REGULATION OF CERTIFICATION AUTHORITIES
—(1) The Minister shall appoint a Controller of Certification Authorities for the purposes of this Act and, in particular, for the purposes of licensing, certifying, monitoring and overseeing the activities of certification authorities.
(2) The Controller may, after consultation with the Minister, appoint such number of Deputy and Assistant Controllers of Certification Authorities and officers as the Controller considers necessary to exercise and perform all or any of the powers and duties of the Controller under this Act or any regulations made thereunder.
(3) The Controller, the Deputy and Assistant Controllers and officers appointed by the Controller under subsection (2) shall exercise, discharge and perform the powers, duties and functions conferred on the Controller under this Act or any regulations made thereunder subject to such directions as may be issued by the Minister.
(4) The Controller shall maintain a publicly accessible database containing a certification authority disclosure record for each licensed certification authority which shall contain all the particulars required under the regulations made under this Act.
(5) In the application of the provisions of this Act to certificates issued by the Controller and digital signatures verified by reference to those certificates, the Controller shall be deemed to be a licensed certification authority.
—(1) The Minister may make regulations for the regulation and licensing of certification authorities and to define when a digital signature qualifies as a secure electronic signature.
(2) Without prejudice to the generality of subsection (1), the Minister may make regulations for or with respect to —
applications for licences or renewal of licences of certification authorities and their authorised representatives and matters incidental thereto;
the activities of certification authorities including the manner, method and place of soliciting business, the conduct of such solicitation and the prohibition of such solicitation of members of the public by certification authorities which are not licensed;
the standards to be maintained by certification authorities;
prescribing the appropriate standards with respect to the qualifications, experience and training of applicants for any licence or their employees;
prescribing the conditions for the conduct of business by a certification authority;
providing for the content and distribution of written, printed or visual material and advertisements that may be distributed or used by a person in respect of a digital certificate or key;
prescribing the form and content of a digital certificate or key;
prescribing the particulars to be recorded in, or in respect of, accounts kept by certification authorities;
providing for the appointment and remuneration of an auditor appointed under the regulations and for the costs of an audit carried out under the regulations;
providing for the establishment and regulation of any electronic system by a certification authority, whether by itself or in conjunction with other certification authorities, and for the imposition and variation of such requirements, conditions or restrictions as the Controller may think fit;
the manner in which a holder of a licence conducts its dealings with its customers, conflicts of interest involving the holder of a licence and its customers, and the duties of a holder of a licence to its customers with respect to digital certificates;
prescribing forms for the purposes of the regulations; and
prescribing fees to be paid in respect of any matter or thing required for the purposes of this Act or the regulations.
(3) Regulations made under this section may provide that a contravention of a specified provision shall be an offence and may provide penalties not exceeding a fine of $50,000 or imprisonment for a term not exceeding 12 months or both.
43. The Minister may, by regulations, provide that the Controller may recognise certification authorities outside Singapore that satisfy the prescribed requirements for any of the following purposes:
the recommended reliance limit, if any, specified in a certificate issued by the certification authority;
45. Unless a licensed certification authority waives the application of this section, a licensed certification authority shall not be liable —
for any loss caused by reliance on a false or forged digital signature of a subscriber, if, with respect to the false or forged digital signature, the licensed certification authority complied with the requirements of this Act; or
in excess of the amount specified in the certificate as its recommended reliance limit for either —
a loss caused by reliance on a misrepresentation in the certificate of any fact that the licensed certification authority is required to confirm; or