Create signature with QES provider

1. Define goals and requirements: What do you want to achieve?

Before comparing providers, it is worth taking a clear look at your own organization. What problems need to be solved?

• Is it about faster contract conclusions?
• Do paper-based processes need to be replaced or legal requirements fulfilled?
• Is a specific signature level required (simple, advanced, or qualified electronic signature)?

The expected document volume and desired user-friendliness also play a role. The clearer the goals, the easier it will be to evaluate whether a solution is suitable later on.

‍

2. Identify areas of application and internal stakeholders

Digital signatures often affect more than just the legal department. The following areas are frequently involved:

• HR: Employment contracts, onboarding documents‍
• Sales: Offers, contracts with customers ‍
• Purchasing: Supplier contracts, orders‍
• Management: Corporate documents, minutes

Early coordination with the departments concerned helps to create internal acceptance and identify specific requirements.

‍

3.  Determine the types of signatures required: Do I need the same legal validity as for handwritten signatures?

Another important step is to clarify which of the three legally defined signature types—simple electronic signature (EES), advanced electronic signature (AES), or qualified electronic signature (QES)—is required for your documents, as each has different requirements and legal effects.

In many business-critical or legally relevant cases – such as when opening bank accounts, for notarized documents, or when communicating with authorities – a qualified electronic signature (QES) is required by law.

Important: A QES may only be issued if the signatory has been successfully identified beforehand. Integrated identification offers major advantages here, as it simplifies the process considerably and makes it scalable.

Ask yourself the following questions, among others:

• What legal requirements apply to the respective document types?
• Do certain formal requirements have to be met – such as written form requirements?
• Is simple approval sufficient, or is traceable identification of the signatory required?
• Where is maximum legal protection necessary, and where is a pragmatic solution sufficient?

To answer these questions, mesoneer has provided guidance in articles on the individual types of signatures. This should help you to better classify the correct area of application and requirements.

4. Analyze the system landscape: How should the solution be integrated?

A key criterion for choosing a signature solution is its integrability. A step-by-step approach is often helpful here:

Start without integration to achieve initial results quickly, gain experience, and evaluate the benefits. This also allows internal processes and role assignments to be tested and optimized at an early stage.

In the second step, technical integration into existing systems can then take place – e.g., into Microsoft 365, Salesforce, SAP, or HR software. The following questions should be considered:

• Are there existing workflows or document management systems that need to be connected?
• Is an API interface required to cover specific requirements?
• How can the solution be integrated as smoothly as possible into the existing IT landscape?

A step-by-step approach reduces complexity at the outset and facilitates internal acceptance – without compromising the long-term goal of seamless integration.

5. Plan user groups and access rights

Who should sign – internally and externally? A successful implementation takes user needs into account:

• How many users are needed – permanently or only occasionally?
• Should external parties (e.g., customers or partners) be able to be easily included?

A clear role and authorization concept ensures security and prevents misunderstandings in everyday use.

User management becomes particularly efficient when the signature solution is integrated into the company-wide identity provider (IdP) – for example, via Azure AD, ADFS, or Keycloak. This allows user and group rights to be managed centrally, existing security requirements to be met, and seamless login (single sign-on) to be enabled.

This not only reduces administrative effort, but also facilitates implementation in larger organizations.

6. Check legal and regulatory requirements

Digital signatures are subject to legal requirements – in Switzerland, for example, the Federal Act on Electronic Signatures (ZertES) and in the EU, the eIDAS Regulation. Check with your legal department:

• Which signature level is required for which documents?
• Is the selected provider compliant with the applicable regulations (e.g., ZertES, eIDAS, GDPR)?
• How are audit trails and chains of evidence documented?

A certified provider creates trust and legal certainty here – both in a national and international context.

7. Compare providers and start a pilot project

Now the selection phase begins: Compare providers based on the criteria you defined earlier. Pay attention to:

• User-friendliness (UI/UX)
• Price structure (e.g., per signature, per user, or flat rate)
• Integration into existing systems (e.g., Office365, HR or CRM solutions)
• Security standards and hosting location
• Support and training offerings

At mesoneer, we have exactly these requirements in mind: Our solution is modular, fully ZertES and eIDAS compliant, and can be seamlessly integrated into existing processes – from individual contracts to group-wide signature strategies. During implementation, we work closely with our customers, provide support for individual challenges, and ensure that the solution fits perfectly into their everyday work.

‍