The new provisions governing trust services for electronic transactions have recently taken effect, thus introducing three additional levels of electronic signature applicable to various types of documents and strengthening the climate of trust for all users.
These provisions are stipulated in the decree n°2.22.687, which implements the law n°43.20 concerning trust services for electronic transactions, published in the Official Bulletin (BO) n° 7162 in French language six months ago. month.
In addition, several companies have started to offer electronic signature services offering different levels of authentication. These services can be used in a multitude of documents such as loan applications, tax and social declarations, as well as tax certificates, banking, insurance and administrative contracts, as well as responses to public tenders. In addition, the electronic signature can be used for invoices, sending court documents and consulting criminal records.
According to the BO, the qualified electronic signature certificate or the qualified electronic seal certificate issued by the approved trust service provider must include a unique identity code for the certificate, the name or company name of the provider and the State of its registered office, the indication of the start and end of the validity period of the certificate, the name of the holder or his pseudonym and the data relating to the verification of the electronic signature which corresponds to the data for creating the electronic signature.
These certificates must in particular include the advanced electronic signature or the advanced electronic seal of the trust service provider concerned and a statement indicating, at least in a form suitable for automated processing, that this e-document is a qualified certificate of electronic signature. It should be noted that this data is also included at the level of the qualified authentication certificate of an Internet site.
Following this, the provider of the qualified electronic registered delivery service verifies the identity of the sender and the recipient in accordance with the standards applicable to said service before issuing to the sender proof of the electronic deposit of said data. This service provider must also retain said proof for a period which may not be less than one year.
As for the procedures for issuing certificates of conformity, the application for the qualified device for creating an electronic seal or electronic signature is filed with the national authority for trust services for electronic transactions, which represents the General Directorate for the Security of information systems belonging to the National Defense Administration. These certificates are then issued according to the validity period of the technical evaluation certificates of said device. The duration cannot exceed 5 years.
The new legislative text, drafted by the National Defense Administration, has the essential objective of playing a crucial role as an essential foundation, alongside other legal provisions related to the areas of cybersecurity and digital trust. Therefore, it contributes to consolidating trust in electronic transactions and to fostering the improvement of the activities of public and private services.