An electronic signature is understood to be data linked to electronic information with which the signatory or signature creator can be identified and the integrity of the signed electronic information can be checked. As a rule, the electronic information is electronic documents. From a technical point of view, the electronic signature thus fulfills the same purpose as a handwritten signature on paper documents.
Differentiation from the digital signature
In general, the terms “digital signature” and “electronic signature” are used synonymously . In computer science and cryptography , the digital signature is understood as a class of cryptographic (i.e. mathematical) processes, while electronic signature is a primarily legal term. The term "electronic signature" was first used by the European Commission in a revised draft of the EU Directive 1999/93 / EC in order not to link the legal regulations to a specific technology; In an earlier draft, the term "digital signature" was still used in accordance with the German signature law at the time. Art. 3 No. 10 eIDAS-VO deliberately defines the term very broadly: "Data in electronic form that is added to or logically linked to other electronic data and that the signatory uses to sign." In addition to digital (cryptographic) signatures, this definition also includes other methods that are not based on cryptographic methods, in particular methods that are not based on digital certificates . In addition, the term digital signature in software technology refers to identifications of all kinds, for example for individual documents, while the legal term is specifically restricted to “signature” in the sense of a personal signature.
On 28 August 2014, the European Commission in the Official Journal of the European Union , the Regulation (EU) no. 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC (eIDAS regulation or IVT) published. The regulation replaces the signature directive, but at the same time strengthens and expands the existing legal provisions that have already been introduced with the signature directive. The regulation has been in effect since July 1, 2016, with effect from this date the Signature Directive 1999/93 / EC is repealed.
The starting point for the current signature legislation in the European Union is the EU Directive 1999/93 / EC ( Signature Directive ) . This defines the requirements for the regulations of electronic signatures, which have been implemented in national laws by the member states and the other states of the European Economic Area .
The signature guideline defines the electronic signature in a technology-neutral way as data that is "added to or logically linked to other data and that is used for authentication". Any name of the originator or sender attached to an electronic document or message meets this definition. On the other hand, advanced electronic signatures , which make it possible to check the authenticity and falsification of the data signed by them, have a higher evidential value . Currently, only electronic signatures based on digital signatures meet these requirements. Finally, the guideline deals with so-called “advanced electronic signatures”, which are based on a qualified certificate and were created with a secure signature creation device (SSEE). The guideline does not define a designation for this type of signature, but deals specifically with them in essential points; meanwhile, the term qualified electronic signature has established itself almost everywhere in Europe .
The guideline specifies requirements for the issuing of certificates and for other certification services . According to Article 2 No. 9, a certificate is "an electronic certificate with which signature verification data is assigned to a person and the identity of this person is confirmed". According to Article 2, No. 11, certification services also include “other services in connection with electronic signatures”, eg. B. Inquiry services for certificates, identification and registration services for issuing certificates or time stamping services . The signature guideline places special demands on a qualified certificate . On the one hand, it must specify the issuer, the key holder and the scope of the certificate and bear the advanced electronic signature of the issuer; on the other hand, the issuer must meet extensive and extensive requirements with regard to the security and traceability of the issuing of the certificates.
The most important regulations of the signature guideline were that
- Member States may not make the provision of certification services dependent on prior authorization,
- a qualified electronic signature, d. H. an advanced electronic signature based on a qualified certificate and created with a secure signature creation device has the same effect as a handwritten signature,
- an issuer of qualified certificates is liable to a person who trusts a certificate,
- the qualified certificates issued in a member state and the signatures based on them are mutually recognized in all member states,
- Signatures that are not based on a qualified certificate can also be used as evidence in court. The concrete legal consequences of such a “simple” or advanced electronic signature (in contrast to the qualified electronic signature) are not regulated further and are therefore at the discretion of the court in the event of a dispute (objects of visual inspection).
