In a previous article, we explained what digital trust services are and the importance of adding a time stamp to a signed document. Mr. John found that one small time stamp could have saved the validity of his e-signature. But what if the document is expected to last for decades? Is one timestamp enough for 5, 10 or 50 years? Well, that's where digital signature preservation and proper archiving come into play. Thanks to them, our digital signature can actually remain valid for years (or even longer), regardless of technological changes or the passage of time.
Electronic signature maintenance is actually extending the life e-signature by means of additional mechanisms. In the simplest terms, it is regular "refreshing" of the signature with successive time stamps, in order to maintain its validity and evidentiary power for a long period of time. When we add a new timestamp to the document, for example, every year, we confirm cyclically that the the signature was valid at the time of submission and still remains reliable despite the passage of years. In other words, maintenance provides proof that the signature was made within the validity period of the certificate, even if a lot of time has passed since then.
Such a service works especially well when you store large archives of electronic documents - for example, in a company or an office, documents sometimes need to remain valid for 5, 10 or even 50 years. For such a long time, an ordinary signature could become unverifiable, but thanks to the maintenance electronic signature will retain its validity and reliability. In practice, the maintenance process involves automatic, cyclical addition of timestamps to already signed files at specified intervals (e.g., once a year). Each subsequent timestamp re-certifies the current state of the signature and certificate, extending the validity period of the document. This makes keeping an electronic archive much simpler - we don't have to worry that signed documents will expire after years.
It is worth mentioning that maintenance includes not only the tightening of more time stamps. Equally important is monitoring the status of certificates (checking whether any have been revoked, whether the certification chain is still trusted) and securely storing documents in an archive. The combination of these measures ensures that an electronic signature retains both cryptographic reliability and legal validity throughout the entire storage period. What's more, each new timestamp uses up-to-date cryptographic algorithms - so even if one day the original signature algorithm weakens or is broken, the newer timestamps will protect the document from loss of security.
Experts agree that Regular maintenance of the e-signature - such as by periodically adding time stamps and other security mechanisms - is the best way to avoid legal problems and ensure the authenticity of documents for years to come. In other words: maintenance is not an option, but a necessity for anyone serious about long-term storage of important e-documents.
In many industries and institutions there is an obligation to keep documents for many years. Companies and offices must archive contracts, invoices, employee files, administrative decisions and other letters for up to a dozen years - often in electronic form. So we need to be sure that in 5, 10 or 20 years it will still be possible to verify the signature on these documents and recognize them as authentic and integral. A qualified e-signature without proper maintenance, unfortunately, does not provide this certainty.
Lack of maintenance can result in the electronic signature becoming, after a long time unverifiable - the program will show an error or a warning that the signature is insecure or expired. Such a document then loses its evidentiary power, even though it was fully valid at the time of signing. From a legal and business perspective, this risk is simply unacceptable - the documents we rely on cannot just "cease to be valid." Regular maintenance of e-signatures is the key to avoiding such troubles. Thanks to it, even many years after the signature has been affixed, a given file retains the the same legal valuethat it had right after signing.
Thus, it can be said that qualified signature maintenance is a guarantee of of legal continuity of digital documents. It provides assurance that our electronic archive is just as reliable as a traditional paper archive. It also helps meet regulatory requirements - in the event of an audit or inspection, we can demonstrate that e-documents are properly secured and verifiable even long after they have been issued. In the era of digital transformation, when more and more processes are taking place online, trust services (qualified signature, seal, time stamp) are becoming the foundation of document trust. However, only their proper maintenance and archiving ensures that this trust does not weaken over time.
Standardization comes to our aid - there are special formats electronic signatures designed to stand the test of time. European standards (ETSI) define signature profiles tailored for long-term validation and archiving of documents. The two most important are XAdES-A i PAdES-LTV:
It is worth noting that both of the above formats - XAdES-A and PAdES-LTV - are officially recognized by eIDAS regulations and supported by trust service provider tools. The choice of a particular format depends on the type of document (for PDF, PAdES will be best, for XML data - XAdES), but each of these standards in its archival version is a valuable tool for of long-term signature maintenance.
Now that we know, why signatures need to be conserved and what this is done, let's take a look at what it looks like in practice. Here is a typical process of archiving a document with a qualified e-signature along with its preservation:
The above steps ensure that the archived electronic document will not lose its validity or reliability despite the passage of time. The good news is that many of these steps can be largely automated. Today's filing systems can monitor the status of documents themselves and affix time stamps at the appropriate moment, without user intervention. With such tools, the user does not have to remember the entire process - the signatures preserve themselves so to speak, in the background.
Applying the above principles, even many years after signing the document, we will be able to provide a a complete set of evidence of its authenticity: the original qualified signature along with a sequence of consecutive time stamps and corresponding certificates that prove uninterrupted validity. Such a document will be treated on a par with the original in terms of legal validity, regardless of how many years have passed since it was signed. As a result, organizations can digitize more folders of papers without fear, knowing that by preserving the signature, their electronic archives will remain secure and trustworthy for years to come.
Long-term validity of e-documents is not only a matter of convenience, but above all of legal security. The use of qualified signature maintenance and appropriate archiving mechanisms means that electronic contracts, decisions or other records will remain indisputable evidence even in the distant future. Investment in such solutions translates into peace of mind and confidence that the digitization of documents will not jeopardize their validity - on the contrary, modern technology even enhances durability and reliability of our documents.
So let's boldly take advantage of the benefits of the digital world and enjoy #paperless, but in doing so, let's remember to conservation of signatures. Only then will the electronic signature, seal or timestamp fully develop their potential, and we will preserve the continuity and security of information in the digital world. In short: a well-signed and well-preserved electronic document will be as durable and secure as a traditional document signed by hand - if not more so.
Coming up in the next article: Chat each party to a contract must preserve signatures we will explain, Can only one party to a contract take care of the maintenance, or should both parties do it?
