Digital Signature Act 1997

Original Language Title: Digital Signature Act 1997

Read the untranslated law here: https://www.global-regulation.com/law/malaysia/5959919/digital-signature-act-1997-.html

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
Laws of MALAYSIA Act 562 REPRINTING the DIGITAL SIGNATURE ACT 1997 Containing all amendments to 1 January 2006 PUBLISHED by the COMMISSIONER of law revision, UNDER the AUTHORITY of law REVISION ACT 1968 in COLLABORATION with PERCETAKAN NASIONAL MALAYSIA BHD 2006 2 laws of Malaysia ACT 562 DIGITAL SIGNATURE ACT 1997 the date of Royal Assent.................. June 18, 1997, the date of publication in the Gazette............ 30 June 1997 Digital signature 3 laws of MALAYSIA Act 562 DIGITAL SIGNATURE ACT 1997 ARRANGEMENT of SECTIONS part I preliminary section 1. Short title and commencement 2. Interpretation Part II The COMMISSION And LICENSING AUTHORITIES CERTIFICATION 3. The Appointment Of The Commission 4. The certification authority shall be licensed 5. Eligibility certification authorities 6. A licensed certification authority functions 7. Application for licence 8. Grant of or refusal to provide a licence 9. Cancellation of licence 10. Appeal 11. Surrender of licence 12. Effect of cancellation, surrender or expiration period of licence 13. The effect of the absence of licence 14. Return of licence 15. Limited license 4 laws of Malaysia ACT 562 Section 16. Restrictions on the use of the expression "certification authorities" 17. Renewal of licence 18. License lost 19. Other license recognition 20. Performance audit 21. Exemption from performance audit PART III REQUIREMENTS on CERTIFICATION AUTHORITIES LICENSED 22. A licensed certification authority activities 23. Requirements for display license 24. The requirements to submit information and particulars relating to the business operations 25. Notification of exchange of information 26. Requirements about advertising PART IV DUTIES of LICENSED CERTIFICATION AUTHORITIES and CUSTOMERS Chapter 1 General Requirements for the certification authority licensed 27. Use of reliable system 28. Disclosure on 29 queries. Prerequisite to the issuance of a certificate to the customer 30. Broadcasting certificate issued and received 31. The adoption of stricter requirements allowed 32. Suspension or revocation of certification because production is not correct 33. Suspension or revocation of a certificate by the order of the Digital signature 5 Chapter 2 Warranties and obligations of licensed certification authority Section 34. Warranty to customers 35. Ongoing obligation to customers 36. Representations upon issuance of 37. Representations upon publication of Chapter 3 Representations and obligations upon receipt of recommendation 38. Representation implied by 39 customers. Representation by the client agent 40. Rejection or indemnity limited 41. Underwriting loss of certification authorities licensed by 42 customers. Certification of accuracy of information provided chapter 4 control over private key 43. Obligation to store a private key safely 44. Property in a private key 45. A licensed certification authority shall be the fiduciary if holds a private key customers Chapter 5 Suspension recommendation 46. Suspension of certification by a licensed certification authority that issued the 47. Suspension of certification by the Commission or Tribunal 48. Notice of suspension of the 6 laws of Malaysia ACT 49 Section 562. Termination of suspension that began with a demand of 50. Contractual arrangements alternate 51. Prohibition against false or unauthorized request for suspension of certificate 52. Effects of suspension of certificate of Chapter 6 revocation of certificate 53. Cancellation on request 54. Cancellation of the death or dissolution of 55 customers. Cancellation of certificate not trusted 56. Notice of revocation of 57. The impact of the cancellation on request 58 customers. The effect of the notification on the licensed certification authority of Chapter 7 of the expiration period of the recommendation 59. The expiration period of the certificate of Chapter 8 recommended and Limit dependence liability 60. The recommended limits dependence 61. The limit of liability of certification authorities licensed part V EFFECT of DIGITAL SIGNATURES 62. Satisfaction of the requirements of the signature 63. Digital signature unreliable 64. Digitally signed messages are deemed to be a written document Digital signature 7 Section 65. Digitally signed messages are deemed to be the original 66. Verification of the digital signature 67. The assumption in representing the dispute PART VI REPOSITORY and SERVICES date/time MARKER 68. Recognition of a repository of 69. Liability repository 70. Recognition of marker service date/time PART VII GENERAL 71. Prohibition against the harmful activities 72. Obligation of secrecy 73. False information 74. Offences by bodies corporate 75. Authorized officers 75A. Enforcement by police officer 76. Authority to investigate 77. Search with warrant 78. Search and seizure without a warrant 79. Access to computerized data 80. List of things seized 81. Obstacles of authorized officers 82. The extra power 83. Penalties am 84. Get the cost of prosedural 85. There are no costs or damages arising from seizure can diperdapatkan 8 laws of Malaysia ACT 562 Section 86. Start and conduct of prosecution 87. Jurisdiction try offences 88. The Commission's protection officer and 89. Power to exclude 90. Limitations upon the refusal or limitation of application of Act 91. Regulations 92. Savings and transitional Digital signature 9 laws of MALAYSIA Act 562 DIGITAL SIGNATURE ACT 1997 an act to provide for, and to regulate the use of the digital signature, and to provide for the purposes connected therewith.
[October 1, 1998, P.U. (B) 397/1998]
BE IT enacted by the Seri Paduka Baginda Yang di-Pertuan Agong with the advice and consent of the Dewan Negara and Dewan Rakyat in Parliament assembled, and by the authority of the same, as follows: part I preliminary short title and commencement 1. This Act may be cited as the Digital Signature Act 1997 and shall come into force on such date as the Minister may, by notification in the Gazette, and the Minister may prescribe different dates for different provisions of this Act.
