← Back to blog
    Gids

    Digital registered delivery: the complete guide for law firms 2026

    A complete practical guide to digital registered delivery for law firms: the legal framework (GDPR and rules of evidence), seven must-haves and a platform selection checklist.

    TransferGuard redactieJuridisch & Compliance9 min

    In 2026, sending documents by digital registered delivery is no longer an experiment for law firms but the standard. This guide explains what it is, which legal frameworks apply, and what to look for when choosing a platform.

    What is digital registered delivery?

    By digital registered delivery we mean the electronic transfer of a document or case file in which, just as with the classic registered letter, verifiable evidence is created of dispatch, receipt and integrity. Unlike an ordinary email or a shared WeTransfer link, every event is captured in a verifiable audit trail.

    In practice this evidence consists of three elements that must be verifiable independently of one another: an independent verified timestamp, a SHA-256 hash of the exact file at the moment of dispatch, and a verified receipt confirmation linked to a verified identity of the recipient.

    Legal framework: eIDAS and the GDPR

    Two European regulations determine what is legally admissible. The eIDAS Regulation (EU) 910/2014 (revised in 2024 as eIDAS 2.0) governs electronic identification and trust services, including qualified electronic timestamps (Art. 42) and electronic registered delivery services (ERDS). Article 41(2) provides that a qualified timestamp enjoys the presumption of accuracy of the indicated date and time; Article 43 states that an electronic registered delivery may not be refused as evidence on the ground that it is in electronic form.

    The GDPR (Regulation 2016/679) additionally requires, under Article 5(1)(f), the integrity and confidentiality of personal data, and under Article 32 the application of appropriate technical measures. For legal case files this means at a minimum end-to-end encryption, access logging and a verifiable chain of processors.

    Qualified versus non-qualified

    Within ERDS there is a distinction between qualified electronic registered deliveries (QERDS) and non-qualified variants. A QERDS enjoys a legal presumption of integrity and dispatch; with other services you provide that evidence yourself in proceedings. That may sound like a drawback, but in practice it is a question about the quality of your evidence file. The TransferGuard certificate contains that evidence ready-made: timestamp, SHA-256 hash, verified identity and the complete chain of events in a single PDF the court can verify independently. Only where legislation explicitly prescribes a QERDS or formal service of process is additional provision required.

    Seven must-have features for law firms

    Not every "secure file service" meets the requirements of legal practice. A platform suitable for lawyers, notaries and legal service providers must satisfy these seven points.

    • EU-only infrastructure. Servers, encryption keys and processing entirely within the European Economic Area. This rules out issues around the US CLOUD Act and Schrems II.
    • AES-256 encryption with verification-gated decryption. Files are encrypted client-side; decryption keys are only released to verified recipients after delivery confirmation.
    • Independent verified timestamp. Provided by an external timestamping authority, not by an internal server clock, so the moment of dispatch is objectively established. A qualified timestamp from a QTSP goes further still, but is not required for most case files.
    • SHA-256 or stronger. File hash before and after dispatch so that tampering is demonstrably ruled out.
    • Identity verification of the recipient. For sensitive case files at least two-factor, preferably biometric verification of a valid ID document.
    • Verifiable audit trail. A PDF/A report with a SHA-256 integrity check and an independent verified timestamp that is independently verifiable, even after cancellation of the subscription.
    • Data Processing Agreement (DPA) (GDPR Art. 28). Available as standard without bespoke negotiation.

    Comparison: traditional post versus digital

    The classic registered letter provides evidence of presentation but not of content. A digital registered delivery provides both. With PostNL registered post a single item quickly costs €9 to €11; with a digital service the price moves around €0.50 to €2 per item at volume. More important than the price, however, is the evidential weight: digitally you know which exact document was delivered, not merely that an envelope was presented.

    You will find an extensive comparison in the article The difference between registered post and digital registered delivery.

    Practical example: serving a formal demand

    A mid-sized firm had to serve a formal demand in a dispute concerning the termination of a lease agreement on a counterparty residing in Germany. The paper route via a bailiff would take at least five working days and cost around €185. Via a digital registered delivery service the same document was delivered within two hours, with verified receipt, an independent verified timestamp and a SHA-256 hash. The audit report was accepted in full by the court of first instance.

    We discuss comparable cases involving writs of summons in the article Sending a writ of summons digitally: step-by-step plan with strong evidence.

    Checklist for selecting a platform

    Use the points below as a minimum list when assessing a provider. A yes on all seven means the platform is suitable for case files in which evidential burden and compliance both come into play.

    • Does the provider store data exclusively within the EU?
    • Is every delivery given an independent verified timestamp from an external timestamping authority?
    • Is file integrity secured with SHA-256 or stronger?
    • Is identity verification of the recipient configurable?
    • Is there an independently verifiable audit report?
    • Does the provider use ISO 27001-certified infrastructure?
    • Is a Data Processing Agreement available as standard?

    TransferGuard answers all seven points with yes. That is no coincidence: the platform was built from the first line of code around the evidence and compliance requirements of legal practice.

    How TransferGuard helps

    TransferGuard is designed specifically for legal professionals. Our infrastructure uses an independent timestamping authority. Every delivery generates a verifiable PDF audit report with a SHA-256 integrity check and an independent verified timestamp, IP address, device details and, optionally, biometric identity verification of the recipient with a passport or ID card and a live selfie. Everything runs on 100% EU infrastructure (Frankfurt) on ISO 27001-certified infrastructure. View the full feature list on the Certified Delivery features page or compare the rates on the pricing page.

    Ready to send certified?

    Certified Delivery from €49/mo excl. VAT. Verified Identity from €79/mo. Cancel monthly.

    Get started

    Read next