Switzerland Tightens Oversight of Trust Service Providers for e‑Signatures

Switzerland is moving to significantly tighten supervision of trust service providers behind qualified electronic signatures and digital certificates, in a reform that will reshape how accredited providers serving Swiss clients are assessed, monitored, and audited from late 2025 through 2027.

On 20 August 2025, the Swiss Federal Council approved a revision of the Ordinance on Certification Services in the area of the electronic signature and other applications of digital certificates (VZertES). The ordinance update both extends how long revocation data must remain available online and sharpens the accreditation rules for recognition bodies that assess trust service providers, aligning them with international standards such as ISO/IEC 17065 and ETSI EN 319 403‑1.(bakom.admin.ch)

Why this move matters for business professionals

For companies operating in or with Switzerland, electronic signatures and digital certificates underpin a growing share of contracts, HR documents, financial agreements, and cross‑border workflows. Swiss law (ZertES) already grants qualified electronic signatures (QES) legal status equivalent to handwritten signatures, making the integrity of trust service providers mission‑critical for enforceability and auditability.(en.wikipedia.org)

As more organizations digitize end‑to‑end workflows—often across multiple jurisdictions and vendors—confidence in the accreditation and supervision of trust service providers has become a board‑level concern. Weak oversight can expose companies to disputes over signature validity, compliance gaps in long‑term archiving, and increased cyber‑risk.

Switzerland’s tightened oversight regime is designed to make those risks more manageable by clarifying which providers—and which certificates—meet the country’s stringent standards, and by aligning supervisory practice more closely with evolving European frameworks under eIDAS and its forthcoming eIDAS 2.0 update.(trustservices.swisscom.com)

What exactly has changed?

1. Longer access to revocation data

The most concrete and immediately visible change is a substantial extension of how long revocation information for digital certificates must remain accessible online. Under the revised VZertES, details about revoked certificates—used to validate whether a given electronic signature was still backed by a valid certificate at a particular point in time—must now be available for at least 11 years after the certificate’s validity ends.(eid.admin.ch)

Key point: Trust service providers will have to keep online revocation data for at least 11 years after a certificate expires, enabling long‑term verification of signed documents.

Previously, revocation data disappeared from online repositories once the certificate expired, which created verification blind spots for long‑lived contracts, archived HR files, or regulatory records signed years earlier. Automated validation services operated or used by authorities and enterprises—such as the government‑provided validator—will now be able to verify signatures reliably over much longer timeframes.(bakom.admin.ch)

2. Stronger, standard‑based accreditation of recognition bodies

Behind every Swiss‑recognised trust service provider (TSP) sits at least one accredited “recognition body” responsible for assessing whether that provider meets statutory and technical requirements. The revised ordinance clarifies and tightens the rules governing these recognition bodies.

The Swiss Accreditation Service (SAS) already accredits recognition bodies in line with Swiss law and publishes the official “Swiss Trusted List” of recognised TSPs and qualified services. KPMG is currently the only accredited recognition body.(uri.tsl-switzerland.ch)

Under the new regime, these bodies must increasingly align their evaluation and surveillance practices with:

• ISO/IEC 17065 – international requirements for bodies certifying products, processes, and services;
• ETSI EN 319 403‑1 – European standard specifying conformity assessment requirements for bodies auditing trust service providers; and
• Updated ETSI ESI standards on certificate policies, identity proofing, and remote signing infrastructures, referenced directly in OFCOM’s technical and administrative regulations.(bakom.admin.ch)

This explicit alignment brings Swiss recognition practice closer to the European eIDAS ecosystem and provides clearer expectations for both auditors and TSPs offering qualified electronic signatures or digital certificates in Switzerland.

3. Phased implementation from 2025 through 2027

The reform is designed to give trust service providers and recognition bodies time to adapt:

• 1 November 2025: Revised VZertES enters into force; new retention and accreditation principles become law.(bakom.admin.ch)
• By early 2026: Recognition bodies must have updated their internal processes to comply with the new normative references and detailed technical regulations. The Federal Council has indicated a transition window until 1 February 2026 for process alignment.(bakom.admin.ch)
• 2026–2027: In practice, many TSPs will be re‑assessed against the newer ISO/IEC and ETSI standards as their recognition or surveillance cycles fall due, completing the shift to the stricter ove

  

  rsight model.

For enterprises consuming signature and certificate services, most of these changes will be invisible day‑to‑day—but they will directly impact how long signatures can be robustly verified and how providers document their compliance posture.

How this fits into Switzerland’s wider digital‑trust strategy

The VZertES revision doesn’t stand alone. It is part of a broader Swiss push to modernize its digital‑identity and trust‑service framework, including the new e‑ID Act and ongoing work on mutual recognition of electronic signatures with the EU.

