collection, processing and storage of personal data in the EU. It applies to any organisation processing data of EU residents, regardless of its location. It requires in particular the conclusion of a DPA with processors, data minimisation and respect for individuals' rights (access, rectification, erasure).

H

Hashing (hash): Hashing is a cryptographic operation that transforms a document of any size into a fixed-size digital fingerprint called a 'hash'. Any modification, even minor, of the document produces a completely different hash, thus guaranteeing the integrity of the file. Digital signatures rely on encrypting this hash with the signatory's private key.
TLS handshake: The TLS handshake is the negotiation phase that takes place at the beginning of a TLS connection. The client and server agree on the cipher suite, exchange their certificates (optional mutual authentication), and establish session keys via an ephemeral key protocol (ECDHE). TLS 1.3 has reduced the handshake to 1 network round-trip (vs 2 in TLS 1.2), improving the performance of signing sessions on mobile.
Electronic time-stamping: Electronic time-stamping is a mechanism for linking digital data to a precise moment in time, in a verifiable and tamper-proof manner. A qualified time-stamp, issued by a qualified provider within the meaning of eIDAS, provides legal proof of the existence of a document at a given date. It is essential for maintaining the evidentiary value of documents over the long term.
Qualified time-stamp (TSA): A qualified time-stamp is an electronic time-stamp issued by a qualified Trusted Stamp Authority (TSA) within the meaning of eIDAS. It produces legally recognised proof of the existence of a document at a precise date and time, linked to the document's fingerprint. Essential for PAdES B-T, B-LT and B-LTA profiles to guarantee long-term evidentiary value.
HSM (Hardware Security Module): An HSM (Hardware Security Module) is a dedicated physical device for the secure generation, storage and management of cryptographic keys. Certified to strict standards (FIPS 140-2/3 level 3 or 4, Common Criteria EAL4+), it guarantees that keys never leave the hardware in plain text. Qualified providers operate HSMs for the management of qualified signature and time-stamping keys. Cloud signatures rely on HSMs hosted by the provider.
HTTP/3: HTTP/3 is the third major version of the HTTP protocol, based on QUIC (UDP transport) rather than TCP. It reduces latency (elimination of head-of-line blocking), improves recovery after network disruption and natively integrates TLS 1.3. Certyneo leverages HTTP/3 to accelerate the loading of documents to sign and the submission of consent forms, particularly on mobile in degraded network environments.

I

Digital identity: Digital identity is the set of data enabling the identification of a natural or legal person in the digital space. It can be provided by a State (electronic identity card, FranceConnect) or by private operators (qualified providers). With eIDAS 2.0, every European citizen will have an official digital identity wallet (EUDIW).
Ink signature (digitised handwritten signature): An ink signature (or digitised handwritten signature) is the digitisation of the traditional handwritten signature in image form (JPG/PNG) affixed to a document. It constitutes the most basic level of simple electronic signature (SES) under eIDAS: without strong authentication or an audit trail, its evidentiary value is limited. It is however used for documents with low legal stakes (internal signatures, annotations).
Integrity (of data): Integrity refers to the property ensuring that data has not been altered or falsified after its creation, transmission or storage. In digital signatures, integrity is guaranteed by the hash function: any modification to the document means the recalculated hash no longer matches the one encrypted in the signature, immediately invalidating the verification. This is why a PDF signed with Certyneo is 'sealed' — it can no longer be modified without the signature breaking.
eIDAS interoperability: eIDAS interoperability refers to the mutual recognition of digital identities and electronic signatures between EU Member States, as mandated by the eIDAS regulation (Articles 6 and 25). A qualified certificate issued by a trust service provider (TSP) listed on the trust list of a Member State is automatically recognised as valid in all other Member States — without any additional steps. This interoperability covers the AES and QES levels. eIDAS 2.0 (EU 2024/1183) extends this mechanism to the EUDI Wallet, planned for 2026.

