Accreditation and operation of certification service providers
- Unternehmensstart und Gewerbezulassung
- Anlagen, Waren und Stoffe
Procedure
Contact a testing and confirmation body at an early stage. They can advise you on your questions in advance, for example. Have them check and confirm that the requirements have been met. The testing and advisory body can be freely selected from the above-mentioned list on the website of the Federal Network Agency.
Once the fulfilment of the prerequisites has been checked and confirmed by a testing and confirmation body, you must submit the application for accreditation to the competent body in writing or by means of an electronic document provided with a qualified electronic signature in accordance with the Digital Signature Act. It must contain the name and address of the certification service provider as well as the names of the legal representatives.
Legal bases
- Verordnung zur elektronischen Signatur (Signaturverordnung; SigV)
- Gesetz über Rahmenbedingungen für elektronische Signaturen (Signaturgesetz; SigG)
More information
Accredited certification service providers must have a testing and confirmation body check and confirm every three years that the requirements of the Signature Act and the Signature Ordinance continue to be met in full. In addition, the verification and confirmation must be repeated after security-relevant changes.
The verification and confirmation report and the confirmation must be submitted to the competent authority without being requested to do so.
Accredited certification service providers have
- use tested and confirmed products for qualified electronic signatures for their certification activities,
- issue qualified certificates only to persons who have demonstrably tested and confirmed signature creation devices, and
- inform the signature key holder about tested and confirmed signature application components.
Further requirements and obligations of a certification service provider which have not been detailed in this short list (e.g. documentation, revocation, obligation to provide information, maintenance of a certificate directory) can be found in the Signature Act and the Signature Ordinance.