TMD vs TMK: Legal and Practical Differences

Introduction: Why Distinguish TMD and TMK?

In the European digital trust ecosystem, the concepts of Trustmark for Data (TMD) and Trustmark for Keys (TMK) — respectively designating the trust marking mechanisms for electronic data and for cryptographic key infrastructures — often create confusion amongst legal practitioners and IT managers. Yet their legal regimes, technical scopes and practical implications differ fundamentally. This article demystifies these two devices, presents their respective regulatory framework and guides B2B organisations in choosing the solution most suited to their document flows.

---

What is TMD (Trustmark for Data)?

TMD, or the trust marking mechanism applied to data, designates a set of procedures and cryptographic attributes that allow certifying the integrity and authenticity of a data set or electronic document. It relies primarily on mechanisms of qualified electronic seal (qualified electronic seal) within the meaning of the eIDAS regulation.

Technical Foundations of TMD

Technically, a TMD relies on:

• A hash function (SHA-256, SHA-3) applied to source data, generating a unique digital fingerprint;

• A digital certificate issued by a Qualified Trust Service Provider (QTSP), guaranteeing the identity of the issuing entity;

• A qualified electronic timestamp in compliance with the ETSI EN 319 421 standard, providing verifiable time evidence.

These three elements combined confer on the TMD a high probative value, comparable to that of an authentic deed in many EU Member States. To learn more about the legal value of timestamped documents, consult our complete guide to electronic signature.

Privileged Application Areas for TMD

TMD is particularly suited to contexts where the organisation needs to certify the integrity of large data volumes without requiring the active intervention of an identified natural person. It is found particularly in:

• Certification of accounting and financial flows (audit journals, trial balances);

• Legal preservation of digital evidence (probationary archiving compliant with NF Z 42-013);

• EDI exchanges between commercial partners in supply chains.

---

What is TMK (Trustmark for Keys)?

TMK, or the trust marking mechanism centred on cryptographic keys, operates in a different logic: it certifies not the data itself, but the public key infrastructures (PKI) and the signature creation devices used by signatories. It is closely linked to the concepts of Qualified Signature Creation Device (QSCD) defined in Annex II of the eIDAS regulation.

Cryptographic Architecture of TMK

A TMK involves:

• An HSM module (Hardware Security Module) certified CC EAL 4+ or FIPS 140-2 level 3, guaranteeing that private keys never leave the secure device;

• A documented certification policy (CPS – Certification Practice Statement) published by the QTSP;

• Mechanisms for real-time revocation via OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List).

The strength of TMK therefore rests on the physical and logical security of the key generation and storage devices. To understand how these requirements align with the broader regulatory framework, our guide on eIDAS 2.0 regulation constitutes an essential reference.

Privileged Application Areas for TMK

TMK is essential in scenarios where the legal responsibility of an identified natural person must be engaged with certainty:

• Signature of contracts with strong legal value (transfer of business funds, commercial leases, dematerialised notarial deeds);

• Strong authentication processes in government-business portals (customs APIs, Chorus Pro platforms);

• Validation of payment orders in financial institutions subject to DSP2.

---

Legal Comparison: TMD vs TMK

The most structuring distinction between TMD and TMK lies in their legal attachment within the eIDAS regulation (No. 910/2014) and its successor eIDAS 2.0 (EU regulation 2024/1183).

Liability Regime

| Criterion | TMD | TMK | |---|---|---| | Responsible Entity | Legal entity (organisation) | Identified natural or legal person | | Level of Confidence | Advanced or qualified (seal) | Qualified (qualified electronic signature) | | Legal Presumption | Data Integrity | Consent and identity of signatory | | Cross-border Scope | Automatic EU Recognition | Automatic EU Recognition (art. 25 eIDAS) |

TMD engages the liability of the issuing entity: if the integrity of certified data is compromised, the organisation must answer for it. TMK, by contrast, engages the individual liability of the key holder — which makes it the indispensable tool for any act where personal intent must be proved unambiguously.

Probative Force before French Courts

In French law, article 1366 of the Civil Code states that "electronic writing has the same probative force as writing on paper, provided that the person from whom it originates can be duly identified and that it is established and maintained under conditions likely to guarantee its integrity". This wording covers both mechanisms, but with important nuances:

• A document protected by a qualified TMD benefits from a presumption of integrity that reverses the burden of proof;

• A document signed via a qualified TMK benefits, moreover, from a presumption of imputability — the signatory himself must prove that he did not sign, which is extremely difficult.

This probative asymmetry explains why legal practitioners and law firms using electronic signature favour TMK for acts subject to a legal formality condition.

Interoperability and Mutual Recognition

eIDAS 2.0 strengthens interoperability via European Digital Identity Wallets (EDIW), which will natively integrate TMK mechanisms for citizens and professionals. TMDs, for their part, rely more on national trust lists (Trusted Lists) published by each Member State. France publishes its own through ANSSI, and every qualified QTSP is registered there. For a comparative analysis of market solutions, our comparison of electronic signature solutions will give you concrete decision-making elements.

---

Practical Implications for B2B Enterprises

Choosing Between TMD and TMK Based on Document Type

The golden rule is simple: the level of legal risk of the document dictates the mechanism to deploy.

• Documents with Moderate Risk (purchase orders, quotations, T&Cs, standard confidentiality agreements NDAs): an advanced TMD seal is generally sufficient. It offers robust data integrity protection without the added cost related to QSCD qualification.

• High-Risk Documents (employment contracts, mandates, transfer deeds, financial commitments exceeding €50,000): qualified TMK is recommended, even mandated by certain regulated sectors (banking, insurance, healthcare).

For HR teams managing large volumes of employment contracts, our electronic signature solution for HR natively integrates a confidence level suited to each document type.

Costs and Deployment Timelines

TMD is generally less costly to deploy as it does not require strong identification processes (KYC/AML) for each signatory. Its integration via API into a document management system (DMS) or ERP typically takes 2 to 6 weeks depending on IT environment complexity.

TMK, due to QSCD requirements and the identity verification process, entails 3 to 10 business days onboarding per signatory. For organisations managing numerous external partners, this can represent a friction factor to anticipate in change management.

Archiving and Retention

Regardless of the mechanism chosen, any organisation subject to French law must comply with statutory retention periods: 10 years for commercial contracts (article L. 110-4 of the Commercial Code), 5 years for associated personal data (GDPR art. 5). A probationary archiving system compliant with standard NF Z 42-013 guarantees that the legal value of TMD or TMK is preserved over time, even in the event of technological migration.

Applicable Legal Framework for TMD and TMK

eIDAS Regulation and Its Evolution

The regulatory foundation of TMD and TMK mechanisms is established by regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014, called the eIDAS regulation. This foundational text establishes the hierarchy of trust levels (simple, advanced, qualified) and defines the conditions for cross-border recognition of trust services within the European Union.

In 2024, regulation (EU) 2024/1183 (eIDAS 2.0) substantially revised this framework, introducing notably:

• European Digital Identity Wallets (EDIW) mandatory for Member States before 2026;

• New categories of trust services, including qualified electronic attestations of attributes;

• Strengthened requirements for QTSPs regarding cybersecurity (NIS2 alignment).

French Civil Code: Articles 1366 and 1367

In domestic law, articles 1366 and 1367 of the Civil Code (stemming from ordinance No. 2016-131 of 10 February 2016) set out the conditions for the probative value of electronic writing. Article 1367 specifies that qualified electronic signature (relying on a qualified TMK and a QSCD) "creates a simple presumption of reliability". This presumption is rebuttable, but it reverses the burden of proof in favour of the signature beneficiary.

