Authorization certificate according to PAuswG Issuance

Service Description

An authorization certificate is required for each electronic service that can be used with the online ID card, which authorizes authentication and authentication of the user and provider.
The following can apply for an authorization certificate:

  • Service providers and
  • Identification service providers
  • On-site service providers

The following authorizations are distinguished:

  • the proof of identity to online service providers,
  • on-site reading at service providers, and
  • the proof of identity vis-à-vis identification service providers.

Proof of identity vis-à-vis online service providers

The authorization certificate gives you permission to request and process data from ID cards to identify the holder. The authorization certificate and the verified electronic keys enable technical access. You can use it to integrate the online ID card function as a digital means of identification in your own online service or in a vending machine or terminal.
In your application, you must explain why you have an interest in using the online ID card function and how you will use the ID card holders' personal data. You must also ensure that the data is sufficiently protected.

On-site reading at service providers

Wherever personal data such as name and address are to be transferred to a form, on-site readout is a good option. The data is read out and transferred electronically.
The credential holder is present in person. Before the data is read out, the authorization holder must identify the cardholder by means of the printed photograph and his/her personal data.
In the case of on-site readout, the PIN entry by the credential holder is not required. It is replaced by the entry or technical recording of the access number (Card Access Number - CAN) on the front of the ID card by the authorization holder.

Proof of identity to identification service providers

Businesses and government agencies can use a certified third-party service to provide proof of identity. The so-called identification service providers make the data from the use of the online ID function available to companies and authorities in individual cases. Identification service providers must apply for authorization and the authorization certificate instead of the service providers.
They must also have their service certified by the Federal Office for Information Security.

The authorizations are each valid for a maximum of 3 years. They can be withdrawn immediately at any time in the event of a breach of the declaration made and the law.

As the applicant, you must commission the authorization certificate provider (BerCA) yourself. This means: On the basis of the positive authorization notice from the Federal Office of Administration (BVA), you conclude a contract directly with the provider of authorization certificates for the technical procurement of the authorization certificate and the revocation lists.


Source: Zuständigkeitsfinder Thüringen (Linie6PLus)

Start your request directly online:

Competent Authority

Bun­des­ver­wal­tungs­amt - Vergabestelle für Berechtigungszertifikate (Haus III)

Butzweilerhof Allee 2
50829 Köln, Stadt
+49 228 99358-3300