Interpretation 2. (1) in this Act, unless the context otherwise requires — "this Act" includes any regulations made under this Act;
"suitable", with respect to the key means of same key pair;
"prescribed" means prescribed by or under this Act or any regulations made under this Act;
10 laws of Malaysia ACT 562 "recommended dependency limit" means the sums recommended for reliance on a certificate under section 60;
"public key" means the key of a key pair that is used for verifying a digital signature;
"private key" means the key of a key pair used to generate a digital signature;
"forging a digital signature" means — (a) to produce a digital signature without the consent of the holder of a valid private key; or (b) to produce a digital signature that can be disahbetulkan by a certificate that lists as someone who either does not exist or does not hold a private key that corresponds to the public key listed in the certificate;
"revoke certificate" means to make a certificate ineffective permanently from a specified time forward;
"tell" means to inform a fact to one another in the manner under the circumstances it is likely reasonably to convey knowledge about that information to others that;
"holding a private key" means to be able to use a private key;
"holding a private key legitimately" means to be able to use a private key — (a) that the holder or agent of the holder not to disclose to any person in contravention of this Act; and (b) that the holder is not obtained through theft, perdayaan, installation of ears or other way illegal;
Digital signature 11 "certify" means to declare in respect of an acknowledgement, with more than enough opportunities to consider, and with the obligation to inform himself of all material facts;
"receive" means — (a) to indicate agreement to a declaration, when knowing or having notice of its contents; or (b) to apply to the licensed certification authority for a certificate, without canceling the application with menghantarserahkan notice of cancellation to the certification authorities licensed it, and obtain a written receipt of the signed certification authorities licensed it, if licensed certification authorities subsequently issue a certificate based on the application;
"issuing a certificate" means the action of the certification authority in producing a certificate and notify the customers listed in the certificate of the contents of the certificate;
"verifying digital signature" means, in respect of a digital signature, a message and a particular public key, to determine exactly that — (a) the digital signature is produced by a private key that corresponds to the public key; and (b) the message was not modified since the signature of the digitalnya produced;
"verify" means to determine through inquiries and investigation of leaching;
"combining the reference basis" means to make a single message part of an other message by identifying the message to be combined and expressed the intention that it combined;

"suspend a certificate" means to make a certificate ineffective temporarily for a specified time forward;
12 laws of Malaysia ACT 562 "publish" means to record or file in a repository;
"message" means a statement of digital information;
"person" means a natural person or body of persons, incorporated or unincorporated, which is capable of signing a document, either legally or as a matter of fact;
"key pair" means a private key and a public key that corresponds with it in a system is not symmetric, which kripto public key can then be verifying a digital signature generated by the private key;
"authorized officer" means an officer authorised under section 75;
"customer" means a person who — (a) is the subject listed in a certificate;
(b) to receive the certificate; and (c) holds a private key that corresponds to the public key listed in the certificate;
"mark time" means — (a) to add or merge to a message, the digital signature or certificate of a digitally signed note stating at least the date, time and the identity of the person who adds or combine the entry; or (b) a record is added or incorporated such;
"recipient" means a person who receives or has a digital signature and is in a position to rely on it;
"certificate" means a computer based records — (a) identifies the certification authority issuing it;
Digital signature 13 (b) name or identify its customers;
(c) contains a public key that customers; and (d) digitally signed by the certification authority issuing it;
"valid certificate" means a certificate which — (a) is issued by a licensed certification authority;
(b) received by the customers listed in it;
(c) revoked or suspended; and (d) no expiration period: provided that a certificate of transaction is a certificate valid only in relation to the digital signature incorporated it in reference;
"the transaction certificate" means a certificate, which combines in reference one or more digital signature, issued and valid for a specific transaction;
"service date/time recognized marker" means a date/time marker service recognized by the Commission under section 70;
"certification practice statement" means a statement of practice used by a certification authority in issuing certificates in General, or that have been used in issuing a certificate particular;
"certification authority" means a person who is issued a certificate;
"licensed certification authority" means an authority certification to which a licence has been issued by the Commission and whose licences in force;
"the certification authority eligible" means a certification authority that meets the requirements under section 5;
14 laws of Malaysia ACT 562 "certification authority disclosure record" means a record online and who can access the public in respect of a licensed certification authority which is held by the Commission under subsection 3 (5);
"repository" means a system for storing and retrieving certificates and other information relevant to the digital signature;
"recognized repository" means a repository which is recognised by the Commission under section 68;
"trustworthy system" means computer hardware and software that — (a) by its reasonable secure from penerobosan and abuse;
(b) provides the required level of availability, reliability and correct operation reasonable; and (c) by reasonably practicable, appropriate for its functions which intended;
"the system is not symmetric kripto" means an algorithm or series of algorithms that provide a secure key pair;
* "Commission" means the Suruhanjaya Komunikasi dan Multimedia Malaysia established under Act Suruhanjaya Komunikasi dan Multimedia Malaysia 1998 [Act 589];
"digital signature" means the embodiment of a message by using a system is not symmetric with kripto such that a person having the initial message and the signer's public key can accurately determine — (a) whether it is genuinely has been manufactured by using a private key that corresponds to the public key of the signer; and (b) whether the message has been altered since embodiment is made;
* NOTE — when A1121 Act comes into operation, references to the controller of Certification Authorities ("Guard") or any of its officers and servants who are appointed by the controller, shall be construed as a reference to the Commission or an officer duly authorised — see section 19 of the Act A1121.
Digital signature 15 "writing" or "written" includes any handwriting, font type, printing, storage or delivery, electronic or any other means recorded information or record information in a form that can be retained by the other.
(2) for the purposes of this Act, a certificate shall be revoked by making an annotation that it cancelled at the certificate or by entering the certificate in a set certificate revoked.
(3) revocation of a certificate does not mean that the certificate is destroyed or made illegible.
PART II The COMMISSION And LICENSING AUTHORITIES CERTIFICATION Of Appointment Of Commission 3. (1) the Commission shall be responsible for the Administration, enforcement, conduct and implementation of the provisions of this Act and shall exercise, perform and perform the powers, duties and functions under this Act for the purpose of monitoring and supervising the certification authority.
(2) (struck by A1121 Act).
(3) (struck by A1121 Act).
(4) the Commission and its employees shall exercise its powers under this Act subject to any instructions about general policy and order given or made by the Minister.
(5) the Commission shall maintain a database can access public disclosure records containing the certification authority for each licensed certification authority shall contain all the particulars required under regulations made under this Act.
(6) the Commission shall publish the database content in at least one recognized repository.
