‹ Back to articles

What is eIDAS Qualified Timestamping?

Reading time: 4 min
Publication date: 27 May 2024
Modification date: 18 June 2024

As the threats related to deepfakes and cybersecurity are growing, the need for secure and reliable methods to verify the authenticity of electronic documents has become more critical than ever. Timestamping is one such method that allows individuals and organisations to prove that a particular electronic document existed at a specific time, and that it has not been altered since that time. When the timestamp is provided by a qualified eIDAS Trust Service Provider (TSP), this evidence is admissible before all courts in Europe and the UK.

horodatage qualifié eidas

Table of contents

Introduction: definition of Timestamping

Electronic timestamping is a process by which a precise date and time are attributed to an event (document, transaction, etc.), making it possible to prove its integrity and authenticity. The purpose of timestamping is to prove that an event took place at a specific time and that it has not been modified or altered.

eIDAS qualified timestamping offers several benefits to legal and tech professionals. Some of the most notable benefits include:

Legal Validity

eIDAS qualified timestamps are legally valid and admissible in court as evidence of the existence and integrity of electronic documents.

Security

Timestamping provides a secure method to ensure that electronic documents are not tampered with or altered after they have been signed.

Traceability

eIDAS qualified timestamping provides a traceable record of when a document was signed and by whom, providing a clear audit trail.

Compliance

eIDAS qualified timestamping is compliant with EU regulations, ensuring that your business meets all legal requirements for electronic signatures and timestamps.

Cost-Effective

eIDAS qualified timestamping is a cost-effective way to ensure the authenticity and integrity of electronic documents, reducing the need for expensive physical storage and paper-based document management.

What does eIDAS qualification involve for a timestamping authority?

The European eIDAS Regulation

eIDAS (Electronic Identification, Authentication and Trust Services) is a regulation introduced by the European Union (EU) on 23 July 2014. It establishes a legal framework for secure and trustworthy electronic transactions within the EU. This regulation creates a harmonised set of rules for electronic identification, authentication, and trust services, enabling citizens, businesses, and public organisations to conduct cross-border online transactions more easily.

How to obtain eIDAS qualification?

The eIDAS qualification process involves a thorough evaluation of the timestamp authority’s systems and procedures to ensure they comply with the eIDAS regulation. The assessment covers areas such as security measures, data protection, and auditability, among others. If the authority meets the requirements, it receives a certificate that attests to the compliance of its systems and procedures with the eIDAS regulation.

eIDAS V2: The new regulation

The new eIDAS v2 regulation, passed on 29 February 2024 by the European Parliament, complements the first version of the regulation to address new needs arising from the increased use of online services.

The main objectives of this new version are as follows:

  • New standards for advanced signatures and qualified remote signatures and seals
  • Creation of new trust services, including an electronic archiving service
  • Introduction of the concept of a digital wallet, allowing every European citizen to have a free, high-level European digital identity called the eID Wallet

Integrity and authenticity are two critical legal concepts that are essential for the functioning of trust services.

Verify the integrity and authenticity of a document

Integrity refers to the property of data or information that ensures it has not been altered in any way. Authenticity, on the other hand, refers to the property of data or information that ensures it comes from a genuine source and has not been tampered with in any way.

Evidential value

In the context of eIDAS, integrity and authenticity play a crucial role in ensuring the security and trustworthiness of electronic transactions. For example, the eIDAS regulation mandates that electronic signatures must be created using a secure electronic signature creation device and must be based on a qualified certificate. These requirements help ensure the integrity and authenticity of the electronic signature, making it legally binding and admissible in court.

eIDAS qualification provides assurance that the electronic signatures, seals, and timestamps, provided by the timestamping authority, are authentic and cannot be tampered with. This assurance is crucial in electronic transactions where trust is a fundamental requirement.

Additionally, eIDAS certification is mandatory for timestamping authorities that provide qualified timestamps. Qualified timestamps are timestamps that provide the highest level of assurance and are admissible as evidence in court. To provide qualified timestamps, timestamping authorities must comply with the highest standards of security and auditability. eIDAS certification ensures that they meet these standards.

What is a Trusted Electronic Timestamping Service Provider according to eIDAS?

An eIDAS qualification is mandatory for trust service providers that offer qualified timestamping services. Qualified timestamps provide the highest level of assurance and are admissible as evidence in courts. To issue qualified timestamps, timestamping authorities must adhere to the most stringent standards for security and auditability. The eIDAS qualification ensures that they meet these standards.

Conclusion

In summary, eIDAS qualified timestamping is a digital process that ensures the integrity of electronic documents by guaranteeing their legal validity, security, and traceability. It involves the use of a trusted third party who employs advanced cryptographic techniques to generate a unique digital fingerprint for an electronic document, which is then encrypted and securely stored in a tamper-proof container known as a “timestamp token.” By using eIDAS qualified timestamping, legal and technology professionals can ensure the authenticity and integrity of electronic documents while complying with EU regulations.

Disclaimer

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

About the author

Stéphane Père
Stéphane is the Managing Director of Evidency. Formerly the Chief Data Officer at The Economist Group, he has over 20 years of international experience in the technology and media sectors.

Recommended
for you

eIDAS 2.0: Strengthening European Digital Identity

eIDAS 2.0: Strengthening European Digital Identity

With the rise of online interactions, ensuring the security of transactions and protecting digital identity is essential. In this context, the eIDAS 2.0 regulation positions itself as a key element in building a secure and harmonised European digital identity. This...