FAQ on the digital accreditation symbol Questions and answers

The digital accreditation symbol is the machine-readable equivalent of the existing “graphic” DAkkS accreditation symbol, with the added benefit of being technically verifiable regarding its integrity and authenticity.

It is an electronic seal, i.e. a kind of electronic company stamp. The digital accreditation symbol is machine-readable and can be technically verified worldwide and in real time.

It is based on a digital identity for the conformity assessment body (CAB), which contains accreditation-specific information. This information includes:

• A unique accreditation number for the respective accredited body in the machine-readable, internationally verifiable format AAAAAAA-CC-XX-YYYYY-ZZ-NN (e.g. DAkkS00-DE-PL-12345-01-00)
• A declaration that the body is a conformity assessment body accredited by the national accreditation authority
• The definition of ‘attestation’ in accordance with ISO/IEC 17000:2020
• The restriction to use of the electronic seal for the defined attestations only

The digital accreditation symbol provided by DAkkS serves as the basic infrastructure for all accredited bodies to support the digital transformation of the economy.

The digital accreditation symbol serves the purpose of properly protecting trust in the accreditation statement and its value in the digital environment.

Its technical design offers accredited bodies an additional option to better protect themselves against manipulation or falsification of result reports and certificates in the digital environment, as only original versions feature the digital accreditation symbol, making them tamper-proof and forgery-proof.  

It is therefore a tool for implementing a digital quality infrastructure with entirely digital chains of evidence.

Any accredited body can apply for the digital accreditation symbol.

Accredited CABs can use it to digitally sign their digital attestations (eAttestation) – including for example digital laboratory reports, medical laboratory reports, calibration certificates, inspection reports or certificates – and issue them to their respective clients in tamper-proof form.

An eAttestation is an attestation issued by an accredited body that has been signed with the digital accreditation symbol. This includes for example digital laboratory reports, medical laboratory reports, calibration certificates, inspection reports, certificates etc. signed with the digital accreditation symbol. This ensures that the attestation is technically secure and protected against unauthorised changes or alterations. Integrity and authenticity are guaranteed.

The eAttestation can be issued in various file formats (including PDF and XML) by an accredited body.

For a PDF-based eAttestation, the previous layout approved by DAkkS with the “traditional” graphic accreditation symbol can remain unchanged.

The electronic seal is kind of a digital company stamp. The electronic seal used by DAkkS is defined in Article 3(30) of Regulation (EU) No 910/2014 (eIDAS) and fulfils the requirements applicable under this Regulation. It therefore enables legally compliant and consistent use throughout Europe.

It provides technically secure proof of origin (authenticity of a legal entity) and integrity (protection against unauthorised changes or alteration) of the data and information signed by the legal entity. In case of the digital accreditation symbol, this is the information contained in the eAttestation.  

Proof of authenticity (origin) and integrity (protection against unauthorised changes or alteration) are established through the use of an encryption method – the so-called “public key” method. First, a digital identity is created for the accredited conformity assessment body (CAB). This identity is assigned a unique cryptographic pair of keys with a public and a private key (public key infrastructure: PKI). In use, this is referred to as an electronic seal.

A qualified trust service provider, as defined by eIDAS (Regulation (EU) No 910/2014), is responsible for the production and technical protection of such electronic seals.

The respective digital accreditation symbol is approved by DAkkS as the national accreditation authority prior to the production of the electronic seal.

The accredited CAB can use this seal to apply the digital, machine-readable form of the accreditation symbol to its attestation and thus protect it (eAttestation). This protected file (eAttestation) contains the digital national emblem of DAkkS.

The electronic seal provides third parties verifying it with

1. information on the proven identity of the legal entity (authenticity),
2. certainty of the integrity of the data and
3. confirmation of the validity of the accreditation for the specific accreditation activity (e.g. testing or calibration laboratory, inspection or certification body).

If the check of the electronic seal verifies its validity, the accreditation for this activity is also valid.

Clients of the CAB can also integrate the digital attestation of conformity into their own automated process chain without media discontinuity. This leads to cost-reducing improvements of efficiency.

The digital accreditation symbol opens up another channel for accredited bodies in the digital world. Its use is voluntary and it can be approved for use upon application. The accredited body can then add a digital accreditation symbol to digital files. The digital accreditation symbol is machine-readable and can be read by clients of the CAB.

The digital accreditation symbol is intended primarily for machines and enables automated verification of the accreditation status. It is less suited to human verification.

If the digital accreditation symbol is used on digital documents that are not intended to be machine-readable (e.g. PDF instead of XML), the file must be protected with the digital accreditation symbol in addition to the established graphic accreditation symbol.

The existing layout with the “traditional” graphic accreditation symbol and its approval remain unchanged.

In essence, a trust service provider acts as a notary for the Internet. The trust service provider verifies the identities of individuals, businesses or objects on the Internet. In this context, digital certificates serve as identity documents in the online world.

