← Back to blog
    Bewijslast

    Burden of proof in digital case files: how to strongly substantiate your transfers?

    Four pillars of a strongly substantiated evidence file in digital transfers: timestamp, identity, integrity and audit trail. With a case from legal practice.

    TransferGuard redactieJuridisch & Compliance8 min

    In digital case files the burden of proof almost always rests with the sender. Whoever sends something must be able to demonstrate what was sent, when, and to whom. This guide describes the four pillars that strongly substantiate your transfers.

    The rule: the burden of proof lies with the sender

    In both civil proceedings (article 150 of the Dutch Code of Civil Procedure (Rv)) and administrative disputes the same principle is consistently confirmed: whoever invokes an event bears the burden of proving it. For transfers this means that the firm must demonstrate that a document was sent, at what moment, and that the other party received it in the same form. "I emailed it" is no evidence in this context.

    The four pillars of a strongly substantiated evidence file

    A transfer forms a strongly substantiated evidence file when the four elements below are independently verifiable. For each element the point is that a third party (a judge, a disciplinary board, an authority) can verify the authenticity without relying on your own records.

    1. Timestamp from an independent source

    An independent verified timestamp issued by an independent timestamp authority (TSA) has evidential value where a server-clock stamp does not. The TSA is independent of the sender and the provider, and its timestamps are cryptographically signed. This proves that an independent third party recorded the exact moment in time, a strong fact that holds up in court.

    2. Identity of the recipient

    A download via an unknown link proves nothing about who downloaded it. Ideally the identity is verified at multiple levels: email confirmation (low), SMS-OTP (medium), or biometric ID verification with a passport and live selfie (high). Which level is appropriate depends on the nature of the document. TransferGuard offers all three levels in one service: from an email code with Certified Delivery to a full biometric ID check with Verified Identity. You choose the level per transfer, and the chosen level is stated on the certificate.

    3. Integrity of the document

    A cryptographic hash (in 2026 at least SHA-256) proves that the document was not altered between sending and receipt. By recording the hash both at the sender and in the audit report, a judge can independently verify that the document submitted in the proceedings is identical to the one sent at the time.

    4. Audit trail

    The chain of events around a transfer must be independently verifiable: creation of the transfer, sending, any attempts to open it, successful download and identity verification. The transfer report should preferably take the form of a verifiable PDF audit report with a SHA-256 integrity check and an independent verified timestamp, so that it remains valid with the provider even after the subscription is cancelled.

    What does a court accept?

    In recent years the Dutch Supreme Court has issued a number of guiding rulings on digital evidence. Three principles recur consistently.

    • Free assessment of evidence. A judge is in principle free in the assessment of evidence. A solid audit report from a reputable provider carries considerably more weight than a raw email header.
    • Authenticity and integrity. The judge assesses whether the piece of evidence is authentic (originating from the stated source) and intact (unaltered). An independent verified timestamp plus hash meets both requirements and provides strong evidence that the judge assesses on its evidential value (article 152 Rv).
    • Counter-evidence. When the evidence supplied by the sender forms a verifiable audit trail, in practice the burden of proof shifts to the other party to make plausible that something is wrong. A good audit report thus effectively reverses the evidential position.

    A case from practice

    In an eviction procedure a tenant disputed having received the formal notice from his landlord. The landlord had sent the document via a certified digital registered service. The audit report showed: the transfer was created at 14:21 on a Tuesday and provided with an independent verified timestamp, the tenant had opened the link at 18:47 the same day from a mobile device in Rotterdam, the SHA-256 hash of the downloaded document was identical to the hash of the copy retained by the landlord, and the download was followed by an SMS confirmation to the tenant's phone number known to the landlord. The subdistrict court ruled that receipt was legally established and the procedure subsequently proceeded in the landlord's favour.

    What was the opposing party missing?

    The tenant could provide no technical evidence that the audit report was unreliable. A general denial ("I didn't see that") is insufficient against this type of evidence. The cryptographic chain cannot realistically be refuted in practice without verifiable counter-evidence.

    Practical recommendations

    If you want to organise your transfers so that they hold up fully in the event of a dispute, follow the approach below.

    • Send all legally relevant documents via one channel with consistent evidence capture, not via a mix of email, WeTransfer and postal mail. One method means one evidence format your whole firm recognises.
    • Keep the audit report in PDF/A alongside the original file, for at least 5 years (longer where the Dutch Anti-Money Laundering Act (Wwft) or an archiving obligation applies). The TransferGuard certificate remains valid after cancellation: the hash and timestamp can be checked with standard tools.
    • Activate identity verification for all sensitive transfers. With TransferGuard that is a single switch when sending. The extra step for the recipient is negligible compared with the shift in the evidential position.
    • Explicitly document the chosen evidence category in your file ("sent via TransferGuard Verified Identity, certificate appendix X").

    How TransferGuard helps

    TransferGuard's verifiable PDF audit report contains all four pillars in a single PDF/A document: an independent verified timestamp, a SHA-256 hash, proof of the recipient's identity (depending on the chosen level) and a chronological audit trail. The report is independently verifiable (the SHA-256 hash and the timestamp can be checked with standard tools) and remains valid even when the TransferGuard subscription is cancelled. Read our guide on sending digital registered mail or view the complete features page.

    Ready to send certified?

    Certified Delivery from €49/mo excl. VAT. Verified Identity from €79/mo. Cancel monthly.

    Get started

    Read next