[{"data":1,"prerenderedAt":136},["ShallowReactive",2],{"\u002Fblog\u002Fhow-digital-signatures-work-in-e-invoicing":3},{"id":4,"title":5,"body":6,"description":127,"extension":128,"lastUpdatedAt":129,"meta":130,"navigation":131,"path":132,"publishedAt":129,"seo":133,"stem":134,"__hash__":135},"blog\u002Fblog\u002F0033.how-digital-signatures-work-in-e-invoicing.md","How digital signatures work in e-invoicing (XAdES, PAdES)",{"type":7,"value":8,"toc":118},"minimark",[9,13,18,21,24,27,31,34,41,47,50,54,57,63,69,75,84,88,91,94,97,100,104,107,115],[10,11,12],"p",{},"Digital signatures come up in almost every serious conversation about e-invoicing, but the terminology gets messy fast. XAdES, PAdES, qualified signatures, advanced signatures — these terms are often used interchangeably by people who mean different things. This post explains what each actually means, what a digital signature on an invoice proves, and where Switzerland sits relative to EU requirements.",[14,15,17],"h2",{"id":16},"what-a-digital-signature-does","What a digital signature does",[10,19,20],{},"A digital signature on an invoice does two things. It proves authenticity — that the invoice was issued by the entity claiming to have issued it — and it proves integrity — that the document has not been changed since it was signed. If either of those properties fails, the signature is invalid.",[10,22,23],{},"Under the hood, a digital signature is produced by encrypting a hash of the document with the signer's private key. Anyone with the corresponding public key can verify the signature by decrypting it and comparing the result to a freshly computed hash of the document. If the hashes match, the document is unchanged and the private key that signed it corresponds to the certificate presented.",[10,25,26],{},"The certificate is what ties the signature to an identity. A qualified certificate, issued by an accredited trust service provider, means a government-recognised authority has verified that the private key belongs to the stated person or organisation. This is what makes a qualified electronic signature (QES) legally equivalent to a handwritten signature in Switzerland and across the EU.",[14,28,30],{"id":29},"xades-and-pades-what-the-acronyms-mean","XAdES and PAdES: what the acronyms mean",[10,32,33],{},"These are signature formats — standards that define how a digital signature is attached to a specific document type.",[10,35,36,40],{},[37,38,39],"strong",{},"XAdES (XML Advanced Electronic Signatures)"," is used to sign XML documents. An e-invoice produced as UBL or UN\u002FCEFACT CII XML can be signed using XAdES. The signature can be embedded inside the XML document (enveloped), wrap around the document (enveloping), or exist as a separate file pointing at the document (detached). For e-invoicing, the enveloped form is most common — the signature lives inside the XML structure of the invoice itself.",[10,42,43,46],{},[37,44,45],{},"PAdES (PDF Advanced Electronic Signatures)"," is used to sign PDF documents. It is the standard used for signing PDF\u002FA-3 files, which includes ZUGFeRD and Factur-X hybrid invoices. A PAdES signature on a ZUGFeRD invoice covers the entire PDF including the embedded XML payload, so a valid PAdES signature proves both the visual presentation and the machine-readable data are unchanged.",[10,48,49],{},"Both XAdES and PAdES come in several levels: B (basic), T (timestamp added), LT (long-term, includes certificate chain), and LTA (long-term archive, with archival timestamps). For invoicing purposes, at minimum the T level is worth using — adding a trusted timestamp proves the document existed and was signed before a certain point in time, which matters for archiving and VAT audit purposes.",[14,51,53],{"id":52},"the-three-levels-of-electronic-signature","The three levels of electronic signature",[10,55,56],{},"EU Regulation 910\u002F2014 (eIDAS) and the Swiss Electronic Signature Act (ZertES) both define three levels:",[10,58,59,62],{},[37,60,61],{},"Simple electronic signature (SES)."," Essentially any electronic marker attached to a document — a scanned handwritten signature, a name typed at the bottom of an email. Minimal legal weight.",[10,64,65,68],{},[37,66,67],{},"Advanced electronic signature (AES)."," Linked to the signer in a way that can detect subsequent changes. Must be created using data under the signer's sole control. Does not require a qualified certificate. Many commercial e-invoicing platforms use AES-level