16 laws of Malaysia ACT 562 certification authorities must be licensed 4. (1) No person shall carry on or operate, or submit himself to be run or operate, as a certification authority unless that person holds a valid licence issued under this Act.
(2) any person who contravenes subsection (1) commits an offence and shall, on conviction, to a fine not exceeding five hundred thousand dollars or to imprisonment for a term not exceeding ten years, or both, and in the case of a continuing offence can in addition be penalised daily not more than five thousand dollars for each day the offence continues to do.
(3) the Minister shall, on an application made in writing in accordance with this Act, exempt — (a) a person who operates as a certification authority in an organization if the key pair and certificate issued to members of the Organization for internal use only; and (b) any other person or class of persons as he thinks fit by the Minister, of the requirements of this section.
(4) the Minister may delegate its powers under subsection (3) to the Commission and that power may be exercised by the Commission in the name of and on behalf of the Minister.
(5) Where under subsection (4) does not prevent the Minister from exercising such delegated authority at any time.
(6) the limit of liability set out in Chapter 8 of part IV shall not apply to certification authorities and exempt part V does not apply in relation to the digital signature by certificate disahbetulkan issued by certification authorities which are exempted.
Digital signature certification authority Eligibility 17 5. (1) the Minister shall, by regulations made under this Act, prescribe the requirements for the certification authority.
(2) the Minister may at any time vary or amend the eligibility requirements prescribed under subsection (1) provided that any changes or amendments shall be applicable to the certification authority who holds a valid licence under this Act until the license expiration period.
A licensed certification authority functions 6. (1) a licensed certification authority functions is to issue recommendations to customers when requested and when the needs of licensed certification authorities about the identity of the customers to be listed in the certificate of dipuaskan and on payment of the prescribed fees and charges.
(2) a licensed certification authority shall, before issuing any certificate under this Act, take all reasonable steps to check for proper identification of customers to be listed in the certificate.
(3) a licensed certification authority shall, upon any certificate issued under this Act, the cause to an application for the certificate certified by a notary public appointed accordingly under the notaries public Act 1959 [Act 115].
Application for licence

7. (1) An application to obtain a licence under this Act shall be made in writing to the Commission in the prescribed form.
(2) every application under subsection (1) shall be accompanied by any documents or information as may be prescribed and the Commission may, orally or in writing at any time after receipt of the application and before the application is determined, require that the applicant give 18 laws of Malaysia ACT 562 any document or additional information as deemed necessary by the Commission for the purpose of determining the suitability of the applicant for the license.
(3) where any document or additional information required under subsection (2) is not given by the applicant within the time specified in the requirements or any pelanjutannya given by the Commission, the application shall be deemed withdrawn and shall not continue, without prejudice to a new application made by the applicant.
Grant of or refusal to provide a licence 8. (1) the Commission shall, when application is made accordingly in accordance with section 7 and after given all documents and information required, consider the application and, if it is satisfied that the applicant is a qualified certification authorities and the appropriate license, and on payment of the prescribed fee, give the license with or without conditions, or refuse to grant the license.
(2) every licence granted under subsection (1) shall state the duration of licences and licence number.
(3) the terms and conditions imposed under license may be modified or amended by the Commission at any time provided that the licensee is given a reasonable opportunity to be heard.
(4) where the Commission refuses to give a license, it shall forthwith notify the applicant in writing of refusal.
Cancellation of license 9. (1) the Commission may revoke a licence granted under section 8 if it is satisfied that — (a) a licensed certification authorities that do not comply with any of the obligations imposed upon him by or under this Act;
(b) the licensed certification authority has violated any of the conditions imposed under the licence, any provision of this Act or any other law Digital signature 19 other written, no matter that no prosecutions were brought for an offence in respect of such breach;
(c) a licensed certification authority has been, whether in connection with the application for the licence or at any time after the grant of the license, give the Commission information that is false, misleading or inaccurate or document or declaration made by or on behalf of the licensed certification authority or by or on behalf of any person who is or who will be the Director , the Commission or the Manager of the licensed certification authority that is false, misleading or inaccurate;
(d) a licensed certification authority that conducts its business in a manner that is prejudicial to the public interest or the economy;
(e) a licensed certification authorities that do not have sufficient assets to settle its liability;
(f) a winding-up order has been made against the licensed certification authority or a resolution for winding up freely joined has been approved;
(g) the licensed certification authority or any authorized officer who holds the position of management or Executive has been convicted of any offence involving dishonesty, fraud or moral turpitude;
(h) the licensed certification authority or Director, of the Commission or his manager has been convicted of any offence under this Act; or (i) the licensed certification authorities cease to be a qualified certification authorities.
(2) before cancelling a licence, the Commission shall give the certification authority notice in writing of the licensed his intention to do so and requires a licensed certification authority is showing a reason within the period specified in the notice as to why the licence should not be cancelled.
(3) if the Commission decides to cancel the licence, it shall immediately inform the certification authority concerned in writing of the decision.
20 laws of Malaysia ACT 562 (4) revocation of a licence shall come into force — (a) where no appeal is made against such revocation, expiration of fourteen days from the date notice of the revocation of the certification authorities licensed it; or (b) if there is an appeal against the cancellation, when the cancellation is confirmed by the Minister.
(5) where an appeal has been made against the cancellation of a licence, the certification authorities whose licences have been revoked shall be issued any certificate until the appeal and cancellation has been waived by the Minister but nothing-nothing in this subsection may prevent the certification authorities of unequivocal to its customers during that period.
(6) any person who contravenes subsection (5) commits an offence and shall, on conviction, to a fine not exceeding five hundred thousand dollars or to imprisonment for a term not exceeding ten years or both.
(7) if the revocation of a licence has come into force, the Commission shall, as soon as practicable, cause to the revocation published in certification authority disclosure record maintained by him for certification authorities and advertised in at least one national daily newspaper in the national language and a national daily newspaper in English for at least three days in a row.
(8) any delay or failure to post or advertise notice of such revocation shall not in any manner affect the validity of the revocation.
Appeal 10. (1) any person aggrieved by — (a) the refusal of the Commission to license any authority certification under section 8 or renew any such licence under section 17; or Digital signature 21 (b) cancellation of any licence under section 9, may appeal in writing to the Minister within fourteen days from the date of the notice of refusal or cancellation is delivered to that person.
