TMD vs TMK: legal and practical differences

Introduction: why distinguish TMD and TMK?

In the European digital trust ecosystem, the concepts of Trustmark of Data (TMD) and Trustmark of Keys (TMK) — designating respectively the trust marking mechanisms for electronic data and for cryptographic key infrastructures — often generate confusion among legal practitioners and IT managers. Yet their legal regimes, their technical scopes and their practical implications differ fundamentally. This article demystifies these two mechanisms, presents their respective regulatory framework and guides B2B organisations in choosing the most suitable option for their documentary flows.

---

What is TMD (Trustmark of Data)?

TMD, or trust marking mechanism applied to data, designates a set of procedures and cryptographic attributes allowing the certification of the integrity and authenticity of a dataset or an electronic document. It relies primarily on qualified electronic seal mechanisms within the meaning of the eIDAS regulation.

Technical foundations of TMD

Technically, a TMD is based on:

• A hash function (SHA-256, SHA-3) applied to source data, generating a unique digital fingerprint;

• A digital certificate issued by a Qualified Trust Service Provider (QTSP), guaranteeing the identity of the issuing entity;

• A qualified electronic timestamp compliant with ETSI EN 319 421 standard, providing temporally enforceable proof.

These three combined elements give TMD high probative value, comparable to that of an authentic deed in many EU Member States. For further information on the legal value of timestamped documents, consult our comprehensive guide to electronic signature.

Privileged fields of application for TMD

TMD is particularly suited to contexts where the organisation needs to certify the integrity of large data volumes without requiring the active intervention of an identified natural person. It is found particularly in:

• Certification of accounting and financial flows (audit logs, general ledgers);

• Legal preservation of digital evidence (evidence archiving compliant with NF Z 42-013);

• EDI exchanges between trading partners in supply chains.

---

What is TMK (Trustmark of Keys)?

TMK, or trust marking mechanism centred on cryptographic keys, operates along different lines: it certifies not the data themselves, but the public key infrastructures (PKI) and the signature creation devices used by signatories. It is intimately linked to the concepts of Qualified Signature Creation Device (QSCD) defined in Annex II of the eIDAS regulation.

Cryptographic architecture of TMK

A TMK involves:

• An HSM module (Hardware Security Module) certified CC EAL 4+ or FIPS 140-2 level 3, guaranteeing that private keys never leave the secure device;

• A documented certification policy (CPS – Certification Practice Statement) published by the QTSP;

• Mechanisms for real-time revocation via OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List).

The strength of TMK therefore rests on the physical and logical security of the key generation and storage devices. To understand how these requirements fit into the broader regulatory framework, our guide to the eIDAS 2.0 regulation constitutes an essential reference.

Privileged fields of application for TMK

TMK is required in scenarios where the legal responsibility of an identified natural person must be engaged with certainty:

• Signing of high-value legal contracts (business assets transfers, commercial leases, notarised digital deeds);

• Processes of strong authentication in government-business portals (customs APIs, Chorus Pro platforms);

• Validation of payment orders in financial institutions subject to PSD2.

---

Legal comparison: TMD vs TMK

The most structuring distinction between TMD and TMK lies in their legal attachment within the eIDAS regulation (No. 910/2014) and its successor eIDAS 2.0 (EU Regulation 2024/1183).

Liability regime

| Criterion | TMD | TMK | |---|---|---| | Responsible entity | Legal person (organisation) | Identified natural or legal person | | Level of trust | Advanced or qualified (seal) | Qualified (qualified electronic signature) | | Legal presumption | Data integrity | Signatory consent and identity | | Cross-border scope | Automatic EU recognition | Automatic EU recognition (Art. 25 eIDAS) |

TMD engages the liability of the issuing entity: if the integrity of the certified data is compromised, it is the organisation that must answer for it. TMK, by contrast, engages the individual liability of the key holder — which makes it the essential tool for any act where personal intent must be proven unambiguously.

