TMD vs TMK: legal and practical differences

Introduction: why distinguish between TMD and TMK?

In the European digital trust ecosystem, the concepts of Trustmark de Données (TMD) and Trustmark de Clés (TMK) — respectively designating trust-marking mechanisms for electronic data and for cryptographic key infrastructures — often cause confusion among legal practitioners and IT managers. Yet their legal regimes, technical scopes and practical implications differ fundamentally. This article demystifies these two mechanisms, presents their respective regulatory framework and guides B2B organizations in choosing the most suitable option for their document flows.

---

What is TMD (Data Trustmark)?

The TMD, or trust-marking mechanism applied to data, designates a set of procedures and cryptographic attributes allowing certification of the integrity and authenticity of a dataset or electronic document. It relies primarily on qualified electronic seal mechanisms as defined in the eIDAS regulation.

Technical foundations of TMD

Technically, a TMD relies on:

• A hash function (SHA-256, SHA-3) applied to the source data, generating a unique digital fingerprint;

• A digital certificate issued by a Qualified Trust Service Provider (QTSP), guaranteeing the identity of the issuing entity;

• A qualified electronic timestamp compliant with ETSI EN 319 421 standard, providing temporally binding proof.

These three elements combined give TMD a high evidential value, comparable to that of an authentic deed in many EU Member States. To learn more about the legal value of timestamped documents, consult our complete guide to electronic signature.

Privileged domains of application for TMD

TMD is particularly suited to contexts where the organization needs to certify the integrity of large volumes of data without requiring the active intervention of an identified natural person. It is found notably in:

• Certification of accounting and financial flows (audit journals, general balances);

• Legal preservation of digital evidence (probative archiving compliant with NF Z 42-013);

• EDI exchanges between commercial partners in supply chains.

---

What is TMK (Key Trustmark)?

TMK, or trust-marking mechanism focused on cryptographic keys, operates along different lines: it certifies not the data itself, but the public key infrastructures (PKI) and signature creation devices used by signatories. It is intimately linked to the notions of Qualified Signature Creation Device (QSCD) defined in Annex II of the eIDAS regulation.

Cryptographic architecture of TMK

A TMK involves:

• An HSM module (Hardware Security Module) certified CC EAL 4+ or FIPS 140-2 level 3, guaranteeing that private keys never leave the secure device;

• A documented certification policy (CPS – Certification Practice Statement) published by the QTSP;

• Mechanisms for real-time revocation via OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List).

The robustness of TMK therefore relies on the physical and logical security of key generation and storage devices. To understand how these requirements align with the broader regulatory framework, our guide to eIDAS 2.0 regulation is an essential reference.

Privileged domains of application for TMK

TMK is essential in scenarios where the legal responsibility of an identified natural person must be engaged with certainty:

• Signature of contracts with high legal value (business fund sales, commercial leases, dematerialized notarial deeds);

• Strong authentication processes in administration-business portals (customs APIs, Chorus Pro platforms);

• Validation of payment orders in financial institutions subject to DSP2.

---

Legal comparison: TMD vs TMK

The most structuring distinction between TMD and TMK lies in their legal attachment within the eIDAS regulation (No. 910/2014) and its successor eIDAS 2.0 (EU regulation 2024/1183).

Liability regime

| Criterion | TMD | TMK | |---|---|---| | Responsible entity | Legal entity (organization) | Identified natural or legal person | | Level of trust | Advanced or qualified (seal) | Qualified (qualified electronic signature) | | Legal presumption | Data integrity | Signatory consent and identity | | Cross-border scope | Automatic EU recognition | Automatic EU recognition (art. 25 eIDAS) |

TMD engages the liability of the issuing entity: if the integrity of the certified data is compromised, the organization must answer for it. TMK, conversely, engages the individual liability of the key holder — making it the indispensable tool for any deed where personal will must be proven without ambiguity.

Evidential force before French courts

Under French law, article 1366 of the Civil Code states that "electronic writing has the same probative force as writing on paper, provided that the person from whom it emanates can be duly identified and that it is drawn up and preserved under conditions of a nature to guarantee its integrity". This wording covers both mechanisms, but with important nuances:

• A document protected by a qualified TMD benefits from a presumption of integrity reversing the burden of proof;

• A document signed via a qualified TMK benefits, moreover, from a presumption of imputability — the signatory must themselves prove they did not sign, which is extremely difficult.

This probatoric asymmetry explains why legal practitioners and law firms using electronic signature favor TMK for deeds subject to legal form requirements.

Interoperability and mutual recognition

eIDAS 2.0 strengthens interoperability via European Digital Identity Wallets (EDIW), which will natively integrate TMK mechanisms for citizens and professionals. TMDs, meanwhile, rely more heavily on national trust lists (Trusted Lists) published by each Member State. France publishes its own via ANSSI, and every qualified QTSP is referenced there. For a comparative analysis of market solutions, our comparative guide to electronic signature solutions will give you concrete decision-making elements.

---

Practical implications for B2B enterprises

Choosing between TMD and TMK according to document type

The golden rule is simple: the legal risk level of the document dictates the mechanism to deploy.

• Moderate-risk documents (purchase orders, quotes, T&Cs, standard confidentiality agreements NDA): an advanced TMD seal is generally sufficient. It provides robust data protection integrity without the added cost of QSCD qualification.

• High-risk documents (employment contracts, mandates, deed of sale, financial commitments exceeding €50,000): qualified TMK is recommended, even mandatory in certain regulated sectors (banking, insurance, health).

For HR teams managing large volumes of employment contracts, our electronic signature solution for HR natively integrates a trust level adapted to each document type.

Costs and deployment timeframes

TMD is generally less costly to deploy as it does not require strong identification processes (KYC/AML) for each signatory. Its integration via API into a document management system (DMS) or ERP typically takes 2 to 6 weeks depending on IT environment complexity.

