E018 applies only to federal authorities subject to the Ordinance of 25 November 2020 on the Coordination of the Digital Transformation and ICT Steering in the Federal Administration (DTIO).
Interested parties can request the current version of E018 by emailing info.dti@bk.admin.ch.
Summary of the key points of E018:
1. For administrative decisions, the Administrative Procedure Act (APA, SR 172.021), for contracts and agreements also the Code of Obligations (SCO, SR 220), and in all cases the Federal Act on Electronic Signatures (ESigA SR 943.03) and the Ordinance on Electronic Communication in Administrative Proceedings (ECAPO, SR 172.021.2) must be observed.
2. Legally binding documents and, in particular, documents within the scope of administrative procedures (decrees, decisions, permits, etc.) as well as agreements and contracts transmitted to addressees outside the Federal Administration should be provided with qualified electronic signatures, unless otherwise specified for a specific business process at the level of an ordinance.
Signature requirements of the general secretariats and the administrative units must be adjusted for electronic documents to determine which type of signature (qualified electronic signature, advanced electronic signature with the employee's class B signature certificate, regulated electronic seal) is to be used for which type of document. In addition to any rules applicable to the administrative units under special legislation, the provisions set out in Art. 49 of the Government and Administration Organisation Act (GAOA), Art. 22c and 29 of the Government and Administration Organisation Ordinance (GAOO), and Art. 37, 37a, 37b, 39, 65, 65a of the Financial Budget Ordinance (FBO) must also be observed. For procurement contracts, any recommendations by the Federal Procurement Commission (FPC) apply which may provide for exceptions from the obligation to use qualified signatures.
According to the ECAPO, the electronic seals introduced in 2017 must be used to electronically sign receipts of transmission platforms and decisions under the mass procedure.
3. Internal documents such as reports, applications, decisions, minutes, agreements, and all emails can or may be electronically signed with the personal signature certificate for employees (class B). However, the signature is unable to fulfil any special formal requirements or regulations. It can be used only for the purpose of identification and evidence. Qualified signatures are necessary where the written form is required by law as a condition of validity. An example of such a requirement are human resources documents related to the establishment, adjustment, and termination of employment relationships. In the GEVER systems, the approval of such documents should, to the extent possible and reasonable, not be signed with the class B certificate, but by using the "Visa" function. The information is stored in the metadata and not in the document itself.
4. Only final documents should be signed electronically. The functions (e.g. workflow) of the corresponding specialist application or the electronic records and process management system (GEVER) are to be used for approving and visaing. Electronic signatures in PDF documents should mainly be used when a final document leaves the specialist application/GEVER system, especially when it is to be transmitted to addressees outside the Federal Administration.
5. Documents must be converted into a format that is as universally accessible as possible (or at least machine-readable) and suitable for archiving before they are signed in the application in which they are created. Administrative decisions should – whenever possible – be converted into PDF/A-1a or PDF/A-2a format. The use of the non-accessible formats PDF/A-1b and PDF/A-2b should be avoided to the extent possible.
Note: Where documents are saved in PDF format in the Federal Administration with Microsoft Office using the "Save as..." function, the pre-configured settings (ISO 1905-1) automatically ensure that a PDF/A-1a output format is generated. The same applies when scanning using departmental printers.
6. When signing electronically, the LTV (Long Term Validation) information and a qualified time stamp must always be provided online, i.e. an electronic signature is not possible offline.
7. Either a visible or an invisible electronic signature can be provided for PDF documents. A visible signature means that during the signing process a kind of stamp is inserted in the content of the document indicating that the document has been electronically signed.
This means that when displayed on a screen, it remains visible whether a document was (originally) electronically signed or not. Visible signatures are always mandatory if the document is to leave the Federal Administration – in all other cases they are recommended.
E018 specifies what the visible representation of an electronic signature must look like, which symbols are to be used, and which textual elements of the structured data from the signature and certificate it includes.
Note: Outside the networks of the Federal Administration, Adobe Acrobat Reader, with which electronic signatures can be displayed and also technically verified, may not always be used. In such cases, a visible representation of an electronic signature enables the recipients to see that an electronic signature is present.
8. In addition to a visible representation of the signatures included, an official document must also be provided with information on how its authenticity can be verified using the Validator of the Federal Administration. Instead of an indication in the document, the visible representation of the signature can also include a reference to the homepage of that website.
9. Since introduction of Signature Services 2.0 throughout the Federal Administration in August 2021, the server-based Signature Services or DesktopSigner installed on each workstation must be used to sign PDF documents either from the GEVER system or specialist applications.
10. PDF forms should be filled out with the original Adobe Acrobat Reader. PDF forms must be signed in DesktopSigner.
11. Federal authorities subject to the Ordinance on the Coordination of the Digital Transformation and ICT Steering in the Federal Administration (DTIO) must obtain the required qualified signature certificates as well as the electronic seals in the name of the organisation and also all other certificates issued by the Swiss Government PKI from the Federal Office of Information Technology, Systems and Communications service provider (SP-FOITT). The Swiss Government PKI does not issue certificates to private individuals or organisations.
