← Back to all articles

What is a Legal Evidence Pack and what goes in it?

SealDoc Team · · 5 min read

Storing a document is not the same as having proof that the document existed.

If a tax authority, court, or regulatory body asks you to prove that a specific invoice was sent on a specific date, that a contract was signed before a deadline, or that a compliance report was filed in its original unaltered form, producing the document itself is not sufficient. You need to demonstrate that the document is genuine, unaltered, and that its timestamp is trustworthy.

That is what a Legal Evidence Pack provides.

What it is

A Legal Evidence Pack is a structured archive that combines a document with the evidence needed to verify it. It answers four questions that a document alone cannot:

  1. Did this document exist at this point in time?
  2. Has it been altered since then?
  3. Who processed it, when, and in what sequence?
  4. Does it conform to the applicable standard or format?

The pack bundles the evidence for all four questions into a single auditable artifact.

What it contains

A complete Legal Evidence Pack contains at minimum:

The document itself in a long-term archival format. For most compliance use cases, this is PDF/A-3: an ISO 19005 archival PDF that embeds all fonts, color profiles, and structured data, and is guaranteed to render identically in future viewers. A regular PDF is not sufficient because external font references, JavaScript, and linked resources can change or disappear.

An RFC 3161 timestamp bound to the document hash at the moment of creation. This timestamp is issued by a trusted timestamping authority and proves that the document existed in its exact form at a specific point in time. An RFC 3161 timestamp is the technical equivalent of a certified postmark: it is issued by a third party, verifiable offline, and cannot be retroactively moved. A file system modification date is not equivalent; it can be changed without a trace.

An audit trail recording every processing step that touched the document. Each entry in the audit trail includes: the step type (created, validated, signed, archived), the actor, a timestamp, and a hash of the document state at that step. The entries are linked by a hash chain so that tampering with any single entry invalidates all subsequent ones.

A validation report confirming that the document conforms to the applicable standard at the time of processing. For an invoice, this is EN16931 Schematron validation. For a contract, it may be a format check and a schema validation. The report is included in the pack as a structured artifact, not just a pass/fail flag.

A manifest with SHA-256 hashes of every file in the pack. This allows an auditor to independently verify that no file in the pack has been substituted or altered since the pack was created.

A Compliance Passport summarizing the above in a machine-readable and human-readable form. This is the artifact you hand to an auditor: one file that says “this document passed these checks, was timestamped at this time, and has this chain of custody.”

When you need one

Tax audit requirements vary by country, but the pattern is consistent across the EU: the document must be preserved in a form that proves integrity and allows verification. In Germany, the GoBD requires that electronic documents be archived in a way that prevents subsequent alteration and allows reconstruction of the original state. In France, the DGFiP requires similar guarantees. In the Netherlands, the Belastingdienst expects invoices to be archived for seven years in a verifiable form.

Court proceedings have similar requirements. If a contract dispute reaches litigation, the question “did this contract exist in this form on this date” is answered by evidence, not by your file server’s contents.

Regulatory inspections (NIS2, GDPR, sector-specific: healthcare, finance, insurance) increasingly require evidence of process, not just outcomes. An evidence pack provides both.

What a document alone does not give you

A PDF in a folder on a file server tells you nothing about:

  • Whether the PDF existed before today
  • Whether it has been modified since creation
  • What processing it went through before being stored
  • Whether it conforms to any applicable standard

All of those things require external evidence. An RFC 3161 timestamp establishes when. A hash chain establishes what sequence of events occurred. A validation report establishes conformance. The manifest establishes that none of the above has been tampered with.

Without the pack, you have a document. With the pack, you have proof.

The difference between archiving and evidence

Most document management systems provide archiving: the document is stored in a location that is not easily modified. Archiving solves the access and retention problem.

Evidence is different. Evidence means that the document’s existence, form, and provenance can be verified by a party who was not involved in creating it, using information that cannot be manipulated by the original custodian.

A hash timestamped by a third-party authority meets that bar. A file stored on your own server, with your own backup logs, and your own retention policies, does not. This is not a theoretical distinction. It is the question an auditor will ask.

SealDoc generates a Legal Evidence Pack as a structured output for every document it processes. The pack is a single ZIP file containing the PDF/A-3 document, the RFC 3161 timestamp token, the audit trail with hash chain, the validation report, and the manifest. Every component is machine-verifiable without contacting SealDoc: the timestamp can be verified against the issuing authority’s public certificate, the hashes can be recomputed from the files in the pack, and the audit trail chain can be validated locally.

If your organization needs to demonstrate document integrity to an auditor, regulator, or court, the evidence pack is the artifact you produce. It requires no further preparation because the evidence was captured at the moment of processing.

← Back to all articles