TMD vs TMK: Legal and Practical Differences

Introduction: Why Distinguish TMD and TMK?

In the European digital trust ecosystem, the notions of Trustmark for Data (TMD) and Trustmark for Keys (TMK) — respectively designating trust marking mechanisms for electronic data and for cryptographic key infrastructures — often create confusion among legal practitioners and IT managers. Yet their legal frameworks, technical scopes, and practical implications differ fundamentally. This article demystifies these two mechanisms, presents their respective regulatory framework, and guides B2B organizations in choosing the most appropriate solution for their document flows.

---

What is TMD (Trustmark for Data)?

TMD, or trust marking mechanism applied to data, designates a set of procedures and cryptographic attributes allowing certification of the integrity and authenticity of a data set or electronic document. It relies primarily on qualified electronic seal mechanisms (qualified electronic seal) within the meaning of the eIDAS regulation.

Technical Foundations of TMD

Technically, a TMD relies on:

• A hash function (SHA-256, SHA-3) applied to source data, generating a unique digital fingerprint;

• A digital certificate issued by a Qualified Trust Service Provider (QTSP), guaranteeing the identity of the issuing entity;

• A qualified electronic timestamp compliant with ETSI EN 319 421 standard, providing temporally binding proof.

These three combined elements give TMD high probative value, comparable to that of an authentic deed in many EU Member States. To learn more about the legal value of timestamped documents, consult our comprehensive electronic signature guide.

Privileged Application Domains of TMD

TMD is particularly suited to contexts where the organization needs to certify the integrity of large data volumes without requiring active intervention by an identified natural person. It is found notably in:

• Certification of accounting and financial flows (audit logs, general ledgers);

• Legal preservation of digital evidence (compliant evidentiary archiving per NF Z 42-013);

• EDI exchanges between commercial partners in supply chains.

---

What is TMK (Trustmark for Keys)?

TMK, or trust marking mechanism centered on cryptographic keys, follows a different logic: it certifies not the data itself, but the public key infrastructures (PKI) and signature creation devices used by signatories. It is intimately linked to the notions of Qualified Signature Creation Device (QSCD) defined in Annex II of the eIDAS regulation.

Cryptographic Architecture of TMK

A TMK involves:

• An HSM module (Hardware Security Module) certified CC EAL 4+ or FIPS 140-2 level 3, ensuring that private keys never leave the secure device;

• A documented certification policy (CPS – Certification Practice Statement) published by the QTSP;

• Real-time revocation mechanisms via OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List).

The strength of TMK thus rests on the physical and logical security of key generation and storage devices. To understand how these requirements align with the broader regulatory framework, our guide on eIDAS 2.0 regulation is an essential reference.

Privileged Application Domains of TMK

TMK is essential in scenarios where the legal responsibility of an identified natural person must be engaged with certainty:

• Signature of high-value legal contracts (business fund transfers, commercial leases, dematerialized notarial deeds);

• Strong authentication processes in government-business portals (customs APIs, Chorus Pro platforms);

• Validation of payment orders in financial institutions subject to PSD2.

---

Legal Comparison: TMD vs TMK

The most structuring distinction between TMD and TMK lies in their legal attachment within the eIDAS regulation (No. 910/2014) and its successor eIDAS 2.0 (EU Regulation 2024/1183).

Liability Regime

| Criterion | TMD | TMK | |---|---|---| | Responsible Entity | Legal Entity (organization) | Identified Natural or Legal Person | | Trust Level | Advanced or Qualified (seal) | Qualified (Electronic Signature) | | Legal Presumption | Data Integrity | Signatory Consent and Identity | | Cross-Border Scope | Automatic EU Recognition | Automatic EU Recognition (art. 25 eIDAS) |

TMD engages the liability of the issuing entity: if the integrity of certified data is compromised, it is the organization that must answer for it. TMK, conversely, engages the individual liability of the key holder — making it the essential tool for any act where personal intent must be proven unambiguously.

