Request authorization certificate for online ID card function

If you want to use the online ID card function as a providing organization in your own application, you need an authorization certificate.

An authorization certificate is required for every electronic service that can be used with the online ID card, which authorizes the authentication and authentication of users and service providers.
The following can apply for an authorization certificate

• Service providers and
• Identification service providers
• On-site service providers

A distinction is made between the following authorizations:

• Proof of identity vis-à-vis online service providers,
• on-site reading at service providers and
• Proof of identity vis-à-vis identification service providers.

Proof of identity for online service providers

The authorization certificate gives you permission to request and process data from ID cards to identify the holder. The authorization certificate and the verified electronic keys enable technical access. This allows you to integrate the online ID function as a digital means of identification in your own online service or in a vending machine or terminal.

In your application, you must explain why you are interested in using the online ID function and how you will use the personal data of the ID card holder. You must also ensure that the data is adequately protected.

On-site reading by service providers

Wherever personal data such as name and address are to be transferred to a form, an on-site readout is recommended. The data is read and transferred electronically.

The ID card holder is present in person. The holder of the authorization must identify the ID card holder using the printed photo and their personal details before the data is read out.

In the case of on-site reading, the PIN does not need to be entered by the cardholder. It is replaced by the entry or technical recording of the access number (Card Access Number - CAN) on the front of the ID card by the holder of the authorization.

Proof of identity vis-à-vis identification service providers

Companies and authorities can use a certified third-party service for proof of identity. The so-called identification service providers make the data from the use of the online ID function available to companies and authorities in individual cases. Identification service providers must apply for the authorization and the authorization certificate instead of the service providers.

You must also have your service certified by the Federal Office for Information Security (BSI). The authorizations are valid for a maximum of 3 years. In the event of a breach of the declaration made and the law, they can be withdrawn immediately at any time.

Note: As the applicant organization, you must commission the authorization certificate provider (BerCA) yourself. This means: On the basis of the positive authorization decision from the Federal Office of Administration (BVA), you conclude a contract directly with the authorization certificate provider (BerCA) for the technical procurement of the authorization certificate and the revocation lists.

When submitting your application, you must submit:

• Application form (completed and signed)
• Privacy policy
• Extract from the Commercial Register (for e-business only)
• Description of the interest in authorization on which the application is based
• For comprehension purposes, you can depict your business process using a flowchart and attach it to the application.
• If you are using a technical service company, please attach the contract.
• Certificate from the Federal Office for Information Security (BSI) (identification service providers only)

Be able to apply for an authorization certificate:

• Service providers
• Identification service provider
• On-site service providers

Further requirements:

• Requirements for service providers for your acquisition of an authorization:
  • Communicate and prove the identity of the service provider,
  • Description of the interest in an authorization on which the application is based, in particular the planned organization-related use
  • Proof of data protection and security measures
  • There must be no evidence of misuse of the authorization
• Special requirements for identification service providers:
  • Certificate from the Federal Office for Information Security (BSI) confirming compliance with the requirements
• You also need your own eID server or a service company as an eID service provider or
  • suitable software,
  • a reader for on-site reading and
  • a suitable integration of the ID card application into your website or background system.

• Objection
• Administrative court action
  

You must apply for the authorization certificate in writing or online at the Federal Office of Administration (BVA).

Written application:

• Go to the BVA website and fill in the application form electronically.
• Print out the completed form and sign it.
• Send the completed and signed form together with all other required documents by post to the issuing office for authorization certificates.
• The issuing office will check your application.
• You will then receive by post
  • proof of authorization or
  • a notification of rejection
  • or a request for a new application
  sent to you.

Online application:

• Go to the website of the federal portal and complete the application form electronically.
  • Note: You will need your ID card with PIN number to use the online function
• Attach the other required documents as a scan.
• Submit your application.
• The issuing office will check your application.
• You will then receive either by post or in your BundID digital inbox
  • proof of authorization or
  • a notification of rejection
  • (or a request to submit a new application)
  sent to you.
• You must then select an authorization certificate provider (BerCA) for the provision of authorization certificates and can then conclude a contract on the basis of the positive authorization decision.
• You can now operate your own eID server or select a service provider as an eID service provider.

You can also use the federal portal to submit additional information or documents for an existing application, withdraw your application or lodge an objection to a decision.

Note: eID service providers can support you with the procurement of certificates for a fee and provide the complete infrastructure.

Issuance of an authorization: Fee 102,00 EUR

Rejected eligibility request: Fee 80,00 EUR

Withdrawal or revocation of an authorization: Fee 115,00 EUR

There are no clues or specifics.