You are here:

Recognition of testing and confirmation bodies

Upon application, both natural persons and legal entities can be recognized as confirmation or testing and confirmation bodies.

Confirmation bodies or testing and confirmation bodies have the task of checking and confirming security concepts of certification service providers (testing and confirmation body) and confirming that the legal requirements for products for qualified electronic signatures are met (confirmation body).

The recognized bodies must perform their tasks impartially, free of instructions and conscientiously. Tests and confirmations that have been carried out must be documented.

Upon application, both natural persons and legal entities can be recognized as confirmation or testing and confirmation bodies.

Requirements

A person is deemed to be reliable if, on the basis of his or her personal qualities, conduct and abilities, he or she is suitable for the proper performance of the duties incumbent upon him or her.

  • Independence: A person is deemed independent if he or she is not subject to any economic, financial or other pressure that could influence his or her judgment or jeopardize the impartial performance of his or her duties.
  • Expertise: The necessary expertise is possessed by those who, on the basis of their training, professional education and practical experience, are suitable for the proper performance of the tasks incumbent upon them.
  • Accreditation of the applicant body in accordance with DIN EN 45011 as a certification body for IT security in accordance with ITSEC or CC or accreditation as a testing body in accordance with DIN EN ISO/IEC 17025 as a testing laboratory for IT security with licensing for testing in accordance with ITSEC or CC by the Federal Office for Information Security (BSI).
  • For recognition as a testing and confirmation body for security concepts: Submission of a documented testing and confirmation procedure for security concepts.

What documents do I need?

  • Extract from the commercial register

    if the applicant is a legal person

  • Proof of financial independence

    in particular on minimum capital and comparable securities

  • proof of the required technical, administrative and legal expertise
  • Declaration, to which legal activities of the Digital Signature Act the application refers

    Confirmation body for products for qualified electronic signatures in accordance with § 17 (4) or § 15 (7) sentence 1 of the Digital Signature Act and/or verification and confirmation body for security concepts in accordance with § 15 (2) of the Digital Signature Act

  • Proof of sufficient experience in the application of the test criteria according to Annex 1 of the Signature Ordinance
  • description of how appropriate monitoring of the audit activity is ensured
  • (Extended) Certificate of good conduct

    pursuant to Section 30(5) of the Bundeszentralregistergesetz (Federal Central Register Act) or documents of another Member State of the European Union or of another State party to the Agreement on the European Economic Area which have an equivalent function or which show that the requirement in question is fulfilled