TMD vs TMK: Legal and Practical Differences

Introduction: why distinguish TMD and TMK?

In the European digital trust ecosystem, the concepts of Trustmark of Data (TMD) and Trustmark of Keys (TMK) — designating respectively the trust marking mechanisms for electronic data and for cryptographic key infrastructures — often cause confusion among legal practitioners and IT managers. Yet their legal frameworks, technical scopes and practical implications differ fundamentally. This article demystifies these two mechanisms, presents their respective regulatory framework and guides B2B organisations in choosing the most appropriate solution for their document flows.

---

What is TMD (Trustmark of Data)?

TMD, or trust marking mechanism applied to data, designates a set of procedures and cryptographic attributes enabling the certification of the integrity and authenticity of a dataset or electronic document. It relies principally on qualified electronic seal mechanisms under the eIDAS regulation.

Technical foundations of TMD

Technically, a TMD is based on:

• A hash function (SHA-256, SHA-3) applied to source data, generating a unique digital fingerprint;

• A digital certificate issued by a Qualified Trust Service Provider (QTSP), guaranteeing the identity of the issuing entity;

• A qualified electronic timestamp compliant with the ETSI EN 319 421 standard, providing temporally binding proof.

These three elements combined give TMD high evidentiary value, comparable to that of an authenticated deed in many EU Member States. To learn more about the legal value of timestamped documents, consult our complete electronic signature guide.

Privileged fields of TMD application

TMD is particularly suited to contexts where the organisation needs to certify the integrity of large data volumes without requiring the active involvement of an identified natural person. It is found notably in:

• Certification of accounting and financial flows (audit logs, general ledgers);

• Legal preservation of digital evidence (probatory archiving compliant with NF Z 42-013);

• EDI exchanges between commercial partners in supply chains.

---

What is TMK (Trustmark of Keys)?

TMK, or trust marking mechanism centred on cryptographic keys, follows a different logic: it certifies not the data themselves, but the public key infrastructures (PKI) and the signature creation devices used by signatories. It is intimately linked to the concepts of Qualified Signature Creation Device (QSCD) defined in Annex II of the eIDAS regulation.

Cryptographic architecture of TMK

A TMK involves:

• An HSM module (Hardware Security Module) certified CC EAL 4+ or FIPS 140-2 level 3, guaranteeing that private keys never leave the secure device;

• A documented certification policy (CPS – Certification Practice Statement) published by the QTSP;

• Real-time revocation mechanisms via OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List).

The robustness of TMK thus relies on the physical and logical security of key generation and storage devices. To understand how these requirements are articulated with the broader regulatory framework, our guide to eIDAS 2.0 regulation constitutes an essential reference.

Privileged fields of TMK application

TMK is essential in scenarios where the legal responsibility of an identified natural person must be engaged with certainty:

• Signing of high legal value contracts (business asset transfers, commercial leases, dematerialised notarial deeds);

• Strong authentication processes in administration-business portals (customs APIs, Chorus Pro platforms);

• Validation of payment orders in financial institutions subject to DSP2.

---

Legal comparison: TMD vs TMK

The most structuring distinction between TMD and TMK lies in their legal attachment within the eIDAS regulation (No. 910/2014) and its successor eIDAS 2.0 (EU Regulation 2024/1183).

Liability framework

| Criterion | TMD | TMK | |---|---|---| | Responsible entity | Legal entity (organisation) | Identified natural or legal person | | Level of confidence | Advanced or qualified (seal) | Qualified (qualified electronic signature) | | Legal presumption | Data integrity | Consent and signatory identity | | Cross-border scope | Automatic EU recognition | Automatic EU recognition (art. 25 eIDAS) |

TMD engages the liability of the issuing entity: if the integrity of the certified data is compromised, it is the organisation that must answer for it. TMK, conversely, engages the individual liability of the key holder — which makes it the essential tool for any act where personal intent must be proven without ambiguity.