(2) the decision of the Minister under this section is final and conclusive.
Surrender of licence 11. (1) a licensed certification authority may surrender his/her license by submitting the license to the Commission together with a written notice concerning the submission of their recoverable amounts.
(2) the surrender shall have effect on the date the Commission receives the license and notice under subsection (1), or if a later date specified in the notice, on that date.
(3) a licensed certification authority shall, not later than fourteen days after the date referred to in subsection (2), cause to be surrendering the disclosure records published in the certification authority certification authority and advertised in at least one national daily newspaper in the national language and a national daily newspaper in English for at least three days in a row.
Effect of cancellation, surrender or expiration period of licence 12. (1) if the revocation of a licence under section 9 or the submission of their recoverable amounts under section 11 has come into operation, or if the license has been the expiration period, then the licensed certification authority shall immediately stop running or operate any business in respect of which the license has been given.
(2) Notwithstanding subsection (1), the Minister may, on the recommendation of the Commission, authorize in writing the licensed certification authority conducts business for a period of time as may be specified by the Minister in the truth for the purpose of winding-up hal-ehwalnya.
22 laws of Malaysia ACT 562 (3) Notwithstanding subsection (1), a licensed certification authorities whose licences have been the expiration period is entitled to carry out its business as if his/her license expiration period when evidence not submitted to the Commission that the licensed certification authority has applied for renewal of the license and that the application is pending determination.
(4) any person who contravenes subsection (1) commits an offence and shall, on conviction, to a fine not exceeding five hundred thousand dollars or to imprisonment for a term not exceeding ten years, or both, and in the case of a continuing offence can in addition be penalised daily not more than five thousand dollars for each day the offence continues to do.
(5) without prejudice to the powers of the Commission under section 33, the cancellation of the licence under section 9 or the submission of their recoverable amounts under section 11 or the expiration duration cannot affect the validity or effect of any certificate issued by the certification authorities concerned before the cancellation, surrender or expiration of such period.
(6) for the purposes of subsection (5), the Commission shall appoint a licensed certification authority to take over any other certificate issued by the certification authorities whose licences have been revoked or surrendered or has the expiration period and such certificate shall, in so far as it complies with the requirements of a licensed certification authority appointed, be deemed to be issued by the certification authorities licensed it.

(7) no nothing in subsection (6) shall prevent licensed certification authorities appointed from the customers require compliance with his will in relation to production of the certificate or issue a new certificate to the client for the duration of the unexpired certificate of origin provided that any fees or additional charges to be imposed shall be only with the prior written consent of the Commission.
(8) If the Commission has appointed a licensed certification authority to take over the certification of an authority certification under subsection (6), the authority Digital signature 23 certification shall pay to the licensed certification authority appointed the any part of the prescribed fee paid by customers to him as may be determined by the Commission.
The effect of the absence of licence 13. (1) the limit of liability set out in Chapter 8 of part IV shall not apply to the certification authority is not licensed.
(2) part V does not apply in respect of a digital signature that cannot be disahbetulkan by a certificate issued by a licensed certification authority.
(3) in any other case, unless the parties otherwise expressly allocated through contracts between themselves, the requirements of licensing under this Act does not affect the effectiveness, effect or validity of any digital signature.
Return of licence 14. (1) if the cancellation of the licence under section 9 has come into operation, or if the license has been the expiration period and no application for renewal must be submitted within the period specified, or if the application for renewal has been refused under section 17, then the licensed certification authority shall within fourteen days to return the licence to the Commission.
(2) any person who contravenes subsection (1) commits an offence and shall, on conviction, to a fine not exceeding five hundred thousand dollars or to imprisonment for a term not exceeding ten years, or both, and in the case of a continuing offence can in addition be penalised daily not more than five thousand dollars for each day the offence continues to be done, and the Court shall retain such licence and forwarding it to the Commission.
24 laws of Malaysia ACT 562 License limited 15. (1) the Commission may classify a license according to the stated limitations, including — (a) the maximum number of pending acknowledgement;
(b) maximum cumulative limit dependence recommended in the certificate issued by a licensed certification authority; and (c) production only within a single firm or organization.
(2) the Commission may issue a license restricted by limitations of each classification.
(3) a licensed certification authority that issued the certificate exceed the restrictions of his/her license commits an offence.
(4) where a licensed certification authority issued the certificate exceed the restrictions of his/her license, the limit of liability set out in Chapter 8 of part IV shall not apply to the licensed certification authority with respect to the certificate.
(5) no nothing in subsection (3) or (4) shall affect the validity or effect of the issued certificate.
Restrictions on the use of the expression "certification authorities" 16. Except with the written consent of the Commission, none, that is not a licensed certification authority, can wear or use the expression "certification authority" or "licensed certification authorities", as the case may be, or any derivative of this expression in the any language, or any other words in any language that can be construed as indicating the conduct or the conduct of such business, in connection with the business or any part of the business conducted by that person , or to make any representation to that effect in any bill head, letter paper, notice, advertisement or in any other way.
Digital signature 25 renewal of licence 17. (1) every licensed certification authority shall submit an application to the Commission in the prescribed form for the renewal of licences at least thirty, but not more than sixty days before the date of the expiration, the term of the licence and the application shall be accompanied by any documents and information as may be required by the Commission.
(2) the fee prescribed shall be payable when the application is approved.
(3) where any licensed certification authorities have no intention to renew his/her license, the licensed certification authority shall, at least thirty days before the expiration of the license period, the intention in posting the disclosure of records the certification authority certification authority and the intent of advertising in at least one national daily newspaper in the national language and a national daily newspaper in English for at least three days in a row.
(4) without prejudice to any other reasons, the Commission may refuse to renew a licence if the requirements of subsection (1) is not complied with.
License lost 18. (1) If a licensed certification authority has lost his/her license, it shall immediately notify the Commission in writing of the loss.
(2) a licensed certification authority shall, as soon as practicable, submit an application for a replacement license is included with all information and documents as may be required by the Commission together with the prescribed fee.
Other license recognition 19. (1) the Commission may recognise, by order published in the Gazette, the certification authorities licensed or otherwise authorized by government entities outside Malaysia which satisfy the requirements laid down.
