What is an electronic signature? Complete 2026 guide
Last updated
An electronic signature (or e-signature) lets you sign documents digitally with the same legal standing as a handwritten signature. This guide explains how it works, the three levels defined by the eIDAS regulation, its legal validity in France and across the EU, and how to roll out electronic signatures in your organisation.
Summary
- Legal value = handwritten signature (art. 1367 Civil Code + eIDAS Regulation EU 910/2014)
- 3 recognized levels: Simple (SES), Advanced (AES) and Qualified (QES)
- Valid in all 27 EU Member States — direct application without transposition
- How it works: signer identification + cryptographic fingerprint (hash) of the document
- Average ROI < 3 months — contract finalized in hours vs. 5 days by mail
Definition: what is an electronic signature?
An electronic signature is a set of data in electronic form that is attached to, or logically associated with, other electronic data and that the signer uses to sign. This definition, set out in the eIDAS regulation (Regulation (EU) 910/2014), covers a wide spectrum of technical mechanisms, from the simplest (ticking a box, typing a name) to the most sophisticated (qualified cryptographic certificate).
Under French law, Article 1367 of the Civil Code provides that “the signature required for an act to be validly executed identifies the person who affixes it” and that, when electronic, it “consists in the use of a reliable identification process guaranteeing its link with the act to which it relates”. The reliability of the process is presumed for qualified signatures within the meaning of eIDAS.
In practice, an electronic signature performs three functions: it identifies the signer, it expresses their consent to the content of the document, and it guarantees the integrity of the document (any subsequent modification is detectable).
Electronic signature vs digital signature
The two terms are often confused. The electronic signature is the legal concept (what binds the signer). The digital signature is the underlying cryptographic technique (document hashing, asymmetric encryption with a private key) that can be used to implement an advanced or qualified electronic signature. Every digital signature is an electronic signature, but the reverse is not true.
How does an electronic signature work?
The mechanism rests on two pillars: the authentication of the signer and the integrity of the document.
To authenticate the signer, one or more identification factors are used: a trusted email address (single-use link), an OTP code received by SMS, a personal cryptographic certificate, and so on. To guarantee integrity, a fingerprint (hash) of the document is calculated at the moment of signing. If the document is altered afterwards, the fingerprint no longer matches — and the signature is invalidated.
In solutions such as Certyneo, the process relies on PDF processing libraries that embed this cryptographic metadata directly into the file. A timestamped audit trail (action log) completes the set-up by recording every step: sending, opening, OTP validation, signing, and so on.
From a technical perspective, several security mechanisms strengthen the inviolability of the process: qualified timestamping (RFC 3161) appends certified time proof to each signature; TLS 1.3 encryption protects data in transit; the signer's geolocation and IP address are recorded for traceability; finally, in certain flows (AES/QES), behavioral biometric data (typing speed, pressure) complement the identity fingerprint.
The concept of non-repudiation is central: thanks to the timestamped and cryptographically signed audit trail, it is technically impossible for a signer to deny signing a document without falsifying the chain of evidence. Regarding archiving, French regulations (decree 2016-1673) impose 10-year retention for most commercial documents — Certyneo ensures this archiving with evidentiary value in sovereign hosting (EU).
The three levels of electronic signature under eIDAS
The eIDAS regulation sets out a hierarchy of three levels. The higher the level, the stronger the identification requirements and the more robust the legal presumption.
Simple signature
Simple Electronic Signature
Examples
Web form, tick box, name typed on a keyboard
Typical use cases
Quotes, internal orders, low-risk documents
Certyneo
Available on every Certyneo plan
Advanced signature
Advanced Electronic Signature
Examples
SMS + email OTP, strong signer authentication
Typical use cases
Employment contracts, NDAs, material commercial contracts
Certyneo
Standard and Business plans — dual-channel OTP (email + SMS)
Qualified signature
Qualified Electronic Signature
Examples
QTSP certificate + secure signature-creation device
Typical use cases
Authentic acts, very-high-value contracts, public procurement
Certyneo
Via QTSP partenaire sur demande — intégration native en roadmap
Comparison table of the 3 eIDAS levels
| Criterion | SES — Simple | AES — Advanced | QES — Qualified |
|---|---|---|---|
| Signer identification | Email only | OTP SMS + email | QTSP + QSCD Certificate |
| Document Integrity | Basic | Cryptographic (hash) | Cryptographic (hash) |
| Qualified Certificate Required | No | No | Yes (eIDAS provider) |
| Presumption of Handwritten Equivalence | No | Partial | Full (art. 25 eIDAS) |
| Burden of Proof Reversal | No | No | Yes (in favor of signer) |
| Typical Use Cases | Quotes, orders | HR contracts, NDA, employment agreements | Authentic deeds, public procurement |
| Certyneo Availability | All plans | Standard and Business | Via partner QTSP |
Key Legal Point — Burden of Proof Reversal: For QES only, art. 25 of the eIDAS Regulation establishes a legal presumption of equivalence with handwritten signatures. In case of dispute, it is the challenger who must prove that the signature is invalid — not the signer who must prove its validity. This reversal is a considerable advantage in contractual disputes.
