An EU diplomat is drafting a secure communication strategy for a mission in a high-risk region. The strategy must ensure the integrity and authenticity of official documents while complying with EU standards for digital identity and trust services. According to the regulatory framework governing trust services in the EU, which of the following actions BEST ensures that a recipient can cryptographically verify the origin and integrity of a digital document without relying on a centralized database of revocation statuses at the exact moment of signing? A) Using a cloud-based storage service that automatically encrypts all files upon upload. B) Applying a qualified electronic signature (QES) based on a qualified certificate issued by a trust service provider. C) Utilizing a digital rights management (DRM) system to restrict access to the document. D) Encrypting the document with a password shared via a separate secure channel. E) Storing the document on a decentralized blockchain ledger to prove its existence.