What Are Authentic Records?
In our increasingly digitalized society, the trustworthiness of electronic documents and data has become more important than ever. Our lives and businesses are supported by vast amounts of records, including contracts, medical records, and public documents. But how can we prove that these records are “genuine”? This column addresses the fundamental question of what constitutes an “authentic record,” explaining its requirements and practical implications.
The Three Requirements for Authentic Records
In the fields of law and information management, for a record to be recognized as “authentic,” it must satisfy the following three requirements.
1. Integrity of the Record: The Content Must Be Genuine
The first requirement is that the record’s content has not been tampered with and remains in its original state from the time of creation. This is also referred to as the “integrity” of the record.
For example, questions arise such as: Has a contract been arbitrarily modified after it was concluded? Has a medical chart been altered retroactively to suit someone’s convenience? In the case of digital records, traces of tampering are often less visible, making technical mechanisms to ensure this requirement particularly important.
With traditional paper documents, it was possible to judge the presence or absence of tampering to some extent through handwriting, seals, or the degree of paper deterioration. However, in the case of electronic data, technologies such as hash values and digital signatures must be employed to prove that the data has not been altered since its creation.
2. Authenticity of the Creator: It Must Be Created by the Claimed Person
The second requirement is that the record was actually created by the person claimed to be its author. This is called “authenticity of the creator.”
Let us consider this in a business context. It is extremely important to confirm whether an email received from a business partner was truly sent by that company’s representative and is not a case of impersonation. Similarly, in electronic contracts, if it cannot be confirmed that the signatory is indeed the person they claim to be, the validity of that contract becomes questionable.
In the era of paper documents, handwritten signatures and official seals were the primary means of satisfying this requirement. In the digital age, technologies such as electronic signatures, multi-factor authentication, and biometric authentication serve the role of proving the creator’s identity.
3. Authenticity of Time: It Must Be Created at the Claimed Time
The third requirement is that the record was actually created at the date and time claimed. This is called “authenticity of time” or “time stamping.”
This requirement may seem simple at first glance, but it is actually very important. For example, in patent applications, who first documented an idea can determine the attribution of rights. In litigation as well, when evidence records were created often becomes a point of contention.
In digital environments, file creation dates and times can be easily altered. Under Japan’s Electronic Signature Law, electronic signatures themselves have a presumptive effect of authenticity, so timestamps are not legally mandatory. However, electronic signatures are considered to have a weakness in the “when” aspect of time authentication, and in practice, it is strongly recommended to use mechanisms where third-party organizations certify the time, such as timestamping services or blockchain technology. Particularly, while electronic certificates typically have a validity period of five years, timestamps have a validity period of ten years. Therefore, for records requiring long-term preservation, the combination of timestamps as “long-term signatures” has become practically indispensable. It should be noted that these validity periods can vary depending on the issuing authority and the specific implementation, but the figures mentioned represent common industry practices.
The Interrelationship of the Three Requirements
While these three requirements may appear independent, they are actually closely related. For example, even if the content has not been tampered with, if the creator has been falsified, it cannot be considered an authentic record. Similarly, even if it can be proven that the person created it, if the creation time is unclear, the evidentiary value of that record decreases.
In other words, to be recognized as an authentic record, all three of these requirements must be met. If even one is lacking, doubts will arise about the reliability of that record.
Ensuring Authenticity in Practice
Records Management in Organizations
For companies and public institutions, maintaining authentic records is both a legal obligation and a foundation supporting organizational trustworthiness. As of 2025, many organizations are advancing the implementation of Electronic Records Management Systems (ERMS).
These systems are equipped with functions that technically ensure the three requirements throughout the entire lifecycle of records, from creation through storage to disposal. Specifically, functions such as access log recording, version control, encryption, and automatic timestamping are implemented. These systems often comply with international standards such as ISO 15489 (Records Management) and ISO 16175 (Principles and functional requirements for records in electronic office environments), ensuring consistency in records management practices globally.
Individual-Level Responses
We have entered an era where individuals are also required to be conscious of ensuring the authenticity of important records. For example, it is important to be aware of the three requirements in the following situations:
Records of Contracts and Agreements
When conducting important contracts electronically, use reliable electronic contract services. These services automatically attach electronic signatures and timestamps, creating records that satisfy the three requirements. Many services now support long-term signature formats such as PAdES (PDF Advanced Electronic Signatures) and XAdES (XML Advanced Electronic Signatures), which are designed to maintain validity over extended periods.
