Qualifizierte E-Signatur Schweiz 2026: ZertES & eIDAS Guide
Standards Compliance

Qualifizierte E-Signatur Schweiz 2026: ZertES & eIDAS Guide

ZertES- und eIDAS-konform: Qualifizierte E-Signaturen gelten in der Schweiz und EU als handschriftliche Unterschrift. Dieser Guide zeigt KMU den schnellsten Weg zur Rechtssicherheit.

S
Swiss Trust Layer Team· Compliance & Legal
·May 26, 2026· 9 min read

In March 2026, a Zurich IP lawyer received an urgent message from a software company client: a former partner was claiming co-ownership of a product tool the team had built before any partnership agreement existed. The client had emails. They had internal Slack logs. What they did not have was a single document bearing a qualified timestamp from an accredited certification service provider. The lawyer's first call to opposing counsel lasted four minutes. The case would take eight months to resolve.

Not all digital signatures are equal. In Switzerland and the EU, there is a clear legal distinction between signature types. Understanding this distinction, and acting on it before a dispute arises, is what separates enforceable documentation from paperwork that collapses under examination.

The three signature levels

Both ZertES and eIDAS distinguish three types of signatures:

Simple electronic signature (SES): A scanned image of your handwritten signature or an inserted image. No cryptographic protection. No legal equivalence with a handwritten signature.

Advanced electronic signature (AES): Cryptographically linked to the signer and detectable if the document is altered after signing. Sufficient for many business processes, but not legally equivalent to a handwritten signature in court.

Qualified electronic signature (QES): The highest standard. Issued by an accredited certification service provider (ZDA/TSP). Legally equivalent to a handwritten signature under Swiss and EU law. Burden of proof is reversed.

ZertES: Swiss law

ZertES (SR 943.03) sets out the conditions a signature must meet to qualify as a QES under Swiss law.

Article 2 of ZertES requires that a certification service provider be accredited by BAKOM (the Federal Office of Communications). Swisscom Trust Services is one such accredited ZDA. Every QES issued by Swisscom is legally binding before Swiss courts and equivalent to a handwritten signature.

ZertES-QES are aligned with the Swiss legal system. They are valid before Swiss authorities, in Swiss courts, and for contracts governed by Swiss law.

eIDAS: the EU framework

The eIDAS Regulation (EU No. 910/2014) establishes the framework for electronic signatures across all 27 EU member states. For businesses with EU clients or cross-border transactions, it is indispensable.

eIDAS Article 25 establishes that a qualified electronic signature has the same legal effect as a handwritten signature in all EU member states. Article 41 goes further: it grants qualified electronic timestamps a legal presumption. Date, time, and data integrity are presumed correct until proved otherwise.

This reversal of the burden of proof is decisive in disputes. You do not need to prove the timestamp is correct. The opposing party must prove it is wrong.

Swisscom Trust Services is listed on the EU Trust List as a QTSP (Qualified Trust Service Provider). Swisscom signatures and timestamps are valid in all 27 EU member states.

ZertES versus eIDAS at a glance

Scope: ZertES applies in Switzerland; eIDAS applies across the EU-27.
Issuer requirement: ZertES requires BAKOM accreditation; eIDAS requires EU Trust List registration.
Timestamp presumption: Both standards provide statutory presumption for qualified timestamps.
Mutual coverage: Swisscom is certified for both. One document covers both jurisdictions.

What would have happened differently

Had the software company applied a ZertES-qualified timestamp to their codebase before the partnership talks began, the Zurich lawyer's position would have been straightforward. Under eIDAS Art. 41, the timestamp carries legal presumption: date and data integrity are presumed correct until disproved. The former partner would have needed to prove the timestamp invalid. That burden, in practice, ends most disputes before litigation reaches the discovery phase. Eight months of proceedings, and the resulting legal costs, would not have occurred.

Why Swiss Trust Layer is the solution

Using a QES directly has historically been complex: identity verification, ZDA contracts, certificate management. Swiss Trust Layer removes that complexity.

You upload a file. The system creates a cryptographic SHA-256 hash, anchors it through Swisscom Trust Services (ZertES and eIDAS), and returns a PAdES-compliant certificate. The process takes under two minutes. The certificate is directly usable in court: in Switzerland, the EU, and in 180+ countries through the Berne Convention.

The nDSG (new Data Protection Act, in force since September 2023) also requires that personal data be processed securely and traceably. Swisscom infrastructure, hosted in Switzerland, meets this requirement.

