Digital signature platforms are an essential part of the modern business world.
For digital signatures to be legally binding, several requirements must be observed; these include:
Companies that offer signature platforms must fulfill these requirements completely.
The EU Regulation on Electronic Identification and Trust Services (eIDAS) and the Swiss Federal Law on Electronic Signatures (ZertEs) are the two most critical legal frameworks that apply in Europe and Switzerland, respectively. eIDAS aims to create a uniform standard for digital signatures in the EU and to establish further Trust Services to digitize previously analog processes. The ZertES regulates the requirements for the quality of certificates and their use, as well as the prerequisites, rights, and obligations of providers of certification services. The law forms the legal basis for electronic signatures in Switzerland.
One of the most important legal requirements for digital signature platforms is compliance with applicable laws regarding electronic signatures. These laws vary depending on the country or region in which the platform operates and specify which types of electronic signatures are legally recognized and under which conditions. A digital signature platform must ensure that it complies with the requirements of the applicable law.
An important issue is the establishment of identity. It must be ensured that the person signing the document is the person they claim to be. There are various methods of verifying identity, including using ID cards or passport scans or verifying identity through biometrics.
Digital signature platforms must secure documents and signatures to prevent tampering or forgery. The platform must provide that only authorized persons can access the documents and signatures and that data encryption and other security measures meet the highest market standards.
Another critical aspect of the legal requirements of digital signature platforms is the long-term validity of electronic signatures. In some use cases, it may take years or even decades before a document is retrieved to verify the validity and validation of the document's digital signature. Digital signature platforms need to ensure that their signature procedures are long-lasting and that the integrity of the documents is preserved.
Signing contracts digitally is more effective, cheaper, and sustainable than traditional paper-based signatures. Certification or trust service providers are required to benefit from the advantages of secure digital signing. You will learn in this guide what such providers are and their different services.
According to Art. 3 ZertES, the certification service is provided by domestic or foreign organizations that can demonstrate appropriate personnel with specialist knowledge, experience, and qualifications and operate reliable and trustworthy systems, such as signature and seal creation units. The Swiss Accreditation Service (SAS) of the State Secretariat for Economic Affairs accredits the bodies that recognize certification service providers, the so-called recognition bodies. In Switzerland, KPMG is verified and recognized as an official recognition body. SAS publishes the list of recognized providers of certification services on its website. The recognition bodies audit the providers every three years and thus regularly check the requirements for the certification service offering.
According to Article 3 (17) of the eIDAS Regulation, to be considered a qualified trust service provider, trust service providers must comply with the relevant requirements of eIDAS.
Compliance with these requirements is verified every two years by an accredited conformity assessment body, and the result is communicated to the competent supervisory authority. A trust list per EU member state and a seal of approval validate the qualified trust service providers. The European Commission also provides a tool through the CEF Digital program with which anyone can search the national trust lists, the so-called EU Trusted List.
The EU Regulation eIDAS defines in Article 3 No. 16 what trust services are and what they do. Trust services are electronic services that are generally provided for a fee. The aim of trust services is to enable electronic transactions securely in the digital space. Therefore, trust service providers are companies or organizations that specialize in offering certain electronic services, such as the creation of electronic signatures, seals or time stamps.
Since 2014, the Federal Act on Certification Services in the Field of Electronic Signature and Other Applications of Digital Certificates, or "ZertES" for short, has regulated the requirements for the quality of certificates and their use, as well as the prerequisites, rights, and obligations of certification service providers. The ZertES Act forms the legal basis for the electronic signature in Switzerland and equates the handwritten signature with the qualified electronic signature.
The regulation on Certification Services in the Field of Electronic Signature and Other Applications of Digital Certificates - also known as "VZertES" for short - supplements the federal law ZertES with more detailed regulations. These concerns include the recognition authority, the requirements for registering and identifying persons and organizations for the signature service, the activity journal for providers of certification services, or the invalidation of regulated certificates.
The technical and administrative regulations on certification services in electronic signatures and other applications of digital certificates, in short, "TAV", form an annex to the VZertES and refer to the exact standards that providers of certification services must comply with. Incidentally, these are the same standards that the eIDAS Regulation attracts: Standards of the European Telecommunications Standards Institute (ETSI), but also ISO/IEC, CEN, or US standards (FIPS).
The eIDAS Regulation describes the EU Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market.
The digital signing of contracts is often much more effective and cost-efficient than traditional paper signatures. However, to benefit from the advantages of secure digital signing, the services of so-called trust service providers are required. In this guide, you will discover what trust service providers are and their different services.
The implementing regulations of the European Commission specify specific security and regulatory aspects of the eIDAS Regulation. They set technical standards, requirements, norms, and formats. These include, for example:
The specific descriptions in the supplementary eIDAS implementing regulations increasingly refer to various ETSI, CEN, and ISO standards. ETSI stands for the non-profit standardization organization European Telecommunications Standards Institute. The organization creates globally applicable standards for information and communication technology. Further details at: www.etsi.org