Applicable ETSI Standards

The technical specifications of TMD and TMK are standardised by ETSI (European Telecommunications Standards Institute):

• ETSI EN 319 132: advanced electronic signature XAdES;

• ETSI EN 319 122: CAdES signature;

• ETSI EN 319 142: PAdES signature (PDF);

• ETSI EN 319 421: policy for qualified electronic timestamp;

• ETSI EN 319 401: general requirements for QTSPs.

GDPR and Data Protection

The deployment of TMD and TMK involves the processing of personal data (signatory identity, signature metadata). Regulation (EU) 2016/679 (GDPR) requires:

• An explicit legal basis for processing (contract performance, art. 6.1.b, or legal obligation, art. 6.1.c);

• A processing register documenting data flows to QTSPs;

• Appropriate contractual clauses if the QTSP is established outside the EU or uses extra-European sub-processors.

NIS2 Directive and PKI Cybersecurity

Directive (EU) 2022/2555 (NIS2), transposed into French law by the Law of 17 April 2024, subjects qualified QTSPs to strengthened obligations in risk management, incident notification (24-hour notification timeline to ANSSI) and periodic audits. For user enterprises, this translates into enhanced due diligence obligations when selecting their trust service provider.

Concrete Use Scenarios

Scenario 1: An SME Manufacturing Plant Managing 300 Supplier Contracts Annually

An SME manufacturing plant of around one hundred employees, specialising in mechanical component production, manages approximately 300 supplier contracts annually (raw material purchases, maintenance services, logistics framework contracts). Until now, these documents have been conveyed by post or unsecured email, with average signature lead times of 12 to 18 business days.

By deploying a qualified TMD mechanism for contracts valued below €20,000 and a qualified TMK for commitments above or multi-year, the SME reduces signature lead times to 1.8 business days on average, representing a reduction of over 85%. Disputes related to contesting document integrity, representing 2 to 3 litigation files per year, fall to zero within 18 months following deployment — the legal presumption associated with qualified mechanisms dissuading attempted challenges.

Scenario 2: A Hospital Group of Approximately 600 Beds

A public hospital group managing multiple facilities must have several thousand documents signed annually: contracts for hospital practitioners, clinical research protocols, agreements with university partners and pharmaceutical laboratories. The healthcare sector imposes specific regulatory constraints (HDS — Healthcare Data Hosting, PGSSI-S).

The group deploys a qualified TMK for practitioner signatures (engaging their medical and legal responsibility) and an advanced TMD for certifying patient data flows between facilities. The combination of the two mechanisms reduces printing, scanning and physical archiving costs by €45,000 per year whilst strengthening GDPR and HDS compliance. Compliance audits, previously requiring 3 weeks of documentary preparation, are reduced to 4 days thanks to automated audit logs.

Scenario 3: A Mid-Size M&A Consulting Firm

A firm specialising in M&A accompanying approximately ten operations annually must manage letters of intent (LOI), strengthened confidentiality agreements, protocol agreements and transfer deeds. Transaction values range between €5m and €80m. The slightest dispute over the authenticity of a document can block a transaction for months.

By contractually mandating the use of qualified TMK for all transaction documents from the due diligence phase onwards, the firm eliminates the risk of formal challenge. Foreign counterparties (particularly UK and US post-Brexit) recognise the probative value of eIDAS qualified signatures within the scope of European governing law clauses. Average documentary closing time reduces from 22 days to 8 days, representing a gain of 63% on finalisation timelines.

Conclusion

TMD and TMK are not interchangeable: the former certifies data integrity at organisational scale, the latter engages the individual responsibility of the signatory with the maximum probative force provided for by eIDAS. Understanding this distinction is now a prerequisite for any serious document policy in a B2B environment. The choice of the right mechanism depends directly on the level of legal risk of each document type and applicable sector constraints.

Certyneo supports you in implementing a digital trust strategy combining TMD and TMK according to your actual document flows. Our platform handles both mechanisms, integrates eIDAS 2.0 requirements and adapts to your existing IT environment. Request a demonstration or compare our offers on the Certyneo Pricing page — our legal and technical experts are available to audit your situation free of charge.