Act 7
Electronic Signatures Act
2011
77. Recognition of repositories.
(1) The Controller may recognise one or more repositories, after
determining that a repository to be recognised satisfies the
requirements prescribed in the regulations made under this Act.
(2) The procedure for recognition of repositories shall be as
prescribed by regulations made under this Act.
(3) The Controller shall publish a list of recognised repositories
in such form and manner as he or she may determine.
78. Liability of repositories.
(1) Notwithstanding any disclaimer by the repository or a
contract to the contrary between the repository and a licensed
certification service provider or a subscriber, a repository shall be
liable for a loss incurred by a person reasonably relying on an
electronic signature verified by the public key listed in a suspended
or revoked certificate, if loss was incurred more than one business
day after receipt by the repository of a request to publish notice of the
suspension or revocation and the repository had failed to publish the
notice when the person relied on the digital signature.
(2) Unless waived, a recognised repository or the owner or
operator of a recognised repository—
(a) shall not be liable for failure to record publication of a
suspension or revocation, unless the repository has received
notice of publication and one business day has elapsed
since the notice was received;
(b) shall not be liable under subsection (1) in excess of the
amount specified in the certificate as the recommended
reliance limit;
(c) shall not be liable for misrepresentation in a certificate
published by a certification service provider;
45