During the height of the Corona pandemic, many companies and public institutions were forced to enable their employees to work from home and to further digitalise their business processes. This also resulted in a need for the digitalisation of administrative processes, such as elections of work councils, equal opportunity commissioners or board members. Many companies are therefore currently entering the market for online elections with new products.
This raises a number of questions for those responsible for elections: Which product is suitable for use? How will it be integrated? What needs to be considered in addition to the selection of a suitable product?

BSI projects on online elections

The BSI is working in various projects on assistances and IT security specifications for online elections.

Market and vulnerability analysis of online voting products

In the project "Market and Vulnerability Analysis of Online Voting Products (MaSiOWa)", a comprehensive market and security analysis of currently available online voting products is being conducted. The result of this analysis is to be a detailed situation report on the state of IT security in this area. The project is expected to be completed in Q4 2022. The results will then be incorporated into the Technical Guidelines and Protection Profiles on the subject.

TR-03162

With TR-03162 "IT security requirements for the implementation of an online election within the framework of the model project according to § 194a Fünftes Buch Sozialgesetzbuch (Online-Wahl)", the BSI has created IT security requirements for the model project Online Social Elections 2023. However, these requirements are tailored to the model project in such a way that transferability to other elections is only possible to a limited extent.

Protection profile for online election products

The BSI is therefore working on a new protection profile according to Common Criteria (CC profiles) for online election products. This is expected to be completed by Q1 2023. The first certified products are expected in 2023.

TR-03169

In addition, the BSI is developing TR-03169, "IT Security Requirements for Conducting an Electronic Election", a technical guideline that addresses election officials and formulates requirements, for example, for the operating environment. Furthermore, TR-03169 will contain samples and templates for risk analysis and the assesment of the demand of security. The Technical Guideline is expected to be published by Q1 2023.

Both the Protection Profile and TR-03169 are intended for non-political elections and voting and thus also replace parts of the ViVA papers.

Exchange forum on the topic of online

The BSI invites all experts to participate in commenting on the protection profile and TR-03169. An exchange forum is to be set up for this purpose. Within this framework, it is planned to send out information on the current status of the planned and already prepared documents as well as workshops to exchange information on current developments in the area of online elections.
Interested experts can send their comments to the BSI and other stakeholders interested in the topic of online elections. To do so, send us an e-mail at online-wahlen@bsi.bund.de.