ZertES Compliance with Digital Signatures in Switzerland
Electronic signatures have become increasingly common over the last few years with the rise of remote and hybrid work. For most use cases, customers, and locations, an electronic signature is sufficient. However, transactions in heavily regulated industries, in foreign countries or with governmental entities may require or prefer digital signatures, which offer a heightened level of identity assurance compared to electronic signatures.
A digital signature is a type of electronic signature that offers additional verification of the identities of the parties involved in a transaction compared to simple electronic signatures.
Electronic transactions in Europe
Region-specific standards such as the European Union’s 2016 Electronic Identification, Authentication, and Trust Services (eIDAS for short) regulation have helped establish a legally recognised framework that makes them safer, faster, and more efficient. In other words, it provides an ‘EU-wide legal framework for electronic signatures… to enable convenient and secure electronic transactions across EU borders for citizens, businesses, and public sector institutions.’
While eIDAS regulates the use of electronic transactions across all 27 EU member states, outside the EU there are similar alternatives. For example, ZertES, Switzerland’s federal law on electronic signatures. Despite both eIDAS and ZertES being similar in that they set the level of assurance with e-signatures to determine their proper use, when doing business within Switzerland, it is essential to make sure that the electronic signature solution you use ensures compliance under both regulations.
What is the ZertES regulation?
In 2003, the Swiss government introduced ZertES as the main Federal law governing the use of certification services with electronic signatures nationwide. Intended to regulate the conditions of ‘certification services in the area of electronic signatures and other uses of digital certificates’ (pg.18), it provides a legally enforceable framework specifying the requirements that electronic signature providers must adhere to when delivering certification services.
Given the close geographic proximity to the EU, ZertES understandably has many similarities to eIDAS. In general, it follows a similar tiered approach to recognising the various tiers of electronic signature: Simple Electronic Signature (SES), Advanced Electronic Signatures (AES), and Qualified Electronic Signature (QES). While there are no special legal requirements or recognised best practices for the enforceability of an electronic signature, just like its eIDAS counterpart, under ZertES a qualified electronic signature is considered the legal equivalent to a handwritten signature. In contrast to eIDAS, a qualified electronic timestamp is explicitly required in parallel to the QES. As a result, it is encouraged for specific transactions, typically within human resources, banking, and insurance industries.
While ZertES does not typically specify how or when electronic signatures should be implemented, like with eIDAS, it does regulate a provider's obligations in providing certification services. Among several other things, ZertES manages how and when a trust service provider is ‘recognised’ as being able to issue a certification to attain a digital signature. For example, a QES can only be created using ‘qualified certificates for electronic signatures’ issued by service providers accredited and recognised by the Swiss Accreditation Service (SAS), such as Swisscom.
Differences between ZertES and eIDAS
While there are many similarities between ZertES and eIDAS, it is equally as important to be conscious of their differences. Because Switzerland falls outside of the European Union, its electronic signature regulations differ. In contrast, the development and implementation of ZertES were heavily influenced by eIDAS. Due to there being no bilateral agreements between the European Union and Switzerland concerning the legal enforceability of electronic signatures, certificates produced under Swiss law do not automatically comply with eIDAS. Therefore, as a European entity doing business in Switzerland, to avoid encountering any issues with the legal enforceability of your electronic signatures within Switzerland, it’s essential to identify an electronic signature provider that can ensure compliance with both eIDAS and ZertES regulations.
DocuSign can facilitate this through its tightly integrated network of Trust Service Providers. Learn more about Implementing Electronic Signatures and Digital Signatures with DocuSign.