Prove your clocks are traceable to UTC

A traceability audit plus managed synchronization for regulated entities. The deliverable is not a server: it is the dossier that demonstrates, with evidence, that your clocks are traceable to UTC — defensible to your regulator.

By Richard DEMONGEOT, RDEM Systems SAS — NTP operator since 2005, AS206014, GNSS Stratum 1.

1. The frameworks that demand time evidence

Several European regimes put synchronization and timestamping at the heart of their obligations. None is satisfied by a clock that is merely "on time": all require, in one form or another, that you be able to prove that time is controlled.

Finance — MiFID II

RTS 25 (Reg. EU 2017/574)

Maximum divergence from UTC and timestamp granularity, tiered by activity profile. Article 4 requires a UTC traceability system that is documented, demonstrable and reviewed at least once a year.

Finance — ICT resilience

DORA (Reg. EU 2022/2554)

Digital operational resilience: reliable logging, detection and reconstruction of incidents. Consistent, traceable timestamps are a practical precondition for correlating events and demonstrating control of the system.

Essential sectors

NIS2 & ANSSI guidance

Risk management, logging and investigation capability for essential and important entities. A reliable, traceable time base underpins the evidential value of logs and the ability to correlate during an incident.

2. What the regulator actually requires

The most precise case is MiFID II / RTS 25, which puts numbers on the constraint. Only two variables: the maximum divergence from UTC and the timestamp granularity, set per profile. The strict 100-microsecond tier is the most demanding cell of the scheme — not a general rule applying to all activity.

Activity profiles (RTS 25, annex — summary)
Activity profile	Max. divergence from UTC	Timestamp granularity
High-frequency algorithmic trading; trading venue with gateway-to-gateway latency ≤ 1 ms	100 microseconds	1 microsecond or better
Other automated activity (non-HFT); venue with latency > 1 ms	1 millisecond	1 millisecond or better
Voice trading, request-for-quote with human intervention, negotiated transactions	1 second	1 second or better

Source: annex to Delegated Regulation (EU) 2017/574 (tables 1 and 2). Summary for decision-making; the official text prevails. Detailed tier analysis on our RTS 25 reference page.

3. Our deliverable: the UTC traceability dossier

We sell an operated synchronization service and, above all, the document that makes it defensible: a UTC traceability dossier built on an unbroken chain to a national realization of UTC — typically UTC(OP) at LNE-SYRTE, Paris Observatory (or an equivalent UTC(k): UTC(PTB), UTC(NPL), UTC(NIST)), or via UTC broadcast by GNSS with the offset documented and removed.

[ UTC(k) — e.g. UTC(OP) / LNE-SYRTE ] ← national reference realization | (documented chain + measured offset) [ Reference source: disciplined GNSS / Stratum 1 ] | (end-to-end divergence recorded) [ Supervised NTP/NTS distribution layer ] | [ Your servers & applications ] → timestamp application point identified

What the dossier contains

System design document. The full chain from your clocks to the chosen realization of UTC, with the timestamp application point identified.
Per-profile divergence evidence. Measurement and retention of the offset from UTC, mapped to the tier applicable to each of your activities (100 µs / 1 ms / 1 s).
Granularity evidence. Demonstration that the recorded timestamps resolve the unit required by your profile.
Operating specifications. Sources, redundancy, supervision, and the procedure to follow on drift or loss of reference.
Documented annual review. A dated, archived periodic review of compliance — the dossier is a living document, per Article 4.

4. Our infrastructure proof

The traceability dossier rests on real, operated and verifiable infrastructure. These reference pages document its components:

The infrastructure behind the service

GNSS Stratum 1 server — time reference disciplined by GPS/Galileo, sub-microsecond accuracy, PPS signal.
NTS (Network Time Security) — cryptographic authentication of the time source, deployed across all our servers.
NTS pool status & monitoring — live state of every server and its NTS certificates, probed every 5 min: the living proof of the infrastructure.
Our infrastructure since 2005 — 20+ years of continuous operation, timeline and current architecture.
Our own AS206014 network — BGP routing, peering at Paris IXPs, IPv4/IPv6 dual-stack.
NTP stratum hierarchy — where each link of the traceability chain sits.

5. Fixed-fee or time-and-materials

The engagement adapts to your need, on the same model as our MariaDB audit: a scoped mission to produce the dossier, and/or managed operation over time.

Fixed fee

UTC traceability dossier

Scoped mission: audit of the existing chain, measurement of divergence and granularity per profile, and assembly of the regulator-defensible dossier. Scope and deliverable defined in the quote.

Time & materials

Managed synchronization & annual review

Managed operation of the synchronization, continuous divergence monitoring, upkeep of the dossier and a documented annual review of compliance. Billed by time spent.

No price is shown: every regulatory scope and every architecture differs. We quote on the basis of your activity profile and your compliance target.

6. Request a quote

RDEM Systems SAS publishes these NTP reference contents; this page is the single commercial offer attached to them. The linked technical pages remain informational and do not by themselves constitute an engagement.