The provider of electronic certification services is the natural or legal person approved and authorized to issue electronic certification certificates or any services or tasks related to them and electronic signatures, and these certificates certify the proof of the ratio of the electronic signature to a specific person and prove the link between the signer and the signature creation data based on procedures Certified documentation.
Conditions for obtaining a license for electronic certification and electronic signature activity
The license application is submitted to the authority competent to issue and renew the licenses necessary to practice the activities of electronic authentication and electronic signature services. Several conditions must be met by the applicant for the license or renewal to practice the activities of electronic authentication and electronic signature services, which are:
First: An electronic data system and a system for electronic certification certificates and integrated electronic signatures that are not less than the security level of the standards specified by the competent authority, as stated in the electronic certification and electronic signature procedures, in accordance with the following controls:
- The inability of the private keys or the data constituting the electronic signature to be inferred or elicited, and the competent authority shall specify the necessary criteria for this.
- Maintaining the confidentiality of data and protecting it from damage, forgery or hacking, according to the security level specified by the competent authority.
Second: A highly efficient technical infrastructure and administrative resources at a level not less than the standards approved by the competent authority, to operate and manage all electronic certification and electronic signature operations, the most important of which are:
- Issuance of electronic ratification certificates, and the consequent renewal, approval, cancellation and return of certificates.
- Managing encryption operations and the subsequent preservation of the CSP’s private key, as well as public keys.
- Using the best international systems and standards in information security, in accordance with the controls set by the competent authority.
Third: Making available data related to verifying the validity of certificates and electronic signatures for all parties to electronic dealing, while ensuring that they are linked directly to the lists of suspended and canceled certificates.
Fourth: Establishing, operating and managing all electronic resources according to a mechanism that guarantees preservation and archiving operations, as well as transferring to other systems and databases, while providing alternatives and plans according to which service continuity is ensured.
Fifth: Issuing a technical certificate from the root certification manager approving the link with the certification root and the text of the conditions and controls determined by the certification root manager and approved by the competent authority.
Obligations of the electronic certification service provider to obtain the license
Preparing contracts and determining fees for services
The certification services provider shall be obligated to prepare contracts and detailed procedures as well as the fees for the services he performs, and to approve them by the competent authority to issue the necessary licenses to practice electronic authentication and electronic signature services in a manner that preserves the rights of all related parties.
Preparing an activity termination plan
The certification services provider is also obligated to submit an activity termination plan that includes details of the procedures to be followed when it stops practicing its activity at its request, or in cases where it is suspended, its license is canceled or it is not renewed, in a way that guarantees the rights of all related parties.
Providing guarantees and insurances
The applicant for a license to engage in electronic authentication and electronic signature activities shall provide the guarantees and insurances determined by the competent authority to issue the necessary licenses to engage in electronic authentication and electronic signature services, in order to cover the damages or dangers related to those concerned in the event of termination, cancellation or suspension of the license for any reason, or to cover any breach or A failure on his part to fulfill the obligations contained in the license.
Responsibility of the certification service provider
The certification services provider shall be responsible for all the administrative and technical services and resources that are affiliated to it, whether directly or indirectly, in front of its beneficiary clients.
Conditions that must be met in the request to stop the activity, waive the license or merge
For the approval of the request to stop the activity, to waive the license or to merge, the following conditions must be met:
- That the provider of certification services continue to provide its services to the beneficiaries, and it is not permissible for any reason to stop providing them until the conditions set by the competent authority are met and their approval is obtained, in order to guarantee the rights of the relevant parties.
- The provider of certification services or merger with any other party shall not waive unless after the approval of the competent authority and the submission of a comprehensive study, explaining the justifications and objectives and the impact of this on the services and beneficiaries.
The competent authority, based on what is required by the regulations and the interests of the beneficiaries, may accept, reject or amend the request.
If you are looking for a Kuwaiti law firm that specializes in providing legal services to the securities, capital and stock market activities, you can count on us at Taqneen, Law Firm and Legal Consultations.
To book an appointment or request legal advice about the duties of securities companies in the optimal implementation of clients’ orders, we are pleased to receive your inquiries at (info@Taqneen.com).