Legal validity in France and across the European Union
In France, electronic signatures have been recognised since Law No 2000-230 of 13 March 2000, which amended the Civil Code to put electronic writing and electronic signatures on the same footing as their paper counterparts. Article 1366 specifies that electronic writing “has the same probative value as writing on paper”.
At European level, the eIDAS Regulation (EU) 910/2014 creates a unified legal framework for electronic signatures. Its Article 25 lays down the principle of non-discrimination: “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form”. Qualified signatures (QES) further enjoy a legal presumption equivalent to a handwritten signature in all 27 Member States.
For everyday documents (commercial contracts, employment contracts, quotes, NDAs, mandates), an advanced signature (AES) strikes an excellent balance between ease of use and legal security. A qualified signature (QES) is reserved for very-high-value acts or situations where sector-specific regulation explicitly requires it.
Key French texts
- Article 1366 of the Civil Code (electronic writing)
- Article 1367 of the Civil Code (electronic signature)
- Decree No 2017-1416 of 28 September 2017 (presumption of reliability)
Key European texts
- Regulation (EU) 910/2014 (eIDAS)
- Directive 1999/93/EC (repealed, former framework)
- eIDAS 2.0 Regulation (2024 — digital identity wallet)
To ensure a provider's compliance, ANSSI publishes the French Trust List (TSL — Trust Service List) of qualified providers authorized to issue QES certificates. At the European level, each Member State publishes its own TSL, all accessible via the official European Commission portal (eidas.ec.europa.eu). Certyneo is ISO 27001 certified and hosts its data in the EU (Germany).
The benefits of electronic signatures for businesses
Beyond legality, electronic signatures fundamentally reshape contractual and administrative processes.
Time savings
A contract that used to take five days (printing, postal dispatch, return) is finalised within hours. Automatic reminders eliminate manual follow-ups.
Strengthened security
The timestamped audit trail, TLS 1.3 encryption and dual-channel OTP provide a higher level of proof than paper against forgery or repudiation.
Legal standing
Compliance with eIDAS and Article 1367 of the Civil Code. Signed documents carry the same probative force as a handwritten signature and are admissible before French courts.
Cost reduction
Elimination of printing, postage, physical archiving and manual handling costs. Return on investment is typically achieved in under three months.
End-to-end traceability
Every step of the document lifecycle is recorded. You know exactly who opened, read and signed, at what time and from which IP address.
GDPR compliance
Data hosted in the European Union (European Union), documented retention periods, rights of access and erasure. GDPR compliance is included by default.
Which documents and sectors can use electronic signature?
Almost all contracts and legal documents can be electronically signed. A few exceptions remain (notarial deeds, holographic wills) but they concern less than 5% of common commercial documents.
Human Resources
- Employment contracts (permanent, fixed-term, apprenticeship)
- Amendments and job modifications
- Internal regulations, charters
- Employee confidentiality agreements (NDA)
Legal and Commercial
- NDA (non-disclosure agreements)
- Service and supply contracts
- Purchase orders and quotes
- Rights assignment contracts
Real Estate
- Sales and management mandates
- Residential and commercial leases
- Preliminary sale agreements (excluding authentic deeds)
- Property condition reports
Finance and Banking
- Account openings and KYC
- SEPA direct debit mandates
- Loan contracts (excluding notarized mortgages)
- General terms and amendments
Excluded documents (require authentic deeds)
- ×Final real estate sales (notarized deed required)
- ×Holographic wills
- ×Marriage and divorce certificates (civil status deed)
- ×Certain real security deeds (mortgages)
5 common mistakes with electronic signature (and how to avoid them)
Even if legally recognized, an electronic signature can be challenged if poorly implemented. Here are the most frequent pitfalls encountered in business.
Using a level too weak for the contract
Signing an employment contract or asset transfer deed with a SES (simple click) exposes the employer to contestation risk. Rule: any contract worth > €1,500 or with significant HR consequences must use at minimum an AES with SMS OTP.
Ignoring the audit trail (proof log)
The signed document is only part of the evidence. The audit trail — which documents each step (sending, opening, OTP validated, time, IP) — is the cornerstone in case of dispute. Without it, it is impossible to reconstruct the chain of events before a judge.
Failing to verify GDPR compliance of the service provider
Biometric and identification data of signers are sensitive personal data. Your service provider must absolutely host data in the European Union and have a DPA (Data Processing Agreement) compliant with GDPR. Be wary of American solutions without EU hosting.
Confusing electronic signature with digitized signature
Scanning your handwritten signature and inserting it into a PDF has no legal value under the eIDAS regulation. A true electronic signature relies on cryptographic mechanisms of integrity and authentication — not on an image.
Neglecting long-term archiving
Decree 2016-1673 requires retention of signature evidence for the entire legal lifetime of the contract (10 years for commercial documents, 5 years for employment contracts). Your solution must guarantee archiving with probative value, not just standard cloud storage.
How to roll out electronic signatures: a step-by-step guide
With Certyneo, you can send your first document for signature in under five minutes.