As a counterpart to the qualified electronic signature (QES), the new EU regulation introduces qualified electronic seals to give legal entities the opportunity to guarantee the origin and integrity of electronic documents in a legally binding manner. They can also be used to identify legal entity digital assets, such as software code. With the entry into force of the regulation from July 1, 2016, qualified electronic signatures and seals will be recognized across borders in Europe.
In Germany, only qualified electronic signatures in accordance with Art. 3 No. 12 eIDAS Regulation meet the requirements for electronic form in accordance with German Civil Code BGB) , which can replace the legally prescribed written form . Also, only electronic documents provided with a qualified electronic signature have the same evidential value as (paper) documents within the meaning of the Code of Civil Procedure (Section 371a (1) ZPO ).
In cases in which a qualified electronic signature is not required by law, documents that have "only" been provided with an advanced electronic signature in accordance with No. 2 SigG can also be used as evidence in court by means of visual evidence.
The electronic signature is regulated by several legal provisions:
- Trust Services Act (VDG)
- Civil Code (BGB), here especially § ff. On the forms of legal transactions
- Administrative Procedure Act (VwVfG, of the federal government and most of the federal states), here in particular on electronic communication and on electronic administrative acts .
- Countless other pieces of legislation that were changed in 2001 by the Shape Adjustment Act.
- In addition, regulations of the European Union apply .
Forms of the electronic signature
The eIDAS regulation defines the following forms of electronic signatures in Art. 3 No. 10–12:
|Electronic signature||Advanced signature||Qualified signature|
|Security level||low||high||very high|
|example||Private or business email with signature||PGP -signed email||beA system|
|From: Max Mustermann
To: Lisa Mustermann
here the text.
99999 model town
|From: Max Mustermann
To: Lisa Mustermann
----- BEGIN PGP MESSAGE -----
Version: GnuPG v2
here the text.
----- BEGIN PGP SIGNATURE -----
Version: GnuPG v2
M4PXLMzSiGD1QxzN3ve6 / Sd1Uwo
----- END PGP SIGNATURE -----
The different forms of electronic signature represent different requirements for the signature. The highest requirements are placed on qualified signatures with regard to the creation of signature keys for signature creation and signature verification keys and certificates. In addition, the application components used to create the signature must also meet certain requirements.
Electronic signature requirements
The electronic signature according to Art. 3 No. 10 EIDAS VO is the (legal) basic form of the electronic signature. No elements of the digital or cryptographic signature are used, which is why it is also referred to as a "simple" signature. The signature consists of data that is used to sign and is added to or linked to other data. The addition of the name at the end of an e-mail, as shown above, represents such a signature. The name must be placed at the end of the declaration, otherwise it is not a signature. The electronic signature is only defined in Art. 3 No. 10 EIDAS VO and forms the basis for the definition of advanced electronic signatures. There are no further legal consequences attached to them, and no special requirements are made.
In civil proceedings, documents or files with "simple" electronic signatures are subject to the free assessment of evidence by the court. The electronic signature is permitted as evidence according to Art. 25 Para. 1 EIDAS VO. If authenticity or integrity are disputed, the evidential value of the electronic signature is low. In practice, however, the sender rarely denies having written a mail or other electronic declaration with a certain content; there is usually a dispute over the interpretation of the declaration.
Simple electronic signatures can be used in accordance with(3) BGB for declarations or agreements in which the parties have contractually agreed on electronic form.
Requirements for advanced electronic signatures
The definition in Art. 3 No. 11 and Art. 26 EIDAS VO applies to an advanced electronic signature . An advanced electronic signature must be created using electronic signature creation data that the signer can use with a high degree of confidence under their sole control. In addition, the advanced electronic signature must be clearly assigned to the signer, enable their identification and be linked to the signed data in such a way that a subsequent change to the data can be recognized. This is done either by the the signature creator assigned verification key or optionally means during the signature generation detected biometric signatures .
