What are the key highlights of a Qualified Electronic Signature (QES) audit trail?

A Qualified Electronic Signature (QES) audit trail provides a secure, legally binding record of all actions taken during the signing process. It ensures compliance with eIDAS regulations and offers high assurance by capturing detailed metadata about the signer, the document, and each signing event. This audit trail is especially vital in regulated industries where document integrity, signer authentication, and traceability are critical.
Once the document is signed and completed, the QES audit trail becomes available for download, offering a tamper-evident, timestamped record of the entire signing process.

The audit trail includes the following information:

• Document Information: Includes details such as document ID, name, type, status, title, page count, signing order, and timestamps for when the document was sent and completed.
• Sender and Recipient Details: Captures the names, email addresses, IP addresses, and devices used by both the sender and the recipient.
• Security Authentication: Records regarding the signer’s authentication process used to verify the signer’s identity before accessing or signing the document.
• Signature Type and Consent: Specifies the type of signature applied (e.g., drawn signature) and confirms acceptance of the electronic signature disclosure.
• Verified Signer Identity: Confirms the signer’s authenticity using ID verification and digital certificates issued by Qualified Trust Service Providers (QTSPs). It also records details of the authentication provider (e.g., Evrotrust), and includes the transaction ID along with the signer’s verified phone number or email address.
• Timestamps and Events: Tracks the document’s entire lifecycle, starting from the time it is created to the time it is completed. It also records any reassignment that occurs during the signing process. Key actions captured include:
  • Document sent
  • Document viewed
  • QES completed
  • Document finalized
• Cryptographic Hash Value: Provides a unique hash to validate document integrity and detect any post-signing modifications.
• Event Sequencing: Maintains the correct chronological order of all actions to support legal defensibility.
• Audit Trail Summary: Captures a complete and tamper-evident history of the document’s signing process. It includes timestamps for each action, along with IP addresses, device types, and browser details. This ensures transparency, detects unauthorized changes, and supports legal defensibility.

Below is a sample of the QES audit trail document: