The perennity of digital evidence

Four models, four destinies

When you establish proof of prior authorship, you are really asking a question that extends over time: for how many years, and under what conditions, will this proof remain verifiable?

The question seems theoretical. It is not. A proof that can no longer be verified is no longer a proof. A proof that depends for its verification on a service or a company that no longer exists becomes a legal object in limbo, whose enforceability erodes with each passing year.

Four main ways of constructing digital evidence of prior authorship exist today. Each has its own technical coherence, its advantages, and its point of vulnerability over the long term. This page examines them without moral hierarchy, to help the reader understand the real trade-offs behind technical appearances.

The critical question: what remains if the issuer disappears?

It is by asking this question — rarely asked explicitly in discussions about digital evidence — that the difference between the four models becomes structural rather than cosmetic.

This is what self-contained proof means. Not a slogan: a verifiable structural property.

Model 1 — The token signed by a free timestamping authority

Several community services issue free electronic timestamping tokens conforming to the RFC3161 standard — notably FreeTSA.org, which has been operating since 2014. The mechanism is simple: the cryptographic fingerprint of a document is sent to the authority, which returns a signed token attesting to the date.

Technically, this proof is perfectly valid. The signature can be verified with OpenSSL or any standard cryptographic tool. Legally, the European eIDAS regulation, through its Article 41 paragraph 1, guarantees its admissibility before a court.

Its vulnerability lies elsewhere. The infrastructure issuing these tokens is maintained by a small team, without contractual commitment to continuity, without audit, without regulatory supervision. If this infrastructure disappears — and the history of the internet is littered with community services that eventually shut down — your token remains cryptographically intact but the chain of trust enabling its verification becomes an exercise in archaeology. The root certificate must be preserved offline, verification must be historically contextualized, and the legal readability of the proof erodes.

Model 2 — The token signed by an unqualified commercial timestamping authority

Several large companies (DigiCert, Sectigo, GlobalSign) operate commercial timestamping authorities, primarily intended for software code signing. Their tokens also conform to the RFC3161 standard and are technically equivalent to those of the previous model.

The advantage over the free model is economic stability. A large private company is less likely to disappear suddenly than a community infrastructure. The probability of continuity at ten years is high.

The drawback lies in the commercial nature of the service. These authorities apply terms of use that can evolve, pricing policies that can change, strategic decisions that can close a line of business overnight. The history of the SSL/TSA ecosystem illustrates this: Symantec abandoned its certification authority business, transferred to DigiCert under conditions that created temporary trust chain problems for prior certificates. Commercial services last, but their policies shift.

Legally, these tokens are admissible under Article 41(1) eIDAS, without any particular presumption of accuracy.

Model 3 — The qualified eIDAS timestamp

This is the most protective model legally. A qualified timestamp is issued by a Qualified Trust Service Provider (QTSP), audited and listed on the European Trusted List (EUTL). In France, providers such as Universign, Lex Persona, Certigna, or Datasure offer this service.

Under Article 41 paragraph 2 of the eIDAS regulation, a qualified timestamp benefits from a legal presumption of accuracy of the date and data integrity. Before a European court, this presumption shifts the burden of proof: it is up to the party contesting the date to demonstrate it is inaccurate, not up to the producer of the proof to establish it.

This legal robustness has two counterparts. The first is financial: a qualified service implies a subscription model and a per-timestamp cost that necessarily translates into the end price for the user. The second is more subtle: the perennity of the proof depends on the maintenance of the provider's qualification. If a QTSP loses its qualification — rare but documented — the presumption of accuracy falls retroactively for tokens issued during the unqualified period. If the QTSP goes bankrupt, its conservation obligations may be transferred to a continuity authority, but the process is complex and conditions vary by national jurisdiction.

The strength of the qualified model is the legal presumption. Its residual vulnerability is institutional dependency.

Model 4 — Blockchain anchoring

Blockchain anchoring consists of inscribing the cryptographic fingerprint of a document in a transaction on a public distributed ledger, typically Bitcoin or Ethereum. The transaction is timestamped by the network, validated by tens of thousands of independent nodes worldwide, and inscribed in a block whose subsequent modification is mathematically impossible.

Technically, the proof rests on pure cryptography and distributed consensus. No company, no authority, no government has the unilateral power to modify or delete a past transaction. Verification can be performed by anyone, with any public blockchain explorer, without dependency on any particular service.

Legally, this proof falls under Article 41 paragraph 1 of eIDAS — admissible as a form of evidence recognized under French law as constituting initial written proof, as explicitly recognized by the Tribunal judiciaire de Marseille (Marseille Judicial Court) in its ruling of March 14, 2025 (AZ Factory v. Valeria Moda, RG 23/00046). It does not benefit from the presumption of accuracy reserved for qualified timestamps.

Its specific vulnerability differs from the three previous models: it depends neither on a company, nor on a community authority, nor on a time-limited certificate. It depends on the perennity of the blockchain network itself. For Ethereum, launched in 2015 and having never experienced a total shutdown, this perennity is today largely attested by the facts. For Bitcoin, older still (2009), it is even more so.

If a free community timestamping authority disappears, the token it issued remains cryptographically valid, but its day-to-day verifiability becomes complicated. The certificate must be preserved offline, and the chain of trust can only be reconstructed through historical effort.

If a commercial timestamping authority shuts down its service, the situation is similar — better in practice, because large companies often leave accessible traces, but structurally identical: the proof becomes an object to reconstruct rather than an object to consult.

If a qualified QTSP goes bankrupt or loses its qualification, the legal presumption that was the model's strength can collapse, and the proof must be defended as an ordinary unqualified timestamp.

If the service that delivered a blockchain anchoring proof disappears, the proof remains strictly intact. The hash is in the blockchain. The transaction is viewable through any public explorer. Verification requires no proprietary tool, no certificate, no commercial chain of trust. You simply recalculate the SHA-256 fingerprint of the document with a standard tool, and compare it to the one inscribed in the Ethereum transaction.

Comparison table

Criterion	Free TSA	Unqualified commercial TSA	Qualified eIDAS timestamp	Blockchain anchoring
Cryptographic value	Strong	Strong	Strong	Strong
Legal admissibility (eIDAS 41.1)	Yes	Yes	Yes	Yes
Presumption of accuracy (eIDAS 41.2)	No	No	Yes	No
Independence from commercial third party	Medium	Low	Low	Strong
Perennity at 30 years	Uncertain	Probable	Probable with conditions	High
Verification without access to issuing service	Possible but complex	Possible but complex	Possible but complex	Trivial
Document confidentiality	Full	Full	Full	Full
Marginal cost to user	Near-zero	Low to medium	Medium to high	Low

The ETcH doctrine

ETcH chose the blockchain anchoring model for reasons that go beyond technology. We believe that proof of prior authorship should be able to survive its producer. Not out of distrust of our own survival, but because it is the only way to guarantee our users that their proof fully belongs to them, indefinitely, regardless of our commercial fate.

This does not mean that other models are without value. Qualified eIDAS timestamping remains preferable when the legal presumption of Article 41(2) is decisive for the case — for example in high-stakes litigation where the burden of proof itself becomes a strategic issue. For these uses, we recommend that our users consider a complementary qualified timestamp, and we are actively exploring the conditions for a future enrichment of our service in this direction.

But for the vast majority of uses — protection of creative works, prior authorship evidence for commercial documents, GDPR attestations, regulatory traceability — the cryptographic robustness and self-contained nature of blockchain proof offer the best combination of perennity, accessibility, and independence.

Economic perennity: pay once and for all, activate if needed

The technical perennity of proof has economic value only if it fits within a sustainable cost model. A proof that lasts thirty years but requires a recurring expense every year — subscription, periodic renewal, administrative vigilance to maintain over several decades — is perennial only on paper: its accumulated total cost can exceed the value of what it protects, especially for works and documents whose litigation will never come.

The ETcH model was designed to align the technical perennity of proof with a corresponding economic perennity: a minimal entry cost — two euros for cryptographic anchoring — with no recurring cost, no subscription, no renewal, no prepaid credits. The proof remains verifiable indefinitely for this one-time price.

If a dispute arises someday, the user can then bring in a judicial officer (huissier de justice) to establish a formal report from the anchoring. This procedure, validated by the ruling of the Tribunal judiciaire de Marseille on March 14, 2025 (AZ Factory v. Valeria Moda, RG 23/00046), transforms a cryptographic proof into evidence with the probative force of an authentic instrument — without having to anticipate this cost upfront, for a work whose contestation may never come.

This is what we call the deferred recourse model: pay the minimal premium today, activate full coverage only if and when the need arises.

Detailed economic analysis of deferred recourse →

What this concretely means for you

If ETcH ceased to exist tomorrow, your proof would remain:

•Cryptographically intact. Your document's hash is in the Ethereum blockchain. It will remain there as long as Ethereum exists.
•Legally enforceable. The transaction is timestamped and viewable. Its admissibility as initial written proof, recognized by French case law, does not depend on our existence.
•Verifiable by yourself or by a third party. With any computer, any SHA-256 calculator, any public Ethereum explorer. No advanced cryptographic expertise is required — our guides walk you through verification step by step.

This is our structural commitment. Not a commercial promise that would vanish with us: a mathematical property of your proof, which does not depend on us to exist.

Ready to anchor?Anchor now →

Have a proof to verify?Verify a proof →

Back to guidesLearn →