943.03 federal law on certification services in the field of the electronic signature (law on the electronic signature, SCSE) of December 19, 2003 (State on August 1, 2008) the Federal Assembly of the Swiss Confederation, view the art. 95, al. 1, and 122, al. 1, of the Constitution, given the message of the federal Council on 3 July 2001, stop: Section 1 provisions general art. 1 object and purpose this law regulates: a. the conditions under which suppliers of certification services in the field of electronic signature can be recognized; (b) the rights and duties of certification services providers recognized.
It aims to: a. promote the provision of electronic certification services sure to a wide public; b. promote the use of signatures qualified electronic; c. allow international recognition of their benefits and certification services providers.
Art. 2 definitions for the purposes of this Act, means: a. electronic signature: electronic data attached to or logically associated with other electronic data and which serve to verify their authenticity; b. advanced electronic signature: electronic signature which meets the following requirements: 1. be related only to the holder, 2 to identify the holder, 3 be created by means that the holder may keep under its exclusive control 4. be linked to the data to which it relates so that any subsequent changes of the data is detectable;
c. qualified electronic signature: advanced electronic signature based on a device secure creation of signature within the meaning of art. 6, al. 1 and 2, and on a valid qualified certificate at the time of its inception; d. signing key: unique data, such as codes or private cryptographic keys that the licensee uses to compose an electronic signature; e. signature verification key: data such as codes or public cryptographic keys used to verify an electronic signature, f. qualified certificate : digital certificate that meets the requirements of art. 7; g. certification provider (provider): body which certifies data in an electronic environment and who issues digital certificates for this purpose; h. recognition organization: organization which, under the rules of accreditation, is authorized to recognize and monitor suppliers.
LF from 6 oct. 1995 on technical barriers to trade, THG (SR 946.51) and the relevant implementing provisions.
Section 2 Art. supplier recognition 3 conditions of recognition can be recognized as providers or legal persons who: a. are entered in the register of trade; (b) are able to issue and manage certificates qualified according to the requirements of this Act; c. employ personnel with knowledge, experience and qualifications; d. use systems and computer products reliable and safe such as devices for creating signatures; e. possess resources or adequate financial guarantees; f. contract the necessary insurance to cover liability under art. 16 and charges that can result in the measures provided for in art. 13, al. 2 and 3; (g) ensure respect for the law, including this Act and the relevant implementing provisions.
The conditions in the al. 1 are also applicable to foreign suppliers. When a foreign supplier has already obtained a recognition on the part of a foreign agency of recognition, the Swiss recognition can recognize it if it is proved that: a. recognition has been granted under foreign law; (b) the rules of foreign law applicable to the granting of recognition are equivalent to those of the Swiss law; c. the foreign recognition Agency has qualifications equivalent to those required of a Swiss recognition agency; d. the foreign recognition Agency guarantee its collaboration in the Organization of Swiss recognition for the supervision of the provider in Switzerland.
The administrative units of the Confederation, cantons and municipalities can be recognized as suppliers without having to register in the commercial register.
Art. 4 designation of the accreditation body the federal Council designates the accreditation of agencies of recognition (accreditation body) body.
If any body has been accredited to perform recognition, the federal Council designates the accreditation body or another competent body as body of recognition.
Art. 5 list of providers recognition agencies announce the accreditation body suppliers that they recognize.
The accreditation body is available to the public the list of recognized providers.
Section 3 developing and use of key signing and verification of signature art. 6. the federal Council shall regulate the development of key signing and signature verification which may be certificates qualified within the meaning of this Act. In doing so, it ensures a high level of security, in line with the evolution of technology.
Signature creation devices must at least: a. ensure that the signature key used for the development of the signature cannot practically meet only one time and that his privacy is sufficiently guaranteed; b. ensure with a sufficient safety margin that the signature key used for the creation of the signature can be found by deduction and that the signature is protected against tampering by technical means available; c. ensure that the signature key used for the creation of the signature can be protected reliably by the legitimate cardholder against misuse.
During the implementation of the process of verifying the signature, please ensure that the following requirements are met with a sufficient safety margin: a. the data used to verify the signature correspond to the data displayed for the Auditor; (b) the signature is verified securely and the result of this verification is correctly displayed; c. the Auditor can If necessary, determine reliably the content signed data; (d) the authenticity and validity of the certificate required for the verification of the signature is verified securely and the result of this verification is correctly displayed; (e) the identity of the holder of the signature key is properly displayed; f. the use of a pseudonym is clearly indicated; g. any change affecting security can be detected.
Section 4 qualified certificates art. 7. any qualified certificates must contain at least the following information: a. the serial number; (b) a statement that it is issued as a certificate qualified; c. the name or pseudonym of the physical holder of the signature verification key; If there is a likelihood of confusion, the name must be complemented by a distinctive element; d. the signature verification key; e. the duration of validity; f. the name, country of establishment and electronic signatures qualified provider who issues the certificate; g. the mention of the recognized character or not the provider and, if it is recognized, the name of the body of recognition.
The certificate shall also contain the following: a. the specific qualities of the holder of the signature key, such as the quality of represent a legal person determined; b. the field of use of the certificate; c. the value of transactions for which the certificate can be used.
The federal Council shall regulate the format of certificates.
Section 5 duties of suppliers recognized art. 8 issuance of qualified certificates recognized suppliers must require people seeking a certificate of qualified they arise in person and they provide proof of their identity. Turning to the art. 7, al. 2, let. the powers of the representative should be the subject of an audit; information professionals or other related to this person must be confirmed by the competent body.
