Security

E-signatures: a complete guide to their legal value

david_dutch.pngDavid Dutch |

Signature électronique Electronic signatures have become an essential part of any company's digitalization strategy. There are plenty of reasons to make the switch: first, electronic signatures are much more efficient, thanks to faster processing times and lower costs. They also avoid the need for constant trips back and forth between printer, scanner, and post office. They enable documents to be signed securely anywhere, at any time.

However, there is a fundamental difference between how digital signatures are interpreted and handwritten signatures. Unlike handwritten signatures, the authenticity of a secure electronic signature is not based on its visual appearance but on the associated electronic certificate provided by the Trusted Service Provider.

If the concept is still unclear to some, this article explains how 2.0 signatures work and their legal value.

3 types of electronic signatures and their legal value

a. Simple Electronic Signature (SES)

The SES is the basic level of electronic signature. It is generally used for documents where the risk of liability is low. For example, the minutes of an informal team meeting can be signed with a SES. Its legal value is recognized, but it does not provide a strong identification of the signatory or a guarantee of the document's integrity.

b. Advanced Electronic Signature (AES)

The AES offers a higher level of security than the previous one. It is uniquely linked to the signatory using a pre-registered cell phone number. Project meeting minutes, where details are more critical, may require an AES. This signature ensures better traceability and is widely recognized by law.

c. Qualified Electronic Signature (QES)

The QES is the most secure form of electronic signature. It is based on a qualified certificate and a secure signature creation device issued by a Trusted Service Provider (TSP). This registration must be carried out beforehand, on an online platform or in person, to guarantee maximum security. For important or sensitive meetings, such as boards of directors or general assemblies, where decisions have significant legal and financial implications, the QES is generally required. It is recognized as the only form of electronic signature equivalent to a handwritten signature under the European Union's eIDAS regulation and the Swiss federal law on electronic signatures (ESigA).

e-signature legal weight

Qualified Electronic Signature (QES): the ultimate in security

The QES represents the ultimate in security and trust in the field of electronic signatures. It requires rigorous identity verification and is generated via a secure device. To use a QES, the signatory must obtain a qualified certificate from a Trusted Service Provider, such as Swisscom. This certificate contains verified data on the identity of the signatory.

A QES is therefore always personal and cannot be repudiated. This means that in cases where the law requires a handwritten signature for a document, this can be substituted by a QES. Companies operating in highly regulated environments can opt for the QES as their standard signature method, to ensure they meet compliance requirements.

3. How to use the QES

To set up a QES, follow these steps:

  • Choose a certified trusted service provider. In this case, WEDO is working with Swisscom, whose service covers the whole of Europe and meets the legal requirements of the European eIDAS regulation and the Swiss federal ESigA law.
  • Have your identity verified. You can validate your identity online, or by visiting an authorized Swisscom shop. Visit this page for more information on the various registration options.
  • Get your qualified certificate.
  • In your WEDO network, create your signature on first use and validate it by uploading your qualified certificate.
  • Sign the document in one click.

How does a Qualified Electronic Signature work?

From a technical point of view, a QES is generated using asymmetric cryptography. For each signature, there is a public key, enabling anyone to verify the signature, and a private key, reserved exclusively for the signatory. This private key can only be activated and used by obtaining a certificate, issued by a Trusted Service Provider as mentioned above. The certificate issuer guarantees, through certified technical and organizational procedures, that only the applicant may use the private signature key in connection with the certificate.

The certificate attests to the identity of the signatory, while the signature itself indicates the time of signing and guarantees the integrity of the document, ensuring that the PDF has not undergone any modification after signing.

With WEDO, this technical complexity goes unnoticed by users, since all external steps are integrated into the platform to ensure a straightforward process.

Do e-signatures comply with data protection laws for Swiss and European companies?

The legal value of the QES is guaranteed by the Trusted Service Provider (TSP), Swisscom, which, as the issuer of the certificate, is regularly audited and certified by a government agency.

WEDO not only guarantees robust security, but also ensures the most comprehensive data protection thanks to its qualified electronic signatures. WEDO fully complies with the requirements imposed by the European Union's General Data Protection Regulation (GDPR) as well as the Swiss Federal Data Protection Act (DPA). WEDO's hosting service benefits from ISO 27001 certification, with the exclusive location of its servers in Switzerland, guaranteeing a level of security comparable to that of Swiss banking institutions.

ESigA and eIDAS e signature

Are you looking for a secure electronic signature service for your reports?

We can answer all your questions.

Ready to dive in?Start your free trial today.