Probative force before French courts

Under French law, article 1366 of the Civil Code states that "electronic writing has the same probative force as writing on paper, provided that the person from whom it originates can be duly identified and that it is drawn up and preserved in conditions such as to guarantee its integrity". This formulation covers both mechanisms, but with important nuances:

• A document protected by a qualified TMD benefits from a presumption of integrity reversing the burden of proof;

• A document signed via a qualified TMK benefits, moreover, from a presumption of imputability — the signatory must themselves prove they did not sign, which is extremely difficult.

This probative asymmetry explains why legal practitioners and law firms using electronic signature favour TMK for acts subject to a legal formality condition.

Interoperability and mutual recognition

eIDAS 2.0 strengthens interoperability via the European Digital Identity Wallets (EDIW), which will natively integrate TMK mechanisms for citizens and professionals. TMD, conversely, relies more on the national trust lists (Trusted Lists) published by each Member State. France publishes its own via the ANSSI, and every qualified QTSP is listed there. For a comparative analysis of market solutions, our comparison of electronic signature solutions will give you concrete decision-making elements.

---

Practical implications for B2B enterprises

Choosing between TMD and TMK according to document type

The golden rule is simple: the level of legal risk of the document dictates the mechanism to deploy.

• Documents with moderate risk (purchase orders, quotations, terms and conditions, standard confidentiality agreements): an advanced TMD seal is generally sufficient. It offers robust protection of integrity without the added cost associated with QSCD qualification.

• High-risk documents (employment contracts, mandates, asset transfer deeds, financial commitments exceeding €50,000): qualified TMK is recommended, even mandatory in certain regulated sectors (banking, insurance, health).

For HR teams managing large volumes of employment contracts, our electronic signature solution for HR natively integrates a level of confidence adapted to each document type.

Costs and deployment timelines

TMD is generally less costly to deploy as it does not require strong identification processes (KYC/AML) for each signatory. Its integration via API into a document management system (DMS) or ERP takes on average 2 to 6 weeks depending on IT environment complexity.

TMK, due to QSCD requirements and identity verification processes, implies an onboarding delay of 3 to 10 business days per signatory. For organisations managing many external partners, this can represent a friction factor to anticipate in change management.

Archiving and preservation

Regardless of the mechanism chosen, any organisation subject to French law must respect statutory retention periods: 10 years for commercial contracts (article L. 110-4 of the Commercial Code), 5 years for associated personal data (GDPR art. 5). A probatory archiving system compliant with the NF Z 42-013 standard ensures that the legal value of TMD or TMK is preserved over time, even in case of technological migration.

Legal framework applicable to TMD and TMK

eIDAS Regulation and its evolution

The regulatory foundation of TMD and TMK mechanisms is constituted by the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014, known as the eIDAS Regulation. This foundational text establishes the hierarchy of confidence levels (simple, advanced, qualified) and defines the conditions for cross-border recognition of trust services within the European Union.

In 2024, Regulation (EU) 2024/1183 (eIDAS 2.0) substantially revised this framework, introducing notably:

• Mandatory European Digital Identity Wallets (EDIW) for Member States before 2026;

• New categories of trust services, including qualified electronic attestations of attributes;

• Strengthened requirements for QTSPs in terms of cybersecurity (NIS2 alignment).

French Civil Code: articles 1366 and 1367

Under domestic law, articles 1366 and 1367 of the Civil Code (from ordinance No. 2016-131 of 10 February 2016) establish the conditions of evidentiary value of electronic writing. Article 1367 specifies that qualified electronic signature (based on a qualified TMK and QSCD) "creates a simple presumption of reliability". This presumption is rebuttable, but it reverses the burden of proof in favour of the signature beneficiary.

