Luxtrust certificate: a difficult legal remedy after the upgrade
If you are a Luxtrust customer, you have certainly received the email below entitled "upgrading your certificate" informing you of the change of qualification of your Luxtrust token from "advanced" to "qualified" on July 7, 2019 You regularly use these electronic signature devices to identify you on different government platforms such as MyGuichet , your online banking account, or other online services that require strong identification.
What is the impact of this status change for you as a user?
From the technical point of view, users of electronic certificates, also more commonly called 'electronic signatures', there will be no change for users. Tokens and other means of signatures do not have to be exchanged.
The main impact of the change for users is legal. The main difference between an "advanced" and "qualified" electronic certificate is in this case the reversal of the burden of proof in the event of a dispute.
What are the concrete impacts?
Users of electronic certificates do not have the same responsibilities in case of dispute.
With an advanced electronic signature
You currently have an "advanced" electronic certificate, your token. If a third party shows up with a contract signed with your certificate and you dispute the signature of the latter, you will refuse to execute the clauses that concern you.Since the signature used is "advanced", it will be up to the third party to bring the evidence in his possession that proves your identification at the time of signing the contract. The elements can be of different natures: email, visual identification, SMS code...
Training: Manage and control digital transactions
This training will allow you to master the different types of electronic signatures, their conditions of use, the procedures to set up and the authentication of third parties ...
What to do and what to choose?
There are two things to consider: continuity of service and management of your responsibility.
The continuity of the service
The decision is up to you to choose between an advanced or qualified certificate. The few organizations we contacted such as Myguichet and a few local banks assured us that they would continue to consider Tokens to be "advanced" or "qualified". However, this decision could be called into question in a few months with the entry into force of a new directive on payments and its interpretation by banks.However, it is unlikely that certificates that were previously accepted will be rejected. In the event of a change of policy by administrations or banks, it is always possible to change the certificate by an electronic signature of the "qualified" type. The cost will certainly be borne by the user.
Managing your digital responsibility
A "qualified" electronic signature must be carefully managed by its owner. You must have the same attitude with this Token as with your payment card: if you lose it, you must make an objection to the trusted authority that manages it. This signature will certainly open other services and allow you to identify you in the most reliable way. However, if you dispute a document that bears your electronic signature then you will have to bring the evidence.
Some tips about the qualified electronic signature
It is advisable not to multiply "qualified" electronic signatures / "qualified" electronic certificates because a "qualified" certificate should be able to be recognized by all European actors. These definitions are governed by European directives and regulations.It is also essential to know the quality of the certificate (s) you have in order to use them and keep them with the greatest attention.
Conclusion
The choice to stay with an advanced electronic signature is personal. In this decision, you will not make good or bad choices, but you must consider your use and handle these tokens with vigilance. However, this vigilance must be reinforced if your electronic certificates are "qualified"