Electronic Signature as Legal Evidence in Litigation

In France, more than 2.5 billion documents are signed electronically each year, according to industry estimates. Yet, when a commercial dispute arises, one question comes up repeatedly: does electronic signature constitute solid evidence before a court? The answer is yes, subject to conditions. Between the Civil Code, the European eIDAS regulation, and French case law that has intensified since 2016, the framework is precise — but complex. This article decrypts the conditions for admissibility of an electronic signature in proceedings, the different levels of evidence according to the type of signature, and the mistakes to avoid so that your document survives judicial challenge.

Probative Value of Electronic Signature: What French Law Says

Electronic signature is not a legal novelty. Since the law of March 13, 2000, French law explicitly recognizes electronic documents as a means of proof, on equal footing with paper. This recognition is now codified in articles 1366 and 1367 of the Civil Code, which establish two fundamental principles.

First principle: electronic documents have the same probative force as paper documents, provided that the person from whom it originates is duly identified and the integrity of the document is guaranteed. Second principle: reliable electronic signature benefits from a legal presumption of validity. Article 1367 specifies that this reliability is presumed — that is, established without prior demonstration — when the signature conforms to technical requirements set by decree.

In practice, this decree refers to the European eIDAS regulation, whose detailed analysis you can find in our guide to eIDAS 2.0 regulation. The mechanism is therefore as follows: a signature qualified under eIDAS benefits from an irrebuttable presumption of validity under French law, reversing the burden of proof to the person who contests it.

The Three Levels of Signature and Their Probative Scope

The eIDAS regulation distinguishes three levels of signature, which do not offer the same legal robustness before a judge:

Simple electronic signature (SES) is based on electronic data attached to a document — typically an email or a checked box. It has weak probative value: in case of challenge, it is up to the person invoking it to prove its authenticity. It is suitable for low-value acts or contexts with limited risk.

Advanced electronic signature (AES) is linked uniquely to the signatory, allows identification of them, is created from data under their exclusive control, and detects any subsequent modification. It offers significantly higher probative value and is suitable for most commercial contracts. However, it does not benefit from automatic legal presumption.

Qualified electronic signature (QES) is created via a certified device and relies on a qualified certificate issued by a trust service provider (TSP) listed on the Trust List of the Member State. It is the only level that benefits from the legal presumption of validity provided for in article 1367 of the Civil Code. To go further on the differences between solutions, our comparison of electronic signature solutions details the offers available on the market.

What Courts Actually Examine

When an electronic signature is challenged in court, French judges typically examine five elements:

1. Signatory identification: by what mechanism was identity verified? A simple SMS OTP, a code sent by email, or biometric verification on a government-issued ID?
2. Informed consent: did the signatory have knowledge of the document content at the time of signing?
3. Document integrity: can the signed file prove it was not modified after signature (cryptographic seal, SHA fingerprint)?
4. Traceability: is there a timestamped audit log, maintained by an independent third party, listing each action?
5. Preservation: are the document and associated evidence archived under conditions allowing their production in court years later?

Decisions by commercial courts since 2018 show a clear trend: judges do not reject electronic signature per se, but sanction gaps in traceability. A service provider unable to produce a complete audit log, or whose timestamps are not certified, sees their document weakened or even discarded.

The Burden of Proof in Case of Challenge

The question of burden of proof is strategically decisive in any litigation involving an electronic signature. The regime differs depending on the level of signature used.

Presumption of Reliability and Burden Reversal

With a qualified signature, the law presumes its reliability. Concretely, if one party challenges the signature, it is up to them to demonstrate that the presumption should be set aside — for example by proving that the certificate was expired, that the service provider was not qualified, or that the signature creation device was compromised. This inversion is considerable: it protects the beneficiary of the signature.

With an advanced or simple signature, the operator invoking the signature must conversely positively establish its reliability. They must produce all elements allowing identification of the signatory: connection IP address, certified timestamp, identity verification logs, recorded consent. This is why the choice of signature service provider and the quality of their audit log are legal variables, not merely technical ones.

