Download and Archive Signed Documents for a Public Supply Contract

Introduction: why archiving signed documents is crucial in public supply contracts

Winning a public supply contract is only the first step in a demanding administrative and legal process. Once the contractual documents are electronically signed — commitment form, general conditions of purchase, technical specifications, purchase order — they must still be downloaded, preserved and archived in strict compliance with applicable legal obligations. In France, these obligations combine public procurement law, eIDAS Regulation 910/2014 and electronic record-keeping standards. Neglecting this step exposes both the public buyer and the contracting authority to significant legal risks: challenge to the probative value of the contract, rejection during a Court of Accounts audit, or loss of rights in case of dispute over contract performance. This article guides you step by step through downloading and archiving your signed documents in full compliance.

---

Understanding the regulatory framework for archiving in public contracts

Retention periods imposed by the French Public Procurement Code

The French Public Procurement Code (CCP) and the instructions from the French Archives Authority set minimum retention periods for contractual documents. For a public supply contract, the general rule requires preservation for 10 years from the end of the contract, in accordance with instruction DAF/DPACI/RES/2009/018. This period aligns with the limitation period for contractual liability claims under Article 2224 of the French Civil Code.

For contracts exceeding European thresholds (currently €143,000 excl. VAT for central purchasing authorities and €221,000 excl. VAT for other contracting authorities, according to European Commission delegated regulations in force in 2026), complete traceability of the procedure is required, including dematerialised exchanges on digitalisation platforms (buyer profiles).

Probative value of electronic signatures under eIDAS

Regulation eIDAS 910/2014 distinguishes three levels of electronic signature: simple, advanced and qualified. In the context of public supply contracts, advanced or qualified electronic signature is recommended — even required by certain public buyers — to guarantee the integrity and authenticity of the signed document.

Qualified electronic signature within the meaning of eIDAS benefits from a legal presumption of reliability under Article 25 of the Regulation: it has a legal effect equivalent to a handwritten signature in all EU Member States. To preserve this probative value over time, it is essential to perform qualified time-stamping and to integrate the signed file into a compliant electronic archiving system (EAS).

Obligation to preserve the seal and metadata

Downloading a signed PDF is not enough. To ensure the legal value of the archive, you must preserve:

• The signed file in PAdES format (PDF Advanced Electronic Signatures, ETSI EN 319 132 standard) or XAdES for XML files;
• The complete certification chain of the signatory's certificate;
• The qualified time-stamp token (RFC 3161);
• The transaction metadata: identity of the signatory, date and time (UTC), IP address, signature session identifier.

A simple PDF export without these elements will not allow you to prove the authenticity of the document before a judge or during a Court of Accounts inspection.

---

Step 1 — Download signed documents from the signature platform

Identify available export formats

After all parties (public buyer and contracting authority) have signed, your electronic signature platform should allow you to download several elements:

1. The signed document in PAdES format (PDF integrating signatures within file metadata);
2. The signature report or "signature certificate" — a separate file listing signatories, time-stamps, cryptographic fingerprints (SHA-256 hash) and references to certificates used;
3. The complete ZIP archive comprising document + report + audit evidence.

Certyneo, for example, allows you to export in one click a standardised ZIP archive containing all of these elements for each act of your contract. To understand the differences between market solutions, consult our comparison of electronic signature solutions.

Verify the integrity of the downloaded file

Before any archiving, it is imperative to verify the validity of the signature on the downloaded file. This verification can be carried out:

• Via Adobe Acrobat Reader (Signatures panel);
• Via the online tool from LTANS or the European Commission (TSL trusted list);
• Via your signature provider's validation API.

A valid file will display a "Valid" signature status with the complete trust chain up to a qualified trust service provider (QTSP) registered on the European trusted list.

