An authorization certificate is required for each electronic service that can be used with the online ID card, which authorizes authentication and authentication of the user and provider.
You can apply for an authorisation certificate:
- Service providers and
- identification service providers
- On-site service providers
The following authorizations are distinguished:
- the proof of identity to online service providers,
- the on-site readout at service providers and
- Proof of identity to identification service providers.
Proof of identity vis-à-vis online service providers
The authorization certificate gives you permission to request and process data from ID cards to identify the holder. The authorization certificate and the verified electronic keys enable technical access. You can use it to integrate the online ID card function as a digital means of identification in your own online service or in a vending machine or terminal.
In your application, you must explain why you have an interest in using the online ID card function and how you will use the ID card holders' personal data. You must also ensure that the data is sufficiently protected.
On-site reading at service providers
Wherever personal data such as name and address is to be transferred to a form, an on-site readout is a good option. The data is read out and transferred electronically.
The credential holder is present in person. Before the data is read out, the holder of the authorization must identify the cardholder by means of the printed photo and his/her personal data.
In the case of on-site readout, the PIN entry by the badge holder is not required. It is replaced by the entry or technical recording of the access number (Card Access Number - CAN) on the front of the ID card by the holder of the authorization.
Proof of identity to identification service providers
Businesses and government agencies can use a certified third-party service for proof of identity. The so-called identification service providers make the data from the use of the online ID function available to companies and authorities in individual cases. Identification service providers must apply for the authorisation and the authorisation certificate instead of the service providers.
They must also have their service certified by the Federal Office for Information Security.
The authorizations are valid for a maximum of 3 years. In the event of a breach of the declaration made and the law, they can be withdrawn immediately at any time.
You, as the applicant, must commission the authorisation certificate provider (BerCA) yourself. This means: On the basis of the positive authorization notice from the Federal Office of Administration (BVA), you conclude a contract directly with the provider of authorization certificates for the technical procurement of the authorization certificate and the revocation lists.
When submitting your application, you must submit:
- Extract from the commercial register (for e-business only)
- Description of the interest in authorization underlying the application.
- For comprehension purposes, you can depict your business process using a flow chart and attach it to the application.
- If you use a technical service provider, please attach the contract.
- Certificate of the Federal Office for Information Security (BSI) (only identification service providers)
Online procedure possible: yes
Written form required: yes
Personal appearance required: no
Antrag auf Erteilung eines Berechtigungszertifikates auf dem Personalausweisportal auf einer Internetseite des Bundesministeriums des Innern, für Bau und Heimat
Be able to apply for a certificate of authorization:
- Service Provider
- Identification service provider
- On-site service provider
Requirements for service providers for your acquisition of an authorization:
- Communicate and provide evidence of the service provider's identity,
- Description of the interest in authorization underlying the application, in particular for the planned organization-related use
- Proof of data protection and security measures
- There must be no indications of misuse of the authorisation.
Separate requirements for identification service providers:
- certificate from the Federal Office for Information Security (BSI) confirming compliance with the requirements
In addition, you need your own eID server or a service provider as eID service provider or
- suitable software,
- a reader for on-site reading and
- a suitable integration of the badge application into your website or background system.
§ 21 ff. Personalausweisgesetz (PAuswG)
§ 29 Personalausweisverordnung (PAuswV)
Informationen zum Personalausweis und zu der Beantragung eines Berechtigungszertifikats auf dem Personalausweisportal auf einer Internetseite des Bundesministeriums des Innern, für Bau und Heimat
You must apply for the Certificate of Eligibility in writing or online from the Federal Administrative Office (FIO).
- Go to the BVA website and fill out the application form electronically.
- Print out the completed form and sign it.
- Mail the completed and signed form, along with all other required documents, to the Certificate of Eligibility Awarding Office.
- The awarding office will review your application.
You will then receive by mail
- proof of eligibility or
- a notice of rejection
- or a request for a new application
mailed to you.
Go to the website of the federal portal and fill out the application form electronically.
- Note: For the online function, you will need your ID card with PIN number.
- Attach the other requested documents as a scan.
- Submit your application.
- The awarding office will check your application.
You will then receive by post
- sent you the proof of eligibility or
- a notice of rejection
- (or a request to reapply)
sent to you.
- You must then select an authorization certificate provider for the provision of the authorization certificates and can then conclude a contract on the basis of the positive authorization notice.
- You can now operate your own eID server or select a service provider as your eID service provider.
eID service providers can support you with the procurement of the certificates and provide the complete infrastructure for a fee.
Responsible for the content
No information available
Last update or date of publication