PKI Regulations & Assurance Programs

 

For a general overview of the context of e-signature governance, see Policy Frameworks.


A small set of representative e-signature regulation examples follow.

Prescriptive PKI jurisdictions


India: Information Technology Act - 2000

Note that Indian PKI laws prohibit chaining to offshore root CAs.

Malaysia: Digital Signatures Act - 1997

 

Two Tier PKI Jurisdictions and Regulators

Hong Kong's Office for the Recognition of CAs

Directive 1999/93/EC of the European Parliament on a Community framework for electronic signatures

UK: Electronic Signatures Regulations - 2002

Light touch e-signature jurisdictions

 

E-SIGN - Electronic Signatures in Global and National Commerce Act 2000

Australia: Electronic Transactions Act - 2000

New Zealand: Electronic Transactions Act - 2003

Singapore: Electronic Transactions Act - 1998

PKI Assurance Programs

 

WebTrust for CAs - of the American Institute of Certified Public Accountants is a world-wide trust mark for CAs, derived from the AICPA's more general "Webtrust" program for e-commerce sites.

The UK's tScheme is an independent, not-for-profit company providing assessment of trust service providers against Approval Profiles, in accordance with European Unionqualified e-signatures legislation.