Law on the framework conditions for electronic signatures (Signature Act-SigG)

Unofficial table of contents

SigG

Date of completion: 16.05.2001

Full quote:

" Signature Act of 16 May 2001 (BGBl. 876), as last amended by Article 4 (111) of the Law of 7 August 2013 (BGBl). I p. 3154).

Status:

Last amended by Art. 4 Abs. 111 G v. 7.8.2013 I 3154

For more details, please refer to the menu under Notes
The notification requirements of Directive 98 /34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations (OJ L 139, 30.4.1998, p. EC No 37), as last amended by Directive 98 /48/EC of the European Parliament and of the Council of 20 July 1998 (OJ L 136, 31.5.1998, p. EC No 18), have been observed.

Footnote

The G was decided by the Bundestag as Article 1 G 9020-12/1 of 16.5.2001 I 876 (SigG2001uaÄndG). It's gem. Article 5 (1) of this G entered into force on 22 May 2001.

(+ + + Text proof: 22.5.2001 + + +) 
(+ + + Official note from the norm-provider on EC law: 
 Consideration of 
 ERL 34/98 (CELEX Nr: 31998L0034) + + +) 

  

Unofficial table of contents

Content Summary

First section
	General provisions
§ 1		Purpose and scope
§ 2		Definitions
§ 3		Competent authority
Second section
	Certification Service Providers
§ 4		General requirements
§ 5		Award of qualified certificates
§ 6		Obligation to teach
§ 7		Content of qualified certificates
§ 8		Locking qualified certificates
§ 9		Qualified Time Stamp
§ 10		Documentation
§ 11		Liability
§ 12		Coverage
§ 13		Recruitment of activities
§ 14		Data protection
Third Section
	Voluntary accreditation
§ 15		Voluntary accreditation of certification service providers
§ 16		Certificates of the competent authority
Fourth Section
	Technical Safety
§ 17		Products for qualified electronic signatures
§ 18		Recognition of inspection and certification bodies
Fifth Section
	Supervision
§ 19		Supervisory measures
§ 20		Obligation to contribute
Sixth Section
	Final provisions
§ 20a		Procedure for a single body
Section 21		Fines
Section 22		Fees, expenses and contributions
Section 23		Foreign electronic signatures and electronic signature products
§ 24		Regulation
Section 25		Transitional provisions

First section
General provisions

Unofficial table of contents

§ 1 Purpose and scope

(1) The purpose of the Act is to create a framework for electronic signatures. (2) Unless certain electronic signatures are required by law, their use is exempted. (3) Legislation may apply to: Public administration activities determine that the use of qualified electronic signatures will be subject to additional requirements. These requirements shall be objective, proportionate and non-discriminatory and shall relate only to the specific characteristics of the application in question. Unofficial table of contents

§ 2 Definitions

Within the meaning of this Act,

1.

"electronic signatures" means data in electronic form, which are attached or logically linked to other electronic data and which are used for authentication purposes,

2.

"advanced electronic signatures" means electronic signatures referred to in point 1, which

a)

are assigned exclusively to the signature key holder,

b)

to enable identification of the signature key holder,

c)

shall be generated by means of the signature key holder under its sole control, and

d)

with the data to which they refer, are linked in such a way that a subsequent change in the data can be detected,

3.

"qualified electronic signatures" means electronic signatures as referred to in point 2, which

a)

are based on a qualified certificate valid at the time of their production, and

b)

are created with a secure signature creation device,

4.

"signature key" means unique electronic data such as private cryptographic keys used to create an electronic signature,

5.

"signature verification key" means electronic data such as public cryptographic keys used to verify an electronic signature;

6.

"certificates" means electronic certificates with which a signature verification key is assigned to a person and the identity of that person is confirmed;

7.

"qualified certificates" means electronic certificates as referred to in point 6 for natural persons who meet the requirements of § 7 and are issued by certification-service providers, who shall at least meet the requirements of § § 4 to 14 or § 23 of this Act and the provisions of the Legal Regulation pursuant to § 24,

8.