TMK, due to QSCD requirements and identity verification process, implies an onboarding period of 3 to 10 business days per signatory. For organizations managing numerous external partners, this can represent a friction factor to anticipate in change management.

Archiving and retention

Regardless of the mechanism chosen, any organization subject to French law must respect legal retention periods: 10 years for commercial contracts (article L. 110-4 of the Commercial Code), 5 years for associated personal data (GDPR art. 5). A probative archiving system compliant with NF Z 42-013 standard ensures that the legal value of TMD or TMK is preserved over time, even in case of technological migration.

Legal framework applicable to TMD and TMK

eIDAS Regulation and its evolution

The regulatory foundation of TMD and TMK mechanisms is constituted by the regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014, known as the eIDAS regulation. This foundational text establishes the hierarchy of trust levels (simple, advanced, qualified) and defines conditions for cross-border recognition of trust services within the European Union.

In 2024, the regulation (EU) 2024/1183 (eIDAS 2.0) substantially revised this framework, introducing notably:

• European Digital Identity Wallets (EDIW) mandatory for Member States before 2026;

• New categories of trust services, including qualified electronic attestations of attributes;

• Strengthened requirements for QTSPs in terms of cybersecurity (NIS2 alignment).

French Civil Code: articles 1366 and 1367

Under domestic law, articles 1366 and 1367 of the Civil Code (arising from ordinance No. 2016-131 of 10 February 2016) establish the conditions of probative value of electronic writing. Article 1367 specifies that qualified electronic signature (based on qualified TMK and QSCD) "creates a simple presumption of reliability". This presumption is rebuttable, but reverses the burden of proof in favor of the signature beneficiary.

Applicable ETSI standards

The technical specifications of TMD and TMK are standardized by ETSI (European Telecommunications Standards Institute):

• ETSI EN 319 132: advanced electronic signature XAdES;

• ETSI EN 319 122: CAdES signature;

• ETSI EN 319 142: PAdES signature (PDF);

• ETSI EN 319 421: qualified electronic timestamp policy;

• ETSI EN 319 401: general requirements for QTSPs.

GDPR and data protection

The deployment of TMD and TMK involves processing of personal data (signatory identity, signature metadata). The regulation (EU) 2016/679 (GDPR) requires:

• An explicit legal basis for processing (contract performance, art. 6.1.b, or legal obligation, art. 6.1.c);

• A processing register documenting data flows to QTSPs;

• Contractual clauses adapted if the QTSP is established outside the EU or uses extra-European subprocessors.

NIS2 Directive and cybersecurity of PKI infrastructures

The directive (EU) 2022/2555 (NIS2), transposed into French law by the Act of 17 April 2024, subjects qualified QTSPs to strengthened obligations for risk management, incident notification (24-hour notification deadline to ANSSI) and periodic audit. For using enterprises, this translates to an obligation of increased due diligence when selecting their trust service provider.

Concrete use scenarios

Scenario 1: an industrial SME managing 300 supplier contracts per year

An industrial SME with around one hundred employees, specialized in mechanical component manufacturing, annually manages approximately 300 supplier contracts (purchases of raw materials, maintenance services, logistics framework agreements). Until now, these documents transited by postal mail or unsecured email, with average signature delays of 12 to 18 business days.

By deploying a qualified TMD mechanism for contracts under €20,000 and qualified TMK for commitments exceeding this or multi-year agreements, the SME reduces signature delays to 1.8 business days on average, a reduction of over 85%. Disputes related to document integrity contestation, which represented 2 to 3 legal files per year, drop to zero over the 18 months following deployment — the legal presumption associated with qualified mechanisms dissuading attempts to challenge.

Scenario 2: a hospital group of approximately 600 beds

A public hospital group managing several facilities must have thousands of documents signed annually: contracts with hospital practitioners, clinical research protocols, agreements with university partners and pharmaceutical laboratories. The health sector imposes specific regulatory constraints (HDS — Health Data Hosting, PGSSI-S).

The group deploys qualified TMK for practitioner signatures (engaging their medical and legal responsibility) and advanced TMD for certifying patient data flows between facilities. The combination of both mechanisms reduces printing, scanning and physical archiving costs by €45,000 per year while strengthening GDPR and HDS compliance. Compliance audits, previously requiring 3 weeks of documentary preparation, reduce to 4 days thanks to automated audit logs.

Scenario 3: an intermediate-sized M&A consulting firm

A firm specializing in M&A accompanying ten transactions per year must manage letters of intent (LOI), reinforced confidentiality agreements, agreement protocols and deeds of sale. Transaction values range between €5M and €80M. The slightest dispute over document authenticity can block a transaction for months.

By contractually requiring the use of qualified TMK for all transaction documents from the due diligence phase onward, the firm eliminates risks of formal contestation. Foreign counterparties (particularly British and American post-Brexit) recognize the probative value of eIDAS qualified signatures under clauses of applicable European law. Average document closing time drops from 22 days to 8 days, a gain of 63% in closing timeframes.

Conclusion

TMD and TMK are not interchangeable: the first certifies data integrity at the organization scale, the second engages the individual responsibility of the signatory with maximum probative force provided by eIDAS. Understanding this distinction is now a prerequisite for any serious documentary policy in B2B environment. The choice of the right mechanism depends directly on the level of legal risk of each document type and applicable sector constraints.

Certyneo accompanies you in implementing a digital trust strategy combining TMD and TMK according to your actual document flows. Our platform supports both mechanisms, integrates eIDAS 2.0 requirements and adapts to your existing IT environment. Request a demonstration or compare our offers on the Certyneo Pricing page — our legal and technical experts are available to audit your situation free of charge.