ZertES e la firma elettronica qualificata: guida pratica per le imprese svizzere
Standards Compliance

ZertES e la firma elettronica qualificata: guida pratica per le imprese svizzere

Cos'è ZertES, cosa significa firma elettronica qualificata e perché la distinzione è determinante per la validità legale dei vostri documenti in Svizzera e nell'UE.

S
Swiss Trust Layer Team· Compliance & Legal
·May 28, 2026· 8 min read

In January 2025, a Zurich-based Treuhand firm used a standard electronic signature service to close a CHF 2.4M commercial lease. The tenant signed through a web portal. The landlord's side countersigned the same afternoon. Seven months later, the tenant's lawyers challenged the lease in cantonal court, arguing the signature lacked qualified status under Swiss law and did not carry the legal presumption of a handwritten signature. The Treuhand's managing partner had not understood that "digital signature" and "legally equivalent" are different things in Swiss law.

Not all digital signatures are equal. In Switzerland and the European Union, there are three distinct levels of electronic signature. Only the highest level, the qualified electronic signature (QES), has the same legal value as a handwritten signature before a court. Those who do not know this distinction risk ending up with formally signed documents that are legally weak at the moment they matter most.

The three levels of electronic signature

Both ZertES and eIDAS distinguish three categories:

Simple electronic signature (SES): A scanned image of a signature or a text field with a name. No cryptographic protection. No legal equivalence with a handwritten signature. Easily contested.

Advanced electronic signature (AES): Linked to the signatory through a verifiable process (SMS code, confirmation email) and detectable if the document is altered afterwards. Sufficient for many ordinary business processes, but not equivalent to a handwritten signature before a judge.

Qualified electronic signature (QES): The highest level. Issued by an accredited certification service provider. Legally equivalent to a handwritten signature in both Switzerland (ZertES) and the EU (eIDAS). Reversal of the burden of proof.

ZertES: the Swiss legal framework

ZertES (Federal Act on Certification Services in the Area of Electronic Signatures, RS 943.03) is the Swiss federal law that defines the conditions under which an electronic signature or timestamp has qualified legal value before Swiss authorities and courts.

Article 2 of ZertES establishes that the timestamp or signature must be issued by a certification service provider (ZDA) accredited with OFCOM (Federal Office of Communications), that accreditation requires independent audits and ongoing compliance with strict technical and organisational standards, and that a ZertES-qualified timestamp carries a legal presumption: the date and the content of the document are considered authentic until proven otherwise.

Swisscom Trust Services is a ZDA accredited under ZertES. Every seal issued through Swiss Trust Layer is anchored to Swisscom infrastructure and satisfies this standard.

eIDAS: the European legal framework

For cross-border transactions in the European Union, the reference is the eIDAS Regulation (EU No. 910/2014). This regulation creates a uniform framework for the recognition of electronic signatures across all 27 member states.

Article 25 of eIDAS establishes: a qualified electronic signature has the same legal value as a handwritten signature in all EU member states.

Article 41 adds a provision particularly relevant for timestamps: a qualified electronic timestamp carries a legal presumption that the stated date and time are accurate and that the integrity of the data to which the timestamp refers is intact. This presumption can be rebutted, but the burden of rebutting it falls on the challenging party, not on the party who applied the seal. In practice, a timestamp issued by a QTSP listed on the EU Trust List is extremely difficult to successfully contest in court.

Swisscom Trust Services is listed on the EU Trust List as a QTSP. Seals issued through Swiss Trust Layer are therefore recognised in all 27 EU member states.

What would have happened differently

Had the Zurich Treuhand firm used a ZertES-qualified electronic signature through Swiss Trust Layer, the commercial lease would have carried a legal presumption under ZertES Art. 2 and eIDAS Art. 25. When the tenant's lawyers filed their challenge in cantonal court, they would have faced immediate reversal of the burden of proof. They would have needed to demonstrate the signature was invalid, not the Treuhand firm to prove it was valid. A challenge of that kind, against a Swisscom-anchored QTSP record, would not have survived the first hearing. The firm would have saved four months and CHF 31,000 in legal fees.

Why Swiss companies need both standards

Most Swiss SMEs operate under both Swiss law and with clients and partners in the EU. The choice between ZertES and eIDAS is therefore not a choice at all: both are needed.

The good news is that no operational choice is required. Swisscom Trust Services holds both ZertES accreditation and QTSP status under eIDAS simultaneously. A single Swiss Trust Layer seal satisfies both standards, covering Swiss courts and federal authorities, all 27 EU member states, and the global framework of the Berne Convention (181 member states) for copyright protection.

How Swiss Trust Layer implements these standards

Historically, accessing a QES required complex procedures: identification at an accredited authority, management of digital certificates, installation of specialised software. Swiss Trust Layer simplifies this process.