Probative force before French courts

Under French law, Article 1366 of the Civil Code states that "electronic writing has the same probative force as writing on paper, provided that the person from whom it emanates can be duly identified and that it is established and preserved in conditions such as to guarantee its integrity". This wording covers both mechanisms, but with important nuances:

• A document protected by a qualified TMD benefits from a presumption of integrity reversing the burden of proof;

• A document signed via a qualified TMK benefits, moreover, from a presumption of attribution — the signatory must himself prove that he did not sign, which is extremely difficult.

This probative asymmetry explains why jurists and law firms using electronic signature favour TMK for acts subject to a legal formality condition.

Interoperability and mutual recognition

eIDAS 2.0 strengthens interoperability through European Digital Identity Wallets (EDIW), which will natively integrate TMK mechanisms for citizens and professionals. TMD, meanwhile, relies more heavily on the national trust lists (Trusted Lists) published by each Member State. France publishes its own through ANSSI, and every qualified QTSP is listed therein. For a comparative analysis of market solutions, our comparison of electronic signature solutions will give you concrete decision-making elements.

---

Practical implications for B2B enterprises

Choosing between TMD and TMK based on document type

The golden rule is simple: the level of legal risk of the document dictates the mechanism to deploy.

• Documents with moderate risk (purchase orders, quotes, terms and conditions, standard confidentiality agreements NDA): an advanced TMD is generally sufficient. It provides robust data integrity protection without the added cost of QSCD qualification.

• High-risk documents (employment contracts, mandates, transfer deeds, financial commitments exceeding €50,000): qualified TMK is recommended, sometimes even required by certain regulated sectors (banking, insurance, healthcare).

For HR teams managing large volumes of employment contracts, our electronic signature solution for HR natively integrates a trust level suited to each document type.

Costs and deployment timelines

TMD is generally less costly to deploy because it does not require strong identity verification (KYC/AML) for each signatory. Its integration via API into a document management system (DMS) or ERP takes on average 2 to 6 weeks depending on IT environment complexity.

TMK, due to QSCD requirements and identity verification processes, involves an onboarding period of 3 to 10 working days per signatory. For organisations managing numerous external partners, this can be a friction point to anticipate in change management.

Archiving and retention

Regardless of which mechanism is chosen, any organisation subject to French law must comply with statutory retention periods: 10 years for commercial contracts (Article L. 110-4 of the Commercial Code), 5 years for associated personal data (GDPR Article 5). A probative archiving system compliant with NF Z 42-013 standard ensures that the legal value of TMD or TMK is preserved over time, even in the event of technological migration.

Applicable legal framework for TMD and TMK

eIDAS Regulation and its evolution

The regulatory foundation of TMD and TMK mechanisms is constituted by the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014, known as the eIDAS Regulation. This foundational text establishes the hierarchy of trust levels (simple, advanced, qualified) and defines the conditions for cross-border recognition of trust services within the European Union.

In 2024, Regulation (EU) 2024/1183 (eIDAS 2.0) substantially revised this framework, introducing notably:

• Mandatory European Digital Identity Wallets (EDIW) for Member States before 2026;

• New categories of trust services, including qualified electronic attestations of attributes;

• Enhanced requirements for QTSPs in terms of cybersecurity (NIS2 alignment).

French Civil Code: Articles 1366 and 1367

Under domestic law, Articles 1366 and 1367 of the Civil Code (from Ordinance No. 2016-131 of 10 February 2016) set out the conditions for the probative value of electronic writing. Article 1367 clarifies that the qualified electronic signature (based on a qualified TMK and a QSCD) "creates a simple presumption of reliability". This presumption is rebuttable, but it reverses the burden of proof in favour of the beneficiary of the signature.

