Apply for a voluntary IT security label

Source: Serviceportal Rheinland-Pfalz

As a manufacturer or service provider in the IT sector, you can label your products with the IT security mark of the Federal Office for Information Security (BSI). You must submit an application for this.

You can apply for an IT security label within the product categories published by the BSI, for example for

Broadband routers
e-mail services
Smart consumer devices, for example
- smart television
- smart cameras
- smart speakers
- smart toys
- smart cleaning and garden robots
video conferencing services
Mobile devices, for example smartphones and tablets
smart security technology, for example smart alarm systems, smart motion sensors or smart smoke detectors

With the BSI product label, you as a manufacturer and service provider have the opportunity to make the IT security features of your products transparent and thus stand out on the market. This gives consumers guidance when they buy IT products. This allows them to take cyber security aspects into account when making their purchase decision.

To obtain an IT security label, you must submit an application to the BSI. The application is voluntary. With the IT security mark, you show that your products meet certain security standards that have been issued or recognized by the BSI.

The IT security mark essentially consists of

an assurance from your company that your product or service meets certain IT security requirements for a specified period of time (manufacturer's declaration)
a BSI product information page with up-to-date security information; this informs consumers about the IT security features of your product or service

If you receive approval from the BSI, use the IT security label on the product, packaging or online.

The BSI market surveillance authority can check whether your product actually fulfills the requirements for the IT security label on a random basis or on an ad hoc basis.

If the BSI identifies a deviation or security gap, you will be contacted. You will then be given the opportunity to rectify the identified deficiencies or security gaps. If the security gap is not rectified or is particularly critical, the BSI may also take the following steps:

publish security information on the product information page
revoke the release of the IT security label

In principle, IT security labels are issued for 2 years. The BSI can specify a different duration for individual product categories. An extension of the IT security label can be applied for before the term expires. As soon as the term has expired, the approval of the IT security label is terminated.

The BSI concludes mutual recognition agreements with foreign state labels. These agreements make it possible to issue the mark in a simplified procedure.

You can apply to use the IT security label for your product or service online via the federal portal or in writing by email or post.

Apply for the IT security label online:

First check whether your product meets the security requirements of the relevant product category.
Go to the federal portal and complete the online application.
Upload the documents required for the respective product category and specified in the application.
Send the application to the Federal Office for Information Security (BSI) via the federal portal.
The BSI will check your application for completeness and request additional documents if necessary.
As soon as all documents have been submitted, you will receive a confirmation of receipt from the BSI.
The BSI will check the plausibility of the information and documents you have submitted.
Before the IT security label is approved, you will receive a notification of fees.
Once you have paid the administrative fee, the BSI will issue you with the final approval of the IT security label in the form of an approval notice.
With the approval notice, the respective product information page is published and the individual IT security label is made available.
If the BSI considers rejecting the IT security label during the application review, you can comment on this before the decision is made.

Apply for the IT security label by e-mail and post:

First check whether your product meets the security requirements of the relevant product category.
Go to the BSI website and download the application for the IT security label for your product category.
Complete the application on your computer and save the application without signing it.
Send the application with the other required documents by e-mail.
Print out the complete application documents without product images and sign the application.
Send the application and the associated documents to the BSI by post.
The next steps are identical to the online procedure.

The approval of the Federal Office for Information Security (BSI) expires after 2 years.

You have the option of lodging an objection within 4 weeks of notification of the decision.

You can apply for the extension of a product with a valid IT security mark at the earliest 3 months and at the latest 6 weeks before the expiry date. If an IT security specification applicable to the relevant product category is changed or declared invalid, you must update your manufacturer's declaration with a valid test basis. Otherwise the approval expires after a period of 6 weeks.

Apply for a voluntary IT security label

Process flow

Requirements

Which documents are required?

What are the fees?

What deadlines do I have to pay attention to?

Processing duration

Legal basis

Applications / forms

What else should I know?

Weiterführende Informationen

Translation note