Signatory Identity and Digital Proof

The Core Issue

An electronic signature has value only if you can prove who applied it. A simple click on "I Accept" says nothing reliable about identity.

Identification Techniques

Trusted Email

Unique link sent. Only the mailbox holder can click. Foundation of simple signature (SES).

OTP via SMS

One-time code sent to the number. Combined with email, it's the standard for advanced signature (AES).

Video KYC

Verification by videoconference: identity document, liveness test, OCR. Used for QES and regulated sectors.

Qualified Certificate

Personal cryptographic certificate issued by a QTSP. Highest level, required for QES.

National Digital Identity

FranceConnect+, itsme (Belgium), SPID (Italy). EUDIW wallets will expand this option.

Assurance Levels (LoA)

eIDAS defines three levels:

• Low: simple email → SES

• Substantial: two-factor → AES

• High: strict verification → QES

GDPR Issues

Identification collects personal data. GDPR requires:

• Minimization (collect only what is necessary)

• Documented retention period

• Right of access and erasure

• Legal basis (contract execution, article 6.1.b)

Biometric data (video KYC) is sensitive — explicit consent required.

KYC and Regulated Sectors

Banks, insurance, crypto, real estate brokers are subject to AML-CFT. KYC requires:

• Identity document verification with OCR

• Liveness test (dynamic selfie)

• Cross-checking with sanctions lists (PEP, OFAC)

• Sometimes human operator via video

Errors to Avoid

• Relying on email alone for sensitive contracts

• Storing identity documents indefinitely

• Not documenting the legal basis

• Collecting more than necessary

Use Case: Neo-bank Account Opening

• Enter information (name, address, profession)

• Upload identity document + proof of residence

• Liveness test: dynamic selfie

• Contract signature in AES with SMS OTP

In 10 minutes, account opened with "substantial" identification acceptable by ACPR.

How Certyneo Helps You

Certyneo natively offers email + SMS OTP identification (AES). For cases requiring enhanced KYC, a video KYC integration is available: document verification, liveness test, sanctions cross-checking.

KYC data is hosted in the EU, encrypted, with documented retention periods in compliance with GDPR.

Discover the Certyneo electronic signature solution

FAQ

Is email alone sufficient for a valid signature?

Technically yes for SES. For a high-stakes document, prefer AES with SMS OTP.

Does GDPR prohibit storing identity documents?

No, it regulates. Legal basis, limited duration, enhanced security for sensitive data.

Can FranceConnect+ be used?

Yes, recognized as "substantial" level for AES or even QES.

Is video KYC mandatory for insurance?

Not as such, but ACPR expects enhanced identification.

Sign with an identity from another EU country?

Yes, mutual recognition under eIDAS (itsme, SPID, nPA).

Conclusion

Identification is the weakest link in the proof chain. Care for it according to the stakes, and your signature will be solid.

Try Certyneo to send, sign, and track your documents online simply, quickly, and securely.