eIDAS Art. 41 · ZertES Qualified · From CHF 5

Prove You Wrote It First Cryptographic proof of code authorship

Seal source code, architecture documents, and API specifications with eIDAS Art. 41 qualified timestamps. Court-admissible proof of authorship that holds up in contractor disputes, investor due diligence, and open-source attribution — independent of your repository host.

Seal Your Codebase eIDAS Legal Basis

Why Software IP Needs Cryptographic Proof

Source code is valuable intellectual property — and it is routinely contested. AI companies train models on code without authorisation. Contractors claim authorship of work built on your proprietary foundations. Co-founders dispute who wrote the original architecture. Investors demand verifiable IP chain of custody before a Series A. In each of these scenarios, a git commit history alone is insufficient: it is mutable, hosted by a third party, and lacks independent legal standing.

Swiss Trust Layer applies a ZertES SR 943.03 and eIDAS Regulation EU 910/2014 qualified cryptographic seal to your code or documentation package. The resulting certificate is legally presumed authentic in all 27 EU member states (eIDAS Art. 41) and Swiss courts (ZertES Art. 14) — without requiring access to your repository or infrastructure. The seal proves the code existed in that exact state at that exact moment.

  • eIDAS Art. 41 — qualified timestamps are legally presumed accurate in all EU courts
  • ZertES Art. 14 — same presumption in Swiss courts under SR 943.03
  • Seal without exposing code — only the SHA-256 hash, never the source
  • Immutable certificate stored outside your repository — survives force pushes and repo transfers
  • Long-term validation (LTV) — evidence persists decades beyond certificate expiry
  • Berne Convention coverage — 181 countries recognise the copyright claim
eIDAS Art. 41· Seal Source Code: Copyright Proof Guide·AI Content Copyright & EU AI Act

Supported File Types

Swiss Trust Layer seals any file type by its cryptographic hash. Common software IP formats:

.zip / .tar.gzFull repository archives
.js / .tsJavaScript & TypeScript source
.pyPython source files
.rsRust source files
.solSolidity smart contracts
.pdfArchitecture & system design docs
.yaml / .jsonOpenAPI & GraphQL specs
Any formatBinary, WASM, compiled output

GitHub Workflow — Seal Without Leaving Your Terminal

A qualified seal takes under 60 seconds and integrates into any CI/CD pipeline. The certificate is stored independently of your repository — it cannot be altered by a force push or repository deletion:

01

Generate a local hash of your codebase

Run git archive HEAD | sha256sum or zip your release directory and hash it. The hash is computed locally — no code leaves your machine at this step. For monorepos, hash the subdirectory or module you want to protect independently.

02

Upload the hash and receive a qualified timestamp

Upload the hash (not the code) to Swiss Trust Layer. The platform submits it to Swisscom Trust Services — Switzerland's SAS-accredited QTSP — which applies a ZertES SR 943.03 and eIDAS Art. 41 qualified cryptographic timestamp in under 10 seconds.

03

Store the certificate outside your repository

Download the World Court Proof e-Seal certificate — a digitally signed PDF containing the hash, timestamp, QTSP certificate chain, and LTV data. Store it in your legal records, not your repo. This immutability is intentional: the certificate proves what existed at the moment of sealing regardless of subsequent repository changes.

Use Cases

Three high-stakes scenarios where a qualified code seal provides decisive legal protection:

Pre-release protection

Seal your codebase before publishing to npm, GitHub, or PyPI. If a competitor releases a near-identical library shortly after, the qualified timestamp establishes prior art with court-admissible precision — not just a commit date that could be disputed.

Contractor dispute proof

Seal code milestones at each deliverable handoff during a contractor or agency engagement. If ownership is later disputed — 'I wrote that independently' or 'you used my prior code' — the sealed milestones create a legally qualified chain of custody that settles the dispute without litigation.

VC due diligence — IP chain of custody

Show investors a verifiable, court-admissible IP provenance trail before a Series A or acquisition. Qualified seals on your core architecture and proprietary algorithms demonstrate that the IP was created by your team, at the dates claimed, with zero dependence on investor goodwill toward your version control history.

Pricing

Per-document pricing — no subscriptions required for occasional sealing. Volume plans available for CI/CD pipelines.

Per document
CHF 5per seal
  • ZertES SR 943.03 + eIDAS Art. 41 qualified timestamp
  • Swisscom Trust Services QTSP signature
  • World Court Proof e-Seal certificate (PDF)
  • Long-term validation (LTV) data included
  • Public verification — no login required to verify
  • Downloadable certificate stored independently of your repo
Create Account Book a Demo

Frequently Asked Questions

Does sealing source code expose the codebase?

No. Swiss Trust Layer seals the cryptographic hash (SHA-256 fingerprint) of your source code or archive — not the code itself. The platform never receives, stores, or reads the original files. You may seal a .zip or .tar.gz of your repository locally, upload only the hash, and receive a certificate that proves the code existed in that exact state at the sealed timestamp — without exposing any line of code.

Is a sealed timestamp enough to win a code authorship dispute?

A ZertES SR 943.03 and eIDAS Art. 41 qualified timestamp creates a legally presumed-authentic record of your code's existence and state at a specific point in time. Under eIDAS Art. 41, qualified electronic time stamps are presumed to be accurate in all EU member state courts. Under ZertES Art. 14, the same presumption applies in Swiss courts. In contractor disputes, investor due diligence, and open-source attribution cases, the sealed certificate shifts the burden of proof: the opposing party must disprove a legally qualified record.

How does sealing work with GitHub or GitLab?

Git commit hashes prove internal history but are mutable — force pushes, repository transfers, and forks can alter or erase them. A Swiss Trust Layer seal is stored externally and independently of your repository. You generate a SHA-256 hash of your codebase locally, seal that hash, and store the certificate separately. The certificate cannot be altered retroactively — it remains valid evidence regardless of what happens to the repository.

Which file types can be sealed?

Any file type can be sealed — Swiss Trust Layer operates on the cryptographic hash, not the file format. Common software IP sealing use cases include: .zip and .tar.gz repository archives, individual .js, .ts, .py, .rs, .sol source files, PDF architecture documents and system design specs, OpenAPI and GraphQL specification files (.yaml, .json), and compiled binaries or WASM modules for versioning.

Establish prior art before you publish

A qualified code seal takes under 60 seconds and costs CHF 5. The certificate it produces is court-admissible in 27 EU member states, Swiss courts, and 181 Berne Convention countries.

Create Account Book a Demo