The Hidden Risks Behind Your Digital Signatures

Why Qualified Electronic Signatures and Qualified Electronic Archiving Matter?

Electronic signatures are now widely accepted as a replacement for handwritten signatures. In Europe, the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation, adopted in July 2014) created a clear legal hierarchy. A Qualified Electronic Signature (QES) carries the same legal effect as a handwritten signature across all Member States. Other types of signatures, such as advanced electronic signatures, can still be valid, but they do not automatically enjoy this equivalence.

With the revision of eIDAS in May 2024 through Regulation (EU) 2024/1183, the European legislature has also introduced Qualified Electronic Archiving (QEA). This new trust service recognises that it is not enough to sign a document once and then hope it remains valid forever. QEA ensures that electronic documents, and the signatures they carry, remain durable, legible and verifiable for as long as required. A document preserved in a QEA benefits from a legal presumption of integrity and origin for the full preservation period. When the document is retrieved, an automated signed report confirms that presumption.

What can go wrong without QES and QEA

The risks of not using a QES or not properly preserving signed documents are more immediate than many realise.

The most obvious risk is that the cryptographic evidence that supports the signature will decay over time. Certificates expire, algorithms are deprecated and trust anchors change. Without a preservation process that actively renews this evidence, verification may fail in the future.

Another major risk lies in revocation. A signer’s certificate can be revoked the very next day if the key is compromised or if the issuing authority withdraws trust. For example, if you lose your eID and report the theft to the police, the issuing authority will revoke the certificate immediately. Any document signed shortly before revocation could later be challenged, because without a proper archive that preserved the revocation status at the moment of signing, you cannot prove the certificate was still valid at the time of execution. This shows that risk does not only appear after years, but potentially the next day.

There are also risks in the way documents are viewed. In 2020, researchers at Ruhr University Bochum demonstrated so-called “shadow attacks” on PDFs. These attacks allowed content to be altered in a signed PDF without invalidating the visible signature indicator in Adobe Reader and other common viewers. This vulnerability meant that users could be misled into believing a manipulated document was still authentic. A similar set of PDF signature validation flaws was exploited in Germany in 2019, where altered invoices were accepted as genuine. Without a trusted archive and integrity checks, such manipulations may remain unnoticed and can have significant financial consequences.

Finally, technology itself evolves. File formats change, software becomes obsolete and future systems may no longer be able to interpret today’s files. If preservation does not actively manage format sustainability and metadata integrity, a signature could remain technically valid but the evidence becomes unreadable or incomplete.

The consequences in practice

For small, short-lived agreements, the risks may be acceptable. For long-tail documents such as property deeds, life insurance contracts, or employment records, the consequences of a failed proof are severe.

If the content of an employment contract is contested, an employee might argue that the contract they signed did not include a certain clause. If the employer cannot produce a QES-signed and QEA-preserved document, the court may side with the employee. The financial consequences could include compensation for wrongful dismissal, reinstatement obligations, or damages.

In the case of a life insurance contract, beneficiaries might dispute the insured sum or the conditions of payout. If the insurance company cannot prove the exact version of the contract that was signed, it risks paying out much more than foreseen. Conversely, a family could lose their rightful claim if the insurer contests the validity of a signature. Both scenarios can easily run into hundreds of thousands of euros.

Abuse by bad actors

The absence of qualified signatures and archiving can also be exploited. A malicious party might alter a document and argue that it was the original version. They could claim that a signature was placed later than agreed, or that the signer never saw the final contents. They may even wait until the underlying cryptography has become outdated and then contest the validity of the evidence. Each of these scenarios becomes more plausible when the documents have not been properly signed and preserved.

Concrete examples exist. Researchers have demonstrated “shadow attacks” on PDFs, where signed documents were modified after signing without invalidating the visible signature status. In Germany in 2019, multiple vulnerabilities in PDF signature validation were exploited to make altered invoices appear genuine. In 2020, security researchers at Ruhr University Bochum showed that signed documents could be manipulated to trick verification systems, highlighting the practical risk when preservation and integrity checks are absent.

The role of QES and QEA

By using QES, organisations gain automatic legal recognition across the EU, equivalent to handwritten signatures. By combining this with QEA, they also ensure that the signed document and its supporting evidence remain verifiable and trustworthy over decades. QEA provides a structured approach to cryptographic renewal, timestamping, evidence preservation and integrity reporting. This means that even in twenty years, you can retrieve a document and demonstrate its authenticity without costly disputes.

Beyond Europe

In other jurisdictions, there is no strict equivalent of QES or QEA. The United States, for example, relies on the Electronic Signatures in Global and National Commerce Act (ESIGN Act, adopted June 2000) and the Uniform Electronic Transactions Act (UETA, 1999), which make electronic signatures broadly admissible. In practice, advanced electronic signatures and advanced electronic archiving can also stand in court, provided they are supported by solid technical and organisational measures. However, without the European system of legal presumptions, the evidentiary burden will always remain heavier.

Safeguarding digital trust

The integrity and evidentiary value of signed documents is not something to take for granted. Risks can arise immediately after signing if revocation occurs, and they increase steadily over time as technology changes and cryptographic mechanisms evolve. For documents that carry long-term obligations or high value, such as property deeds, employment contracts or insurance contracts, relying on simple signatures and storage is a dangerous choice.

Qualified Electronic Signatures and Qualified Electronic Archiving are designed to mitigate these risks. They provide a legally recognised framework for ensuring that your documents remain authentic, intact and provable for as long as needed. In doing so, they transform digital signatures from a convenience into a reliable foundation for trust in the digital economy.

References to Real Incidents: