ZertES


ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with electronic signatures. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services.

Description

ZertES was approved into law on December 19, 2003. The law promotes the use of secure services for electronic certification to facilitate the use of qualified electronic signatures. Under this law, the signatures would be equal to a handwritten signature.
Switzerland’s ZertES law possesses a similar tiered structure and standards of legal value as the European Union’s eIDAS Regulation. ZertES provides several assurance levels; qualified electronic signatures is the highest level, equivalent to a handwritten signature. For many official documents, it is required that the electronic signatures used be at this qualified electronic signature level.

Standards

Under ZertES, an electronic signature refers to electronic data that is either attached to or associated to other electronic data, which serves as a means of authentication for that data. Currently, ZertES does not provide specifications on how electronic signatures should be technically implemented. Despite this limitation, the Swiss Federal Council has made international agreements to facilitate the international use of electronic signatures and allow for their legal recognition. Therefore, the Council allows that electronic signatures that have been technically implemented as digital standards in eIDAS be accepted.
The following standards are recognized by the Swiss Federal Council:
A Fortgeschrittene Elektronische Signatur, also known as an Advanced Electronic Signature, must meet certain requirements in order to prove its authenticity, including:
ZertES allows for the enhancement of the advanced electronic signature and its legal value by adding on a qualified certificate, which is similar to how eIDAS allows for this instance. The upgraded advanced electronic signature is referred as qualifizierte elektronische Signatur or qualified electronic signature. The signature must be produced by a secure signature creation device and then be attached to the qualified certificate. At the time that the signature is created, the certification must be valid.
ZertES requires that qualified certificates must provide:
Certificate service providers that issue qualified certificates are required to undergo audits performed by a conformity assessment body that has been appointed by the Schweizerische Akkreditierungsstelle.
Under ZertES, the Swiss Federal Council regulates signature generation and issues Signaturprüfschlüssel to qualified certificates. The secure signature creative device must verify that the signature key used is:
The signature verification process will ensure that:
ZertES requires Qualified Trust Service Providers to meet requirements that will ensure the validity of the certificates they issue for electronic signatures. Providers can be naturalized or legal citizens. Under certain circumstances, foreign suppliers may be permitted to provide certification services.

Legal implications

ZertES is similar to eIDAS in assuring the legal bindingness of electronic signatures and a tiered approach to legal value in court with qualified electronic signatures having a higher probative value than Advanced Electronic Signatures. Cross-border communications between Switzerland and the Member state of the European Union occur on a daily basis, as the country is home to many internationally active banks and companies. Therefore, ZertES and eiDAS are comparable in technical design and carry similar legal implications.