
A qualified electronic timestamp carries a legal presumption of accuracy under eIDAS Art. 41(2) and ZertES Art. 11. Once issued by an accredited QTSP, the burden of proof shifts to whoever challenges the date, not to the creator to prove it.
When someone challenges the date you created something, the question is not what you know. It is what you can prove. A timestamp records a date and time. A qualified electronic timestamp carries a legal presumption that the date is accurate, backed by statute and issued by an accredited trust service provider (QTSP).
The difference is not technical detail. It is the difference between an assertion and a certified fact that courts are required to treat as accurate unless disproved.
Every digital file carries timestamps. Operating systems record when files were created, modified, and accessed. Email servers log send and receive times. Cloud storage platforms show upload dates. These records are convenient. They are not reliable evidence.
File system timestamps can be modified with any hex editor or file attribute tool. Email headers can be spoofed at multiple points in transmission. Cloud platform timestamps depend on the platform's own systems, which are outside your control. A skilled opposing party can challenge all of these records, and courts have consistently found that none of them carries legal presumption.
For a timestamp to carry legal weight, it must come from a source independent of you, technically verifiable by any third party, and accredited by a recognised authority. That is what qualification means.
EU Regulation 910/2014 (eIDAS), Article 42(1), defines precisely what makes an electronic timestamp qualified. Four conditions must all be met:
(a) The date and time are bound to the data in a way that makes any subsequent modification detectable.
(b) The binding is based on an accurate time source linked to Coordinated Universal Time (UTC).
(c) The data is signed using an advanced electronic signature or seal of the qualified trust service provider.
(d) The time source meets the accuracy requirements set by the European Telecommunications Standards Institute (ETSI EN 319 422).
In practice, these conditions are implemented through RFC 3161, the Internet X.509 Public Key Infrastructure Time-Stamp Protocol. A SHA-256 cryptographic hash of your document is computed and submitted to the QTSP's secure time source. The QTSP returns a signed response binding the hash to a certified time. Any change to the original document after this point produces a different hash, making the alteration immediately detectable when the certificate is verified.
eIDAS Article 41(2) states that a qualified electronic timestamp "shall enjoy the legal presumption of accuracy of the date and the time indicated in that timestamp and the integrity of the data to which the date and time are bound."
This has a precise practical consequence. Without a qualified timestamp, if you claim to have created something on a particular date, you must prove that claim to the court's satisfaction. With a qualified timestamp, the court presumes the recorded date is accurate. The party disputing the date must prove the certification authority was wrong.
Proving an accredited QTSP's timestamp is incorrect requires showing that the authority's certified time source was inaccurate, its cryptographic systems were compromised, or its accreditation process failed. No court has accepted such an argument against a properly accredited QTSP.
Switzerland is not an EU member state and eIDAS does not apply directly in Swiss proceedings. The Swiss federal law on certification services, ZertES (SR 943.03), provides an equivalent framework. Article 11 of ZertES defines the requirements for a qualified electronic timestamp in Swiss law and establishes the same presumption of accuracy for timestamps issued by BAKOM-accredited providers (known as ZDA).
The Swiss Federal Supreme Court confirmed this in BGE 144 III 97 (2018). ZertES-qualified timestamps carry automatic court admissibility in Switzerland. A Swiss court treats a qualified timestamp from an accredited provider the same way an EU court treats one under eIDAS: the recorded date is presumed correct, and the challenger bears the burden of rebuttal.
Consider a dispute over who created something first, without a qualified timestamp. Both parties present their evidence. File dates, email records, screenshots, version histories. The court weighs competing accounts. The outcome depends on whose story is better supported by circumstantial evidence.
With a qualified timestamp, the dynamic is different. One party presents a certificate from an accredited QTSP, establishing a cryptographically verified creation date that the court is required to presume accurate. The other party must now rebut a certified fact, not match testimony against testimony.
The burden does not disappear. It shifts. Before a qualified timestamp, the creator must prove the date. After a qualified timestamp, whoever disputes the date must disprove the certificate. That is a fundamentally different legal position.
Swiss Trust Layer issues qualified timestamps through Swisscom Trust Services. Swisscom is simultaneously a BAKOM-accredited ZDA under ZertES and a QTSP listed on the EU Trust List under eIDAS. A document sealed through Swiss Trust Layer satisfies both frameworks with a single action.
The process takes under two minutes. Upload your document. A SHA-256 hash is computed. The hash is submitted to Swisscom's secure time source. You receive a PAdES-compliant certificate containing the hash, the certified timestamp, the issuer chain, and your account identity. The document itself is never stored. The certificate is publicly verifiable at swisstrustlayer.com/validate by any third party, without login.
To find out how many of your organisation's documents carry unprotected creation risk and what a dispute could cost, use the IP Exposure Calculator.
See also: eIDAS qualified timestamp protection · ZertES in Switzerland
Protect your work with Swiss Trust Layer AG
Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.
Book a Free Demo