List of Abbreviations

This glossary explains the key terms related to crypto securities, crypto custody, and the ecrop platform. It is intended to improve understanding of the documentation and enable all users to quickly grasp the meaning of the terms used. The definitions have been carefully researched and are based on recognized sources, including the attached reference books.

AML (Anti-Money Laundering): Measures to prevent money laundering and terrorist financing. ecrop GmbH complies with the requirements of the GwG (Anti-Money Laundering Act) and implements various AML processes and controls.
Apparent Right (Rechtsschein): The appearance of a right, which may not actually exist, but can create legal consequences.
API (Application Programming Interface): An interface that enables programmatic access to the functions of a system. The ecrop platform offers a REST API for accessing the crypto securities register and the crypto custody services.
Articles of Association/Bylaws (Satzung): The legal document that defines the rules and regulations governing a company’s operations.
Asset: Any resource of value to a company. In the context of ecrop, assets are digital securities, cryptocurrencies, and the associated private keys.
Asset Register (Assetregister): A systematic record of all assets within the information network, including their properties, dependencies, and security requirements.
Availability (Verfügbarkeit): The degree to which a system, service, or resource is operational and accessible when required for use.
AWS (Amazon Web Services): A cloud provider used by ecrop for operating its IT infrastructure.

BAIT (Bankaufsichtliche Anforderungen an die IT): A set of regulatory requirements from BaFin that define the requirements for IT systems of financial institutions. ecrop GmbH complies with the requirements of BAIT.
BCP (Business Continuity Planning): A process to ensure business continuity in the event of major disruptions or disasters.
BESU: An open-source Ethereum client developed by the Hyperledger Foundation. ecrop GmbH uses Hyperledger Besu as the basis for its recording system.
BIA (Business Impact Analysis): A systematic analysis that examines the impact of business disruptions on a company’s business processes.
Blockchain: A decentralized, distributed database that stores transactions in blocks. Each block is linked to the previous block and secured using cryptography. ecrop GmbH uses a private permissioned blockchain for the crypto securities register.
BSI (Bundesamt für Sicherheit in der Informationstechnik): The German Federal Office for Information Security. ecrop GmbH adheres to the recommendations of the BSI.
Bug Bounty Program: A program that offers financial rewards to security researchers for finding and reporting security vulnerabilities.