J

Signature token: A signature token is the cryptographic object produced at the time of signing that groups together: the document's hash, the time-stamp, the signatory's identifier and the cryptographic signature itself (encrypted with the private key via the PKI). This token is embedded in the final PDF according to the PAdES format and allows any verifier — judge, expert, auditor — to reconstruct the proof of signature without depending on the platform. The token is self-sufficient: even if Certyneo were to disappear, the signature would remain verifiable with a standard PDF reader (Acrobat Reader, pdfsig).
JWT (JSON Web Token): A JWT (JSON Web Token, RFC 7519) is a compact and secure format for representing claims between two parties. It consists of three Base64URL-encoded parts separated by dots: the header (algorithm), the payload (claims) and the signature. The Certyneo API uses signed JWTs (HS256 or RS256) for session management and API call authentication, ensuring that tokens have not been tampered with. Access JWTs have a short lifespan, complemented by long-lived refresh tokens.

K

KYC (Know Your Customer): KYC (Know Your Customer) refers to the set of identity verification procedures that a company applies to its customers before entering into a business relationship. Historically imposed on banks by anti-money laundering directives, KYC has extended to high-stakes electronic signature operations: account opening, credit, insurance, notarial deeds. KYC rests on three pillars: identity document verification (OCR + fraud detection), liveness check (proof that the person is real and present), and information cross-checking. The eIDAS regulation recognises video KYC as a means of identifying a signatory for a qualified signature (QES).

L

LCCJTI (Act Respecting the Legal Framework for Information Technology): The LCCJTI is the Quebec law (R.S.Q., chapter C-1.1) establishing the legal framework for signatures and electronic documents in Quebec. It explicitly recognises electronic signatures as equivalent to handwritten signatures provided that the signatory's identity is established reliably and the link between the signature and the document is ensured (section 39). The LCCJTI is complementary to the eIDAS regulation (applicable in Europe) and PIPEDA (applicable to personal data outside Quebec). It is the legal foundation for Certyneo signatures for Quebec contracts. Law 25 (2022) modernises the accompanying personal information protection regime.
LCEN (French Digital Economy Trust Act): The LCEN (Loi pour la Confiance dans l'Économie Numérique of 21 June 2004, No. 2004-575) is the founding text of French digital law. It governs e-commerce, hosting provider liability, digital advertising, and requires professional website publishers to publish legal notices. Complementary to the European eIDAS regulation, it also transposed the first electronic signatures directive into French law. The LCEN continues to apply alongside eIDAS, notably on pre-contractual information obligations and the storage of electronic contracts.
LegalTech: The term LegalTech (Legal Technology) refers to start-ups and software solutions that apply technology to the legal domain to automate, accelerate or make accessible services previously reserved for legal professionals. Electronic signatures, contract dematerialisation, AI-driven due diligence and document management are part of it. Certyneo is part of the European LegalTech ecosystem by offering an eIDAS-compliant signature that is easy to integrate.
LTV (Long-Term Validation): Long-Term Validation (LTV) is a feature of PDF signatures (PAdES B-LT/B-LTA) that embeds within the signed document all the data necessary for future verification of the signature: certificate chain, time-stamps, OCSP responses or CRLs. Thanks to LTV, a signed document remains verifiable years after signing, even if the certificates have expired. Certyneo integrates LTV to guarantee evidentiary value for 10 years.

M

Handwritten signature: A handwritten signature is the graphic trace affixed by hand by a person at the bottom of a paper document, recognisable by their personal style. It remains the historical reference in French civil law. The eIDAS regulation establishes the principle of non-discrimination: an electronic signature, whatever its level, cannot be refused as evidence solely because it is electronic. A qualified signature (QES) has the same evidentiary value as a handwritten signature across the entire EU. Advanced signatures (AES) often provide superior traceability (timestamped audit trail) compared to their paper equivalent.
MFA (Multi-Factor Authentication): Multi-Factor Authentication (MFA) is a security mechanism requiring the presentation of at least two pieces of identity evidence belonging to different categories: something you know (password), something you have (OTP SMS, YubiKey), or something you are (biometrics). MFA is synonymous with strong authentication and is required to achieve the AES eIDAS level. On Certyneo, administrator access is protected by mandatory MFA.

N

Signature level (simple, advanced, qualified): The eIDAS regulation distinguishes three levels of electronic signature: the simple signature (SES), which requires a minimum of identification; the advanced signature (AES), which requires a unique link with the signatory and strong authentication; and the qualified signature (QES), which relies on a qualified certificate and a secure creation device. The QES has the same legal value as a handwritten signature throughout the EU. Understand signature levels →
Non-repudiation: Non-repudiation is the property of an electronic signature that makes it impossible for the signatory to deny having performed the action (signing, sending, accepting). It is ensured by the combination of the cryptographic signature (irrefutable technical link), the timestamped audit trail and strong authentication. A qualified signature (QES) offers the strongest non-repudiation recognised by European law.

