40
No. 23708
Act No. 25,2002
GOVERNMENT GAZETIE, 2 AUGUST 2002
ELECTRONIC
COMMUNICATIONS
AND
TRANSACTIONS ACT, 2002
(c) be reasonably suited to performing their intended functions; and
( d ) adhere to generally accepted security procedures.
(4) For the purposes of subsection (l), where the productsor services are provided by
a certification serviceprovider, the Accreditation Authority may stipulate,prior to
accrediting authentication products or services5
( a ) the technical and other requirements which certificates must meet;
(b) the requirements for issuing certificates;
(c) the requirements for certification practice statements;
( d ) the responsibilities of the certification service provider;
( e ) the liability of the certification service provider;
10
If) the records to be kept and the manner in which and length of time for which
they must be kept;
(g) requirements as to adequate certificate suspension and revocation procedures;
and
( h ) requirements as to adequate notification proceduresrelating
to certificate 15
suspension and revocation.
( 5 ) The Accreditation Authority may impose any conditions or restrictions necessary
when accrediting an authentication product or service.
Revocation or termination of accreditation
39. (1 ) The Accreditation Authority may suspend or revoke an accreditation if it is 20
satisfied that the authentication service provider has failed or ceases to meet any of the
requirements, conditions or restrictionssubject to which accreditationwasgranted
under section 38 or recognition was given in terms of section 40.
( 3 ) Subject to the provisions of subsection (3), the Accreditation Authority may not
suspend or revoke the accreditation or recognition contemplated in subsection(1) unless 25
it has(a) notified the authentication service provider in writing of its intention to do so;
(hi given a description of theallegedbreach
of any of therequirements,
conditions or restrictions subject to which accreditation was granted under
section 38 or recognition was given in terms of section 40; and
30
( c ) afforded the authentication service provider the opportunity t o (i) respond to the allegations in writing; and
(ii) remedy the alleged breach within a reasonable time.
(3) TheAccreditation Authority may suspend accreditation granted under section 38
or recognition given under section 40 with immediate effect for a period not exceeding 35
90 days, pending implementation of the procedures required by subsection ( 2 ) ,if the
continued accreditation or recognition of the authentication serviceprovider
is
reasonably likely to result in irreparable harmto consumers or any person involved in an
electronic transaction in the Republic.
(4) An authentication serviceprovider
whose products or services have been 40
accredited in ternls of this Chapter may terminate such accreditation at any time, subject
to such conditions as may be agreed to at the time of accreditation or thereafter.
Accreditation of foreign products and services
40. (1) The Minister may, by notice in the Gazerte and subject to such conditions as
may be determined hy him or her, recognise the accreditation or similar recognition 45
granted to any authentication service provider or its authentication products or services
in any foreign jurisdiction.
(2) An authentication service provider falsely holding out its products or services to
ha\ze been recognised by the Minister in terms of subsection ( I ) , is guilty of an offence.
Accreditation regulations
41. The Minister may make regulations in respect of(a) the rights and obligations of persons relating to the provision of accredited
products and services;
SO