Capacity Management (Kapazitätsmanagement): The planning and control of IT capacity to meet business requirements.
Cascade Effect (Kaskadeneffekt): The propagation of a security incident or disruption to other systems or processes.
Central Securities Depository (Zentralverwahrer): An institution that holds securities in electronic form on behalf of its clients. Clearstream Banking AG is the central securities depository in Germany.
Certification (Zertifizierung): Formal confirmation that a company or system meets certain standards.
Custodian (Verwahrer): A financial institution that holds and safeguards assets on behalf of its clients.
Change Management: A process for planning, assessing, approving, and implementing changes to IT systems.
Choice of Law (Rechtswahl): The selection of which jurisdiction’s law will govern a legal dispute or transaction.
CI/CD (Continuous Integration/Continuous Deployment): A method for automating software development and deployment processes.
Circular (BaFin) (Rundschreiben (BaFin)): Publications by BaFin that specify supervisory practices and requirements for financial institutions.
Cloud Computing: The provision of IT resources (e.g., servers, storage, software) over the internet. ecrop GmbH utilizes cloud services from AWS.
CM (Configuration Management): A systematic process for managing and controlling the configuration of all IT systems and applications.
Cold Storage: The offline storage of private keys to protect them from unauthorized access.
Compliance: Adherence to laws, regulations, and internal policies. ecrop GmbH places great importance on compliance and has implemented a comprehensive compliance program.
Compliance Review (Regelprüfung): The regular review of compliance with rules and regulations.
Consensus Mechanism (Blockchain) (Konsensmechanismus): A fault-tolerant mechanism used in computer and blockchain systems to achieve the necessary agreement on a single data value or a single state of the network among distributed processes or multi-agent systems.
Consortium Agreement (Konsortialvertrag): A contract between multiple parties who join forces to achieve a common goal.
Control: A measure implemented to mitigate risk.
Contingency Plan (Notfallplan): A detailed plan that defines the measures for handling an emergency.
Crowdfunding (Schwarmfinanzierung): A method of raising capital through the collective effort of friends, family, customers, and individual investors.
Crypto Agility (Krypto-Agilität): The ability to quickly adapt to new cryptographic methods as needed.
Crypto Asset (Krypto-Asset): A digital representation of value or a right that can be digitally traded, or transferred and stored electronically, using distributed ledger technology (DLT) or similar technology.
Crypto Share (Kryptoaktie): A registered share that is recorded as a crypto security in the crypto securities register.
Cryptography (Kryptografie): The practice and study of techniques for secure communication in the presence of adversarial behavior. ecrop GmbH uses strong cryptographic algorithms to ensure the security of crypto shares and private keys.
Crypto Custodian (Kryptoverwahrer): A company that offers custody services for crypto assets. ecrop GmbH is a regulated crypto custodian and is subject to the requirements of the KWG.
Crypto Custody Business (Kryptoverwahrgeschäft): The safekeeping, administration, and security of crypto assets for others.
Crypto Securities Register (Kryptowertpapierregister): A register that manages crypto securities. ecrop GmbH operates a crypto securities register based on a private permissioned blockchain.
Crypto Securities Registrar (Kryptowertpapierregisterführer): A company that maintains a crypto securities register. ecrop GmbH is a licensed (grandfathering; final license pending) crypto securities registrar.
Crypto Custody (Kryptowerteverwahrung): The safekeeping, administration, and security of crypto assets for others. ecrop GmbH offers crypto custody services to institutional and professional clients.
CSPRNG (Cryptographically Secure Random Number Generator): A random number generator suitable for cryptographic applications.
CSDR (Central Securities Depositories Regulation): The EU regulation on central securities depositories.
Currency (Währung): A generally accepted form of money, including coins and paper notes, which is issued by a government and circulated within an economy.
Custody: The safekeeping and administration of assets for others. ecrop GmbH offers custody services for crypto assets to institutional and professional clients.

DAO (Decentralized Autonomous Organization): An organization governed by rules encoded as smart contracts on a blockchain.
Database (Datenbank): A system for structured data storage. ecrop GmbH uses a relational database (PostgreSQL) for storing off-chain data.
DeFi (Decentralized Finance): An ecosystem of decentralized financial applications built on blockchain technology.
Delegation (Staking): The process of assigning voting rights to a validator in a Proof-of-Stake consensus mechanism.
Denial-of-Service Attack (DoS) (Denial-of-Service-Angriff): A cyberattack that floods a server or network with requests to overwhelm it and prevent legitimate users from accessing it.
DepotG (German Securities Deposit Act) (Depotgesetz): Regulates the safekeeping and transfer of securities.
DevOps: A set of practices that combines software development (Dev) and IT operations (Ops) to shorten the systems development life cycle and provide continuous delivery with high software quality.
DEX (Decentralized Exchange): A decentralized exchange for trading cryptocurrencies.
DLT (Distributed Ledger Technology): A technology for decentralized and secure data storage. ecrop GmbH uses DLT for the crypto securities register.
DLT Pilot Regime: An EU pilot project designed to test the tradability of securities using DLT.
DNS (Domain Name System): A system for translating domain names into IP addresses.
Draft Bill (Referentenentwurf): A preliminary draft of a law prepared by a ministry.
DRY (Don’t Repeat Yourself): A software development principle aimed at reducing repetition of information of all kinds, especially logic in code.
Due Diligence: A comprehensive appraisal of a business undertaken by a prospective buyer, especially to establish its assets and liabilities and evaluate its commercial potential.

ECDSA (Elliptic Curve Digital Signature Algorithm): A cryptographic algorithm used for digital signatures.
ECDH (Elliptic Curve Diffie-Hellman): A key agreement protocol that allows two parties to establish a shared secret over an insecure channel.
Effektengiro: A system for the electronic custody and transfer of securities. (Similar to a securities account.)
Enterprise Layer: An additional software layer that extends blockchain technology for use in enterprise environments.
ERC-1404: A token standard for security tokens on the Ethereum blockchain.
ERC-20: A token standard for fungible tokens on the Ethereum blockchain.
ERC-721: A token standard for non-fungible tokens (NFTs) on the Ethereum blockchain.
ES (Expected Shortfall): A risk measure that quantifies the expected loss given that a certain confidence level has been breached.
Escalation: The process of forwarding a problem or incident to a higher level within an organization.
Ethereum: A decentralized platform for executing smart contracts and decentralized applications (dApps). ecrop GmbH utilizes the Ethereum blockchain for the crypto securities register.
Exit Strategy: A plan for terminating an outsourcing agreement or a business relationship with a service provider.