26 laws of Malaysia ACT 562 (2) If a licence or authorization other than a Government entity recognized under subsection (1), — (a) the recommended limits of dependency, if any, specified in the certificate issued by the certification authorities licensed or otherwise authorized by government entities shall be effective as of the same way as limit recommended dependency specified in a certificate issued by a licensed certification authority of Malaysia; and (b) part V shall apply to certificates issued by certification authorities licensed or otherwise authorized by government entities in accordance with the same way as they apply for certificates issued by a certification authority licensed Malaysia.
Performance audit * 20. (1) the operation of a licensed certification authority shall be audited at least once a year to assess its compliance with this Act.
(2) the Audit shall be conducted by a certified public accountant with expertise in computer security or by a certified computer security professionals.
(3) the Auditors ' Qualifications and procedures for the audit shall be as prescribed by the regulations made under this Act.
(4) the Commission shall publish in the certification authority disclosure record maintained by it for a licensed certification authority may be the date and the results of the audit.
* NOTE — Bank Negara Malaysia are exempted from the requirements of this section for the purpose of implementation of Real-time Electronic transfer system for Funds and securities or also known as "CROSS" — see P.U. (A) 300/1999.
Digital signature 27 exemption from performance audit 21. (1) the Commission may exempt a licensed certification authority from the requirements of section 20 if — (a) a licensed certification authority is requested in writing for exemption;
(b) recent performance audit, if any, of the licensed certification authorities that resulted in the finding that there is a full or substantial compliance with this Act; and (c) the licensed certification authorities declare with binding oath or pledge that one or more of the following is true with respect to the licensed certification authorities: (i) the licensed certification authority has issued less than six certificates during the past year and the amount of the recommended limits of dependency for all certificate does not exceed twenty-five thousand dollars;
(ii) the aggregate life all certificate issued by a licensed certification authority during the years ago it was less than thirty days and the amount of the recommended limits of dependency for all certificate does not exceed twenty-five thousand dollars;
(iii) limits recommended dependency for all pending and certificate issued by a licensed certification authorities that amounted to less than two thousand five hundred dollars.
(2) if the Declaration of the licensed certification authority under paragraph (1) (c) stating with fake a material fact, the licensed certification authority shall be deemed not to comply with the requirements of the performance audit under section 20.
28 laws of Malaysia ACT 562 (3) If a licensed certification authority is waived under subsection (1), the Commission shall publish in the certification authority disclosure record maintained by it for a licensed certification authority may be a statement that the licensed certification authority are exempted from the requirements of the performance audit under section 20.
PART III the REQUIREMENTS on CERTIFICATION AUTHORITIES LICENSED certification authorities licensed Activities

22. (1) A licensed certification authority shall only carry out activities specified in his/her license.
(2) a licensed certification authority shall carry out its activities in accordance with this Act and any regulations made under this Act.
Requirements for display license 23. A licensed certification authority shall at all times display his/her license at a conspicuous place at the place of business.
The requirements to submit information and particulars relating to the operations of the business * 24. (1) a licensed certification authority shall submit to the Commission any information and details including financial statement, balance sheet and profit and loss accounts audited in relation to the overall operations of its business as may be required by the Commission in such a period as it may specify.
* NOTE — Bank Negara Malaysia are exempted from the requirements of this section for the purpose of implementation of Real-time Electronic transfer system for Funds and securities or also known as "CROSS" — see P.U. (A) 300/1999.
Digital signature 29 (2) a person who contravenes subsection (1) commits an offence and shall, on conviction, to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or both, and in the case of a continuing offence can in addition be penalised daily not exceeding two thousand dollars for each day the offence continues to do.
Notification of information exchange * 25. (1) every licensed certification authorities shall, before making any amendments or changes to any konstituennya documents, or before any change of Director or Chief Executive Officer, provide to the Commission such particulars in writing of any amendment, change or the proposed exchange.
(2) every licensed certification authority shall immediately inform the Commission of any amendment or change to any information or document which has been given to the Commission in connection with the license.
Requirements about advertising 26. A licensed certification authority shall not be broadcast, either in newspapers, brochures or otherwise, any advertisement or information relating to or in connection with the business of an authority certification without entering — (a) the licence number;
(b) the business name under which it carries on business, and address where business is conducted; and (c) any other details relating to any of the services offered as may be deemed necessary by the Commission.
* NOTE — Bank Negara Malaysia are exempted from the requirements of this section for the purpose of implementation of Real-time Electronic transfer system for Funds and securities or also known as "CROSS" — see P.U. (A) 300/1999.
30 laws of Malaysia ACT 562 PART IV DUTIES of CERTIFICATION AUTHORITIES LICENSED CUSTOMERS Chapter 1 General Requirements for certification authorities licensed the use of reliable system 27. (1) a licensed certification authority shall only use reliable system — (a) to issue, suspend or revoke the certificate;
(b) to publish or give notice of withdrawal, suspension or revocation of a certificate; and (c) to produce a private key, either for himself or for the customer.
(2) a client shall only use trustworthy systems to generate a private key.
Disclosure on questions 28. (1) a licensed certification authority shall, upon an inquiry made to him under this Act, disclose any material certification practice statement and any fact material to either the reliability of a certificate has been issued by it or its ability to perform its services.
(2) a licensed certification authority may require a signed, written questions and with reasonably required specific from the person identified, as well as the payment of the fee prescribed, as a condition precedent to the making of a disclosure required under subsection (1).
Digital signature 31 Prerequisites to issuance of certificate to customers 29. (1) a licensed certification authority may issue a certificate to the client only after all dipuaskan the following conditions: (a) a licensed certification authority that has received a request for withdrawal signed by the prospective customers; and (b) the licensed certification authority has confirmed that — (i) the prospective customers are those to be listed in the certificate to be issued;
(ii) if the prospective customer is acting through one or more agents, the customers have to authorise the agent or agents therefore accordingly to have custody of the Subscriber private key and to request the issuance of a certificate that lists the public key that corresponds to it;
(iii) the information in the certificate to be issued it is accurate;
(iv) the prospective customers that hold a private key that corresponds to the public key listed in the certificate legally;
(v) the prospective customers that hold a private key, which can produce a digital signature; and (vi) the public key listed in the certificate can be used for verifying a digital signature that is added by a private key held by the prospective customers.
