Service Finder

back

Certification service provider - indication of operation

Service Description

Certification service providers issue qualified certificates or qualified time stamps within the meaning of the Signature Act and are published on the website of the Federal Network Agency. You will find the list of certification service providers there in the "Publications" topic area under the item "Certification service providers".

You do not have to obtain a permit to operate such a certification service, but you do have to notify the competent body of the activity and prove that you meet the requirements for operation.
If you wish to obtain a quality mark for your certification services, you can voluntarily obtain accreditation as a certification service provider.

Requirements

You may only operate a certification service if you have the reliability, expertise and coverage required for the operation.
Furthermore, you must guarantee that you will fulfill the requirements according to the Signature Act and the Signature Ordinance in the following areas:

  • Fulfillment of the obligations of certification service providers
  • Design of the content of qualified certificates
  • Period of validity of qualified certificates

Process flow

The notification must be submitted to the competent authority. It must be signed by hand or made by means of a document provided with a qualified electronic signature. The notification must contain the name and address of the certification service provider and the names of the legal representatives.

Who should I contact?

Contact the Federal Network Agency.

Which documents are required?

You must enclose the following documents with your notification:

  • For proof of personal reliability:
    • If you are resident in Germany, you will generally need:
      • Certificates of good conduct for submission to an authority pursuant to Section 30 (5) of the Federal Central Register Act for the certification service provider (e.g., head of the certification service provider's operations and his representatives) and for the certification service provider's legal representatives.
    • If you are domiciled in another EU country or in a contracting state to the Agreement on the European Economic Area, you will need documents from your home country that have an equivalent function or that prove that the requirement for personal reliability to perform the desired service is met.
  • For proof of entrepreneurial legal form:
    • If you have your company headquarters in Germany, you will need:
      • In the case of registered companies: Excerpt from the commercial register; in other cases, if applicable, a copy of the articles of association (e.g., in the case of a civil-law partnership (GbR)) or other evidence.
    • If you have your company's registered office in another EU country or in a contracting state of the Agreement on the European Economic Area, you will need comparable documents from the country of your registered office proving the legal form.
  • Documents proving the required technical, administrative and legal expertise
  • Safety concept with the following points:
    • Description of all required technical, structural and organizational security measures and their suitability
    • Overview of the products used for qualified electronic signatures with manufacturer declarations or confirmations in accordance with the Signature Act
    • Overview of the structural and procedural organization as well as certification activities
    • Precautions and measures for securing and maintaining operations, especially in the event of emergencies
    • Procedures for assessing and ensuring the reliability of the personnel deployed
    • Assessment and evaluation of remaining security risks
  • Proof of coverage (e.g., liability insurance or comparable indemnification/warranty obligation of an insurance company/credit institution authorized to do business in the area of application of the German Signature Act, in another member state of the European Union, or in another state party to the Agreement on the European Economic Area) that meets the requirements of § 12 of the German Signature Act and § 9 of the German Signature Ordinance
  • if applicable, proof of the delegation of tasks under the Signature Act and the Signature Ordinance to third parties (e.g. contracts).

When checking your personal reliability, the authorizing authority may, in individual cases, request further documents in addition to those listed which are suitable for making a statement about your personal reliability as an applicant.

What are the fees?

The competent body charges fees and expenses for processing the notification of the operation of a certification service, the amount of which depends on the time spent. Ask the competent body about the possible costs.

What deadlines do I have to pay attention to?

Notification of the operation of a certification service must be given no later than the start of operation. Otherwise, a fine of up to 10,000 euros may be imposed in accordance with Section 21 No. 2 of the Digital Signature Act.

Legal basis

What else should I know?

If circumstances arise as a result of which the requirements for operating a certification service are no longer met, you must notify the responsible body immediately.

For further requirements or obligations of a certification service provider that are not or not fully detailed in this short list (e.g., identity check, documentation, revocation, obligation to provide information, maintenance of a certificate directory), please refer to the Signature Act and the Signature Ordinance.

Author

The text was automatically translated based on the German content per DeepL.

Source: Zuständigkeitsfinder Thüringen (Linie6PLus)

No competent authority found

Please enter your location.