"certification service provider" means any natural or legal person who issue qualified certificates or qualified time stamps;

9.

"Signature key holders" means natural persons who have signature keys; in the case of qualified electronic signatures, the associated signature verification keys must be assigned to them by qualified certificates,

10.

"secure signature-creation units" shall mean software or hardware units for the storage and application of the respective signature key, which shall at least meet the requirements of § 17 or § 23 of this Act and the provisions relating to it comply with Article 24 of the Regulation and which are intended for qualified electronic signatures,

11.

"Signature application components" software and hardware products that are intended to be used

a)

to supply data to the process of production or verification of qualified electronic signatures; or

b)

to verify qualified electronic signatures or to verify qualified certificates and to indicate the results,

12.

"technical components for certification services" means software or hardware products intended for this purpose,

a)

create signature keys and transfer them to a secure signature creation device,

b)

to hold qualified certificates publicly verifiable and, where appropriate, to be called up, or

c)

to produce qualified timestamps,

13.

"Products for qualified electronic signatures" means secure signature-creation devices, signature-application components and technical components for certification services,

14.

"qualified time stamp" means electronic certificates issued by a certification service provider, who shall at least meet the requirements laid down in § § 4 to 14 and § 17 or § 23 of this Act and the provisions of the legal regulation relating thereto. in accordance with § 24, that certain electronic data have been available to him at a given time,

15.

"voluntary accreditation" means a procedure for the granting of a permit for the operation of a certification service, with which special rights and obligations are linked.

Unofficial table of contents

§ 3 Competent Authority

The tasks of the competent authority in accordance with this law and the legal regulation according to § 24 are the responsibility of the Federal Network Agency for Electricity, Gas, Telecommunications, Post Office and Railways.

Second section
Certification Service Providers

Unofficial table of contents

§ 4 General requirements

(1) The operation of a certification service is free of approval within the framework of the laws. (2) A certification service may only operate on who the reliability and technical customer required for the operation as well as a security of financial security pursuant to § 12 , and the further conditions for the operation of a certification service pursuant to this Act and the regulation pursuant to § 24 (1), (3) and (4) are guaranteed. The necessary reliability is provided by who offers the guarantee to comply with the relevant legislation as a certification-service-provider. The necessary specialist knowledge shall be available if the persons involved in the operation of a certification service have the knowledge, experience and skills required for this activity. The further requirements for the operation of a certification service shall be fulfilled if the measures to meet the safety requirements laid down in this Act and the legal regulation according to Article 24 (1), (3) and (4) of the competent authority in a (3) Anyone who takes up the operation of a certification service must notify the competent authority at the latest with the holding of the holding. The notification shall indicate in an appropriate form that the conditions laid down in paragraph 2 are met. (4) The fulfilment of the conditions referred to in paragraph 2 shall be ensured throughout the period of the certification service's activity. The competent authority shall be notified without delay to the satisfaction of the competent authority. (5) The certification service provider may, by including in its security concept referred to in the second sentence of paragraph 2, carry out tasks under this Act and the Ordinance transferred to third parties pursuant to § 24. Unofficial table of contents

§ 5 Award of qualified certificates

(1) The certification-service-provider shall be able to reliably identify persons applying for a qualified certificate. It may, with the consent of the applicant, use personal data collected by the certification-service-provider at an earlier date, provided that such data provide reliable identification of the applicant in accordance with the first sentence of the first sentence. . It has to confirm the assignment of a signature verification key to an identified person through a qualified certificate and to keep it verifiable and retrievable at any time for anyone via publicly accessible communication connections. A qualified certificate may only be obtained with the consent of the holder of the signature key. (2) A qualified certificate may, at the request of an applicant, provide information about his representative power for a third person, as well as include job-related or other information about his/her person (attributes). With regard to the information on the power of representation, the third person's consent must be established; occupational or other information on the person must be confirmed by the body responsible for the professional or other information. Information on the power of representation for a third person may only be obtained if the applicant has given his consent in accordance with the second sentence, professional or other information provided by the applicant to the person only upon presentation of the confirmation after sentence 2 into a qualified certificate. be included. Further personal data may only be included in a qualified certificate with the consent of the person concerned. (3) The certification-service-provider has in place at the request of an applicant in a qualified certificate. of his name, a pseudonym. If a qualified certificate contains information about a power of representation for a third person or a professional or other information on the person, a consent of the third person or for the professional or other information shall be provided. competent authority to use the pseudonym. (4) The certification-service-provider has to make arrangements to ensure that data for qualified certificates cannot be falsified or falsified unnoticed. He has continued to make arrangements to ensure the secrecy of the signature keys. A storage of signature keys outside the secure signature creation device is inadmissible. (5) The certification service provider has reliable personnel and products for the performance of certification activities. electronic signatures which satisfy at least the requirements of § § 4 to 14 as well as § 17 or § 23 of this Act and the legal regulation pursuant to § 24. (6) The certification-service-provider has to comply in a suitable manner to convince the applicant that the associated secure signature-creation unit . Unofficial table of contents