Protection of Intellectual Property
It is important to be able to prove the creation date and time of your own ideas and creative outputs. Using an official timestamping service is the most reliable method, but simpler methods such as storing in cloud storage or sending an email to yourself can also have a certain degree of evidentiary value. However, it should be noted that these simpler methods do not guarantee the same level of legal reliability as official timestamping services.
Records for Troubleshooting
For records that may serve as evidence of harassment or disputes, it is desirable to not only take screenshots but also, where possible, save them with timestamps.
New Technologies and the Future of Authenticity
Utilizing Blockchain Technology
Blockchain technology is attracting attention as a new means of ensuring the authenticity of records. The characteristics of blockchain—tamper resistance and chronological guarantee—are highly compatible with the three requirements of authentic records.
As of 2025, the domestic market size for blockchain-related technologies has reached approximately 724.7 billion yen, and various fields such as real estate registration, academic credential verification, and supply chain management are transitioning from proof-of-concept experiments to the early stages of full-scale implementation. However, rather than complete implementation, staged adoption is progressing.
AI and Records Management
On the other hand, with the proliferation of generative AI, new challenges surrounding the authenticity of records have emerged. It has become difficult to distinguish between content created by AI and content created by humans, forcing a redefinition of the very concept of “creator authenticity.”
Entering 2025, the obligation to label AI-generated content is advancing internationally. In China, the “Administrative Measures for the Labeling of AI-Generated Synthetic Content” was announced in March 2025 and came into force on September 1 of the same year. This requires explicit or implicit labeling for records created with AI involvement. In the EU as well, the EU AI Act has introduced an obligation for generative AI service providers to disclose that users are interacting with generative AI. Japan is currently adopting a “light-touch” approach centered on self-regulation, but the need to respond to the strengthening of global regulations is increasing.
These developments indicate that “transparency of the generation process” is being added as a new requirement related to the authenticity of records. Organizations and service providers are now expected to maintain clear documentation not only of who created a record and when, but also whether and to what extent AI was involved in its creation.
Balancing Authenticity and Privacy
Enhancing the authenticity of records is also an issue that requires considering the balance with privacy and security. For example, linking biometric information to records to strictly prove the creator’s identity is desirable from an authenticity perspective, but requires careful handling from a personal information protection perspective.
As of 2025, with data protection regulations being strengthened in many countries, the construction of technologies and governance that balance ensuring authenticity with privacy protection has become an important issue for companies and organizations. Emerging technologies such as zero-knowledge proofs and privacy-preserving cryptography are being explored as potential solutions that can verify authenticity without exposing sensitive personal information.
The following table summarizes the key considerations in balancing authenticity requirements with privacy protection:
| Authenticity Measure | Privacy Consideration | Balanced Approach |
| Biometric authentication for creator verification | Collection and storage of sensitive biometric data | Use of privacy-preserving biometric templates; local processing where possible |
| Detailed access logs and audit trails | Monitoring of user behavior and activities | Anonymization of logs; retention policies aligned with legal requirements |
| Blockchain for immutable records | Permanent storage of potentially sensitive information | Storing only hashes or references on-chain; actual data stored securely off-chain |
| Timestamping with trusted third parties | Disclosure of document existence and timing to external parties | Use of blind timestamping protocols; selective disclosure mechanisms |
Summary
An authentic record is one that satisfies three requirements: the content is genuine, the creator is the claimed person, and it was created at the claimed time. This is not merely a technical issue but a concept that serves as the foundation supporting legal effectiveness, business trustworthiness, and social fairness.
In our rapidly digitalizing era, mechanisms that technically ensure these three requirements are becoming increasingly sophisticated. At the same time, new technologies such as AI and blockchain are bringing new possibilities and challenges regarding the authenticity of records.
What is important is to leverage the evolution of technology while not losing the fundamental understanding of why record authenticity is necessary. Maintaining authentic records is a basic endeavor for protecting individual rights, building organizational trust, and enhancing social transparency.
We create, store, and refer to various records every day. Being conscious that each one is authentic and managing them appropriately has become a fundamental literacy for living in a digital society.
As we move forward, the convergence of international standards (such as ISO 15489 for records management and evolving eIDAS regulations in Europe), emerging privacy-preserving technologies, and AI governance frameworks will continue to shape how we define and ensure record authenticity. Organizations and individuals alike must stay informed about these developments and adopt practices that meet both the technical and regulatory requirements of authentic records management in an increasingly complex digital landscape.
Comment