Page:Electronic Transactions Act 2010.pdf/35

36 : accredited certification authority or recognised certification authority complied with the requirements of this Act; or
 * (b) in excess of the amount specified in the certificate as its recommended reliance limit for either—
 * (i) a loss caused by reliance on a misrepresentation in the certificate of any fact that the accredited certification authority or recognised certification authority is required to confirm; or
 * (ii) failure to comply with paragraphs 14 and 15 in issuing the certificate.

PART II DUTIES OF CERTIFICATION AUTHORITY Trustworthy system

12. A certification authority must utilise trustworthy systems in performing its services.

Disclosure

13.—(1) A certification authority shall disclose—
 * (a) its certificate that contains the public key corresponding to the private key used by that certification authority to digitally sign another certificate (referred to in this paragraph as a certification authority certificate);
 * (b) any relevant certification practice statement;
 * (c) notice of the suspension or revocation of its certification authority certificate; and
 * (d) any other fact that materially and adversely affects either the reliability of a certificate that the authority has issued or the authority’s ability to perform its services.

(2) In the event of an occurrence that materially and adversely affects a certification authority’s trustworthy system or its certification authority certificate, the certification authority shall—
 * (a) use reasonable efforts to notify any person who is known to be or foreseeably will be affected by that occurrence; or
 * (b) act in accordance with procedures governing such an occurrence specified in its certification practice statement.

Issuance of certificate

14.—(1) A certification authority may issue a certificate to a prospective subscriber only after the certification authority—
 * (a) has received a request for issuance from the prospective subscriber; and