Organise file naming

Adopt a systematic naming convention to quickly find your documents:

``` [YYYY-MM-DD]_[Contract-Number]_[Document-Type]_[Signed].[extension] Ex: 2026-05-26_2026-MP-042_Commitment-Form_Signed.pdf ```

This rigour facilitates audits and document searches in your DMS (Document Management System).

---

Step 2 — Archive signed documents in compliance with standards

Choose between storage in a DMS or a certified EAS

There are two main approaches to archiving signed documents within the framework of public contracts:

Secured DMS: suited to low-risk contracts and organisations with robust IT infrastructure. It ensures file integrity through hashing but does not always offer the legal presumption of a certified EAS.

Electronic Archiving System (EAS) NF Z 42-013 / ISO 14641: reference standard for probative electronic archiving in France. A certified EAS guarantees the immutability of archives, the traceability of access and the migration of formats over the long term. This is the recommended solution for significant public contracts.

In the public sector, operators can rely on the Vitam Programme (open-source archiving software developed by French government agencies) or on approved third-party archiving service providers.

Ensure the longevity of signatures over time: re-time-stamping

One of the often-overlooked risks is the expiration of signature certificates. A qualified electronic signature certificate typically has a lifetime of 1 to 3 years. However, your contract must be preserved for 10 years.

The technical solution is periodic re-time-stamping (also called "archival time-stamp" in the CAdES/PAdES-LTA standard, defined by ETSI EN 319 122). This operation consists of affixing a new qualified time-stamp to the archive before the expiration of the previous one, thereby maintaining the cryptographic trust chain.

Your EAS or signature provider should automate this operation. Certyneo natively integrates this mechanism for archives of signed documents, in compliance with PAdES level LTA (Long-Term Archival) standard.

Manage access rights and consultation traceability

In accordance with GDPR 2016/679 (Article 32) and best practice for information systems security, access to archives of signed documents must be controlled and traced:

• Strong authentication (MFA) for authorised users;
• Time-stamped access log recording each consultation, download or modification;
• Encryption at rest and in transit (TLS 1.3, AES-256);
• Backup plan respecting the 3-2-1 rule (3 copies, 2 different media, 1 off-site).

For public buyers managing a large volume of contracts, it is worth exploring enterprise electronic signature features that natively incorporate these requirements.

---

Step 3 — Organise the post-signature workflow for supply management

Integrate archiving into your procurement and supply process

Management of public supply contracts often involves several successive acts following the signing of the initial commitment form: purchase orders, amendments, delivery acceptance reports, approved invoices. Each of these documents may constitute a contractual or evidentiary document.

It is recommended to structure your archiving directory by contract, then by document type:

``` /Public-Contracts/ └── 2026-MP-042-IT-Supplies/ ├── 01_Procedure/ ├── 02_Contractual/ │ ├── Commitment-Form_Signed.pdf │ ├── General-Conditions-Purchase_Signed.pdf │ └── Technical-Specifications_Signed.pdf ├── 03_Execution/ │ ├── Purchase-Order-001_Signed.pdf │ └── Delivery-Report-001_Signed.pdf └── 04_Invoices/ ```

Automate expiration and purge reminders

Configure automatic alerts in your DMS or EAS for:

• Re-time-stamping reminder 6 months before the expiration of the last qualified time-stamp;
• Purge reminder at the end of the legal retention period (with human validation before destruction);
• Integrity alert in case of attempted modification of a protected archive.

These automations significantly reduce administrative burden and the risk of oversight, particularly for organisations managing several dozen contracts simultaneously. To assess the potential productivity gain in your organisation, you can use our electronic signature ROI calculator.

Document the archiving policy in a quality procedure or internal procedure

For buyers subject to regular audits (local authorities, hospitals, public institutions), it is strongly advisable to formalise an Archiving and Preservation Policy (APP) documenting:

• The types of documents subject to archiving;
• Retention periods by category;
• Those responsible for managing archives;
• Tools and service providers used;
• Procedures for periodic integrity checks.

This documentation constitutes evidence of due diligence in the event of litigation and facilitates handover to new staff. The Certyneo help centre provides templates for procedures adapted to public contracts.

Legal framework applicable to archiving signed electronic documents for contracts

Civil law and probative value

French Civil Code establishes the foundations of the probative value of electronic documents. Article 1366 provides that "electronic documents have the same evidentiary force as documents on paper, provided that the person from whom it emanates can be duly identified and that it is established and preserved in conditions that guarantee its integrity". Article 1367 defines electronic signature as "the use of a reliable identification method guaranteeing its link to the document to which it is attached".

These two articles establish that preservation under conditions guaranteeing integrity is not optional, but a sine qua non condition of the probative value of the archive.

Regulation eIDAS 910/2014 and its implementing acts

Regulation eIDAS 910/2014 (and its eIDAS 2.0 evolution currently being transposed) constitutes the European regulatory foundation. Its Article 25 establishes the presumption of reliability of the qualified electronic signature, whilst Articles 41 and 42 define the requirements applicable to qualified trust services, in particular qualified electronic time-stamping service providers.