FIU (Financial Intelligence Unit): The central agency responsible for receiving, analyzing, and disseminating disclosures of financial information concerning suspected proceeds of crime and potential financing of terrorism.
Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Fork (Blockchain): A divergence in the blockchain ledger that occurs when two or more nodes create a new block simultaneously.
Four-Eyes Principle (Vier-Augen-Prinzip): A control mechanism that requires two individuals to independently review and approve a transaction or action.
Fractional Ownership: Joint ownership of an asset, such as real estate or artwork, through the issuance of tokens.
Frontend: The user interface of an application. The frontend of the ecrop platform provides access to the crypto securities register and crypto custody services.
Full Node: A node in the blockchain network that stores a complete copy of the blockchain and validates all transactions.
Fungibility (Umlauffähigkeit): The property of an asset whose individual units are essentially interchangeable.

Gas (Ethereum): A unit of computational effort required to execute specific operations on the Ethereum network. It is used to measure the amount of resources required to perform actions on the blockchain.
Gas Fee: The fee paid to miners for processing transactions and executing smart contracts on the Ethereum network. It is denominated in Gas and paid in ETH.
Gas Limit: The maximum amount of gas a user is willing to spend on a transaction. This prevents runaway transactions that consume excessive resources.
Gas Price: The price per unit of gas that a user is willing to pay. A higher gas price typically results in faster transaction processing.
GDPR (General Data Protection Regulation) (DSGVO - Datenschutz-Grundverordnung): The EU data protection regulation.
Geth: The official implementation of the Ethereum client written in Go.
Git: A distributed version control system used for software development.
GitHub: A web-based hosting service for version control using Git. It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features.
Gitflow: A branching model for Git that facilitates collaboration on software projects.
GoBD (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff): Principles of Orderly Accounting and Storage of Books, Records and Documents in Electronic Form and Data Access. A set of regulations in Germany governing electronic accounting and data retention.
Governance: The system of rules, practices, and processes by which a company is directed and controlled.
Government Draft (Regierungsentwurf): A draft of a law approved by the government.
GraphQL: A query language for APIs and a runtime for fulfilling those queries with your existing data.
gRPC: A high-performance, open-source universal RPC framework.
GuardDuty (AWS): A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
GwG (Geldwäschegesetz - Anti-Money Laundering Act): The German Anti-Money Laundering Act, regulating the prevention of money laundering and terrorist financing.

HSM (Hardware Security Module): A physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. HSMs traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
HTTPS (Hypertext Transfer Protocol Secure): A secure protocol for data transmission over the internet.
Hyperledger Besu: An open-source Ethereum client developed by the Hyperledger Foundation. ecrop GmbH uses Hyperledger Besu as the basis for its recording system.

IaC (Infrastructure as Code): The management and automation of IT infrastructure through code.
IAM (Identity and Access Management - AWS): A service from AWS that enables you to manage access to AWS resources securely.
Immutability (Unveränderlichkeit): The property of data that cannot be changed after it has been created.
Incident: An event that disrupts normal operations of a system or application.
Incident Response: The process for handling security incidents and disruptions.
Insider: An individual within an organization who has access to confidential information or systems.
Integrity: The accuracy and consistency of data.
Intermediary: An entity that acts as a middleman between two parties, e.g., a bank or broker.
IPFS (InterPlanetary File System): A peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files.
ISO (Informationssicherheitsbeauftragter - Information Security Officer): Responsible for the information security of a company.
ISRM (Informationssicherheits- und Risikomanagement - Information Security and Risk Management): The department within ecrop GmbH responsible for information security and risk management.
IT Operations (IT-Betrieb): The department within ecrop GmbH responsible for the operation and maintenance of the IT infrastructure.
ITIL (Information Technology Infrastructure Library): A set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.
Issuer (Emittent): An entity that issues crypto securities.