The QES workflow with Swiss Trust Layer in detail

Step 1: Prepare and upload your file.
Upload the file to swisstrustlayer.com. All common formats are supported: PDF, DOCX, XLSX, JPG, PNG, ZIP, IFC, DWG, MP3, WAV, and more. File size is not restricted. The file itself never leaves your control. Only its cryptographic SHA-256 hash is transmitted to Swisscom.

Step 2: Identity linkage.
Your Swiss Trust Layer account is linked to a verified identity. This step satisfies the QES requirement for signer identifiability under ZertES Art. 2 and eIDAS Art. 28 in conjunction with Annex I. The certificate names its holder.

Step 3: Timestamping by Swisscom Trust Services.
Swiss Trust Layer transmits the SHA-256 hash to Swisscom Trust Services. Swisscom, as a BAKOM-accredited ZDA and eIDAS QTSP, anchors the hash in its certification infrastructure and returns a qualified timestamp. That timestamp contains: the hash of your file, the time of the request (UTC), the Swisscom certificate chain, and a cryptographic signature that makes any subsequent modification detectable.

Step 4: PAdES certificate issuance.
You receive a PAdES-compliant (PDF Advanced Electronic Signature) certificate containing all components of the timestamp. This format is directly accepted by courts, notaries, and authorities in Switzerland and the EU.

Step 5: Public verification.
Every sealed file can be verified at swisstrustlayer.com/validate, without login and without contacting Swiss Trust Layer. The verifier uploads the original file; the system checks whether the SHA-256 hash matches the one stored in the certificate. If it does, the integrity of the file since the timestamp is proved.

This architecture makes Swiss Trust Layer a court-admissible proof instrument that creates no dependency on a database or central service: the proof is in the certificate itself.

For whom is a QES relevant?

For any business that concludes contracts digitally, documents IP rights, operates in regulated sectors (finance, healthcare, law), or works cross-border with EU partners.

Is a QES required for every contract?
No. For many everyday contracts, an AES is sufficient. For contracts with high dispute value, regulatory requirements, or complex IP arrangements, QES is the right standard.

How much does it cost?
Swiss Trust Layer offers Seal Credits Lite from CHF 5 per year. Business plans are available.

What happens to my file?
Only the cryptographic hash is transmitted to Swisscom. Your file never leaves your control. Swiss Trust Layer stores no content, only the proof of existence.

The cost the Zurich lawyer's client did not calculate in time

The software company's dispute ran for eight months. Legal costs exceeded CHF 200,000. A qualified timestamp on the core codebase before the partnership talks would have cost CHF 5. That is the comparison that matters. Start today: swisstrustlayer.com.

Protect your work with Swiss Trust Layer AG

Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.

Book a Free Demo

Related Articles

How a ZertES Qualified Electronic Seal Works: Technical + Legal Explainer (2026)
Standards & Compliance

How a ZertES Qualified Electronic Seal Works: Technical + Legal Explainer (2026)

A ZertES qualified electronic seal is Switzerland's highest-assurance digital seal, legally equivalent to a handwritten stamp under Swiss law. This explainer covers how it works technically, when it is qualified vs. advanced, and how it compares to EU eIDAS.

June 12, 2026Read more →
eIDAS vs ZertES: Side-by-Side Legal Comparison for Non-Lawyers (2026)
Standards & Compliance

eIDAS vs ZertES: Side-by-Side Legal Comparison for Non-Lawyers (2026)

Confused by eIDAS vs ZertES? This plain-English guide breaks down the difference between EU and Swiss electronic signature law, with a comparison table and real scenarios for freelancers, creators, and small operators.

June 12, 2026Read more →
What is a QTSP? Why Your Digital Signature Provider Must Be EU-Listed
Standards & Compliance

What is a QTSP? Why Your Digital Signature Provider Must Be EU-Listed

A Qualified Trust Service Provider (QTSP) is an entity supervised by an EU member state and listed on the national trusted list. Only QTSPs can issue eIDAS-qualified electronic signatures with legal presumption. Here is what to check.

June 3, 2026Read more →
GDPR Document Sealing & Timestamps: EU Compliance 2026
Standards & Compliance

GDPR Document Sealing & Timestamps: EU Compliance 2026

GDPR data processing records under Article 30 require a qualified timestamp to prove integrity and accountability. Here is how cryptographic sealing satisfies EU regulators.

June 3, 2026Read more →
Digital Signature vs Electronic Seal: What Is the Legal Difference?
Standards & Compliance

Digital Signature vs Electronic Seal: What Is the Legal Difference?

Under eIDAS and ZertES, electronic signatures and electronic seals have different legal effects. This guide explains which you need for IP protection vs contract execution.

June 3, 2026Read more →