Probative Force Before French Courts

In French law, Article 1366 of the Civil Code states that "electronic writing has the same evidentiary force as writing on paper support, provided that the person from whom it originates can be duly identified and that it is established and preserved under conditions such as to guarantee its integrity." This wording covers both mechanisms, but with important nuances:

• A document protected by a qualified TMD benefits from a presumption of integrity that reverses the burden of proof;

• A document signed via a qualified TMK benefits, moreover, from a presumption of imputability — the signatory must himself prove that he did not sign, which is extremely difficult.

This probative asymmetry explains why legal practitioners and law firms resorting to electronic signature favor TMK for acts subject to a legal form condition.

Interoperability and Mutual Recognition

eIDAS 2.0 strengthens interoperability via European Digital Identity Wallets (EDIW), which will natively integrate TMK mechanisms for citizens and professionals. TMD, meanwhile, relies more on national trust lists (Trusted Lists) published by each Member State. France publishes its own via ANSSI, and any qualified QTSP is listed there. For a comparative analysis of market solutions, our comparison of electronic signature solutions will give you concrete decision-making elements.

---

Practical Implications for B2B Companies

Choosing Between TMD and TMK According to Document Type

The golden rule is simple: the legal risk level of the document dictates the mechanism to deploy.

• Moderate-risk documents (purchase orders, quotes, T&Cs, standard confidentiality agreements NDAs): an advanced TMD seal generally suffices. It offers robust protection of integrity without the added cost related to QSCD qualification.

• High-risk documents (employment contracts, mandates, transfer deeds, financial commitments exceeding €50,000): qualified TMK is recommended, even mandatory in certain regulated sectors (banking, insurance, healthcare).

For HR teams managing large volumes of employment contracts, our electronic signature solution for HR natively integrates a trust level adapted to each document type.

Costs and Deployment Timelines

TMD is generally less costly to deploy since it does not require strong identification processes (KYC/AML) for each signatory. Its integration via API into a document management system (DMS) or ERP takes on average 2 to 6 weeks depending on IT environment complexity.

TMK, due to QSCD requirements and signatory identity verification processes, involves an onboarding time of 3 to 10 business days per signatory. For organizations managing many external partners, this can represent a friction factor to anticipate in change management.

Archiving and Retention

Regardless of the chosen mechanism, any organization subject to French law must comply with legal retention periods: 10 years for commercial contracts (Article L. 110-4 of the Commercial Code), 5 years for associated personal data (GDPR art. 5). A compliant evidentiary archiving system per NF Z 42-013 standard ensures that the legal value of TMD or TMK is preserved over time, even in case of technological migration.

Legal Framework Applicable to TMD and TMK

eIDAS Regulation and Its Evolution

The regulatory foundation for TMD and TMK mechanisms is constituted by the Regulation (EU) No. 910/2014 of the European Parliament and the Council of July 23, 2014, known as the eIDAS regulation. This founding text establishes the hierarchy of trust levels (simple, advanced, qualified) and defines conditions for cross-border recognition of trust services within the European Union.

In 2024, Regulation (EU) 2024/1183 (eIDAS 2.0) substantially revised this framework, introducing notably:

• European Digital Identity Wallets (EDIW) mandatory for Member States by 2026;

• New categories of trust services, including qualified electronic attestations of attributes;

• Enhanced requirements for QTSPs regarding cybersecurity (NIS2 alignment).

French Civil Code: Articles 1366 and 1367

In domestic law, Articles 1366 and 1367 of the Civil Code (stemming from Ordinance No. 2016-131 of February 10, 2016) establish conditions for the probative value of electronic writing. Article 1367 specifies that qualified electronic signature (relying on a qualified TMK and QSCD) "creates a simple presumption of reliability." This presumption is rebuttable, but it reverses the burden of proof in favor of the signature beneficiary.