(2) the requirements of subsection (1) may not be waived or rejected by a licensed certification authority, the customer, or the second-of each.
32 laws of Malaysia ACT 562 Broadcasting certificate issued and received 30. (1) if the customer receives a certificate issued, the licensed certification authority shall publish a copy of the certificate signed in a repository is recognised, as agreed by the certification authorities licensed customers named in the certificate, unless a contract between licensed certification authorities and the customers provide for otherwise.
(2) if the customer does not accept the certificate, a licensed certification authority may not post to, or shall cancel its transmission if the certificate has already been published.
The adoption of stricter requirements allowed 31. There is nothing in sections 29 and 30 shall prevent licensed certification authorities from complying with the standard, the certification practice statement, security plan or contractual requirements that are more stringent than, but nevertheless consistent with this Act.
Suspension or revocation of certification because production is not correct 32. (1) If after issuing a certificate of a licensed certification authority verifies that it has not issued pursuant to section 29 and 30, the licensed certification authority shall immediately cancel it.
(2) a licensed certification authority may suspend a certificate issued by it for a reasonable period not exceeding forty-eight hours as may be necessary to enable the investigation to verify the reasons for a revocation under subsection (1).
(3) the licensed certification authority shall immediately inform the customers about revocation or suspension under this section.
Digital signature 33 suspension or revocation of a certificate by the order of 33. (1) the Commission may order the licensed certification authority to suspend or cancel a certificate issued by it if the Commission determines that — (a) the certificate was issued without compliance with section 29 and 30; and (b) non-compliance that poses a real risk to people with its reasonable depending on the certificate.
(2) before making a determination under subsection (1), the Commission shall provide the certification authority licensed and customers a reasonable opportunity to be heard.
(3) Notwithstanding subsection (1) and (2), if in the opinion of the Commission there exists an emergency requiring immediate remedies, the Commission may, after consultation with the Minister, suspend a certificate for a period not exceeding forty-eight hours.
Chapter 2 Warranties and obligations of licensed certification authority Warranties to 34 customers. (1) by issuing a certificate, a licensed certification authority mewarantikan to customers named in such certificate that — (a) the certificate does not contain any information which is the licensed certification authorities know is false;
(b) the certificate satisfies all the requirements of this Act; and (c) a licensed certification authority does not exceed any limit of his/her license in issuing the certificate.
(2) a licensed certification authority may not reject or limit the warranties under subsection (1).
34 the laws of Malaysia ACT 562 continuing Obligations to clients 35. Unless customers and licensed certification authorities agree otherwise, a licensed certification authority, by issuing a certificate, to undertake with the customers — (a) to act immediately to suspend or revoke a certificate in accordance with Chapter 5 or 6; and (b) to notify the customers in a reasonable time of any facts known to the certification authorities licensed the obvious prejudice the validity or reliability of the certificate after it is issued.
Representations upon issuance of

36. By issuing a certificate, a licensed certification authority certifies to all who reasonably required will depend on the information contained in the certificate that — (a) the information in the certificate and those listed as confirmed by the certification authorities licensed it is accurate;
(b) all information material to the predictable reliability of the certificate is stated or incorporated in the reference in the certificate;
(c) the customer has received such certificate; and (d) the licensed certification authority has complied with all the applicable law governing the issuance of the certificate.
Representations upon publication 37. To publish a certificate, a licensed certification authority certifies to the repository in which the certificate is published and to all who with its reasonable depending on the information contained in the certificate that the licensed certification authority has issued the certificate to the client.
Digital signature 35 Chapter 3 Representations and obligations upon receipt of the certificate of Representation implied by 38 customers. By accepting a certificate issued by a licensed certification authority, the client is listed in the certificate certifies to all who reasonably required will depend on the information contained in the certificate that — (a) the customer holds a private key that corresponds to the public key listed in the certificate legally;
(b) all representations made by the customer to the licensed certification authority and material to the information listed in the certificate are true; and (c) all material representations made by the Subscriber to the certification authorities licensed or made in the certificate and is not verified by a licensed certification authority in issuing the certificate are true.
Representations by agents 39 customers. By asking on behalf of a principal for the issuance of a certificate naming the principal as a customer, the person requesting the reaffirmation of the rights itself to all who with its reasonable depending on the information contained in the certificate that the person requesting it — (a) hold all the powers required legally to apply for issuance of a certificate naming the principal as a customer; and (b) has the power to digitally signing on behalf of the principal, and, if that power was limited in any way, enough coverage exists to prevent a digital signature exceeding the limitation of the power of that person.
36 laws of Malaysia ACT 562 Rejection or indemnity is limited to 40. No person shall refuse or limit in contractual adoption of this chapter, nor obtain indemnity for effect, if the refusal, limitation or indemnity that restricting liability for misrepresentation of people with its reasonable depending on the certificate.
Underwriting loss of certification authorities licensed by 41 customers. (1) by accepting a certificate, the customer undertakes to indemnify the licensed certification authority that issued for any loss or damage caused by the production or publication of the certificate by depending on — (a) a representation of the fake facts and material by the customers; or (b) customer's failure to disclose a material fact, if representation or failure to disclose is made either with the intent to deceive the licensed certification authority or someone who relies on the certificate, or by negligence.
(2) If a licensed certification authority issuing the certificate upon the request of one or more of the client agent, the agent or agents therefore undertakes to indemnify the licensed certification authority under this section, as if they are the customers who receive in their own right.
(3) the indemnity provided for in this section shall not be denied or limited scope of contractual basis.
Certification of accuracy of information provided 42. In obtaining information about customers of material to the issuance of a certificate, a licensed certification authority may require the customers to certify the accuracy of information relevant to the be bound by oath or pledge.
Digital signature 37 Chapter 4 control over private key obligation to store a private key safely 43. By accepting a certificate issued by a licensed certification authority, the subscriber named in the certificate received the obligation to carry out reasonable care to retain control over a private key and prevent its disclosure to any person not authorized to generate the digital signature of the customer.
