Login

How to secure a document for years to come? Preservation of electronic signatures in practice

Can one party take care of signature maintenance for both? We answer what comes from the law and what comes from practice.
How to secure a document for years to come? Preservation of electronic signatures in practice

Does every party to a contract have to maintain an electronic signature?

In previous texts, we explained what a qualified timestamp is and how signature maintenance ensures the validity of documents for years. Now we raise an important question: can only one party to a contract take care of maintenance, or should both parties do it?

Who is responsible for maintenance?

There is no formal obligation for signature preservation to be carried out by both parties to a contract. Legally, it is sufficient for one party to stamp the document with a qualified timestamp and secure it against loss of credibility.

But beware - this solution is good only in theory.

In practice each party should independently take care of the maintenance of its copy of the document. Why?

  • If only one party initiates maintenance, only he or she will have proof of the validity of the signatures.
  • The other party, without its preservation mechanism, may not be able to prove the authenticity of the document years later.
  • In the event of litigation or administrative review, lack of validation can mean a weaker procedural position.

What should both parties know?

A bilateral agreement bearing qualified electronic signatures has the same legal force as a paper version with handwritten signatures. But the mere presence of a signature is not enough to make the document valid in, say, 10 years.

Each party, for its own legal security, should:

  • stamp your copy of the document with a qualified time stamp (TSA) - preferably immediately after signing,
  • store the document in a system that supports cyclic maintenance - that is, regular validation of certificates and refreshing of the time stamp.

 

As a result each party has its own independent proof of validity, which can be used in court, in an office or in an audit.

Automatic maintenance - how does it work?

In Poland, the leader in qualified validation and maintenance of electronic signatures is Asseco Data Systems, which operates, among others, through the platform podpisano.pl and the service WebNotarius (Certum by Asseco).

WebNotarius is the first qualified service in Poland that provides both long-term validation and maintenance of electronic signatures and seals, in compliance with eIDAS regulations. With this service, documents can be secured for up to 30 years, as also confirmed by the case study SzuKIO.pl - is a search engine for judgments of the National Board of Appeals (NAC), the Court of Justice of the European Union or the Courts concerning public procurement. The extensive case law database is particularly useful during procedural processes related to public procurement. SzuKIO.pl is used by the administration, companies executing public contracts of significant value, consultants and lawyers.

What does it consist of?

  1. Validation of signatures and certificates - WebNotarius validates each signature and qualified seal, confirming their eIDAS compliance and validity at the time of document submission

  2. Adding a qualified timestamp - Every 12 months (or as determined by the organization), the system automatically adds a new timestamp - eliminating evidence gaps resulting from the expiration of previous certificates.

  3. Validation report generation - After each cycle, the user receives a PDF report that provides solid evidence for courts and authorities.

  4. Full automation - service works 24/7/365, integrating via API with DMS/ECM systems or internal documentation processes without manual handling.

Why is this important?

  • Judicial and official trust - WebNotarius reports are recognized as legal evidence in court cases.

     

  • Security for years to come - Asseco Data System, whose partner is podpisano.pl is subject to periodic audits, and the system is updated when the strength of cryptographic algorithms decreases.

     

  • Non-invasive integration - runs in the background without disrupting day-to-day operations, so companies can focus on their processes without worrying about losing the validity of documents.

     

The system independently detects when an existing timestamp expires, performs a re-validation and adds a new timestamp - without user intervention. Thanks to such solutions, each party to a contract signed not only with a qualified signature, but also secured with a timestamp, can be sure that its copy of the document will be verified and recognized in the future - even after years or technological changes. This type of automation eliminates the risk of human error, delays and negligence - and thus increases the evidentiary value of the document in the long term.

When to use which archiving format?

Document type

Archiving format

Content

Validation

Contracts, protocols

PAdES-LTV/LTA

Signature, TSA, OCSP/CRL in PDF

Adobe Reader, WebNotarius Viewer

Invoices, XML e-data

XAdES-A

Same thing, but in an XML structure

Dedicated XML validators

PAdES-LTV:

  • best for text documents (PDF),
  • Verified by Adobe Acrobat - without additional tools,
  • understandable to the contractor, customer and official.

 

XAdES-A:

  • Used with structured documents (JPK invoices, KSeF data, B2B reports),
  • Resistant to technological changes - ideal for long-term archiving.

Is it enough that only one party to the contract applies maintenance?

Formally - yes. A contract signed by both parties and preserved by only one of them, can be considered valid.

But:

  • The other party without its own maintenance may not be able to verify the signature - especially after the certificates expire.
  • In the event of a file format change, system migration or ransomware attack, lack of maintenance can mean loss of legal proof.

 

Therefore each party should have its own maintenance mechanism - preferably automated, maintenance-free and resistant to technological change.

Remember...

...If you need...

Choose

Contracts, protocols, bids in PDF

PAdES-LTV

Structured data, XML invoices, B2B reports

XAdES-A

Easy validation by the customer/official

PAdES-LTV

High flexibility and integration with systems

XAdES-A

Practical scenarios

✔️ Lease agreement signed online? Both parties should keep their versions with maintenance, because after 3 years there may be a dispute over the deposit.

✔️ B2B contract with qualified signatures? Implementing maintenance in the company's repository is a minimum of security.

✔️ Project documentation in PDF with signatures of several people? The PAdES-LTV format preserves completeness - each signature and timestamp can be independently verified.

Summary

  • Both parties should independently maintain their copies of the agreement.
  • Archiving formats matter: PAdES-LTV for PDF, XAdES-A for XML.
  • Systems such as WebNotarius, ArchiSafe or EuroCert LTV enable full automation of the maintenance process - an investment in legal security.
  • If a document is to last more than a year - maintenance is not an option, but a necessity.

Call us at

+48 22 417 05 55

and we will put you in touch with one of our representatives available virtually nationwide.

Check also:

  • Qualified stamps

How do I access KSeF? ZAW-FA vs. Seal

  • Qualified Stamps, Qualified Signatures

Authentication in KSeF: ZAW-FA or a Qualified Seal? Which one should you choose to start with?

  • Qualified stamps

Registering with KSeF using a qualified digital certificate – Your ticket to skip the lines

  • Qualified Stamps, Qualified Signatures

KSeF in sole proprietorships and small companies: qualified signature, stamp, and invoice automation

See all

Do you need help?

Info
Learn more Add to cart
Info
Learn more Add to cart

Find what you're looking for