Graphometric signature in 2026: is it still valid in court and when is it worth adopting

Between 2015 and 2020 the graphometric signature was sold as the most intuitive bridge between paper and digital: you sign with a pen on a tablet, the gesture feels familiar, and the document is born electronic. Banks put it on their counters, retail chains attached it to financing agreements, notaries and private healthcare providers used it for consent forms. The pitch was seductive: same handwritten gesture, none of the paper.

Then the disputes started. A large share of those deployments were never engineered to meet the conditions that actually give a graphometric signature legal value, so the first time a signer denied having signed, the document turned out to be worth far less than anyone had assumed. The real question in 2026 is not whether the technology works, but when a graphometric signature is worth using and when a simpler instrument would defend you better.

Here is the short version. A graphometric signature holds up only when it is built as a proper advanced electronic signature under eIDAS, with the biometric behaviour of the signing gesture captured, encrypted, and tied to the specific document. Engineer that correctly and it is a solid choice for in-person scenarios. Get it wrong and you are left with a picture of a signature that proves almost nothing.

This insight is part of our guide: advanced electronic signature under eIDAS

What a graphometric signature is, and why it counts as an AES

A graphometric signature is an advanced electronic signature (AES) that records the biometric dynamics of a handwritten gesture: not the static picture of your name, but the way you produced it. Regulation (EU) 910/2014 (eIDAS), article 26, sets four conditions for any AES. It must be uniquely linked to the signatory, capable of identifying the signatory, created with data the signatory keeps under their sole control, and linked to the signed data so that any later change is detectable. What lifts a graphometric signature above a plain electronic signature is that last condition taken seriously: the behavioural parameters of the gesture are bound to the hash of the document, so the signature and the content cannot be separated afterwards.

One thing it is not. A graphometric signature does not carry the automatic equivalence to a handwritten signature. eIDAS article 25(2) reserves that presumption for the higher tier built on a qualified certificate, the instrument we call a digital signature. An AES has legal effect and cannot be refused admissibility just because it is electronic, per article 25(1), but it does not inherit the handwritten-equivalence that the stronger tier enjoys. That single distinction sits at the centre of the four conditions an advanced electronic signature must satisfy, and it is where most confusion about graphometric signature legal value begins.

The technical requirements that make it valid

The gap between a graphometric signature valid in a dispute and one that collapses is almost always technical. To count as a real AES, the capture has to record the behavioural biometrics of the gesture: pressure, speed, acceleration, pen tilt and angle, and the rhythm of the stroke. These are the traits that make each signing personal and hard to imitate, and they are what a later examination would lean on.

That data cannot sit in the clear. The biometric parameters must be encrypted at the moment of capture, with the decryption key held in escrow by a trusted third party rather than by the company collecting the signatures, so no one on the receiving side can reconstruct or reuse them. The encrypted biometric block then has to be bound, indissolubly, to the hash of the exact document being signed, and the whole envelope sealed by the certifier or the process. Break that link and you can no longer prove which document the gesture belongs to.

Hardware matters too. A genuine graphometric signature needs an active-pen tablet that samples the dynamic traits at high frequency. A finger on a generic capacitive screen, or a signature drawn with a stylus that captures nothing but coordinates, produces a biometric signature tablet setup in name only: it looks the part and records none of the parameters that would survive scrutiny.

When a graphometric signature is challenged

This is where the tier distinction stops being academic. Because a graphometric signature is an AES and not a digital signature backed by a qualified certificate, it does not carry a presumption of attribution. When the signer disavows it and claims the gesture was not theirs, the burden of proving authenticity shifts to whoever is relying on the document. In practice that means commissioning a forensic handwriting examination of the captured dynamic data, an exercise that is slow, expensive, and never guaranteed to land in your favour. Under eIDAS this is the structural trade-off of the advanced electronic signature: real legal effect, but no automatic attribution, so the strength of your position depends entirely on the quality of the biometric evidence you managed to capture. If the parameters were thin or the binding was weak, that is exactly the moment you find out.

