PEC in court: legal weight, challenges and source-level certification

Every day, thousands of law firms, businesses and public administrations in Italy use Posta Elettronica Certificata (PEC) to exchange correspondence with the legal weight of a registered letter. PEC is the standard infrastructure for legally relevant communications across the country, integrated into the civil telematic process and into dealings with public authorities. Since the European recognition of PEC as a Qualified Electronic Registered Delivery Service under eIDAS Regulation EU 910/2014, its presumptions of integrity, sender and recipient identification, and accurate timestamping now extend across the EU.

The picture changes the moment a PEC enters a courtroom. Opposing counsel can challenge the authenticity of the message, the integrity of the attachments, the identification of who actually clicked "send" and even whether the file produced as evidence matches the file actually transmitted. Recent Italian Supreme Court rulings, from Cassazione SS.UU. 28452/2024 through 2025 case law, have clarified that PEC produces full probative value only under precise conditions and that several attack lines remain available to the defending party.

The operational answer is unambiguous: the legal weight of a PEC in court depends less on the transport protocol and far more on how the content was certified at the source. PEC certifies that a message was delivered into a mailbox; it does not certify the authenticity of what is attached to that message. Building a defensible record requires combining PEC with source-level certification of every attachment: forensically captured content, sealed by a qualified Trust Service Provider (QTSP) with a qualified electronic timestamp. This guide walks through what PEC actually proves, where contestation typically lands, and how to make attachments admissible before they are ever sent.

What PEC actually proves and what it does not

PEC, in itself, is not proof of content. It is a qualified electronic registered delivery service that attests to the exchange of a message between two qualified mailboxes. Understanding what falls inside its evidentiary perimeter, and what falls outside, is the first step in building a courtroom strategy that holds up.

What PEC guarantees: certified date, sender, delivery receipt

Italian PEC, qualified as a Qualified Electronic Registered Delivery Service (QERDS) under AgID's eIDAS framework, benefits from three statutory presumptions: integrity of the data transmitted, identification of sender and recipient, and accuracy of the timestamps issued by the service. Operationally this translates into three documentary artefacts: the acceptance receipt (issued by the sender's PEC manager), the delivery receipt (RdAC, issued by the recipient's PEC manager) and the qualified timestamp applied by the system. Italian case law treats this combination as functionally equivalent to a registered letter with return receipt for the purpose of proving delivery and the moment of perfection.

What PEC does not guarantee: attached content, author identity, file integrity at origin

PEC certifies that a message was delivered to a mailbox at a given instant. It does not certify who physically clicked "send" (which may not be the mailbox holder), it does not certify that the attached file is authentic or original, and it does not certify that the file content was untouched before being attached. Italian doctrine and Supreme Court rulings, summarised by Agenda Digitale's review of recent Cassazione decisions, classify a PEC email, including its attachments, as a "mechanical reproduction" within the meaning of Article 2712 of the Italian Civil Code: it constitutes full proof only if the opposing party does not deny its conformity to the represented facts. In other words, PEC is a certified channel, but the content it carries is not made immutable by the mere fact of having travelled through it.

The difference between the PEC envelope and the attached content

In litigation it is essential to separate two layers. The PEC "envelope": receipts, qualified timestamp, manager logs: describes the transmission. The attached "content": PDFs, images, videos, signed documents: represents the substantive evidence. The probative regime differs sharply. The envelope enjoys the eIDAS presumptions described above. The attachment is an electronic document that, if unsigned and uncertified at the source, falls within Article 2712 territory and remains contestable. As a rule, courtroom challenges do not target the envelope; they target the attachment and what it claims to represent.

Denial and challenges in court: the four typical fronts

When a PEC is filed in court, opposing counsel typically attacks on four recurring fronts. Mapping them in advance allows the producing party to design the evidence so each attack line is closed before the dispute begins.

Denial under Article 2712 of the Italian Civil Code: timeliness and specificity

Denial under Article 2712 of the Italian Civil Code is the primary tool to strip a digital reproduction of its full evidentiary force. Recent case law summarised by LexCED has clarified that valid denial must be timely (raised at the first opportunity, in the first defence brief), specific (never generic or "wholesale") and explicit (with precise indication of the differential elements between the produced copy and the original). When these three requirements are met, the reproduction loses its full-proof status and degrades to a simple presumption that the judge may evaluate freely. The evidence is then weighed case by case, losing the locked probative value that the producing party had assumed.