Property in a private key 44. A private key is the personal property of customers holding it legally.
A licensed certification authority shall be the fiduciary if holds a private key 45 customers. If a licensed certification authority holds a private key that corresponds to the public key listed in the certificate made by a licensed certification authority shall hold the private key as fiduciary customers named in such certificate, and can use a private key that only with the prior written consent of the customer, unless the customer expressly and in writing provide the private key to the licensed certification authorities and expressly and in writing allow the licensed certification authority holds a private key in accordance with the other terms.
Chapter 5 suspension of certificate suspension of certification by a licensed certification authority which issued 46. (1) unless the licensed certification authorities and the customer agree otherwise, the licensed certification authority issuing a certificate, not a certificate 38 laws of Malaysia ACT 562 transactions, shall suspend the certificate for a period not exceeding forty-eight hours — (a) when requested by a person identifying himself as customers named in such certificate, or as someone who is likely to know about the compromise the security of a private key customers , such as agents, business partners, employees or members of the immediate family of the customers; or (b) by order of the Commission under section 33.
(2) the licensed certification authority shall take reasonable steps to check the identity or perejenan people who requested suspension.
Suspension of certification by the Commission or the Court 47. (1) unless the certificate provides for otherwise or the certificate is a certificate of transaction, the Commission or the Court may suspend a certificate issued by a licensed certification authority for a period of forty-eight hours, if — (a) a person who identifies himself as a customer named in the certificate or as agents, business partners, employees or immediate family members of customers asking for suspension; and (b) the applicant made representations that the licensed certification authority that issued the certificate is unavailable.
(2) the Commission or the Court may require the person who requested the suspension to hold evidence, including a statement with bound by oath or pledge in respect of identity and power, as well as the absence of a licensed certification authority which issued, and may refuse to suspend the certificate in its absolute discretion.
(3) the Commission or law enforcement agencies could investigate suspension by the Commission or Tribunal for possible offence by the person who requested the suspension.
Digital signature 39 48 suspension Notice. (1) immediately upon the suspension of a certificate by a licensed certification authority, the licensed certification authority shall publish a notice signed on the suspension in the repository specified in the certificate for the publication of the notice of suspension.
(2) if one or more repository stated, the licensed certification authority shall publish a signed notice of the suspension in all the repository.
(3) if any repository specified no longer exist or refuses to accept the posting, or if no such repository is recognized under section 68, the licensed certification authority shall also publish the notice in a recognized repository.
(4) where a certificate is suspended by the Commission or the Court, the Commission or the Court shall give notice as required in this section for certification authorities licensed provided that the person who requested the suspension of the previous pay any fees set required by the repository to publish notice of the suspension.
Termination of suspension that began with the request 49. A licensed certification authority shall terminate a suspension initiated by request — (a) if the client that is named in the certificate is suspended request termination of the suspension, only if the licensed certification authority has confirmed that the person who requested the suspension is the customer or the customer's agent authorized terminate the suspension; or

(b) if the licensed certification authorities found and verified that the request for the suspension has been made without the power of the customers.
40 laws of Malaysia ACT 562 contractual Procedures alternate 50. (1) a contract between a customer and a licensed certification authority may limit or prevent suspension upon request by the certification authorities licensed it or can assign otherwise for termination a suspension upon request.
(2) if the contract limit or prevent the suspension by the Commission or of the Court when a licensed certification authority that issued the no limit or obstacles shall be effective only if due notice shall be published in the certificate.
Prohibition against false or unauthorized request for suspension recommendation 51. No person shall with realized or knowingly makes a misrepresentation to a licensed certification authority or identity of the currency when requesting suspension of a certificate.
Effects of suspension of certificate 52. There is nothing in this chapter may release the customer from the obligation under section 43 to store a private key safely during certificate suspended.
Chapter 6 revocation of Certificate Revocation upon the request of 53. (1) a licensed certification authority shall revoke a certificate issued by it but that is not a certificate of transaction, — (a) upon receipt of the request to cancel the customers named in such certificate; and (b) when the confirm that the person requesting revocation is the customer or the customer's agent is who has the power to request the revocation.
Digital signature 41 (2) a licensed certification authority shall confirm a request for revocation and revoke certificates in one business day after receipt of a written request and both customers with sufficient evidence reasonably required to verify the identity of the person requesting the cancellation or the agent.
Cancellation of the death or dissolution of 54 customers. A licensed certification authority shall revoke a certificate issued by it — (a) upon receipt of a certified copy of the death certificate of the customer or when confirmed through other evidence that the customers have to die; or (b) upon delivery of documents to implement the dissolution of the customer or when confirmed through other evidence that has been dissolved or no longer exists.
Cancellation of certificate not trusted 55. (1) a licensed certification authority may cancel one or more certificates issued by him if such certificate is or becomes unreliable regardless of whether the customer agrees to the revocation and notwithstanding any provision to the contrary in the contract between the customer and certification authorities licensed it.
(2) no nothing in subsection (1) may prevent customers from obtaining damages or other relief from the licensed certification authority in case of the cancellation of the wrong.
Notice of revocation of 56. (1) immediately upon revocation of a certificate by a licensed certification authority, the licensed certification authority shall publish a notice concerning the revocation, signed in the repository specified in the certificate for publication of notice of revocation.
42 laws of Malaysia ACT 562 (2) if one or more repository stated, the licensed certification authority shall publish a signed notice of the revocation in all the repository.
(3) if any repository specified no longer exist or refuses to accept the posting, or if no repository is recognized under section 68, the licensed certification authority shall also publish the notice in a recognized repository.
The impact of the cancellation on the customer request 57. If the client has requested the cancellation of the certificate, the customer cease to certify as provided in Chapter 3 and did not have any further obligation to store a private key safely as required under section 43 — (a) when notice of cancellation is published as required under section 56; or (b) after two business days have passed upon the customers request a cancellation in writing, submit to the licensed certification authority that issued the information with its reasonable sufficient to confirm the request, and pay any fees prescribed, whichever happens first.
The effect of the notification on the licensed certification authorities 58. Upon notification as required under section 56, the licensed certification authority shall be released from the warantinya based on the production certificate cancelled it and stalled certifying as provided in sections 35 and 36 with respect to certificate cancelled it.
