Skip to content
Gradion
Review a specific workflow
|Firma Digital

Electronic signature: when it works, when it doesn't

Ivor Padilla

by Ivor Padilla

Co-Founder & Engineering Director

Electronic signature: when it works, when it doesn't

Electronic signature: when it works, when it doesn't, and how to integrate it into your case file

Electronic signatures save time, but only when you have the right level for the right act, and when the signing process is embedded in your case file workflow rather than bolted on as an afterthought. In this post you will learn exactly when each tier of electronic signature is legally accepted in Spain, when a court, land registry, or notary will reject it, and how law firms that have stopped chasing signatures for days at a time actually do it.

TL;DR: The eIDAS Regulation (EU 910/2014) creates three tiers: simple, advanced, qualified. Only qualified signatures are fully equivalent to a wet signature under EU law. Courts and registries reject the others for specific acts. The bigger operational problem is not picking the right tier. It is sending out a document package before it is complete.

The three tiers of electronic signature and what each one means

There is not one type of electronic signature in Europe. There are three, and they carry different legal weight.

The eIDAS Regulation (EU) 910/2014 distinguishes three categories of electronic signature in Article 3. A simple electronic signature is data in electronic form attached to or logically associated with other electronic data and used by the signatory to sign: a typed name at the foot of an email, a click on "I accept" inside a platform. An advanced electronic signature meets the technical requirements of Article 26: it is uniquely linked to the signatory, capable of identifying them, created using data under their sole control, and linked to the signed content so that any later tampering is detectable. A qualified electronic signature is an advanced signature created with a qualified signature-creation device and based on a qualified certificate issued by a supervised trust service provider.

Article 26 of eIDAS sets out the four requirements any advanced electronic signature must meet: (a) it must be uniquely linked to the signatory, (b) it must be capable of identifying the signatory, (c) it must be created using data that the signatory can, with a high level of confidence, use under their sole control, and (d) it must be linked to the signed data in such a way that any later modification is detectable. Most commercial signing platforms used in law firms meet these four criteria, which is why advanced signatures are the practical default for private-law relationships.

Spain's Law 6/2020 (11 November) regulates specific aspects of electronic trust services as a complement to the eIDAS Regulation, repealing the earlier Law 59/2003. It sets out the conditions for providing these services and the legal framework for electronic signatures under Spanish law.

A common misconception is that anything short of a qualified signature is legally worthless. It is not.

Article 25.1 of eIDAS is explicit: an electronic signature cannot be denied legal effect or rejected as evidence in court proceedings "solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures". In other words, a simple signature can carry evidential weight. What changes with the assurance level is not whether the signature is valid, but how much of the burden of proof sits with the party challenging it.

For most private-law relationships (a service agreement with a corporate client, a fee mandate, a confidentiality agreement), an advanced electronic signature is sufficient. Both parties can identify each other, the document is tamper-evident, and if someone later disputes the signature, the burden is on them to prove a problem.

For acts where the law requires something equivalent to a wet signature, the bar is higher:

Article 25.2 of eIDAS sets out, in a single sentence, the equivalence that matters most for law firms: "A qualified electronic signature shall have the equivalent legal effect of a handwritten signature". It is the only category of electronic signature that the EU legislator directly equates to a wet signature, and the reason qualified signatures remain essential whenever the law requires a "handwritten" or "manuscript" signature.

The practical rule: advanced for private-law commercial relationships; qualified when dealing with public administrations or when the applicable statute explicitly requires a handwritten signature.

When it doesn't work: the cases where courts, registries and notaries reject it

This is the section that generic explainers skip. Here are the specific situations where electronic signature, regardless of tier, will not be accepted.

Notarial acts: no substitute for the notary

Under Spain's Notarial Law, notarial execution (a public deed drawn up before a notary) is required for certain acts: incorporation of companies, sale of real property, powers of attorney, donations of immovable property, inheritances and wills. In these cases, electronic signature cannot replace the requirement for execution before a notary, although the document may be stored or transmitted electronically after it has been executed.

There is no workaround here. An advanced or qualified electronic signature on a Word document does not make it a public deed. Coordinating attendance (or remote notarial appearance through the platforms now permitted for certain acts) is still required.

