Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
- FROM
- —
- CLOUD ACT
- DIRECT
A single roll-up of ownership and CLOUD Act exposure.
E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).
Tresorit eSign, in the E-signature category, offers EU hosting with Ireland as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.
Tresorit eSign is the electronic-signature module of Tresorit AG (Zurich; sole shareholder Swiss Post, the Swiss state-owned operator) and is the directory's only e-signature option combining zero-knowledge end-to-end encryption with eIDAS Qualified Electronic Signatures, the latter issued through a partnership with the EU Qualified Trust Service Provider Evrotrust (Bulgaria) rather than by Tresorit itself; ISO/IEC 27001:2022 certified, runs on Microsoft Azure with a default EU storage region of Ireland and customer-selectable EU residency. CLOUD Act exposure is material because Azure is a US-owned hyperscaler in the at-rest path, but the zero-knowledge architecture means Azure holds ciphertext only and Tresorit holds no keys; held at 4/5 by that US storage sub-processor and the absence of a public standalone DPA URL (request-based), with state-anchored Swiss-Post ownership and the E2E + QES combination as the offsetting strengths. For pure-EU-sovereignty buyers the one category option with no US-owned infrastructure in the at-rest path is Skribble (CH, cloud_act_exposure: none); the Namirial-group QTSPs (Universign FR, Signaturit ES) are no longer a cleaner alternative here, since their 2025 Bain Capital (US private-equity) ownership and AWS-at-rest hosting put them at material too, without Tresorit's zero-knowledge mitigation.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Where ultimate control over the operating company sits.
Tresorit eSign is the electronic-signature module of Tresorit AG (Pfingstweidstrasse 60b, 8005 Zurich; CHE-349.825.210), the zero-knowledge end-to-end-encrypted cloud-storage company that has been a wholly-owned subsidiary of Swiss Post (the Swiss state-owned postal and digital-services operator) since 2021. Launched as a product around 2022, eSign is the directory's only e-signature listing that combines genuine zero-knowledge, end-to-end encryption of the document workflow with full eIDAS Qualified Electronic Signatures (QES). Tresorit is not itself a Qualified Trust Service Provider; the QES tier is issued through a partnership with Evrotrust, an EU-listed QTSP (Bulgaria), and obtaining a qualified signature requires ID/passport plus video identification of the signer, in line with eIDAS. The product also offers simple electronic signatures, Long Term Validation (signature validity guaranteed for 5, 10, or more years), drag-and-drop fillable fields, and signing from any device without a Tresorit account.
For an EU-sovereignty audit the posture mirrors Tresorit's storage listing. The infrastructure is Microsoft Azure, with the default data-at-rest region in Ireland (EU) and customer-selectable EU residency (Germany, France, Netherlands and others) on Business and Enterprise plans; the company is ISO/IEC 27001:2022 certified (TÜV Rheinland) and aligned with GDPR plus a broad regulated-industry set. The directory records cloud_act_exposure: material because Azure is a US-owned hyperscaler sitting in the at-rest path, but the zero-knowledge architecture means Azure stores ciphertext only and Tresorit holds no keys, so compelled disclosure yields no readable content. The two transparency gaps carried over from the storage listing apply here too: there is no public standalone DPA URL (the DPA is delivered to business customers on request) and the sub-processor list is published via the Tresorit help centre rather than a dedicated legal page. Ownership is Swiss-state-anchored (ownership_signal: other: Switzerland, with Swiss Post as sole shareholder).
Pricing is paid: licences are around €5/month per user, with per-signature pricing of roughly €0.3 for a simple electronic signature and €2.5 for an EU Qualified electronic signature, and a small free quota (about 10 simple and 6 qualified signatures) for evaluation. Best fit: regulated teams (legal, healthcare, finance, security-conscious businesses) already standardised on Tresorit's encrypted storage who want qualified signatures inside the same end-to-end-encrypted workspace rather than bolting on a separate signing platform. Buyers whose priority is the cleanest ownership-and-sub-processor story for purely-EU workflows should look to Skribble (Switzerland, no CLOUD Act exposure); the Namirial-group QTSPs Universign (France) and Signaturit (Spain), once the benchmark here, now carry the same material exposure (AWS at rest) plus a US-private-equity parent (Bain Capital, 2025) and, unlike Tresorit eSign, no zero-knowledge encryption to offset it. Tresorit eSign's differentiator remains the zero-knowledge-encryption-plus-QES combination, which none of the other listed options match.
Transactional and notification emails (data in Ireland/EU)
Primary hosting (E2E-encrypted content stored in Ireland/EU) and application performance monitoring
Transactional and notification emails
Payment processing
Two-factor authentication (voice and SMS)
Customer support tools
Subscription billing, invoicing and management
EU Qualified Trust Service Provider; issuance of eIDAS Qualified Electronic Signatures and signer identity verification
Affiliate sub-processor delivering Tresorit services
Affiliate sub-processor delivering Tresorit services
| Vendor | Country | Purpose | Owner |
|---|---|---|---|
| Amazon Simple Email Service (SES) | United States | Transactional and notification emails (data in Ireland/EU) | US |
| Microsoft Azure | United States | Primary hosting (E2E-encrypted content stored in Ireland/EU) and application performance monitoring | US |
| SendGrid (Twilio) | United States | Transactional and notification emails | US |
| Stripe | United States | Payment processing | US |
| Twilio | United States | Two-factor authentication (voice and SMS) | US |
| Zendesk | United States | Customer support tools | US |
| Zuora | United States | Subscription billing, invoicing and management | US |
| Evrotrust Technologies AD | Bulgaria | EU Qualified Trust Service Provider; issuance of eIDAS Qualified Electronic Signatures and signer identity verification | EU |
| Tresorit GmbH | Germany | Affiliate sub-processor delivering Tresorit services | EU |
| Tresorit Kft. | Hungary | Affiliate sub-processor delivering Tresorit services | EU |
Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.
Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.