🧾 Declarations of applicability / Anwendbarkeitserklärungen

Declaration on the applicability of advanced signatures in relation to ZertES
(Swiss Federal Law on Electronic Signature)

Hamilton Services AG confirms that it offers an advanced digital signature solution for its employees and the employees of Hamilton Medical AG, Hamilton Bonaduz AG and all its subsidiaries, which complies with the requirements of the Swiss Federal Law on Electronic Signature (ZertES) and meets all the requirements of this law.

Details on the application of ZertES

In order to comply with the requirements of ZertES, certain requirements according to Article 2 must be met. Due to the connection with the user account and the personal identification, the signature is uniquely assigned to the signer and clearly allows his identification. Due to the implementation of the signature in PDF documents and its structure, a subsequent modification of the data is impossible.

The solution used in Hamilton is an advanced electronic signature that complies with the requirements of Article 2 (see Article 3 Definitions, paragraph 26).  The signature process uses an electronic time stamp that meets the requirements for qualified electronic time stamps (Article 2, Article 14).

Proof that the signature complies with the above specifications can be provided to authorized persons at any time.

SR 943.03 - Federal Act of 18 March 2016 on Certification Services in the Field of Electronic Signatures and Other Applications of Digital Certificates (Federal Act on Electronic Signatures) (admin.ch)

Details on the verification of the validity of a signature

The advanced signature is based on a local infrastructure for issuing certificates, a so-called Public Key Infrastructure. The infrastructure for issuing certificates for the signatures is under the sole control of Hamilton and uses state-of-the-art security standards (Hamilton Service AG is ISO 27'001 certified).

Due to the principle, signed documents cannot be reliably verified outside this infrastructure without providing the corresponding original certificate (the so-called root certificate). The certificate and the instructions with the instructions for verifying the signature are published on the website https://pki.hamilton.ch. Users outside Hamilton are advised to carry out the measures listed in the instructions so that certificates can be verified.

The instructions are adapted as needed (e.g. in the event of changes to the signature process).