Electronic
2 5 0 [ N o . 21 o f 2 0 0 9
Accreditation
of
authentication
products
and
services
and
Communications
Transactions
29. (1) The Accreditation Authority may accredit authentication
products and services in support of advanced electronic signatures.
(2) An application for accreditation shall be m a d e to t h e
Accreditation Authority in the prescribed manner and form upon
payment of the prescribed fee.
(3) A person w h o falsely holds out any products or services as
accredited by the Accreditation Authority under this Act, commits
an offence and is liable, upon conviction, to a fine not exceeding
one hundred thousand penalty units or to imprisonment for a period
not exceeding one year, or to both.
Criteria for
accreditation
3 0 . (1) The A c c r e d i t a t i o n Authority shall not accredit
a u t h e n t i c a t i o n p r o d u c t s or s e r v i c e s u n l e s s t h e A c c r e d i t a t i o n
Authority is satisfied that an electronic signature to which the
authentication products or services r e l a t e —
(a) is uniquely linked to the user;
(b) is capable of identifying the user;
(c) is created using means that can be maintained under the
sole control of the user;
(d) will be linked to the data or data message to which it
relates in such a manner that any subsequent change of
the data or data message is detectable; and
(e) is based on the face-to-face identification of the user.
(2) For purposes of subsection (1), the Accreditation Authority
shall h a v e r e g a r d to t h e f o l l o w i n g f a c t o r s in r e s p e c t o f an
authentication service provider prior to accrediting authentication
products or services:
(a) the authentication service provider's financial and human
resources, including the assets;
(b) the quality of the hardware and software systems;
(c) the procedures for the processing of products or services;
(d) the availability of information to third parties relying on
the authentication product or service;
(e) the regularity and extent of audits by an independent body;
(f) the factors referred to in subsection (4), where the products
and services are rendered by a certification service
provider; and
(g) any other relevant factor as may be prescribed.