Act 7
Electronic Signatures Act
2011
47. Adoption of more rigorous requirements permitted.
Nothing in sections 31 and 32 shall preclude a certification service
provider from conforming to standards, certification practice
statements, security plans or contractual requirements more rigorous
than, but nevertheless consistent with, this Act.
48. Suspension or revocation of certificate for faulty issuance.
(1) Where after issuing a certificate a certification service
provider confirms that it was not issued in accordance with sections
31 and 32, the certification service provider shall immediately revoke
it.
(2) A certification service provider may suspend a certificate
which it has issued for a reasonable period not exceeding forty-eight
hours as may be necessary for an investigation to be carried out to
confirm the grounds for a revocation under subsection (1).
(3) The certification service provider shall immediately notify
the subscriber of a revocation or suspension under this section.
49. Suspension or revocation of certificate by order.
(1) The Controller may order the certification service provider to
suspend or revoke a certificate where the Controller determines
that—
(a) the certificate was issued without compliance with sections
31 and 32; and
(b) the non-compliance poses a significant risk to persons
reasonably relying on the certificate.
(2) Before making a determination under subsection (1), the
Controller shall give the licensed certification service provider and
the subscriber a reasonable opportunity of being heard.
(3) Notwithstanding subsections (1) and (2), where in the opinion
of the Controller there exists an emergency that requires an immediate
remedy, the Controller may, after consultation with the Minister,
suspend a certificate for a period not exceeding forty-eight hours.
35