Representation before public authorities

Articles 5 and 6 of Spain's Law 39/2015 on Common Administrative Procedure require that anyone acting in another person's name before a public authority (to file requests, lodge appeals, withdraw claims or waive rights) must formally evidence their authority to act. The law accepts "any means valid in law" and specifically recognises a power of attorney granted apud acta through the relevant electronic portal or an entry in the electronic register of powers. In practice: a client's electronic signature on a document does not by itself prove the representative's authority. The representative's mandate has to be evidenced first.

For law firms this is an operational step that must happen before the actual submission, not alongside it.

What public authorities do accept electronically

Article 10 of Spain's Law 39/2015 sets out which signatures Spanish public administrations accept for electronic submissions: qualified and advanced electronic signatures based on qualified certificates issued by providers on the "Trusted List of Certification Service Providers", equivalent electronic seal systems, and any other system the administration expressly approves after prior registration. In practice for a law firm, filing with a public authority using a qualified certificate from a listed provider is always safe, while a simple email signature is never accepted for this purpose.

Public procurement

Article 140 of Spain's Public Contracts Law (Ley 9/2017) requires that bids in public procurement procedures be accompanied by a declaration of responsibility that is properly signed and identified. In practice, the electronic procurement portals used by Spanish contracting authorities require at least an advanced electronic signature based on a qualified certificate. The specific level is set by each tender's technical specification and the contracting authority's electronic platform, so the safest approach is to check the requirements in the procurement documentation before preparing the bid.

Court proceedings: when the authenticity of an electronic document is challenged

Article 326 of Spain's Civil Procedure Law (LEC) governs how electronic documents are treated as evidence. If a qualified trust service provider listed on the EU Trusted List was used, the document is presumed to meet the challenged characteristic (authenticity, integrity, accurate date and time) and the burden of proof shifts to the party challenging it. If a non-qualified service or no trust service at all was used, the document is still admissible but the court follows the general rules on contested private documents, which can require the party relying on the document to prove it.

The practical consequence is asymmetric risk. If you used a qualified provider, the opposing party has to disprove the signature. If you used a simple mechanism (a typed name in a PDF), you may need to prove it yourself. The stronger the tier, the smaller the evidentiary burden on you.

A note for UK readers. Everything above is framed by Spanish and EU law: the eIDAS Regulation, Ley 6/2020, Ley 39/2015, the LEC and the LCSP. If you are advising from England, Wales, Scotland or Northern Ireland, the equivalent framework sits in UK-retained eIDAS and the Electronic Communications Act 2000, with separate guidance from HM Land Registry on electronic conveyancing and specific rules for deeds and powers of attorney. The three-tier concept still helps as a mental model, but the exclusions are different. If you are running cross-border matters with Spanish counterparties, do not assume that an eIDAS-qualified signature will be treated the same way in a UK court or by a UK registry. Map the equivalents in your own jurisdiction before you rely on it.

The operational trap: having a signing tool is not the same as having a signing workflow

The problem in most firms is not that they chose the wrong tier. It is that they launch the signing process before the document package is ready.

A typical scenario: the case manager sends a signing link because the engagement letter is "basically finished". The client opens it and notices the wrong company name, a blank field, or a missing attachment. The signing link is now useless. The document is corrected, resent, and the client has to be reminded to notice the new email. Two or three days later, after two or three rounds of back-and-forth, the letter is finally signed.

In the projects we have worked on at Gradion, the bottleneck is almost never the act of signing. It is the steps before: locating the final version of the document, confirming it is complete, and reminding the signatory. In the cases we have observed, chasing a signature can generate between 2 and 4 email exchanges and two or three days of unnecessary delay, not because the signing technology failed, but because the package left incomplete.

This maps onto two operational tasks that every law firm handles but few have systematised:

  • Preparing the file for signature: compiling annexes, validating minimum completeness, requesting any missing pieces, assembling the package. The underestimated part is the completeness check: the "nearly ready" document that is still not fit for purpose.
  • Coordinating the signing: aligning availability, confirming the appointment, adjusting for delays, coordinating remote or in-person signing across multiple parties. The underestimated part is the cascading rescheduling when one participant is unavailable.

Without these two steps running systematically before a signing link goes out, the saving that electronic signature promises is partially or wholly lost.

How to integrate signing into the case file workflow

A signing workflow that reliably prevents the scenarios above has four components.

1. Completeness checklist before dispatch. A defined list of conditions that must be met before the signing link is generated: document version confirmed as final, all annexes attached, signatory details verified (name, role, email or portal login), authority to sign confirmed (especially for corporate signatories). This sounds obvious. In practice it is rarely written down.

