|
Liability of certification service providers.
|
30.—(1) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate or guarantees such a certificate, shall be liable for any damage caused to a person who, or public body which, reasonably relies on the certificate unless the certification service provider proves that he, she or it has not acted negligently.
|
| |
(2) It shall be the duty of every certification service provider who provides to the public a service of issuing certificates and who issues a certificate as a qualified certificate or guarantees such a certificate, to take reasonable steps to ensure—
|
| |
(a) the accuracy of all information in the qualified certificate as at the time of issue and that the certificate contains all the details required by Annex I to be so contained in a qualified certificate,
|
| |
(b) that, at the time of the issue of the certificate, the signatory identified in the certificate held the signature creation device corresponding to the signature verification device given or identified in the certificate, and
|
| |
(c) that the signature creation device and the signature verification device act together in a complementary manner, in cases where the certification service provider generates both.
|
| |
(3) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate, or guarantees such a certificate, is liable for any damage caused to a person who, or public body which, reasonably relies on the certificate, for the certification service provider's failure to register or publish notice of the revocation or suspension of the certificate as prescribed, unless the certification service provider proves that he, she or it has not acted negligently.
|
| |
(4) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate, or guarantees such a certificate, may indicate in the qualified certificate limits on the uses of the certificate (including a limit on the value of transactions for which the certificate can be used) and, if the limits are clear and readily identifiable as limitations, the certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes such limits on its uses.
|