Graphometric signature vs certified OTP signature: which one to reach for

For most remote and many in-person flows, a certified OTP signature is the more defensible instrument, even though it captures no biometric data at all. The reason is counterintuitive: the graphometric signature stakes everything on biometric evidence that has to be defended by expert examination, while the OTP signature is defended by an audit trail that is far easier to reproduce and read.

An OTP signature identifies the signer through a one-time code sent to a channel they control, then records the whole sequence: the identity check, the code delivery, the timestamped consent, the document hash. When it is challenged there is a log to show, not a gesture to reinterpret. The graphometric signature, by contrast, plays to its strengths at a physical counter, where the person is present, a tablet is on hand, and the felt familiarity of signing by hand still carries weight with customers.

Aspect Graphometric signature Certified OTP signature
eIDAS tier Advanced electronic signature (AES) Advanced electronic signature (AES)
Biometric data captured Yes: pressure, speed, tilt, rhythm No
GDPR art. 9 exposure High: special-category biometric data None
Hardware needed Active-pen tablet Any device with a phone or email channel
Best fit In-person counters: banking, retail, notarial Remote and hybrid flows, high volume
When challenged Forensic exam of the dynamic data, costly and uncertain Replay the audit trail, faster and clearer
Automatic handwritten equivalence No No

Neither one reaches the presumption that a digital signature on a qualified certificate provides. Between the two, the OTP route usually holds up better under challenge and sidesteps the biometric data burden entirely, while the graphometric route earns its place where an in-person, pen-on-tablet experience genuinely matters.

Certifying the signing moment at the source: the TrueScreen approach

Whichever instrument you choose, the signature is only as strong as the proof of what was signed and when. TrueScreen closes that gap by certifying the signing moment at the source: it computes the hash of the document and binds it to a qualified electronic timestamp issued by an integrated third-party QTSP, so the integrity and the exact time of the act stay verifiable by anyone, independently, for years. No biometric data is collected along the way, which keeps the GDPR article 9 surface at zero.

On top of that source-level certification, TrueScreen offers certified, non-biometric electronic signing through its Document Signing and TrueLink features, an approach that lets you collect a legally effective signature and a verifiable record of the signing event without the escrow, the hardware, and the forensic overhead a graphometric deployment carries. TrueScreen does not issue qualified certificates and is not a certification authority: it integrates the qualified seal and timestamp of established QTSPs and adds the layer most signing tools skip, which is tamper-evident proof of the content and its moment. That is what makes the flow defensible, because its evidential weight rests on a verifiable timestamp and hash rather than on an expert opinion about a pen stroke. There is more on the certified signing options on the digital signature page, and on what a timestamp adds in timestamp vs digital signature: what each proves.

FAQ: graphometric signature and legal value

Is a graphometric signature legally valid?
Yes, when it is engineered as a real advanced electronic signature under eIDAS. It must uniquely link to the signer, stay under their sole control, and bind to the document so any later change is detectable. If those conditions are missing, its evidential weight is weak.
Is a graphometric signature an advanced electronic signature?
Yes. It is an AES under eIDAS article 26, because it captures the biometric dynamics of the gesture and ties them to the document. It is not the higher tier and does not get the automatic handwritten-equivalence of a digital signature.
What happens if a graphometric signature is challenged?
Because an AES carries no presumption of attribution, the burden of proving authenticity falls on the party relying on the document. That usually means a forensic examination of the captured dynamic data, which is costly and never guaranteed to succeed.
Is consent for biometric data required under GDPR?
Yes. The behavioural parameters a graphometric signature records are special-category biometric data under GDPR article 9, so processing needs a valid legal basis, typically explicit consent, along with encryption and key escrow with a trusted third party.
What is the difference between a digital signature and a graphometric signature?
A digital signature is built on a qualified certificate and carries the automatic equivalence to a handwritten signature under eIDAS article 25(2). A graphometric signature is an advanced electronic signature: legally effective, but without that automatic attribution.
When is a graphometric signature not valid?
When the technical requirements are missing: a finger on a generic capacitive screen, no capture of pressure or rhythm, unencrypted biometric data, or no binding to the document hash. In those cases it is a picture of a signature, not a defensible AES.

Certify your signatures at the source

With TrueScreen you bind a hash and a qualified timestamp to the signing moment, with no biometric data and full, independent verifiability of the document.

mockup app