AI is massively scaling cyber risks for all organisations in Germany, Switzerland, and Austria. The figures speak for themselves: the Swiss Federal Office for Cybersecurity BACS recorded 970 CEO fraud reports in 2025, an increase of 35 per cent on the previous year. A study by the German industry association Bitkom puts the total damage from cyberattacks on German companies in 2025 at €289.2 billion, with 87 per cent of companies affected. According to a study by identity verification provider Regula, 49 per cent of international organisations experienced both audio and video deepfakes in 2024.

This guide goes a step further. It shows how six classic scenarios, relevant to virtually all organisations, can be addressed using two proven cryptographic tools — and above all, what this looks like concretely in your processes.

The guide is aimed at those responsible for HR, Finance, Legal/Compliance, Product Management, and Digital Transformation. It does not replace technical architecture planning, but it gives you the foundation to have productive conversations with your IT team and suppliers.

The Two Instruments at a Glance

The qualified electronic signature (QES) binds a cryptographically verified person to a document. Before first use, the signatory must complete a formal identity verification process — for example via video identification against a government-issued ID, or in future via the EUDI Wallet or the Swiss e-ID. The signature is then legally equivalent to a handwritten signature under ZertES or eIDAS. The manipulation or theft of official identity documents is possible in principle, but this barrier is considerably higher than fabricating an identity through forged emails, phone calls, images, or PDFs.

The regulated electronic seal binds an organisation to a document. It proves that the document originates from your organisation and has not been altered since issuance. When issuing the seal certificate, a Trust Service Provider verifies the organisation against official registers such as the commercial register, the UID register, or comparable sources. A seal is not a substitute for a signature but a complementary tool: signatures represent persons; seals represent organisations.

Both instruments make any subsequent change to a document immediately detectable. Documents can no longer be manipulated without trace. How these mechanisms work cryptographically in detail, and how integration into your systems can be structured architecturally, is explained in the technical guide.

1. Protecting Employment Contracts Against Synthetic Identities with QES

QES requires every signatory to pass a formal identity check. AI-generated applicants fail before they enter the system.

Real Cases in HR

Synthetic identities pass the application, video interview, and reference check and ultimately sign an employment contract with a forged ID. Pindrop, a US provider for voice biometrics and voice fraud detection, found over 800 applications for a single job posting, more than one third of which were entirely fabricated. Germany's domestic intelligence agency confirmed that German companies have hired North Korean operatives.

The Recruitment Process Without QES

Today, hiring typically runs like this: online application, video interviews, upload of an ID copy, reference checks, signature on a PDF as an image scan or signature image. Every single one of these steps can be overcome with today's AI tools. A deepfake passes the video interview. A generated scan fulfils the ID check. Fabricated references describe a career that never existed.

The Recruitment Process With QES

The new employee signs the employment contract with a QES. To have a QES issued at all, the person must complete a formal identification process against a government-issued identity document. This check does not take place at your organisation but at a certified Trust Service Provider such as SwissSign.

Technically there are two integration paths.

Directly in the web: You use a web interface such as the SwissSign Signature Service Web, upload the contract as a PDF, define the signatory, the person receives a link and completes the QES process including identification. The signed PDF is returned. No IT project required.

Integrated into your HR software: You connect QES to your HRIS or contract management system via REST API. The contract is generated there, passed for signature, and returned signed. The new employee sees no third-party tool — only your process.

What Changes in Practice

A fabricated identity fails at the identification step, not at the workplace. The signed document is tamper-proof: any subsequent change to salary, role, or clauses becomes visible. You have a legally compliant record of who signed when with which verified identity. And in remote hiring, where physical identity checks are not possible, QES is the strongest available alternative.

QES does not prevent deepfake-based interviews. An attacker can still deceive you in conversation. But they cannot reach a signed contract without identifying themselves as the person they claim to be.

Regulatory Context

The legal validity of QES is clearly regulated in Switzerland by ZertES and in the EU by the eIDAS Regulation. There is no general statutory obligation to use QES for employment contracts in either Switzerland or Germany. The position is different for temporary staffing and agency work: in Germany under the Arbeitnehmerüberlassungsgesetz (AÜG), and in Switzerland under Art. 19 AVG, written form is prescribed, which can only be fulfilled electronically via QES. Individual clauses within regular employment contracts also require written form under the Swiss Code of Obligations, particularly non-compete clauses (Art. 340 CO), waivers of overtime pay, and salary assignments (Art. 165 CO). Anyone agreeing such clauses electronically without QES risks those clauses being unenforceable in a dispute. The contract itself remains valid, but the contested clause falls away.

