Electronic Signature

Last update 30/07/2024

A qualified electronic signature is needed for electronic communication when written form is used. Please note that the application procedure to obtain a signature card required for this purpose may take up to three months.

Source: © H_Ko - stock.adobe.com

Procurement of QES signature cards and card readers from within Germany

Signature cards and suitable readers supported by commercially available signature application components, along with the mailbox application VPS Mail, can be obtained from the software manufacturer Governikus. You can purchase them from trust centres.

When applying for a card, please make sure it is in the holder's proper name and not a pseudonym.

You can find all signature cards and readers supported by the DEHSt platform and VPS Mail in the list below.

In order to acquire a signature card with a Qualified Electronic Signature (QES signature card), you must apply for one at the trust centre of your choice. Applying for a card is usually done online on the provider's website.

On filling out the required application forms, you still have to identify yourself personally with a valid identification document. Trust centres offer various procedures for this, e.g. you can go to the trust centre in person. The PostIdent procedure is most commonly used; here you must go to Deutsche Post (German Post) with the printed, signed application forms and identify yourself using your identity document.

You can purchase signature cards and readers from the providers listed below, irrespective of whether you belong to certain professional groups, associations or banks.

Important: Agree to publication of the certificate

Please note that when you apply for the qualified electronic signature card, you must always agree to the publication of your certificate in the provider's online certificate database. This is the only way we, the German Emissions Trading Authority, can check whether your certificate is valid.

List of all supported signature cards and readers (available in German only)

Governikus: Unterstützte Betriebssysteme – Chipkartenlesegeräte - Signaturkarten

Provider (available in German only)

Bundesdruckerei D-Trust

Deutsches Gesundheitsnetzwerk DGN

Telekom TeleSec

Bundesnetzagentur: Anbieter qualifizierte elektronische Signatur

Procurement of QES signature cards and card readers from abroad

In general, it is possible for all foreign users to acquire a signature card from any of the German Trust Centers. All they need to do is to report in person at the Trust Center for identification. Some Trust Centers also offer the opportunity to send so-called Registration Agencies to the customers to complete the personal identification. A list of providers currently approved in Germany can be found on the Bundesnetzagentur (Federal Network Agency) website.

Currently there is no known supplier who offers a world-wide identification method to obtain a German signature card outside Germany. The signature card issuer D-Trust does however provide, if possible, a method via a legal representative with German approval in the respective country.

Persons non-resident in Germany should send an email to service@d-trust.net and ask to be contacted. For this purpose, please use the following subject: "Acquisition of a D-Trust signature card with QES from abroad (respective country)". If D-Trust fails to find a way to identify you in your country, please contact DEHSt customer service directly.

Please make sure that the signature card and card reader of the respective provider are supported by VPSMail (see VPS Mail User Documentation).

Federal Printing Office D-Trust (available in German only)

Bundesdruckerei D-Trust

List of all supported signature cards and readers (available in German only)

Governikus: Unterstützte Betriebssysteme – Chipkartenlesegeräte - Signaturkarten

German Federal Network Agency (available in German only)

Bundesnetzagentur: Anbieter qualifizierte elektronische Signatur

Special information for auditors and tax advisors

If you are an auditor or tax advisor, you must have the professional attribute ‘auditor’, ‘certified auditor’ or ‘tax advisor’ entered in your signature certificate.

For this purpose, the trust centre provides a form which you must fill out and which must be authenticated by the competent chamber. Processing at the chamber usually takes one to two working days.

Factual background – QES with signature card or as remote signature

In accordance with Section 126a of the German Civil Code (BGB), ‘qualified electronic signatures’ are legally equal to the status of a handwritten signature.

In order to use qualified electronic signatures, it is a prerequisite that they remain valid at the time of use. Qualified signature certificates are issued for a period of between two and a maximum of five years. A certificate is valid if it is within this period and has not been revoked.

The use of qualified electronic signatures guarantees complete data security and the authenticity of documents during transmission.

An electronic signature is not a signature in the conventional sense. It is based on a complex mathematical process that calculates a specific ‘electronic fingerprint’ for each document to be signed. This value is encrypted with the signatory's secret key and can only be made visible again by applying the corresponding public key. In this way, the electronic signature can be unambiguously assigned to a person. Only the owner of a private signature key can use it. Any punctuation marks or words changed after the signature has been applied would break the electronic seal. This guarantees an extraordinarily high level of security.

Qualified electronic signatures are offered in two forms, either a chip card or as a remote signature.

In the case of qualified signature cards, the private (secret) key for personal signatures is securely stored on a chip card ensuring it cannot be read or copied and misused. Similar to a credit card, the card is secured by a four- to eight-digit PIN which can be chosen by the holder and must be kept secret. If the PIN is incorrectly entered three times, the card will be blocked. Depending on the card provider (trust service provider), the card is then irrevocably blocked, or the card can be reactivated for a limited number of attempts by entering a PUK (super PIN).

The public and secret keys for electronic qualified signatures are generated and issued by Trust Centres that are approved by the Federal Network Agency. For this purpose, it is imperative that the identity of the future key holder is securely verified by presenting a valid identity document.

In the case of remote signatures, the private (secret) key is stored by the Trust Centre in a high-security module ensuring secure access. The range of remote signatures is currently limited to signing PDF files. This is not sufficient for most of DEHSt's enforcement procedures. A signature card with a qualified electronic signature is therefore still required for the submission of complex data messages created using the DEHSt platform or the FMS. You can only use the remote signature for communication with the DEHSt in cases where PDF files need to be transmitted. This especially applies to register procedures where applications for an account and authorisations must be signed.

If you want to use a remote signature, you can choose a remote signature provider that offers qualified electronic signatures in accordance with Article 3(12) and Article 25(2) of eIDAS Regulation (EU) No 910/2014. When purchasing remote signatures from abroad, it might be necessary to have an address within the European Union. If you encounter any problems in this regard, please contact our customer service.

The public and secret keys for electronic qualified signatures are generated and issued by Trust Centres approved by the Federal Network Ag

To the topic (partly available in German only)

eIDAS Regulation (EU) No. 910/2014

Bundesnetzagentur: Anbieter qualifizierte elektronische Signatur

Our Customer Service

Contact