Switzerland

[CH] Legislation on Electronic Signature Comes into Force

IRIS 2005-2:1/11

Patrice Aubry

RTS Radio Télévision Suisse, Geneva

National legislation on certification services with regard to electronic signature (Electronic Signature Act - SCSE) adopted by the Federal Parliament on 19 December 2003 came into force on 1 January 2005 (see IRIS 2001-7: 11 and IRIS 2000-10: 9). The new legislation is in line with the regulations in force in the European Union (see IRIS 2000-1: 5 and IRIS 1999-7: 10), and its purpose is to facilitate commercial transactions carried out electronically and to create conditions that guarantee security. The SCSE is completed by an enforcement order adopted by the Federal Council on 3 December 2004 repealing the interim pilot scheme instituted by an earlier Federal Council order of 12 April 2000. The new statutory provisions are also completed by technical and administrative prescriptions decreed by the Federal Office of Communications (OFCOM). The SCSE defines the conditions under which certification services providers may, on a voluntary basis, be recognised. Recognition is issued by bodies accredited by the Swiss Accreditation Service (SAS) of the Federal Office of Metrology and Accreditation. Recognition means that the supplier in question satisfies the statutory requirements, more particularly as regards the identification of holders of electronic certificates. Certification services providers are authorised to issue qualified digital certificates attesting that a public key is related to a given person. The combination of private and public keys makes it possible to identify the sender of a document bearing an electronic signature and to determine whether any alteration has been made to the document since it was signed. Under this new national legislation, electronic signature is assimilated to handwritten signature if it is backed by a certificate issued by a recognised certification services provider. The SCSE also regulates the responsibility of certification services providers, recognition bodies and holders of signature keys. More specifically, it provides that the holder of a private signature key may be held responsible for the wrongful use of the key if the holder fails to take the necessary steps to ensure its confidentiality.