You know they are wrong. But without an external dated record, it is your word against theirs.
Eight months after an order, a customer says your terms and conditions were not what they are now when they clicked. They are wrong. You know it. The real issue is the evidence. What can you really show beyond a copy on a machine you control?
A PDF on your hard drive carries little weight against a motivated lawyer. You control the machine; you can rewrite the date. Not necessarily true, but enough to sow doubt. And doubt, in a dispute, has a cost.
The problem is not bad faith. It is that you probably never archived your terms when they changed, because at the time it felt fine and nobody was asking.
What online commerce makes awkward
The contract is formed at acceptance of the terms. Not at delivery, not at the invoice. At the click.
For online contracts over €120, the law already requires something many overlook: you must archive the contract for ten years from delivery and let the customer access it on request. Not a best practice. An obligation.
So the question is not “do I archive?” but “does what I archive hold up against someone who disputes it?”
A copy on your server is under your control. Your opponent can lean on that. What is much harder to attack is a record anchored at a specific date on a ledger you do not run yourself.
That is the idea behind digital timestamping: you take a cryptographic fingerprint of your document (a hash), you anchor it on a public ledger at a given time. Nobody can rewrite history afterward. The fingerprint shows that file existed in that form at that moment.
Bear in mind: it does not do everything. Real protection in e-commerce combines two things: storing the accepted version in your order system at click time, and an external record that certifies the date. One without the other leaves blind spots.
The Paris Court of Appeal said so clearly in January 2021 in a case between Tripadvisor and Viaticum. Tripadvisor wanted to enforce its jurisdiction clause (Massachusetts courts) to avoid French jurisdiction. But the court found Tripadvisor could not prove which signup flow and which terms of use were actually shown to users in 2013 when accounts were created. No certain date, nothing to confirm those terms were the ones in force that day. Result: clause unenforceable, French jurisdiction retained, Tripadvisor ordered to pay costs. If a platform that size can end up without usable evidence, the lesson applies to everyone.
GDPR: they ask what you said yesterday
Many people treated GDPR as a checkbox exercise. Privacy policy online, legal notices up to date, clear conscience.
What catches you off guard: in an audit or a complaint, regulators do not only look at what you do today. They look at what you told data subjects at collection time, and whether it matched your actual practices. If your policy changed five times in two years with no trail, you are improvising your explanation.
Timestamping each material version of your documents gives you a clean timeline to show. Not a shield. A timeline.
When a competitor copies your legal pages
It happens more often than people admit. Not classic marketing plagiarism: wording in your terms that is a little too close, legal page structures that oddly mirror yours.
In that kind of case, timing matters as much as similarity. How long you have had a given text, how long they have had theirs. Proof you were there first does not solve everything, but it frames the story.
That kind of evidence is built before the problem, not after.
What digital timestamping is actually worth
Not all timestamps are equal. There are several levels, from simple blockchain anchoring to qualified eIDAS timestamping, with real differences in probative strength before a judge. The technical detail belongs in a separate article.
What matters here: even at the most accessible level, an external dated record you do not control still beats a copy on your own server. In March 2025, the Marseille judicial court recognized it for the first time in France as admissible evidence to establish priority for copyright. The law is catching up with practice.
For high-stakes matters, a bailiff’s report remains the strongest option. For day-to-day work as a freelancer or small business (archiving terms, documenting updates), digital timestamping is a serious, fast tool, and far cheaper than an ill-prepared dispute.
What do you actually timestamp?
Not your whole site on every tweak. That would make no sense.
What counts is the document you would defend in court as “this was it, that day”: a PDF export of your terms when they go live, the frozen version of your privacy policy after a redesign, your terms of use when you changed deadlines or liability.
Change a comma with no legal effect: nobody expects anything. Change rights, deadlines, the scope of a clause: you export, you timestamp, you file the certificate with your records.
Why we keep putting it off
As long as there is no dispute, it feels like a to-do you move every week. That is exactly why most people show up empty-handed when things heat up.
You do not need a complex system. Just a habit: when you change something that alters rights or commitments, you export, you timestamp, you move on. Three minutes.
The next time someone says it was different, you will not have to remember. You will have proof.