11. Liability of certification service providers.
(1) A certification service provider shall, by issuing or guaranteeing a certificate to
the public, accept liability for damage caused to any person who reasonably relies
on the certificate unless the certification service provider can prove that it was not
negligent.
(2) The liability of a certification provider under paragraph (1) shall be limited to
issues relating to—
(a) The accuracy, at the time of issuance, of all information contained in the
certificate and the fact that the certificate contains all the details prescribed for the
certificate;
(b) The assurance that at the time of the issuance of the certificate, the signatory
identified in the certificate held the signature-creation data corresponding to the
signature- verification data given or identified in the certificate;
(c) Assurance that the signature-creation data and the signature- verification data
can be used in a complementary manner in cases where the certification service
provider generated both of them; and
(d) The failure to publish a notice of suspension or revocation of a certificate in the
repository specified in the certificate.
(3) Where a certification service provider has specified in a certificate, the limits
on the use of the certificates and the limits on the values of transactions for which
the certificate may be used, it shall not be liable for any damage resulting from
exceeding the limits.
12. Renewal of certificates.
(1) The provisions of regulation 9 shall apply mutatis mutandis to the renewal of
certificates.
(2) The subscriber identity verification method employed for renewal of
certificates shall be specified in the certification practice statement.
(3) A certification service provider shall log and keep, in a secure manner, the date
and time of all transactions relating to the renewal of a certificate.