Testing and confirmation bodies Recognition
Confirmation or testing and confirmation bodies have the task of reviewing and confirming the security concepts of certification service providers (verification and confirmation body) and confirming that the legal requirements for products for qualified electronic signatures are met (confirmation body).
The recognised bodies must perform their duties impartially, without instructions and conscientiously. Tests and confirmations carried out must be documented.
Upon application, both natural and legal persons can be recognized as confirmation or testing and confirmation bodies.
Process flow
The application for recognition as a confirmatory or testing and confirmation body can be submitted informally. It must contain the names and addresses of the applicant and his or her legal representatives.
After examining the conditions, the competent authority may grant recognition as follows:
- unlimited
- limited in content
- temporary
- temporary
- with conditions.
Who should I contact?
Competent authority
Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways (abbreviated: Federal Network Agency)
Requirements
A person is considered reliable if he or she is suitable for the proper performance of the tasks incumbent upon him or her on the basis of his or her personal characteristics, conduct and abilities.
- Independence A person is considered to be independent if he or she is not subject to economic, financial or other pressures which may influence his or her judgment or jeopardise the impartial performance of his or her duties.
- The necessary specialist knowledge is possessed by those who, on the basis of their education, vocational training and practical experience, are suitable for the proper performance of the tasks incumbent upon them.
- An accreditation of the applicant body according to DIN EN 45011 as a certification body for IT security according to ITSEC or CC or an accreditation as a testing body according to DIN EN ISO/IEC 17025 as a testing laboratory for IT security with licensing for tests according to ITSEC or CC by the Federal Office for Information Security (BSI).
- For recognition as a testing and confirmation body for safety concepts: Submission of a documented test and confirmation procedure for safety concepts
Which documents are required?
For the applicant and his legal representatives: current certificates of good conduct in accordance with Section 30 (5) of the Federal Central Register Act or documents of another member state of the European Union or another state party to the Agreement on the European Economic Area, which have an equivalent function or which show that the relevant requirement is met,
- current extract from the commercial register or a comparable document or document of another member state of the European Union or another state party to the Agreement on the European Economic Area which has an equivalent function or which shows that the relevant requirement is met,
- Proof of financial independence (in particular minimum capital and comparable collateral),
- Proof of the required technical, administrative and legal expertise,
- Declaration of which legal activities of the Signature Act the application relates to (confirmation body for products for qualified electronic signatures in accordance with Section 17 (4) or Section 15 (7) sentence 1 of the Signature Act and/or testing and confirmation body for security concepts in accordance with Section 15 (2) of the Signature Act),
- Proof of sufficient experience in the application of the test criteria according to Annex 1 of the Signature Ordinance,
- where applicable, a description of how appropriate monitoring of the testing activity is ensured.
What are the fees?
The competent authority shall charge fees and expenses for the processing of the application, the amount of which shall depend on the time spent.