Jira: A software tool for project management, issue tracking, and team collaboration.
JSON (JavaScript Object Notation): A lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and generate.
JWT (JSON Web Token): An open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

KEK (Key Encryption Key): A key used to encrypt other keys.
Key Management (Schlüsselmanagement): The process of generating, storing, distributing, and rotating cryptographic keys.
Key Rotation (Schlüsselrotation): The periodic changing of cryptographic keys to minimize the risk of compromise.
KMS (Key Management Service - AWS): A cloud-based service from AWS for managing cryptographic keys.
Know Your Customer (KYC): The process of identifying and verifying the identity of clients.
KPI (Key Performance Indicator): A quantifiable measure used to evaluate the success of an organization, employee, etc. in meeting objectives for performance.
KWG (Kreditwesengesetz - German Banking Act): Regulates the activities of credit institutions in Germany. ecrop GmbH is a financial services institution and is subject to the requirements of the KWG.
KryptoWTransferV (Kryptowertetransferverordnung - German Crypto Asset Transfer Regulation): Regulates the transfer of crypto assets.
Kryptowertpapier: A digital security based on blockchain technology. ecrop GmbH offers the issuance and trading of crypto securities.
Kubernetes: An open-source platform for automating the deployment, scaling, and management of containerized applications.
KYC/AML (Know Your Customer/Anti-Money Laundering): The process of identifying and verifying the identity of clients and preventing money laundering and terrorist financing.
KWG (Kreditwesengesetz - German Banking Act): Regulates the activities of credit institutions in Germany. ecrop GmbH is a financial services institution and is subject to the requirements of the KWG.

Ledger (Blockchain): A digital record of transactions on a blockchain.
LEI (Legal Entity Identifier): A unique global identifier for legal entities.
Liquidity: The ability to quickly and easily convert an asset into cash.
Live Migration: The process of moving a running virtual machine or application from one physical server to another with minimal downtime.
Load Balancer: A device that distributes network traffic across multiple servers to improve availability and performance.
Loss Potential (Schadenspotenzial): The potential damage that can occur if a risk event happens.

MAR (Market Abuse Regulation): An EU regulation that prohibits insider dealing, unlawful disclosure of inside information, and market manipulation.
MaRisk (Mindestanforderungen an das Risikomanagement - Minimum Requirements for Risk Management): A set of regulatory requirements from BaFin that define the minimum requirements for risk management of financial institutions. ecrop GmbH complies with the requirements of MaRisk.
MDM (Mobile Device Management): Software for managing and securing mobile devices.
Multiple Voting Share (Mehrstimmrechtsaktie): A share that grants more than one vote per share. The permissibility of multiple voting shares is regulated by the ZuFinG (German Financial Markets Supervision Act).
MFA (Multi-Factor Authentication): An authentication method that requires the user to provide two or more verification factors to gain access to a resource.
MiCA (Markets in Crypto-Assets Regulation): An EU regulation on markets in crypto-assets.
MiFID II (Markets in Financial Instruments Directive II): An EU directive on markets in financial instruments.
Monitoring: The continuous observation of systems, applications, and processes to detect anomalies and security incidents early on.
MTF (Multilateral Trading Facility): A self-regulated financial trading venue operating similarly to a traditional exchange but with fewer regulatory restrictions.
Multi-Signature Wallet: A cryptocurrency wallet that requires multiple private keys to authorize a transaction.

Negotiable Instrument (Orderpapier): A signed document that promises a sum of payment to a specified person or the assignee.
Nominal Value (Nennbetrag): The face value of a security, such as a share or bond.
Node (Blockchain): A computer or device connected to a blockchain network that stores and relays transaction data.
Emergency Management (Notfallmanagement): The planning and preparation for emergencies and disruptions to ensure business continuity.
NFT (Non-Fungible Token): A unique and non-interchangeable unit of data stored on a digital ledger (blockchain).
Network Segmentation (Netzwerksegmentierung): The process of dividing a computer network into smaller, isolated segments to improve security.
Nonce: An arbitrary number used only once in cryptographic communication to prevent replay attacks.

