- (a) the digital signature was created during the operational period of a valid certificate and is verified by reference to the public key listed in such certificate; and
- (b) the certificate is considered trustworthy, in that it is an accurate binding of a public key to a person’s identity because—
- (i) the certificate was issued by an accredited certification authority operating in compliance with the regulations made under section 22;
- (ii) the certificate was issued by a recognised certification authority;
- (iii) the certificate was issued by a public agency approved by the Minister to act as a certification authority on such conditions as he may by regulations impose or specify; or
- (iv) the parties have expressly agreed between themselves (sender and recipient) to use digital signatures as a security procedure, and the digital signature was properly verified by reference to the sender’s public key.
Presumptions regarding certificates
4. It shall be presumed, unless evidence to the contrary is adduced, that the information (except for information identified as subscriber information which has not been verified) listed in a certificate issued by an accredited certification authority or a recognised certification authority, or in a recognised certificate, is correct if the certificate was accepted by the subscriber.
Unreliable digital signatures
5. Unless otherwise provided by law or contract, a person relying on a digitally signed electronic record assumes the risk that the digital signature is invalid as a signature or an authentication of the signed electronic record, if reliance on the digital signature is not reasonable under the circumstances having regard to the following factors:
- (a) facts which the person relying on the digitally signed electronic record knows or has notice of, including all facts listed in the certificate or incorporated in it by reference;
- (b) the value or importance of the digitally signed electronic record, if known;
- (c) the course of dealing between the person relying on the digitally signed electronic record and the subscriber and any available indicia of reliability or unreliability apart from the digital signature; and
- (d) any usage of trade, particularly trade conducted by trustworthy systems or other electronic means.
