
ZertES- und eIDAS-konform: Qualifizierte E-Signaturen gelten in der Schweiz und EU als handschriftliche Unterschrift. Dieser Guide zeigt KMU den schnellsten Weg zur Rechtssicherheit.
In March 2026, a Zurich IP lawyer received an urgent message from a software company client: a former partner was claiming co-ownership of a product tool the team had built before any partnership agreement existed. The client had emails. They had internal Slack logs. What they did not have was a single document bearing a qualified timestamp from an accredited certification service provider. The lawyer's first call to opposing counsel lasted four minutes. The case would take eight months to resolve.
Not all digital signatures are equal. In Switzerland and the EU, there is a clear legal distinction between signature types. Understanding this distinction, and acting on it before a dispute arises, is what separates enforceable documentation from paperwork that collapses under examination.
Both ZertES and eIDAS distinguish three types of signatures:
Simple electronic signature (SES): A scanned image of your handwritten signature or an inserted image. No cryptographic protection. No legal equivalence with a handwritten signature.
Advanced electronic signature (AES): Cryptographically linked to the signer and detectable if the document is altered after signing. Sufficient for many business processes, but not legally equivalent to a handwritten signature in court.
Qualified electronic signature (QES): The highest standard. Issued by an accredited certification service provider (ZDA/TSP). Legally equivalent to a handwritten signature under Swiss and EU law. Burden of proof is reversed.
ZertES (SR 943.03) sets out the conditions a signature must meet to qualify as a QES under Swiss law.
Article 2 of ZertES requires that a certification service provider be accredited by BAKOM (the Federal Office of Communications). Swisscom Trust Services is one such accredited ZDA. Every QES issued by Swisscom is legally binding before Swiss courts and equivalent to a handwritten signature.
ZertES-QES are aligned with the Swiss legal system. They are valid before Swiss authorities, in Swiss courts, and for contracts governed by Swiss law.
The eIDAS Regulation (EU No. 910/2014) establishes the framework for electronic signatures across all 27 EU member states. For businesses with EU clients or cross-border transactions, it is indispensable.
eIDAS Article 25 establishes that a qualified electronic signature has the same legal effect as a handwritten signature in all EU member states. Article 41 goes further: it grants qualified electronic timestamps a legal presumption. Date, time, and data integrity are presumed correct until proved otherwise.
This reversal of the burden of proof is decisive in disputes. You do not need to prove the timestamp is correct. The opposing party must prove it is wrong.
Swisscom Trust Services is listed on the EU Trust List as a QTSP (Qualified Trust Service Provider). Swisscom signatures and timestamps are valid in all 27 EU member states.
Scope: ZertES applies in Switzerland; eIDAS applies across the EU-27.
Issuer requirement: ZertES requires BAKOM accreditation; eIDAS requires EU Trust List registration.
Timestamp presumption: Both standards provide statutory presumption for qualified timestamps.
Mutual coverage: Swisscom is certified for both. One document covers both jurisdictions.
Had the software company applied a ZertES-qualified timestamp to their codebase before the partnership talks began, the Zurich lawyer's position would have been straightforward. Under eIDAS Art. 41, the timestamp carries legal presumption: date and data integrity are presumed correct until disproved. The former partner would have needed to prove the timestamp invalid. That burden, in practice, ends most disputes before litigation reaches the discovery phase. Eight months of proceedings, and the resulting legal costs, would not have occurred.
Using a QES directly has historically been complex: identity verification, ZDA contracts, certificate management. Swiss Trust Layer removes that complexity.
You upload a file. The system creates a cryptographic SHA-256 hash, anchors it through Swisscom Trust Services (ZertES and eIDAS), and returns a PAdES-compliant certificate. The process takes under two minutes. The certificate is directly usable in court: in Switzerland, the EU, and in 180+ countries through the Berne Convention.
The nDSG (new Data Protection Act, in force since September 2023) also requires that personal data be processed securely and traceably. Swisscom infrastructure, hosted in Switzerland, meets this requirement.
Step 1: Prepare and upload your file.
Upload the file to swisstrustlayer.com. All common formats are supported: PDF, DOCX, XLSX, JPG, PNG, ZIP, IFC, DWG, MP3, WAV, and more. File size is not restricted. The file itself never leaves your control. Only its cryptographic SHA-256 hash is transmitted to Swisscom.
Step 2: Identity linkage.
Your Swiss Trust Layer account is linked to a verified identity. This step satisfies the QES requirement for signer identifiability under ZertES Art. 2 and eIDAS Art. 28 in conjunction with Annex I. The certificate names its holder.
Step 3: Timestamping by Swisscom Trust Services.
Swiss Trust Layer transmits the SHA-256 hash to Swisscom Trust Services. Swisscom, as a BAKOM-accredited ZDA and eIDAS QTSP, anchors the hash in its certification infrastructure and returns a qualified timestamp. That timestamp contains: the hash of your file, the time of the request (UTC), the Swisscom certificate chain, and a cryptographic signature that makes any subsequent modification detectable.
Step 4: PAdES certificate issuance.
You receive a PAdES-compliant (PDF Advanced Electronic Signature) certificate containing all components of the timestamp. This format is directly accepted by courts, notaries, and authorities in Switzerland and the EU.
Step 5: Public verification.
Every sealed file can be verified at swisstrustlayer.com/validate, without login and without contacting Swiss Trust Layer. The verifier uploads the original file; the system checks whether the SHA-256 hash matches the one stored in the certificate. If it does, the integrity of the file since the timestamp is proved.
This architecture makes Swiss Trust Layer a court-admissible proof instrument that creates no dependency on a database or central service: the proof is in the certificate itself.
For any business that concludes contracts digitally, documents IP rights, operates in regulated sectors (finance, healthcare, law), or works cross-border with EU partners.
Is a QES required for every contract?
No. For many everyday contracts, an AES is sufficient. For contracts with high dispute value, regulatory requirements, or complex IP arrangements, QES is the right standard.
How much does it cost?
Swiss Trust Layer offers Seal Credits Lite from CHF 5 per year. Business plans are available.
What happens to my file?
Only the cryptographic hash is transmitted to Swisscom. Your file never leaves your control. Swiss Trust Layer stores no content, only the proof of existence.
The software company's dispute ran for eight months. Legal costs exceeded CHF 200,000. A qualified timestamp on the core codebase before the partnership talks would have cost CHF 5. That is the comparison that matters. Start today: swisstrustlayer.com.
Protect your work with Swiss Trust Layer AG
Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.
Book a Free Demo