2. Status visible to the team. Every open signing request should be visible on the case file: who needs to sign, whether the link has been opened, whether it has been completed. Not buried in someone's email inbox. If the case handler is on holiday, their colleague should be able to see the status in thirty seconds.

3. Automatic reminders. One automated reminder sent 48 hours before a deadline eliminates most manual chasing. The reminder does not need to be personalised. "The document at [link] is still awaiting your signature" is enough.

4. An evidence log. For every signed document: who signed, when, from what IP address, using what certificate. This log should be stored alongside the case file, not only inside the signing platform. If the platform changes, the evidence should not go with it.

Before choosing a signing provider, verify that it appears on the Ministry of Economic Affairs and Digital Transformation's Trusted List of authorised qualified trust service providers. At the time of publication, this is the official reference for confirming that a provider can legally issue qualified electronic signatures under eIDAS. Any provider not listed cannot do so.

How we are solving this at Gradion

The integration that is missing in most firms is not a better signing provider. It is the completeness checklist running before the package goes out, combined with status visibility that does not require anyone to chase an email thread, and an evidence log that lives with the case file rather than inside the signing platform.

This connects directly to how we approach document management for law firms: the signature is the final step of the expediente lifecycle, and its reliability depends on everything that comes before it (the status of the expediente, the completeness of the annexes, the authority of the signatory) already being in order. Future posts in this cluster will cover expediente status and número de expediente in more depth.

Gradion runs 10-day pilots at a fixed price. The output is in production, not a slide deck.

Want to see how this would work in your firm?

10-day pilots, fixed price, result in production.

Request a demo →

Frequently asked questions

Is a DNIe (Spanish national ID card) signature valid for law firm use?

Yes, in general. The Spanish national identity card can be used for electronic signature and, when a qualified certificate is used, that signature has the equivalent legal effect of a wet signature under Article 25.2 of eIDAS. Its practical limitation for law firms is that it requires the signatory to have an active reader setup, which many individual clients do not. For client-facing signing, commercial platforms with qualified certificates are often more practical; confirm the exact technical specification with the provider before relying on it for high-value matters.

Can my client sign from their mobile phone?

It depends on the signing platform and the tier required. Simple and advanced electronic signatures are routinely completed on mobile devices by most commercial platforms. Qualified signatures require access to the signatory's qualified certificate, which may be stored on a hardware token (USB or smart card) that is not easily accessible from a phone. Some providers offer cloud-based qualified certificates that are mobile-compatible. Check your provider's technical specifications.

What happens if the other side challenges the signature?

The answer depends on what tier was used. If a qualified trust service provider listed on the EU Trusted List was used, the signature is presumed authentic under Article 326 of the LEC, and the opposing party must disprove it. If a simple mechanism was used (a typed name, a checkbox), you may need to demonstrate authenticity yourself, typically through access logs, email correspondence and platform audit trails. The stronger the assurance tier, the smaller the evidentiary burden on you.

How long should signing evidence be retained?

There is no single answer. It depends on the nature of the document, the statute of limitations applicable to the underlying obligation, and any sector-specific retention rules (employment, tax, consumer, commercial). Confirm the exact periods with your compliance adviser for each document type. The general principle: keep the evidence for at least as long as the underlying obligation could be disputed, and store it in a location that does not depend on the signing platform's continued existence. If the provider changes, the audit trail should still be accessible.

Does eIDAS apply in the UK after Brexit?

This post describes the framework that applies to Spanish and EU matters. The UK operates its own regime (a retained version of eIDAS plus the Electronic Communications Act 2000) and HM Land Registry has separate requirements for electronic conveyancing and deeds. For cross-border work with UK counterparties, map the equivalents in UK law before relying on an eIDAS-qualified signature outside the EU, and take local advice for the specific matter and registry involved.

More articles

Accounting advisory in Spain: what it does and costs
Gestorias Asesorias

Accounting advisory in Spain: what it does and costs

Accounting advisory in Spain: what it does and costs If you are a freelancer or small business owner in Spain trying to work out whether you need an accounting advisory (asesoría contable), or if you run a practice and want to understand where your team's hours actually disappear every month, this is the post for you. The service is widely used but poorly explained, and it is routinely confused with two adjacent services (gestoría and asesoría fiscal) that do related but distinct work. This ar