6 min read

The General Counsel’s Dilemma: Security vs. Business

At the General Counsel’s desk, the tension is constant. On one side, the executive team demands speed to close deals and digitise the company. On the other, the legal instinct leans towards maximum caution: “If it’s not the same as signing before a notary, it’s not good enough”.

That fear often pushes companies to ask for Qualified Electronic Signature solutions, believing it is the only safe standard. In practice, however, requiring customers and suppliers to have a qualified certificate installed (or card readers) brings contracting to a standstill.

For 99% of private contracts (B2B and B2C), Advanced Electronic Signature is the right standard, balancing evidential strength with how business actually works. Below we set out the 5 technical and operational criteria you should require from your provider to sleep soundly.

1. Busting the Myth: eIDAS Validity Without Friction

The eIDAS Regulation (EU 910/2014) is clear: legal effect cannot be denied to a signature solely because it is in electronic form. What matters is the ability to prove identity and integrity.

The buying criterion: Avoid simple signature (a single click with no traceability) for higher-risk contracts, but do not insist on qualified signature for day-to-day use.

  • The balanced solution: Require Advanced Signature with OTP (One Time Password).
  • Why it works: By sending an SMS code to the signer’s mobile, you link the signature to a personal, unique device (something the signer “has”). Together with access to their email (something they “control”), this creates a double link to identity that is very hard to repudiate in court, without requiring the other party to have any technical setup.

The legal department does not only review contracts; it designs the company’s contracting flows. When choosing a solution, you need to consider how those agreements will be created. A mature provider should offer two environments:

Ideal for the in-house legal team handling one-off contracts (ad hoc): confidentiality agreements (NDAs), shareholder agreements, settlement agreements or senior management contracts.

  • The advantage: The lawyer uploads the final PDF to the platform, sets up the signers and monitors status.
  • Full control: You can see who has signed and manually download the evidence certificate for the litigation or project file.

B. API Integration (For the “Contract Factory”)

When legal has approved standard templates (Terms and Conditions, Loan Agreements, Qualified Supplier Agreements), the goal is that no one can change the approved clauses.

  • The advantage: API integration lets the ERP or company website generate the contract using templates locked by Legal.
  • Automatic compliance: The system sends the document for signature with no human step. This ensures that 100% of signed contracts use the latest version of the data protection or liability limitation clause approved by the legal director.

3. The Real King of Evidence: The Audit Trail

In a dispute, the contract PDF is not the only focus; the judge and IT expert will look just as closely at the Audit Trail or Evidence Certificate. If the signature platform does not produce this, the contract may be worth little.

What you should require in the Audit Trail:

  • Self-contained: The evidence document must contain all the technical information needed for validation by an independent expert, without relying on the provider’s internal logs.
  • Traceability data: Source and destination IP addresses, browser, operating system and IP geolocation.
  • Chain of custody: A precise (second-by-second) record of the request, email delivery, document opening, viewing and final signature.

4. Document Integrity: Hash Technology

A lawyer’s main concern is not always “who signed” but “that no one has changed the contract after it was signed”. This is where technology beats paper.

The technical criterion:
Ensure the provider closes the contract with a Trust Service Provider digital certificate and applies a Hash (SHA-256) algorithm to the final document to obtain its unique digital fingerprint.

  • The legal effect: This guarantees immutability. If anyone tries to change a figure, date or comma in the PDF after signing, the hash is broken and the document will show the signature as “invalid” in any PDF reader (such as Adobe Acrobat). It is a mathematical guarantee of integrity that goes beyond a stapled paper document.

5. Beyond Signature: Certified Notifications

Legal work involves many communications that do not need a signature but do need proof of delivery (breach notices, changes to terms of service, board meeting notices).

The “Legal Suite” approach:
Choose a platform that combines Electronic Signature with Certified Email.

This lets the legal department centralise all digital evidence with a single provider. Being able to prove that a tariff update or automatic renewal clause was notified with content certification is as important as having the original signed contract.

Frequently Asked Questions (FAQs)

Can an advanced signature be repudiated in court?
In theory, any signature can be challenged. However, the burden of proof shifts sharply. With a handwritten signature, you rely on a handwriting expert (subjective). With advanced electronic signature and a robust Audit Trail, you provide objective data (IP, OTP, timestamp) that make repudiation very difficult. Case law is strongly in favour of the validity of this type of evidence.

Do I need a “Trusted Third Party” or can I do it in-house?
Legally, it is essential that the evidence is generated and held by a third party independent of the parties (the trust service provider, such as eEvidence). If you generate the signature logs yourself, the court may see you as “judge and party” and may consider that the data could have been altered.

What if I use the API for mass contracts and there is an error in the template?
The advantage of the API is the ability to correct quickly: the legal department can update the documents in pending requests and mark completed ones as obsolete and restart them.

How long is the evidence retained?
The market standard is a minimum retention period of 5 years, in line with the limitation periods for most civil and commercial claims. Make sure your contract with the provider guarantees that evidence remains available for this period, and check whether it offers retention even after you stop being a customer.

Conclusion

Legal certainty should not hold the business back; it should be its safety net. An advanced electronic signature service that combines flexible management (console + API) with a robust forensic Audit Trail offers far more assurance than traditional paper filing.

The modern General Counsel’s role is to enable commercial speed while protecting the integrity of agreements; advanced electronic signature is the tool built for exactly that purpose.

Ready to get started?

Contact us to share your business project or register now to start trying our services today

Contact us Register now