Definition and legal framework

According to the eIDAS Regulation, which forms the legal framework for electronic signatures and digital signatures in the EU, a qualified electronic signature (QES) is the highest form of electronic signature. The qualified electronic signature has the same legal status as a handwritten signature and is therefore a legally valid signature in Switzerland and the EU. It is created using specific technological processes that ensure the identity of the signatory and guarantee the integrity of the document.

If you have to or want to offer qualified electronic signatures in your company, whether due to formal requirements of local signature laws or because you need secure identification of your signatories, then you should pay close attention to how your eSignature solution makes signing with a qualified signature possible.

Technical details and trust service providers

The qualified electronic signature is usually offered by modern solutions as a remote signature and is based on a special certificate issued by an authorised provider of qualified trust services. The certificate contains the identity of the signatory (at least the name). A visual representation of the signature is often attached to the document. Although this is neither legally necessary nor relevant, it makes it easier to recognise existing signatures. Furthermore, additional data such as the e-mail address or the company logo can often be added.

Section of a certificate with the e-mail address marketing_t@certifaction.com, date 17.07.2024, and the reference to a qualified electronic signature (EU) with signing via Certifaction.com

Signature card with Certifaction

QES uses asymmetric cryptography, also known as public key encryption. In this method, there are always two keys: a private key, also known as a signature key, and a public key.

The signature key is used to sign the hash value (unique digital fingerprint) of the document. The public key is stored in the certificate and can be used to prove authenticity. For this purpose, the checksum encrypted during signature creation is decrypted and compared with the recalculated hash value of the document in question.

With remote signatures, the key pairs are generated and managed by the trust service provider (VDA) in a qualified signature creation device (HSM). The VDA ensures that the private key is only accessible to the signatory. This is usually guaranteed by a second security factor. The VDA is also obliged to identify signatories before creating a signature key in a secure procedure in accordance with the ordinance and to store the identity data.

Use cases and legal validity

The qualified electronic signature is required in cases where legal regulations or specific business processes demand it. This includes, for example, contracts that are normally concluded in written form and are now processed digitally. Here, the qualified electronic signature, which is considered the highest eSignature standard, offers a digital solution that is not only legal, but also secure and efficient. The framework guidelines define the probative value of the individual electronic signatures and are determined by the respective federal laws – in Switzerland by the Federal Assembly and in Germany by the Federal Network Agency.

Use cases in the company

Legal regulations in the EU and Switzerland

The legal validity of the QES is undisputed. In the EU, it is regulated by the eIDAS Regulation, in Switzerland by the ZertES (Federal Act on Certification Services in the Field of Electronic Signatures). Both pieces of legislation equate the QES with a handwritten signature and give it full probative force in court. Only the QES offers the advantage of a reversal of the burden of proof. This means that if a contracting party denies the validity of the signature, it must prove that the signature was forged. The initiator of the signature only has to submit the PDF and no further evidence in court. It should be noted that the QES can be compliant with either eIDAS or ZertES – not with both at the same time. Specialised eSigning providers in Switzerland make it possible to choose between the two variants.

Requirements and implementation of the qualified electronic signature

The QES must fulfil various requirements from the eIDAS Regulation or the ZertES. Firstly, the same requirements apply as for the AES (advanced electronic signature) or AES (advanced electronic signature): The signature must be clearly assignable to the signatory, enable the signatory to be identified and be linked to the data in such a way that any subsequent change is recognised. Identification can take place in person or, in some cases, online through remote identification via video or auto-ident. In addition, the qualified certificate for electronic signatures must be issued by a recognised certification authority, the trust service provider. A qualified signature creation device must be used to create the signature. There are therefore a number of technical specifications for the QES to be valid.

User-friendliness and software solutions

Signing with a QES is very user-friendly thanks to various solutions such as Swisscom or Cryptomathic. The document is usually uploaded in a special format. The signature is then created using the signature software and the signature key. Our solution for companies uses Swisscom as an identification partner and thus Swisscom issues the certificates for the signature creation device (smart card).

The Certifaction QES solution is characterised by a particularly user-friendly interface that makes the identification process a seamless and uncomplicated experience that can be completed in a maximum of 10 minutes. If your corporate customers, partners and employees have NFC-enabled passports, they can identify themselves in 2 to 4 minutes.

Nevertheless, our solution complies with the strict requirements of European signature laws and regulations for the form. This makes QES simple, secure and legal.

Advantages of the qualified electronic signature

The use of a QES offers many advantages. It ensures a high level of security, legal clarity and improves the efficiency of business processes. This is because a clear identity check is carried out and the integrity of the document is maintained. In addition, the use of QES is strongly encouraged by law.

A practical example: QES at Swiss personnel service providers

Registration and identification procedure

Registering for a QES is relatively straightforward, but requires careful identification of the person. Depending on the requirements, this may include the presentation of a valid identity card, confirmation of address and other information.

Digital illustration of an ID card with a photo of a woman, next to it a green lock symbol and a blue sign with a white tick, symbolising security and verification.

Security and legal clarity with QES and SES

Have important contracts signed with a QES, even if only a simple electronic signature (SES) or simple electronic signature (SES) is required. This offers you additional security and legal clarity.

A date, which is automatically inserted when a QES is attached, serves as a time stamp. This time stamp is important as it proves the exact time the document was signed.

Differences between QES and AES

In contrast to the advanced electronic signature (AES), the qualified electronic signature (QES) offers a higher level of security and legal validity. The advanced electronic signature identifies the signatory by means of an e-mail address and mobile phone number and ensures the integrity of the document. The QES also has the same legal recognition as a handwritten signature.

More on the topic: Difference between advanced and qualified signatures

Verification of the signature and data security

The validity of a qualified electronic signature and the integrity of the data can be checked using tools provided by trust service providers. For example, users of a Swiss mobile phone number can check on the Swisscom website whether they are correctly registered for the electronic signature and view the status of their signature.

Another hurdle is ensuring that a document has not been changed since it was signed. This is a particular problem with digitally signed contracts that are subsequently printed. However, with certain precautions, they can also be made forgery-proof in printed form. Our digital twin uses a QR code that is automatically added to the document before it is printed. The scan immediately displays the digital original on your screen and you can check its authenticity. You can also download a securely stored digital copy to your device.

Image of a digital prescription on a smartphone screen next to a printed version of the prescription with QR code and signature.

Documentation and clarity in the signature process

When signing a document where one party uses the QES and the other party signs by hand, it is advisable to carefully document the entire process. Both signatures should appear on the same document to ensure a clear legal position.

Data security through end-to-end encryption

Certifaction not only offers a business solution for every type of remote signature stipulated in the Digital Signature Act, but also places high demands on data security. With the qualified signature and every other signature that is possible with our eSigning solution, your data and that of your customers and partner companies is only loaded locally. We use zero-document-knowledge technology, which means that we have no insight into the documents you want to sign. Everything is transmitted in encrypted form and you can send the key to your signing partner.

We are happy to advise you

The qualified electronic signature is a highly relevant topic in Switzerland and Europe. With a privacy-first provider, you can implement it with peace of mind.

We look forward to informing and supporting you to drive your digital transformation forward!