In addition, the term “signature key” does not necessarily only refer to cryptographic keys, and a certificate is not absolutely necessary for the signature creator to be identifiable. For example, advanced electronic signatures can also be created with PGP and a signature key (soft PSE ) stored on the hard disk .
In litigation, advanced electronic signatures are treated just like "simple" electronic signatures as objects of visual appearance; That is, the party referring to the signature must prove that the digital signature and identifier are genuine. Advanced electronic signatures can be used for free-form agreements in accordance with Section 127 of the German Civil Code.
Qualified electronic signature requirements
Only documents with a qualified electronic signature in accordance with chip card readers , is not mandatory, but at least one manufacturer's declaration is required, in which the respective manufacturer states that the component is in conformity with the SigG and SigV in accordance with SigG confirmed. Such a manufacturer's declaration will later be published by the Federal Network Agency in the Federal Gazette, but is already sufficient when it is submitted to the Federal Network Agency.No. 3 SigG can replace a legally required written form on paper as an electronic form, cf. BGB. In accordance with the European Directive, a qualified electronic signature is an advanced electronic signature that is based on a qualified certificate that is valid at the time it is generated and that was created with a secure signature creation device (SSEE). The signature key may only be saved and used in the SSEE, and compliance of the SSEE with the requirements of the Signature Act must be checked and confirmed by a recognized body. On the other hand, even for qualified electronic signatures, a check and confirmation of the signature application component , which includes signature software, drivers and
In the case of qualified electronic signatures, a distinction is also made as to which provider issued the certificates and generated the signature keys. A distinction is made between non-accredited providers and providers with accreditation by the Federal Network Agency. According to the Signature Act, every provider of certificates for qualified electronic signatures must meet certain requirements with regard to the data center they operate. The provider can obtain certification that his data center meets the highest security requirements. This is preceded by an examination by a recognized confirmation body (the Federal Office for Information Security ( BSI ) or a private confirmation body). If this determines that the security requirements by the provider or the operator of the data center (also referred to as a trust center in this context ) are met, the Federal Network Agency certifies its security. The data center operator can now call himself accredited and receives qualified certificates for his certification services from the certification authority of the Federal Network Agency, which in Germany is the root CA in the public key infrastructure ( PKI ) for qualified certificates.
Use in practice
The civil code allows the replacement of the legally prescribed - i.e. not voluntary - written form (max. 5% of all signed agreements or declarations) with the electronic form , unless otherwise stipulated by law ( BGB). The electronic form is preserved if the name of the signatory is added to the electronic document and provided with a qualified electronic signature ( BGB).
For informal agreements that do not require the written form by law, but are voluntarily drawn up in writing and signed or signed for reasons of evidence, the contractual partners can agree on a different form of signature for electronic documents, i.e. choose either a "simple" or an advanced electronic signature (BGB).
The cryptographic algorithms approved for qualified electronic signatures are approved and published by the Federal Network Agency . The products approved for a qualified electronic signature are also listed there.
Certification services do not require approval, but must be reported. The notification must show that and how the legal requirements (financial coverage, reliability, specialist knowledge) are met.
Austria was the first country to implement Directive 1999/93 / EC of the European Parliament and of the Council on a common framework for electronic signatures.
The basis for the recognition of electronic signatures in Austrian law is the signature law . Until 2008, this differentiated between the (simple) electronic signature and the secure electronic signature , which essentially corresponded to the qualified electronic signature in Germany. On January 1, 2008, an amendment to the Signature Act came into force. Now, in addition to the simple one, there is also an advanced and a qualified electronic signature in Austria. The simple electronic signature is defined in § 2 No. 1 ÖSiG and does not differ from the German regulation. The advanced electronic signature can be found in § 2 No. 3 ÖSiG and must meet additional requirements beyond the requirements of the simple electronic signature. It must only be possible to assign it to the signatory, enable the signatory to be identified, be created using means that are under the sole control of the signatory and be linked to the data to which it relates so that any subsequent change the data can be determined. The newly added § 2 No. 3a ÖSiG now names the qualified electronic signature and adapts the previously used term of secure electronic signature to the term technicus used in the signature guideline. In terms of content, however, it still corresponds to the secure signature.
