What a qualified timestamp is, and why it reverses the burden of proof
Legal

What a qualified timestamp is, and why it reverses the burden of proof

A qualified electronic timestamp carries a legal presumption of accuracy under eIDAS Art. 41(2) and ZertES Art. 11. Once issued by an accredited QTSP, the burden of proof shifts to whoever challenges the date, not to the creator to prove it.

P
Philipp Stuppnik· Legal Compliance Specialist
·July 11, 2026· 7 min read

When someone challenges the date you created something, the question is not what you know. It is what you can prove. A timestamp records a date and time. A qualified electronic timestamp carries a legal presumption that the date is accurate, backed by statute and issued by an accredited trust service provider (QTSP).

The difference is not technical detail. It is the difference between an assertion and a certified fact that courts are required to treat as accurate unless disproved.

Why Ordinary Timestamps Do Not Hold Up

Every digital file carries timestamps. Operating systems record when files were created, modified, and accessed. Email servers log send and receive times. Cloud storage platforms show upload dates. These records are convenient. They are not reliable evidence.

File system timestamps can be modified with any hex editor or file attribute tool. Email headers can be spoofed at multiple points in transmission. Cloud platform timestamps depend on the platform's own systems, which are outside your control. A skilled opposing party can challenge all of these records, and courts have consistently found that none of them carries legal presumption.

For a timestamp to carry legal weight, it must come from a source independent of you, technically verifiable by any third party, and accredited by a recognised authority. That is what qualification means.

eIDAS Article 42: The Four Conditions

EU Regulation 910/2014 (eIDAS), Article 42(1), defines precisely what makes an electronic timestamp qualified. Four conditions must all be met:

(a) The date and time are bound to the data in a way that makes any subsequent modification detectable.

(b) The binding is based on an accurate time source linked to Coordinated Universal Time (UTC).

(c) The data is signed using an advanced electronic signature or seal of the qualified trust service provider.

(d) The time source meets the accuracy requirements set by the European Telecommunications Standards Institute (ETSI EN 319 422).

In practice, these conditions are implemented through RFC 3161, the Internet X.509 Public Key Infrastructure Time-Stamp Protocol. A SHA-256 cryptographic hash of your document is computed and submitted to the QTSP's secure time source. The QTSP returns a signed response binding the hash to a certified time. Any change to the original document after this point produces a different hash, making the alteration immediately detectable when the certificate is verified.

The Legal Presumption: eIDAS Article 41(2)

eIDAS Article 41(2) states that a qualified electronic timestamp "shall enjoy the legal presumption of accuracy of the date and the time indicated in that timestamp and the integrity of the data to which the date and time are bound."

This has a precise practical consequence. Without a qualified timestamp, if you claim to have created something on a particular date, you must prove that claim to the court's satisfaction. With a qualified timestamp, the court presumes the recorded date is accurate. The party disputing the date must prove the certification authority was wrong.

Proving an accredited QTSP's timestamp is incorrect requires showing that the authority's certified time source was inaccurate, its cryptographic systems were compromised, or its accreditation process failed. No court has accepted such an argument against a properly accredited QTSP.

ZertES Article 11: The Swiss Framework

Switzerland is not an EU member state and eIDAS does not apply directly in Swiss proceedings. The Swiss federal law on certification services, ZertES (SR 943.03), provides an equivalent framework. Article 11 of ZertES defines the requirements for a qualified electronic timestamp in Swiss law and establishes the same presumption of accuracy for timestamps issued by BAKOM-accredited providers (known as ZDA).

The Swiss Federal Supreme Court confirmed this in BGE 144 III 97 (2018). ZertES-qualified timestamps carry automatic court admissibility in Switzerland. A Swiss court treats a qualified timestamp from an accredited provider the same way an EU court treats one under eIDAS: the recorded date is presumed correct, and the challenger bears the burden of rebuttal.

The Burden Reversal

Consider a dispute over who created something first, without a qualified timestamp. Both parties present their evidence. File dates, email records, screenshots, version histories. The court weighs competing accounts. The outcome depends on whose story is better supported by circumstantial evidence.

With a qualified timestamp, the dynamic is different. One party presents a certificate from an accredited QTSP, establishing a cryptographically verified creation date that the court is required to presume accurate. The other party must now rebut a certified fact, not match testimony against testimony.

The burden does not disappear. It shifts. Before a qualified timestamp, the creator must prove the date. After a qualified timestamp, whoever disputes the date must disprove the certificate. That is a fundamentally different legal position.

Swiss Trust Layer and Swisscom Trust Services

Swiss Trust Layer issues qualified timestamps through Swisscom Trust Services. Swisscom is simultaneously a BAKOM-accredited ZDA under ZertES and a QTSP listed on the EU Trust List under eIDAS. A document sealed through Swiss Trust Layer satisfies both frameworks with a single action.

The process takes under two minutes. Upload your document. A SHA-256 hash is computed. The hash is submitted to Swisscom's secure time source. You receive a PAdES-compliant certificate containing the hash, the certified timestamp, the issuer chain, and your account identity. The document itself is never stored. The certificate is publicly verifiable at swisstrustlayer.com/validate by any third party, without login.

To find out how many of your organisation's documents carry unprotected creation risk and what a dispute could cost, use the IP Exposure Calculator.

See also: eIDAS qualified timestamp protection · ZertES in Switzerland

Protect your work with Swiss Trust Layer AG

Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.

Book a Free Demo

Related Articles

For Swiss fiduciaries: when a signed filing must be qualified to be valid
legal

For Swiss fiduciaries: when a signed filing must be qualified to be valid

Swiss law requires a qualified electronic signature for real estate transfers, consumer credit agreements, and guarantees above CHF 2,000. Treuhand firms that use an advanced signature for these acts risk filing an invalid document on behalf of their clients.

July 12, 2026Read more →
Is an Electronic Signature Legally Binding in Switzerland?
eSignature & Law

Is an Electronic Signature Legally Binding in Switzerland?

In Switzerland, the answer depends on which type of electronic signature you used. Only a QES under ZertES Art. 11 satisfies the written form requirement for contracts where Swiss law requires a handwritten equivalent.

July 9, 2026Read more →
Advanced vs Qualified Electronic Signature: The Differences That Matter
eSignature & Law

Advanced vs Qualified Electronic Signature: The Differences That Matter

DocuSign is AES. Swiss Trust Layer is QES. The difference is not just technical. It determines whether your signed contract holds up in court under Swiss and EU law.

July 9, 2026Read more →
What Is a Qualified Electronic Signature (QES)?
eSignature & Law

What Is a Qualified Electronic Signature (QES)?

A qualified electronic signature (QES) is the only e-signature type that carries the same legal weight as a handwritten signature under eIDAS Art. 25(2) and ZertES Art. 11. Here is what that means in practice.

July 9, 2026Read more →
eIDAS vs ZertES: How EU and Swiss Electronic Signature Law Differ
eSignature & Law

eIDAS vs ZertES: How EU and Swiss Electronic Signature Law Differ

eIDAS governs electronic signatures in the EU. ZertES governs them in Switzerland. Both use the same three-tier structure, but mutual recognition is not automatic. Here is what that means for cross-border contracts.

July 9, 2026Read more →