Industry-Specific Regulations and Cybersecurity Requirements

The EU regulations NIS2 (implemented in Germany via the BSIG since 6 December 2025), DORA (applicable since 17 January 2025), and the Swiss Information Security Act (ISG), which have been in effect since 2025, do not name QES explicitly, but they require strong authentication, identity management, tamper protection, and traceable access rights. QES directly fulfils several of these requirements: verified identity, tamper evidence, seamless audit trail.

Given the general threat landscape, our urgent recommendation even without an explicit legal obligation is: use QES wherever remote hiring takes place and wherever the new employee will have access to sensitive data or systems.

2. Securing Supplier and Partner Contracts Against Identity Fraud with QES

A valid QES presupposes a verified identity. Persons with fabricated or stolen identities cannot produce one. Every contract amendment requires a new QES.

Real Fraud Cases Involving Partner or Supplier Relationships

An entrepreneur from the canton of Schwyz transferred several million francs to Asia over two weeks in January 2026. The instructions came via a phone call from an apparent business partner whose voice had been cloned using AI. FACC in Austria lost €42 million in a similar way in 2016.

The Process Without QES

Contracts are exchanged by email as PDFs. Organisations often use scanned images of handwritten signatures. The counterparty's identity is verified contextually: familiar email address, existing relationship, known voice on the phone. Changes to payment details or delivery terms are often communicated by email, sometimes without a formal contract amendment signature.

This is exactly where attackers target. The email address can be compromised, the voice cloned, the supplier document layout replicated perfectly.

The Process With QES

Both parties sign with QES — not only the main contract but also every relevant amendment. A renegotiation of bank details? Without QES, no legal effect.

Technically this works via two paths.

Directly in the web: For individual, high-value contracts, the web interface with manual PDF upload is appropriate.

Integrated into contract lifecycle management or ERP: For high-volume processes such as procurement or standard contract frameworks, API integration directly into the contract lifecycle management system or ERP is worthwhile. SwissSign as a ZertES- and eIDAS-certified Trust Service Provider supports both, as well as batch signing when multiple documents are to be signed in a single operation.

What Changes in Practice

The identity of the signing person on the other side is cryptographically verified. A person with a fabricated or stolen identity cannot produce a valid QES. If someone contacts you claiming to be your supplier and demands changed payment details, require a QES-signed amendment. No valid QES, no change. The original contract and every amendment are tamper-proof and carry a qualified timestamp. In a dispute, you have a chain of evidence you can use in court.

Important caveat: QES protects the contract process. It does not prevent an employee from triggering a transfer outside the contract process in response to a deepfake call. The CEO fraud in the canton of Schwyz did not involve forged contracts but direct phone instructions. Organisational controls (four-eyes principle, callbacks via established channels, approval workflows) therefore remain indispensable. Concretely in the Schwyz case, QES would have prevented a purportedly amended bank account from taking legal effect in a contract; it would not have prevented someone being persuaded to make transfers by phone.

Regulatory Context

For most B2B contracts there is no mandatory form requirement; the Swiss CO allows freedom of form. However, there are cases where a qualified signature is prescribed: wherever the law requires written form (e.g. suretyship, promises of gift), QES must be used for electronic signing. Cross-border it becomes more complex: eIDAS governs mutual recognition within the EU; other jurisdictions have different or no legal standards for digital signatures.

Clear recommendation even without a form requirement: for all contracts above a material threshold (e.g. CHF 50,000), for all partner and supplier contracts with recurring payment flows, and for all agreements with counterparties outside established, long-standing relationships.

3. Securing Insurance Contracts and Claims Against Identity Fraud with QES

QES at the point of policy issuance prevents synthetic identities. QES on claims creates accountability for every claimant.

Real AI Insurance Fraud Cases

A German pet health insurer discovered multiple cases in 2024 and 2025 in which canine operations were fabricated using AI-generated X-ray images and forged invoices. Allianz UK recorded a 300 per cent increase in AI-manipulated damage photos in motor insurance. The Gesamtverband der Deutschen Versicherer (GDV) estimates total annual losses from insurance fraud in Germany at over €6 billion.

The Process Without QES

Policy issuance runs online: fill in a form, upload an ID, give digital consent. Identity verification is weak, often just a scan. Claims follow the same pattern: login, form, upload of photos, expert reports, invoices. Identity is assumed from login credentials and policy number, not verified.

The Process With QES

Two intervention points make sense.