§ 6 compulsory education

(1) The certification-service-provider shall inform the applicant in accordance with Article 5 (1) of the measures necessary to contribute to the safety of qualified electronic signatures and to their reliable verification. It has to inform the applicant that data with a qualified electronic signature should be resigned, if necessary, before the safety value of the existing signature is reduced by time-lapse. (2) The Certification-service-provider shall inform the applicant that a qualified electronic signature in legal transactions has the same effect as a personal signature if the law does not specify another one. (3) In order to be informed in accordance with paragraphs 1 and 2, the applicant shall be sent a text in text form to the applicant, to confirm their acceptance of the certificate as a prerequisite for the issuing of the qualified certificate in text form. In so far as an applicant has already been informed at an earlier date in accordance with paragraphs 1 and 2, a re-briefing may be maintained. Unofficial table of contents

§ 7 Content of qualified certificates

(1) A qualified certificate shall contain the following information and shall bear a qualified electronic signature:

1.

the name of the signature-key holder, which should be provided with an addition in the event of confusion, or an unmistakable pseudonym assigned to the holder of the signature key, which must be identified as such,

2.

the associated signature verification key,

3.

the designation of the algorithms used to use the signature verification key of the signature key holder and the signature verification key of the certification service provider;

4.

the serial number of the certificate;

5.

the beginning and end of the validity of the certificate;

6.

the name of the certification service provider and the State in which it is established;

7.

Information on whether the use of the signature key is limited to specific applications by type or scope,

8.

information that it is a qualified certificate, and

9.

as required attributes of the signature key holder.

(2) Attributes can also be included in a separate qualified certificate (Qualified Attribute Certificate). In the case of a qualified attribute certificate, the information referred to in paragraph 1 may be replaced by clear reference data of the qualified certificate to which they refer, provided that they are not intended for the use of the qualified certificate. Attribute certificates are required. Unofficial table of contents

§ 8 blocking of qualified certificates

(1) The certification service provider shall immediately block a qualified certificate if a signature key holder or his representative requests it, the certificate has been issued on the basis of incorrect information on § 7, the Certification-service-provider shall end its activities and this shall not be continued by another certification-service-provider, or the competent authority shall arrange for a blocking action in accordance with section 19 (4). Further blocking grounds may be contractually agreed. The blocking must include the time at which it applies. A retroactive locking is inadmissible. If a qualified certificate has been issued with incorrect information, the certification-service-provider may make this additional information. (2) If a qualified certificate contains information according to § 5 (2), the third person or the person responsible for the occupational or other information relating to the person responsible, if the conditions for the professional or other information relating to the person after admission to the qualified certificate are not fulfilled, a blocking of the relevant body The certificate referred to in paragraph 1 shall be required. Unofficial table of contents

§ 9 Qualified Time Stamp

If a certification-service-provider provides qualified timestamps, Section 5 (5) shall apply accordingly. Unofficial table of contents