OAuth: An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OFAC (Office of Foreign Assets Control): A U.S. Department of the Treasury agency that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy, or economy of the United States.
Omnibus Wallet: A cryptocurrency wallet where the funds of multiple users are held together. ecrop GmbH does not use omnibus wallets.
Onboarding: The process of integrating new clients or users onto a platform or service.
OpenAPI (Swagger): A specification for machine-readable interface files for describing, producing, consuming, and visualizing RESTful web services.
Operational Risks: Risks that arise from inadequate or failed internal processes, people and systems, or from external events.
OTC (Over-the-Counter): Trading of securities outside of a regulated exchange.
Outsourcing (Auslagerung): The transfer of business activities to an external service provider. ecrop GmbH outsources certain functions, such as software development and parts of its IT infrastructure.
Owner Wallet: A cryptocurrency wallet that holds the private keys controlling the user’s crypto assets.
OWASP (Open Web Application Security Project): An online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

PaaS (Platform as a Service): A cloud computing model where a third-party provider delivers hardware and software tools — usually those needed for application development — to users over the internet.
Patch Management: The process of managing and installing software updates and security patches.
Peer-to-Peer (P2P): A decentralized network architecture where participants (nodes) communicate directly with each other, without relying on a central server.
Penetration Test: A simulated cyberattack against your computer system to check for exploitable vulnerabilities.
PEP (Politically Exposed Person): An individual who is or has been entrusted with a prominent public function.
PIR (Post Implementation Review): A formal assessment of a project after it has been completed to identify lessons learned and improve future projects.
PoA (Proof-of-Authority): A consensus mechanism in which a limited number of validators are authorized to create blocks.
PoW (Proof-of-Work): A consensus mechanism that requires participants to solve complex mathematical problems to validate transactions and create new blocks.
Private Key: A secret cryptographic key used to sign transactions and access crypto assets.
Private Permissioned Blockchain: A blockchain network where access and participation are restricted to authorized entities.
Probability of Occurrence (Eintrittswahrscheinlichkeit): The likelihood of a risk event occurring.
Prospectus Regulation (Prospektverordnung): An EU regulation that governs the information to be included in a prospectus when securities are offered to the public or admitted to trading on a regulated market.
Protocol (Netzwerkprotokoll): A set of rules and conventions that govern data transmission over a network.
Proxy (Stimmrechtsvollmacht): The authorization given by a shareholder to another person to vote on their behalf at a company’s general meeting.
Public Key: A cryptographic key that is paired with a private key and used to verify digital signatures and encrypt data.
Pylint: A source-code, bug and quality checker for the Python programming language.
Probability of Occurrence (Eintrittswahrscheinlichkeit): The likelihood of a risk event occurring.

QBFT (Quorum Byzantine Fault Tolerance): A consensus mechanism used by Hyperledger Besu.
QUIC: A modern transport protocol designed for faster and more reliable communication over the internet.

RBAC (Role-Based Access Control): A method of regulating access to computer or network resources based on the roles of individual users within your organization.
RDBMS (Relational Database Management System): A database management system (DBMS) that is based on the relational model.
React: A JavaScript library for building user interfaces.
Recovery Plan (WHP - Wiederherstellungsplan): A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
Registered Share in Central Registry (Zentralregisteraktie): An electronic share held in a central register.
Regulatory Disclosure (Regelpublizität): The obligation to publish certain information in capital market law.
Regulatory Density (Regelungsdichte): The degree of regulation in a specific area.
Regression Test: A type of software testing that ensures that previously developed and tested software still performs after a change.
Replication: The copying of data to multiple systems to improve availability and fault tolerance.
Reporting: _The process of creating and distributing reports on the status and performance of a system or process. A system for reporting security incidents and other events.
REST (Representational State Transfer): An architectural style for web services based on HTTP methods.
Residual Risk: The risk that remains after risk mitigation measures have been implemented.
Risk: The possibility of suffering harm or loss.
Risk Analysis (Risikoanalyse): The process of identifying, assessing, and treating risks.
Risk Appetite (Risikoappetit): The level of risk a company is willing to accept.
Risk Assessment (Risikobeurteilung): The evaluation of the likelihood and potential impact of risks.
Risk Coverage Potential (Risikodeckungspotenzial): The resources available to a company to cover potential losses.
Risk Management (Risikomanagement): The process of identifying, assessing, controlling, and monitoring risks.
Risk Matrix (Risikomatrix): A matrix used to visualize and categorize risks based on their likelihood and impact.
Risk Control (Risikosteuerung): The implementation of measures to reduce or avoid risks.
Risk Tolerance (Risikotoleranz): The maximum level of risk a company is willing to accept.
RPO (Recovery Point Objective): The maximum acceptable amount of data loss in the event of a disaster.
RTO (Recovery Time Objective): The maximum acceptable downtime for a system or process in the event of a disaster.
RBAC (Role-Based Access Control): A method of regulating access to computer or network resources based on the roles of individual users within an organization.

