Compliance8 min readNov 28, 2024

eIDAS Qualified Timestamps: Ensuring Legal Validity of Your E-Invoices

How qualified timestamps under eIDAS regulation provide legally binding proof of document integrity and timing across all EU member states.

eIDASLegalTimestampsEU
SL

Sophie Laurent

Legal Counsel

Share:

What is eIDAS?

The eIDAS Regulation (EU 910/2014) creates a single market for electronic trust services. For e-invoicing archiving, the most critical component is the Qualified Electronic Time Stamp (QTS).

A QTS binds a document to a specific time, providing evidence that:

  • 1 The document existed at that time.
  • 2 The document has not been altered since (Integrity).

    • Qualified vs. Non-Qualified

    Only a Qualified timestamp enjoys the presumption of accuracy in all EU courts. Non-qualified timestamps must have their reliability proven by the user.

    Legal Effect across the EU

    Article 41 of eIDAS states:
    "An electronic time stamp shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form..."
    Article 42 adds:
    "A qualified electronic time stamp shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound."

    This reverses the burden of proof. If a tax auditor claims you altered an invoice, they must prove the timestamp is fake (which is cryptographically nearly impossible).

    How to Verify a Timestamp

    Verification should be independent of the service provider. You can verify eIDAS tokens (RFC 3161) using standard tools like OpenSSL.

    Step 1: Extract the timestamp token

    Save the timestamp token (usually a .tsr or .p7s file) and the original invoice (invoice.xml).

    Step 2: Verify with OpenSSL

    Use the following command to check the integrity: 
    openssl ts -verify \
  -data invoice.xml \
  -in timestamp.tsr \
  -CAfile GlobalSignCA.pem \
  -untrusted intermediate.pem
    Output: 
    Verification: OK

    If the document was changed by even one bit, the output will be Verification: FAILED.

    How Peppol Archive Uses eIDAS

    We abstract this complexity for you.

  • 1 Ingest: As soon as an invoice arrives from the Peppol network, we calculate its SHA-256 hash.
  • 2 Sign: We send this hash to an EU Qualified Trust Service Provider (QTSP).
  • 3 Seal: The QTSP returns a token, which we store alongside your invoice.
  • 4 Audit: You can download the "Verification Package" at any time to prove compliance to an auditor independently of our platform.

    • Ready to simplify your archiving?

    Start your 30-day free trial. No credit card required. Full EU compliance from day one.

    Start Free Trial

    Related Articles

    View all articles
    Digital Invoice Archiving Belgium PEPPOL: Top Benefits for SMEs (and the Wider EU)
    Compliance15 min read

    Digital Invoice Archiving Belgium PEPPOL: Top Benefits for SMEs (and the Wider EU)

    For Belgian SMEs racing to meet the 1 January 2026 B2B e-invoicing mandate, digital invoice archiving has moved from 'nice to have' to mission-critical. Learn how archiving fits the PEPPOL ecosystem, what Belgian and EU law require, and the tangible benefits SMEs can expect.

    Understanding the EU E-Invoicing Directive: What You Need to Know in 2024
    Compliance8 min read

    Understanding the EU E-Invoicing Directive: What You Need to Know in 2024

    The EU Directive 2014/55/EU has transformed how businesses handle invoices. Learn what compliance means for your organization and how to prepare for upcoming changes.

    10-Year Document Retention: Meeting Belgian Compliance Requirements
    Compliance9 min read

    10-Year Document Retention: Meeting Belgian Compliance Requirements

    A deep dive into Belgium's document retention laws and how automated archiving solutions help businesses stay compliant effortlessly.

    Back to all articles