Compliance and conformance
At a glance
Section titled “At a glance”NextPDF Premium capabilities are built to conform to recognized document, signature, e-invoicing, and cryptographic standards. This page shows which standard each capability conforms to, so you, your auditors, and your buyers can understand the conformance posture before you commit.
One boundary governs every claim below: producing the artifacts a standard requires is a capability, not a verdict. NextPDF creates the structure a profile defines; an independent validator, a conformance checker, or the receiving authority decides whether a specific file conforms. The conformance section documents that boundary in full, and the open-source core uses the same posture for the profiles it targets.
Each normative claim below cites its standards body with a stable reference in the verification corpus. No standards text is reproduced; NextPDF summarizes the clauses in its own words.
Document standards conformance
Section titled “Document standards conformance”NextPDF Enterprise targets the PDF/A-4 archival profile (ISO 19005-4), the Portable Document Format (PDF) 2.0 file format profile for long-term preservation of electronic documents. Archival conformance means a document includes the structure a preservation profile requires: embedded resources, identification metadata, and the color characteristics the profile defines, so the document renders the same way far into the future.
A conforming file declares its profile through a standard identification schema in the document metadata. That declaration states the producer’s intent; it does not make the file conform on its own. A validation process outside the producing software makes that determination, so a clean validator run is evidence of conformance, not a self-issued certificate. See the PDF/A-4 conformance page for the open-core posture this builds on.
| Capability | Conforms to | Edition |
|---|---|---|
| Archival document profile | PDF/A-4 (ISO 19005-4) long-term preservation profile | Enterprise |
Signature and trust conformance
Section titled “Signature and trust conformance”NextPDF signing follows the PDF Advanced Electronic Signatures (PAdES) baseline signature profiles defined by the European Telecommunications Standards Institute (ETSI) EN 319 142-1. The standard defines four baseline levels for interoperability across the full life cycle of a signature:
- Baseline (B-B). Establishes the signature and the basic protection it carries.
- Trusted timestamp (B-T). Binds trusted time to the signature so its time is provable.
- Long-term (B-LT). Includes the validation material a verifier needs to check the signature later.
- Long-term with archival timestamp (B-LTA). Targets long-term availability and integrity of the validation material, so the signature remains verifiable for years as cryptographic recommendations evolve.
NextPDF Pro delivers the baseline level; NextPDF Enterprise adds the trusted-timestamp and long-term archival levels. These profiles support signatures in the European legal-recognition framework: under Regulation (EU) 910/2014 (electronic identification, authentication, and trust services, known as eIDAS), an electronic signature is not denied legal effect or admissibility as evidence solely because it is electronic, and a qualified electronic signature carries legal effect equivalent to a handwritten signature. NextPDF produces signatures that conform to the profiles. The legal status of any given signature depends on the certificate, the trust service, and the jurisdiction, which sit outside the library.
| Capability | Conforms to | Edition |
|---|---|---|
| Baseline digital signature | PAdES B-B (ETSI EN 319 142-1) | Pro |
| Trusted-timestamp signature | PAdES B-T (ETSI EN 319 142-1) | Enterprise |
| Long-term signature | PAdES B-LT (ETSI EN 319 142-1) | Enterprise |
| Long-term archival signature | PAdES B-LTA (ETSI EN 319 142-1) | Enterprise |
| Legal recognition framework | Regulation (EU) 910/2014 (eIDAS) | Pro and Enterprise |
E-invoicing conformance
Section titled “E-invoicing conformance”NextPDF Pro produces electronic invoices that follow the European e-invoicing semantic model. EN 16931-1:2017 specifies the semantic data model for the core elements of an electronic invoice, and a compliant invoice instance follows that core model. This model underpins the ZUGFeRD and Factur-X hybrid invoice formats, which embed a structured invoice alongside a human-readable PDF so both people and machines can read the same document. See the ZUGFeRD / Factur-X conformance page for the open-core hybrid path this builds on.
| Capability | Conforms to | Edition |
|---|---|---|
| Standards-based e-invoicing | EN 16931 (core invoice semantic model); ZUGFeRD / Factur-X hybrid format | Pro |
Cryptographic assurance (FIPS)
Section titled “Cryptographic assurance (FIPS)”For deployments with cryptographic-assurance requirements, NextPDF Enterprise signing uses Federal Information Processing Standards (FIPS)-validated cryptographic modules. FIPS 140-3 is the United States standard for cryptographic module security requirements; it supersedes FIPS 140-2 and aligns with the international standard ISO/IEC 19790. A validated module means the cryptography behind a signature runs inside a module whose security has been independently tested and validated against a recognized standard, instead of in unverified code.
The hardware security module (HSM) and FIPS validation page covers hardware key custody, the classes of validated and tested modules, and the validation evidence you can request before you buy.
| Capability | Conforms to | Edition |
|---|---|---|
| FIPS-validated cryptography | FIPS 140-3 / ISO/IEC 19790 cryptographic module assurance | Enterprise |