The present document has the purpose to propose a set of practices applicable to the various security related aspects of signing fiscally relevant documents when issued and storing them for the legally required time. It is based on the results of a survey carried out on what practices are actually in place in the five most populated European Union Member States (France, Germany, Italy, Spain, UK). The present document specifically addresses trust service providers supporting signing and storage services for fiscally relevant documents, regarding business accounting for corporate entities in several European Member States. In particular it is suitable for Value Added Tax (VAT) purposes although it is applicable also to other fiscally relevant documents. The present document does not directly address requirements for accounting for individuals. The practices identified in the present document are independent of the type of document or information being protected.
The present document addresses solely the Advanced Electronic Signature based solution. It is recognized that other suitable measures, not employing Advanced Electronic Signatures, and hence are outside the scope of the present document, may be applied to assure the authenticity and integrity of digital accounting documents. It should be noted that the reliability of such alternative measures generally depend on the trustworthiness of the organization and may require independent assessment of the technical and organizational measures applied. Advanced Electronic Signature may be used to augment existing measures to provide even higher security, or to reduce the need for other controls