Download and Archive Signed Documents for Public Supply Contracts

Introduction: Why Archiving Signed Documents is Critical in Public Supply Contracts

Winning a public supply contract is only the first step in a demanding administrative and legal process. Once contractual documents are electronically signed — commitment act, CCAP, CCTP, purchase order — they must still be downloaded, preserved and archived in strict compliance with applicable legal obligations. In France, these obligations combine public procurement law, eIDAS Regulation No. 910/2014 and electronic archiving standards. Neglecting this step exposes both the public buyer and the contractor to significant legal risks: contestation of the evidentiary value of the contract, rejection during an audit by the French Court of Audit, or loss of rights in case of dispute over contract execution. This article guides you step by step to download and archive your signed documents in full compliance.

---

Understanding the Regulatory Framework for Archiving in Public Contracts

Retention Periods Imposed by the Public Procurement Code

The Public Procurement Code (CCP) and instructions from France's National Archives Directorate set minimum retention periods for contractual documents. For a public supply contract, the general rule requires retention of 10 years from the end of the contract, in accordance with Instruction DAF/DPACI/RES/2009/018. This period aligns with the statute of limitations for contractual liability actions under Article 2224 of the Civil Code.

For contracts above European thresholds (currently €143,000 ex-VAT for central public buyers and €221,000 ex-VAT for other contracting entities according to European Commission delegated regulations in effect in 2026), complete traceability of the procedure is required, including dematerialized exchanges on digitalization platforms (buyer profiles).

The Evidentiary Value of Electronic Signatures Under eIDAS

Regulation eIDAS No. 910/2014 distinguishes three levels of electronic signature: simple, advanced and qualified. In the context of public supply contracts, advanced or qualified electronic signature is recommended — or even required by certain public buyers — to guarantee the integrity and authenticity of the signed document.

The qualified electronic signature under eIDAS benefits from a legal presumption of reliability under Article 25 of the regulation: it has legal effect equivalent to a handwritten signature in all EU Member States. To preserve this evidentiary value over time, it is essential to apply qualified time-stamping and integrate the signed file into a compliant electronic archiving system (EAS).

The Obligation to Preserve the Seal and Metadata

Simply downloading a signed PDF is not enough. To ensure the legal value of the archive, you must preserve:

• The signed file in PAdES format (PDF Advanced Electronic Signatures, ETSI EN 319 132 standard) or XAdES for XML files;
• The complete certification chain of the signer's certificate;
• The qualified time-stamp token (RFC 3161);
• Transaction metadata: signer identity, date and UTC time, IP address, signature session identifier.

A simple PDF export without these elements will not allow you to prove the authenticity of the document before a judge or during Court of Audit control.

---

Step 1 — Download Signed Documents from the Signature Platform

Identify Available Export Formats

After all parties have signed (public buyer and contractor), your electronic signature platform must allow you to download several elements:

1. The signed document in PAdES format (PDF integrating signatures into file metadata);
2. The signature report or "signature certificate" — a separate file listing signatories, time-stamps, cryptographic hashes (SHA-256), and references to used certificates;
3. The complete ZIP archive comprising document + report + audit evidence.

Certyneo, for example, allows one-click export of a standardized ZIP archive containing all these elements for each act of your contract. To understand the differences between market solutions, consult our comparison of electronic signature solutions.

Verify the Integrity of the Downloaded File

Before any archiving, it is imperative to check the validity of the signature on the downloaded file. This verification can be performed:

• Via Adobe Acrobat Reader (Signatures panel);
• Via the online tool of LTANS or the European Commission (TSL trust list);
• Via the validation API of your signature provider.

A valid file will display a signature status of "Valid" with the complete trust chain to a qualified trust service provider (QSTP) listed on the European trust list.

