Electronic Signature: Legal Value, eIDAS Levels, and Implementation in France 2026

Quick answer. Electronic signatures exist at three levels: simple (basic legal recognition), advanced (identified and tamper-proof), and qualified (equivalent to handwritten signature). Only qualified signatures carry an absolute presumption of validity in court. French Civil Code articles 1366 and 1367 grant the first two equal evidentiary force to paper if the signatory is identifiable and integrity is assured.

Paperless business processes are accelerating across France and Europe. Organizations must now secure digital exchanges with legal certainty: commercial contracts, management mandates, payment orders, internal agreements. The regulatory framework has been established since 2014 by the EU's eIDAS Regulation, but many business leaders and professionals remain uncertain about the actual legal value of each signature type. This confusion creates risk: a contract signed electronically without proper documentation can be challenged in court, while a rigorous implementation eliminates doubt.

In 2026, with the rollout of eIDAS 2.0 (Regulation 2024/1183) and the expansion of the European digital wallet, trust infrastructure is evolving progressively. At Hayot Expertise, we see entrepreneurs delaying digitalization of their processes out of regulatory concern, when a methodical approach would combine efficiency gains with legal certainty.

The eIDAS Regulation (No. 910/2014) defines a clear hierarchy of three levels, each with distinct capabilities and legal presumptions.

1. Simple Electronic Signature#

A simple signature is the most basic form. It is defined as "data in electronic form, attached to or logically associated with other data in electronic form and which the signatory uses to sign." This category includes:

• an email signed with a name
• a click on an "I accept terms" button
• a handwritten annotation captured by photograph or scan
• a PIN code entered into an application

Legal value: Simple signatures receive legal recognition, but they carry no presumption of reliability. In a dispute, the challenger has the right to question its authenticity. You must prove the signature genuinely comes from the signer.

2. Advanced Electronic Signature#

An advanced signature reinforces reliability through three technical criteria:

1. it is uniquely linked to the signatory (a digital certificate or biometric identifier belongs to one person only)
2. it identifies the signatory (the person is legally identified)
3. it detects later alterations (any change to the document after signing invalidates the signature)

Public solutions like DocuSign, Yousign, or Adobe Sign create advanced signatures when they combine multi-factor authentication (password + email + SMS) and timestamp.

Legal value: An advanced signature enjoys a presumption of reliability unless proven otherwise. Under French law, Civil Code articles 1366 and 1367 recognize advanced electronic signatures as carrying evidentiary force equivalent to paper, provided the signatory is identifiable and document integrity is guaranteed.

3. Qualified Electronic Signature#

A qualified signature meets extremely strict standards: it is created with a qualified device (a certified security hardware key) and rests on a qualified certificate issued by a regulated trust service provider (list supervised by ANSSI in France).

Legal value: This is the highest tier. Article 5 of the eIDAS Regulation states: "The legal effect of a qualified electronic signature shall be equivalent to that of a handwritten signature." A qualified signature thus carries an absolute presumption of validity in court. No doubt can be cast, except by written proof of a device defect.

Civil Code articles 1366 and 1367, introduced by Ordinance 2016-131 of 10 February 2016, form the foundation of electronic document recognition in France.

Article 1366 — Evidentiary Force of Electronic Writing#

"Electronic documents carry the same evidentiary force as documents on paper, provided that the person from whom it emanates can be duly identified and it is established and preserved under conditions designed to guarantee its integrity."

This article creates equality: electronic writing is not discriminated against. But this equality is conditional:

1. Identification of the author: you must be able to prove the signature comes from a specific person, not a shared email address
2. Document integrity: the document must not have been altered after signing; a qualified timestamp provides very robust proof of integrity

Article 1367 — Electronic Signature and Presumed Reliability#

"When apposed electronically, a signature consists of the use of a reliable identification process guaranteeing its link with the act to which it attaches. The reliability of this process is presumed, unless proven otherwise, when the electronic signature is created, the identity of the signatory is assured, and the integrity of the act is guaranteed."

Article 1367 introduces a legal presumption: if your signature process meets three conditions (creation, identity, integrity), reliability is presumed from the outset. This is a reversal of burden: the challenger must prove the signature is false, not you.

The trust list maintained by ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) lists providers authorized to deliver:

• qualified certificates for electronic signature
• qualified timestamping services
• compliant archival services
• signature validation services

Examples of qualified providers operating in France: Docaposte, Certigna, Universign, GlobalSign France, La Poste Certificats.

When you select a signature solution (DocuSign, Yousign, etc.), verify it has partnerships with qualified providers for timestamping and validation. An advanced signature alone is insufficient for critical acts; it must be backed by qualified timestamping and a compliant audit trail.

