German Emissions Trading Authority

Electronic signature

For digital communication that is to meet written form requirements, the use of qualified electronic (digital) signatures is mandatory in compliance with eIDAS (Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014). Please note that the application procedure for the required signature card may take up to three months.

How to get an electronic signature


An overview of signature cards (only available in German) supported by the postbox application VPSMail has been compiled by Governikus. Signature cards are available from certification service providers. A list of current providers can be found at the Federal Network Agency.

An overview of card readers (only available in German) supported by VPS at DEHSt has been compiled by Governikus. DEHSt recommends choosing a signature application component from this list, as these comply with the legal requirements.



In general, it is possible for all foreign users to acquire a signature card from any of the German Trust Centers. All they need to do is to report in person at the Trust Center for identification. Some Trust Centers also offer the opportunity to send so-called Registration Agencies (RA) to the customers to complete the personal identification. A list of providers currently approved in Germany can be found on the Bundesnetzagentur (Federal Network Agency) website.

Currently there is no known supplier who offers a world-wide identification method to obtain a German signature card outside Germany. The signature card issuer D-Trust does however provide, if possible, a method via a legal representative with German approval in the respective country.

Persons non-resident in Germany should send an email to and ask to be contacted. For this purpose, please use the following subject: "Acquisition of a D-Trust signature card with QES from abroad (respective country)". If D-Trust fails to find a way to identify you in your country, please contact DEHSt customer service directly.

Please make sure that the signature card and card reader of the respective provider are supported by VPSMail (see VPSMail User Documentation).


Card reader

An overview of card readers (only available in German) supported by VPS at DEHSt has been compiled by Governikus. DEHSt recommends choosing a signature application component from this list, as these comply with the legal requirements.

Other software that may be required

If the purchased signature card does not include software that permits the activation of the card and a change of PIN, such signature software can be downloaded from Governikus free of charge for certain cards.


Technical Support

Please address your technical enquiries directly to Governikus:

Phone: +49 (0)421 204 95-900

Mondays to Fridays from 9:00 a.m. to 5 p.m.


Technical background

"Qualified electronic signatures", as defined by the Signature Act, convey digital signatures a legal status equivalent to hand signatures.

Qualified signatures can only be used during their validity period. Signature cards that are issued may be valid for two up to five years, and so is the certificate unless the card has been cancelled.

The use of qualified electronic signatures guarantees complete data security and protects the authenticity of the documents sent.

An electronic signature is not a signature in the conventional sense, but is based on a complex mathematical method which creates a specific electronic fingerprint for every document to be signed. This is then encrypted using the private key of the signatory party and can only be made visible using the coordinate public key. Thus, a digital signature can be attributed to an individual beyond any doubt. No one but the holder of the private key can use it. Any change in the document made after the application of the electronic signature would break the electronic seal. The procedure guarantees a high level of security.

In qualified signatures, the key for the personal signature is stored in a chip card. The data cannot be seen by anyone else and therefore not copied and stolen. Similar to a credit card, the card is protected by a four-to-eight-digit PIN to be determined and kept private by the holder. Entering the wrong PIN three times in succession will result in locking the card. Depending on the certification service provider, the card will be irrevocably locked and a new card needs to be issued; or the card may be reactivated using a super PIN (PUK) for a limited number of attempts.

Public and private keys for qualified electronic signatures are generated and issued by the certification service providers (trust centers) accredited with the Federal Network Agency. It is therefore mandatory that the identity of the prospective key holder be established beyond doubt by submitting a valid ID document.


Online Services