§ 10 Documentation

(1) The certification-service-provider shall document the security measures to comply with this law and the regulation pursuant to § 24 (1), (3) and (4), as well as the qualified certificates issued in accordance with sentence 2, in such a way that: the data and its unadulteousness are verifiable at any time. The documentation must be made immediately in such a way that it cannot be altered unnoticed afterwards. This applies in particular to the issuing and blocking of qualified certificates. (2) On request, the holder of the signature key is to be granted access to the data and procedural steps concerning him. Unofficial table of contents

§ 11 Liability

(1) If a certification-service-provider meets the requirements of this Act or of the legal regulation according to § 24 or fails its products for qualified electronic signatures or other technical safety devices, he/she shall to replace a third party with the damage caused by the fact that he is familiar with the information contained in a qualified certificate, a qualified time stamp or an information according to § 5 (1) sentence 3. The replacement obligation does not occur if the third party knew or had to know the error of the indication. (2) The replacement obligation does not occur if the certification service provider has not acted culpably. (3) If a qualified Certificate that the use of the signature key is limited to certain applications by type or scope, the replacement obligation only occurs within the scope of these limitations. (4) The certification service provider is liable for commissioned third parties in accordance with § 4 (5) and in the case of foreign certificates pursuant to section 23 (1) no. 2 as for own Act. § 831 (1) sentence 2 of the Civil Code does not apply. Unofficial table of contents

§ 12 Cover provision

The certification-service-provider is obliged to take appropriate financial security measures so that it can comply with its legal obligations to compensate for damage caused by the fact that it complies with the requirements of this law or the legal regulation in accordance with § 24, or its products fail for qualified electronic signatures or other technical security devices. The minimum sum shall be EUR 250,000 each for a damage caused by a liability event of the kind referred to in the first sentence. Unofficial table of contents

Section 13 Cessation of activity

(1) The certification-service-provider shall immediately notify the competent authority of the cessation of its activity. It shall ensure that the qualified certificates valid when the activity is set are taken over by another certification service provider, or to block them. It has to notify the signature key holders concerned of the cessation of their activity and the acceptance of the qualified certificates by another certification service provider. (2) The certification-service-provider has the Documentation in accordance with § 10 to the certification service provider, which takes over the certificates referred to in paragraph 1, to be handed over. If no other certification-service-provider takes over the documentation, the competent authority shall take over the documentation. In the event of a legitimate interest, the competent authority shall provide information on the documentation provided for in the second sentence, insofar as this is technically possible without excessive effort. (3) The certification service provider has submitted a request to: The opening of insolvency proceedings shall be notified immediately to the competent authority. Unofficial table of contents

§ 14 Data protection

(1) The certification service provider may only collect personal data directly with the person concerned and only insofar as this is necessary for the purposes of a qualified certificate. Data collection in the case of third parties is only permitted with the consent of the person concerned. For purposes other than those referred to in the first sentence, the data may only be used if this law permits or has allowed the person concerned to consent. (2) The certification service provider has the data on the identity of a to forward to the competent authorities, at their request, signature-key holders, insofar as they are responsible for the prosecution of criminal offences or administrative offences, the prevention of threats to public security or order, or to the performance of the Legal tasks of the federal and state constitutional protection authorities, the The Federal Intelligence Service, the Military Shielding Service or the financial authorities shall be required, or in so far as the courts order, in the context of pending proceedings, in accordance with the provisions in force for this purpose. The information is to be documented. The requesting authority shall inform the signature key holder of the transfer of the data as soon as this does not affect the performance of the legal tasks or if the interest of the holder of the signature key is not affected. (3) In so far as other certification service providers other than those referred to in Article 2 (8) issue certificates for electronic signatures, the provisions of paragraphs 1 and 2 shall apply accordingly.