The federal law on regulations to facilitate electronic traffic with public bodies (e-government law) enables the use of a citizen card with a secure electronic signature for participation in electronic administrative procedures. As an interim solution, an administrative signature could alternatively be used in accordance with § 25 until December 31, 2007 , the specific requirements of which are regulated in the Administrative Signature Ordinance. This interim solution will not be extended, so that since January 1, 2008 a secure or qualified electronic signature has been mandatory in e-government.
The citizen card is a general technological system, in particular the activation of smart cards (such as the social security card e-card or ATM cards ) for qualified electronic signing. As of 2014, around 150,000 Austrians were using this function. With the variant of the mobile phone signature , there has also been a state-controlled mobile signature (Mobile-ID) since 2007 . It is already being used by around 300,000 citizens in 2014. There are major security concerns with cell phone signature.
The electronic signature is regulated by the Federal Act on Certification Services in the Field of Electronic Signatures () and by the Ordinance on Certification in the Field of Electronic Signature ( ). The Code of Obligations ( ) provides in Art. 14 Para. 2 bis and Art. 59a an equalization of ZertES-compliant electronic signature and hand signature in the area of legal formal requirements as well as liability of the owner of the signing key for the careful handling of the key. ZertES, VZertES and the corresponding OR amendment came into force on January 1, 2005.
A significant difference from the control in the EU Signature Directive is that for a legal effect of the Swiss Code of Obligations standards mentioned in each case the recognition of the specific certification services by a certification authority is required. This certification body is accredited by the Swiss accreditation body . In Switzerland, therefore, a legally compliant electronic signature from a recognized certification service is required, while in the EU only a legally compliant signature is required and the accreditation therefore remains voluntary. The recognition is a confirmation that the certification service meets the requirements of the law.
The Swiss Accreditation Service (SAS, sas.admin.ch) publishes a list of recognized certification services . In 2016, Swisscom (Switzerland), QuoVadis Trustlink Switzerland, SwissSign AG (among other things, Swiss Post ) and the Federal Office for Information Technology and Telecommunications (FOITT) were recognized providers of certification services.
Due to the broad and technology-neutral definition, electronic signatures can be implemented using completely different technical processes. Specifying the sender in an email already represents an electronic signature. A contract concluded over the Internet also contains an electronic signature, provided that suitable methods, such as a password query, sufficiently prove the conclusion of the contract by a specific person.
Advanced or even qualified electronic signatures, which enable a reliable identification of the signer and which have to show any subsequent changes to the data, can be implemented technically with digital signatures in connection with digital certificates from a public key infrastructure (PKI). A key pair is used in these procedures. A key is used to generate the signature (signature key) and a key is used for verification (signature verification key). In the case of qualified signatures, the assignment of the asymmetrical key pairs is mandatory in accordance with the German Signature Act.
With advanced signatures, the identification of the signer is not linked to a certificate. In addition to certificates, other identification features, e.g. B. handwritten signatures captured during the signature creation process can be used.
Use in practice
Process of an electronic signature with a digital signature :
- The sender / signer (in the example: Alice ) selects the user file to be signed.
- The signature software of the sender / signer creates a hash value (checksum) via the user file.
- The signature creation unit used by the sender / signer creates the electronic signature from the hash value with the aid of a secret signature key.
- The sender / signatory sends the user file and the signature. Alternatives are:
- The recipient (in the example: Bob) receives the user file and the signature file
- The recipient verifies the signature with a verification software with the help of the public verification key (which usually corresponds to the secret signature key already supplied with the signature) and the user file. Many manufacturers offer free verification editions of their signature software for this purpose, some also offer online verification via the Internet.
- If the check is successful, the file has not been changed and the integrity of the data is ensured.