ETSI standards EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) define the technical formats for advanced and qualified electronic signatures preserving probative value in the long term. The PAdES-LTA level (Long-Term Archival) is that recommended for archives of public contracts.

French Public Procurement Code and archiving instruction

Ordinance 2018-1074 establishing the French Public Procurement Code and Decree 2016-360 on public contracts establish the framework for dematerialisation. Instruction DAF/DPACI/RES/2009/018 from the French Archives Authority sets retention periods applicable to public contract documents: 10 years after the end of the contract for contracts, 5 years for associated accounting documents.

GDPR 2016/679

The General Data Protection Regulation (GDPR) applies whenever archived documents contain personal data (signatory name, contact details, etc.). Article 5(1)(e) imposes the principle of storage limitation: data may not be retained beyond the period necessary for the purposes for which it is processed. A record of processing activities (Article 30) must document the archiving of contractual documents. Upon expiry of the legal period, a purge or anonymisation procedure must be implemented.

Legal risks of non-compliance

Failure to archive in compliance exposes you to several major risks: inadmissibility of evidence before administrative or civil courts, rejection of supporting documents during Court of Accounts inspections or regional audit chambers, CNIL sanctions potentially reaching 4% of annual global turnover in case of GDPR violation, and personal liability of public officials responsible for preserving public archives.

Concrete use cases for archiving public supply contracts

Scenario 1 — A local authority managing around twenty public supply contracts per year

A medium-sized local authority (approximately 50,000 inhabitants) enters into about twenty public supply contracts each year: computer consumables, office furniture, school supplies for its establishments, cleaning products. Before dematerialisation, contractual paper documents were stored in files archived physically, with a real risk of loss or deterioration.

By deploying a qualified electronic signature solution coupled with an ISO 14641/NF Z 42-013 certified EAS, the authority automatically downloads each signed document in PAdES-LTA format and integrates it into its dematerialised archiving directory. Integrity checks are automated quarterly. Result: approximately 70% reduction in time spent on post-signature document management (estimate consistent with feedback from the DINUM in its 2025 dematerialisation benchmark) and zero inaccessible documents during the last two regional audit chamber inspections.

Scenario 2 — A hospital purchasing group awarding supply contracts for medical supplies

A hospital group bringing together several healthcare establishments (approximately 1,200 beds in total) centralises its purchases of medical supplies and non-sterile medical devices through a purchasing group. Each contract involves multiple signatories: the group coordinator, the purchasing director and sometimes a representative of the Regional Health Authority.

The stakes of archiving are heightened here by the specific sectoral obligations applicable to healthcare (traceability of medical devices, ANSM inspection) and by the multiplicity of member contracting authorities. By relying on a signature platform integrating an archiving module with access rights differentiated by establishment, the group ensures that each member hospital can access its own documents whilst maintaining a centralised secure archive. The time for administrative processing post-award is reduced from 3 days to less than 4 hours for distribution and archiving of contractual documents.

Scenario 3 — An SME awarded a public supply contract

A medium-sized enterprise in the industrial sector (approximately 400 employees, €80m turnover) regularly wins public supply contracts from various public buyers. As a contracting authority, it must preserve commitment forms, purchase orders issued and signed delivery acceptance reports, in particular to justify its claims when collecting invoices and to protect itself against any dispute over contract performance.

By integrating the signature solution into its ERP via an API, the company automates the download and filing of signed documents in its internal DMS as soon as each signature is finalised. Annual financial audits benefit from immediate access to all contractual evidence, reducing audit preparation time by 40 to 50% according to sector benchmarks published by management consulting firms specialising in digital transformation.

Conclusion

Downloading and archiving signed documents for a public supply contract is not a simple administrative formality: it is a legal obligation with potentially serious consequences in the event of failure. From PAdES-LTA format to ten-year preservation to periodic re-time-stamping, each step requires technical rigour and legal vigilance. eIDAS Regulation, the French Civil Code and public archiving instructions form a constraining but coherent framework, which modern electronic signature tools enable you to comply with seamlessly.

Certyneo supports public buyers and contract holders in bringing their signature and archiving processes into compliance, with native features for probative preservation and standardised export. Discover how to simplify your document management today by creating your Certyneo account or checking our pricing.