Create your account
Sign up to Certyneo in seconds with your email or via Google/Microsoft. No credit card required to get started.
Upload your document
Import your PDF or Word file. Certyneo automatically converts Word files into a PDF optimised for signing.
Add the signers
Enter the name and email of each signer. Set the signing order where needed and place the signature fields on the document.
Send the envelope
A secure email is sent to each signer with a unique link. For an advanced signature, the signer also receives an OTP by SMS.
Track in real time
From your dashboard, track the status of each envelope: sent, opened, signed or declined. Automatic reminders chase up inactive signers.
Archive the final document
Once every signer has signed, the final PDF (with an embedded audit footer) is automatically archived for ten years and available at any time.
Frequently asked questions about electronic signatures
What is an electronic signature?
An electronic signature is a technical process used to identify the author of a digital document and guarantee its integrity. It is the legal equivalent of a handwritten signature within the meaning of the eIDAS Regulation (EU) 910/2014 and Article 1367 of the French Civil Code.
Is an electronic signature legal in France?
Yes. Electronic signatures have been recognised in France since the law of 13 March 2000 (Article 1367 of the Civil Code) and across the European Union thanks to the eIDAS regulation. An electronic signature has the same legal standing as a handwritten signature provided that the identification of the signer and the integrity of the document are assured.
What is the difference between simple, advanced and qualified signatures?
The eIDAS regulation defines three levels. The simple signature (SES) is the baseline: a click, a ticked box, or typing a name. The advanced signature (AES) requires identification of the signer (for example, an SMS/email OTP) and a unique link with the document. The qualified signature (QES) additionally requires a certificate issued by a qualified trust service provider (QTSP) and a secure signature-creation device — it offers the strongest legal presumption.
Which documents can be signed electronically?
Almost every contractual and commercial document can be signed electronically: employment contracts, quotes and purchase orders, NDAs, service agreements, amendments, mandates, agreements and deeds of assignment. Certain authentic acts (notarised acts, civil-status documents) are subject to specific conditions.
How does the Certyneo electronic signature work?
With Certyneo, the sender uploads their PDF, adds the signers and sets the fields. Each signer receives a secure link by email. For an advanced signature (AES), a dual email + SMS OTP (OTP SMS) authenticates the signer. The final PDF embeds a timestamped audit footer and is archived for ten years.
Is an electronic signature valid across the entire EU?
Yes. The eIDAS regulation is directly applicable in the 27 Member States of the European Union. A qualified signature issued in one Member State is recognised in all the others. Simple and advanced signatures also have probative value but may be weighed by the court.
How much does an electronic signature cost with Certyneo?
Certyneo offers a free plan (5 envelopes/month), a Personal plan at €9/month, a Standard plan at €29/month and a Business plan at €79/month. The eIDAS advanced signature (AES) is available from the Standard plan upwards.
What is an audit trail and what is it for?
The audit trail is a timestamped log of every action taken on an envelope: sending, opening, viewing, signing, refusal, expiry. It evidences the chronology of events and strengthens the probative value of the signed document in the event of a dispute.
Is electronic signature really secure?
Yes, an eIDAS-compliant electronic signature is technically more secure than a handwritten signature. It combines: (1) signer identification via SMS OTP or certificate, (2) cryptographic fingerprint (SHA-256 hash) of the document — any post-signature modification immediately invalidates the signature, (3) qualified timestamping certifying the exact time, (4) signed and encrypted audit trail preserving the complete history. None of these protections exist for a paper signature.
How long must electronically signed documents be retained?
The duration depends on the document type: 10 years for commercial contracts (art. L.110-4 French Commercial Code), 5 years for employment contracts, 30 years for real estate documents. Decree 2016-1673 requires that archiving be performed under conditions guaranteeing document integrity and readability. Certyneo ensures this archiving with probative value hosted in the European Union.
What is non-repudiation and why is it important?
Non-repudiation is the legal and technical property that prevents a signer from denying having applied their signature. It is guaranteed by the combination of: the timestamped and cryptographically signed audit trail, the OTP sent to the signer's phone number (proof of possession), and the document's unique fingerprint. In case of legal dispute, non-repudiation constitutes a strong presumption in favor of the signature beneficiary.
What certifications and compliance standards should you verify with a service provider?
For a reliable and compliant solution, verify: eIDAS qualification (ANSSI trust list for QES), ISO 27001 certification (information security), GDPR compliance with EU hosting, HDS compliance if you process health data, and ideally ANSSI's SecNumCloud qualification for cloud-hosted solutions. Certyneo hosts all its data in Germany (EU).
Certyneo Legal Team
Electronic signature and contract law experts
This guide is written and maintained by Certyneo's legal and technical team, specializing in electronic contract law, eIDAS compliance and data protection (GDPR). Each article is reviewed quarterly to reflect the latest regulatory developments.
- Expertise in eIDAS Regulation (EU) no. 910/2014
- GDPR compliance and hosting within the European Union
- Processing over 50,000 electronically signed documents
Last revision :