DAkkS cooperates with the trust service provider D-Trust GmbH. D-Trust GmbH is a wholly owned subsidiary of the Bundesdruckerei Group and a trusted and qualified trust service provider within the EU. D-Trust GmbH acts on the basis of the European eIDAS Regulation (Regulation (EU) No 910/2014) and in accordance with the German Trust Services Act (Vertrauensdienstgesetz, VDG).

For each overall accreditation certificate issued (accreditation activity), the trust service provider (D-Trust) incurs annual expenses of EUR 469 plus VAT per electronic seal for the administration of the CAB’s digital identity. These costs are invoiced to the accredited body as an expense by DAkkS. A partial certificate (certificate annex) forms part of the overall certificate and therefore does not incur any further costs.

In addition, administrative costs are incurred for processing the application at DAkkS. The basis for calculating these additional fees is the German ordinance on fees for accreditation bodies (AkkStelleGebV).

First, check whether the e-mail from D-Trust (sender: csm.noReply@d-Trust.net) ended up in IT quarantine or in the spam folder.

If the e-mails cannot be found there, contact your DAkkS contact person for further information on the procedure. Notify the DAkkS contact person of your preferred e-mail address. DAkkS will check the internal system to ensure that the correct e-mail address has been entered for registration.

If the browser window (in any browser) with the opened CSM portal displays error code 403, a server timeout has occurred due to inactivity.

As with online banking transactions, the system automatically logs you out for security reasons after five minutes of inactivity. All processes must then be restarted from the beginning.

The address is only used to contact the person and is not part of the data encrypted in the electronic seal. The address of the CAB can therefore be entered here if it differs from that of the legal entity.

The CAB is responsible for setting up the revocation passwords. Even though it is technically possible to use the same revocation password for several electronic seals, it is not recommended for security reasons.

If you lose your PIN and/or key material, you have the option of receiving a substitute certificate. The term of duration for the substitute certificate is adjusted to the previous term of the certificate.

For example: you used your certificate for four months before losing your PIN. This means that the substitute certificate is still valid for one year and eight months (remaining term of the total two-year term). There are no costs associated with the issue of the replacement certificate by D-Trust.

In this case, make sure that the electronic seal wasn’t corrupted after the loss of the PIN and/or key material. If you suspect that unauthorised persons gained access to the PIN and/or key material, please deactivate the old electronic seal and apply for a new electronic seal within the CSM.

The revocation process can also be triggered through DAkkS. In this case, please contact your DAkkS contact person for further information on the procedure.

Note: If you did not receive the PIN via the SMS-capable number provided when the certificate was first issued or if there were problems with the delivery of the key material, you can have your seal certificate revoked by D-Trust GmbH within the first 30 days after the seal certificate was first issued at no additional cost and also apply for a new certificate within the CSM.

You can download the seal certificate under “Certificates” in the CSM.

Alternatively, you can try the following procedure:

• If your e-mail program blocks the .cer file when opening it, save it as a (.txt) first.
• After saving the file to the local storage, you can give it the filename extension .cer.

The key material (.p12 file) from the e-mail and entry of the PIN are required for the sealing process.

It is not possible to download the key material in the CSM, as the key material with the .p12 file is only sent by e-mail for security reasons. Additionally, there must be a separation of channels for sending the relevant files.

Two possible solutions can work in this case:

Option 1:
First, try to download the certificate (.cer file) from the CSM and label it as trusted in your certificate storage. Your e-mail inbox may then recognise the key and the .p12 file from the e-mail can be saved and used without further problems.

Option 2:
Try to work around the problem to save from your e-mail inbox (illustrated using the example of Outlook):

• Save the file as .txt
• Rename the file to .p12 at the storage location
• Embed and use the file

Note:
There are several possible solutions. Neither DAkkS nor D-Trust have any influence on the e-mail configurations of the e-mail providers, which is why the possible solutions may vary depending on the program used.

Your options:

• First, please check whether the e-mail from D-Trust (sender: csm.noReply@d-Trust.net) has ended up in IT quarantine or in the spam folder.
• You can check whether a seal certificate is stored with the label “Valid” in the CSM under “Certificates” in the CSM (see the certificate management tab).
• If necessary, report your problem to DAkkS via the DAkkS contact person responsible for the procedure.
  Note: After approval by DAkkS, the key material and the PIN will be sent to you automatically within 30 minutes.
• Within the first 30 days after the initial issue of an electronic seal, the revocation of electronic seals and reissue by D-Trust is free of charge.

Note:
Within the first 30 days after the initial issue of an electronic seal, the revocation of electronic seals and reissue by D-Trust is free of charge.

The choice of mobile phone number is the responsibility of the CAB and must be taken within the framework of the applicable company regulations. DAkkS recommends the use of company-owned devices for receiving the PIN.

It is not possible to add an additional mobile phone number in the CSM. See whether automatic forwarding after receiving the SMS is an option for you.

Please check whether you have entered the correct mobile phone number in the application for the electronic seal certificate within the CSM. If the entries are correct and the SMS still does not arrive, you will need to apply for a substitute certificate or revoke the electronic seal and apply for a new one.

Note:
Within the first 30 days after initial issue of the electronic seal, the revocation of electronic seals and reissue is free of charge.