Certification Service Provider Accreditation
Certification service providers may voluntarily obtain accreditation from the competent authority upon request if they prove that the provisions of the Signature Act and the Signature Ordinance are met.
Accredited certification service providers receive a quality mark from the competent authority. They may designate themselves as accredited certification service providers and rely on proven security in legal and business transactions.
Note: The application for voluntary accreditation is also considered a notification of the activity if the conditions stated there are met.
Contact a testing and confirmation body at an early stage. For example, they can advise you in advance on your questions. Have her check and confirm the fulfilment of the requirements. The testing and advice centre can be freely selected from the above-mentioned list on the website of the Federal Network Agency.
After the fulfilment of the requirements has been checked and confirmed by a verification and confirmation body, you must submit the application for accreditation in writing or by means of an electronic document provided with a qualified electronic signature in accordance with the Signature Act to the competent authority. It must contain the name and address of the certification service provider and the names of the legal representatives.
Who should I contact?
Federal Network Agency
Which documents are required?
- Application for accreditation
- for the certification service provider and its legal representatives: current certificates of good conduct pursuant to Section 30 (5) of the Federal Central Register Act or documents from another Member State of the European Union or another State Party to the Agreement on the European Economic Area that have an equivalent function or that show that the relevant requirement has been met,
- current extract from the commercial register or a comparable document or document from another Member State of the European Union or another State party to the Agreement on the European Economic Area which has an equivalent function or which shows that the relevant requirement has been met,
- Proof of the necessary technical, administrative and legal expertise,
- Security concept with the following content:
- Description of all necessary technical, structural and organizational security measures and their suitability
- Overview of the products used for qualified electronic signatures with corresponding confirmations in accordance with the Signature Act
- Overview of the structure and process organization as well as the certification activities
- Precautions and measures to ensure and maintain operations, in particular in the event of emergencies
- Procedures for assessing and ensuring the reliability of the personnel deployed
- assessment and assessment of remaining security risks,
- Proof of financial security (e.B liability insurance or comparable exemption/warranty obligation of a credit institution), which meets the requirements of § 12 of the Signature Act and § 9 of the Signature Ordinance,
- if applicable, proof of the transfer of tasks to third parties (contracts) in accordance with the Signature Act and the Signature Ordinance,
- Test and confirmation report of the testing and confirming body, confirmation for the implementation of safety concepts.
What are the fees?
The competent body charges fees and expenses for the processing of the application for accreditation, the amount of which depends on the time required.
What else should I know?
The Signature Act is an implementation of the European Signature Directive (1999/93/EC). Article 3(3) provides that Member States are to establish 'an appropriate system for monitoring certification service providers established in their territory which issue publicly qualified certificates'. Certification service providers can therefore only become a natural or legal person established in the Federal Republic of Germany, since it is only possible to enforce an administrative act in the context of supervision against it. For foreign certification service providers, § 23 of the Signature Act and § 18 of the Signature Ordinance apply. The procedure "to become a certification service provider" is governed by the respective national regulations in the respective Member State. Insofar as parts of the certification service are operated in another member state of the European Union, another state party to the Agreement on the European Economic Area or a third country, § 1 (3) of the Signature Ordinance must be observed.