GPG4win and Kleopatra use local machine time for digital signatures, but those times are not credible. Request that signatures use GMT time retrieved from a secure time server, such as:
I don’t think that this will happen. OpenPGP is decentralized / offline able by design. Using a signed timestamp would introduce a centralized element and require an online connection. So the signature time is at the discretion of the signer and can be faked.
But the signature timestamp is nowhere used as a security feature AFAIK. It’s just informative.
This is also nothing Gpg4win could change. Including timestamps signed by a third party would need a change to the OpenPGP standard to be interoperable.