The qualified signature workflow, start to finish
Legal

The qualified signature workflow, start to finish

A qualified electronic signature involves identity verification, signing ceremony, PAdES application, RFC 3161 timestamping, and public verification. Each step serves a specific legal purpose. This is what the process looks like from upload to verified certificate.

S
Swiss Trust Layer Editorial Team· Legal Technology Explanation
·July 19, 2026· 8 min read
The qualified signature workflow, start to finish — Swiss Trust Layer

The term "qualified electronic signature" appears frequently in Swiss and EU legal contexts, but the actual process behind it is rarely explained in plain terms. Most people who need QES for their documents understand what it is legally but not how it works in practice, step by step.

This is the full workflow, from document upload to the verified certificate, with the legal purpose of each step explained.

Step 1: Identity verification

A qualified electronic signature begins with verified identity. Before any document can be signed with QES, the signatory must complete an identity verification process with an accredited Qualified Trust Service Provider (QTSP).

Verification is typically done via one of two methods: in-person verification at an accredited registration office, or video identification conducted remotely through a regulated process. The signatory presents a government-issued identity document, which the QTSP checks against its records and verifies as authentic.

This step is what distinguishes QES from AES or simple e-signature. The verified link between a real person and the signing credential is what enables the legal presumption under ZertES Art. 11 and eIDAS Art. 25(2). Without verified identity, legal presumption is not available.

Once verification is complete, the QTSP issues a signing certificate linked to the verified individual. This certificate is the credential used in subsequent signing acts.

Step 2: Document upload

The document to be signed is uploaded to the signing platform. The platform performs a hash of the document at this point, creating a cryptographic fingerprint of the exact file content. This hash is the reference against which any later tampering would be detected.

The document is not yet signed. The hash is computed and stored as the baseline for integrity verification. Any change to the document after this point would produce a different hash, which would be detectable in verification.

Step 3: The signing ceremony

The signatory is presented with the document and completes the signing act. Depending on the platform and the QTSP's process, this may involve entering a one-time code sent to a verified device, biometric confirmation, or use of a hardware signing token. The exact mechanism varies by QTSP.

The signing act uses the signatory's certificate, issued in Step 1, to produce a cryptographic signature over the document hash. The signature is unique to this document, this signatory, and this exact moment. It cannot be reused or transferred to another document.

Step 4: PAdES signature application

The signature is applied to the document in PAdES (PDF Advanced Electronic Signatures) format. PAdES is the standard defined for PDF documents under the ETSI EN 319 132 and related specifications, designed specifically for legal document signing under eIDAS and ZertES.

PAdES embeds the signature within the PDF file itself, along with the certificate chain, making the signature portable. The document can be verified on any system that supports the standard without requiring access to the original signing platform.

Multiple signatures can be applied to the same document in sequence, and each signature covers the document as it existed at the time of that signature. PAdES supports this multi-signature structure explicitly.

Step 5: RFC 3161 qualified timestamp

Immediately after the signature is applied, the platform requests a qualified timestamp from an accredited Time-Stamping Authority (TSA) under RFC 3161. The TSA is a regulated entity, on the EU or Swiss Trusted List, with legal accountability for the accuracy of its timestamps.

The timestamp binds the signed document hash to a specific date and time, with the TSA's own certificate as the cryptographic anchor. The result is a document where both the signature and the moment of signing are independently verifiable and regulated.

This timestamp is why a QES cannot be backdated. The RFC 3161 timestamp from a regulated TSA is the authoritative record of when the signing act occurred.

Step 6: Certificate issuance

After signing and timestamping are complete, the platform issues a verification certificate. This certificate records the document hash, the signer's identity (as verified by the QTSP), the signing timestamp, and the certification chain back to the QTSP's root.

The certificate is downloadable and shareable. Any party with the original signed document and the certificate can verify independently that the document is authentic, unchanged, and was signed by a verified person at the recorded time.

Step 7: Public verification

The signed document can be verified by any party, including parties who had no involvement in the original signing. Verification does not require access to the signing platform. The verifier provides the signed document, and the platform or a public verification tool checks:

  • Document hash matches the hash in the signature (no tampering since signing)
  • Signature certificate is valid and from an accredited QTSP
  • Timestamp is from an accredited TSA and is within the certificate validity period
  • Certificate chain is intact back to a trusted root

If all checks pass, the verification is confirmed. If any check fails, the platform reports what failed and why.

Public verification is available at /validate. No account is required to verify a document signed on SealMyIdea.

What this means for legal disputes

Each step in the workflow creates a piece of the legal chain. Identity verification links the signature to a real person. PAdES embeds the signature in the document. RFC 3161 anchors the signing moment to a regulated timestamp. The certificate enables independent verification by any third party.

In a dispute, this chain means the signatory cannot credibly deny having signed, the document cannot be altered after signing without detection, and the timing cannot be disputed because the timestamp is from a regulated, audited authority.

For more on Swiss QES requirements and the QTSP accreditation framework, see the ZertES overview page.

Protect your work with Swiss Trust Layer AG

Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.

Book a Free Demo

Related Articles

5 documents Swiss businesses should never sign with a basic e-signature
Legal

5 documents Swiss businesses should never sign with a basic e-signature

Swiss law specifies document types where only a qualified electronic signature carries the legal weight of a handwritten signature. Using a simple or advanced e-signature on these documents creates an enforceable gap that surfaces in disputes. Here are the five categories that matter.

July 18, 2026Read more →
DocuSign vs SealMyIdea: where a visual signature isn't enough
Legal

DocuSign vs SealMyIdea: where a visual signature isn't enough

DocuSign provides advanced and simple electronic signatures. For real estate, IP transfers, fiduciary mandates, and employment contracts in Switzerland, only a qualified electronic signature under ZertES Art. 11 carries legal presumption. This is the gap DocuSign cannot close.

July 17, 2026Read more →
For agencies: prove you authored the work and get clean client sign-off
Legal

For agencies: prove you authored the work and get clean client sign-off

Creative and digital agencies lose IP disputes because they cannot prove creation date or obtain legally binding client acceptance. A qualified electronic signature for client sign-off, combined with timestamped delivery, creates the complete audit trail that courts recognise.

July 16, 2026Read more →
Blockchain proves a file existed. It doesn't prove a court will accept it.
Legal

Blockchain proves a file existed. It doesn't prove a court will accept it.

A blockchain timestamp records that a file existed at a point in time. It carries no legal presumption under eIDAS or ZertES. A qualified electronic timestamp issued by an accredited QTSP does.

July 15, 2026Read more →
What actually happens when a signed contract is challenged
Legal

What actually happens when a signed contract is challenged

When a signed contract is disputed, the outcome depends on the signature tier used. Learn how ZertES Art. 11 and eIDAS Art. 25(2) shift the burden of proof when it matters most.

July 14, 2026Read more →