Electronic signature: impact on litigation of the certification of the solution implemented

The rulings handed down in early September 2020 by the Toulouse (CA Toulouse, ^3rd Ch., 4 September 2020, RG n°19/01990) and Lyon (CA Lyon, ^6th Ch., 3 September 2020, RG n°19/06466) Courts of Appeal place an important emphasis on the certification of the signature solutions implemented. However, it is still necessary to understand the scope of these certifications and their real impact on the reliability of the electronic signature.

The common thread between these two rulings is the emphasis on the "certification" of the signature solution to accept—or refuse—the recognition of the value of the electronically signed document. But the way in which "certification" is understood by the judges invites reflection on the exact scope of this magic word.

Indeed, the creation of a remote electronic signature is a technical operation that is “invisible” to the user but which involves several complex technical areas (White Paper “Remote Signature – Current Situation and Best Practices” – 2020 – Published by the PSCO Club and AFAI):

- Issuance of certificates;

- Protection of private signature keys;

- Signature format and standard;

- Signature creation;

- Audit of service providers.

For each of these areas, several levels of guarantee are defined, which have different terminology and are measured against different norms and standards. As the authors of the white paper on remote signature published by the PSCO Club and the AFAI rightly note, this diversity " often generates confusion about the overall guarantee offered by remote signature ."

Thus, for example, so‑called "simple" signatures are most often generated via the encryption of the document to be signed by a legal entity stamp or a time stamp, the entire solution being presented by suppliers as irreproachable due to the fact that the stamps in question are at the eIDAS qualified level. But apart from ensuring the integrity of the signed document, what are these processes worth as an electronic signature of a natural person? Do they prove the identity of the signatory? Do they ensure a link between the signatory and the document? Yes, perhaps, but this still needs to be demonstrated, without stopping at the apparent legitimacy of a "certification" which has only a distant relationship with the real reliability of the signature process taken as a whole.

In conclusion, we should be pleased that judges are beginning to attach importance to the certification of electronic signature processes submitted to them, because the very purpose of certification is to provide trust. However, we must remain vigilant regarding the purpose of this certification, which is not necessarily a guarantee of the reliability of the electronic signature process implemented.