The federal Council determines the documents to prove the identity and, if applicable, the qualities of those seeking a certificate. He may, on certain conditions, providing for the exemption from the obligation to appear in person.
Recognized suppliers must also ensure that people seeking a qualified certificate signing key that refers.
They can delegate their task of identification to third parties (registrars). They are responsible for the correct execution of this task by the registration office.
Art. 9 obligation to inform the respected providers must be available to the public their general terms and conditions and information on their policy of certification.
They must inform their clients of the consequences of the misuse of their signature key, at the latest when the issuance of qualified certificates, as well as provisions to take, depending on the circumstances, to ensure the confidentiality of their signature key.
They keep a journal of their activities. The federal Council sets the time during which the newspaper and documents related thereto must be kept.
Art. 10 cancellation of qualified certificates recognized suppliers immediately cancel the qualified certificates: a. If the holder or his representative requests; b. If it turns out that they were obtained fraudulently; c. If they can no longer guarantee the link between a person and a signature verification key.
Cancellation on request according to para. 1, let. a, suppliers ensure that the applicant has an annulment.
Providers shall inform immediately qualified for the cancellation of these certificate holders.
Art. 11 directory service for qualified certificates any recognized provider guarantees to those concerned to be able to reliably, anytime, according to a common procedure, the validity of all qualified certificates that it has issued.
It can also offer a directory service that allows individuals to search and consult the qualified certificates that it has issued. A certificate is registered in this directory at the request of its holder.
Public authorities can access this data free of charge.
The federal Council determines the minimum time that must remain possible verification of qualified certificates that are no longer valid.
Art. 12 system timestamp recognized providers issue, on request, a certificate with their electronic signatures qualified for the purpose of establishing the existence of digital data at a specific time.
Art. 13 cessation of activity recognized providers announce in due time to the accreditation body the cessation of their activity. They immediately announce him any communication of bankruptcy which had been communicated to them.
The accreditation body load another provider recognized to hold the list of valid qualified certificates, expired or cancelled and keep the log of its activities as well as the corresponding supporting documents. The federal Council is the competent body to take over these tasks when there is a recognized provider. The recognized provider who ceases its activity supports the resulting costs.
The al. 2 is also applicable in case of bankruptcy of a recognized provider.
Art. 14 protection of data recognized providers and registrars that they have mandated can treat only the personal data necessary for the performance of their duties. All trade data is prohibited.
In addition, the data protection legislation is applicable.
Section 6 monitoring of recognized suppliers art. 15. the recognized suppliers is monitored by agencies of recognition according to the rules of accreditation.
When a recognition agency withdraws recognition from a supplier, he immediately announced to the accreditation body. Art. 13, al. 2, is applicable.
LF from 6 oct. 1995 on technical barriers to trade, THG (SR 946.51) and the relevant implementing provisions.
Section 7 liability art. 16 liability providers where suppliers contravene obligations arising from this Act or the enforcement provisions, they respond to the damage caused to the holder of a signature key and third parties who relied on a valid qualified certificate.
Their responsibility to provide evidence that they have met the obligations arising from this Act and the enforcement provisions.
Suppliers cannot exclude their liability arising from this Act nor that of their auxiliaries. They are however not the damage resulting from failure or the violation of a restriction of the use of the certificate (art. 7, al. 2).
Art. 17 responsibility of recognition when the bodies of recognition in the sense of art. 2, let. h, contravene obligations arising from this Act and the enforcement provisions, they respond to the damage caused to the holder of the signature key and third parties who relied on a valid qualified certificate. Art. 16, al. 2 and 3, shall apply by analogy.
Art. 18 prescription the actions provided for by this Act prescribes a year from the day which the injured party became aware of the damage and of the identity of the person who is the author and, in all cases, by 10 years from the day where the harmful event occurred. The claims arising from a contract are reserved.
Section 8 Conventions international art. 19. to facilitate the use and international electronic signature legal recognition, the federal Council may conclude international agreements, including on: a. the recognition of electronic signatures and certificates; b. the supplier recognition and accreditation of agencies of recognition; c. the recognition of testing and conformity assessments; d. recognition of the signs of compliance; e. recognition of accreditation systems and some accredited organizations; f. the granting of mandates of standardization to international organizations of standardisation, to the extent where the provisions on electronic signature refer to defined technical standards or where such a reference is provided; (g) information and consultation on the development, adoption, amendment and enforcement of regulations or technical standards.
The federal Council adopts the enforcement provisions of international conventions on the areas listed in para. 1 may delegate to private organizations in activities relating to information and consultation in terms of policy-making, the adoption and the amendment of provisions and technical standards on electronic signature and determine compensation as such.
Section 9 provisions final art. 20 run the federal Council shall issue implementing provisions. It takes into account the relevant international law and may declare applicable technical standards.
The federal Council may charge the federal Office of communications to make administrative and technical requirements.
In order to achieve the purpose of the Act, it can charge a unit of administration issue certificates qualified also covering the legal relationship under private law or to participate in the company of a private provider.
Art. 21 amendment of the law in force the change in the law in force is set in the annex.
Art. 22 repealed by no II 55 of the Federal ACT of 20 March 2008 relative to the formal update of federal law, with effect from August 1, 2008 (RO 2008 3437 3452; FF 2007 5789).
Art. 23 referendum and entry into force the present law is subject to the referendum.
The federal Council shall determine the date of entry into force.
Annex (art. 21) amendment of the law in force the following laws are changed as follows:...
Mod. can be found at the RO 2004 5085.
State on August 1, 2008