Our employees only speak German in the office and on the phone.

Accreditation and operation of certification service providers

  • Anlagen, Waren und Stoffe
  • Unternehmensstart und Gewerbezulassung

If you want your company to act as a certification service provider, you must have it accredited and regularly audited.

  • Basic information

    Certification service providers can apply for voluntary accreditation from the competent authority if they can prove that they meet the requirements of the Digital Signature Act and the Digital Signature Ordinance.

    Accredited certification service providers receive a quality mark from the competent authority. They may call themselves accredited certification service providers and refer to the proven security in legal and business transactions.

    Note: The application for voluntary accreditation is also deemed to be a notification of activity if the requirements specified there are met.

    Requirements

    • Application for accreditation
    • for the certification service provider and its legal representatives: current certificates of good conduct in accordance with Section 30 (5) of the Federal Central Register Act or documents from another member state of the European Union or another state party to the Agreement on the European Economic Area that have an equivalent function or from which it can be seen that the relevant requirement is fulfilled,
    • current extract from the commercial register or a comparable document or a document from another member state of the European Union or another state party to the Agreement on the European Economic Area which has an equivalent function or which shows that the requirement in question has been met,
    • Proof of the necessary technical, administrative and legal expertise,
    • Security concept with the following content:
      • Description of all necessary technical, structural and organizational security measures and their suitability
      • Overview of the products used for qualified electronic signatures with corresponding confirmations in accordance with the Signature Act
      • Overview of the organizational and operational structure and certification activities
      • Precautions and measures to ensure and maintain operations, especially in the event of emergencies
      • Procedures for assessing and ensuring the reliability of the personnel deployed
      • Assessment and evaluation of remaining security risks,
    • Proof of coverage (e.g. liability insurance or comparable indemnity/guarantee obligation of a credit institution) that fulfills the requirements of § 12 of the Digital Signature Act and § 9 of the Digital Signature Ordinance,
    • If applicable, proof of the transfer of tasks in accordance with the Digital Signature Act and the Digital Signature Ordinance to third parties (contracts),
    • Audit and confirmation report of the audit and confirmation body, confirmation of the implementation of security concepts.

  • Procedure

    Contact a testing and confirmation body at an early stage. They can, for example, advise you in advance on your questions. Have them check and confirm that you meet the requirements. You can choose the inspection and confirmation body from the above list on the Federal Network Agency's website.

    After the fulfillment of the requirements has been checked and confirmed by a testing and certification body, you must submit the application for accreditation to the competent body in writing or by means of an electronic document with a qualified electronic signature in accordance with the Signature Act. It must contain the name and address of the certification service provider and the names of the legal representatives.

    More information

    Accredited certification service providers must have a testing and confirmation body check and confirm every three years that the requirements of the Signature Act and the Signature Ordinance continue to be met in full. In addition, the inspection and confirmation must be repeated after any security-relevant changes.

    You must submit the test and confirmation report and the confirmation to the competent authority without being requested to do so.

    Accredited certification service providers must

    • use tested and confirmed products for qualified electronic signatures for their certification activities,
    • only issue qualified certificates to persons who have verifiably tested and confirmed signature creation devices and
    • inform the signature key holder about tested and confirmed signature application components.

    Please refer to the Signature Act and the Signature Ordinance for further requirements and obligations of a certification service provider that have not been detailed in this brief list (e.g. documentation, revocation, obligation to provide information, maintenance of a certificate directory).

  • Competent Department

  • Fees / Costs

    The competent body shall charge fees for processing the application for accreditation, the amount of which shall depend on the time spent, and expenses.

  • Legal Bases

Feedback on quality

Your feedback will help us to identify and solve problems. You will not receive a personal response. Please do not submit any personal data.

Did you find what you were looking for?
How do you rate this page?*
*Mandatory field

This page has been automatically translated by DeepL. We cannot guarantee that the translation is correct.

The official information in German is complete and correct. 15.06.2026

Dienstleistungen · syfq nzm