Applicable ETSI Standards

The technical specifications of TMD and TMK are standardized by ETSI (European Telecommunications Standards Institute):

• ETSI EN 319 132: advanced electronic signature XAdES;

• ETSI EN 319 122: CAdES signature;

• ETSI EN 319 142: PAdES signature (PDF);

• ETSI EN 319 421: qualified electronic timestamp policy;

• ETSI EN 319 401: general requirements for QTSPs.

GDPR and Data Protection

The deployment of TMD and TMK involves processing of personal data (signatory identity, signature metadata). Regulation (EU) 2016/679 (GDPR) requires:

• An explicit legal basis for processing (contract performance, art. 6.1.b, or legal obligation, art. 6.1.c);

• A processing register documenting data flows to QTSPs;

• Contractual clauses adapted if the QTSP is established outside the EU or uses extra-European subprocessors.

NIS2 Directive and Cybersecurity of PKI Infrastructures

The Directive (EU) 2022/2555 (NIS2), transposed into French law by the April 17, 2024 law, subjects qualified QTSPs to enhanced obligations regarding cyber risk management, incident notification (24-hour notification timeline to ANSSI) and periodic audits. For user organizations, this translates into enhanced due diligence obligations when choosing their trust service provider.

Concrete Use Scenarios

Scenario 1: A Mid-Size Industrial SME Managing 300 Supplier Contracts Annually

A mid-size industrial SME with approximately one hundred employees, specialized in mechanical component manufacturing, manages annually about 300 supplier contracts (raw materials purchases, maintenance services, logistics framework agreements). Previously, these documents transited via postal mail or unsecured email, with average signature timelines of 12 to 18 business days.

By deploying a qualified TMD mechanism for contracts valued below €20,000 and a qualified TMK for commitments exceeding this amount or multi-year agreements, the SME reduces signature timelines to an average of 1.8 business days, representing a reduction of over 85%. Disputes related to document integrity contestation, which represented 2 to 3 litigation files annually, fall to zero over the 18 months following deployment — the legal presumption associated with qualified mechanisms discouraging contestation attempts.

Scenario 2: A Hospital Group of Approximately 600 Beds

A public hospital group managing multiple facilities must have several thousand documents signed annually: contracts for hospital practitioners, clinical research protocols, conventions with academic partners and pharmaceutical laboratories. The healthcare sector imposes specific regulatory constraints (HDS — Healthcare Data Hosting, PGSSI-S).

The hospital group deploys qualified TMK for practitioner signatures (engaging their medical and legal responsibility) and advanced TMD for certifying patient data flows between facilities. The combination of both mechanisms reduces costs of printing, scanning, and physical archiving by €45,000 annually while strengthening GDPR and HDS compliance. Compliance audits, previously requiring 3 weeks of document preparation, are reduced to 4 days thanks to automated audit logs.

Scenario 3: A Mid-Size Merger and Acquisition Consulting Firm

A firm specialized in M&A accompanying approximately ten operations annually must manage letters of intent (LOI), enhanced confidentiality agreements, agreements in principle, and transfer deeds. Transaction values range between €5 million and €80 million. The slightest contestation regarding document authenticity can block a transaction for months.

By contractually requiring recourse to qualified TMK for all transaction documents from the due diligence phase, the firm eliminates risks of formal contestation. Foreign counterparties (particularly British and American post-Brexit) recognize the probative value of qualified eIDAS signatures under European governing law clauses. Average closing document time moves from 22 days to 8 days, representing a gain of 63% on finalization timelines.

Conclusion

TMD and TMK are not interchangeable: the first certifies data integrity at the organizational level, the second engages individual signatory responsibility with maximum probative force provided by eIDAS. Understanding this distinction is now a prerequisite for any serious document policy in B2B environments. The choice of the right mechanism depends directly on the legal risk level of each document type and applicable sector constraints.

Certyneo accompanies you in implementing a digital trust strategy combining TMD and TMK according to your actual document flows. Our platform supports both mechanisms, integrates eIDAS 2.0 requirements, and adapts to your existing IS. Request a demonstration or compare our offerings on the Certyneo Pricing page — our legal and technical experts are available to audit your situation free of charge.