Accreditation and operation of certification service providers
- Unternehmensstart und Gewerbezulassung
- Anlagen, Waren und Stoffe
If you wish to operate as a certification service provider with your company, you must have the company accredited and regularly audited.
Basic information
Certification service providers can be accredited by the competent authority on a voluntary basis upon application if they prove that the regulations according to the Signature Act and the Signature Ordinance are fulfilled.
Accredited certification service providers receive a quality mark from the competent authority. They may call themselves accredited certification service providers and refer to the proven security in legal and business transactions.
Note: The application for voluntary accreditation is at the same time also considered as notification of the activity, if the requirements mentioned therein are fulfilled.
Requirements
- Application for accreditation
- for the certification service provider and its legal representatives: current certificates of good conduct in accordance with Section 30 (5) of the Federal Central Register Act (Bundeszentralregistergesetz) or documents from another member state of the European Union or another state party to the Agreement on the European Economic Area which have an equivalent function or which show that the requirement in question has been met
- current excerpt from the commercial register or a comparable document or a document from another member state of the European Union or another state party to the Agreement on the European Economic Area which has an equivalent function or which shows that the requirement in question is fulfilled,
- Proof of the required technical, administrative and legal expertise,
- Safety concept with the following content:
- description of all necessary technical, structural and organisational security measures and their suitability
- Overview of the products used for qualified electronic signatures with corresponding confirmations in accordance with the Signature Act
- Overview of the structural and procedural organisation as well as certification activities
- Precautions and measures for securing and maintaining operations, in particular in the event of emergencies
- Procedures for assessing and ensuring the reliability of the personnel deployed
- Assessment and evaluation of remaining safety risks,
- proof of coverage (e.g. liability insurance or comparable indemnity/guarantee obligation of a credit institution) which fulfils the requirements of § 12 of the Signature Act and § 9 of the Signature Ordinance,
- If applicable, proof of the transfer of tasks under the Signature Act and the Signature Ordinance to third parties (contracts),
- Test and confirmation report of the testing and confirmation body, confirmation for the implementation of security concepts.