Digital Evidence Admissible in Court: The Complete Preparation Checklist
Screenshots, emails, files — how to prepare digital evidence that holds up in court. A practical checklist based on the eIDAS regulation and European legal standards.
Picture this. You walk into court with a printed screenshot. The opposing counsel objects: "There is no proof this image has not been altered." The judge agrees. Your evidence is struck from the record.
This happens far more often than people expect. And most of the time, the problem is not what the evidence shows — it is how it was prepared.
The good news: with a straightforward method applied before any dispute arises, you can build digital evidence that holds up under scrutiny. Here is how.
The legal framework: what the law actually requires
Most legal systems in the EU share a common principle: digital evidence is admissible, but its weight depends on how well its integrity and authenticity can be demonstrated.
The eIDAS regulation (EU No 910/2014) is the cornerstone. It establishes a unified framework for electronic trust services across all EU member states. Key provisions:
- A qualified electronic timestamp benefits from a presumption of accuracy of the date it indicates and of the integrity of the data to which it is bound (Article 41).
- A qualified timestamp cannot be denied legal effect or admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form (Article 41.1).
- EU member states must recognise qualified timestamps issued by trust service providers in any other member state.
While eIDAS provides the European baseline, national laws add further requirements. In France, Article 1366 of the Civil Code requires that the author of an electronic document be identifiable and that the document be created and preserved in conditions guaranteeing its integrity. Similar provisions exist in Germany (ZPO Section 371a), Spain, and most EU jurisdictions.
For businesses operating across borders, the eIDAS framework is particularly valuable: a qualified timestamp obtained in one member state carries the same legal weight throughout the EU.
The 4 pillars of admissible digital evidence
Every action in this checklist serves at least one of these four pillars. Keep them in mind as your guiding principles.
1. Integrity
The document has not been modified since its creation or capture. This is the central pillar. Without provable integrity, everything else collapses.
In practice: a cryptographic hash (SHA-256) computed at the moment of creation allows verification that the file has remained identical, bit for bit.
2. Authenticity
The author or source of the document can be reliably identified. Who created it? From which system? On what occasion?
3. Traceability
The document's history is documented: when it was created, by whom, how it was transmitted, where it was stored.
4. Preservation
The document has been stored reliably, with no risk of alteration, for the entire required duration.
Most digital evidence fails on preservation. The file existed, it was authentic — but nobody can prove it was not tampered with between creation and production in court.
The checklist: prepare your digital evidence before the dispute
At the moment of document creation
- Keep the original file in its native format (PDF, DOCX, EML, PNG...). Avoid unnecessary conversions.
- Compute and record the SHA-256 hash of the file as soon as it is created. This fingerprint proves integrity.
- Timestamp the file using a certified timestamping service. A qualified eIDAS timestamp offers the strongest legal protection.
- Document the context: who created the file, why, under what circumstances. A file without context loses its weight.
- Preserve the metadata: creation date, author, software used. Do not strip them out.
For communications (emails, messages, conversations)
- Export in raw format: EML files for emails (not a screenshot of your inbox), native export for messaging platforms.
- Include full technical headers for emails. They contain routing and authentication information.
- Timestamp the export immediately after creating it.
- Capture the complete thread, not an isolated message. The context of an exchange strengthens credibility.
For online content (websites, social media)
- Use a certified capture tool that automatically timestamps and hashes the page. In some jurisdictions, a notarised digital capture (by a bailiff or notary) carries the most weight.
- Capture the full URL, the date, and the visible content. A partial capture can be challenged.
- Archive the page source code in addition to the visual capture.
- Act quickly — online content can disappear or be modified at any time.
For preservation
- Store on a non-rewritable medium or a system guaranteeing integrity (WORM storage, blockchain, digital vault).
- Maintain at least two copies on separate media. Hard drives fail.
- Periodically verify integrity: recompute the hash and compare it to the original.
- Document the chain of custody: who accessed the file, when, from where.
- Retain beyond the applicable limitation period (varies by jurisdiction — 3 to 10 years is typical across EU member states).
What weakens (or destroys) digital evidence
These are the most common mistakes — and the ones opposing counsel will exploit every time.
Do not:
- Print a screenshot as your only evidence. No integrity guarantee, no usable metadata.
- Modify the file after timestamping it, even "just to fix a typo". The hash changes. The proof is invalidated.
- Store your evidence only on a cloud service without integrity guarantees. A file on Google Drive has no inherent probative value.
- Wait until the dispute to gather your evidence. Files assembled after the fact are immediately suspect.
- Delete a file's metadata "to keep things tidy". Metadata is evidence.
Do:
- Timestamp at creation, not after.
- Keep all intermediate versions if the document has evolved.
- Build a structured evidence file: document + hash + timestamp certificate + context note.
- Treat every potentially relevant document as evidence, even when no dispute is on the horizon.
Every time you create, send, or receive a document that could have legal value: timestamp it immediately. The cost is negligible. The value in a dispute is considerable.
Simple vs. qualified timestamps: what difference does it make?
Not all timestamps carry the same weight in court.
| Criterion | Simple timestamp | Qualified eIDAS timestamp |
|---|---|---|
| Legal value | Evidence, freely assessed by the judge | Presumption of date accuracy and data integrity |
| Can it be refused as evidence in the EU? | Yes, at the judge's discretion | No (Article 41.2 of the eIDAS regulation) |
| Issued by | Any timestamping service | A qualified trust service provider |
| Cost | Often free or low | Variable, but accessible |
For high-stakes evidence (intellectual property, major contracts, commercial disputes), a qualified timestamp is the safest choice.
Practical example: building an evidence file
Suppose you are a freelance designer. A client uses your mockup without paying.
A solid evidence file looks like this:
- The original PSD file, with its creation metadata intact.
- The SHA-256 hash of the file, computed on the day of delivery.
- The timestamp certificate (ideally qualified eIDAS) proving the file existed at that date.
- The delivery email exported in EML format, with full headers, also timestamped.
- A context note: client name, quote reference, order date, deliverable description.
This file satisfies all four pillars: integrity (hash + timestamp), authenticity (metadata + email), traceability (documented chain), preservation (files kept in their original format).