At policy issuance: the applicant signs the insurance contract with QES. This requires a formal identity check before the QES can be issued at all. Synthetic identities — purely AI-generated personas — do not survive this step.

At the claims stage: the claimant signs the declaration with QES. This produces a verified, non-repudiable statement of who is claiming which loss.

Technically the integration runs via the SwissSign API into your policy management system or claims management system. For retail customers, the QES interface can be embedded in your portal or app with your branding. The SwissSign On-Premises option supports white-labelling so that your customers are not redirected to a third-party tool.

What Changes in Practice

The risk of policies issued to purely fabricated identities is significantly reduced. Claims carry a verified identity, making fraudulent submissions traceable and therefore deterrent. AI-generated damage photos are not directly prevented, nor are forged expert reports. But the person submitting them is unambiguously identified. This fundamentally changes the risk calculation for fraudsters.

For the insurance industry this means realistically: QES at policy issuance largely resolves the synthetic identity problem. QES on claims creates accountability. Neither instrument alone stops every fraud, but a chain of verification emerges that is orders of magnitude harder to overcome than the form-plus-upload pattern still prevalent today.

Regulatory Context

For insurance contracts there is no general form requirement in Switzerland; the Insurance Contract Act allows written or text form. There is nevertheless indirect pressure: FINMA supervision expects robust anti-fraud measures, and the ongoing revision of FINMA Circular 2016/7 on video and online identification (consultation until 27 February 2026) integrates the e-ID as a new identification pathway. Insurers that adopt QES and rigorously verified identities early are positioning themselves ahead of this regulatory wave.

Urgent recommendation regardless of legal obligations: for all life insurance, pension products, and policies with high insured sums where the damage from identity fraud is significant.

On AI Manipulation of Identity Documents and Stolen Identities

QES provides strong protection against purely synthetic identities because these do not pass the identification check. Against combined attacks using genuine but stolen documents, protection is limited. How high the barrier actually is depends on the identification procedure chosen.

The Swiss e-ID and EUDI Wallet will significantly increase protection in future because they provide cryptographically verified state identity attributes that cannot be imitated through deepfake attacks. New risks arise at the wallet level: theft of the device plus master password, or phishing for wallet credentials.

Despite these limitations, identification remains the hardest attack vector in the entire QES process. Overcoming it is substantially more demanding than forging an email, cloning a voice, or manipulating a PDF. This is precisely the practical security gain of QES over image-scanned signatures: not absolute unforgeability, but a considerably higher barrier that makes mass-market attacks economically unviable for attackers.

4. Protecting Invoices Against IBAN Manipulation with an Electronic Seal

A regulated seal makes any subsequent IBAN change immediately visible. The recipient checks that the seal is intact before making payment.

Real Invoice Fraud Cases

A German roofing company was due to send an invoice for €27,000 in September 2025. During the owner's holiday absence, attackers gained access to the email inbox, swapped the IBAN in the PDF, and forwarded the manipulated invoice. Only an attentive accounts clerk prevented the payment. The IHK Bodensee-Oberschwaben warned of a wave of such cases with individual losses exceeding €100,000. Since 9 October 2025, banks across the EU are required to match IBAN against recipient name (Verification of Payee).

The Process Without a Seal

The invoice is generated in the ERP, exported as a PDF, and sent by email. Between your system and the customer's inbox the document can be intercepted and manipulated. The customer has no way to verify that the IBAN on the invoice is really the one you sent.

The Process With a Seal

Your organisation's regulated electronic seal is applied to the invoice at the point of creation, before dispatch.

Technically there are three integration patterns, depending on the maturity of your systems.

First: direct integration into your ERP or billing system via REST API. The invoice is generated in the ERP, sealed before export, then sent as a sealed PDF. Fully automated, without a manual step.

Second: integration into your output management or print workflow, where the seal is added as the final step before dispatch.

Third, for organisations without ERP integration: manual sealing via web interface or batch sealing of multiple invoices simultaneously.

From the recipient's perspective, the sealed PDF can be checked in any PDF reader (Adobe Reader, Foxit, or the free federal validator). Green indicator: seal intact, issuer confirmed. Red indicator: seal broken, do not pay.

S/MIME as an Alternative Protection Layer and Why It Does Not Replace the Seal

S/MIME signs the email in which the invoice is sent. This allows the email sender to be cryptographically verified and subsequent changes to the email content to be detected. This is valuable protection at the transport layer, but it does not solve two important problems: first, a key exchange between sender and recipient must take place before the first exchange, which is cumbersome in practice and rarely implemented comprehensively in B2B mass business. Second, S/MIME only protects the transmission channel, not the document itself. If the same PDF is later printed, forwarded, archived, or distributed via another channel, the protection is lost. A seal on the invoice itself remains permanently attached to the document, regardless of the transmission path, and remains verifiable even after repeated forwarding or saving.