1. Upload the document. Any format is accepted. The file content is never transmitted or stored. Only the SHA-256 hash, a unique cryptographic fingerprint of the document, is processed.

2. Swisscom certifies the timestamp. Swiss Trust Layer transmits the hash to Swisscom Trust Services, which issues a qualified timestamp compliant with ZertES and eIDAS. The timestamp is immutable: it cannot be applied retroactively.

3. Receive the certificate. You receive a PAdES-compliant document containing the hash, the certified timestamp, the Swisscom certification chain, and your identity. This certificate is directly usable in court.

4. Public verification. Anyone can verify the seal at swisstrustlayer.com/validate, without a login and without contacting Swiss Trust Layer. Verification is mathematical, not dependent on the availability of internal systems.

When you need a QES and when an AES is sufficient

Not all documents require a QES. But you probably need one for intellectual property documentation, licence agreements with significant commercial value, agreements between parties in different jurisdictions, documents that could be presented in court, documents in regulated sectors (finance, healthcare, legal), co-founder agreements and corporate documents, and any document for which you might need to say: "this document is authentic, I signed it on this date, and I have the proof."

Frequently asked questions

Does a QES seal mean the document is encrypted?
No. The document is not encrypted. The seal creates a cryptographic fingerprint (hash) of the exact content of the document. If even a single character is changed afterwards, the hash changes completely and the seal becomes invalid. The document remains readable.

Is a QES recognised in every country?
In the EU (eIDAS) and Switzerland (ZertES), the QES has specific legal definitions and legal presumption. For copyright protection, Swiss Trust Layer seals are recognised globally through the Berne Convention.

How much does it cost?
Swiss Trust Layer Seal Credits Lite start at CHF 5 per document. Professional and enterprise plans are available for teams and high volumes.

Do I need to understand cryptography to use it?
No. The platform handles everything. If you know how to upload a file, you know how to create a qualified timestamp.

The cost of not knowing the difference

The Zurich Treuhand firm spent CHF 31,000 in legal fees over four months before a cantonal court confirmed the signature's validity. The lease was ultimately upheld. The damage was time and cost, not outcome. A ZertES-qualified timestamp through Swiss Trust Layer costs CHF 5 per document. The distinction between a simple electronic signature and a qualified electronic signature was worth CHF 31,000 in this case. In disputes over larger sums, that distinction costs more.

The legal framework for digital documents is evolving. The difference between being able to prove the authenticity of your documents and not being able to is increasingly decisive. Start at swisstrustlayer.com.

Protect your work with Swiss Trust Layer AG

Seal your intellectual property with a court-proof e-Seal backed by Swisscom Trust Services.

Book a Free Demo

Related Articles

How a ZertES Qualified Electronic Seal Works: Technical + Legal Explainer (2026)
Standards & Compliance

How a ZertES Qualified Electronic Seal Works: Technical + Legal Explainer (2026)

A ZertES qualified electronic seal is Switzerland's highest-assurance digital seal, legally equivalent to a handwritten stamp under Swiss law. This explainer covers how it works technically, when it is qualified vs. advanced, and how it compares to EU eIDAS.

June 12, 2026Read more →
eIDAS vs ZertES: Side-by-Side Legal Comparison for Non-Lawyers (2026)
Standards & Compliance

eIDAS vs ZertES: Side-by-Side Legal Comparison for Non-Lawyers (2026)

Confused by eIDAS vs ZertES? This plain-English guide breaks down the difference between EU and Swiss electronic signature law, with a comparison table and real scenarios for freelancers, creators, and small operators.

June 12, 2026Read more →
What is a QTSP? Why Your Digital Signature Provider Must Be EU-Listed
Standards & Compliance

What is a QTSP? Why Your Digital Signature Provider Must Be EU-Listed

A Qualified Trust Service Provider (QTSP) is an entity supervised by an EU member state and listed on the national trusted list. Only QTSPs can issue eIDAS-qualified electronic signatures with legal presumption. Here is what to check.

June 3, 2026Read more →
GDPR Document Sealing & Timestamps: EU Compliance 2026
Standards & Compliance

GDPR Document Sealing & Timestamps: EU Compliance 2026

GDPR data processing records under Article 30 require a qualified timestamp to prove integrity and accountability. Here is how cryptographic sealing satisfies EU regulators.

June 3, 2026Read more →
Digital Signature vs Electronic Seal: What Is the Legal Difference?
Standards & Compliance

Digital Signature vs Electronic Seal: What Is the Legal Difference?

Under eIDAS and ZertES, electronic signatures and electronic seals have different legal effects. This guide explains which you need for IP protection vs contract execution.

June 3, 2026Read more →