Third Section
Voluntary accreditation

Unofficial table of contents

§ 15 Voluntary Accreditation of Certification Service Providers

(1) Certification service providers may, on request, be accredited by the competent authority, and the competent authority may use the accreditation of private bodies. Accreditation shall be granted if the certification-service-provider proves that the provisions are fulfilled in accordance with this Act and by the ordinance on the law pursuant to § 24. Accredited certification-service providers shall receive a quality mark from the competent authority. This will provide proof of the technical and administrative security of the qualified electronic signatures (qualified electronic signatures) based on their qualified certificates. Provider-accreditation). You may refer to yourself as an accredited certification service provider and rely on the proven security in the legal and commercial transactions. (2) In order to fulfil the requirements of paragraph 1, the security concept must be based on § 4 para. 2 Sentence 4, by a body according to § 18, shall be fully examined and confirmed for its suitability and practical implementation. The examination and confirmation shall be repeated in accordance with safety-related changes and at regular intervals. (3) The accreditation may be accompanied by secondary provisions, to the extent that this is necessary in order to fulfil the requirements of the (4) The accreditation must be refused if the conditions under this Act and the regulation pursuant to § 24 are not fulfilled. (5) In the event of non-compliance with the obligations arising from the competent authority shall revoke the accreditation or, in so far as the reasons existed at the time of accreditation, in accordance with paragraph 24 or in the event of a failure to act pursuant to paragraph 4, the competent authority shall revoke the accreditation or (6) In the event of withdrawal or withdrawal of an accreditation, or in the event of a cessation of the activities of an accredited certification-service provider, the competent authority to take over the activity by another accredited To ensure certification service providers or the handling of the contracts with the signature key holders. This shall also apply if the insolvency proceedings are to be opened if the activity is not continued. If no other accredited certification-service provider takes over the documentation in accordance with § 13 para. 2, the competent authority shall take over these documents; § 10 para. 1 sentence 1 shall apply mutas.. (7) For products for qualified electronic signatures the fulfilment of the requirements pursuant to section 17 (1) to (3) and the legal regulation according to § 24 according to the state of science and technology must have been adequately tested and confirmed by a post in accordance with § 18; paragraph 1, sentence 3, shall be subject to appropriate conditions. Application. The accredited certification service provider has

1.

to use for its certification activities only products for qualified electronic signatures, tested and confirmed in accordance with the first sentence,

2.

to issue qualified certificates only for persons who have been verifiably certified according to the first sentence and have confirmed secure signature-creation units, and

3.

to inform the signature key holders of the signature application components tested and confirmed in accordance with the first sentence of § 6 (1).

Unofficial table of contents

§ 16 Certificates of the competent authority

(1) The competent authority shall issue the accredited certification service providers with the qualified certificates required for their activities. The rules governing the award and closure of qualified certificates by accredited certification-service providers shall apply accordingly to the competent authority. It shall block qualified certificates issued by it if an accredited certification service provider ceasers its activity or if an accreditation is withdrawn or revoked. (2) The competent authority shall have:

1.

the names, addresses and communication links of the accredited certification-service providers,

2.

the revocation or withdrawal of an accreditation;

3.

the qualified certificates it has issued and the blocking thereof; and

4.

the termination and subsatiation of the operation of an accredited certification service provider

(3) If necessary, the competent authority shall also provide the electronic equipment required by the certification-service providers or manufacturers Certificates for the automatic authentication of products according to § 15 paragraph 7.

Fourth Section
Technical Safety

Unofficial table of contents

§ 17 Products for qualified electronic signatures

(1) Secure signature creation units shall be used for the storage of signature keys and for the generation of qualified electronic signatures, and the falsifications of the signatures and falsifications of signed data shall be reliable to identify and protect against unauthorized use of the signature keys. If the signature keys are created on a secure signature-creation unit itself, paragraph 3 (1) shall apply accordingly. (2) For the presentation of data to be signed, signature-application components are required to produce a qualified electronic signature in advance, and determine the data to which the signature refers. Signature application components are required to verify signed data, which can be determined

1.

what data the signature refers to,

2.

whether the signed data are unchanged,

3.

which signature key holder is to be assigned the signature,

4.

which content has the qualified certificate on which the signature is based and its qualified attribute certificates, and

5.

the result of the verification of certificates in accordance with Section 5 (1) sentence 3.