French Case Law: Key Trends

Several recent decisions illuminate the position of French courts:

• CA Paris, 2021: the court validated an advanced electronic signature in a dispute over a distribution contract, noting that the service provider produced a complete evidence file including SMS OTP, timestamp, and SHA-256 fingerprint of the document.
• Cass. com., 2022: the Court of Cassation recalled that challenging an electronic signature must be explicitly reasoned by the claimant, not merely alleged in general terms.
• TJ Paris, 2023: a judicial court rejected a simple electronic signature in an employment law dispute, on the grounds that the signatory's identity was established only by an unverified email address, without OTP or two-factor authentication.

These decisions confirm a core rule: it is the robustness of the evidence file, more than the format of the document, that determines the judicial outcome.

Building an Evidence File Enforceable in Court

Anticipating litigation does not mean being pessimistic; it is exercising contractual rigor. Several practices allow you to significantly strengthen the probative value of an electronic signature.

The Evidence File: Essential Components

A solid evidence file must contain at minimum:

• The signed file with its cryptographic signature (PAdES format for PDFs, XAdES for XMLs), as defined by ETSI EN 319 132 and ETSI EN 319 122 standards.
• The signatory's electronic certificate, with its issuance date and validity period.
• The complete audit log: each step of the process (invitation, document opening, OTP verification, signature click) timestamped and certified by a trusted third party.
• Proof of identity: capture of identification data used (verified email, phone number, scanned ID document if required).
• Qualified timestamp: a time token issued by a Certification Authority compliant with eIDAS, guaranteeing that the signature was actually affixed at the stated time.

This documentary architecture is at the heart of what Certyneo automatically generates with each signature, within the framework of its compliance with our approach to electronic signature in business.

Preservation of Evidence: Duration and Format

The preservation of evidence is often neglected, yet it conditions the defendability of a contract over time. In commercial law, disputes can arise up to five years after signature (standard limitation period, article 2224 of the Civil Code). Some contracts — commercial lease, warranty, contractual liability — expose to even longer periods.

You should therefore preserve:

• The signed document in a durable format (PDF/A with embedded signature),
• The complete evidence file associated with it,
• In an archiving system guaranteeing long-term integrity (ideally compliant with NF Z 42-026 or eArchiving).

A SaaS provider that does not offer archiving guarantees beyond its commercial lifespan represents a real legal risk: if the company ceases operations, evidence may disappear. Systematically check reversibility and data export clauses in your service provider contracts — it is a criterion we detail in our guide to migrating from DocuSign or YouSign to Certyneo.

When to Prioritize Qualified Signature?

Not all contracts require the highest level. The choice of signature level should be proportionate to the legal and financial stakes:

• Low-value contracts (purchase orders, ToS, internal confidentiality agreements): advanced signature sufficient.
• Significant commercial contracts (services > €10,000, annual framework agreements, copyright transfers): advanced or qualified signature recommended depending on risk level.
• Acts requiring authentic or semi-authentic form (certain notarial acts, personal guarantees): qualified signature mandatory or electronic notarial deed.
• Employment law contracts (employment contract, severance agreement, amendment): DGEFP recommends advanced signature at minimum, and several Labor Court decisions have sanctioned simple signatures.

For companies handling high volumes of contracts, Certyneo's ROI calculator allows you to evaluate comparative costs according to the signature level chosen, incorporating legal residual risk.

Applicable Legal Framework for Electronic Signature Evidence

The legal value of electronic signature in France rests on a consistent stack of texts, whose mastery is essential for anyone involved in commercial litigation.

Civil Code, articles 1366 and 1367: these two articles form the foundation of electronic evidence law in France. Article 1366 assimilates electronic documents to paper documents as long as the person from whom they originate is identifiable and their integrity is ensured. Article 1367 grants a legal presumption of reliability to electronic signatures compliant with regulatory requirements, reversing the burden of proof in favor of the person producing them.

eIDAS Regulation No. 910/2014 (EU): directly applicable in all Member States since July 1, 2016, this regulation defines the three levels of signature (simple, advanced, qualified), technical requirements for each level, and the list of qualified trust service providers (TSP). It establishes mutual recognition of qualified signatures within the European Union, which is crucial for disputes involving parties from different Member States. The eIDAS 2.0 revision (Regulation 2024/1183) strengthens these requirements and introduces the European digital identity wallet (EUDIW).

Decree No. 2017-1416 of September 28, 2017: this decree specifies in French law the conditions of the presumption of reliability provided for in article 1367 of the Civil Code, expressly referring to eIDAS requirements for qualified signature.

