The Federal Office for Information Security (BSI) holds the certificates of the root certification authority (root) of the Smart Metering Public Key Infrastructure (SM-PKI) and is thus responsible for the Smart Metering PKI Root Certificate Authority (SM-PKI-Root-CA).

The SM-PKI-Root-CA forms the trust anchor of the SM-PKI. The task of the SM-PKI is to secure communication in the WAN infrastructure of the smart meter gateways (SMGW). The certificates from the SM-PKI are used in particular for the mutual authentication of the communication partners in the infrastructure. Communication always takes place via an encrypted and integrity-secured channel. In addition, data from an SMGW is signed before transmission for integrity assurance and encrypted to ensure data protection for the end recipient.

The operation of the root is carried out by a certification service provider for the BSI.

All information on the operation of the root, in particular on participation in the SM-PKI, is available on the pages of the commissioned certification service provider.

Test systems for (-beta and -test)

In addition to the SM-PKI, a Smart Metering Beta PKI (SM-Beta-PKI) and a Smart Metering Test PKI (SM-Test-PKI), each with a root and a sub CA, are provided for the performance of tests.

All information on the operation and use of the test systems is available on the pages of the certification service provider commissioned for this purpose.

The SM-Beta-PKI serves as a basis for tests and demonstrations in the areas of research and development. The certificates issued are technically compliant with the specifications (TR03109-4 and SM-PKI policy). Further developments of these specifications are first tested in the SM-Beta-PKI. In contrast to the SM-Test-PKI, test cases are also made possible that violate the specifications, e.g. in the area of certificate runtimes.
Further information on the SM-Beta-PKI can be found in the related Smart Metering Beta

The SM-Test-PKI is used in particular for the development and testing of prototypes of smart meter gateways and associated infrastructure components under real functional conditions. In addition, the future operators as well as the other participants can verify the technical compatibility of their systems with the SM-PKI. This can be used to ensure a smooth start to operation.
Further information on the SM-Test-PKI can be found in the related Smart Metering Test PKI

Certificate Policy

The certificate policy of the Smart Metering PKI defines the conditions under which certificates are issued in the SM-PKI. Overall, the certificate policy defines organisational and technical requirements for the recognition, issuing, management, use, withdrawal and renewal of certificates for communication in the infrastructure of the smart metering gateways.
Download: Certificate Policy: Zertifizierungsrichtlinie für die Smart Metering PKI, Version 1.1.2

Download: Key Lifecycle Security Requirements, Version 1.0.3

Change Log

A change log is provided for each of the SM-PKI, SM-Test-PKI and SM-Beta-PKI. These documents contain clarifications, corrections and supplementary information regarding the currently valid specifications and their implementation in the root systems.  They are updated as required. The change logs can be downloaded from the download area of the operation.