Verify authenticity of signed document: international commerce

Verify authenticity of signed document: international commerce

International commerce generates millions of contracts, letters of credit, bills of lading and certificates of origin electronically signed across dozens of different jurisdictions each year. Yet, a study by the ICC (International Chamber of Commerce) published in 2024 reveals that 34% of cross-border commercial disputes involve contestations relating to the authenticity or integrity of signed documents. Faced with this challenge, knowing how to verify the authenticity of a signed document in the international commerce sector has become a strategic skill for legal, financial and logistics management. This article guides you through the technical mechanisms, international standards and operational best practices to adopt in 2026.

Understanding the authentication mechanisms of electronic signatures

Before verifying the authenticity of a signed document, it is essential to understand what constitutes this authenticity on a technical level. A qualified electronic signature rests on three fundamental pillars: public key cryptography (PKI), digital certificates and qualified time stamps.

Asymmetric cryptography: the foundation of verification

When a signatory applies an electronic signature, a cryptographic algorithm generates a unique fingerprint (hash) of the document. This fingerprint is encrypted with the signatory's private key, thus creating the digital signature. To verify the authenticity of a signed document in international commerce, the verifier uses the corresponding public key to decrypt this fingerprint and compare it to the recalculated hash of the received document. If the two match, two certainties emerge: the document has not been modified since signature (integrity), and only the holder of the private key could have signed (authenticity).

The most widely used algorithms in 2026 remain RSA-2048, ECDSA and, for environments anticipating post-quantum cryptography, CRYSTALS-Dilithium, now standardised by NIST.

Digital certificates: the chain of trust

The public key alone is not sufficient. Its reliability depends on the digital certificate that accompanies it, issued by a recognised Certification Authority (CA). In the European context governed by the eIDAS regulation, only qualified trust service providers (QTSP) listed on national trust lists (Trusted Lists published on the official EU portal) can issue qualified certificates.

For international commerce, complexity lies in mutual recognition between jurisdictions. A certificate issued by an American CA (example: DigiCert or Sectigo) may not benefit from the presumption of reliability granted to qualified eIDAS certificates in Europe. Conversely, a qualified eIDAS certificate is not automatically recognised as qualified in Japan or China, even though it will generally be accepted as legal evidence.

Qualified time stamp: proof of anteriority

The qualified time stamp (QTS) constitutes the third pillar. It attests, in an enforceable manner, that the document existed in its signed form at a specific moment. In international commercial transactions, this proof of anteriority is crucial for resolving disputes related to contractual deadlines, dates of entry into force of warranties or delivery periods. The ETSI EN 319 421 standard governs the policies and procedures applicable to qualified time-stamping authorities in the eIDAS space.

Practical verification methods in international commerce

Cryptographic theory must be translated into concrete operational procedures. Here are the proven methods for verifying the authenticity of a signed document in the international commerce sector.

Verification via certified signature platforms

The most direct method is to use the original signature platform or a recognised third-party verification tool. Most SaaS electronic signature solutions compliant with eIDAS integrate a public verification portal or a verification API. Certyneo, for example, generates for each signed document a proof report (Audit Trail) downloadable in PDF/A, including the cryptographic fingerprint, the verified signatory identity, the qualified time stamp and connection metadata.

For documents in PDF format, the Adobe Acrobat Reader viewer (version 11 and higher) allows native verification of PDF/A signatures compliant with the PAdES standard (ETSI EN 319 132). It displays a validation banner indicating whether the signature is valid, whether the certificate is currently valid and whether the document has been modified after signature.

Verification via institutional tools

The European Commission provides DSS (Digital Signature Services), a reference open-source tool allowing validation of signatures in PAdES, XAdES, CAdES and ASiC formats. Available online on the portal ec.europa.eu/cefdigital/DSS, it automatically verifies the signature against European Trusted Lists.

For documents from third countries, several national authorities offer similar tools:

• The Adobe Approved Trust List (AATL) portal for globally recognised certificates

• The Trust List Browser from ETSI for European QTSPs

• The verification tool of the International Chamber of Commerce (ICC) for standardised commercial documents (Incoterms, electronic letters of credit eLCs)

Verification of scanned paper documents with electronic signature

In international commerce, many hybrid documents coexist: original paper documents bearing a scanned handwritten signature, with or without an electronic seal. In this case, verification requires a different approach:

1. Verification of the electronic seal (eSealing) affixed by the issuing organisation on the scanned PDF

1. Control of the QR code or integrated 2D barcode, referring to a secure register

1. Consultation of source registers (for certificates of origin, phytosanitary certificates, etc.) with competent organisations (customs, chambers of commerce)

For electronic bills of lading (eBL), verification increasingly passes through specialised platforms such as BOLERO, essDOCS or DCSA (Digital Container Shipping Association), which maintain registers of electronic titles of ownership.

