Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Accreditation Regulations

Chapter III : Requirements for certification service providers

21. Suspension and revocation of certificates

Purchase cart Previous page Return to chapter overview Next page

 

(1)Unless a certification service provider and a subscriber agree otherwise, the certification service provider must suspend a certificate with immediate effect upon receiving a request to do so from the subscriber listed in the certificate or a person duly authorised to act for that subscriber.

 

(2)The certification service provider must revoke any certificate that it issued—
(a)after receiving a request for revocation from a subscriber named in the certificate and confirming that the person requesting the revocation is the subscriber or an agent of the subscriber with authority to request the revocation;
(b)after receiving a certified copy of the subscriber's death certificate; or
(c)upon presentation of documentary proof that a subscriber that is a Iegal person has been wound up or deregistered or has ceased to exist.

 

(3)A certification service provider must revoke a certificate, regardless of whether the subscriber listed in the certificate consents, if after verification—
(a)a material fact represented in the certificate is found to be false;
(b)a requirement for the issuing of the certificate wa--s not satisfied;
(c)the certification service provider's private key or trustworthy system was compromised in a manner that materially affects the reliability of the certificate; or
(d)a subscriber has breached a subscriber agreement with the certification service provider.

 

(4)Upon effecting a revocation contemplated in sub-regulation (3), the certification service provider must immediately notify the subscriber listed in the revoked certificate and publish the revocation in its repository.