Leistungen A-Z

• Application for qualification

Trust service providers within the meaning of Regulation (EU) No 910/2014, which provide a trust service

• for the creation of certificates for electronic signatures or for their validation or preservation
• for the creation of certificates for electronic seals or for their validation or preservation
• for the creation of electronic time stamps
• for the delivery of electronic registered mail

can qualify themselves and the service provided at the Federal Network Agency upon application.

The Federal Network Agency verifies whether the trust service provider and the trust services it provides meet the requirements laid down in Regulation (EU) No. 910/2014 and the Trust Services Act, in particular with regard to the requirements for qualified trust service providers and the qualified trust services they provide.

After a positive check, the status of a qualified trust service provider is awarded and the qualified trust service is entered in the German trust list.

You do not need to obtain a permit to operate such a certification service, but you do need to report the activity to the competent body and prove that you meet the requirements for operation. A list of the certification service providers displayed can be found on the website of the Federal Network Agency. If you would like to obtain a quality mark for your certification services, you can voluntarily obtain accreditation as a certification service provider.

Both non-qualified and qualified trust service providers must comply with the security requirements set out in Article 19 of the eIDAS Regulation:

• Appropriate technical and organisational measures shall be taken to control the security risks associated with the trust services provided by the trust service provider.

• The measures must ensure, taking into account the latest state of the art, that the level of safety is appropriate to the level of risk.

• Measures must be taken to avoid or minimise the impact of security breaches.

• Measures shall be taken to inform stakeholders of the adverse consequences of security breaches.

and comply with the reporting obligations under Article 19 of the eIDAS Regulation:

• Immediately, and in any case within 24 hours of becoming aware of an incident in question, of any breach of security or loss of integrity that has a significant impact on the trust service provided or the personal data contained therein, to the supervisory body or relevant bodies (e.g. data protection authority or information security authorities).

The qualification of the designated trust service under the award of the status of "qualified trust service provider" by the competent supervisory body will only take place if all requirements from Article 20 of the eIDAS Regulation and in particular the requirements for such services under Article 24 of the eIDAS Regulation have been met.

•Message:

The notification shall contain the following information:

• Identification of the trust service(s) to be granted qualification status,

• the name and address of the trust service provider, and

• Names of legal representatives.

• for proof of personal reliability:

• if you are resident in Germany:

• Certificate of good conduct for submission to an authority in accordance with § 30 paragraph 5 BZRG (from the legal representatives of the company; the person who was entrusted with the management of the trust service and their representatives)

• if you are resident in another EU country or in a state party to the Agreement on the European Economic Area: documents from your home country that prove your personal reliability

• Further documents to check personal reliability may be requested in individual cases

• for the proof of the entrepreneurial legal form:

• if the company is based in Germany:

• in the case of companies entered in a register: excerpt from the commercial register or e.g.dem partnership register

• otherwise a copy of the articles of association (e.g. in the case of a partnership under civil law (GbR)) or other comparable proof

• in the case of a company's registered office in another EU country or in a state party to the Agreement on the European Economic Area: documents from the country in which your company has its registered office that prove its legal form

• if necessary, authorization of the responsible persons (managers and representatives of the trust service)

• Supporting documents demonstrating the required technical, administrative and legal expertise (e.g. training and education certificates)

• Conformity assessment report on the trust service provider and the trust services provided by it (issuer of the report: conformity assessment body)

• Certificate Policy (CP) and Certification Practice Statement (CPS)

• Operational cessation concept

• Proof of financial security:

• Liability insurance or

• comparable indemnification/warranty obligation in the case of an insurance company/credit institution authorised to conduct business in Germany, in another member state of the European Union or in another state party to the Agreement on the European Economic Area

è the amount is currently based on § 12 of the Signature Act in conjunction with § 9 of the Signature Ordinance: Minimum sum insured 2.5 million euros for the individual insured event; if a maximum annual benefit is agreed, this must be at least four times this minimum sum insured, i.e. at least 10 million euros

For more details, please refer to

the paragraphs listed above

• if you delegate the tasks of your trust service to a third party:

• Proof of the transfer of tasks of the trust service provider or the trust service to third parties (e.g. contracts)

• Incorporating the tasks assigned to the third party into the corresponding concepts/CP/CPS

You must submit all personal documents for all natural persons named in the requirements.

• Procedure description for qualification

Submission of the relevant notification and documents/evidence before the start of the commencement of a qualified trust service.

The operation of a qualified trust service may only be commenced if the corresponding qualification has been proven by inclusion in the TL.

Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways (abbreviated: Federal Network Agency)

• Website of the Federal Network Agency

Regulation (EU) No 919/2014 (eIDAS Regulation)

eIDAS Implementation Act

Trust Services Act

No professional approval. If necessary, please contact the Federal Network Agency: 0228 14-0