On the e‑ID side, the Federal Council is moving ahead with a state‑issued electronic identity (e‑ID), with detailed rules laid out in a draft ordinance now under consultation. If ultimately approved by voters in the 28 September 2025 referendum, the e‑ID will be tightly integrated with existing trust infrastructures and digital credential systems.(eid.admin.ch)

Internationally, the Federal Council has also tasked DETEC with preparing a negotiation mandate for an agreement with the EU on mutual recognition of qualified electronic signatures—an agreement that would rely heavily on demonstrable equivalence of supervision standards, exactly the area the new VZertES provisions aim to reinforce.(bakom.admin.ch)

For cross‑border business, the message is clear: aligning Swiss oversight with ISO and ETSI norms is both a security upgrade and a diplomatic move toward future interoperability with the EU’s eIDAS framework.

Implications for trust service providers

For recognised TSPs such as DigiCert Switzerland, Swisscom, SwissSign and the Federal Office of Information Technology (FOITT), the effects will concentrate in three areas:(bakom.admin.ch)

• Compliance operations: Providers must ensure revocation data remains accessible for at least 11 years, which will require adjustments to back‑end infrastructure, logging strategies, and data‑retention policies.
• Audit readiness: More structured, ISO/IEC‑ and ETSI‑anchored accreditation means more formalized documentation, risk management, and continuous improvement processes.
• Product positioning: Providers may increasingly highlight “Swiss‑recognised” or “qualified under VZertES” status as a differentiator in enterprise tenders where legal enforceability and auditability are critical.

Smaller or foreign providers looking to serve Swiss customers with qualified signatures will need to budget for the additional compliance burden, or rely on collaborations with already recognised Swiss TSPs.

What this means for businesses using e‑signatures

For most companies—especially SMBs—the practical questions are straightforward:

• Will my electronically signed documents remain verifiable for as long as I need them?
• Does my e‑signature vendor rely on Swiss‑recognised trust services when a qualified signature is required?
• How much compliance complexity am I taking on directly versus outsourcing to my provider?

The new Swiss rules are broadly positive for end users. Extended revocation data access makes it easier to prove, years later, that a contract or HR agreement was supported by a valid certificate at signing time. Better‑defined accreditation criteria reduce the risk that a provider quietly falls below the legal bar without prompt corrective action.

At the same time, enterprises may see some indirect effects:

• Vendor scrutiny: Procurement and legal teams may add checks for recognition status in the Swiss Trusted List when selecting e‑signature vendors or certificate providers.
• Pricing shifts: Some providers might pass part of the compliance cost on to customers, especially in premium QES or long‑term validation (LTV) offerings.
• Architecture decisions: Larger organizations may separate “everyday” e‑signatures used for internal approvals from “qualified” signatures required for high‑risk or legally sensitive documents.

Where QuickSign.it fits in this shifting landscape

As oversight tightens on the underlying trust service infrastructure, many businesses are simultaneously looking for more intuitive, cost‑effective tools to orchestrate their day‑to‑day signature workflows.

Modern platforms like QuickSign.it sit at this intersection. Rather than forcing small teams into complex, enterprise‑style setups, QuickSign focuses on making compliant workflows accessible to solo entrepreneurs, startups, and lean legal or HR departments:

• AI Document Generation: The platform can generate legal‑style documents with AI, helping teams rapidly draft NDAs, simple contracts, or policy acknowledgements that are then routed for signature.
• Effortless sending: The workflow is intentionally minimal: upload a PDF, drag‑and‑drop signature and form fields, then send to one or many recipients.
• Real‑time tracking: Built‑in status tracking shows when a document is opened, signed, or stalled, which is critical as regulatory expectations for audit trails steadily rise.

While large incumbents like DocuSign and Adobe Sign often tie advanced features to higher‑tier, per‑seat plans, alternatives such as QuickSign.it differentiate with flat‑rate, SMB‑friendly pricing starting at around $15/month, plus a generous free tier that includes 2 AI document generations and 1 document send to unlimited recipients. That model can help smaller organizations absorb regulatory shifts like Switzerland’s VZertES revision without facing sudden jumps in licensing costs.

Best practices for Swiss‑exposed businesses

For companies that operate in Switzerland, serve Swiss customers, or routinely sign contracts governed by Swiss law, the revised ordinance is a prompt to review signature strategy. Consider the following steps:

1. Map your use cases. Identify which workflows really need qualified electronic signatures backed by Swiss‑recognised certificates, and which can rely on advanced or standard e‑signatures with strong evidence trails.
2. Check your providers. Confirm whether your current vendors depend on trust service providers listed in the Swiss Trusted List for QES‑grade transactions, and whether they support long‑term validation aligned with the 11‑year revocation window.(uri.tsl-switzerland.ch)
3. Strengthen your audit trail. Ensure your e‑signature platform captures timestamps, certificate data, and signer events in a way your legal and compliance teams are comfortable with. Solutions like QuickSign make this visible directly in the user interface via document‑status tracking.
4. Budget for evolution. As international interoperability discussions with the EU progress and eIDAS 2.0 rules come fully into force, expect further adjustments to standards and best practices. Building on flexible, modern e‑signature solutions will make future transitions less painful.

In practice, many organizations will combine a user‑friendly orchestration layer—where business users prepare, send, and track documents—with back‑end trust services that meet Swiss and EU requirements for the specific high‑assurance use cases that demand them.

Looking for an affordable e-signature solution? Try QuickSign for free - no credit card required.