SaaS (Software as a Service): A cloud computing model where a third-party provider hosts applications and makes them available to users over the internet.
Sanctions Lists (Sanktionslisten): Lists of individuals or organizations subject to sanctions.
Supervisory Authority (BaFin) (Aufsichtsbehörde (BaFin)): The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht - BaFin) is the competent supervisory authority for financial services institutions in Germany. It monitors compliance with legal and regulatory requirements.
Self-Custody (Eigenverwahrung): The practice of holding your own private keys and managing your own crypto assets, without relying on a third-party custodian.
Scrum: An agile framework for managing and completing complex projects.
SDLC (Software Development Lifecycle): The entire process of planning, creating, testing, and deploying software.
SEC (Securities and Exchange Commission): The U.S. agency responsible for enforcing federal securities laws and regulating the securities industry.
Security Token: A digital token that represents ownership of an asset, such as a security or other financial instrument.
SemVer (Semantic Versioning): A standard for software versioning that uses a three-part version number (major.minor.patch).
Session Key: A temporary encryption key used for a single session or communication.
SFTP (Secure File Transfer Protocol): A secure file transfer protocol that provides encryption and authentication.
SHA-256 (Secure Hash Algorithm 256-bit): A cryptographic hash function that produces a 256-bit hash value.
Share (Aktie): A security that represents a share in the capital stock of a public limited company (AG). Shareholders have various rights, such as voting rights at the general meeting and the right to receive dividends (§ 1 AktG).
Shamir’s Secret Sharing: A cryptographic algorithm used to divide a secret into multiple parts, called shares.
SIEM (Security Information and Event Management): A system for collecting, storing, and analyzing security information from various sources.
Signer Wallet: A cryptocurrency wallet used for signing transactions.
Single Point of Failure: A component of a system whose failure can cause the entire system to fail.
SLA (Service Level Agreement): An agreement between a service provider and a client that defines the expected level of service.
Slashing: A penalty imposed on a validator in a Proof-of-Stake blockchain for misbehavior.
Smart Contract: A self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code.
Smart Meter Gateway (SMGW): A central communication unit in a smart metering system.
SMS (Short Message Service): A text messaging service component of phone, web, or mobile communication systems.
SMTP (Simple Mail Transfer Protocol): A standard protocol for sending emails.
SoA (Statement of Applicability): A document that describes the applicability of security controls within an organization’s information security management system (ISMS).
Solidity: A programming language used for writing smart contracts on the Ethereum blockchain.
SPAC (Special Purpose Acquisition Company) (Börsenmantelaktiengesellschaft): A shell company created to raise capital through an initial public offering (IPO) and then acquire a private company.
SSH (Secure Shell): A cryptographic network protocol for operating network services securely over an unsecured network.
SSL (Secure Sockets Layer): A deprecated cryptographic protocol designed to provide communications security over a computer network. Replaced by TLS.
Staking: The process of locking up crypto assets to support the operations of a blockchain network and earn rewards.
Sample Check (Stichprobenkontrolle): A method of quality control where a random sample of items is inspected.
Structured Financial Products (Strukturierte Finanzprodukte): Financial instruments that combine various financial components, such as derivatives, to create a specific investment return profile.
Subcontractor (Subunternehmer): A company or individual hired by a contractor to perform part of the contractor’s work.
Sunset Clause: A clause in a contract that specifies a date or event after which the contract will terminate.
Symmetric Encryption (Symmetrische Verschlüsselung): A method of encryption where the same key is used for both encryption and decryption.
System Audit (Systemaudit): An examination of a company’s IT systems and processes to assess security and compliance.
System Owner (Systemeigentümer): The individual or department responsible for the operation and security of an IT system.
System Log (Systemprotokoll): A file that records events and activities within a system.