Specific challenges to international commerce

Interoperability between jurisdictions and standards

The main challenge of verifying authenticity in international commerce is the absence of a single worldwide standard. Three major frameworks coexist in 2026:

• Europe: eIDAS 2.0 Regulation (EU Regulation 2024/1183, applicable since May 2024), which extends mutual recognition and introduces the European Digital Identity Wallet (EUDIW)

• United States: ESIGN Act (2000) and UETA, with a technology-neutral approach but without a centralised trust list

• Asia-Pacific: APEC framework (e-Commerce Steering Group), with very heterogeneous levels of maturity depending on member countries

The UNCITRAL (United Nations Commission on International Trade Law) published in 2017 the Model Law on Transferable Electronic Documents and Signatures (MLETR), since adopted by Bahrain, Singapore, the United Kingdom, the UAE, Germany, France (Ordinance No. 2024-872) and a dozen other States. This law constitutes the foundation for a future worldwide standard for verifying electronic commercial documents.

The issue of languages and formats

A contract signed in Mandarin by a company based in Shanghai, using a certificate issued by a CA certified by the MIIT (Chinese Ministry of Industry and Information Technology), presents specific challenges. Neither European tools nor Adobe will automatically integrate this CA into their trust lists. Verification then requires:

• A request for a certificate of legalisation (digital apostille if the country has joined the HCCH e-Apostille)

• Recourse to a bilateral trust third party or an international chamber of commerce

• The use of a neutral verification platform accepted by both parties in the contract

Management of certificate revocation risk

A document may have been signed with a valid certificate at the time of signature, then this certificate may have been revoked subsequently (compromise of the private key, change in signatory status, failure of the CA). Verification of authenticity must therefore include a check of the Certificate Revocation List (CRL) or an OCSP (Online Certificate Status Protocol) request at the time of verification.

The ETSI EN 319 102-1 standard requires that qualified signatures integrate long-term validation evidence (LTV – Long Term Validation), allowing their validity to be verified even years after signature, regardless of the subsequent status of the certificate. Consult our comprehensive guide on eIDAS 2.0 regulation to deepen these long-term trust mechanisms.

Implementing a systematic verification procedure

Defining an internal verification policy

Faced with the complexity of verification in an international context, organisations must formalise a policy for verification of electronic signatures (PVSE) integrated into their document management system. This policy must specify:

• The levels of signature accepted according to the nature of the document (SES, AES or QES according to eIDAS)

• The formats of signature recognised (PAdES, XAdES, CAdES, JAdES)

• The lists of CAs accepted for each partner geographical area

• Procedures for manual verification for non-standard cases

• Time limits for preserving proof of authenticity

Automating verification via APIs

For organisations processing large volumes of international documents, manual verification is untenable. Modern signature platforms, including Certyneo, expose REST verification APIs allowing automatic control of authenticity in documentary flows (ERP, TMS, customs platforms). Such integration allows automatic verification of each document upon receipt, logging of the result and alerting in case of anomaly.

The Certyneo ROI calculator will allow you to estimate the productivity gains related to automating these verifications in your organisation.

Training operational teams

Technology alone is not sufficient. Customs, procurement, legal and financial teams must be trained to recognise warning signs: absence of proof report, non-cryptographic image signature, expired certificate or issued by an unrecognised CA. Annual training, coupled with documented procedures, significantly reduces the risk of accepting a fraudulent document. Our electronic signature glossary constitutes a useful educational resource for training your teams in fundamental concepts.

Legal framework applicable to verification of authenticity in international commerce

The eIDAS regulation and its evolution into eIDAS 2.0

In Europe, the legal foundation for verifying the authenticity of electronic signatures is the Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014, called the eIDAS regulation. Its Article 25 sets out the fundamental principle: a qualified electronic signature (QES) has the legal effect of a handwritten signature and enjoys a presumption of reliability. Article 32 specifies the requirements for validating qualified electronic signatures, referring to ETSI technical standards.

Since May 2024, the Regulation (EU) 2024/1183 (eIDAS 2.0) strengthens this framework by introducing the European Digital Identity Wallet (EUDIW), qualified electronic attribute attestations and enhanced governance of QTSPs. It also extends the recognition of European qualified signatures towards private sector entities.

French law: Civil Code and transposition

Under French law, Articles 1366 and 1367 of the Civil Code (derived from Ordinance No. 2016-131) consecrate the probative value of electronic writing and electronic signature. Article 1366 specifies that electronic writing has the same probative force as writing on paper support, provided that the person from whom it emanates can be duly identified and that the writing is drawn up and retained in conditions likely to guarantee its integrity. Article 1367 defines the electronic signature and refers to the conditions set by decree (Decree No. 2017-1416 of 28 September 2017).