Signature application components must also allow sufficient recognition of the content of the data to be signed or signed, as required. The signature key holders shall use such signature application components or other appropriate measures to ensure the safety of qualified electronic signatures. (3) The technical components for certification services shall be required to: include arrangements to:

1.

in the case of the generation and transmission of signature keys, to ensure the integrity and confidentiality of the signature keys and to exclude storage outside the secure signature-creation unit,

2.

protect qualified certificates which are verifiable or held in accordance with the third sentence of Article 5 (1), against unauthorised alteration and unauthorised access, and

3.

to exclude forgeries and falsifications in the case of production of qualified time stamps.

(4) The fulfilment of the requirements laid down in paragraphs 1 and 3 (1) and the legal regulation according to § 24 shall be confirmed by a post in accordance with § 18. In order to meet the requirements laid down in paragraphs 2 and 3 (2) and (3), a declaration by the manufacturer of the product shall be sufficient for qualified electronic signatures. The manufacturer shall, at the latest at the time of placing the product on the market, deposit a copy of his declaration in written form with the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway. Manufacturers ' declarations, which comply with the requirements of the law and the ordinance pursuant to § 24, shall be published in the Official Journal of the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways. Unofficial table of contents

§ 18 Recognition of inspection and certification bodies

(1) The competent authority shall recognise a natural or legal person on request as a confirmation body in accordance with § 17 (4) or § 15 (7) sentence 1 or as a verification and confirmation body in accordance with § 15 (2) if the latter are the required reliability, independence and technical expertise. The recognition may be limited in content, provisionally or provided with a freeze, and may be subject to conditions. If the competent authority has not decided on the application within three months, the recognition shall be deemed to have been granted; the provisions of the Administrative Procedure Act concerning the approval shall apply accordingly. (2) The provisions referred to in paragraph 1 shall apply. recognised bodies have to carry out their duties impartially, free of instructions and conscientiously. You have to document the examinations and confirmations and hand over the documentation to the competent authority in case of termination of your activity.

Fifth Section
Supervision

Unofficial table of contents

Section 19 Supervisory Measures

(1) The competent authority shall be responsible for supervising compliance with this law and the legal regulation in accordance with Section 24, which may be used in the implementation of the supervision of private bodies. A certification-service provider shall be subject to the supervision of the competent authority by the establishment of the holding. (2) The competent authority may take measures to ensure compliance with this law with respect to certification-service-providers. (3) The competent authority shall temporarily, in part or in part, prohibit the establishment of a certification-service-service provider if the facts justify the assumption that:

1.

does not have the reliability required for the operation of a certification service,

2.

does not show that the technical customer required for the operation is available,

3.

does not have the necessary financial security,

4.

used unsuitable products for qualified electronic signatures; or

5.

the further conditions for the operation of a certification service under this law and the legal regulation according to § 24 are not fulfilled

(4) The competent authority may order a blocking of qualified certificates if the facts justify the assumption that qualified certificates are falsified or not sufficiently be forgery-proof or that secure signature-creation units have security deficiencies which allow unnoticed falsification of qualified electronic signatures or unnoticed falsification of signed data. (5) The validity of the security issued by a certification service provider (6) The competent authority shall have the names of the certificates indicated by the competent authority. (6) The competent authority shall have the names of the certificates which have been shown to the competent authority. Certification-service-providers and the certification-service-providers who have ceased their activities in accordance with § 13 or whose holding has been prohibited in accordance with § 19 (3), can be called up for anyone via publicly accessible communication links. . Unofficial table of contents

Section 20 obligation to participate

(1) The certification-service-providers and the third parties operating pursuant to § 4 (5) shall have the responsibility of the competent authority and the persons acting on their behalf to enter the business and operating premises during the normal operating hours. shall, at the request of the books, records, supporting documents, documents and other documents, be allowed to be presented in an appropriate manner, including in so far as they are conducted in electronic form, to provide information and to provide information on the to provide the necessary assistance. (2) The information provided for the purposes of the provision of information may refuse to provide information if he or she himself or one of the members of the civil procedure referred to in Article 383 (1) (1) to (3) of the Code of Civil Procedure is liable to prosecution for a criminal offence or a procedure under the law on It would be subject to misalignment. He must be informed of this right.

