Meet the requirements of eIDAS and ZertES

Learn how to make your digital signature platform legally compliant.

Contact us

Legal requirements for digital signatures and seals: Compliance with legally binding signatures

Digital signature platforms are an essential part of the modern business world.

For digital signatures to be legally binding, several requirements must be observed; these include:

  • compliance with applicable electronic signature laws
  • identity verification
  • security
  • the long-term validity of signatures

Companies that offer signature platforms must fulfill these requirements completely.

The EU Regulation on Electronic Identification and Trust Services (eIDAS) and the Swiss Federal Law on Electronic Signatures (ZertES) are the two most critical legal frameworks that apply in Europe and Switzerland, respectively.  eIDAS aims to create a uniform standard for digital signatures in the EU and to establish further Trust Services to digitize previously analog processes. The ZertES regulates the requirements for the quality of certificates and their use, as well as the prerequisites, rights, and obligations of providers of certification services. The law forms the legal basis for electronic signatures in Switzerland.

Electronic signature laws

Electronic signature laws

One of the most important legal requirements for digital signature platforms is compliance with applicable laws regarding electronic signatures. These laws vary depending on the country or region in which the platform operates and specify which types of electronic signatures are legally recognized and under which conditions. A digital signature platform must ensure that it complies with the requirements of the applicable law.

SC2019092400013-1

Identity check

An important issue is the establishment of identity. It must be ensured that the person signing the document is the person they claim to be. There are various methods of verifying identity, including using ID cards or passport scans or verifying identity through biometrics.

SC2019092400097-1

Security

Digital signature platforms must secure documents and signatures to prevent tampering or forgery. The platform must provide that only authorized persons can access the documents and signatures and that data encryption and other security measures meet the highest market standards.

Long-term validity of digital signatures

Sustainable and long-term validation/ verification of signatures

Another critical aspect of the legal requirements of digital signature platforms is the long-term validity of electronic signatures. In some use cases, it may take years or even decades before a document is retrieved to verify the validity and validation of the document's digital signature. Digital signature platforms need to ensure that their signature procedures are long-lasting and that the integrity of the documents is preserved.

Is your business ready for eIDAS 2.0?

Discover in our eIDAS 2.0 cheat sheet everything you need to know about the revised EU regulation and the introduction of digital identity wallets (EUDIW).

Download cheat sheet

Get your whitepaper on future-proof e-signatures

Learn how e-signatures can transform your business, ensuring trust, improving efficiency, and saving costs

Get e-signature whitepaper

Types of Trust Services

Swisscom Trust Services offers the following trust services according to the eIDAS Regulation and certification services according to ZertES.

Electronic signatures
Electronic signatures make it possible to sign documents digitally and legally securely.
Electronic seals
An electronic seal can be used as an official seal or as a company stamp.
Electronic time stamps
Electronic time stamps prove a document was available in a corresponding form at a particular time.
More Information

Most important functions and advantages of our services

Swisscom-icon_PDF-Signing
Support in the creation of electronic signatures, seals, certificates, and time stamps
Swisscom-icon_EU-Check
Advice and support in complying with the legal requirements of eIDAS and ZertEs
Swisscom-icon_Puzzle_Flexibel
Review and optimization of your existing signature platform to ensure compliance with regulatory requirements and improve the user experience.
Swisscom-icon_Partner-Update
Training and workshops on legal compliance for employees and managers

Certification services and trust services

Signing contracts digitally is more effective, cheaper, and sustainable than traditional paper-based signatures. Certification or trust service providers are required to benefit from the advantages of secure digital signing. You will learn in this guide what such providers are and their different services.

Swisscom-icon_Videoident-finanzintermediar-schweiz
Requirements for a certification service provider according to ZertES (Switzerland)

According to Art. 3 ZertES, the certification service is provided by domestic or foreign organizations that can demonstrate appropriate personnel with specialist knowledge, experience, and qualifications and operate reliable and trustworthy systems, such as signature and seal creation units. The Swiss Accreditation Service (SAS) of the State Secretariat for Economic Affairs accredits the bodies that recognize certification service providers, the so-called recognition bodies. In Switzerland, KPMG is verified and recognized as an official recognition body. SAS publishes the list of recognized providers of certification services on its website. The recognition bodies audit the providers every three years and thus regularly check the requirements for the certification service offering.

