Our employees only speak German in the office and on the phone.

Accreditation and operation of certification service providers Anlagen, Waren und Stoffe Unternehmensstart und Gewerbezulassung

If you wish to operate as a certification service provider with your company, you must have the company accredited and regularly audited.

  • Basic information

    Certification service providers can be accredited by the competent authority on a voluntary basis upon application if they prove that the regulations according to the Signature Act and the Signature Ordinance are fulfilled.

    Accredited certification service providers receive a quality mark from the competent authority. They may call themselves accredited certification service providers and refer to the proven security in legal and business transactions.

    Note: The application for voluntary accreditation is at the same time also considered as notification of the activity, if the requirements mentioned therein are fulfilled.

    Requirements

    • Application for accreditation
    • for the certification service provider and its legal representatives: current certificates of good conduct in accordance with Section 30 (5) of the Federal Central Register Act (Bundeszentralregistergesetz) or documents from another member state of the European Union or another state party to the Agreement on the European Economic Area which have an equivalent function or which show that the requirement in question has been met
    • current excerpt from the commercial register or a comparable document or a document from another member state of the European Union or another state party to the Agreement on the European Economic Area which has an equivalent function or which shows that the requirement in question is fulfilled,
    • Proof of the required technical, administrative and legal expertise,
    • Safety concept with the following content:
      • description of all necessary technical, structural and organisational security measures and their suitability
      • Overview of the products used for qualified electronic signatures with corresponding confirmations in accordance with the Signature Act
      • Overview of the structural and procedural organisation as well as certification activities
      • Precautions and measures for securing and maintaining operations, in particular in the event of emergencies
      • Procedures for assessing and ensuring the reliability of the personnel deployed
      • Assessment and evaluation of remaining safety risks,
    • proof of coverage (e.g. liability insurance or comparable indemnity/guarantee obligation of a credit institution) which fulfils the requirements of § 12 of the Signature Act and § 9 of the Signature Ordinance,
    • If applicable, proof of the transfer of tasks under the Signature Act and the Signature Ordinance to third parties (contracts),
    • Test and confirmation report of the testing and confirmation body, confirmation for the implementation of security concepts.

  • Procedure

    Contact a testing and confirmation body at an early stage. They can advise you on your questions in advance, for example. Have them check and confirm that the requirements have been met. The testing and advisory body can be freely selected from the above-mentioned list on the website of the Federal Network Agency.

    Once the fulfilment of the prerequisites has been checked and confirmed by a testing and confirmation body, you must submit the application for accreditation to the competent body in writing or by means of an electronic document provided with a qualified electronic signature in accordance with the Digital Signature Act. It must contain the name and address of the certification service provider as well as the names of the legal representatives.

    More information

    Accredited certification service providers must have a testing and confirmation body check and confirm every three years that the requirements of the Signature Act and the Signature Ordinance continue to be met in full. In addition, the verification and confirmation must be repeated after security-relevant changes.

    The verification and confirmation report and the confirmation must be submitted to the competent authority without being requested to do so.

    Accredited certification service providers have

    • use tested and confirmed products for qualified electronic signatures for their certification activities,
    • issue qualified certificates only to persons who have demonstrably tested and confirmed signature creation devices, and
    • inform the signature key holder about tested and confirmed signature application components.

    Further requirements and obligations of a certification service provider which have not been detailed in this short list (e.g. documentation, revocation, obligation to provide information, maintenance of a certificate directory) can be found in the Signature Act and the Signature Ordinance.

  • Competent Department

  • Fees / Costs

    The competent body shall charge fees for processing the application for accreditation, the amount of which shall depend on the time spent, and expenses.

  • Legal Bases

Feedback on quality

Your feedback will help us to identify and solve problems. You will not receive a personal response. Please do not submit any personal data.

Did you find what you were looking for?

How do you rate this page?*

*Mandatory field

This page has been automatically translated by DeepL. We cannot guarantee that the translation is correct.

The official information in German is complete and correct. 21.03.2024

Dienstleistungen · syfq nzm