Anerkennung von Bestätigungsstellen und/oder Prüf- und Bestätigungsstellen

• § 15 Abs. 2 Signaturgesetz (SigG) – Prüf- und Bestätigungsstelle Zertifizierungsdiensteanbieter
• § 17 Abs. 4 und § 15 Abs. 7 Satz 1 SigG – Bestätigte Produkte für qualifizierte elektronische Signaturen
• § 18 SigG – Anerkennung von Prüf- und Bestätigungsstellen
• § 16 Signaturverordnung (SiV) – Verfahren der Anerkennung sowie der Tätigkeit von Prüf- und Bestätigungsstellen
• Anlage 1 zur SigV – Vorgaben für die Prüfung von Produkten für qualifizierte elektronische Signaturen

Confirmation or testing and confirmation offices have the task of checking and confirming security concepts of certification service providers (testing and confirmation point) as well as confirming that the legal requirements for products for qualified electronic signatures are fulfilled (confirmation point).

The recognised points must perform their tasks impartially, free of instructions and conscientiously. Tests and confirmations carried out must be documented.

Upon application, both natural persons and legal entities can be recognised as confirmation points or testing and confirmation points.

Single point of contact

For this procedure, you can make use of the services of the Single Point of Contact (Service des Einheitlichen Ansprechpartners). The Single Point of Contact will guide you through the procedure, take care of the correspondence with all the offices responsible for your request and will be at your side as a competent advisor.

• For the applicant and his or her legal representatives: current certificates of good conduct pursuant to section 30 (5) of the Federal Central Register Act (Bundeszentralregistergesetz) or documents from another member state of the European Union or another contracting state to the Agreement on the European Economic Area which have an equivalent function or which show that the relevant requirement is fulfilled,
• current excerpt from the commercial register (Handelsregister) or a comparable document or a document from another member state of the European Union or another contracting state to the Agreement on the European Economic Area that has an equivalent function or from which it can be seen that the relevant requirement is fulfilled,
• Proof of financial independence (in particular through minimum capital and comparable securities),
• Proof of the required technical, administrative and legal expertise,
• Declaration of which statutory activities of the Signaturgesetz the application refers to (confirmation body for products for qualified electronic signatures pursuant to Section 17 (4) or Section 15 (7) sentence 1 of the Signaturgesetz and/or testing and confirmation body for security concepts pursuant to Section 15 (2) of the Signaturgesetz),
• Proof of sufficient experience in the application of the test criteria according to Annex 1 of the Signature Ordinance,
• if applicable, description of how appropriate monitoring of the verification activity is ensured.

• Reliability: A person is considered reliable if one is suitable for the proper performance of the tasks incumbent upon him or her due to his or her personal qualities, conduct and abilities.
• Independence: A person is considered independent if he or she is not subject to any economic, financial or other pressure that could influence his or her judgement or jeopardise the impartial performance of his or her duties.
• Expertise: The necessary expertise is possessed by those who are suitable for the proper fulfilment of the tasks incumbent upon them on the basis of their training, professional education and practical experience.
• An accreditation of the applicant body according to DIN EN 45011 as a certification point for IT security according to ITSEC or CC or an accreditation as a testing point according to DIN EN ISO/IEC 17025 as a testing laboratory for IT security with licensing for tests according to ITSEC or CC by the Federal Office for Information Security (BSI).
• For recognition as a testing and confirmation point for security concepts: Submission of a documented testing and confirmation procedure for security concepts

Tip: A comprehensive presentation of the requirements and minimum criteria for confirmation point and testing and confirmation points can be found on the website of the Federal Network Agency (Bundesnetzagentur).

• Procedural fee, depending on the time spent
• Expenses

The application for recognition as a certification or inspection and confirmation point can be submitted informally. It must contain the names and addresses of the applicant and his legal representatives.

After checking the requirements, the competent point may grant recognition as follows:

• unrestricted
• limited in content
• provisional
• limited
• with conditions

Tip: A list of recognised testing and confirmation points can be found on the website of the Federal Network Agency (Bundesnetzagentur).