Challenging the integrity of the attachment

A frequent attack line is to argue that the attachment produced in court does not match the attachment actually transmitted via PEC. The risk increases when the file is later converted (a JPEG photo presented as a printable PDF, a video extracted into still frames). Without a hash function computed on the original file, a qualified electronic timestamp and a documented chain of custody, it is technically possible to alter the content while preserving the original PEC message. As commentary on diritto.it on PEC notification reaffirms, transport integrity does not equate to content integrity: they sit on independent planes governed by different evidentiary rules.

Contesting the identity of the actual sender

PEC binds a message to a mailbox, not to a natural person. Especially in corporate settings (mailboxes shared across users, secretaries, automated services), opposing counsel can argue that whoever physically clicked "send" was not the mailbox holder or the declarant. Without a digital signature on the attached document or a strong authentication mechanism applied at the moment of content creation, attribution to a specific subject remains contestable. This is particularly delicate for instruments that demand an identified signatory: powers of attorney, declarations in lieu of affidavit, communications with confessory effect.

Format and proof of delivery: the full-mailbox case and missing eml

The Joint Sections of the Italian Supreme Court ruling 28452/2024 clarified that PEC notification is not perfected without a delivery receipt, even where non-delivery depends on the recipient (such as a full mailbox). On the parallel question of file format, PCT case law and commentary have confirmed that proof of telematic notification must be filed using the original .eml or .msg receipts, not PDF copies generated by scanning or printing. Parties who keep only screenshots or printouts of PEC receipts risk having the proof of transport ruled inadmissible.

How to certify a PEC attachment at the source: process and standards

The structural answer to all four challenges above does not lie in the PEC channel: it lies in the quality of the content at the moment of its creation. The operating rule is straightforward: certify every attachment that may become evidence in court before it is ever inserted into a PEC. This means applying a forensic methodology to each individual file: integrity-preserving capture, cryptographic hash computation, qualified electronic seal and qualified timestamp, plus chain-of-custody documentation.

The four evidentiary requirements of a defensible attachment

A truly defensible attachment, once placed inside a PEC, should meet four minimum requirements. First: demonstrable integrity, achieved through a cryptographic hash (typically SHA-256) computed at the moment of creation and verifiable thereafter. Second: qualified certified date, applied by a qualified Trust Service Provider rather than merely declared by the sender. Third: source authenticity, demonstrated through capture metadata (device, optional geolocation, EXIF, application logs) collected automatically and not user-tampered. Fourth: documented chain of custody: the full sequence of who handled the file from the moment of creation to its filing in court. Together these four elements separate an attachment that the judge accepts as a proven fact from one that drops to simple presumption at the first denial.

Hash, qualified timestamp, QTSP seal: the three technical building blocks

Source-level certification rests on three standardised mechanisms. The hash function reduces a file of any size to a unique, irreversible character sequence: two different files yield two different hashes, and a one-bit change rewrites the entire hash. The qualified electronic timestamp, issued by a Qualified Trust Service Provider under Article 42 of eIDAS, attests in a way that is opposable to third parties that a given hash existed at a specific instant. The qualified electronic seal, governed by Article 35 of the same Regulation, binds the document to the legal identity of the issuing entity and protects its integrity over time. Together, these three components turn a regular PDF into an electronic document with reinforced evidentiary value, narrowing the space available for denial.

International standards: ISO/IEC 27037 and PAdES

Source-level forensic methodology aligns with two families of international standards. ISO/IEC 27037 ("Guidelines for identification, collection, acquisition and preservation of digital evidence") sets the criteria for capturing digital evidence in a defensible way: technical integrity, reproducibility, traceability of operations, and the operator's role. On the signature-format side, ETSI standards PAdES (for PDFs), CAdES and XAdES define how to embed digital signature and timestamp inside the document so that verification remains possible years later. When a PEC attachment is built according to these standards, integrity and identity challenges become much harder to sustain.

