How Schaduwplan works
Verifying a sunlight report: how to check it is genuine

Every Schaduwplan PDF carries a unique SHA-256 hash that we publish at the moment of issue on schaduwplan.nl/verify. A judge, lawyer or neighbour can confirm in under thirty seconds that the file has not been altered since issue, without having to trust us. As far as we know, no other sunlight-study provider in the Netherlands does this.
What does verifying a sunlight report mean?
Verifying a sunlight report means checking whether a PDF is byte-for-byte identical to what Schaduwplan published at the moment of issue. To do that we compute a unique fingerprint, a SHA-256 hash, and record it at the moment of issue in a public register at schaduwplan.nl/verify. Anyone holding the PDF can prove with a single upload that the file has not been altered since.
That sounds technical, but in practice it is a thirty-second check. A judge, lawyer, municipal officer or neighbour copies the report ID from the first or last PDF page, goes to schaduwplan.nl/verify, and drags their copy of the report into the input field. The browser computes the hash locally and compares it with the value in our register. Match or no match. There is nothing more to see.
As far as we know, Schaduwplan is currently the only Dutch company with a public, automated hash register for sunlight reports. Traditional engineering firms deliver a PDF with a letterhead and a signature; later changes are not visible to a layperson.
Why a hash check matters for a sunlight study
A sunlight report lands on the table in situations where the numbers cost something. A “75 per cent loss of sunlight” can block a roof addition, delay an environmental permit or pressure a neighbour into adjusting their plan. The moment the opposing party gains an interest in different numbers, a PDF that can be edited with an ordinary editor is not a strong piece of evidence.
Under article 3:2 of the Algemene wet bestuursrecht (General Administrative Law Act), an administrative body must gather the relevant facts with due care. A report about which the opposing party can claim “this was edited afterwards” meets that requirement poorly in practice. A report whose hash sat, at the moment of issue, on a TLS-secured domain of a public party does meet it. In ECLI:NL:RVS:2023:1329 the Council of State accepts reports with explicit source attribution and a reproducible calculation. That is exactly what a verifiable hash makes possible.
The trust model is deliberately not exotic. It is the same as with a cadastral extract: a PDF with a QR code that points to a verification page on kadaster.nl. According to the Kadaster itself, that is the standard way to check documents for authenticity. Schaduwplan uses the same principle; instead of a QR code we print the report ID and the hash URL as readable text on the PDF.
Step by step: verifying a Schaduwplan report in 30 seconds
The check consists of four actions. Anyone with a browser can do them, even without a technical background. Adobe Reader, Word or a graphics tool are not needed: the hash calculation runs in the browser itself.
- Grab the report ID from the PDF. The ID appears at the bottom of every page, in the format SP-XXXX-XXXX-XXXX (twelve letters or digits split across three blocks). The full verification URL also appears in the header of the PDF.
- Open schaduwplan.nl/verify. The page is public and requires no login. It has an input field where you type the ID or paste the entire verification URL: we extract the ID from it ourselves.
- Click “Verify”. The page retrieves the registered data from our register: the address the report was made for, the date of issue, the expected SHA-256 hash and the 3DBAG version used.
- Drag the PDF into the upload field “Compare your copy”. The browser hashes the file locally and compares the result with the value we published. On a match, the page shows “Authentic hash matches” in green. On a difference, it shows “Not authentic” in orange, together with the hash it found so the opposing party can see exactly where the difference lies.
On an average laptop the whole check is done within thirty seconds, including hashing a report of a few hundred kilobytes. On an old phone it can take a little longer due to the SHA-256 calculation, but the upper bound is never more than a few seconds for a PDF of this size.
What the hash does and does not prove
It is important to be honest about the limits of this check. Hash verification is strong where it is strong, and no stronger. Under the FIPS 180-4 standard (NIST), SHA-256 is cryptographically secure. It is practically impossible to construct a second file that produces the same hash. That is the hard foundation. The soft edges lie elsewhere.