signatures.",[10,70,71,74],{},[37,72,73],{},"Qualified electronic signature (QES)."," Created using a qualified certificate from an accredited trust service provider, on a qualified signature creation device (typically a smartcard or HSM). In Switzerland, this is the only level that is unambiguously equivalent to a handwritten signature for legal purposes.",[10,76,77,78,83],{},"For most B2B e-invoicing, QES is not required. PEPPOL, eBill, and ",[79,80,82],"a",{"href":81},"\u002Fblog\u002Fen-16931-explained-the-european-core-invoice-semantic-model","EN 16931"," do not mandate digital signatures on invoices at all — the integrity of the exchange is handled at the transport layer through mutual TLS authentication and AS4 message signing. The invoice document itself is not expected to carry a separate document-level signature.",[14,85,87],{"id":86},"when-signatures-are-and-are-not-required","When signatures are and are not required",[10,89,90],{},"In Switzerland, the legal basis for invoicing is the Code of Obligations and the VAT Act. Neither requires a digital signature on an invoice, provided that authenticity and integrity can be demonstrated by other means — an audit trail showing who created the invoice, when it was sent, and that it was not altered.",[10,92,93],{},"For e-invoices transmitted over authenticated networks like PEPPOL or eBill, that audit trail is built into the transport infrastructure. The access point logs, AS4 receipts, and eBill delivery confirmations together demonstrate that the document was sent by the registered participant and arrived unchanged. A separate document signature adds little in this context.",[10,95,96],{},"Where signatures become relevant is in archiving. Swiss law requires invoices to be archived in a way that guarantees their integrity for ten years. For PDF invoices stored as files, a PAdES signature on the archived copy is a clean way to prove the archived document matches what was originally sent. For XML invoices archived in a document management system, the system's own audit log may be sufficient — but a signed original is simpler to demonstrate under audit.",[10,98,99],{},"The EU picture is more varied. Germany historically required qualified signatures on B2G invoices in some contexts. France accepted three methods of guaranteeing invoice integrity: qualified signature, EDI with audit trail, or tax audit trail (chemin d'audit fiable). The move to structured XML invoicing across the EU has largely superseded the signature debate — when the format itself is structured and transmitted over an authenticated network, the integrity argument is won at the format and transport layer rather than requiring document-level cryptography.",[14,101,103],{"id":102},"the-practical-implication-for-swiss-businesses","The practical implication for Swiss businesses",[10,105,106],{},"For most Swiss companies sending e-invoices via PEPPOL or eBill, digital signatures on the invoice document itself are optional and rarely implemented. The transport layer handles authentication and integrity.",[10,108,109,110,114],{},"Where it is worth investing is in your ",[79,111,113],{"href":112},"\u002Fblog\u002Fhow-to-audit-proof-your-invoice-archive-in-switzerland","archiving process",". Whether you archive PDFs, XML, or ZUGFeRD hybrids, having a consistent approach to proving document integrity — through signatures, hash registries, or a system with a solid audit log — will save time if you ever face a VAT audit or a commercial dispute over an invoice's content.",[10,116,117],{},"If you are building an e-invoicing system that crosses EU borders and involves countries where qualified signatures are required for certain document types, XAdES LT or LTA on your XML invoices is the most future-proof option. It adds some complexity to the signing infrastructure but keeps the legal basis solid in jurisdictions with stricter requirements.",{"title":119,"searchDepth":120,"depth":120,"links":121},"",2,[122,123,124,125,126],{"id":16,"depth":120,"text":17},{"id":29,"depth":120,"text":30},{"id":52,"depth":120,"text":53},{"id":86,"depth":120,"text":87},{"id":102,"depth":120,"text":103},"An overview of qualified electronic signatures for invoices — what they guarantee, when they are required, and the Swiss context.","md","2026-08-28",{},true,"\u002Fblog\u002Fhow-digital-signatures-work-in-e-invoicing",{"title":5,"description":127},"blog\u002F0033.how-digital-signatures-work-in-e-invoicing","GEgoTimq1EC0bX8R4_YIlmtZ2bj77kjh-SZVzLdaHeI",1781082546961]