Download and Archive Signed Documents for a Public Supply Tender

Introduction: why archiving signed documents is crucial in public supply tenders

Winning a public supply tender is only the first step in a demanding administrative and legal process. Once the contract documents are signed electronically — commitment certificate, technical specifications, special conditions, purchase order — you must still download them, retain them and archive them in strict compliance with applicable legal obligations. In France, these obligations combine public procurement law, eIDAS Regulation No. 910/2014 and reliable electronic archiving standards. Neglecting this step exposes both the public buyer and the contract winner to considerable legal risks: challenges to the evidential value of the contract, rejection by the Court of Auditors, or loss of rights in the event of a dispute over contract performance. This article guides you step by step through downloading and archiving your signed documents in full compliance.

---

Understanding the regulatory framework for archiving in public tenders

Retention periods imposed by the Public Procurement Code

The Public Procurement Code (CCP) and instructions from the French Archive Service set minimum retention periods for contract documents. For a public supply tender, the general rule requires retention for 10 years from the end of the contract, in accordance with instruction DAF/DPACI/RES/2009/018. This period aligns with the limitation period for contractual liability actions under Article 2224 of the Civil Code.

For contracts above the European thresholds (currently €143,000 excluding VAT for central government buyers and €221,000 excluding VAT for other contracting entities according to European Commission delegated regulations in force in 2026), complete traceability of the procedure is required, including dematerialised exchanges on dematerialisation platforms (buyer profiles).

The evidential value of electronic signatures under eIDAS

Regulation eIDAS No. 910/2014 distinguishes three levels of electronic signature: simple, advanced and qualified. In the context of public supply tenders, an advanced or qualified electronic signature is recommended — or even required by certain public buyers — to guarantee the integrity and authenticity of the signed document.

A qualified electronic signature under eIDAS benefits from a legal presumption of reliability under Article 25 of the regulation: it has legal effect equivalent to a handwritten signature in all EU Member States. To maintain this evidential value over time, it is essential to proceed with qualified time-stamping and to integrate the signed file into an electronic archiving system (EAS) that complies with standards.

The obligation to preserve the seal and metadata

Downloading a signed PDF is not enough. To ensure the legal value of the archive, you must retain:

• The signed file in PAdES format (PDF Advanced Electronic Signatures, ETSI EN 319 132 standard) or XAdES for XML files;
• The complete certification chain of the signatory's certificate;
• The qualified time-stamp token (RFC 3161);
• The transaction metadata: signatory identity, UTC date and time, IP address, signature session identifier.

A simple PDF export without these elements will not allow you to prove the authenticity of the document before a court or during a Court of Auditors inspection.

---

Step 1 — Download the signed documents from the signature platform

Identify available export formats

After signature by all parties (public buyer and contract winner), your electronic signature platform should allow you to download several elements:

1. The signed document in PAdES format (PDF incorporating signatures in file metadata);
2. The signature report or "signature certificate" — a separate file listing signatories, time-stamps, cryptographic fingerprints (SHA-256 hash) and references to certificates used;
3. The complete ZIP archive comprising document + report + audit evidence.

Certyneo, for example, allows you to export in one click a standardised ZIP archive containing all these elements for each act of your tender. To understand the differences between market solutions, consult our comparison of electronic signature solutions.

Verify the integrity of the downloaded file

Before any archiving, it is imperative to check the validity of the signature on the downloaded file. This verification can be performed:

• Via Adobe Acrobat Reader (Signatures panel);
• Via the LTANS online tool or the European Commission (TSL trust list);
• Via your signature provider's validation API.

A valid file will display a signature status of "Valid" with the complete trust chain up to a qualified trust service provider (QTSP) registered on the European trust list.

