certificates – Extended key usage attributes for PKCS # 7 signatures of backup files

We plan to create PKCS # 7 time stamped signatures for our backup files for audit purposes (the timestamp would be created by an external trusted TSA). What Extended Key Usage (EKU) attributes, if any, must be present in the signing key certificate for it to have the most legal value? Do we need EKU values ​​or do we simply need a key use of non-repudiation?

For the record, we are aware of things like the FIM and companies like tripwire, but we are still interested in this approach. We are also aware that the legal value of our solution will be mainly dictated by factors such as the quality of the management of our keys, the quality of the chain of certificates, etc.