1. Audit Your Current Legal Framework#

Before deploying technical solutions, audit your existing processes:

• Which documents are currently signed on paper (commercial contracts, mandates, payment orders)?
• Who signs (you, a colleague, a third party)?
• What level of legal security is required for each workflow?

2. Choose the Appropriate Signature Level#

Ask yourself: will the document be contested in court?

• Standard commercial contracts (€ ≤ 10,000) → advanced signature with timestamp (accepted by courts)
• Management mandates, significant payment orders, business sale agreements → advanced minimum, qualified if high litigation risk
• Employment contracts, property contracts, formation documents → qualified signature recommended (equivalent to paper)
• Internal approvals, purchase orders → simple signature acceptable (audit trail = sufficient proof)

3. Select a Certified Technical Solution#

Minimum requirements for compliance:

1. Multi-factor authentication: password + SMS code or email confirmation
2. Timestamping: an independent trusted third party applies a cryptographic timestamp
3. Audit trail: history preserved for minimum 10 years, readable and immutable
4. Compliant archival: partnership with an approved provider (Docaposte, La Poste, etc.)
5. Integrity control: validated SSL/TLS certificate, annual external security audit

4. Documentation and Access Rights#

Create an internal document listing:

• the signature manager (who authorizes what)
• signature levels by document type
• access rights (who may sign, at what amount)
• retention policy (legal timeframes by document type)

5. Training and Support#

Train users: a technically robust signature process collapses if staff ignore it. Plan:

• 30-minute demonstration
• "How to sign a contract" reference guide
• rapid troubleshooting support
• single point of contact (you or your accountant)

Remote Signature for Regulated Professions (Attorneys, Physicians, Accountants)#

Professional ethics codes (bar associations, professional orders) do not prohibit advanced electronic signatures for routine acts, but certain authentic acts still require intervention by a public official (notary). An advanced signature for a standard client contract suffices; however, real property transfer or business acquisition requires a notarial deed.

Signature by Electronic Power of Attorney#

You can delegate signing authority (an employee signs on your behalf). The power of attorney itself must be signed electronically or handwritten, depending on risk. For a power of attorney > €10,000, an advanced signature of the attorney document itself is strongly recommended.

Critical Environments (Financial Services, Healthcare)#

Certain sectors impose additional requirements. Financial services may require qualified signature for each credit or payment operation. Healthcare must comply with GDPR confidentiality. Consult your sectoral regulator before deployment.

1. Confusion Between Electronic Signature and Archival#

A valid signature is not enough; the document must also be properly preserved. A document signed and stored on an unencrypted personal hard drive is not probative. Use an approved archival provider or ISO 27001-certified cloud storage.

2. Timestamping: Overlooked and Critical#

Timestamping is frequently neglected. Yet without a third-party timestamp (qualified timestamping), you cannot prove the signature was affixed before a deadline (contract statute of limitations, etc.). Ensure your solution systematically applies timestamping, ideally qualified.

3. Loss of Access to Digital Identifiers#

When an employee leaves, what becomes of their signing certificates? If you use DocuSign, transfer permissions to a replacement before departure. If you use individual certificates, recover them or explicitly revoke them.

4. Respect for Retention Periods#

Electronic signature does not exempt you from duration requirements:

• Commercial contracts: minimum 5 years
• Management mandates, employment contracts: 3–5 years
• Property documents: 30 years
• Payroll/HR documents: 3 years

Schedule automatic archival or plan a retention audit annually.

5. Confusion with Authentication (2FA)#

An electronic signature is not the same as multi-factor authentication (2FA) to access a website. Authentication proves you are who you say you are; signature proves you consent to a specific act. Both are useful, but distinct.

Recently, an 8-person consulting SME contacted us to structure their signature processes. They used a patchwork: paper contracts for major clients, DocuSign "the old way" without timestamping for internal contracts, signed emails for orders. Result: a dispute with a former client challenging the validity of an electronically signed engagement letter. The court recognized the signature as valid, but only after 18 months of litigation.

What they could have done:

1. Externalize signatures via a certified solution with qualified timestamping (cost: €20/contract)
2. Register certificates for each authorized signer
3. Train staff in 30 minutes

Total cost: under €500 to structure everything. Litigation cost: over €30,000 in legal fees.

Authority signal: As audit professionals, we routinely attest to electronically signed contracts in special reports and management audits. The French institute of chartered accountants recognizes advanced signatures as valid for ordinary accounting acts. Qualified signature is required only where explicitly mandated by law (e.g., real property rights).

Hayot Expertise Advice. Electronic signature is not a regulatory jungle. A simple project — identify critical documents, choose a certified provider, train once — eliminates 90% of legal risk while saving 3–5 days per month in paper circulation. Start with routine commercial contracts (advanced signature) before moving to complex acts. And document your choice: that record is your best defense in court.