Applicable ETSI standards

The technical specifications of TMD and TMK are standardised by ETSI (European Telecommunications Standards Institute):

• ETSI EN 319 132: advanced electronic signature XAdES;

• ETSI EN 319 122: CAdES signature;

• ETSI EN 319 142: PAdES signature (PDF);

• ETSI EN 319 421: qualified electronic timestamping policy;

• ETSI EN 319 401: general requirements for QTSPs.

GDPR and data protection

The deployment of TMD and TMK involves the processing of personal data (signatory identity, signature metadata). The Regulation (EU) 2016/679 (GDPR) requires:

• An explicit legal basis for processing (contract execution, art. 6.1.b, or legal obligation, art. 6.1.c);

• A processing register documenting data flows towards QTSPs;

• Appropriate contractual clauses if the QTSP is established outside the EU or uses extra-European subprocessors.

NIS2 Directive and cybersecurity of PKI infrastructures

The Directive (EU) 2022/2555 (NIS2), transposed into French law by the Act of 17 April 2024, subjects qualified QTSPs to strengthened obligations in terms of risk management, incident notification (24-hour notification deadline to ANSSI) and periodic audit. For using companies, this translates into an obligation of enhanced due diligence when choosing their trust service provider.

Concrete use case scenarios

Scenario 1: an industrial SME managing 300 supplier contracts per year

An industrial SME employing around one hundred people, specialising in mechanical component manufacturing, manages approximately 300 supplier contracts annually (raw materials purchases, maintenance services, logistical framework contracts). Until then, these documents were transited by post or unsecured email, with average signature delays of 12 to 18 business days.

By deploying a qualified TMD mechanism for contracts valued below €20,000 and a qualified TMK for commitments above or multi-year engagements, the SME reduces its signature delays to 1.8 business days on average, representing a reduction of over 85%. Disputes relating to document integrity contestation, which represented 2 to 3 litigation cases annually, fall to zero over the 18 months following deployment — the legal presumption associated with qualified mechanisms discouraging any attempts at challenge.

Scenario 2: a hospital group of approximately 600 beds

A public hospital group managing several establishments must have several thousand documents signed annually: practitioner contracts, clinical research protocols, agreements with university partners and pharmaceutical laboratories. The health sector imposes specific regulatory constraints (HDS — Health Data Hosting, PGSSI-S).

The group deploys qualified TMK for practitioner signatures (engaging their medical and legal liability) and advanced TMD for certifying patient data flows between establishments. The combination of the two mechanisms reduces printing, scanning and physical archiving costs by €45,000 per year whilst strengthening GDPR and HDS compliance. Compliance audits, formerly requiring 3 weeks of documentary preparation, are reduced to 4 days thanks to automated audit logs.

Scenario 3: an intermediate-sized M&A consulting firm

A firm specialising in M&A accompanying around ten transactions per year must manage letters of intent (LOI), enhanced confidentiality agreements, heads of terms and transfer deeds. Transaction values range between €5M and €80M. The slightest contestation of document authenticity can block a transaction for months.

By contractually imposing qualified TMK for all transaction documents from the due diligence phase onwards, the firm eliminates risks of formal contestation. Foreign counterparties (notably British and American post-Brexit) recognise the evidentiary value of qualified eIDAS signatures within European applicable law clauses. Average documentation closing time falls from 22 days to 8 days, representing a 63% gain in finalisation timelines.

Conclusion

TMD and TMK are not interchangeable: the first certifies data integrity at the organisation scale, the second engages the individual liability of the signatory with the maximum probative force provided for by eIDAS. Understanding this distinction is now a prerequisite for any serious documentary policy in a B2B environment. The choice of the right mechanism depends directly on the level of legal risk of each document type and the applicable sector constraints.

Certyneo accompanies you in implementing a digital trust strategy combining TMD and TMK according to your actual document flows. Our platform handles both mechanisms, integrates eIDAS 2.0 requirements and adapts to your existing IT infrastructure. Request a demonstration or compare our offers on the Certyneo Pricing page — our legal and technical experts are available to freely audit your situation.