O

OCSP (Online Certificate Status Protocol): OCSP (RFC 6960) is a protocol for real-time verification of the revocation status of a digital certificate, by querying an OCSP responder operated by the certification authority. It is a lighter and more responsive alternative to CRL. OCSP Stapling allows the server to attach the OCSP response directly in the TLS handshake, avoiding an additional round-trip. OCSP responses are also embedded in signed documents for long-term validation (LTV).
OTP (One-Time Password): An OTP (one-time password) is a randomly generated temporary code valid for a single session or transaction. In the context of an advanced electronic signature, sending an OTP by email and/or SMS creates a verifiable link between the document and the signatory's identity via their email address or phone number. Certyneo uses Twilio Verify for SMS OTP management on its advanced-level envelopes. Learn more about OTP →

P

PAdES (PDF Advanced Electronic Signature): PAdES (PDF Advanced Electronic Signature, ETSI EN 319 142 standard) is the European standard for digital signatures embedded in PDF files. It comes in four profiles of increasing maturity: B-B (basic signature), B-T (with time-stamping), B-LT (long-term validation) and B-LTA (archiving with recertified time-stamping). Certyneo produces PAdES B-LT PDFs, guaranteeing offline verifiability in Adobe Acrobat Reader and lasting evidentiary value. See also XAdES / PAdES / CAdES →
PDF/A (long-term archiving): PDF/A is a normalised ISO version of the PDF format (ISO 19005) specially designed for long-term archiving. It integrates all fonts, images and resources within the file, prohibits encryption and content dependent on an external environment. This guarantees that the document will remain readable in 30 years without software dependency. For electronic archiving with evidentiary value, combining PDF/A with PAdES B-LTA is the recommended practice.
PIPEDA (Personal Information Protection and Electronic Documents Act): PIPEDA is the Canadian federal law on the protection of personal information in the private sector (S.C. 2000, c. 5). It governs the collection, use and disclosure of personal information in interprovincial and international commercial activities. For electronic signatures, it requires that signature data (name, email, session metadata) be collected with informed consent, stored securely and deleted upon request. The province of Quebec has its own law (Law 25) which prevails over PIPEDA for intra-Quebec activities. Certyneo hosts signature data in Europe (IONOS Germany); transfers to Canada remain governed by GDPR-PIPEDA standard contractual clauses.
Audit trail: The audit trail is the timestamped log of all actions performed on a document: sending, opening, viewing, OTP entry, signing, refusal, expiry. It constitutes the main evidentiary proof in case of dispute, demonstrating that the signing process was carried out in accordance with the rules. On Certyneo, the audit trail is embedded in the final PDF and stored in our database for 10 years. Understand the audit trail in detail →
PKI (Public Key Infrastructure): A PKI (Public Key Infrastructure) is the set of hardware components, software, procedures and policies enabling the issuance, management and revocation of electronic certificates. It relies on asymmetric cryptography: a private key (secret) is used to sign, a public key (distributed in the certificate) allows anyone to verify the signature. Qualified providers operate PKIs compliant with ETSI standards.
Trust Service Provider (TSP): A Trust Service Provider (TSP) is an entity that provides time-stamping, certificate issuance, signature or archiving services within the meaning of the eIDAS regulation. A qualified TSP is subject to regular audits and is listed on the national trust list (in France: ANSSI list). Qualification guarantees the highest level of assurance recognised in the EU. See provider obligations →