Organize File Naming

Adopt a systematic naming convention to quickly locate your documents:

``` [YYYY-MM-DD]_[Contract-No]_[Doc-Type]_[Signed].[extension] Ex: 2026-05-26_2026-MP-042_Commitment-Act_Signed.pdf ```

This rigor facilitates audits and searches in your DMS (Document Management System).

---

Step 2 — Archive Signed Documents in Compliance with Standards

Choose Between Storage in a Secured DMS or a Certified EAS

There are two main approaches to archiving signed documents within the framework of public contracts:

Secured DMS: suitable for low-stakes contracts and organizations with robust IT infrastructure. It ensures file integrity through hashing but does not always offer the legal presumption of a certified EAS.

Electronic Archiving System (EAS) NF Z 42-013 / ISO 14641: the reference standard for compliant archiving in France. A certified EAS guarantees archive immutability, access traceability and format migration over the long term. This is the recommended solution for significant public contracts.

In the public sector, operators can rely on the Vitam Program (open-source archiving software developed by French ministries) or third-party approved archiving service providers.

Ensure the Long-Term Preservation of Signatures: Re-time-stamping

One often-overlooked risk is the expiration of signature certificates. A qualified electronic signature certificate typically has a lifespan limited to 1 to 3 years. Yet your contract must be preserved for 10 years.

The technical solution is periodic re-time-stamping (also called "archival time-stamp" in the CAdES/PAdES-LTA standard, defined by ETSI EN 319 122). This operation consists of affixing a new qualified time-stamp to the archive before the previous one expires, thereby maintaining the cryptographic trust chain.

Your EAS or signature provider must automate this operation. Certyneo natively integrates this mechanism for archives of signed documents, in compliance with the PAdES LTA (Long-Term Archival) standard.

Manage Access Rights and Consultation Traceability

In accordance with GDPR No. 2016/679 (Article 32) and information system security best practices, access to archives of signed documents must be controlled and traced:

• Strong authentication (MFA) for authorized users;
• Time-stamped access log recording every consultation, download or modification;
• Encryption at rest and in transit (TLS 1.3, AES-256);
• Backup plan respecting the 3-2-1 rule (3 copies, 2 different media, 1 offsite).

For public buyers managing a large volume of contracts, it is worthwhile to explore business electronic signature features that natively integrate these requirements.

---

Step 3 — Organize Post-Signature Workflow Management for Supplies

Integrate Archiving Into Your Procurement Process

Managing public supply contracts often involves several successive acts after the initial commitment act signature: purchase orders, amendments, reception minutes, accepted invoices. Each of these documents may constitute a contractual or evidential piece.

It is recommended to structure your archiving directory by contract, then by document type:

``` /Public-Contracts/ └── 2026-MP-042-Computing-Supplies/ ├── 01_Procedure/ ├── 02_Contractual/ │ ├── Commitment-Act_Signed.pdf │ ├── CCAP_Signed.pdf │ └── CCTP_Signed.pdf ├── 03_Execution/ │ ├── PO-001_Signed.pdf │ └── Reception-Minutes-001_Signed.pdf └── 04_Invoices/ ```

Automate Expiration and Purge Reminders

Configure automatic alerts in your DMS or EAS for:

• Re-time-stamping reminder 6 months before the last qualified time-stamp expires;
• Purge reminder at the end of the legal retention period (with human validation before deletion);
• Integrity alert in case of attempted modification of a protected archive.

These automations significantly reduce administrative burden and the risk of oversight, particularly for organizations managing dozens of simultaneous contracts. To assess potential productivity gains in your organization, you can use our electronic signature ROI calculator.

Document the Archiving Policy in a Quality Assurance Plan or Internal Procedure

For buyers subject to regular audits (local authorities, hospitals, public institutions), it is strongly advised to formalize an Archiving and Retention Policy (ARP) documenting:

• The types of documents subject to archiving;
• Retention periods by category;
• Those responsible for archive management;
• Tools and service providers used;
• Periodic integrity control procedures.

This documentation constitutes evidence of due diligence in case of litigation and facilitates onboarding for new staff. The Certyneo help center provides procedure templates tailored to public contracts.

Legal Framework Applicable to Archiving Electronically Signed Public Contract Documents

Civil Law and Evidentiary Value

French Civil Code establishes the foundations of the evidentiary value of electronic writing. Article 1366 states that "electronic writing has the same probative force as writing on paper medium, provided that the person from whom it emanates can be duly identified and it is established and preserved under conditions ensuring its integrity." Article 1367 defines electronic signature as "the use of a reliable identification procedure guaranteeing its link with the act to which it is attached."

These two articles establish that preservation under conditions guaranteeing integrity is not optional, but a sine qua non condition of the evidentiary value of the archive.

eIDAS Regulation No. 910/2014 and Its Implementing Acts

eIDAS Regulation No. 910/2014 (and its evolving eIDAS 2.0 currently being transposed) constitutes the European regulatory foundation. Its Article 25 establishes the presumption of reliability of qualified electronic signature, while Articles 41 and 42 define requirements applicable to qualified trust service providers, notably qualified electronic time-stamping service providers.

ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) standards define technical formats for advanced and qualified electronic signatures preserving long-term evidentiary value. The PAdES-LTA (Long-Term Archival) level is that recommended for public contract archives.

Public Procurement Code and Archiving Instruction

Ordinance No. 2018-1074 establishing the Public Procurement Code and Decree No. 2016-360 on public contracts establish the dematerialization framework. Instruction DAF/DPACI/RES/2009/018 from France's National Archives Directorate sets the retention periods applicable to public contract documents: 10 years after contract completion for contracts, 5 years for associated accounting documents.

GDPR No. 2016/679

General Data Protection Regulation (GDPR) applies whenever archived documents contain personal data (signer's name, contact details, etc.). Article 5(1)(e) imposes the principle of storage limitation: data cannot be retained beyond the period necessary for the purposes for which they are processed. A processing activities register (Article 30) must document the archiving of contractual documents. At the end of the legal retention period, a purge or anonymization procedure must be implemented.

Legal Risks in Case of Non-Compliance

Failure to implement compliant archiving exposes you to several major risks: inadmissibility of evidence before administrative or civil courts, rejection of documentation during Court of Audit or regional audit chamber controls, CNIL sanctions potentially reaching 4% of annual worldwide turnover in case of GDPR violation, and personal liability of public officials responsible for preserving public archives.

Concrete Use Cases for Public Supply Contract Archiving

Scenario 1 — A Local Authority Managing Twenty Supply Contracts Per Year

A medium-sized local authority (approximately 50,000 residents) awards about twenty public supply contracts annually: computer supplies, office furniture, school supplies for its institutions, cleaning products. Before dematerialization, contractual documents on paper were stored in archived filing cabinets, with real risk of loss or degradation.

By deploying a qualified electronic signature solution coupled with a NF Z 42-013 certified EAS, the authority automatically downloads each signed document in PAdES-LTA format and integrates it into its dematerialized archiving directory. Integrity checks are automated quarterly. Result: approximately 70% reduction in time spent on post-signature document management (estimate consistent with feedback from DINUM in its 2025 dematerialization survey) and zero inaccessible documents during the last two audits by the regional audit chamber.

Scenario 2 — A Hospital Purchasing Group Awarding Medical Supply Contracts

A hospital purchasing group comprising several health institutions (approximately 1,200 beds total) centralizes its purchases of medical supplies and non-sterile medical devices through a purchasing group. Each contract involves multiple signatories: the purchasing group coordinator, the chief purchasing officer and sometimes a representative of the regional health agency.

The archiving challenge is here amplified by sector-specific obligations applicable to health (medical device traceability, ANSM inspection) and by the multiplicity of co-contracting institutions. By relying on a signature platform integrating an archiving module with access rights differentiated by institution, the group ensures that each member hospital can access its own documents while maintaining a secure central archive. The time for administrative processing post-award is reduced from 3 days to less than 4 hours for distribution and archiving of contractual documents.

Scenario 3 — An SME Holding a Public Supply Contract

A mid-size industrial company (approximately 400 employees, €80M in revenue) regularly wins public supply contracts from multiple public buyers. As a contractor, it must retain commitment acts, issued purchase orders and signed delivery minutes, notably to justify claims during invoice collection and protect itself against any dispute over performance.

By integrating the signature solution into its ERP via an API, the company automates the download and filing of signed documents in its internal DMS upon completion of each signature. Annual financial audits benefit from immediate access to all contractual evidence, reducing audit preparation time by 40 to 50% according to sector benchmarks published by management consulting firms.

Conclusion

Downloading and archiving signed documents for a public supply contract is not merely an administrative formality: it is a legal obligation with potentially serious consequences for non-compliance. From PAdES-LTA format to ten-year preservation through periodic re-time-stamping, each step requires technical rigor and legal vigilance. eIDAS Regulation, Civil Code and public archiving instructions form a constraining yet coherent framework, which modern electronic signature tools allow you to respect without friction.

Certyneo supports public buyers and contract holders in bringing their signature and archiving processes into compliance, with native compliant preservation features and standardized export. Discover how to simplify your document management today by creating your Certyneo account or checking our pricing.