The table below summarises which claims the hash check does and does not support, each with a short explanation.
| Aspect | Does the hash check prove this? | Explanation |
|---|---|---|
| Byte equality with the issued PDF | Yes | SHA-256 detects every change, even a single space or an edited metadata field. |
| Provenance via schaduwplan.nl | Yes | TLS certificate from a public certificate authority (Let’s Encrypt). The same chain as DigiD and the Belastingdienst (Tax Administration) portal. |
| Reproducibility of the calculation | Yes | All inputs (3DBAG building ID, AHN tile, test date, measurement-point coordinates in the Dutch national grid) are in the PDF, reproducible in SketchUp or Rhino. |
| Independent timestamp | No | Timestamp published by Schaduwplan, not certified by an external Time-Stamping Authority. |
| Qualified electronic signature (eIDAS) | No | Schaduwplan is not a trust service recognised by the RDI. For procedures requiring PAdES (some notarial documents, Belastingdienst correspondence) an additional signature is needed. |
| Substantive correctness of the calculation | No | Verification proves that the file is authentic, not that the numbers support a specific claim. That remains a question for the judge or the administrative body. |
In practice the three limits are rarely a problem. Objection procedures, formal views and civil neighbour-law cases do not require PAdES. The timestamp concern only comes into play when Schaduwplan itself is the suspect, which is virtually unthinkable in an ordinary neighbour-law case. And the calculation is separate from the verification: the two together form the piece of evidence. For a deeper overview of when a Schaduwplan report is legally valid at all, read our article on legal validity in objections and court.
When verification really matters
Not every report actually needs to be verified. A contractor who wants to sharpen their estimate for a roof addition can simply use the sunlight analysis without ever looking at schaduwplan.nl/verify. Verification becomes important the moment the report ends up in a procedure where the opposing party has an interest in different numbers.
Objection to the municipality.The municipality or the permit holder rejects the report with “this document is not official”. Verification shows that the document rests on a traceable source. Under article 3:2 of the Awb (General Administrative Law Act), an administrative body may not simply set aside a source-substantiated, verifiable report.
Civil neighbour-law case.The neighbour disputes the numbers (“this cannot be right, my architect said”...). Verification shows that the document the judge sees is exactly the document the claimant downloaded, and not an altered version. The judge can then weigh on the merits whether the calculation is correct.
Property transaction.A buyer or estate agent wants to check that the seller’s sun-hours claim is not a retouching job. A PDF with a verification URL gives that certainty within half a minute.
Insurance claim or legal-aid use.Insurers accept reports from “independent experts”. In practice the criterion is not recognised-expert in the eIDAS sense, but reproducible and traceable. A Schaduwplan report with an intact hash meets that in the vast majority of policies.
When a hash check alone is not enough
In fairness: there are situations where a hash check is not the deciding factor. For completeness, the three scenarios.
The opposing party attacks the methodology itself. A lawyer disputes not whether the PDF is genuine, but whether the choice of TNO standard is right for this address, whether the measurement points are at the correct height, or whether the AHN version used is still accurate. Hash verification is then not relevant; what helps is an independent engineer who recalculates the model. For that, Schaduwplan supplies exportable 3D models (GLB, OBJ) and the measurement-point coordinates in the Dutch national grid (EPSG:28992), so that an external expert can check the work.
The procedure requires a PAdES signature. In rare cases the municipality or a notary requires a report with a qualified electronic signature under eIDAS. This almost never happens with sunlight studies, but it does with Kadaster deeds and notarial documents. A Schaduwplan report is then usable in combination with a notarial statement, but the report on its own does not meet eIDAS.
Schaduwplan itself is under suspicion. In a hypothetical scenario where a judge doubts our integrity itself, the hash register does not help. That same judge could ask for a blockchain-anchored timestamp or a PAdES signature with external TSA confirmation. We are working on an OpenTimestamps extension that anchors the hash in the Bitcoin blockchain at the moment of publication. That closes this hypothetical gap, but it is not the main part of the verification process.
How to apply it in your case file
For anyone using the report in a formal view, a notice of objection or court proceedings, three practical tips.
State the verification URL in the case file.Write something like this in the explanatory note: “The authenticity of the attached report can be checked by any party via schaduwplan.nl/verify/?id=SP-XXXX-XXXX-XXXX. The SHA-256 hash of the file is X. The judge can check the match by uploading the PDF on that page.” That clears the verification question out of the way before the opposing party raises it.