Documentary chain of custody: from device to court filing

The final building block is the chain of custody for digital evidence: the documentation of every step the file went through, from the moment of creation (device, position, operator, timestamp) to its filing in the telematic process (export, hash, archival, production). A transparent chain of custody turns an abstract challenge ("the file may have been altered") into a verifiable factual point ("here is the operation log with the hashes, break the sequence if you can"). This is the level of proof that prosecution and court-appointed experts expect in higher-stakes civil and criminal proceedings.

Use case

Certified digital evidence for litigation

Capture, certify and produce in court digital content with full probative value: photos, videos, web evidence, communications.

Discover more →

What is TrueScreen and how it integrates QTSP certification into PEC

The practical question becomes: how do you apply forensic-grade methodology to operational content (photos, videos, screenshots, documents) produced every day by non-technical personnel? TrueScreen is the Data Authenticity Platform that allows companies and professionals to capture, verify and certify any digital content with legal value, integrating qualified electronic seals from third-party QTSPs through APIs. TrueScreen does not issue qualified certificates itself: it applies the forensic methodology at the data source and relies on qualified Trust Service Providers for the qualified timestamp and qualified electronic seal, in compliance with eIDAS.

Source-level forensic capture and automatic hash computation

Through the mobile app, web portal and Chrome Extension, TrueScreen captures photos, videos, screenshots, web page recordings and documents using a forensic capture procedure: integral acquisition of the content, collection of contextual metadata (timestamp, optional geolocation, device), automatic SHA-256 hash computation at the moment of creation. The operator does not intervene in these steps: technical integrity is delegated to the system rather than left to the goodwill of the individual user. Every file that leaves the device is already in a "sealable" state.

Qualified electronic timestamp and seal through QTSPs

The captured file is then sent to the TrueScreen backend, which applies a qualified electronic timestamp and a qualified electronic seal issued by QTSPs integrated through APIs. These two qualified trust services, governed by Articles 41 and 35 of eIDAS, carry legal effects equivalent to a timestamp affixed by a public officer and to a paper seal applied to letterhead documents. TrueScreen, in other words, is the application layer that brings forensic methodology within reach of the end user; the QTSP is the legal entity that, by law, issues the certificate. The distinction matters: the seal's legal effectiveness flows from the qualified QTSP, the usability flows from TrueScreen integration.

Attaching certified content to a PEC: the operational flow

In practice, a user who needs to send via PEC a photographic exhibit, an inspection report, a delivery video or a certified screenshot of a web page follows three steps. First: capture the content from the TrueScreen app or extension, which applies the forensic methodology and triggers QTSP certification. Second: download the certified package from the TrueScreen portal, typically a PAdES PDF containing the evidence, the hash, the qualified timestamp and the contextual metadata, or the original file with a JSON certification manifest. Third: attach the package to the PEC and send it. The attachment that arrives in the recipient's mailbox is an electronic document sealed by a QTSP, resistant to generic denial under Article 2712 of the Italian Civil Code, with full opposability of the qualified date.

The difference between digital signature on the PDF and QTSP seal on the content

One commonly confused point: digitally signing a PDF before attaching it to a PEC is not the same as certifying the represented content. The author's digital signature attests that the PDF was signed by that person at that moment, but it says nothing about whether the photograph embedded inside the PDF has been manipulated or whether the screenshot has been selectively cropped. Source-level certification through forensic methodology (capture + hash + QTSP seal of the original content) operates on a different layer: it guarantees the technical integrity of the raw datum before it is incorporated into any synthesis document. The two are complementary, not interchangeable.

An advanced or qualified electronic signature on the attached PDF remains advisable for subjective acts (declarations, powers of attorney, contracts). For objective proof of a fact (what happened, what a website looked like, the state of a construction site), what matters is the seal on the content itself, not just the signature on the document.

Comparison: PEC with standard attachment vs PEC with source-certified attachment

The table below summarises, contestation front by contestation front, the practical difference between a PEC with a non-certified attachment and a PEC with an attachment certified at the source through forensic methodology and QTSP seal. The difference is not theoretical: it translates into faster proceedings, fewer challenges accepted by the court, and greater predictability of outcome.