Sixth Section
Final provisions

Unofficial table of contents

Section 20a Procedure on a single body

Administrative procedures in accordance with this Act or under a legal regulation adopted pursuant to this Act may be dealt with by a single entity in accordance with the provisions of the Administrative Procedure Act. Unofficial table of contents

Section 21 Penal rules

(1) Contrary to the law, those who intentionally or negligently act

1.

contrary to § 4 (2) sentence 1, also in conjunction with a decree-law pursuant to § 24 no. 1, 3 and 4, a certification service operates,

2.

, contrary to § 4 (3) sentence 1 or section 13 (1) sentence 1, an advertisement is not reimbursed, not correct or not reimbursed in good time,

3.

Contrary to § 5 (1) sentence 1 in conjunction with a legal regulation pursuant to § 24 no. 1, a person does not identify, not correctly or not in time,

4.

Contrary to § 5 (1) sentence 3, also in conjunction with a regulation pursuant to § 24 no. 1, a qualified certificate is not verifiable,

5.

holding a qualified certificate in accordance with Section 5 (1) sentence 4,

6.

, contrary to § 5 (2) sentence 3 or 4, receives an indication in a qualified certificate,

7.

contrary to § 5 (4) sentence 2, even in connection with a regulation pursuant to § 24 no. 1, a provision does not or is not correctly applied,

8.

, contrary to § 5 para. 4 sentence 3, stores a signature key,

9.

Contrary to § 10 (1) sentence 1, also in connection with a legal regulation pursuant to § 24 no. 1, a security measure or a qualified certificate is not documented correctly or not in good time,

10.

Contrary to § 13 (1) sentence 2, also in connection with a regulation pursuant to § 24 no. 1, it does not ensure that a qualified certificate is taken over by another certification-service provider and that a qualified certificate is not or not does not lock in time or

11.

Contrary to § 13 para. 1 sentence 3 in conjunction with a legal regulation pursuant to § 24 no. 1, a signature key holder does not notify, not correct or not in good time.

(2) In the cases referred to in paragraph 1 (1), (7) and (8), the administrative offence may be punishable by a fine of up to fifty thousand euros, and in the other cases with a fine of up to ten thousand euros. (3) Administrative authority within the meaning of section 36 (1) no. 1 of the Law on Administrative Offences is the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways. Unofficial table of contents

§ 22 Fees, deposits and contributions

(1) The competent authority levies and levies for the following public services which are attributable to the following individual public services:

1.

Measures in the context of voluntary accreditation of certification-service-providers according to § 15 and the legal regulation according to § 24,

2.

Measures in the context of the issuing of qualified certificates pursuant to § 16 (1) and the issuing of certificates pursuant to § 16 (3),

3.

Measures in the context of the recognition of inspection and certification bodies in accordance with § 18 and the legal regulation according to § 24,

4.

Measures in the context of supervision pursuant to § 19 (1) to (4) in conjunction with § 4 (2) to (4) and the legal regulation according to § 24.

Fees and expenses shall also be levied on the administrative burden resulting from the authority being served by the authority in carrying out the supervision of private bodies. For individually attributable public services in accordance with the first sentence, fees are levied to cover the administrative expenses. (2) Certification service providers who have indicated the operation in accordance with § 4 paragraph 3 shall have to pay the administrative burden. to pay a charge to the competent authority for the permanent fulfilment of the conditions laid down in section 19 (6), which is to be charged as an annual contribution. Certification-service-providers, which are accredited in accordance with § 15 (1), have to pay a charge to the competent authority to pay the administrative burden for the permanent fulfilment of the requirements pursuant to § 16 (2), which is the annual contribution is collected. Unofficial table of contents

Section 23 Foreign electronic signatures and products for electronic signatures

(1) Electronic signatures, for which a foreign qualified certificate from another Member State of the European Union or from another State Party to the Agreement on the European Economic Area is present, shall, as far as they are concerned, be Article 5 (1) of Directive 1999 /93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (OJ L 393, 30.12.1999, p. EC 2000 No 2), as amended, shall be equivalent to qualified electronic signatures. Electronic signatures from third countries are equivalent to qualified electronic signatures, if the certificate is issued by a certification service provider there publicly as a qualified certificate and for an electronic Signature within the meaning of Article 5 (1) of Directive 1999 /93/EC and where:

1.

the certification-service-provider fulfils the requirements of the Directive and is accredited in a Member State of the European Union or of another State Party to the Agreement on the European Economic Area, or

2.

a certification service provider established in the Community, which satisfies the requirements of the Directive for which the certificate is received; or

3.

the certificate or the certification-service-provider is recognised in the framework of a bilateral or multilateral agreement between the European Union and third countries or international organisations.

