The PDF is the universal currency of certificates of analysis. Vendors email them, post them, and link to them as if the file itself were proof. But the PDF was designed for one purpose — to make a document look the same everywhere — and it was never designed to be trustworthy. Understanding why is the single most clarifying idea in compound verification.
A PDF Is a Presentation, Not a Proof
A PDF preserves layout. That is its entire job and it does it well. What it does not do is preserve truth. The format makes no promise that the values shown were ever real, ever produced by a lab, or ever describe the material in front of you. It is a frame, and a frame is indifferent to the honesty of the picture inside it. A beautiful PDF and a fraudulent one are, at the file level, the same kind of object.
The Edit Problem
The deeper issue is that PDFs are editable, and the edits leave no scar. A purity figure can be raised, a date moved, a lot reference swapped, and the resulting file looks exactly as legitimate as the original — because at the level of the document, it is the original, minus the truth. There is no internal mechanism that says “this value was changed.” The reader has no way to distinguish an untouched certificate from a doctored one by looking, because looking is precisely what the format optimizes and verifying is what it ignores.
Why “It Came From the Vendor” Settles Nothing
A common reassurance is that the PDF came straight from the seller, so it must be intact. But this collapses verification back into trust. The whole point of an independent certificate is to confirm quality without relying on the seller’s word, and “the seller sent it” is the seller’s word in another form. If the only thing standing behind the numbers is the source you were trying to verify, you have verified nothing. The chain of custody runs through the one party with a reason to inflate the result.
What a Standalone File Can Never Do
No amount of polish fixes this. Watermarks can be copied. Signatures can be pasted. A lab’s logo is an image anyone can lift. These add visual friction for lazy forgers and nothing for competent ones. The fundamental limitation is structural: a self-contained file cannot establish its own integrity, because any proof it carries can be altered alongside everything else. A document cannot be both the claim and the unforgeable evidence for the claim.
Closing the Gap
The gap closes only when verification moves outside the file. A cryptographically sealed certificate binds the report’s contents to a proof that can be checked against an independent source — one the vendor does not control. Change any value and the check fails, because the seal is computed from the data itself. This is the difference between a file that asks you to believe it and a record you can confirm.
This is why every Sirius batch is third-party tested and every certificate is sealed for independent verification. The PDF you see is still a convenient way to read the results — but it is no longer the thing you trust. The trust lives in the verifiable seal, not the pixels. If someone altered a figure, the document might still open and still look perfect, and verification would still fail. That failure is the feature.
The Reframe
Stop thinking of a certificate as a file you receive and start thinking of it as a claim you confirm. The PDF is the envelope. The verification is the letter. A vendor who hands you only the envelope and calls it proof either does not understand the difference — or is counting on the fact that you do not.
Verify, don’t trust. A file can be perfect and still be false. Only a check can tell them apart.
