PKI Regulations & Assurance Programs


For a general overview of the context of e-signature governance, see Policy Frameworks.

A small set of representative e-signature regulation examples follow.

Prescriptive PKI jurisdictions

India: Information Technology Act - 2000

Note that Indian PKI laws prohibit chaining to offshore root CAs.

Malaysia: Digital Signatures Act - 1997


Two Tier PKI Jurisdictions and Regulators

Hong Kong's Office for the Recognition of CAs

Directive 1999/93/EC of the European Parliament on a Community framework for electronic signatures

UK: Electronic Signatures Regulations - 2002

Light touch e-signature jurisdictions


E-SIGN - Electronic Signatures in Global and National Commerce Act 2000

Australia: Electronic Transactions Act - 2000

New Zealand: Electronic Transactions Act - 2003

Singapore: Electronic Transactions Act - 1998

PKI Assurance Programs


WebTrust for CAs - of the American Institute of Certified Public Accountants is a world-wide trust mark for CAs, derived from the AICPA's more general "Webtrust" program for e-commerce sites.

The UK's tScheme is an independent, not-for-profit company providing assessment of trust service providers against Approval Profiles, in accordance with European Unionqualified e-signatures legislation. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I