Commercial certification service providers
The following three private providers of certification services compliant with ESigA all provide remote signing services. Several third-party partners also currently provide their products via Swisscom’s Signing Service.
In addition to solutions for individuals, SMEs, solicitors and notaries, all three commercial providers offer integration solutions for larger companies.
- Swisscom Schweiz AG
Signing Service – Swisscom Trust Services AG [https://trustservices.swisscom.com/en/signing-service/]
The offerings below are based on the Signing Service and require a two-factor signature release approved by Swisscom, such as a combination password and one-time code via SMS, Mobile ID app, or other procedure. Please note that these providers also offer EU signatures (in line with eIDAS regulation) and ensure you choose the correct signature for your requirements:
- Skribble [https://www.skribble.com/de-ch/] – Web application for legally valid electronic signatures compliant with ESigA and eIDAS Skribble AG
- DeepSign [https:// www.deepsign.swiss] - Web application for legally valid electronic signatures compliant with ESigA and eIDAS, DeepCloud AG
- eSignR [https://esignr.ch/en/homepage] – Local software for trusted, legally valid signatures compliant with ESigA and eIDAS Glue Software Engineering AG
- PrivaSphere Sign & Send [https://www.privasphere.com/h/index.php?id=111&L=0] – Local software for trusted, legally valid signatures compliant with ESigA and eIDAS PrivaSphere AG
- Ajila AG [https://www.ajila.com] –Signature solution Blink (primarily for integration into applications at companies and organisations)
- Glaux AG [https://www.glauxgroup.ch/elektronische-signatur] - Signature solution {esignature} (primarily for integration into applications at companies and organisations)
Contact the following private providers to find out which of their products generate signatures that are compliant with eIDAS, should you require this function.
* Please send us an email to signaturdienste@bk.admin.ch if any providers or their third-party partners recognised under ESigA are not listed here.
Offers from the private sector (SES, AdES, QES)
Providers of web-based signature applications employing Swisscom's Signing Service usually distinguish between 3 types of electronic signatures.
- SES – Simple electronic signature (least expensive)
- AdES – Advanced electronic signature (average price)
- QES – Qualified electronic signature (most expensive)
The websites of these internet-based providers can often give the impression that SES and AdES are also regulated by ESigA. This is not the case.
Only the QES (with a certificate in the name of a natural person) and the regulated electronic seal (with a certificate in the name of an organisation) are considered regulated signatures under ESigA. The regulated signatures and their certificates are based on technical standards guaranteeing secure signature application as well as on standards for the secure and trustworthy identification of the person or organisation named in the certificate. The corresponding European standards (ETSI standards) are referenced by ESigA, via article 4 of the Ordinance on Electronic Signatures (CertESO, SR 943.032) [https://www.fedlex.admin.ch/eli/cc/2016/753/de] and OFCOM's Ordinance on certification services in the area of the electronic signature and other digital signature applications (TAV, SR 943.032.1) for regulated signatures. It goes without saying that the person named in the certificate is always the person who makes a declaration of will or a confirmation and signs it (attributability).
The recipient of a signed document can fully trust declarations of intent made therein, as well as the origin of the document and, if it features a QES or a regulated electronic seal, its integrity. A QES can therefore also be used to fulfil the formal requirement of a handwritten signature (CO, Articles 14 - 16). The QES and the regulated electronic seal enjoy the highest probative value for the document's recipient. The use of a QES or a regulated electronic seal therefore makes sense even in cases where there is no legal formal requirement.
Although the SES and AdES are mentioned in the definitions of terms in ESigA Article 2 [https://www.fedlex.admin.ch/eli/cc/2016/752/de], they are not subsequently regulated in any way. In the case of the AdES only, the legal definition specifies that the certificate used is issued in the name of the holder, i.e. the person or organisation from whom the declaration of will (personal signature) or the document's certificate of origin (in the name of the organisation) emanates. The AdES nonetheless requires the recipient or counterparty to analyse the quality of the signature themselves and assess whether they can trust it based on a range of factors. The probative value of the AdES is much lower because it is not regulated by law and thus does not have a nationally recognised 'seal of approval'. If an AdES were to be disputed in court, an expert opinion would generally be required so that the court could assess its value and attributability. A foreign QES is considered an AdES in Switzerland and vice versa, because there are no agreements between Switzerland and other countries on the mutual recognition of QES or regulated electronic seals.
An SES can be any type of signature, and may also feature a certificate in the name of a third person or a third organisation. They are therefore not suitable for signing a contract. If the SES features an external time stamp, from the perspective of the recipients or the counterparty it can at best provide an indication of a document's content at a specific time. In most of the web-based signature applications listed above, the SES is generated with a certificate in the name of the respective provider, and not in the name of the person signing.