Swisscom-icon_Videoident-finanzintermediar-schweiz
Tasks of a provider of certification services according to ZertES (Switzerland)
A provider of certification services issues regulated and qualified certificates as well as qualified time stamps. The regulated certificates can be issued for natural persons or organizations, the so-called UID (Standard Business Identification Number) entities listed in Switzerland's UID register. For this purpose, the providers generate, store, and use private cryptographic keys within a Public-Private Key Infrastructure (PKI) framework on secure signature and seal creation devices. They can also manage the private keys for the signer within the framework of a remote signature service. The identity and data of the signers must be verified as part of the registration for the service; the task may also be delegated to a third party under Art. 9 No. 6 ZertES (so-called "delegation of the registration authority activity"). The providers must document all their activities, maintain a directory service for the certificates and, for example, declare unlawfully obtained certificates invalid.
Swisscom-icon_EU-Check
Requirements qualified trust service providers according to eIDAS (EU area)

According to Article 3 (17) of the eIDAS Regulation, to be considered a qualified trust service provider, trust service providers must comply with the relevant requirements of eIDAS.

Compliance with these requirements is verified every two years by an accredited conformity assessment body, and the result is communicated to the competent supervisory authority. A trust list per EU member state and a seal of approval validate the qualified trust service providers. The European Commission also provides a tool through the CEF Digital program with which anyone can search the national trust lists, the so-called EU Trusted List.

Swisscom-icon_EU-Check
Tasks of a provider of trust services according to eIDAS (EU area)

The EU Regulation eIDAS defines in Article 3 No. 16 what trust services are and what they do. Trust services are electronic services that are generally provided for a fee. The aim of trust services is to enable electronic transactions securely in the digital space. Therefore, trust service providers are companies or organizations that specialize in offering certain electronic services, such as the creation of electronic signatures, seals or time stamps.

ZertES: Interesting laws, regulations, and standards for certification service providers

Federal law ZertES

Since 2014, the Federal Act on Certification Services in the Field of Electronic Signature and Other Applications of Digital Certificates, or "ZertES" for short, has regulated the requirements for the quality of certificates and their use, as well as the prerequisites, rights, and obligations of certification service providers. The ZertES Act forms the legal basis for the electronic signature in Switzerland and equates the handwritten signature with the qualified electronic signature.

Regulation on Certification Services

The regulation on Certification Services in the Field of Electronic Signature and Other Applications of Digital Certificates - also known as "VZertES" for short - supplements the federal law ZertES with more detailed regulations. These concerns include the recognition authority, the requirements for registering and identifying persons and organizations for the signature service, the activity journal for providers of certification services, or the invalidation of regulated certificates.

Technical and administrative regulations (TAV)

The technical and administrative regulations on certification services in electronic signatures and other applications of digital certificates, in short, "TAV", form an annex to the VZertES and refer to the exact standards that providers of certification services must comply with. Incidentally, these are the same standards that the eIDAS Regulation attracts: Standards of the European Telecommunications Standards Institute (ETSI), but also ISO/IEC, CEN, or US standards (FIPS).

eIDAS: Interesting laws, regulations, and standards for trust providers

EU Regulation eIDAS

The eIDAS Regulation describes the EU Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

Trust service provider according to EU Regulation eIDAS

The digital signing of contracts is often much more effective and cost-efficient than traditional paper signatures. However, to benefit from the advantages of secure digital signing, the services of so-called trust service providers are required. In this guide, you will discover what trust service providers are and their different services.

Implementing Regulations of the European Commission

The implementing regulations of the European Commission specify specific security and regulatory aspects of the eIDAS Regulation. They set technical standards, requirements, norms, and formats. These include, for example:

  • Formats for trust lists
  • Minimum requirements for technical specifications and procedures for security levels of electronic identification means
  • Formats of advanced electronic signatures and advanced seals
  • Standards for the security evaluation of qualified signature and seal creation devices
  • Form of an EU visual trust mark for qualified trust services

ETSI standards

The specific descriptions in the supplementary eIDAS implementing regulations increasingly refer to various ETSI, CEN, and ISO standards. ETSI stands for the non-profit standardization organization European Telecommunications Standards Institute. The organization creates globally applicable standards for information and communication technology. Further details at: www.etsi.org

Products and solutions

Electronic signature

  • Embedded remote signature software through easy standardized API's
  • Enables partner applications to implement electronic signature processes on digital documents
  • eIDAS- and ZertES-compliant qualified and advanced electronic signatures

Electronic seal

  • Easily integratable white-label sealing solution
  • Enables partner applications to implement electronic sealing processes
  • Qualified resp. regulated and advanced e-seals compliant with eIDAS & ZertES for public institutions and companies

Identification

  • Largest selection of identification methods for electronic signature registration solutions (compliant with eIDAS and ZertEs)
  • Enables seamless integration into partner applications, offering a digital signature experience tailored to the customer’s needs

Authentication

  • Wide range of authentication solutions available as approval methods for electronic signatures.
  • Allows partner applications to implement a signature process where signatories can register for their preferred approval method.

Have we piqued your interest yet?