In Switzerland, as in the EU and many other countries, appropriately digitally signed documents in PDF format are legally fully equivalent to paper-based original documents, signed in handwriting by (one or more) signatories in the presence of witnesses.

STATUS QUO

Country specific differences in national law applicable to establishing the legal adequacy of digitally signed documents with their paper-based equivalents require country specific validation of digitally signed documents against applicable sets of criteria.

The following criteria need to be fulfilled, in order for a digitally signed PDF file to be considered VALID in the sense of LEGALLY COMPLIANT with the intended purpose:

1 - Signature and integrity of the signed file

The document must be checked to see whether it has been modified since it was signed.

2 - Revocation status of the signing certificate

The signed certificate is checked to see if it was issued by a competent, accredited and trusted authority and if it was valid and not revoked (invalidated) at the time it was signed.

3 - Validity of the time stamp

A signed time stamp (TSA; Time Stamping Authority) from a recognised provider confirms the time the document was signed regardless of the computer’s system clock.

4 - Authorised certificate for this document type

Check whether a document has been signed with an appropriate certificate for the intended purpose

CHALLENGE

Some but not all of these legal requirements can be checked and validated by suitable software, such as Adobe's PDF Reader or Acrobat) used for opening and viewing the signed PDF document.

Whether a particular certificate used for signing a PDF document was legally compliant with all of the country's applicable laws at the time the document was signed, requires validation of the document against an officially approved set of potentially country specific criteria.

The publicly accessible validator.ch service of the Swiss Federal Administration provides such a validation service free of charge.

This validator.ch service currently enables 10 different types of digitally signed documents to be validated against all applicable national laws.

A formal validation protocol can be downloaded in certified PDF format. The validation protocol can be used along with the digitally signed PDF document as evidence to prove its validity.

Experience with hundres of digitally executed transactions based on digitally signed PDF documents shows :

Most recipients/readers of signed PDF documents to date will reject the digital document as being "insufficient / not trusted". Most recipients / readers will treat digital documents similar to copies. to be used for information purposes, but not to be relied upon. For lack of trust and better knowledge most recipients / readers still insist on receiving paper signed in handwriting, submitted via postal service rather than e-mail, either instead of or at least in addition to the digitally signed PDF document.

Experience also shows that most recipients / readers of digitally signed PDF documents will accept such documents and will not insist on additional paper if they receive a validation report along with the signed PDF document. A positive validation report issued in the name of the Swiss Federal Administration never fails to impress the reader / recipient.

Senders of digitally signed PDF documents can raise the acceptance with recipents / readers dramatically by validating the signed documents using validator.ch and sending both, either as a single PDF portfolio file, or as two separate PDF files . Sending both files as a single PDF file using PDF portfolio file format is most elegant - but may limit recipients / readers ability to open and view the files in non-Adobe browser plugins / PDF readers.

Providing the two separate files with a common filename but different ending (e.g. -sig and -val) is highly recommended. It facilitates recognition of the "signed document" and its associated "validation protocol".

SUGGESTION

Submitting a digitally signed PDF document to an official validation service, such as validator.ch, is currently a manual process that requires some 15-20 seconds for uploading the signed document and downloading the validation protocol through a web interface using a browser.

The ability to validate a signed PDF document by simply pushing a button, in the application used for creating / signing respectively opening / reading the PDF file, would be most valuable for all users, whether as senders / signatories or as recipients / readers of signed PDF documents.

In addition to the web interface that validator.ch provides for manual upload of signed PDF documents and download of certified validation reports, validator.ch service can be accessed via API for discrete validation of signed PDF documents. The discrete validator.ch API interface uses cryptographical routines (hash), does not require the document to be uploaded (only the hash) and produced the validation report for a document of any size within seconds.

Adobe is requested to consider integrating validation functionality by providing a "push button call" to an external official validation service (such as validator.ch) in its Adobe Reader and Acrobat DC products.

PLEASE SUPPORT THIS SUGGESTION.

Thank you.

Thomas A. Louis
thomas@louis.ch
+41 56 410 1211