Preparing the document
To be able to provide electronic signatures for documents, as is usually necessary for electronic submissions to the Federal Administration, the document must first be converted into a format suitable for the signature. In practice, this is usually PDF format or – even better – its archivable variant PDF/A.
The document can be converted with a program such as the Microsoft Print-to-PDF printer driver, Microsoft Office products, LibreOffice (freeware), or one of the numerous freeware PDF conversion programs.
For electronic submissions to public authorities, the PDF/A format (ISO 32000-x, ISO 19005-x, ISO 14289) is not mandatory, but nevertheless recommended and desirable.
Federal Administration employees can create PDF/A documents via the internal business management system, GEVER, or by using specialised applications.
Applying a signature
You will need to use a signing program or signing service to apply an electronic signature. When signing PDF documents, these programs and services usually only offer 'Sign' mode (default setting), but some also offer 'Certify' mode (with or without selection of the options below). Signatures in 'Certify' mode guarantee the integrity and origin of a document in line with PDF standards. The mode can only be used for the first or only signature in the document. It is not intended as a legal confirmation of the document's content or as a declaration of will. In the Federal Administration, signatures cannot be created in 'Certify' mode using signing services.
Special note for public officials: Signing programs with a 'Certify' mode offer a choice of three options: Option 1 = no further changes or signatures may be applied to the document; Option 2 = any further signatures must be made in 'Sign' mode; Option 3 = any further changes must be made in 'Sign' mode with annotations. When signing under Option 1 in 'Certify' mode, it is not possible to append the confirmation of admission of the Register of Public Officials in the form of an electronic seal on, for example, an electronic public document without breaking/invalidating the preceding qualified signature of the public official. In response to problems that arose in this regard in 2022, 'Cygillum' program was updated to Version 1.06 at the start of 2023 to ensure that documents signed in 'Certify' mode are rejected (regardless of the option used).
Choosing and obtaining a certificate
In order to sign a document, you will need a signature key with an associated certificate. The Federal Act on Electronic Signatures (ESigA) regulates two types of certificates: the personal qualified certificate and the regulated electronic seal for organisations. A qualified certificate has the highest level of trustworthiness and the highest probative value while fulfilling the requirements of written form under Articles 12–14 of the Swiss Code of Obligations (CO, SR 220), which is why this type of certificate is preferred.
Federal Administration employees must obtain certificates from the FOITT via the Swiss Government PKI, a provider recognised under ESigA. The Swiss Government PKI only supplies the Administration with certificates; persons outside of the Administration must obtain their certificates via one of the three recognised private certification service providers (CSPs) (see Commercial certification service providers below for more information).
In order to obtain a qualified certificate, you must identify yourself in person by presenting a passport or identity card or identify yourself by means of a video identification procedure to the selected recognised CSP. Both of these procedures are regulated by law. Qualified certificates are either issued locally on a smart card or are deposited on and accessed via a remote signing service, or is regenerated there for each signature.
If the electronic signatures to be used need to be valid in the EU because of the applicable law, a CSP should be chosen that is also recognised under the EU’s eIDAS Regulation. When signing via the remote signing service of these providers, for each individual signature you can choose whether to sign with a regulated or qualified certificate under Swiss law, or with a certificate under EU law. There are two further CSPs in Switzerland who also provide qualified certificates that comply with EU law.
Local certificates on smart cards
Certificates on smart cards are rare these days, as they cannot be used on tablets and smartphones. Nevertheless, you can still obtain local certificates on smart cards from a CSP recognised under ESigA.
In order to be able to sign with local certificates, you will usually need a driver programme for the smart card and the smart card reader (usually a USB flash drive), as well as a locally installed signing application, e.g. Adobe Acrobat Reader. A time-stamping service must be configured in the signing application so that the qualified signature is accompanied by a time stamp as required by law. Check with your provider regarding the need to install a driver on your system platform (Windows, Apple, Linux) and configure the time-stamping service.
Using remote signing services
All recognised certification service providers provide their remote signing service (RSS) centrally online. These are used to record certificates for an identified person or to generate a certificate valid for a short time for the person identified by the system during the signing process (the signature used during this process remains valid).
During the signing process, the hash (i.e. the document’s fingerprint) is signed with the signature key and the associated certificate on the RSS. Depending on the RSS, you will have to enter a PIN either in a smartphone app or via Mobile ID on your smartphone. The signed hash is then returned to the end-user application, which controls the process and inserts the generated signature into the document. Mobile ID can be activated on any smartphone with a SIM card from a Swiss mobile phone provider.
Depending on the RSS or the associated end-user application:
- The document to be signed must be uploaded to a web application that controls the entire signing process and inserts the signature into the document. The signed document is downloaded at the end of the process; or
- Only the document’s hash is generated by a locally installed signing application. This is sent to the remote signing service, signed there and then sent back to the local application, which inserts the signed hash into the document. In this way, the document itself remains local.
If a high degree of trustworthiness is required or if professional standards (e.g. of lawyers, notaries, fiduciaries, etc.) prohibit uploading documents with confidential content to a central web application, use either a local certificate on a smart card with a local application for signing or a remote signing service with a local application so that the document remains local.
