Signatures on declarations of completeness – a how-to guide
When submitting a declaration of completeness, the instructed auditor must sign both the producer declaration and the audit confirmation. The documents must then be uploaded to the LUCID Packaging Register.
The upload will only work if the signature complies with certain requirements.
The only type of digital signature permitted is the qualified electronic signature (QES); advanced and simple signatures are not allowed. You will need a qualified certificate on a secure signature card, a chip card reader and corresponding signature software to produce a qualified electronic signature. Another option is a remote signature using a mobile device and 2-factor authentication.
Signature cards obtained from trust services often require explicit activation, and signatures from signature cards that have not been activated cannot be verified.
The signature card also has to be valid, i.e. if the signature card's validity period has expired, it can no longer be used to sign documents.
The signature/ signature software has to be compatible with PDF version 1.4.
Information stored in the electronic signature is encrypted, and the encryption process used must comply with current eIDAS Regulation requirements.
Successful uploading: What you should know
The seal of the Zentrale Stelle Verpackungsregister (Central Agency Packaging Register – ZSVR) is added automatically when the producer declaration is generated. Do not print and re-scan the producer declaration after downloading it, as this will damage the seal, rendering it invalid. In other words, the signature must be added to the unchanged digital version of the producer declaration.
Please note that:
uploaded documents may not be password-protected;
file names may not contain special characters; and that
documents must be provided as PDF files.
Providers of QES and technical information
A qualified electronic signature (QES) is the digital equivalent of a traditional handwritten signature. Its purpose is to verify the author of a declaration in electronic data transfers over the long term, making QES the legal counterpart to a handwritten signature.
The signature card anchored with a qualified certificate can be ordered from a qualified trusted services provider (trust service). For a current list of trust services recognised by the European Commission, please refer to eidas.ec.europa.eu/efda/tl-browser/. Certificates from these trust services are recognised in the European Economic Area.
Users identify themselves to the trust service and are then registered by the service.
When digital signatures are verified, the software can determine whether the signed data have been changed after the signature process. The author of the signature can also be determined during the verification process by reading the certificate. This certificate is secured by a trust service. The use of a password or PIN prevents unauthorised third parties from using the certificate.