Admissible digital evidence: what safeguards should be required in the event of a dispute?

Your organisation retains hundreds of electronic documents: contracts executed online, email correspondence with business partners, electronic invoices. But when a dispute arises, will these materials carry evidential weight before the court? The answer depends entirely on the safeguards put in place at the time the documents were created, not at the point when proceedings are commenced. Digital evidence cannot be assembled retrospectively; it must be anticipated and structured in advance. French law, reinforced by the European eIDAS Regulation[1], sets out specific requirements that must be met for an electronic document to be legally admissible and enforceable against the opposing party.

Key points on admissible digital evidence

• An electronic record has the same evidential weight as a paper document, subject to certain conditions.
• Two fundamental requirements apply: identification of the author and integrity of the document.
• The eIDAS Regulation grants a presumption of reliability to qualified electronic signatures, timestamps and seals.
• The admissibility of evidence must be addressed in advance, not at the point when a dispute arises.
• Using a Qualified Trust Service Provider (QTSP) strengthens the legal standing of digital evidence.

What constitutes legally admissible digital evidence?

Digital evidence refers to any material created or retained through an electronic process and capable of being produced before a court. Emails, instant messages, dematerialised documents, electronically signed files and transaction data: the range is extensive and continues to expand as professional exchanges become increasingly digital.

Each Member State of the European Union applies its own rules of evidence. Some jurisdictions recognise a broad freedom of proof, while others impose more formal requirements for legal acts. Against this backdrop, the eIDAS Regulation provides a harmonised framework by establishing safeguards that are recognised throughout the European Union.

The principle is clear: an electronic document cannot be rejected as evidence solely because it is in digital form. That recognition is not, however, automatic. It is subject to two core conditions being satisfied: the reliable identification of the person from whom the document originates, and assurance of the document’s integrity over time.

What are the validity requirements for electronic evidence?

The eIDAS Regulation structures these requirements around two pillars: establishing who issued the document and ensuring that it has not been altered. Together, these two conditions determine the evidential weight that a court will attribute to digital evidence.

Reliable identification of the issuer (authenticity)

The first requirement set out in Article 1366 of the French Civil Code concerns authentication of the document’s origin. The court must be able to determine with certainty who created or validated the item produced as evidence. In the absence of such assurance, the opposing party may legitimately challenge authorship of the document and call into question its entire content.

Several mechanisms may be used to ensure this identification:

• Electronic signatures are the most common mechanism: they identify the signatory and evidence their consent to the obligations arising from the instrument.
• Electronic seals serve a similar function for legal persons, by guaranteeing the origin and integrity of documents issued by an organisation.
• Strong authentication, combining several verification factors, further reinforces these mechanisms.

Guaranteed integrity of the document (non-alteration)

The second condition concerns the preservation of the document in circumstances that ensure it has not been altered. A file that remains editable and is stored without specific safeguards may always be suspected of manipulation. The court requires technical assurance before it can place reliance on digital evidence.

• Qualified timestamping plays a decisive role here, as it certifies the existence of a document at a specific and certified point in time.
• A digital fingerprint (hash) makes it possible to detect any subsequent modification of the file.
• Electronic archiving with evidential value, compliant with NF Z42-013, ensures long-term preservation under conditions that are legally enforceable.

What the eIDAS Regulation provides

The European eIDAS Regulation harmonises the rules applicable to digital trust services across the European Union. Two provisions are of particular relevance.

Article 25 provides that an electronic signature cannot be refused as evidence in legal proceedings solely on the ground that it is in electronic form. A qualified electronic signature benefits from legal equivalence with a handwritten signature.

Article 35 grants a qualified electronic seal a presumption of data integrity and of the accuracy of the data’s origin. This presumption significantly eases the burden of proof for the organisation relying on it.

These provisions apply in all Member States, conferring automatic cross-border recognition on documents secured in this manner.

What should be checked before collecting digital evidence?

Waiting until litigation arises to consider the validity of digital evidence is rarely an effective approach. Legal reliability must be established in advance, through a systematic review of the safeguards in place.

Whether you rely on an internal system or engage an external provider, the control points remain the same. The table below summarises the safeguards that should be required and how they should be implemented.

Elements to verify	Why it matters	How to implement it
Document integrity	Demonstrates that the content has not been altered since its creation	Digital fingerprint (hash), electronic sealing
Certified timestamping	Establishes the date and time of creation with legal effect	Use of a qualified eIDAS-compliant timestamping service
Authentication of the issuer	Enables the origin of the document to be identified with certainty	Qualified electronic signature or seal
Action traceability	Reconstructs the history of actions performed on the document	Time–stamped audit logs
Long-term preservation	Ensures access to and readability of the document for the required statutory retention period	Archiving compliant with NF Z42-013
eIDAS compliance	Secures legal recognition across the European Union	Use of a provider listed on a national trusted list

How should digital evidence be used in the event of a dispute?

The burden of proof varies depending on the level of electronic signature used. Where a simple electronic signature is relied upon, it is for the party invoking it to demonstrate the reliability of the process. By contrast, with a qualified electronic signature, the burden is reversed: it is for the party challenging the evidence to prove that the device was not reliable. This distinction has significant implications for litigation strategy.

Presentation to the court generally relies on the evidence file generated by the trust service provider. This file sets out all relevant technical elements, including:

• the identity of the signatories,
• timestamping information,
• the certificates used,
• the history of actions performed.

The more complete and intelligible this file is, the better equipped the court will be to assess the reliability of the evidence.

Recourse to an independent trusted third party further strengthens the credibility of the approach. An online evidence recording, for example, makes it possible to capture the state of a website or an exchange at a specific point in time, with enhanced evidential weight.

Anticipation remains key: preparing evidence that is “ready for use” before any dispute arises helps avoid last-minute challenges and unwelcome surprises.

How should a qualified trust service provider be selected?

Holding the status of Qualified Trust Service Provider (QTSP) within the meaning of the eIDAS Regulation is the first criterion to be considered. This status confirms that the provider has been audited and entered on a national trusted list. In France, that list is published and maintained by ANSSI.

Contractual provisions also warrant close scrutiny. Service level commitments (SLAs), the allocation of responsibilities in the event of service failure, and the conditions under which evidence is preserved must be clearly defined. The retention period offered must align with the statutory obligations applicable to your sector of activity.

Finally, technical safeguards alone are insufficient if internal teams are not familiar with appropriate practices. Training staff on the legal and operational aspects of digital evidence represents a sound investment, helping to prevent handling errors that could undermine the legal standing of documents.

Anticipating the admissibility of electronic evidence

Admissible digital evidence is not established at the point when a dispute arises; it is built methodically from the moment the document is created. Identification of the issuer, assurance of integrity, certified timestamping and compliant archiving: each link in the chain contributes to the overall legal reliability of the evidence.

The regulatory framework is in place, and the technical tools are available. What remains is to implement the appropriate processes and to engage qualified partners. Solutions such as Evidency enable organisations to secure their digital evidence in compliance with applicable French and European legal requirements.

Sources

[1] Regulation (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS), as amended by Regulation (EU) No 2024/1183 of 11 April 2024 amending Regulation (EU) No 910/2014 as regards the establishment of the European framework for a digital identity (eIDAS 2).