ETSI EN 319 132 (XAdES) and ETSI EN 319 122 (CAdES), ETSI EN 319 162 (ASiC) standards: these technical standards define electronic signature formats recognized as compliant with eIDAS. They are enforceable in court as a technical reference framework for assessing signature validity.

GDPR — Regulation No. 2016/679: the collection and processing of biometric or identity data for the purpose of signatory verification must comply with data minimization and purpose limitation principles. Any signature service provider processing identity data must have an explicit legal basis (contract performance, legal obligation, or legitimate interest) and inform the user in compliance with articles 13 and 14 of the GDPR.

NIS2 Directive (2022/2555/EU): qualified trust service providers are now within the scope of essential or important entities under NIS2. They are subject to enhanced information system security obligations, which indirectly strengthens the robustness of the evidence they generate.

Legal risks in case of non-compliance: using a signature solution not compliant with eIDAS exposes you to several risks: rejection of the document by the judge, inability to invoke the presumption of reliability, engagement of contractual liability for lack of diligence, and in some cases, nullity of the deed if formal requirements applied. In terms of evidence, the absence of a certified audit log can lead to unequal arms between parties and severely weaken the position of the one producing the signature.

Use Cases: Electronic Signature Put to the Test of Litigation

Scenario 1 — Law Firm and Disputed Engagement Letter

A mid-size M&A law firm with about twenty lawyers, specializing in mergers and acquisitions, has been using an advanced electronic signature solution for its engagement letters for two years. One of these engagements, valued at €85,000 for due diligence, becomes the subject of a challenge: the client disputes having signed the engagement letter under the stated conditions, invoking lack of informed consent.

The firm produces before the commercial court the complete evidence file generated by its platform: certified timestamp of dispatch, document opening logs, OTP code sent to the phone number provided by the client during onboarding, and cryptographic fingerprint of the file identical between dispatch and the produced version. The judge upholds the validity of the signature. With the burden of proof having been met by the firm, it is up to the client to demonstrate forgery — which they fail to do. The firm recovers its entire fee. Key lesson: a complete evidence file can swing a dispute in a few pages.

Scenario 2 — SME Industrial Company and Supplier Dispute Over Purchase Order

An industrial SME managing about 300 supplier contracts per year migrated to simple electronic signature for its purchase orders, without enhanced identity verification. A supplier challenges receipt of a purchase order canceled late, arguing they never signed the modified version.

The SME is unable to produce a certified audit log: its solution only kept an email address as proof of identification. The commercial court, lacking sufficient probative elements, applies standard rules of evidence and rules in favor of the supplier on the disputed point. The cost of resolving the dispute exceeds €40,000, plus legal fees.

Following this dispute, the SME switches to an advanced signature solution with OTP and certified audit log. It reduces its contract dispute rate by 60% over the next two fiscal years, according to its internal assessment. Key lesson: the cost of a robust signature solution is marginal compared to the cost of a single poorly documented dispute.

Scenario 3 — Healthcare Group and Practitioner Contracts

A hospital group with approximately 600 beds formalizes its contracts with independent practitioners electronically. One of these contracts is challenged upon termination: the practitioner alleges not having received particular conditions integrated into the signed document, claiming post-signature modification.

The platform used by the group generates signatures in PAdES format (PDF Advanced Electronic Signatures), compliant with ETSI EN 319 132 standard. Each document revision creates a new cryptographic fingerprint. The court clerk can verify, via an online signature validator recognized by the European Commission, that the document has not been modified since its signature. The challenge is rejected on an expedited basis. Key lesson: the technical format of the signature (PAdES, XAdES) directly conditions the verifiability of the document in court — a criterion often underestimated when choosing a solution.

Conclusion

Electronic signature is solid legal evidence in case of litigation — provided you choose the right level of signature, a reliable service provider, and preserve a complete evidence file. The legal presumption of reliability offered by qualified signature represents a decisive strategic advantage in court: it reverses the burden of proof to the challenger. For contracts with more typical stakes, an advanced signature combined with a certified audit log offers a very satisfactory level of protection before French commercial courts.

Do not leave your contracts exposed to challenge due to insufficient evidence. Certyneo automatically generates a certified, timestamped, and archived evidence file for each signature, in full compliance with eIDAS and the Civil Code. Create your Certyneo account for free and secure your contractual commitments today.