eIDAS-tier signatures
Three signature tiers — Simple, Advanced, Qualified — applied to the same audit-report PDF. Pick the tier that matches the legal weight you need; the underlying audit chain is the same either way. Qualified gates behind KYB verification of the issuing organisation.
The three tiers
Click-to-sign
Authenticated click on a typed name or drawn squiggle. Same legal floor as a checkbox-agreement under eIDAS Art. 25(1) — admissible, but the burden of proof on intent sits with you. Right for low-stakes acknowledgements.
Cryptographically bound to the signer
Uniquely linked to the signer, capable of identifying them, created with means under their sole control, detectable on subsequent change. Backed by a per-org signing certificate; the signer authenticates via OTP or MFA. Right for contracts and claims sign-off.
Full legal equivalence to a wet signature
AES plus a qualified certificate issued by a QTSP on the EU Trust List. Same legal effect as a handwritten signature across the EU. Gated behind KYB verification of your org — VIES VAT + EU sanctions screen + manual attestation.
PAdES baseline + timestamp
Every signed report is PAdES B-T at minimum — PDF Advanced Electronic Signatures with an embedded RFC 3161 timestamp from a qualified TSA (DataSure on managed deployments). The timestamp proves the signature existed at a specific moment, independent of the signer's clock or our system clock.
PAdES B-LT (long-term validation — embeds cert chain + OCSP so the signature stays verifiable for 20+ years without trusting our TSL snapshot) is on the v1.5 roadmap. The cert + revocation data is what changes; the signed PDF stays valid through B-T verification today.
What's on the PDF
The signed report carries the full audit chain summary — session metadata, event count, chain head, TSA receipts, the operator + field identities (and KYB status of the org). The PDF is the thing you hand to legal; the chain head is the thing the auditor verifies independently.
| Section | Content |
|---|---|
| Cover | Org name + logo, session ID, dates, locale. |
| Audit chain | Chain head, event count, TSA witnesses with anchor URLs and serials. |
| Evidence index | One row per evidence artefact — SHA-256, byte size, kind, captured time. |
| Verification recipe | URL + instructions for an external auditor to re-verify the chain themselves. |
| Signature | PAdES signature block + qualified timestamp. |
Localised across 14 languages
The PDF report renders in any of the supported locales — French, German, Spanish, Italian, Dutch, Portuguese, Polish, Swedish, Czech, Danish, Finnish, Norwegian, Romanian, English. Driven by the session's locale or the org default. No translation tooling required at your end.
See a signed report
The demo session ends with a PAdES B-T report you can download — open it in Adobe Reader and the green checkmark "Signed by …" lands. Or open it in a Linux PDF viewer with verify enabled and watch the signature panel say the same thing.