- If the sender / signer has been assigned the public verification key with a certificate and thus indirectly also his corresponding secret key, the sender / signer can be identified using his public key via a certificate directory available on the Internet. In this case, the validity of the certificate should also be checked at the time the signature is created.
- If the signature software of the sender / signer has assigned a handwritten signature recorded on a signature tablet to the hash value during the signing , the signature can be used to identify the sender / signer if necessary.
Long-term security of digital signatures
Due to new or improved methods of cryptanalysis and increasingly powerful computers, the efficiency of attacks on digital signature processes such as e. B. RSA increases over time. Therefore the security - and thus the informative value - of a digital signature is limited in time.
For this reason, the certificates issued today are generally not valid for more than three years, which means that the assigned signature key may no longer be used after the certificate has expired (some signing software refuses to set a signature with an invalid certificate). However, the age of electronic data is practically indeterminate. Documents could therefore easily be backdated by years or even decades without this being verifiable. Backdating can take place, for example, by adjusting the system time of the computer used. If a forger succeeds years later in calculating the signature key from the public certificate, he can use it to provide a backdated document with a forged qualified electronic signature.
In Germany, the providers must enable the verifiability of the certificates for five years - accredited providers for 30 years - after the end of the validity period by providing a public certificate directory (SigV). After that, the re-examination of a certificate may become impossible.
Even if a certificate has been invalid for a long time or the associated signature key can no longer be used, documents that were signed within the validity period are still legally valid.
The problem lies in the suitability of electronic signatures as evidence after the certificate has expired. In the literature, the opinion is held that the prima facie evidence (a reversal of the burden of proof) for the authenticity of an electronic signature with provider accreditation cannot relate to the fact that the signature was created before the expiry of the certificate, because the proof of the time of signing for those who is based on the signature, is easily possible and therefore does not require any facilitation of evidence. With the expiry of the certificate, the person who relies on a signature must therefore fully prove that the signature was set before this point in time. This can be done by re-signing or by a time stamp .
In the case of archived, signed documents, signing the archive itself or parts of it can secure the documents contained therein.
In the case of electronic invoices and other company documents, in accordance with the principles of proper bookkeeping, the obligation to archive invoices in an audit-proof manner for 10 years applies . If this condition is ensured by a corresponding electronic archive , a renewed signature of the individual documents is not necessary, since the audit-proof archive guarantees that the documents held in the archive cannot be changed.
A forgery of the signature can only be reliably ruled out if suitable software is used to create and check the signature. The difficulty here is that it is hardly possible to determine whether this requirement has actually been met. The signature alone cannot tell whether it was actually created with secure technical components. The German Signature Act therefore also defines requirements for products for qualified electronic signatures in.
In general, software is required to check the signature. The software on a PC can almost always contain so-called malware . A really reliable check as to whether the software actually complies with the specifications and has not been manipulated is very time-consuming. Here security mechanisms of the operating system and / or signatures on the software are normally used.
Problems in practice
Often the aspects of the consideration of safety are reduced to purely mathematical-technical aspects. Almost all pilot projects show that the human factor is given too little weight. Affordable and pragmatic handling of lost signature cards or forgotten secret numbers does not seem to be in sight. In the test region of Flensburg, the 10,000 field test with the electronic health card (eGK) was stopped in March 2008: “Of 25 doctors in 17 practices who voluntarily participated in the test phase, 30 percent blocked their health professional card because they no longer used the 6-digit signature PIN. 10 percent of them blocked their new medical card irreversibly. "
The hope of providers of signature cards has been based on the ELENA procedure (formerly JobCard) since 2002 . According to the ideas of the federal government, it should promote the use of digital signatures and would meet the request of the providers of signature cards that the state should finally create mandatory use cases. In this context, the media are increasingly concerned with the digital signature and the challenges of an introduction. A report by Deutschlandfunk on June 28, 2008 showed possible alternatives for forgotten secret numbers or lost signature cards. The currently intended procedure would either result in a weakening of security and data protection or would require a highly complex and hardly affordable process. Either a general key, with which the employees of the central storage location can access all certificates of earnings, or a multi-stage conversion process are considered.
