Germany's Country Verifying Certificate Authority (CVCA) is operated by the Federal Office for Information Security. This CVCA regularly generates the German root certificates whose private keys are used to sign Document Verifier (DV) certificates, which in turn authorise DV instances to verify documents.

DV instances are responsible for issuing certificates that authorise their recipients to read electronic identity documents. These certificates include individual read authorisations (i.e. they specify which information may be obtained from identity documents). Such authorisations are verified by the RF chip of the electronic identity document at hand during Terminal Authentication.

Authorisation certificates for German electronic passports are only issued to the relevant supervisory authorities (e.g. Germany's Federal Police) and registration authorities (to enable citizens to check that the information on their passports is correct). These certificates are required to read fingerprint data.

For German electronic ID cards, there are different variations of authorisation certificates. These pertain to sovereign functions that are only available to supervisory and registration authorities, for example, or to the eID function, which can be used in e-government services and e-commerce (further information on these possibilities is available under Electronic ID Cards).

In the case of both types of electronic identity document, authorisation certificates also need to be issued to the supervisory authorities of other nations that are entitled to access the fingerprint data on electronic passports or the sovereign functions of electronic ID cards. This authorisation is granted separately to each nation.

Every authorisation certificate only provides read authorisation for the data that is absolutely required in the case at hand. The operator of a forum for people aged 18 and over, for example, would only be authorised to access a person's date of birth (or even just the age verification feature; see Electronic ID Cards) because further information, such as a person's place of residence, would not be necessary.