Organise file naming

Adopt a systematic naming convention to quickly locate your documents:

``` [YYYY-MM-DD]_[Tender-No]_[Doc-Type]_[Signed].[extension] Ex: 2026-05-26_2026-PT-042_Commitment-Cert_Signed.pdf ```

This rigour facilitates audits and searches in your DMS (Document Management System).

---

Step 2 — Archive signed documents in compliance with standards

Choose between storage in a DMS or a certified EAS

There are two main approaches to archiving signed documents in the context of public tenders:

Secure DMS: suitable for low-stakes tenders and organisations with robust IT infrastructure. It ensures file integrity through hashing but does not always provide the legal presumption of a certified EAS.

Electronic Archiving System (EAS) NF Z 42-013 / ISO 14641: reference standard for reliable archiving in France. A certified EAS guarantees archive immutability, access traceability and format migration over time. This is the recommended solution for significant public tenders.

In the public sector, operators can rely on the Vitam Programme (free archiving software developed by French ministries) or on approved third-party archiving service providers.

Ensure the durability of signatures over time: re-time-stamping

One often overlooked risk is the expiration of signing certificates. A qualified electronic signature certificate typically has a lifespan of 1 to 3 years. However, your tender must be preserved for 10 years.

The technical solution is periodic re-time-stamping (also called "archival time-stamp" in the CAdES/PAdES-LTA standard, defined by ETSI EN 319 122). This operation consists of affixing a new qualified time-stamp to the archive before the previous one expires, thus maintaining the cryptographic trust chain.

Your EAS or signature provider should automate this operation. Certyneo natively integrates this mechanism for archives of signed documents, in compliance with the PAdES LTA (Long-Term Archival) standard.

Manage access rights and audit trail of consultations

In accordance with GDPR No. 2016/679 (Article 32) and best practices in information systems security, access to archives of signed documents must be controlled and audited:

• Strong authentication (MFA) for authorised users;
• Audited access log recording each consultation, download or modification;
• Encryption at rest and in transit (TLS 1.3, AES-256);
• Backup plan following the 3-2-1 rule (3 copies, 2 different media, 1 off-site).

For public buyers managing a large volume of tenders, it is worthwhile to explore business electronic signature features that natively integrate these requirements.

---

Step 3 — Organise the post-signature management workflow for supplies

Integrate archiving into your procurement process

Managing public supply tenders often involves multiple successive acts after signing the initial commitment certificate: purchase orders, amendments, minutes of receipt, approved invoices. Each of these documents may constitute a contractual or evidential document.

It is recommended to structure your archiving hierarchy by tender, then by document type:

``` /Public-Tenders/ └── 2026-PT-042-IT-Supplies/ ├── 01_Procedure/ ├── 02_Contractual/ │ ├── Commitment-Cert_Signed.pdf │ ├── Technical-Specs_Signed.pdf │ └── Special-Conditions_Signed.pdf ├── 03_Execution/ │ ├── PO-001_Signed.pdf │ └── Receipt-Report-001_Signed.pdf └── 04_Invoices/ ```

Automate expiry and purge reminders

Set up automatic alerts in your DMS or EAS to:

• Remind of re-time-stamping 6 months before the last qualified time-stamp expires;
• Remind of purge at the end of the legal retention period (with human validation before destruction);
• Alert on integrity in case of attempted modification to a protected archive.

These automations significantly reduce administrative burden and the risk of oversight, particularly for organisations managing several dozen tenders simultaneously. To assess the potential productivity gain in your organisation, you can use our electronic signature ROI calculator.

Document the archiving policy in a QAP or internal procedure

For buyers subject to regular audits (local authorities, hospitals, public bodies), it is highly advisable to formalise an Archiving and Retention Policy (ARP) documenting:

• The types of documents subject to archiving;
• Retention periods by category;
• Those responsible for archive management;
• The tools and service providers used;
• Periodic integrity control procedures.

This documentation constitutes evidence of due diligence in the event of litigation and facilitates handover to new colleagues. The Certyneo help centre provides templates for procedures adapted to public tenders.

Legal framework applicable to archiving documents of electronically signed public tenders

Civil law and evidential value

The French Civil Code sets the foundations for the evidential value of electronic writing. Article 1366 provides that "an electronic writing has the same evidential force as writing on paper support, provided that the person from whom it emanates can be duly identified and that it is established and retained under conditions such as to guarantee its integrity". Article 1367 defines an electronic signature as "the use of a reliable identification process guaranteeing its connection with the act to which it is attached".

These two articles establish that retention under conditions guaranteeing integrity is not optional but a sine qua non condition of the evidential value of the archive.

eIDAS Regulation No. 910/2014 and its implementing acts

Regulation eIDAS No. 910/2014 (and its eIDAS 2.0 evolution currently being transposed) constitutes the European regulatory foundation. Its Article 25 establishes the presumption of reliability of the qualified electronic signature, whilst its Articles 41 and 42 define the requirements applicable to qualified trust service providers, in particular qualified electronic time-stamping service providers.

