Skip to main content
On-demand Momentum 2021. Watch now
Sales 1-877-720-2040
Support Access Documents Log In
  • Products

    Agreement Cloud

    Industry-leading applications, integrations, and APIs

    Learn More
    • Electronic Signature The world's #1 way to sign electronically
    • Contract Lifecycle Management Organized, automated document workflows
    • Contract Analytics Analyze and negotiate agreements with proven AI
    • Document Generation Generate documents from inside Salesforce
    • See All Products

    Other Products

    Payments Guided Forms Clickwraps See All Products

    Integrations

    Salesforce Workday SAP See All Integrations
  • Solutions

    Industries

    Financial Services Insurance Real Estate Mortgage Government Education Healthcare Life Sciences See All Industries

    Departments

    Sales Human Resources Procurement Legal See All Departments

    Business Size

    Enterprise Small Business Individual

    Customer Success

    We'll implement the cloud for you

    Learn More

    Explore

    Customer Stories

    Partners

    Partner Program Partner Login
  • Developers

    API Overview

    Integrate our secure, trusted APIs to incorporate eSignature, clickwraps, and more

    Developer Center

    Our Developer Center has everything you need to implement DocuSign in your product

    Quick Links

    • Free Developer Account Explore a full-featured version of DocuSign for free with no obligations
    • Developer Training Learn about DocuSign through our free, self-paced, guided courses
    • Developer Blog Insights on digital transformation from the DocuSign development team
  • Pricing

    Explore

    eSignature Plans Real Estate Plans API Plans

    Contact Sales

    Find the perfect price with the help of our sales team

    Get In Touch
Support Center Resource Center Legality Guide Access Documents

Indigo Nav CTAs

Log In Contact Sales Free Trial

You are here

Home › ID CHECK FOR AES ATTACHMENT for DOCUSIGN SIGNATURE

ID CHECK FOR AES ATTACHMENT for DOCUSIGN SIGNATURE

  • Share this on Facebook
  • Share this on Twitter
  • Share this on LinkedIn
  • Share this on GooglePlus
  • Share this on Email

Service Attachment version date: October 23, 2019

Unless otherwise defined in this Service Attachment, capitalized terms will have the meaning given to them in the Agreement.

1.    DEFINITIONS

“Advanced Electronic Signature” (or “AES”) means advanced electronic signature as defined in Article 3-11 of eIDAS.

“Certificate(s)” means the Certificate generated by the CA via the Service for a Signer, which attests the unique link between the Signer Information and a Public Key. The Public Key is uniquely associated with a Private Key managed by DocuSign France. In this case, the term “Certificate” means the certificate for electronic signature, as defined in Article 3-14 of eIDAS, generated by DocuSign France to the benefit of a Signer.

“Certification Authority” (or “CA”) is DocuSign France, the authority that generates Certificates and manages the Certificate lifecycle (issuance, renewal, revocation) on the request of the Registration Authority, in accordance with the rules and practices defined in its Certificate Policy(ies) and the associated Certification Practice Statement.

“Certificate Policy(ies)” (or “CP”) means the set of rules published by the CA. A Certificate Policy describes the general characteristics of the Certificates as well as the obligations and responsibilities of the CA, the RA, Signers, Certificate requesters, and any other PKI component involved in the management of a Certificate lifecycle. The Certificate Policy(ies) of DocuSign and its (their) successive update(s) can be accessed on DocuSign’s website (https://www.docusign.fr/societe/certification-policies), and are an integral part of this Service Attachment. For the purposes of this Service Attachment, the applicable OID is 1.3.6.1.4.1.22234.2.14.3.32.

“Certificate Revocation List” (or “CRL”) means the list of invalid Certificates that have been revoked before their expiration date. CRLs are issued periodically and are digitally signed by the CA that issued the Certificates in the list. The URL for where to find the CRL is contained in the Certificate.

“Documentation” means the commercial, functional, and technical documentation relating to the Service and provided by DocuSign to Customer, including Certificate Policies. Documentation can be in a paper format, on a magnetic storage medium or in any other format used by DocuSign.

“DocuSign France” (or “DSF”) means DocuSign France SAS, an Affiliate of DocuSign.

“eIDAS” means EU Regulation No. 910/2014.

“ID Check for AES” (or “Service”) means the DocuSign ID Check for AES service which provides (i) Advanced Electronic Signatures, (ii) the RA online interface and (iii) evidence storage services. The Service is accessible via DocuSign Signature.

“Major Security Incident” means activity on or affecting: (i) the Service and/or (ii) Signer’s data, that is likely to result in a loss of integrity, confidentiality, availability and/or proof in the Service, including the Signer identification operation made by CA, Signer revocation requests made by Customer, personal data storage in DocuSign Signature and the DocuSign Signature and Signer signing operation.

“Private Key” means a mathematical key, associated to the Public Key, that is secret, uniquely contained within a hardware security module (HSM), and remotely activated by the Signer to sign eDocuments. For the purposes of this Service Attachment, the Private Keys are generated for only the purpose of a single Transaction and are erased after the completion of such Transaction.

