Entry into force of the law on the electronic signature
Biel-Bienne, 03.12.2004 - From the beginning of next year, an electronic signature will have the same status as a hand-written signature. The Federal Council has adopted the implementing decree for the law on the electronic signature and has chosen 1 January 2005 as the date when this law will enter into force. The new provisions will be complemented by that date by technical and administrative regulations from the Federal Office of Communications (OFCOM).
Adopted by parliament on 19 December 2003, the federal law concerning certification services in the domain of the electronic signature (Law on the electronic signature loi sur la signature électronique, SCSE) defines the conditions according to which certification service providers can be recognised on a voluntary basis and regulates their activities in the area of electronic certificates. In addition, it lays down the conditions which an electronic signature must meet in order to be equivalent to a hand-written signature and regulates the question of the responsibility of certification service providers, recognition bodies and the holders of signature keys.
The Federal Council has laid down 1 January 2005 as the date on which the law will enter into force. It has also adopted the decree on certification services in the domain of the electronic signature (Decree on the electronic signature Ordonnance sur la signature électronique, OSCSE), which will enter into force on the same date. This decree formally abrogates the experimental system set up by the Federal Council in 2000. In particular, it concretises the obligations to which certification service providers will be subject once they have been recognised. It instructs OFCOM to issue the necessary technical and administrative regulations.
The new legal arrangements are compatible with the regulations in force in the European Union. They should facilitate the early recognition of several certification service providers and thereby contribute to the development of electronic commerce and e-government in Switzerland.
The electronic signature
The electronic signature is based on asymmetrical encryption technology. The user has unique computer data, called encryption keys, one of which, the private key, has to remain secret, whereas the other, the public key, may be divulged.
The private key (or signature key) is used to sign an electronic file, whilst the public key (or signature verification key) allows the recipient to verify the sender’s electronic signature. If the result of this verification is positive, the recipient can be sure that no change of content has occurred during transmission of the file.
The public key is held in an electronic certificate issued by a trusted third party, the certification service provider. The main purpose of the electronic certificate is to link a public key to a specific person, who is identified when the key is issued with the aid of the passport. The recipient of the electronically signed file therefore knows the identity of the party who sent it. The quality of the certificate depends on the degree to which the identity of the certificate holder can be verified by the certification service provider.
The electronic signature is not a new procedure. It can already be used today whenever it is important to authenticate the content and origin of data which are exchanged electronically. This applies both to e-commerce (business-to-business or business-to-consumer) and to e government (between authorities or between authorities and citizens).
Under certain conditions, the new law ascribes to an electronic signature the same status as a hand-written signature. In the future it will therefore be possible to conclude electronically contracts which previously had to be concluded in the traditional written form, such as a consumer credit agreement, for example.
Recognition of certification service providers
In order to promote the use and legal recognition of the electronic signature, in the year 2000 the Federal Council laid down provisions which allowed certification service providers to be recognised on a voluntary basis (decree of 12 April 2000 on electronic certification services ordonnance sur les services de certification électronique, OSCert). The new law essentially renews these arrangements.
A provider who has acquired recognition therefore meets the requirements imposed, especially concerning the identification of persons who hold electronic certificates. It is based on the general accreditation system applied in Switzerland for inspection and certification bodies and other testing and calibration laboratories. It is therefore the responsibility of the Swiss Accreditation Service of the Federal Office of Metrology and Accreditation (SAS) to issue accreditation to those bodies entrusted with recognition of certification service providers (cf. the diagram).
At present, only one company, KPMG Fides Peat has acquired SAS accreditation in the electronic certification services sector. However, no certification service providers have been recognised to date. There should not be much further delay, in view of the entry into force of the new legal provisions on 1 January 2005.
Address for enquiries
Press service, 032 327 55 50
Federal Department of the Environment, Transport, Energy and Communications