Test Coverage: A measure used to describe the degree to which the source code of a program is executed when a particular test suite runs.
Test Data: Data used to test software or systems.
Test Environment: An environment used for testing software or systems.
TLS (Transport Layer Security): A cryptographic protocol designed to provide communications security over a computer network.
Token: A digital representation of a value or right that can be stored on a blockchain.
Tokenization: The process of converting assets into digital tokens.
Tokenomics: The economic and technical aspects of a token system.
Transaction: A transfer of crypto assets or other data on the blockchain.
Transaction Hash: A unique identifier for a transaction on the blockchain.
Trust Model (Treuhandmodell): A model in which a trustee manages assets on behalf of a third party.
TUF (Testumgebung für Software - Software Test Environment): An environment used for testing software.
Two-Factor Authentication (2FA) (Zweifaktor-Authentifizierung): An authentication method that requires the user to provide two different factors to verify their identity.

Unstaking: The process of withdrawing staked crypto assets from a staking pool.
Uplisting: The movement of a stock from a junior exchange to a major exchange.
USB Flash Drive (USB-Stick): A portable storage device that uses flash memory and is connected via USB.
UPS (Uninterruptible Power Supply) (USV): A device that provides emergency power to a load when the input power source or mains power fails.
UAT (User Acceptance Test): A type of testing performed by end users to verify that a system meets their requirements.

Value Added Tax (VAT) (Umsatzsteuer): A consumption tax placed on a product whenever value is added at each stage of the supply chain, from production to the point of sale.
Validators (Blockchain): Nodes in a blockchain network that validate transactions and create new blocks.
Validation: The process of checking the validity of transactions or data.
Verification: The process of confirming the truth or accuracy of something.
VermAnlG (Vermögensanlagengesetz - German Investment Act): Regulates the public offering of investments in Germany.
VLAN (Virtual Local Area Network): A logical network that is segmented from other networks on the same physical infrastructure.
VPC (Virtual Private Cloud): A logically isolated section of the cloud where you can launch AWS resources in a virtual network that you define.
VPN (Virtual Private Network): A secure, encrypted connection over a public network that provides increased security and privacy.
Vulnerability (Schwachstelle): A weakness in a system or process that can be exploited by a threat.
Vulnerability Scan (Schwachstellen-Scan): An automated scan of systems and applications to identify security vulnerabilities.
Voting Right (Stimmrecht): The right of a shareholder to vote at a company’s general meeting.
Voting Share (Stimmrechtsaktie): A share that carries voting rights.

WAF (Web Application Firewall): A security tool that protects web applications from malicious attacks.
Wallet: A software or hardware device used to store cryptocurrencies and private keys.
WebSockets: A communication protocol that provides full-duplex communication channels over a single TCP connection.
WpHG (Wertpapierhandelsgesetz - German Securities Trading Act): Regulates the trading of securities in Germany.
WpPG (Wertpapierprospektgesetz - German Securities Prospectus Act): Regulates the prospectus requirement for the public offering of securities.
WpÜG (Wertpapiererwerbs- und Übernahmegesetz - German Securities Acquisition and Takeover Act): Regulates takeover bids and mandatory offers related to securities.

XML (Extensible Markup Language): A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

ZAG (Zahlungsdiensteaufsichtsgesetz - Payment Services Supervision Act): Regulates the activities of payment service providers in Germany.
Zero-Gas-Fee Model: A model in which no transaction fees are charged for using the blockchain.
ZuFinG (Zukunftsfinanzierungsgesetz - Future Financing Act): A German law promoting the capital market.

Overview

Product Portfolio

Technology

First Steps

Regulatory Framework

Supplementary Regulation

Electronic Shares

Tradability

Technical Implementation

Operations

Support & Resources

Platform Status & Updates