Q

QES (Qualified Electronic Signature): The Qualified Electronic Signature (QES) is the highest level defined by the eIDAS regulation. It is legally equivalent to a handwritten signature throughout the European Union. Its issuance requires: prior identity verification, a qualified certificate issued by a QTSP, and the use of a qualified signature creation device (QSCD). It is required for electronic notarial deeds, certain public contracts and sensitive administrative procedures.
QSCD (Qualified Signature Creation Device): A QSCD (Qualified Signature Creation Device) is a hardware or software device meeting the strict requirements of Annex II of eIDAS for creating qualified signatures (QES). It guarantees that the signing private key is generated within the device, never leaves it in plain text, and can only be used by its legitimate holder. Certified HSMs and smart cards are common forms of QSCD. Cloud signatures use virtual QSCDs hosted in certified HSMs.
QTSP (Qualified Trust Service Provider): A QTSP (Qualified Trust Service Provider) is a TSP that has been audited and listed on the trust list of an EU Member State under the eIDAS regulation. Qualification is the highest level of European recognition: it is mandatory for issuing qualified certificates, qualified time-stamps, or qualified signatures (QES). In France, ANSSI maintains the official list (Docaposte, Universign/Oodrive, CertEurope…). Certyneo interfaces with several QTSPs to trigger QES when the qualified level is required (public procurement, notarial deeds, certain social procedures).

R

Automatic reminder: An automatic reminder is the feature of an electronic signature platform that automatically sends reminder emails or SMS to signatories who have not yet signed, according to a configurable frequency. It reduces signature abandonment and accelerates the completion of workflows. On Certyneo, reminders are configurable per envelope (frequency, message content) and all actions are tracked in the audit trail.
GDPR (General Data Protection Regulation): The GDPR (General Data Protection Regulation, EU Regulation 2016/679) governs the collection, processing and storage of personal data in the EU. In the context of electronic signatures, it requires in particular minimising the data collected on signatories, defining a retention period and ensuring the right to erasure. Certyneo is GDPR compliant with EU hosting (Germany) and an available processing register. See our security page →
ROI of electronic signature: The ROI (return on investment) of electronic signatures is measured across four areas: (1) reduction of the signing cycle — from 5-10 days (post / scan) to under 1 hour on average, (2) direct savings — printing, postage, physical archiving (estimated at €15 to €30 per envelope), (3) reduction in abandonment rate — contracts awaiting paper signature have a 3× higher abandonment rate, (4) compliance — GDPR fines for poor retention of paper contracts can exceed the annual cost of a SaaS tool. The move to paperless generally pays back within 3 to 6 months for SMEs processing more than 50 contracts per month.

S

SES (Simple Electronic Signature): The Simple Electronic Signature (SES) is the basic level defined by the eIDAS regulation. It requires no specific technical requirements: an 'I accept' click, a signature image or an email signature satisfies it. Its evidentiary value is presumed but can be challenged if the signatory denies their act. It is suitable for documents with low legal risk (quotes, internal minutes, agreements in principle). For important stakes, prefer the AES or QES level.
Signatory: The signatory is the natural person (or legal entity via an electronic seal) who affixes their electronic signature to a document. On Certyneo, the signatory receives a unique link by email, views the document, authenticates via OTP and signs without needing to create an account. Their identity is recorded in the audit trail.
Advanced signature (AES / eIDAS level 2): The Advanced Electronic Signature (AES) is the second level of electronic signature defined by the eIDAS regulation. It must be uniquely linked to the signatory, enable their identification, be created with data under their sole control, and make any subsequent modification to the document detectable. Certyneo implements it via strong authentication (email + OTP email/SMS) and a timestamped audit trail. It is suitable for the vast majority of contractual use cases: employment contracts, leases, NDAs, quotes, invoices. See also: AES, SES, QES. Understand eIDAS levels →
Biometric signature: A biometric signature is a form of electronic signature that captures, in addition to the handwritten trace image, dynamic behavioural data: stylus pressure, speed, angle of inclination, acceleration. These parameters create a unique fingerprint that is difficult to imitate. It offers more robust authentication than a simple signature image. Biometric data is considered sensitive under the GDPR and requires explicit consent. Biometrics alone is not sufficient to reach the AES eIDAS level; it must be combined with strong authentication.
Cloud signature: A cloud signature is an electronic signature in which the signatory's private key is generated, stored and managed by a trusted provider in the cloud, rather than on a local device (USB key, smart card). This approach simplifies the user experience and enables qualified signatures (QES) from a simple browser. The keys are protected in a certified HSM operated by a QTSP.
Electronic signature: An electronic signature is a mechanism for affixing to a digital document proof of identity and consent equivalent to a handwritten signature. Within the meaning of the eIDAS regulation, it encompasses three trust levels: simple (SES), advanced (AES) and qualified (QES). Unlike a digital signature, the electronic signature is a legal concept that can rely on different technologies. Discover our complete guide →
Mobile signature: Mobile signature refers to the ability to sign a document electronically from a smartphone or tablet, without a native application — via the web browser. The signatory receives a link by email or SMS, views the document in their mobile browser, initials and signs by a touch gesture or by typing their full name (depending on the required level), then validates via OTP SMS. On Certyneo, the signing interface is 100% responsive: identity verified, audit trail generated and co-signed PDF sent to the recipient in under 60 seconds on mobile 4G. No installation required for the signatory.
Digital signature: A digital signature is a technical implementation of the electronic signature based on asymmetric cryptography. It consists of encrypting the hash of a document with the signatory's private key, producing a verifiable fingerprint by anyone with the corresponding public key (contained in the certificate). It guarantees both the signatory's identity and the document's integrity.
Cipher suite: A cipher suite is a named combination of cryptographic algorithms (key exchange, authentication, symmetric encryption, MAC/HMAC) negotiated between the client and server during the TLS handshake. TLS 1.3 mandates modern suites such as TLS_AES_256_GCM_SHA384, eliminating weak algorithms (RC4, 3DES, MD5). Certyneo only accepts TLS 1.3 suites to maximise the security of signing sessions.

