Electronic Timestamp
(QTimestamp)

Discover how you can use an electronic timestamp to prove that digital data or documents existed at a specific time and date and have not been altered since the moment of signing.

What is an electronic time stamp?

An electronic time stamp is a digital way to prove that a certain electronic document or digital data existed at a specific time and has not been changed. Important characteristics of an eIDAS time stamp are:

Time and content recording: A time stamp indicates the exact time at which the document was recorded and is linked to the specific content of the document.
Authenticity and integrity: An electronic time stamp shows that the document is authentic (not changed since the time of stamping).

The electronic time stamp is often used in combination with other electronic trust services such as an electronic signature or seal.

Which electronic time stamps do exist?

An electronic time stamp comes in two forms.

1. Advanced electronic time stamp:

Uses encryption technology to create the time stamp and is linked to a unique identifier of the document or data.
Ensures that the content of the document or data has not been altered since the time stamp was placed.
The time stamp is placed by a trusted authority or system, but does not have to be issued by a qualified service provider.

2. Qualified electronic time stamp (QTimestamp)

The time stamp is issued by a qualified trust service provider (QTSP).
The time stamp is accurate and synchronized with a reliable time source.
Legally recognized method in all EU member states to establish the existence at a specific time and integrity of the digital document or data.

What are the most important advantages of an electronic time stamp?

Efficiency: Automates processes such as registration, verification, and archiving. Supports digital workflows, such as electronic signatures and archiving processes.
Security: Using QTSP ensures a high level of security and trust.
Cost savings: Reduces the need for paper documentation and physical stamps.
Compliance: Electronic time stamps help organizations meet regulatory compliance.
Legal validity: The eIDAS regulation stipulates that a qualified electronic time stamp has legal value and is recognized in all EU member states.
Verifiability: Anyone can independently verify that the time stamp is correct and valid without access to the content of the document.

What does the eIDAS trust service qualified electronic time stamp (QTimestamp) look like?

Qualified time stamps are often used in situations where time-based evidence is essential, such as:

Signing digital contracts.
Financial transactions and audits.
Electronic archiving of documents.

The characteristics of a qualified electronic time stamp)

Reliable time source: The time is accurately synchronized with a recognized time source (Network Time Protocols (NTP) or Global Navigation Satellite Systems (GNSS)).
Qualified certification: The time stamp is legally valid in all EU member states thanks to the certification of the QTSP.
Non-repudiation: Proves that a document or data existed at a specific point in time and has not been modified.
Legal value: The time stamp enjoys the legal presumption of correctness and integrity, making it suitable for legal and commercial applications

The components of a qualified electronic time stamp

Unique timestamp identification: Each timestamp contains a unique serial number or identifier, so that it cannot be confused with other timestamps.
Data hash: A cryptographic hash of the document or data to which the timestamp applies. This ensures that the content has not been modified since the timestamp.
Time stamp: The exact time in UTC (Coordinated Universal Time) based on a reliable and synchronized time source.
Trust Service Provider Certificate (QTSP): The timestamp is issued by a (qualified) trust service provider. The certificate contains data about the identity of the provider.
Digital signature: The timestamp is digitally signed by the (Q)TSP to guarantee authenticity. This signature is verified with a publicly available certificate.
Timestamp algorithm: Indication of the cryptographic algorithm used (such as SHA-256 or SHA-512) and the corresponding key size.
Security Parameters: Information about the lifetime of the timestamp (e.g. the validity of the signature and certificates).

How the qualified electronic time stamp works in practice

Generating a timestamp: A trusted time stamping service (Qualified Trust Service Provider) generates a qualified timestamp. The QTSP uses a secure source to verify the time.
Linking a timestamp to a digital document: A cryptographic signature is added to the electronic document (or digital data), including the timestamp and a hash (digital fingerprint).
Verification: Any modification to the document after the timestamp is applied is detectable.

Which ETSI standards must the eIDAS trust service QTimestamp comply with?

Below you will find an overview of the most important ETSI standards that an eIDAS-compliant Qualified Electronic Time Stamp (QTimestamp) must comply with.

1. General standard for trust services

ETSI EN 319 401: “General Policy Requirements for Trust Service Providers”
- Defines the general requirements that a Trust Service Provider (TSP) must comply with.
- Includes requirements for security management, operational procedures and audit requirements.

2. Standards for time stamps and TSAs

ETSI EN 319 421: “Policy and security requirements for Trust Service Providers issuing Time-Stamps”
- Contains the requirements for creating and setting time stamps.
- Focuses on the reliability and security of the systems and processes surrounding the creation and setting of time stamps.
ETSI EN 319 422: “Time-stamping protocol and time-stamp token profiles”

Additional specifications and security requirements

Depending on the design and setup of the trust service, the above standards will refer to various technical specifications and/or additional security requirements. Examples of these are:

ETSI TS 119 312: "Cryptographic Suites for Secure Electronic Signatures, Seals and Time Stamps"
- This standard specifies the cryptographic algorithms and parameters that must be used for electronic signatures, seals and time stamps to ensure the required security levels.

Electronic Timestamp (QTimestamp)