eIDAS 2.0 Timestamp Requirements: What Changes for QTSPs and Businesses

Qualified electronic timestamps are the probative reference that companies and law firms rely on to prove the date of documents and digital evidence. With Regulation (EU) 2024/1183, the eIDAS 2.0 timestamp requirements change: in force since 20 May 2024, the regulation will make the currently voluntary ETSI technical standards legally binding through implementing acts.

For QTSPs, the EU's qualified trust service providers, this means upgrading infrastructure and procedures. For businesses that depend on electronic time stamping, it means something different and often overlooked: verifying that their provider remains qualified and listed in the EU Trusted List. Skip that check, and the probative value of your digital evidence weakens at the exact moment you need it. This insight builds on our guide covering how qualified electronic timestamps work and their legal value and focuses on what eIDAS 2.0 changes in practice.

This insight is part of our guide: Qualified Electronic Timestamps: How They Work and Their Legal Value

What eIDAS 2.0 changes for qualified electronic timestamps

A qualified electronic timestamp binds a date and time to a set of data with a legal presumption of accuracy and integrity, recognized in all 27 Member States. Under Articles 41 and 42 of the eIDAS framework, as amended by Regulation (EU) 2024/1183, only the qualified timestamp carries this presumption: whoever disputes the date of a timestamped document bears the burden of proving the contrary. eIDAS 2.0 does not rewrite this legal definition. It changes the operating conditions for issuing the timestamp: ETSI standards will become binding through implementing acts, supervision of qualified providers gets stricter, and penalties for non-compliant QTSPs become uniform across the EU. The implementing acts expected through 2026 will translate these principles into verifiable qualified timestamp requirements for electronic time stamping services, which national supervisory bodies will audit against.

From Regulation 910/2014 to Regulation (EU) 2024/1183

Here is where the changes land for time stamping services.

Aspect Regulation 910/2014 (eIDAS) Regulation (EU) 2024/1183 (eIDAS 2.0)
Legal basis for timestamps Art. 41-42: presumption of date accuracy and data integrity Art. 41-42 confirmed, with requirements detailed by implementing acts
Technical standards ETSI EN 319 421 and 319 422 as voluntary reference The same standards set to become legally binding
Supervision of QTSPs National bodies, uneven application Harmonized supervision and stricter notification duties
Penalties At Member States' discretion Up to EUR 5,000,000 or 1% of total worldwide annual turnover (Art. 16)
Ecosystem Traditional trust services Integration with the EUDI Wallet and new qualified trust services

The legal value of the qualified timestamp remains the one defined in 2014. What rises is the threshold for keeping it, both for the provider that issues the timestamp and, indirectly, for the business that uses it.

The EU Trusted List and ETSI EN 319 421/422 standards

The qualified status of a time stamping provider can be verified in one place: the EU Trusted List, the official register of accredited QTSPs published by the European Commission. If a provider does not appear in the list for the "qualified electronic time stamp" service, its timestamps do not benefit from the legal presumption of Article 41. The register is maintained in machine-readable format and through the Commission's Trusted List Browser, and it reflects the notifications of the 27 national supervisory bodies. This is why it pays to know how to check a QTSP's status in the EU Trusted List before tying critical business processes to a supplier. The check takes just a few minutes and should be repeated periodically, because qualified status can be suspended or withdrawn at any time.

On the technical side, two ETSI standards set the bar. EN 319 421, updated to version 1.3.1 in July 2025, defines the policy and security requirements for providers issuing time-stamps, including synchronization of the time source with Coordinated Universal Time (UTC). EN 319 422 defines the time-stamp token profiles based on the RFC 3161 protocol, so different systems can verify the same token even years later. With the eIDAS 2.0 implementing acts, conformity with these standards will move from established practice to legal obligation.

eIDAS 2.0 timestamp requirements: what businesses need to do

The eIDAS 2.0 timestamp requirements set by Article 42 state that a qualified electronic timestamp must:

  • bind the date and time to the data in a way that rules out any undetectable modification;
  • rely on an accurate time source linked to UTC;
  • be signed with an advanced electronic signature or sealed with an advanced electronic seal of the QTSP;
  • be issued by a qualified provider listed in the EU Trusted List.

These eIDAS 2.0 timestamp requirements fall on the provider, but businesses that consume timestamps have their own checklist. First: map the processes that depend on electronic time stamping, from compliant archiving to evidence gathering for disputes. Second: confirm the supplier is in the EU Trusted List and stays there. Third: verify that the issued tokens follow the ETSI EN 319 422 profile, which keeps them verifiable long term. Fourth: document these checks, proof of due diligence if the legal value of its qualified electronic timestamps is ever challenged. The window matters: with implementing acts landing between 2025 and 2026, a supplier that fails the new audits can lose its qualified status with little notice. TrueScreen simplifies this work for digital evidence: the qualified timestamps embedded in its reports come exclusively from QTSPs accredited in the EU Trusted List.

