Legally valid signature in Switzerland: AES or QES

Basics of the digital signature

How to use AES and QES

The advanced electronic signature (AES) is linked to the data of the person signing and verifies their identity. Certifaction uses the telephone number for this purpose, as people have to identify themselves when purchasing a SIM card. The AES can also detect changes to the document after it has been signed. The advanced electronic signature is only legally valid if no formal requirement is specified by law for the document in question. This applies to many B2B contracts or internal documents.

The qualified electronic signature (QES) goes even further by fulfilling all the criteria of the AES and is based on a qualified certificate issued by a trust service provider. The signatory’s identity data is verified by an identification document. The advantage of a QES is that it also applies to documents with a written form requirement. This is stipulated in Switzerland for some legal transactions such as consumer loans or leasing contracts.

Special websites such as the Swiss Signature Validator or tools such as Adobe Reader can be used to determine whether a document has been signed with a valid QES. It shows who has signed the document and whether the signature is valid. You can also see the time stamp and provider of the signature in the signature panel.

Relevant laws and regulations

Federal Act on Electronic Signatures

The legal validity of digital signatures is regulated in the EU by the eIDAS Regulation and in Switzerland by the Federal Act on Electronic Signatures (FAES, also referred to as ZertES). Both legislations stipulate that the qualified electronic signature (QES) is equivalent to a handwritten signature and has probative value in court.

Please note, however, that the QES can either only be compliant with eIDAS or only with FAES/ZertES. With Certifaction, you can choose between the two jurisdictions when creating the signature request.

Trust services

The EU and Switzerland maintain lists of so-called qualified trust service providers. Within the framework of the QES, trust service providers identify the signatory and issue the certificate.

According to FAES/ZertES, separate bodies are responsible for the recognition of such certification services. KPMG is currently the only Swiss recognition authority. eSignature providers do not have to be recognized themselves but can work with recognized certification authorities such as Swisscom to issue certificates.

Data protection

The digital signature process must of course also comply with the relevant data protection regulations of the New Federal Act on Data Protection (nFADP) and the General Data Protection Regulation (GDPR). This includes the protection of personal data and compliance with transparency and security standards.

We also recommend that you look for certifications such as ISO 27001 and a server location in Switzerland. At Certifaction, documents are processed and encrypted locally. We have no insight into your documents – this distinguishes us from other eSigning providers.

Restrictions on the legal validity of digital signatures

There are certain documents for which the electronic form is excluded or the electronic signature is not sufficient. One example is the power of attorney for registration in the commercial register. This requires notarization – a notarial certification cannot be replaced by an electronic signature.

There are also industry-specific regulations that you should take into account. For the pharmaceutical industry, for example, it may be relevant whether the QES meets the requirements of the FDA (Food and Drug Administration).

Combination of digital and written form

Sometimes companies want to combine digital and written elements. The following must be observed to ensure legal validity:

• A document signed by hand by one party can be signed electronically by the other party. However, the appropriate type of eSignature must of course be used – i.e. a QES if written form is required.
• Signatures made on paper and then scanned in are not recognized as electronic signatures as they do not provide the required security features and identity checks.
• Would you like to print out a digitally signed contract? In principle, this is still legally valid even after printing. However, it is important that the digital signature and its validity can also be verified in printed form.

At Certifaction, we ensure the verifiability of printed documents with our digital twin: a QR code that is added to the document and can be scanned after printing.

Risks of the digital signature

Companies should find out exactly which form requirements apply to their contracts and declarations. If you only use an AES when written form is required, this signature is not legally valid. In addition, the probative value in court is crucial: use a QES to avoid taking any risks.

Another risk is that your eSigning provider does not comply with the FAES/ZertES or data protection regulations. A lack of security precautions can lead to data leaks or successful hacker attacks. Therefore, choose an eSigning partner that covers all legal requirements and offers high security standards.

Conclusion

Electronic signatures speed up your contract processes and in many cases are a legally valid alternative to handwritten signatures. While the AES is suitable for most B2B contracts, only the QES is valid for documents with a written form requirement. To avoid exposing your company to risks, you should check your specific use cases and choose a provider with high data security standards.

DISCLAIMER: This article is for general information purposes only and is not intended as legal advice. We cannot guarantee the timeliness and accuracy of the information. If you have specific legal questions, please contact a licensed attorney in your area.