The ETSI EN 319 132 standards (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) define the technical formats of advanced and qualified electronic signatures that preserve evidential value in the long term. The PAdES-LTA level (Long-Term Archival) is the one recommended for archives of public tenders.

Public Procurement Code and archiving instruction

Ordinance No. 2018-1074 on the Public Procurement Code and Decree No. 2016-360 on public contracts set the framework for dematerialisation. Instruction DAF/DPACI/RES/2009/018 from the French Archive Service sets the retention periods applicable to public tender documents: 10 years after the end of the tender for contracts, 5 years for associated accounting documents.

GDPR No. 2016/679

The General Data Protection Regulation (GDPR) applies whenever archived documents contain personal data (signatory name, contact details, etc.). Article 5(1)(e) imposes the principle of storage limitation: data may not be retained beyond the period necessary for the purposes for which it is processed. A processing activities register (Article 30) must document the archiving of contract documents. At the end of the legal period, a purge or anonymisation procedure must be implemented.

Legal risks in case of non-compliance

Failure to archive in compliance exposes to several major risks: inadmissibility of evidence before administrative or civil courts, rejection of supporting documents during Court of Auditors or regional audit chamber inspections, CNIL sanctions potentially reaching 4% of annual worldwide turnover in case of GDPR breach, and engagement of personal liability of public officials responsible for retaining public archives.

Concrete use scenarios for archiving public supply tenders

Scenario 1 — A local authority managing around twenty supply tenders per year

A medium-sized local authority (approximately 50,000 inhabitants) launches each year around twenty public supply tenders: IT consumables, office furniture, school supplies for its establishments, cleaning products. Before dematerialisation, contract documents in paper form were stored in filing cabinets archived physically, with a real risk of loss or degradation.

By deploying a solution combining qualified electronic signature with a certified NF Z 42-013 EAS, the authority automatically downloads each signed document in PAdES-LTA format and integrates it into its dematerialised archive hierarchy. Integrity checks are automated quarterly. Result: reduction of approximately 70% of the time devoted to post-signature document management (estimate consistent with feedback from the DINUM in its 2025 dematerialisation barometer) and zero inaccessible documents during the last two audits by the regional audit chamber.

Scenario 2 — A hospital purchasing group issuing supply tenders for medical supplies

A hospital group comprising several healthcare establishments (approximately 1,200 beds in total) centralises its purchases of medical supplies and non-sterile medical devices through a purchasing group. Each tender involves multiple signatories: the group co-ordinator, the purchasing director and sometimes a representative of the regional health authority.

The archiving challenge is here amplified by sector-specific obligations specific to healthcare (traceability of medical devices, ANSM inspection) and by the multiplicity of co-contracting establishments. By relying on a signature platform incorporating an archiving module with access rights differentiated by establishment, the group ensures that each member hospital can access its own documents whilst maintaining a secure central archive. The time for administrative processing post-award is reduced from 3 days to less than 4 hours for distribution and archiving of contract documents.

Scenario 3 — An SME winner of a public supply tender

A mid-sized enterprise in the industrial sector (approximately 400 employees, €80m turnover) regularly wins public supply tenders from several different public buyers. As contract winner, it must retain commitment certificates, purchase orders issued and signed receipt minutes, in particular to justify its claims during invoice collection and to protect itself against any dispute over performance.

By integrating the signature solution into its ERP via an API, the company automates the download and filing of signed documents in its internal DMS as soon as each signature is finalised. Annual financial audits benefit from immediate access to all contract evidence, reducing audit preparation time by 40 to 50% according to sector benchmarks published by digital transformation consulting firms.

Conclusion

Downloading and archiving signed documents for a public supply tender is not merely an administrative formality: it is a legal obligation with potentially serious consequences for non-compliance. From PAdES-LTA format to ten-year retention through periodic re-time-stamping, each step requires technical rigour and legal vigilance. eIDAS Regulation, the Civil Code and public archiving instructions form a constraining but coherent framework, which modern electronic signature tools allow you to comply with without friction.

Certyneo supports public buyers and contract winners in bringing their signature and archiving processes into compliance, with native features for reliable retention and standardised export. Discover how to simplify your document management today by creating your Certyneo account or by consulting our pricing.