T

Trusted third party: A trusted third party is a neutral and independent actor whose mission is to secure an exchange between two parties: in electronic signatures, it attests to the identity of signatories, seals the document, time-stamps actions and preserves evidence. Historically, notaries played this role for paper deeds. In digital, the trusted third party is formalised by the eIDAS regulation in the form of trust service providers (TSP) and their qualified version (QTSP). Certyneo acts as a trusted third party by issuing advanced signatures (AES) and can delegate to a partner QTSP to issue qualified signatures (QES).
TLS (Transport Layer Security): TLS (Transport Layer Security) is the cryptographic protocol that secures communications over the Internet, succeeding SSL. It ensures confidentiality (encryption), integrity and server authentication (via its certificate). TLS 1.3, the current version, mandates modern cipher suites and a handshake in a single round-trip. The padlock in the browser signals that a TLS connection is active. Certyneo enforces TLS 1.3 minimum on all its endpoints.
Trusted List (EU trust list): The Trusted List is the official list published by each EU Member State and supervised by the European Commission, listing qualified trust service providers (QTSPs) and their services (qualified certificates, time-stamps, etc.). In France, the list is maintained by ANSSI. It is the proof of legitimacy of a QTSP under the eIDAS regulation. Only listed services benefit from the legal presumption of eIDAS compliance.

U

UETA (Uniform Electronic Transactions Act): UETA (Uniform Electronic Transactions Act, 1999) is the US model law that recognises the evidentiary value of electronic signatures in 47 of the 50 States. Complemented by the ESIGN Act (2000) at the federal level, it establishes that contracts and signatures 'cannot be declared invalid solely because they are in electronic form'. It is the US functional equivalent of the European eIDAS regulation, with a more liberal approach: UETA does not define levels (SES/AES/QES) and provides no qualified equivalent. For transatlantic contracts, an eIDAS advanced signature (AES) is generally recognised as UETA/ESIGN compliant, whereas the reverse is not automatic.

V

Evidentiary value: Evidentiary value is the ability of an electronic document to be accepted as evidence before a court. It relies on the reliability of the signing process, the traceability provided by the audit trail, the integrity guaranteed by hashing, and the preservation ensured by electronic archiving. The eIDAS regulation establishes a legal presumption of evidentiary value for advanced and qualified signatures.
Identity verification (identity proofing): Identity verification (identity proofing) is the process of checking a person's real identity before issuing them credentials or authorising them to sign. It ranges from the simple collection of an email address (simple level) to biometric video ID verification (video KYC, qualified level). It is mandatory for issuing a qualified certificate and triggering a qualified signature (QES).
Electronic visa (initials): An electronic visa (or electronic initials) is an intermediate validation action affixed to a document by an approver before the final signature. It indicates that a reader has taken note of the document and approves it without signing it in a legally binding manner. On Certyneo, multi-actor workflows allow visa steps (internal validation) and signature steps (external legal commitment) to be combined, guaranteeing complete traceability of the approval circuit.

