1. A document is considered to be validly signed if an e-signature is created on the document during the validity period of the qualified certificate. Certificates issued by Evrotrust Technologies AD are valid for 2 years.
2. In general, the date of signing cannot be verified based on the qualified e-signature in itself because the local time setting of the system used to create the signature can be manipulated. It is recommended to use a qualified timestamp to prove the date of signing the document. The timestamp binds the signature to a specific time by using a special timestamp token issued by Evrotrust as a Qualified Trust Service Provider (QTSP). The token can be attached to the signed document in compliance with different standards. Evrotrust uses the most advanced method, i.e. LT (Long Term) electronic signature format, which is considered by Adobe PDF validation to be LTV (long term validation) format. Later on, the format will be extended to LTA (long-term archive) format to ensure provability in the future. This format ensures that the document, the signature, the attached timestamp, the online certificate status protocol (OCSP), and the certificate revocation list (CRL) are all time-stamped as a package, so that external systems can automatically verify the entire package, i.e. ultimately the validity of the qualified e-signature and timestamp.
3. However, in order to enable the long-term storage of electronically signed documents and the automatic verification of the signature and the time stamp, it is recommended to use a special qualified service: the Qualified Preservation Service. This is necessary because timestamp tokens are signed by trust service providers with a certificate issued for the specific purpose of signing timestamps, that is valid for 5 years in the case of Evrotrust and most of the QTSPs. Once the certificate which has been used for signing the timestamp tokens expires, the validity of the tokens cannot be verified, so it cannot be automatically verified whether the relevant documents are validly signed. The Qualified Preservation Service enables time-stamp tokens to be “extended” to maintain their validity continuously by ensuring that the signed document package is re-stamped before the time stamp placed on it expires (or for security reasons). The Qualified Preservation Service enables the long-term (> 10 years) automated verification of the validity of the signature.
4. From a legal point of view, the expiration of time-stamp tokens does not affect the temporal validity of the e-signature, although it makes it impossible to verify the validity of the signature in the long run. However, it should be noted that this does not prevent the affected party or the stakeholder from verifying the validity of the signature manually. The validity of a qualified e-signature can be verified manually by the stakeholder checking the EU Trusted Lists of Trust Service Providers and, if necessary, the public register of certificates issued by the QTSP and the CRLs published. In other words, the validity of a signature is not “lost” in time.
The Evrotrust Technologies AD retains all documents signed in the Evrotrust application by a qualified e-signature certificate issued by Evrotrust for ten years. (general term 11.3.)
Rules for deleting documents on the Platform
You can delete a private document created with QuickSign at any time.
DirectSign and BusinessSign
You must request the deletion of a document created using DirectSign or BusinessSign by sending an email to firstname.lastname@example.org:
1) "Please delete the following DirectSign / BusinessSign documents."
2) The email address registered in your Business account
3) Link to the document you want to delete