Understanding document signing terminology. From audit trails to zero-knowledge proofs, find clear definitions for every term you will encounter.
An immutable, chronological record of all events associated with a document, from creation through final disposition. Each audit entry in Ratifio is cryptographically chained to prevent retroactive modification, capturing action type, actor identity, IP address, user agent, timestamp (sourced from a trusted time-stamping authority), and event-specific metadata. This produces a forensically sound evidence package suitable for regulatory inspection.
The complete, verifiable record of every entity that has had control of a document, from origination through execution to long-term retention. Ratifio implements chain of custody through cryptographic document hashing at ingestion, tamper-evident storage with integrity verification, and an immutable audit log that records every access and transformation. This satisfies the chain-of-custody requirements for admissibility under the Civil Evidence Act 1995.
A cryptographic signature scheme based on asymmetric key pairs that guarantees document integrity, signer authentication, and non-repudiation. Digital signatures apply a hash function to the document content and encrypt the result with the signer's private key, allowing any party with the public key to verify authenticity. Ratifio's implementation conforms to PAdES, XAdES, and CAdES standards for regulated environments.
A data construct in electronic form that is logically associated with other data in electronic form, used by a signatory to sign, as defined under EU Regulation 910/2014 (eIDAS). Electronic signatures range from simple (SES) to qualified (QES), each with distinct evidentiary weight and legal presumptions. Ratifio implements all three tiers with full audit provenance.
A natural or legal person who possesses the authority to execute a document and thereby create legally binding obligations. In regulated industries, signatory authority is subject to specific requirements — for example, a firm's compliance officer may need to counter-sign certain documents. Ratifio supports multi-party signing workflows with configurable signing order to enforce authority hierarchies.
A natural person identified within a signing campaign who is required to apply their electronic signature to one or more documents. Each signer in Ratifio receives a cryptographically unique token that binds their identity to the signing session. All signer actions are recorded with IP address, user-agent, and timestamp for regulatory audit purposes.
A manuscript signature applied to a physical document using ink. In regulated contexts, wet signatures create chain-of-custody challenges: physical documents can be lost, damaged, or tampered with without detection. Ratifio replaces wet signature workflows with cryptographically verifiable electronic alternatives that exceed the evidentiary value of ink-on-paper.
The systematic control of an organisation's records throughout their lifecycle — from creation and classification through active use, retention, and disposition. In regulated industries, records management is not optional: regulators require that firms maintain complete, accurate, and accessible records for prescribed periods. Ratifio provides the infrastructure for compliant records management, including automated retention scheduling, integrity verification, and secure disposition with audit-logged destruction certificates.
An electronic signature satisfying the four requirements of eIDAS Article 26: (a) uniquely linked to the signatory, (b) capable of identifying the signatory, (c) created using electronic signature creation data under the signatory's sole control, and (d) linked to the data signed therewith in such a way that any subsequent change in the data is detectable. AES occupies the middle tier of the eIDAS hierarchy and is the standard level for most regulated-industry signing workflows in Ratifio.
The body of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML obligations require firms to maintain accurate records of transactions and client documentation. Ratifio supports AML compliance by ensuring that all signed documents — including client declarations, risk assessments, and compliance certifications — are stored immutably with full audit provenance for the regulatory retention period.
EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market. eIDAS establishes the legal framework for electronic signatures, seals, timestamps, delivery services, and website authentication certificates, creating a three-tier signature hierarchy (SES, AES, QES) with distinct evidentiary presumptions. Ratifio's architecture is designed to satisfy the technical requirements of all three tiers, including integration with EU-qualified Trust Service Providers.
The Electronic Signatures in Global and National Commerce Act (15 U.S.C. §§ 7001-7031), enacted in 2000, which grants electronic signatures and records the same legal standing as their paper equivalents in interstate and international commerce. ESIGN requires consumer consent for electronic records and imposes specific retention obligations. Ratifio's implementation satisfies ESIGN's requirements for consent capture, record integrity, and accessibility — critical for regulated entities operating under US jurisdiction.
Adherence to the rules, principles, and guidance issued by the Financial Conduct Authority, the UK's financial services regulator. For document signing in regulated environments, FCA compliance encompasses requirements for record-keeping (SYSC 9), client communication (COBS 4), and systems and controls (SYSC 3). Ratifio's signing infrastructure is designed to satisfy these requirements through comprehensive audit logging, tamper-evident storage, and configurable retention periods.