“Registration Authority (or “RA”) is DocuSign France, the entity that registers requests for the issuance, renewal, and revocation of Certificates. The RA collects electronic copies of Signer’s ID document to verify the name of the Signer and to constitute evidence of the Signer’s identity. The RA interacts directly with the CA and uses DocuSign Signature to interact with the Signer.

“Registration Policy” means the procedures and rules defined and implemented by the Registration Authority in order to identify and authenticate Signers, to verify and store supporting documents for Signers’ registration, and to register requests to issue, renew, and revoke Signer Certificates.

“Signer(s)” means any individual who signs eDocuments with the Service.

“Signer Information” means the set of personal data (including name, email address, mobile phone number, and copy of an official ID document) used to identify a Signer.

“Transaction(s)” means the performance of a signature process, defined by a set of eDocuments submitted for electronic signature, by one or more Signers via DocuSign Signature.

“Vulnerability” means a path in the Service, data or in the Customer system that may lead to a Major Security Incident.

2.    ADVANCED SIGNATURE

2.1  The parties acknowledge and agree that: (a) DocuSign France is a "trust service provider" for the purpose of providing the Service; (b) where Customer contracts with DocuSign for the provision of the Service and related certification services, DocuSign is authorized to act as an agent for and on behalf of DocuSign France for the purpose of contracting with Customer while DocuSign France is the entity providing the actual delivery of any Advanced Electronic Signature and Certificates; and (c) the use of the Service is conditional upon Customer adhering to the terms of this Service Attachment.

2.2  During the Term and subject to the terms and conditions of this Service Attachment, Customer will have the limited right to send eDocuments to Signers to be signed with the Service via DocuSign Signature. The right to use the Service is limited to Customer’s authorized Signers. Customer and its agents may not resell or otherwise provide or assist with the provision of the Service: (a) for the benefit of another party; (b) as a part of a service Customer offers to third parties; or (c) as a sublicensed or service bureau arrangement.

2.3  Customer acknowledges and agrees it has been or hereby is fully informed by DocuSign that:

(a) the Service is based on DocuSign’s applicable Certificate Policies;

(b) The Certificate Policies constitute essential commitments from DocuSign to any third party relying on the Service; and

(c) The Certificate Policies have been or will be made available to Customer before the Order Start Date of the Service and can be accessed on DocuSign’s website, https://www.docusign.fr/societe/certification-policies.

3.    CUSTOMER RESPONSIBILITIES.

3.1  Customer acknowledges having received from DocuSign all of the information it requires to assess whether the Service meets its needs and to take all necessary precautions for the implementation and operation of the Service.

3.2  Customer shall employ measures to send information to RA supporting the issuance of Certificates that is accurate and complete. Customer acknowledges that DocuSign does not verify Signer’s mobile phone number and email address information.

3.3  Customer is responsible for the accuracy and completeness of the information sent to DocuSign for the issuing of Certificates. DocuSign disclaims all liability regarding the accuracy of the Signer Information communicated by Customer and Signer.

3.4  The Service can be accessed by Customer by means of a secure remote connection. ACCORDINGLY, CUSTOMER IS SOLELY RESPONSIBLE FOR ANY AND ALL CONSEQUENCES ARISING FROM THE UNAUTHORIZED USE BY A THIRD PARTY OF ITS PRIVATE KEYS AND CERTIFICATES ENABLING ACCESS TO THE SERVICE, REGARDLESS OF THE MEANS BY WHICH THEY WERE OBTAINED FROM CUSTOMER.

4.    DOCUSIGN RESPONSIBILITIES

4.1  Trust Service Provider (TSP). DocuSign shall make commercially reasonable efforts to: (a) ensure it and its Affiliates’ data centers and information technology are secure and trustworthy; (b) verify each Signer’s name against a copy of a valid official ID document provided by Signer within the Service; and (c) ensure that electronic signatures created with the Service, subject to the Customer fulfilling its responsibilities under this Service Attachment, will conform with the definitions of advanced electronic signature set out in Article 3-11 of eIDAS.

4.2  Certification Services. DocuSign France, in its capacity as CA and RA, shall be responsible for the proper functioning of the Service’s components and the compliance of its Certificate management system and procedures with the provisions set forth in applicable Certificate Policy(ies). DocuSign France shall technically manage the lifecycle of Certificates throughout their validity period in accordance with the terms and conditions defined in the applicable Certificate Policies.

5.    REVOCATION

5.1  Revocation Generally. In its capacity as CA, DocuSign France enables Signer to report inaccurate Signer Information. These reports are revocation requests. If DocuSign receives an authenticated online revocation request through the Personal Certificate Revocation Request Form (located at https://www.docusign.fr/revocation) from the Signer within the first ten (10) days after a Certificate is issued, DocuSign shall add the Signer’s Certificate to the Certificate Revocation List maintained and published by the CA. If the DRA is made aware of inaccurate Signer Information, the DRA must report the incident as described in Section 6.

