[Muromec]

Pdf signatures are a joke and entire wrb e-signature space is snake oil sales. Source: worked for docusign competitor and seen how signing twice works.

We at least did the print to pdf thingy ourserves on the backend to save users from this shame.

Add: you can in fact sign the pdf multiple times with a digital signature, which is an actual feature of PDF format. You can't however add electronic (drawn) signature on top of the digital one without (partially) invalidating previous ones. And to nobody's surprise, you can't see digital signatures if you decide to print the document with it.

So pick your poison.

[shinycode]

In France/EU we can use certified eIDAS signature for documents. It’s not free but it makes the signature not worth nothing

[Muromec]

pdf signatures are certainly not worth nothing, in fact they are eIDAS compliant. It's just the government being the government so it's left hand doesn't trust the right one.

What eIDAS actually solves is not signatures, but strong identification. You log into the system and it knows your tax id or whatever primary identifier you have. It's promoted as a secure way to sign documents, but it's just technofetishism.

Non-repudiation isn't even a technical problem, as you can have verbal contracts too. Replying to an email is totally fine way to enter into a contract too, but something like invoices have to be signed or stamped (or both). If you request something from the government (in the Netherlands), ticking a checbox and pressing a button is totally legit and you don't have to dance around ECDSA for a single moment, because the left hand trust the right hand.

Now if somebody is conspiring with a tax officer to commit VAT refund fraud and then telling to the judge they didn't send any refund and never got any money -- it's not checkboxes and pdfs to blame really.