Hamilton Services AG confirms to provide for its employees and the employees of the companies Hamilton Medical AG, Hamilton Bonaduz AG and all its subsidiaries an advanced digital signature solution that complies with the requirements of EU Regulation No. 910/2014 (eIDAS) and meets all the requirements of this law.
Details on the application of eIDAS
In order to comply with the requirements of eIDAS, certain requirements according to Article 26 must be met. Due to the connection with the user account and the personal identification, the signature is uniquely assigned to the signer and clearly allows his identification. Due to the implementation of the signature in PDF documents and its structure, a subsequent modification of the data is impossible.
The solution used in Hamilton is an advanced electronic signature that complies with the requirements of Article 26 (see Article 3 Definitions, paragraph 26). The signature process uses an electronic time stamp that meets the requirements for qualified electronic time stamps (Article 42).
Proofs that the signature complies with the above specifications are possible at any time to authorized persons.
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
Details on the verification of the validity of a signature
The advanced signature is based on a local infrastructure for issuing the certificates, a so-called Public Key Infrastructure. The infrastructure for issuing certificates for signatures is under the sole control of Hamilton and uses up-to-date security standards (ISO 27'001 certified).
In principle, signed documents cannot be reliably verified outside this infrastructure without providing the associated certificate of origin (the so-called root certificate). The certificate and the instructions for verifying the signature are published on the https://pki.hamilton.ch website. Users outside Hamilton are advised to carry out the measures listed in the instructions so that certificates can be verified.
The instructions will be adapted if necessary (e.g. if the signature process is modified).