W

Webhook: A webhook is an API mechanism that allows Certyneo to automatically send an HTTP notification to the client's application when an event occurs (document signed, refused, expired, audit trail generated). Unlike polling, the webhook is push-based: the client does not need to query the API regularly. It allows Certyneo to be integrated into third-party systems (CRM, ERP, HRIS) to trigger business actions in real time upon completion of a signature workflow.
Signature workflow: A signature workflow is the organised process defining the order, conditions and actors involved in signing a document. It can be sequential (each signatory signs after the previous one), parallel (all sign at the same time) or mixed. On Certyneo, the workflow includes the management of automatic reminders, expiry deadlines and multi-document envelopes.

X

XAdES (XML Advanced Electronic Signature): XAdES (XML Advanced Electronic Signatures, norme ETSI EN 319 132) est le standard européen pour les signatures numériques appliquées à des documents XML. Adopté par le règlement eIDAS, XAdES est le format de référence pour signer des fichiers XML structurés : factures électroniques (Factur-X, PEPPOL), bordereaux EDI, déclarations administratives, données de marché, transcriptions SEPA.

Quatre profils XAdES de maturité croissante, alignés sur PAdES et CAdES :
• XAdES B-B : signature XML de base avec attributs ETSI minimaux. Cas d'usage : signature ponctuelle d'un échantillon XML sans contrainte de date.
• XAdES B-T : ajoute un horodatage qualifié RFC 3161. Standard pour les factures électroniques et les flux EDI où la date d'émission doit être prouvée.
• XAdES B-LT : validation long terme avec chaîne de certificats et données de révocation embarquées. Reste vérifiable après expiration du certificat d'origine.
• XAdES B-LTA : horodatages d'archivage périodiques pour maintenir la valeur probante sur 10+ ans. Indispensable pour les archives fiscales et les registres réglementés.

XAdES vs PAdES : choisir XAdES pour signer un document XML natif (facture Factur-X, bordereau PEPPOL, échange EDI). Choisir PAdES pour signer un PDF (contrats, devis, documents RH). Les deux formats sont juridiquement équivalents — la différence est technique : le format adapté au type de document.

Variantes XAdES : XAdES enveloppante (le document XML est inclus dans la structure de signature), XAdES enveloppée (la signature est ajoutée au document), XAdES détachée (signature stockée dans un fichier séparé). Certyneo gère les trois variantes via l'API REST. Voir le comparatif PAdES / XAdES / CAdES.
XAdES / PAdES / CAdES: XAdES, PAdES and CAdES are the three standard digital signature formats defined by ETSI for the eIDAS regulation. XAdES (XML Advanced Electronic Signatures, EN 319 132) signs XML documents, PAdES (PDF, EN 319 142) embeds the signature token directly in the PDF — this is the format used by Certyneo to produce files verifiable offline in Acrobat Reader. CAdES (CMS, EN 319 122) applies to arbitrary binary streams. Each format comes in profiles (B-B, B-T, B-LT, B-LTA) offering increasing guarantees: time-based validity, qualified time-stamping, proof of long-term archiving.

Y

YubiKey (hardware security key): A YubiKey is a hardware security key (USB/NFC) designed by Yubico that stores non-extractable cryptographic secrets and supports FIDO2/WebAuthn, OpenPGP and PIV protocols. In the context of a qualified signature (QES), a YubiKey (or an equivalent device compliant with Annex II of eIDAS) can serve as a Qualified Signature Creation Device (QSCD): the private key associated with the qualified certificate never leaves the hardware, guaranteeing the highest level of assurance on the signatory's identity. On a Certyneo administration account, a YubiKey can also be used to protect admin access via hardware MFA.

Z

Paperless: The 'paperless' approach consists of fully replacing paper document workflows with signed digital equivalents. Beyond the operational gain (signing cycle reduced by 5 to 20 times on average), going paperless reduces the carbon footprint linked to printing, postage and physical archiving. Electronic signatures, combined with electronic archiving with evidentiary value (10 years minimum for commercial contracts), are the technical prerequisite for the switch. Dematerialisation describes the movement, paperless is its final goal.

Deepen with our guides

These guides expand on the key concepts from the glossary with concrete examples and use cases.

Ready to put these concepts into practice?

Certyneo allows you to create eIDAS-compliant signature envelopes in a few clicks, without installation.

Try free View pricing