(2) Electronic signatures referred to in paragraph 1 shall be equivalent to qualified electronic signatures with provider accreditation in accordance with Section 15 (1) if they are demonstrably equivalent to security. (3) Products for electronic signatures which have been found in another Member State of the European Union or in another State Party to the Agreement on the European Economic Area, that they meet the requirements of Directive 1999 /93/EC, as amended, shall be recognised. The products for qualified electronic signatures tested in accordance with Article 15 (7) shall be treated as products for electronic signatures from a State referred to in the first sentence or from a third country if they are demonstrably equivalent to . Unofficial table of contents

Section 24 Legal Regulation

The Federal Government is empowered to adopt by means of law the necessary legislation for the implementation of Articles 3 to 23 of this Act.

1.

the design of the obligations of the certification-service-providers in relation to the holding of operations and during the operation as well as in the setting of the holding pursuant to § 4 (2) and (3), § § 5, 6 para. 1, § § 8, 10, 13 and 15,

2.

the chargeable facts and rates of the fees and the amount of the contributions and the procedure for the collection of contributions by the competent authority; in the assessment of the contributions, the administrative burden (personnel and material expenses) and to apply the investment effort to the extent that it is not already paid for by a fee;

3.

the design of the content and the validity period of qualified certificates according to § 7,

4.

the amount, amount and content of the security benefits permitted pursuant to § 12 of the obligation to fulfil the obligation to cover the security of the financial services,

5.

the detailed requirements for products for qualified electronic signatures pursuant to § 17 (1) to (3) as well as the verification of these products and the confirmation that the requirements are met, in accordance with § 17 (4) and § 15 (7),

6.

the details of the procedure for the recognition and the activities of audit and certification bodies in accordance with § 18,

7.

the period of time and the procedure after which data should be resigned with a qualified electronic signature in accordance with Article 6 (1) sentence 2;

8.

the procedure for establishing the equivalent security of foreign electronic signatures and foreign products for electronic signatures in accordance with section 23.

Unofficial table of contents

Section 25 Transitional provisions

(1) According to the Signature Act of 22 July 1997 (BGBl. I p. 1870, 1872), as amended by Article 5 of the Law of 19 December 1998 (BGBl. I p. 3836), approved certification bodies are deemed to be accredited within the meaning of § 15. Within three months of the entry into force of this Act, the competent authority shall provide the competent authority with proof of cover in accordance with § 12. (2) The certification bodies referred to in paragraph 1 shall be submitted to the competent authority by the date of entry into force of this Act in accordance with § 12 5 of the Signature Act of 22 July 1997 (BGBl. I p. 1870, 1872), as amended by Article 5 of the Law of 19 December 1998 (BGBl. 3836), certificates issued are equivalent to qualified certificates. Holders of certificates referred to in the first sentence shall be notified in an appropriate manner within six months of the entry into force of this Act by the certification body in accordance with § 6 para. 2. (3) The recognition of the certificates issued by the competent authority of Audit and certification bodies according to § 4 paragraph 3 sentence 3 and § 14 para. 4 of the Signature Act of 22 July 1997 (BGBl. I p. 1870, 1872), as amended by Article 5 of the Law of 19 December 1998 (BGBl. 3836), retain their validity as far as they are in accordance with § 18 of this Act. (4) Technical components in which the fulfilment of the requirements according to § 14 para. 4 of the Signature Act of 22 July 1997 (BGBl. I p. 1870, 1872), products for qualified electronic signatures are treated as equivalent to the provisions of Section 15 (7) of this Act.