SIGNEUROPAEUROPEAN ELECTRONIC SIGNATURES
Understand electronic signatures
2026-07-168 minSignEuropa editorial

What should an electronic signature evidence package contain?

A practical guide to document hashes, authentication events, consent, timestamps and verification data.

An electronic signature is easier to defend when the signing journey produces a coherent body of evidence. The package should explain what was signed, by whom, through which controls and when.

Quick answer

A useful evidence package connects five things: the exact document version, the declared signer, the authentication journey, explicit consent and an immutable sequence of technical events.

The minimum information

The package should identify the signature request, the sending organisation, the applied signature policy and the application version. For every PDF, it should record the MIME type, size, page count and SHA-256 fingerprints before and after signing.

Signer information must distinguish declared identity from verified attributes. An e-mail OTP proves control of an inbox during a specific session; it should not be presented as a full identity verification.

Events that matter

Useful events include invitation delivery, link opening, document display, consent acceptance, OTP verification, signing, final document generation and evidence sealing. Each event should use UTC time, a correlation identifier and a chained hash where possible.

Readable and structured formats

A PDF report helps people review the journey. JSON helps systems validate it. A ZIP archive can combine the original document, signed document, event data, certificate information and a manifest containing the hash of every file.

Integrity over decoration

The handwritten image placed on a PDF is only a visual representation. The probative mechanism comes from the controlled journey, cryptographic integrity, authentication and the evidence that connects them.

Conclusion

The best evidence package is autonomous, precise about its limits and verifiable without relying on the application interface that created it.

Important

This article provides general product and technical information. The appropriate signature level depends on the specific identity, authentication and legal context.