In the last few years the signature cards and with them the digital signatures have been in competition in the field of electronic signatures. The offers for trustworthy digitization of handwritten signatures are becoming more and more common and sophisticated. The electronic signature on the computer can no longer be realized with a chip card and secret number alone. It has its fields of application wherever the so-called “ voluntary written form ” is used today. By this lawyers understand the mutual commitment on a paper document with handwritten signature as evidence. In the meantime, even credit institutions have switched to digitally capturing handwritten signatures using a signature tablet during processes such as opening an account during the signature process and using this biometric data as identification features - and thus as a certificate replacement - in the electronic applications (e.g. PDF forms) with the digital signature linked. In Austria, commercial enterprises have the option of using a number of open source modules from the digital platform for secure online processes: Austria such as B. to use the electronic signature for input tax deductible e-invoices. The Austrian Federal Chancellery also offers a verification service for verifying electronically signed documents. In the case of the Austrian mobile phone signature, there were fundamentally considerable doubts about the security. In particular, this should be susceptible to phishing attacks because the same mechanisms are used for login and signature.
Limited European harmonization
Despite the relevant requirements of the Signature Directive, an electronic signature does not have the same legal relevance in all countries. Although a qualified signature is defined as legally equivalent to a handwritten signature in all countries, the legal relevance of a handwritten signature varies considerably between countries. Therefore, a user will not be able to assess the legal relevance of a qualified electronic signature from another member state as long as he does not know the regulations there for handwritten signatures.
An extreme example is the UK, where a handwritten signature has no status beyond indicative; it merely represents evidence, the probative value of which has to be decided on a case-by-case basis. For this reason, the British government saw no need to include the regulation on the equality of qualified electronic signatures with handwritten signatures in national law. Not even the concepts of the secure signature creation device and the qualified electronic signature have been incorporated into UK legislation.
There are also differences in the question of whether qualified certificates and advanced electronic signatures can only be assigned to natural persons or also to organizations. Since the EC directive is not clear on this point, this question is regulated differently in the individual member states. The question arises, to what extent z. B. a qualified certificate issued in Belgium for a company and the signatures based on it are recognized in Germany.
Another problem is that the individual countries in many areas (in Germany e.g. in social legislation) only allow qualified signatures whose certificates have been issued by an accredited certification service provider. Since the requirements and procedures for accreditation are regulated very differently at national level, this requirement for provider accreditation makes it more difficult for foreign certification service providers to access the market.
nPA - German electronic identity card enables qualified electronic signature
The new identity card has been issued in check card format with a chip card since November 1, 2010 and includes the option to use it as a signature creation unit for qualified electronic signatures, which can be activated for a fee. The federal government hopes that this will spread the electronic signature.
Examples of legally required qualified electronic signature
Electronic waste record procedure
As part of the German Verification Ordinance , it has been mandatory since April 1, 2010 that waste disposal companies sign every transport of hazardous waste electronically and in a qualified manner ( electronic waste verification procedure , eANV ). From February 1, 2011 at the latest, this regulation will also apply to waste producers and waste carriers.
- Johann Bizer : Function and requirements of digital signatures from a legal point of view. In: BSI (ed.): Cultural controllability of digital signatures. Ingelheim 1997, ISBN 3-922746-28-4 , p. 111.
- Frank Bitzer, Klaus M. Brisch: Digital Signature: Basics, Function and Use. Berlin 1999, ISBN 3-540-65563-8 .
- Detlef Hühnlein, Ulrike Korte: Basics of the electronic signature: Law - Technology - Application. (PDF; 5.1 MB). Ingelheim 2006, ISBN 3-922746-74-8 .
