The term "qualified electronic signature" appears frequently in Swiss and EU legal contexts, but the actual process behind it is rarely explained in plain terms. Most people who need QES for their documents understand what it is legally but not how it works in practice, step by step.
This is the full workflow, from document upload to the verified certificate, with the legal purpose of each step explained.
Step 1: Identity verification
A qualified electronic signature begins with verified identity. Before any document can be signed with QES, the signatory must complete an identity verification process with an accredited Qualified Trust Service Provider (QTSP).
Verification is typically done via one of two methods: in-person verification at an accredited registration office, or video identification conducted remotely through a regulated process. The signatory presents a government-issued identity document, which the QTSP checks against its records and verifies as authentic.
This step is what distinguishes QES from AES or simple e-signature. The verified link between a real person and the signing credential is what enables the legal presumption under ZertES Art. 11 and eIDAS Art. 25(2). Without verified identity, legal presumption is not available.
Once verification is complete, the QTSP issues a signing certificate linked to the verified individual. This certificate is the credential used in subsequent signing acts.
Step 2: Document upload
The document to be signed is uploaded to the signing platform. The platform performs a hash of the document at this point, creating a cryptographic fingerprint of the exact file content. This hash is the reference against which any later tampering would be detected.
The document is not yet signed. The hash is computed and stored as the baseline for integrity verification. Any change to the document after this point would produce a different hash, which would be detectable in verification.
Step 3: The signing ceremony
The signatory is presented with the document and completes the signing act. Depending on the platform and the QTSP's process, this may involve entering a one-time code sent to a verified device, biometric confirmation, or use of a hardware signing token. The exact mechanism varies by QTSP.
The signing act uses the signatory's certificate, issued in Step 1, to produce a cryptographic signature over the document hash. The signature is unique to this document, this signatory, and this exact moment. It cannot be reused or transferred to another document.
Step 4: PAdES signature application
The signature is applied to the document in PAdES (PDF Advanced Electronic Signatures) format. PAdES is the standard defined for PDF documents under the ETSI EN 319 132 and related specifications, designed specifically for legal document signing under eIDAS and ZertES.
PAdES embeds the signature within the PDF file itself, along with the certificate chain, making the signature portable. The document can be verified on any system that supports the standard without requiring access to the original signing platform.
Multiple signatures can be applied to the same document in sequence, and each signature covers the document as it existed at the time of that signature. PAdES supports this multi-signature structure explicitly.
Step 5: RFC 3161 qualified timestamp
Immediately after the signature is applied, the platform requests a qualified timestamp from an accredited Time-Stamping Authority (TSA) under RFC 3161. The TSA is a regulated entity, on the EU or Swiss Trusted List, with legal accountability for the accuracy of its timestamps.
The timestamp binds the signed document hash to a specific date and time, with the TSA's own certificate as the cryptographic anchor. The result is a document where both the signature and the moment of signing are independently verifiable and regulated.
This timestamp is why a QES cannot be backdated. The RFC 3161 timestamp from a regulated TSA is the authoritative record of when the signing act occurred.
Step 6: Certificate issuance
After signing and timestamping are complete, the platform issues a verification certificate. This certificate records the document hash, the signer's identity (as verified by the QTSP), the signing timestamp, and the certification chain back to the QTSP's root.
The certificate is downloadable and shareable. Any party with the original signed document and the certificate can verify independently that the document is authentic, unchanged, and was signed by a verified person at the recorded time.
Step 7: Public verification
The signed document can be verified by any party, including parties who had no involvement in the original signing. Verification does not require access to the signing platform. The verifier provides the signed document, and the platform or a public verification tool checks:
- Document hash matches the hash in the signature (no tampering since signing)
- Signature certificate is valid and from an accredited QTSP
- Timestamp is from an accredited TSA and is within the certificate validity period
- Certificate chain is intact back to a trusted root
If all checks pass, the verification is confirmed. If any check fails, the platform reports what failed and why.
Public verification is available at /validate. No account is required to verify a document signed on SealMyIdea.
What this means for legal disputes
Each step in the workflow creates a piece of the legal chain. Identity verification links the signature to a real person. PAdES embeds the signature in the document. RFC 3161 anchors the signing moment to a regulated timestamp. The certificate enables independent verification by any third party.
In a dispute, this chain means the signatory cannot credibly deny having signed, the document cannot be altered after signing without detection, and the timing cannot be disputed because the timestamp is from a regulated, audited authority.
For more on Swiss QES requirements and the QTSP accreditation framework, see the ZertES overview page.