What Changes in Practice

Any change to the document after sealing — even a single digit in the IBAN — breaks the seal. Your customer checks before payment: seal present, seal intact, issuer confirmed. If the seal is broken or absent, the customer does not pay. You directly protect your revenue. A sealed invoice cannot be manipulated without detection.

Additional benefit: the banks' Verification of Payee mechanism checks IBAN against recipient name. When you send sealed invoices with correct data, payments proceed smoothly. The seal and Verification of Payee are two complementary layers of protection: VoP protects the invoice recipient; the seal protects the issuer.

Regulatory Context

In Germany, the obligation to receive e-invoices for B2B transactions has applied since 1 January 2025. From 1 January 2027, the obligation to send applies for companies with prior-year turnover above €800,000; from 1 January 2028 for all domestic B2B transactions. The EU ViDA directive requires e-invoicing for cross-border B2B transactions from 1 July 2030.

The e-invoicing obligation does not automatically mean a sealing obligation. The requirement relates to structured formats (XRechnung, ZUGFeRD), not necessarily to cryptographic seals. However, the seal is the only instrument that provably secures the authenticity of the sender and the integrity of the invoice.

In Switzerland there is no general e-invoicing obligation for the private sector. However, since 1 January 2016, the Federal Government has required suppliers to the federal administration to submit e-invoices where the contract value exceeds CHF 5,000 (Federal Finance Administration). Swiss companies invoicing into the EU must in any case comply with the EU rules.

Urgent recommendation: for all invoices containing an IBAN — which means practically all B2B invoices. The effort for the seal after initial integration is marginal; the protection takes effect immediately.

5. Issuing Tamper-Proof Diplomas and Educational Credentials with a Seal

A sealed diploma is cryptographically verifiable. Employers confirm authenticity immediately, without calling your institution.

Real Diploma Fraud Cases

The Swiss SDBB warned of apprenticeship certificates generated via a foreign website; a federal job applicant was exposed after presenting a fake diploma. Google Threat Intelligence documented fabricated degrees from European universities in the North Korean fake IT worker networks.

The Process Without a Seal

The diploma is issued on paper but often used as a scanned PDF. Verification relies on visual inspection by the recipient or a callback to your administration; the latter can also be faked. Neither scales; neither reliably detects high-quality AI forgeries.

The Process With a Seal

Your institution's regulated electronic seal is applied to every diploma, every transcript, and every certificate at the point of issuance.

Technically, the sealing connects to your campus management system (at Swiss and German universities typically CAMPUSonline, HISinOne, evento, or comparable solutions). When a degree is generated there, sealing takes place via the SwissSign API automatically before the PDF is sent to graduates or placed in the alumni portal. For institutions without a deeply integrated campus management system: batch sealing at the end of the semester when all degrees are issued.

From the recipient's perspective — employers or other institutions: open the diploma, check the seal status. Intact and issued by your institution? Genuine. Not intact? Forgery. No seal? Caution.

What Changes in Practice

Any manipulation — whether to the name, grade, date, or programme — breaks the seal. Employers and third-party institutions verify authenticity immediately and cryptographically, without calling you. A forgery without access to your private key is not possible.

A strategic argument follows: the emerging credential ecosystems (European Digital Identity Wallet, Swiss e-ID, Verifiable Credentials) will require seals as a minimum standard. Institutions that seal today are positioning themselves for this infrastructure.

Regulatory Context

A general sealing obligation for diplomas does not exist today. The eIDAS 2.0 Regulation and the European Digital Identity Wallet create the regulatory framework within which member states must make a Wallet available by end of 2026. Educational credentials are among the central credentials intended to be held in this Wallet — and that only works with cryptographically verified provenance.

The Swiss framework is developing in parallel around the e-ID and verifiable credentials. The authoritative basis is the Federal Act on Electronic Proof of Identity and Other Electronic Evidence (BGEID). The question is therefore not whether diplomas will have to be sealed in future, but when the lead time runs out.

Urgent recommendation: start sealing newly issued diplomas now. Retrospective sealing of older credentials can then be set up as a value-add project for alumni.

6. Protecting Official Certificates Against Authority Identity Fraud with a Seal

A sealed commercial register extract or residence certificate protects your authority from fraudsters abusing your reputation.

