Notifications
Clear all
Topic starter
24/06/2026 7:33 pm
TL;DR: As AI-driven fraud and identity misuse increase, Document Trust Manager centralises signing assurance, key management, and verification for digital documents, according to DigiCert, while enterprise eSignature adoption has grown 400% since 2019. The governance problem is no longer just document workflow, but cryptographic proof of signer identity and integrity at scale.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Enterprise adoption of eSignatures has grown by 400% since 2019.
Questions worth separating out
Q: How should organisations govern digital document signing in regulated environments?
A: They should treat signing as an identity and lifecycle control, not just a document feature.
Q: Why does AI make document fraud harder to detect?
A: AI lowers the cost of producing convincing forged content, manipulated approvals, and false identity cues.
Q: What breaks when signing keys are spread across teams and regions?
A: Auditability breaks first, followed by consistent access control and revocation.
Practitioner guidance
- Inventory signing authorities and certificate owners Build a complete register of document signing certificates, private keys, business owners, and approval paths across regions and departments.
- Separate signing authority from convenience tooling Review whether desktop tools, e-signature platforms, and local workflows create hidden signing paths that bypass policy.
- Tie document signing to lifecycle revocation Ensure certificate revocation, key retirement, and signer offboarding are part of the same process that grants signing authority.
What's in the full announcement
DigiCert's full press release covers the operational detail this post intentionally leaves for the source:
- The specific workflow changes behind centralised signing assurance management and how they fit into existing enterprise processes.
- The named product capabilities for secure certificate and private key storage, including how the signing flow is structured.
- The compliance support details for eIDAS2, ZertES, and AATL that matter to legal and audit teams.
- The pre-integration and counter-signing features that implementation teams would need to evaluate before rollout.
👉 Read DigiCert's press release on document trust management and AI fraud →
Digital document integrity and AI fraud: what IAM teams need to know?
Explore further
25/06/2026 4:53 am
Digital document trust is becoming an identity governance problem, not just a signing problem. Once AI-generated content makes fraud cheaper and faster, the organisation must prove signer identity, certificate custody, and document integrity as one control plane. That shifts document signing out of a narrow workflow discussion and into IAM, PKI, and audit governance. Practitioners should treat signed documents as identity-bearing artefacts, not static files.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which helps explain why document signing and other credential-bearing workflows remain vulnerable to misuse.
A question worth separating out:
Q: Who is accountable when a signed document is fraudulent?
A: Accountability sits with the organisation that granted and governed signing authority, not with the signature artifact alone. Teams responsible for IAM, PKI, compliance, and records retention all share part of the control chain. If the signer was not properly proofed, or the key was not controlled, the governance failure is upstream of the fraudulent document.
👉 Read our full editorial: Document trust management for AI fraud and digital signatures