MLETR and international law

At the international level, the UNCITRAL Model Law on Transferable Electronic Documents and Signatures (MLETR, 2017) constitutes the reference for dematerialised commercial documents (bills of lading, bills of exchange, warehouse receipts). Its Article 10 requires that any system for controlling transferable electronic documents be reliable and appropriate to the context. France transposed it via Ordinance No. 2024-872 of 27 September 2024.

GDPR and preservation of evidence

Verification of authenticity often involves the processing of personal data (identity of the signatory, behavioural biometric data). Regulation (EU) 2016/679 (GDPR), in particular its Articles 5 (principles relating to processing), 17 (right to erasure) and 89 (archiving), governs the duration and methods of retaining verification evidence. In practice, signature audit reports must be retained for the duration of the limitation period applicable to the document in question — up to 10 years for commercial acts (Article L.110-4 of the Code of Commerce) — which may conflict with the principle of data minimisation.

Liability in case of deficient verification

Acceptance of a document whose signature has not been duly verified can engage the contractual and tort liability of the organisation. In case of documentary fraud facilitated by lack of verification, Articles 1240 and 1241 of the Civil Code can be invoked. Furthermore, the NIS2 Directive (EU) 2022/2555, transposed in France by Law No. 2024-659 of 22 July 2024, imposes requirements on operators of vital importance and essential entities for the security of information systems including the verification of integrity of electronic exchanges.

Use scenarios: verification of authenticity in international commerce

Scenario 1: A European importer-exporter handling several hundred contracts annually

A European industrial SME specialising in the import-export of electronic components manages approximately 350 supplier contracts per year, with counterparties located in South-East Asia, North America and the Middle East. Before implementing a systematic verification procedure, its procurement teams accepted electronically signed contracts without checking the validity of certificates or the presence of a qualified time stamp. Following a dispute with a Malaysian supplier contesting the date of an electronically signed purchase order, the company suffered damages estimated at several tens of thousands of euros.

By deploying an automatic verification API integrated into its ERP and adopting a policy requiring signatures at the AES minimum level for contracts under €50,000 and QES for higher amounts, the SME reduced documentary dispute handling time by 90% and eliminated incidents of accepting expired certificates. Return on investment was achieved in less than 8 months.

Scenario 2: A customs freight forwarder managing multi-country electronic declarations

A customs freight forwarder operating for approximately 80 active clients processes daily certificates of origin, packing lists and commercial invoices electronically signed emanating from 15 different countries. The diversity of formats (PAdES for European documents, XML signatures for Asian documents, hybrid paper-digital documents for some African countries) made manual verification extremely time-consuming — approximately 45 minutes per complex file.

By integrating an electronic signature platform compliant with eIDAS with a multi-format verification module, the freight forwarder reduced this time to less than 5 minutes per file thanks to automated verification, a reduction of 89% of processing time. Customs compliance (simplified clearance regime OEA) was also strengthened, reducing customs blockages by 40% over a comparable scope.

Scenario 3: An international law firm specialising in cross-border contract law

A business law firm with twenty partners and specialising in Europe-Asia cross-border M&A transactions is regularly required to verify the authenticity of documents signed by parties established in countries that do not recognise the eIDAS framework. For due diligence, each signed document (NDA, term sheets, agreement protocols) must be verified before being filed.

The firm adopted a two-level procedure: automatic verification by platform for documents in standard digital format, and recourse to a recognised certifying third party (bilateral chamber of commerce or electronic notary) for documents from countries without eIDAS equivalent. This approach made it possible to produce more robust due diligence reports, reducing requests for clarification from acquirers by 35% and reducing transaction closing times on average by 12 business days. To learn more about tools dedicated to legal professionals, consult our page dedicated to electronic signature for law firms.

Conclusion

Verifying the authenticity of a signed document in the international commerce sector is a requirement that is at once technical, legal and organisational. Cryptographic mechanisms (PKI, digital certificates, qualified time stamps), regulatory frameworks (eIDAS 2.0, MLETR, Civil Code) and verification tools (DSS, validation APIs, audit trails) form a coherent ecosystem, provided it is approached holistically.

Organisations that automate and formalise their verification procedures drastically reduce their exposure to documentary fraud, accelerate their contractual cycles and strengthen their regulatory compliance. Conversely, the absence of a procedure exposes them to considerable financial and reputational risks.

Certyneo accompanies you in establishing a signature and verification infrastructure compliant with the requirements of international commerce. Create your account free of charge and discover how our platform simplifies the verification of authenticity of your cross-border documents today.