As the threats related to deepfakes and cybersecurity are growing, the need for secure and reliable methods to verify the authenticity of electronic documents has become more critical than ever. Timestamping is one such method that allows individuals and organisations to prove that a particular electronic document existed at a specific time, and that it has not been altered since that time. When the timestamp is provided by a qualified eIDAS Trust Service Provider (TSP), this evidence is admissible before all courts in Europe and the UK.
Table of contents
- Introduction: definition of Timestamping
- Benefits of eIDAS qualified Timestamping
- What does eIDAS qualification involve for a timestamping authority?
- Why are authenticity and integrity so important?
- Why is it important to choose an eIDAS-qualified provider for Timestamping?
- Conclusion
Introduction: definition of Timestamping
Electronic timestamping is a process by which a precise date and time are attributed to an event (document, transaction, etc.), making it possible to prove its integrity and authenticity. The purpose of timestamping is to prove that an event took place at a specific time and that it has not been modified or altered.
Benefits of eIDAS qualified Timestamping
eIDAS qualified timestamping offers several benefits to legal and tech professionals. Some of the most notable benefits include:
Legal Validity
eIDAS qualified timestamps are legally valid and admissible in court as evidence of the existence and integrity of electronic documents.
Security
Timestamping provides a secure method to ensure that electronic documents are not tampered with or altered after they have been signed.
Traceability
eIDAS qualified timestamping provides a traceable record of when a document was signed and by whom, providing a clear audit trail.
Compliance
eIDAS qualified timestamping is compliant with EU regulations, ensuring that your business meets all legal requirements for electronic signatures and timestamps.
Cost-Effective
eIDAS qualified timestamping is a cost-effective way to ensure the authenticity and integrity of electronic documents, reducing the need for expensive physical storage and paper-based document management.
What does eIDAS qualification involve for a timestamping authority?
The European eIDAS Regulation
eIDAS (Electronic Identification, Authentication and Trust Services) is a regulation introduced by the European Union (EU) on 23 July 2014. It establishes a legal framework for secure and trustworthy electronic transactions within the EU. This regulation creates a harmonised set of rules for electronic identification, authentication, and trust services, enabling citizens, businesses, and public organisations to conduct cross-border online transactions more easily.
How to obtain eIDAS qualification?
The eIDAS qualification process involves a thorough evaluation of the timestamp authority’s systems and procedures to ensure they comply with the eIDAS regulation. The assessment covers areas such as security measures, data protection, and auditability, among others. If the authority meets the requirements, it receives a certificate that attests to the compliance of its systems and procedures with the eIDAS regulation.
eIDAS V2: The new regulation
The new eIDAS v2 regulation, passed on 29 February 2024 by the European Parliament, complements the first version of the regulation to address new needs arising from the increased use of online services.
The main objectives of this new version are as follows:
- New standards for advanced signatures and qualified remote signatures and seals
- Creation of new trust services, including an electronic archiving service
- Introduction of the concept of a digital wallet, allowing every European citizen to have a free, high-level European digital identity called the eID Wallet
Why are authenticity and integrity so important?
Integrity and authenticity are two critical legal concepts that are essential for the functioning of trust services.
Verify the integrity and authenticity of a document
Integrity refers to the property of data or information that ensures it has not been altered in any way. Authenticity, on the other hand, refers to the property of data or information that ensures it comes from a genuine source and has not been tampered with in any way.
Evidential value
In the context of eIDAS, integrity and authenticity play a crucial role in ensuring the security and trustworthiness of electronic transactions. For example, the eIDAS regulation mandates that electronic signatures must be created using a secure electronic signature creation device and must be based on a qualified certificate. These requirements help ensure the integrity and authenticity of the electronic signature, making it legally binding and admissible in court.
Why is it important to choose an eIDAS-qualified provider for Timestamping?
eIDAS qualification provides assurance that the electronic signatures, seals, and timestamps, provided by the timestamping authority, are authentic and cannot be tampered with. This assurance is crucial in electronic transactions where trust is a fundamental requirement.
Additionally, eIDAS certification is mandatory for timestamping authorities that provide qualified timestamps. Qualified timestamps are timestamps that provide the highest level of assurance and are admissible as evidence in court. To provide qualified timestamps, timestamping authorities must comply with the highest standards of security and auditability. eIDAS certification ensures that they meet these standards.
What is a Trusted Electronic Timestamping Service Provider according to eIDAS?
An eIDAS qualification is mandatory for trust service providers that offer qualified timestamping services. Qualified timestamps provide the highest level of assurance and are admissible as evidence in courts. To issue qualified timestamps, timestamping authorities must adhere to the most stringent standards for security and auditability. The eIDAS qualification ensures that they meet these standards.
Conclusion
In summary, eIDAS qualified timestamping is a digital process that ensures the integrity of electronic documents by guaranteeing their legal validity, security, and traceability. It involves the use of a trusted third party who employs advanced cryptographic techniques to generate a unique digital fingerprint for an electronic document, which is then encrypted and securely stored in a tamper-proof container known as a “timestamp token.” By using eIDAS qualified timestamping, legal and technology professionals can ensure the authenticity and integrity of electronic documents while complying with EU regulations.
Disclaimer
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.