5.2 A revocation recorded after the execution of an AES does not invalidate de facto that AES. Revocation information will be available from the CA that publishes the CRL. In the event of end of life or other stoppage of the Service, a CRL will be generated and archived at DocuSign France.

6.    INCIDENT REPORT

6.1  Customer acknowledges that DocuSign France, as TSP, must report certain incidents to its supervisory body (ANSSI). Customer shall notify DocuSign within twenty-four (24) hours of discovering a Major Security Incident or Vulnerability (“Incident Report”). Notwithstanding this Section 6.1, Customer is not obligated to report a Vulnerability to DocuSign if a patch to the Vulnerability exists and Customer deploys such patch to all affected systems within three (3) days of discovering such Vulnerability.

6.2  Incident Report. Each Incident Report shall, at a minimum and as applicable, include:

(a) Name, description, and exact location of the compromised system;

(b) Description, impact, current status, and list of individuals affected by the incident;

(c) Date and time of when the incident occurred and when Customer first discovered the incident;

(d) Description of Customer’s remediation efforts, current status of such remediation efforts, and the date the Customer initiated remediation efforts;

(e) Type of compromise;

In the case of a hack, the source of the attack;
In the case of an accident, a description of the cause of the accident;

(f) Whether Customer has filed a complaint or report to any applicable authority;

(g) Name of any law enforcement agency contacted about the incident;

(h) List of customers using the Service and their locations; and

(i) Exact type of information exposed during the incident.

6.3      Customer shall ensure that Incident Reports are accurate. If an Incident Report contains inaccurate information, Customer shall promptly notify DocuSign and update the Incident Report within seventy-two (72) hours of discovering such inaccuracies or as otherwise agreed upon between Customer and DocuSign.

7.    AGREEMENT ON PROOF

7.1  Except where provisions to the contrary exist, computerized records stored in the information systems of DocuSign and its Affiliates using reasonable security measures are accepted as proof of the communications and agreements between the Parties.

7.2  DocuSign may use, including for the purposes of providing evidence or establishing an invoice, any document, file, recording, monitoring report or statistic in any medium, including an electronic medium that has been directly or indirectly created, received or stored by DocuSign in a database.

8.    WARRANTIES AND DISCLAIMERS

8.1  DocuSign Service Warranties. DocuSign warrants that during the applicable Term, the Service, when used as authorized under this Service Attachment, will perform substantially in conformance with associated Documentation. Customer’s sole and exclusive remedy for any breach of this warranty by DocuSign is for DocuSign to repair or replace the affected Service to make it conform, or, if DocuSign determines that the foregoing remedy is not commercially reasonable, then either Party may terminate this Service Attachment.

8.2  Disclaimer. Except for the express representations and warranties stated in this Section 8 (Warranties and Disclaimers), DocuSign: (a) makes no additional representation or warranty of any kind as to any matter whatsoever; (b) disclaims all implied warranties, including but not limited to merchantability, and fitness for a particular purpose, and title; and (c) does not warrant that the Service is or will be error-free or meet Customer’s requirements. Customer has no right to make or pass on any representation or warranty on behalf of DocuSign to any third party.

9.    THIRD PARTY CLAIMS. In addition to the third party claims obligations set forth in the Agreement, Customer shall indemnify DocuSign and its employees, Affiliates, directors, agents, and representatives (“Indemnified Parties”) from, and defend DocuSign and the Indemnified Parties against, any Claim to the extent arising from or related to: (a) any representations or warranties regarding the Service made by Customer to any third parties (including without limitation Signers) not authorized by DocuSign; and (b) non-performance of any obligations by Customer defined under this Service Attachment and the applicable Certificate Policy.

  • PRODUCTS
    • eSignature
    • Contract Lifecycle Management
    • Document Generation
    • Contract Analytics
    • See All Products
  • PRICING
    • eSignature Plans
    • Real Estate Plans
    • API Plans
  • PARTNERS
    • Partners Overview
    • Partners Login
  • DEVELOPERS
    • Developer Center
    • Open Source
  • SUPPORT
    • Customer Success
    • Support Center
    • Introduction to eSignature
    • Knowledge Market
    • DocuSign University
    • Community
  • RESOURCES
    • Why DocuSign
    • Resource Center
    • Blog
    • Events
    • Webinars
    • Legality Guide
    • Trust Center
  • COMPANY
    • About Us
    • Leadership
    • Careers
    • Talent & Career Development
    • Benefits
    • Diversity & Inclusion
    • Investor Relations
    • News Center
    • DocuSign For Forests
    • DocuSign Impact
    • DocuSign Momentum
    • Contact Us

Trending Topics

Trending Topics

  • Streamline your contract lifecycle
  • Collaborate and close on a single platform
  • The DocuSign Agreement Cloud™
  • Accelerate your finance, HR and planning agreements
  • DocuSign Identify

Social Links Indigo

View DocuSign on Facebook View DocuSign on Twitter View DocuSign on YouTube View DocuSign on LinkedIn

Download Links

Footer Legal Links

Terms of Use Privacy Policy Cookie Settings Intellectual PropertyModern Slavery Act Statement
© DocuSign Inc. 2021