Service Finder
Testing and confirmation bodies for certification services - Recognition
Service Description
Confirmation bodies or testing and confirmation bodies have the task of checking and confirming security concepts of certification service providers (testing and confirmation body) and confirming that the legal requirements for products for qualified electronic signatures are met (confirmation body).
The recognized bodies must perform their tasks impartially, free of instructions and conscientiously. Tests and confirmations that have been carried out must be documented.
Upon application, both natural persons and legal entities can be recognized as confirmation bodies and/or testing and confirmation bodies.
Requirements
- Reliability
A person is deemed to be reliable if he or she is suitable for the proper performance of the tasks incumbent upon him or her on the basis of his or her personal qualities, conduct and abilities.
- Independence
A person is considered independent if he or she is not subject to any economic, financial or other pressure that could influence his or her judgment or jeopardize the impartial performance of his or her duties.
- Expertise
The necessary expertise is possessed by those who, on the basis of their training, professional education and practical experience, are suitable for the proper performance of the tasks incumbent upon them.
- Accreditation of the applicant body in accordance with DIN EN 45011 as a certification body for IT security in accordance with ITSEC or CC, or accreditation as a testing body in accordance with DIN EN ISO/IEC 17025 as a testing laboratory for IT security with licensing for testing in accordance with ITSEC or CC by the Federal Office for Information Security (BSI).
- for recognition as a testing and confirmation body for security concepts: Submission of a documented testing and confirmation procedure for security concepts.
Tip: An overview of the other requirements and minimum criteria for confirmation bodies and testing and confirmation bodies can be found on the Federal Network Agency's website in the "Publications" topic area under the item "Recognition of testing and confirmation bodies".
Who should I contact?
Contact the Federal Network Agency.
Which documents are required?
- For proof of personal reliability:
- If you have your place of residence in Germany, you will generally need:
- Certificates of good conduct for submission to an authority in accordance with Section 30 (5) of the Federal Central Register Act for the applicant (e.g. head of the confirmation body/testing and confirmation body and his representatives) and for his legal representatives.
- If you are domiciled in another EU country or in a contracting state to the Agreement on the European Economic Area, you will need documents from your home country that have an equivalent function or that prove that the requirement for personal reliability to perform the desired service is met.
- If you have your place of residence in Germany, you will generally need:
- For proof of entrepreneurial legal form:
- If you have your company headquarters in Germany, you will require:
- In the case of registered companies: Excerpt from the commercial register; in other cases, if applicable, a copy of the articles of association (e.g., in the case of a civil-law partnership (GbR)) or other evidence.
- If you have your company's registered office in another EU country or in a contracting state to the Agreement on the European Economic Area, you will need comparable documents from the country in which you have your registered office proving the legal form.
- If you have your company headquarters in Germany, you will require:
- Proof of financial independence (in particular via minimum capital and comparable securities- Proof of the required technical, administrative and legal expertise
- Declaration of which legal activities of the Signature Act the application refers to
- Proof of sufficient experience in the application of the test criteria according to Annex 1 of the Signature Ordinance
- Statement of how appropriate monitoring of the verification activities will be ensured
When checking your personal reliability, the authorizing authority may, in individual cases, request further documents in addition to those listed which are suitable for making a statement about your reliability as an applicant.
What are the fees?
The competent body shall charge fees and expenses for processing the application, the amount of which can be found in Annex 2 to the Signature Ordinance, item 1.3.
Legal basis
- § Section 15 (2) of the Digital Signature Act (SigG) - Voluntary accreditation of certification service providers
- § Section 17 (4) or Section 15 (7) sentence 1 Signature Act (SigG) - Products for qualified electronic signatures
- § 18 Signature Act (SigG) - Recognition of verification and confirmation bodies
- § 16 Signature Ordinance (SigV) - Procedure for recognition and the activities of verification and confirmation bodies
- Annex 1 to the Signature Ordinance (SigV) - Specifications for the confirmation bodies for the verification of products for qualified electronic signatures
What else should I know?
The application for recognition as a confirmation or testing and confirmation body can be submitted informally. It must contain the names and addresses of the applicant and his legal representatives.
After checking the requirements, the competent body may grant recognition as follows:
- unrestricted
- limited in content
- provisional
- limited
- with conditions
Tip: A list of recognized testing and confirmation bodies can be found on the website of the Federal Network Agency in the "Publications" section under "Testing and confirmation bodies".
Author
The text was automatically translated based on the German content per DeepL.
Source: Zuständigkeitsfinder Thüringen (Linie6PLus)
Start your request directly online:
Competent Authority
Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen
Address
53113 Bonn, Stadt