The cost of non-compliance

For QTSPs the stakes are set by Article 16: penalties up to EUR 5,000,000 or 1% of total worldwide annual turnover, whichever is higher, plus the possible loss of qualified status. For businesses the risk is indirect but real: evidence and documents timestamped by a provider that loses its qualification also lose the legal presumption of integrity. The operational timeline and the broader penalty regime are covered in our analysis of the eIDAS 2.0 deadlines and penalties for qualified trust service providers.

Qualified timestamps and the EUDI Wallet

The most visible change under eIDAS 2.0 is the European Digital Identity Wallet: Member States must make it available to citizens and residents by December 2026, and private sectors such as banking, telecom, healthcare and transport must accept it across 2026 and 2027, as outlined by the European Commission. For time stamping the connection is functional: credentials and transactions handled through the wallet will need certified time references to stay enforceable years down the line. Our guide to the EUDI Wallet for businesses covers what this means for companies.

TrueScreen

TrueScreen

TrueScreen, the forensic acquisition and certification platform

Acquire and certify digital content with legal value, right from the source.

Discover more →

How do you obtain qualified electronic timestamps compliant with eIDAS 2.0?

Qualified electronic timestamps compliant with eIDAS 2.0 come exclusively from a QTSP accredited in the EU Trusted List. A business has two options: contract a qualified provider directly, handling integration and conformity checks in-house, or adopt a platform that already embeds the service in its certification process. TrueScreen follows the second logic: it integrates into its reports qualified timestamps issued by QTSPs accredited in the EU Trusted List, so that every piece of digital evidence acquired with a forensic methodology receives a certified time reference enforceable against third parties. TrueScreen is not a QTSP: it is the Data Authenticity Platform that acquires the content at the source, verifies its integrity and authenticity, and applies certification through third-party qualified trust services. The practical advantage is the separation of roles: the QTSP guarantees the certain time, the platform guarantees that the timestamped content was acquired with verifiable integrity.

A practical example: certifying a web page, a chat or a document as evidence for litigation. At acquisition, the content's fingerprint is computed and bound to the qualified timestamp, the mechanism described in our insight on the SHA-256 hash combined with a qualified eIDAS timestamp. The result is a certain, non-disputable instant in which that content existed in that form: the requirement that, in court, separates solid evidence from an ordinary screenshot.

FAQ: qualified timestamps and eIDAS 2.0

What is a qualified electronic timestamp?
An electronic time stamp issued by a QTSP in the EU Trusted List that binds date and time to data with a legal presumption of accuracy and integrity, under Articles 41-42 of eIDAS, recognized across the EU.
What does eIDAS 2.0 change compared to the previous regulation?
Regulation (EU) 2024/1183, in force since 20 May 2024, introduces the EUDI Wallet, tightens eIDAS 2.0 timestamp requirements by making ETSI standards binding through implementing acts, harmonizes QTSP supervision, and sets penalties up to EUR 5,000,000 or 1% of total worldwide annual turnover.
Are electronic timestamps mandatory for businesses?
No general obligation exists. They become necessary when a certain date enforceable against third parties is required: compliant archiving, intellectual property protection, litigation evidence. In these contexts the qualified form carries full probative value across the EU.
What is the difference between a timestamp and a simple time reference?
A time reference is a plain indication of date and time attached to data, with no guarantees. A qualified timestamp is issued by a QTSP under the requirements of Article 42 and carries a legal presumption of accuracy and integrity: only the qualified form holds up in a dispute.
How can a company verify that its timestamp provider is qualified?
By consulting the EU Trusted List, the official register published by the European Commission. The provider must appear there for the qualified time stamping service, and the check should be repeated, since qualified status can be suspended or withdrawn. --- SEO_TITLE: eIDAS 2.0 Timestamp Requirements for QTSPs and Businesses META_DESCRIPTION: eIDAS 2.0 timestamp requirements explained: new QTSP rules, 2026 deadlines, EU Trusted List checks and ETSI EN 319 421 standards for qualified timestamps. SLUG: eidas-2-qualified-timestamp-requirements-qtsp ---

Qualified timestamps in your business processes

TrueScreen integrates qualified timestamps from QTSPs accredited in the EU Trusted List: digital evidence with a certain date and legal value across Europe.

mockup app