- Jörg-Matthias Lenz, Christiane Schmidt: Electronic signature - an analogy to a handwritten signature? Stuttgart 2004, ISBN 3-09-305705-1 .
- Simon Schlauri: Electronic signatures. (PDF; 3.8 MB). Zurich 2002.
- Individual questions:
- Martin Eßer: The criminal law protection of the qualified electronic signature process. Baden-Baden 2006, ISBN 3-8329-1991-0 .
- Olga Grigoryev: Evidence of Advanced Electronic Signatures. Kassel 2015, ISBN 978-3-86219-960-0 .
- Susanne Hähnchen, Jan Hockenholz: practical problems of the electronic signature. JurPC web doc. 39/2008, paras. 1-31.
- Florian Kunstein: The electronic signature as a component of electronic administration - analysis of the legal framework for electronic communication with special consideration of local government. (PDF; 2.7 MB). Berlin 2005, ISBN 3-86504-123-X .
- Hanno Langweg: Malware Attacks on Electronic Signatures Revisited. In: Jana Dittmann (Ed.): Sicherheit 2006 - main conference "Security - Protection and Reliability". Bonn 2006, ISBN 3-88579-171-4 , p. 244.
- Pauline Puppel: Considerations for archiving electronically signed documents. Electronic legal transactions in the specialized jurisdiction of Rhineland-Palatinate. Supplement to Our Archives , Koblenz 2007, ISBN 978-3-931014-72-8 .
- Alexander Roßnagel , Paul Schmücker (eds.): Evidence-based electronic archiving - do electronic signatures offer legal security? ( ArchiSig ). Bonn 2006, ISBN 3-87081-427-6 .
- An introduction to the certificate-based and certificate-free electronic signature (PDF; 1.5 MB)
- Telekom-Control-Commission - supervisory body for electronic signatures in Austria
- J. Dumortier et al. a .: The Legal and Market Aspects of Electronic Signatures. ( Memento of October 25, 2012 in the Internet Archive ) (PDF) Study for the European Commission, 2003.
- . In: OJ. L 257, August 28, 2014, pp. 73-114.
- , accessed on March 3, 2015
- Fraunhofer FOKUS Competence Center Public IT: The ÖFIT trend sonar in IT security - Electronic signatures and electronic seals. April 2016, accessed May 26, 2016 .
- Draft of a First Act to Change the Signature Act (1st SigÄndG) (PDF; 330 kB)
- Justification for the draft of a law on framework conditions for electronic signatures and for changes to other regulations ( Memento from February 20, 2013 in the Internet Archive ) (PDF; 142 kB)
- Published manufacturer. (No longer available online.) Federal Network Agency, archived from the original on April 2015 ; Retrieved March 3, 2015 .
- Alexander Rinke, Robert Tubis: The legally binding nature of electronic signatures in Europe - with examples from the life science sector. In: Pharm.Ind. 71, No. 6, 2009, p. 963.
- cf. Article in ZiB 2 from May 30, 2016 and excitement about the mobile phone signature. In: Trend. 22, 2016, p. 62.
- List of certified providers of certification services in accordance with the Federal Act on Electronic Signatures (ZertES) , KPMG , June 29, 2016
- Example for the signature block of a digital signature - application at the pressetext news agency ( Memento from June 2, 2012 in the Internet Archive )
- Simon Schlauri: Electronic signatures. (PDF; 3.8 MB). Zurich 2002, N. 748
- Simon Schlauri: Electronic signatures. (PDF; 3.8 MB). Zurich 2002, N. 172 ff.
- Berliner Sparkasse introduces digital signature. Press release from Berliner Sparkasse, June 20, 2008.
- press text as a reference example for digital signature from May 14, 2008
- Digital platform: Austria
- Signature verification service of the Federal Chancellery
- heise online: Austrian mobile phone signature prone to phishing
- J. Dumortier et al. a .: The Legal and Market Aspects of Electronic Signatures. (PDF) Study for the European Commission.