9
electronic certificates;
-
the provision of public keys to all public users;
-
the provision of security auditing, security programs editing, and other authorized
security services to the public.
Section 12. The conditions and terms for granting the authorization referred to in Section 10
above shall be laid down by regulation.
CHAPTER IV
SECURITY ACTIVITIES
Section 13. (1) Electronic communication networks and information systems of operators,
certification authorities and electronic communication service providers shall be subject to an
obligatory security audit.
2) The conditions and terms for the conduct of the security audits provided for in Sub-Section
1 above shall be laid down by regulation .
Section 14. The staff of the Agency and experts recruited to carry out audit operations shall
be required to maintain professional secrecy.
CHAPTER V
ELECTRONIC CERTIFICATION
Section 15. (1) Qualified electronic certificates shall be valid only for the
objects for which they were issued.
(2) Devices used to design and verify qualified certificates shall, from the technological
standpoint, be neutral, standardized, certified and interoperable.
Section 16. (1) Certification Authorities shall be responsible for prejudice caused to .people
who relied on the certificates they presented as qualified in the case where:
-
-
the information contained in the certificate on the date of its issuance was inaccurate;
the data prescribed such that certificate could be considered as qualified was
incomplete
the issuance of the qualified certificate did not give rise to the verification that the
signatory holds the private convention corresponding to the public convention of the
certificate;
Certification Authorities and certification service providers, as the case may be, have
not registered the repeal of the qualified certificate and placed this information at the
disposal of third parties.
(2) Certification Authorities shall not be responsible for the prejudice caused by the use of the
qualified certificate that exceeds the limits fixed for its use or the value of transactions for
which it can be used, provided that such limits appear in the qualified certificate and are
accessible to users.