Keep the original download. Do not modify the PDF, not even by printing it to PDF or by adding bookmarks. Both actions change the hash. If you want to make an annotated version, keep the original PDF separately and use the annotation only for your own records.
Cite the case law where it fits. The Council of State (ECLI:NL:RVS:2023:172) calls TNO standards not unusual and requires appellants to dispute reports on the merits. A verifiable report makes it hard for the opposing party to steer the discussion towards “is this even a real document” and forces them back to the numbers.
Sources (11)
We back every article with public sources. Click to see all the original documents, rulings and datasets.
Sources (11)
We back every article with public sources. Click to see all the original documents, rulings and datasets.
Laws and regulations
Case law
Technical standards
- FIPS 180-4: Secure Hash Standard (SHA-256)— NIST
- Web Cryptography API — SubtleCrypto.digest— W3C
- Let’s Encrypt — free public certificate authority— Internet Security Research Group
Data sources
- 3DBAG — 3D models of Dutch buildings— TU Delft (3D geoinformation) and 3DGI
- BAG — Key Register of Addresses and Buildings— Kadaster
- AHN4 — Actueel Hoogtebestand Nederland— Rijkswaterstaat and the water authorities
Comparable practice
Frequently asked questions
- Can someone alter my PDF without it being noticed?
- No. Any change — even adding a space or editing a metadata field — changes the SHA-256 hash completely. An altered PDF has a different fingerprint from what is recorded at schaduwplan.nl/verify. The comparison then shows “Not authentic”.
- Do I need to upload the PDF to Schaduwplan to verify it?
- No. The hashing happens in your own browser via the Web Crypto API. Your file never leaves your device. All we see is the report ID you type in, not the contents of the PDF.
- Is a hash check sufficient for the court?
- For formal views (zienswijzen), objection procedures and civil neighbour-law cases, in almost all cases yes. The report meets the evidential requirements because it is verifiable and based on recognised sources (3DBAG, BAG, AHN4). For administrative appeal cases where the opposing party attacks the methodology itself, we recommend additional expert verification by an independent engineer who recalculates the model.
- How does the court know that schaduwplan.nl really belongs to Schaduwplan?
- The domain’s TLS certificate is issued by a public certificate authority (Let’s Encrypt). Anyone can check the domain registration via WHOIS and the ownership chain via the certificate transparency logs. The same chain on which the entire Dutch payment system and the DigiD login run.
- What if I have lost the report ID?
- The ID appears at the bottom of every page of the PDF and is baked into the URL shown in the header (schaduwplan.nl/verify/SP-XXXX-XXXX-XXXX). It can also be found in the confirmation email you received after payment.
- Does the hash change if I download the PDF again?
- No. The same PDF always has the same hash, no matter how often or from which device you download it. SHA-256 is a deterministic function that responds only to the contents of the file.
See how it works using a real report
Start a sunlight analysis for a Dutch address and see for yourself what the verifiable report looks like. No account, no credit card for the preview. Pay only on download.
Read more

How Schaduwplan works
Why Schaduwplan has no subscription: € 29, one time
Schaduwplan charges € 29 per report, one time. No subscription, no trial. Most people need one report per permit procedure: once every 5 to 10 years for homeowners. A consumer subscription of € 2.49 per 90 days costs € 50.62 over 5 years, while Schaduwplan stays a single, clear transaction.

How Schaduwplan works
Sunlight study for a permit: from SketchUp to an auditable PDF
A manual sunlight study in SketchUp or Revit takes 4 to 16 hours of architect time per project. With Schaduwplan you generate an auditable PDF report in 5 minutes from 3DBAG, BAG and AHN4, tested against the light TNO, strict TNO or municipal standards. The time saved per permit application is worth € 300 to € 2,400 in architect fees.

How Schaduwplan works
Is a sunlight study admissible in an objection or in court?
A Schaduwplan sunlight report is indicative and admissible in court. For formal views (zienswijzen), objection procedures and civil neighbour-law cases it is sufficient in almost all situations, because it uses the same 3DBAG, BAG and AHN4 sources that professional firms and the Administrative Jurisdiction Division of the Council of State rely on. For formal administrative appeal proceedings we recommend verification by a sworn expert.