Act 7
Electronic Signatures Act
PART IV—PUBLIC KEY INFRASTRUCTURE (PKI)
2011
20. Sphere of application.
This Part applies to digital signatures or signatures that are able to use
the public key infrastructure (PKI).
21. Controller.
(1) The Controller shall, in particular be responsible for monitoring
and overseeing the activities of certification service providers and shall
perform the functions conferred on the Controller under this Act.
(2) The Controller shall exercise its functions under this Act
subject to such directions as to the general policy guidelines as may
be given by the Minister.
(3) The Controller shall maintain a publicly accessible database
containing a certification service provider disclosure record for each
certification service provider, which shall contain all the particulars
required under regulations made under this Act.
(4) The Controller shall publish the contents of the database in
at least one recognised repository.
22. Certification service providers to be licensed.
(1) A person shall not carry on or operate or hold himself out as
carrying on or operating, as a certification service provider unless that
person has a valid licence issued under this Act.
(2) A person who contravenes subsection (1) commits an offence
and is liable, on conviction, to a fine not exceeding two hundred and
forty currency points or imprisonment not exceeding ten years or both;
and in the case of a continuing offence is in addition liable to a daily fine
not exceeding ten currency points for each day the offence continues.
(3) The Minister may, on an application in writing being made
in accordance with this Act, exempt a person operating as a
certification service provider within an organisation from the
requirement of a licence under this section where certificates and key
pairs are issued to members of the organisation for internal use only;
but the Minister shall not delegate that power to the Controller.
22