Applicable ETSI standards

The technical specifications of TMD and TMK are standardised by ETSI (European Telecommunications Standards Institute):

• ETSI EN 319 132: advanced electronic signature XAdES;

• ETSI EN 319 122: CAdES signature;

• ETSI EN 319 142: PAdES signature (PDF);

• ETSI EN 319 421: qualified electronic timestamp policy;

• ETSI EN 319 401: general requirements for QTSPs.

GDPR and data protection

The deployment of TMD and TMK involves the processing of personal data (signatory identity, signature metadata). Regulation (EU) 2016/679 (GDPR) imposes:

• An explicit legal basis for processing (contract performance, Art. 6.1.b, or legal obligation, Art. 6.1.c);

• A processing register documenting data flows to QTSPs;

• Appropriate contractual clauses if the QTSP is established outside the EU or uses extra-European sub-processors.

NIS2 Directive and cybersecurity of PKI infrastructure

The Directive (EU) 2022/2555 (NIS2), transposed into French law by the Law of 17 April 2024, subjects qualified QTSPs to enhanced obligations for risk management, incident notification (24-hour initial notification deadline to ANSSI) and periodic audit. For user enterprises, this translates into an obligation of increased due diligence when selecting their trust service provider.

Concrete usage scenarios

Scenario 1: an industrial SME managing 300 supplier contracts per year

An industrial SME with approximately one hundred employees, specialised in the manufacture of mechanical components, manages roughly 300 supplier contracts annually (purchases of raw materials, maintenance services, framework supply agreements). Previously, these documents were sent by post or unsecured email, with average signature timelines of 12 to 18 working days.

By deploying a qualified TMD mechanism for contracts valued below €20,000 and a qualified TMK for commitments above that threshold or multi-year agreements, the SME reduces signature timelines to an average of 1.8 working days, a reduction of more than 85%. Disputes related to contestation of document integrity, which represented 2 to 3 contentious files per year, fall to zero over the 18 months following deployment — the legal presumption associated with qualified mechanisms discouraging attempts at challenge.

Scenario 2: a hospital group of approximately 600 beds

A public hospital group managing several establishments must have several thousand documents signed annually: practitioner employment contracts, clinical research protocols, agreements with university partners and pharmaceutical laboratories. The healthcare sector imposes specific regulatory constraints (HDS — Health Data Hosting, PGSSI-S).

The hospital group deploys qualified TMK for practitioner signatures (engaging their medical and legal responsibility) and advanced TMD for certifying patient data flows between establishments. The combination of the two mechanisms allows reduction of printing, scanning and physical archiving costs by €45,000 per year whilst strengthening GDPR and HDS compliance. Compliance audits, previously requiring 3 weeks of documentary preparation, are reduced to 4 days thanks to automated audit logs.

Scenario 3: an intermediate-sized M&A advisory firm

A firm specialised in M&A advising on approximately ten transactions per year must manage letters of intent (LOI), enhanced confidentiality agreements, term sheets and transfer deeds. Transaction values range between €5M and €80M. Any contestation of document authenticity can block a transaction for months.

By contractually requiring the use of qualified TMK for all transaction documents from the due diligence phase onwards, the firm eliminates the risks of formal contestation. Foreign counterparties (notably British and American ones post-Brexit) recognise the probative value of qualified eIDAS signatures within clauses specifying European governing law. Average documentary closing time falls from 22 days to 8 days, a gain of 63% on finalisation timelines.

Conclusion

TMD and TMK are not interchangeable: the former certifies data integrity at organisation level, the latter engages the individual responsibility of the signatory with the maximum probative force provided by eIDAS. Understanding this distinction is now a prerequisite for any serious documentary policy in a B2B environment. The choice of the right mechanism depends directly on the level of legal risk of each document type and the applicable sector constraints.

Certyneo supports you in implementing a digital trust strategy combining TMD and TMK according to your actual documentary flows. Our platform handles both mechanisms, integrates eIDAS 2.0 requirements and adapts to your existing IS. Request a demonstration or compare our offers on the Certyneo Pricing page — our legal and technical experts are available to audit your situation for free.