Article 30 of the General Data Protection Regulation, which requires data controllers and processors to maintain records of their processing activities. These records must include categories of data processed, purposes, recipients, transfers, and retention periods. Ratifio maintains Article 30-compliant processing records for all document signing activities and provides exportable records to support clients' own GDPR compliance obligations.
The regulatory process of verifying the identity and assessing the suitability of clients before and during a business relationship. KYC documents — identity verification, proof of address, source of funds declarations — are frequently collected and signed electronically. Ratifio provides a compliant channel for capturing KYC signatures with the audit evidence required to satisfy the Money Laundering Regulations 2017 and FCA guidance on client due diligence.
The Markets in Financial Instruments Directive II (2014/65/EU), the EU legislative framework governing investment services and financial markets. MiFID II imposes extensive record-keeping requirements, including the retention of all communications and documents related to client transactions for a minimum of five years. Ratifio supports MiFID II compliance through immutable document storage, comprehensive audit trails, and configurable retention schedules that can extend to seven years or beyond.
The most legally privileged electronic signature tier under eIDAS, created using a Qualified Electronic Signature Creation Device (QSCD) and based on a qualified certificate for electronic signatures issued by a qualified Trust Service Provider listed on an EU Member State's trusted list. QES enjoys a unique legal presumption: it is presumed to have the legal effect of a handwritten signature (Article 25(2) eIDAS). Ratifio integrates with multiple qualified TSPs to deliver QES for high-value regulated transactions.
A formal examination conducted by a regulatory body (such as the FCA, PRA, or HMRC) to assess an organisation's compliance with applicable rules and requirements. During a regulatory audit, firms must produce complete, unaltered records of transactions and communications. Ratifio's immutable storage, cryptographic integrity verification, and exportable audit trails are designed specifically to satisfy the evidence requirements of regulatory inspections.
The base tier of electronic signature under eIDAS (Article 3(10)), defined as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. SES has no specific technical requirements beyond this definition, and its evidential weight depends on the supporting evidence (audit trail, authentication measures) rather than legal presumption. Ratifio augments SES with comprehensive audit metadata to maximise its probative value in regulated contexts.
The principle that data is subject to the laws and governance structures of the jurisdiction in which it is stored or processed. For regulated industries, data sovereignty determines which country's regulators have authority over the data and which legal frameworks apply. Ratifio offers jurisdiction-specific data storage to ensure that signed documents and audit data remain under the regulatory authority that the client's compliance framework requires.
A security property that prevents a signatory from credibly denying that they signed a document. Non-repudiation is achieved through a combination of strong authentication, cryptographic signing, timestamping, and comprehensive audit logging. Ratifio implements non-repudiation at multiple layers: identity verification at signing, cryptographic binding of the signature to the document, trusted timestamping, and an immutable audit trail capturing the full signing ceremony.
The Payment Card Industry Data Security Standard — a set of security requirements for organisations that handle cardholder data. While document signing platforms do not typically process payment card data directly, PCI DSS compliance is relevant when signed documents contain card details or when the platform integrates with payment processing workflows. Ratifio's security architecture aligns with PCI DSS requirements for encryption, access control, and audit logging.
A deterministic cryptographic function that maps arbitrary-length input to a fixed-length output (digest), designed to be pre-image resistant, second pre-image resistant, and collision resistant. Ratifio uses SHA-256 for document integrity verification at ingestion and SHA-512 for long-term archival hashing. The hash is recorded in the audit trail and can be independently computed by any party to verify document integrity, conforming to NIST FIPS 180-4.
A mechanism for ensuring that digital signatures remain verifiable long after the signing certificates have expired or been revoked. LTV embeds all the information needed for signature validation — certificates, revocation data (CRL/OCSP responses), and timestamps — directly into the signed document. Ratifio implements LTV conforming to PAdES B-LTA, ensuring signatures remain cryptographically verifiable for decades without relying on external services.
A hierarchical trust framework comprising certificate authorities (CAs), registration authorities (RAs), certificate revocation mechanisms (CRL/OCSP), and cryptographic key management procedures that collectively enable the issuance, distribution, and verification of digital certificates. PKI underpins the AES and QES signature tiers by binding a signatory's identity to a cryptographic key pair. Ratifio's PKI integration supports X.509v3 certificates from multiple trust service providers and conforms to ETSI EN 319 411 standards.
A cryptographic construct that binds the document content, signature data, timestamp token, and audit trail into a single verifiable unit. Any modification to any component will cause the seal verification to fail, producing a clear indication of tampering. Ratifio's tamper-evident seals conform to PAdES B-LT (PDF Advanced Electronic Signatures with Long-Term validation) to ensure verifiability beyond the validity period of the signing certificate.