Real Cases of Authority Fraud

The Hamburg District Court warned in 2025 of a nationwide wave of fraud: forged court fee invoices following commercial register entries, deceptively authentic with state coats of arms and official court layout, sometimes reaching recipients before the genuine court billing office. On a single day, the Hamburg District Court received around 60 undeliverable returns of such forgeries.

The Process Without a Seal

Certificates of residence, commercial register extracts, debt enforcement register extracts, and civil status documents are issued as PDFs. Visual authenticity markers (coat of arms, stamp, layout) give the impression of authenticity, but cryptographic proof is absent. For attackers: a template.

The Process With a Seal

Your authority's regulated electronic seal is applied to the document at the point of issuance.

Technically via SwissSign API integration, connected to the specialist system that creates the documents (residents register, commercial register software, document management). For administrations with a heterogeneous system landscape, a central sealing service via which all specialist applications can seal is also suitable.

SwissSign offers this central service architecture as an On-Premises installation, which is relevant for federal and cantonal administrations for sovereignty reasons. Several larger cantons across all language regions of Switzerland already use SwissSign's signature and seal solution On-Premises.

What Changes in Practice

Any change to the document — whether to name, address, date, or content — breaks the seal. Recipients verify authenticity cryptographically. Your documents become trustworthy in digital workflows, not only on paper. Citizens who rely on your documents are better protected against identity fraud.

A point particularly relevant for public bodies: without sealed documents, recipients continue to demand paper originals and in-person presentation. This causes your digitalisation strategy to fail at the last mile. Sealed documents are not an add-on to e-government — they are the trust infrastructure that makes e-government viable.

Regulatory Context

The eIDAS Regulation defines regulated seals as unambiguous proof of origin for organisations. eIDAS 2.0 and the European Digital Identity Wallet will be binding for public bodies by end of 2026. In Switzerland, ZertES provides the regulatory framework for seals, and the introduction of the e-ID under the BGEID builds on this.

Here too the question is not whether but when and how. Early adoption signals digital maturity, sets standards for other authorities, and protects against the Hamburg scenario.

Urgent recommendation: for all official documents typically presented to third parties (banks, employers, other authorities). These documents have a clear market value for fraudsters. They are the rewarding target.

7. How Digital Signatures and Seals Protect: Technical Fundamentals

Across all six applications, the following properties define the practical value of qualified signatures and regulated seals.

Tamper evidence. Any change to a sealed or QES-signed document can be detected. The verification result is not based on visual inspection or probability but on a deterministic mathematical integrity check: either the document remains bit-for-bit identical to the signed version, or verification fails.

Audit trail. Complete, non-repudiable evidence of who signed or sealed what and when. This audit trail is part of the document itself, not an external database, and therefore remains verifiable even when systems are migrated or decommissioned.

Long-Term Validation (LTV). Signatures and seals remain verifiable over decades. LTV embeds all necessary validation data (certificates, revocation lists, timestamps) in the document. This is important for long-term archiving and future evidentiary use.

Legal standing. QES is legally equivalent to a handwritten signature (ZertES Art. 14 para. 2bis; eIDAS Art. 25 para. 2). The regulated seal enjoys a legal presumption of origin and integrity: in court, it is presumed in favour of the issuing seal that the document does indeed originate from the stated organisation and has not been altered. The other party must rebut this presumption with concrete counter-evidence, which is practically impossible against a cryptographically intact seal.

In a dispute. The burden of proof shifts. A cryptographically signed or sealed document is technically verifiable and can serve as evidence in court. The opposing party would have to attack the cryptography, not merely assert that the document was manipulated.

8. Why the Swiss Trust Layer

For regulated industries and the public sector, the choice of Trust Service Provider is not a detail. We would like to name a few points that distinguish SwissSign from generic providers.

Data remains in Switzerland. This is relevant for FINMA-regulated institutions, for the health sector under the Swiss Data Protection Act, for critical infrastructure organisations, and for public bodies.

Many providers use certificates issued by other Trust Service Providers for their signatures and seals and are not certified themselves; SwissSign, on the other hand, is a Qualified Trust Service Provider.

The deployment options vary in terms of technology, but are all equally sovereign. SwissSign offers a web service, an API and an on-premises solution. The choice depends on your policies, your architecture and your integration requirements, not on regulatory requirements.

The Swiss e-ID will simplify identification for a QES. SwissSign is positioning itself at this interface.

Those who want to go deeper into implementation questions — for example on integration architectures at financial institutions — will find a detailed analysis in our article on implementation challenges in financial institutions.

Frequently Asked Questions

This article reflects the views of SwissSign and does not constitute legal advice.