Electronic signatures are a technical procedure for verifying the unchanged state of a document, an electronic message, or other electronic data since the time of signature, as well as the identity of the person who signed it.
It is generally based on asymmetric cryptography, employing a pair of keys – a private and a public key – and a certification infrastructure managed by trusted third parties. Trusted third parties are providers of certification services that both guarantee the security and legal compliance of the technologies used and also verify and document the identity of the signature key holder.
Certification service providers must be recognised under the Federal Act of 18 March 2016 on Electronic Signatures (ESigA SR 943.03) so that their products also have legal effect. Recognition thus constitutes a seal of quality.
The infrastructure of the certification service providers, also referred to as public key infrastructure (PKI), can also contain solutions for identification in online services and for securing the data to be transmitted.
See also OFCOM's compilation of all legal bases governing electronic signatures.