recognition of foreign certifying authorities vakul sharma © vakul corporate advisory, 2014
TRANSCRIPT
Recognition of Foreign Certifying Authorities
Vakul Sharma
© Vakul Corporate Advisory, 2014
Leap of faith
• Recognizing “Foreign Certifying Authorities” by two statutory instruments:
“Information Technology (Recognition of Foreign Certifying Authorities operating under a Regulatory Authority) Regulations, 2013”*
“Information Technology (Recognition of Foreign Certifying Authorities not operating under any Regulatory Authority) Regulations, 2013”*
* April 6th 2013
• Foreign CA means a CA other than one licensed to issue a DSC…….whose installed facilities and infrastructure associated with all functions of generation, issue, and management of DSCs are located outside India [Regulation 2(1)(d)]
• Recognised Foreign CA means a “foreign CA” who has been granted under these regulations pursuant to section 19 of the Information Technology Act [Recognition of foreign CA].
• Foreign CAs will have the same protection of law as it has been provided to the Indian CAs under the Information Technology Act, 2000
Deemed Recognition operating under a Regulatory Authority
• A foreign CA deemed as recognised if it has been authorised to issue DSCs by a recognised Regulatory Authority established under the laws of a country other than India. [Regulation 3A(2)]
Recognition of Foreign Certifying Authorities operating under a Regulatory Authority is based on: • Principle of reliability & reciprocity
• Controller of Certifying Authority (CCA – India) to enter into a Memorandum of Understanding (MoU) with each recognised Regulatory Authority*
• Reliability assessment for equivalence
*India has signed MoU with South Korea.
Recognition not operating under a Regulatory Authority
• Any Foreign CA may apply to Controller for recognition; it may require to submit following details, including:
• A Certificate Practice Statement (CPS)• A statement for the purpose & scope of anticipated DSC
technology, management, or operations to be outsourced• Certified copies of the business registration & license of foreign
certifying authority that intends to be recognised• Audit report of infrastructure• Maintenance of local office• Fee of USD 25,000• Issuance of recognition within 4 weeks
Global Business Model
• The idea is to provide seamless authentication, message integrity, non-repudiation, & accessibility across jurisdictions facilitating e-commerce* & e-Governance
• Time to come out of ‘cocoon’ existence (DSCs are never meant to be localized but glocalized)
* UNCITRAL Model Law on E-commerce (Resolution A/RES/51/162 adopted by the General Assembly of UN on 30th January 1997.
• Global business model based on ‘cross certifying authorities’ acting as ‘trusted third parties’ has all the ingredients to revolutionize online trust - from authentication to payments to service delivery