Receive accreditation as a De-Mail service provider

You must apply for accreditation as a De-Mail service provider in writing. The BSI recommends that you announce your application informally before you obtain the evidence.

Application phase:

• The BSI offers you an information meeting before you submit your application. During the interview, you can find out about the effort involved in the procedure and possible costs.
• Then complete the application form in full and send it to the BSI with all the necessary documents.
• BSI will check your application for formal correctness and completeness. It will also check the evidence you have submitted for formal and factual accuracy, completeness and validity.
• The result of the assessment of your application will be summarized by the BSI in an accreditation report. If you need to improve the documents submitted, the BSI will inform you of this.

Assessment phase:

• Based on the assessment of your application and the evidence, the BSI decides on your accreditation. It will inform you of its decision in writing.
• If you are accredited, the BSI will issue you with an accreditation certificate, the quality mark and a report on your accreditation. You must renew your accreditation after three years at the latest.
• Before a negative decision is sent, the BSI will inform you of the reasons for the rejection. You have two weeks to comment on this. If possible, the BSI will give you the opportunity to rectify the deficiencies.

Operational phase:

• As soon as your accreditation is complete, the operational phase begins: you may now offer your De-Mail services.
• From the time of accreditation and the start of operation of the De-Mail services, you are subject to supervision by the BSI. This obliges you to do the following:
  • You must report security vulnerabilities immediately.
  • You must grant BSI employees access to business premises and relevant documents.
  • You must inform the BSI immediately of any changes to your company that affect the accreditation requirements.
• The BSI ensures continuous cooperation through meetings and workshops on an ad hoc basis. Under certain circumstances, the BSI may temporarily prohibit you from operating.
  

As a De-Mail service provider, you must:

• have the necessary reliability and expertise to operate De-Mail services,
• have suitable insurance cover in order to be able to provide compensation for possible damages,
• meet the technical and organizational requirements so that you can provide the services reliably and securely, and
• comply with data protection requirements when designing and operating De-Mail services.
  

General information about the company:

• Company presentation,
• Extract from the commercial, cooperative, partnership or association register,
• Copy of the business registration and
• Insolvency certificate (self-insurance) that the company is not in insolvency or liquidation.

The general proof of the company must not be older than six months.

Further proof required:

• Test certificates from certified IT security service providers De-Mail with the associated test reports (not older than six months),
• a data protection certificate from the Federal Commissioner for Data Protection and Information Security and
• Proof of:
  • Reliability,
  • expertise and
  • insurance cover.
    

The fees for your accreditation are based on the time required for the procedure. The following hourly rates apply:

• EUR 84.00 per hour for employees in the higher civil service,
• EUR 68.00 per hour for senior civil servants and
• EUR 54.00 per hour for employees in the intermediate service.

• Accreditation must be renewed after three years at the latest. You must submit the application at least three months before your accreditation expires.

maximum 3 months

• § Section 17 et seq. of the De-Mail Act (De-Mail-G)

Forms: Application for accreditation as a De-Mail service provider

Online procedure possible: no

Written form required: yes

Personal appearance required: no

• Application for accreditation as a De-Mail service provider

14.08.2019