Digital signature 43 of Chapter 7 of the expiration period of Certificate Expiration duration of certificate of 59. (1) the date of the expiration period of the certificate must be stated in the certificate.
(2) a certificate shall be issued for any period not exceeding three years from the date of issuance.
(3) upon the recommendation of the expiration period, customers and licensed certification authority shall cease to certify as provided under this Act and a licensed certification authority shall be released from its obligations in respect of the production that is based on recommendations of the expiration of such period.
(4) the expiration period of a certificate should not be touching the duties and obligations of customers and licensed certification authorities incurred under and in connection with the recommendations of the expiration of such period.
Chapter 8 the recommended and Limit dependence liability Limit dependence recommended * 60. (1) a licensed certification authority shall, in issuing a certificate to the client, specifying the limits recommended dependency in the certificate.
(2) a licensed certification authority may specify different limits in different certificate as he may deem fit.
* NOTE — Bank Negara Malaysia are exempted from the requirements of this section for the purpose of implementation of Real-time Electronic transfer system for Funds and securities or also known as "CROSS" — see P.U. (A) 300/1999.
44 the laws of Malaysia ACT 562 limits of liability of certification authorities licensed 61. Unless the licensed certification authorities waive the application of this section, a licensed certification authority — (a) it is not held liable for any loss caused by reliance on a digital signature that clients that is false or falsified, if, with respect to a digital signature that is false or falsified the licensed certification authority has complied with the requirements of this Act;
(b) it shall not held liable in excess of the amount specified in the certificate as a dependency for disyorkannya limit either — (i) loss caused by reliance on a misrepresentation in the certificate of any fact which the licensed certification authority is required to confirm; or (ii) the failure to comply with section 29 and 30 in issuing the certificate; and (c) are not held liable for — (i) exemplary or punitive damages; or (ii) damages for pain or suffering.
Part V EFFECTS of DIGITAL SIGNATURE signature requirements Satisfaction 62. (1) where the pillars of law requires a signature or provides for certain consequences in the absence of a signature, the pillars must be dipuaskan by a digital signature if — (a) the digital signature disahbetulkan by reference to the public key listed in the valid certificate issued by a licensed certification authority;
(b) a digital signature that has been added by the signatories with the intent to sign the message; and the Digital signature 45 (c) the recipient does not have the knowledge or notice that the signatories — (i) breach of duty as a customer; or (ii) does not hold a private key that is used to add the digital signature is valid.
(2) Notwithstanding any law to the contrary — (a) a document that is signed with a digital signature in accordance with this Act shall be binding in law as a document signed with a handwritten signature, a stamp thumb added or any other marks; and (b) a digital signature produced in accordance with this Act shall be deemed to be a signature that binding in law.
(3) no nothing in this Act shall prevent any symbol from being valid as a signature under any other applicable law.
Digital signature unreliable 63. (1) unless otherwise provided by law or contract, the recipient of a digital signature the digital signature accepts the risk, if reliance on falsified digital signature is not reasonable under the circumstances.
(2) if the recipient determines not to rely on a digital signature under this section, the recipient shall notify the signatories immediately about its determination not to rely on a digital signature and the reason for the determination.
Digitally signed messages are deemed to be a written document 64. (1) a message shall be the legal force and effect as if it had been written on paper if — (a) it contains a digital signature as a whole; and 46 laws of Malaysia ACT 562

(b) a digital signature is disahbetulkan by the public key listed in the certificate which — (i) issued by a licensed certification authority; and (ii) valid at the time the digital signature is produced.
(2) there is nothing in this Act shall prevent any messages, documents or records of deemed to be written or in writing under any other applicable law.
Digitally signed messages are deemed to be the original 65. A copy of the digitally signed messages should be valid, enforceable and effective as the original message that unless it was clear that the signatories have set a certain things digitally signed messages as the original unique, which in that case only the particular case is a valid message, force and effect.
Digital signature authentication 66. Certificate issued by a licensed certification authority shall be pengakuterimaan the digital signature disahbetulkan by reference to the public key listed in the certificate, regardless of whether the word about real pengakuterimaan available with a digital signature, and no matter whether the signatories appear physically in the presence of a licensed certification authority when a digital signature is produced, if the digital signature that — (a) may be disahbetulkan by the certificate; and (b) added during the certificate is valid.
The assumption in representing 67 dispute. In representing the dispute involving the digital signature, the Court shall consider — (a) that the certificate digitally signed by the certification authority licensed and — (i) published in the repository are recognised; or Digital signature 47 (ii) held by a licensed certification authority which issued it or by the customer listed in a certificate, issued by a licensed certification authority that digitally signed and accepted by the customers listed in it;
(b) that the information listed in the certificate is valid and verified by a licensed certification authority that issued the certificate is accurate;
(c) that if the digital signature disahbetulkan by the public key listed in the valid certificate issued by a licensed certification authority — (i) a digital signature is a digital signature customers listed in the certificate;
(ii) the digital signature was added by the customers with the intent to sign the message; and (iii) the recipient of a digital signature that does not have the knowledge or notice that the signatories — (A) has violated the obligation as a customer; or (B) does not hold a private key that is used to add the digital signature is valid; and (d) that the digital signature generated before it marked time by a service date/time marker is recognized using the system reliable.
PART VI REPOSITORY and SERVICES date/time MARKER Recognition repository 68. (1) the Commission may recognise one or more repository, after determining that a repository to be recognized satisfying specified in regulations made under this Act.
48 laws of Malaysia ACT 562 (2) the Procedure for the recognition of a repository shall be as prescribed by the regulations made under this Act.
(3) the Commission shall publish the list of repository is recognized in such form and in such manner as may be determined by him.
Liability repository 69. (1) Notwithstanding any refusal by a repository or any contract to the contrary between the repository and licensed certification authorities or customers, a repository must be held liable for the loss incurred by a person with reasonably practicable, rely on a digital signature that is disahbetulkan by the public key listed in the certificate is suspended or revoked, if the loss made more than one business day after the repository accepts a request for posting the notice of suspension or cancellation , and a repository that does not publish the notice when such person depending on the digital signature.
(2) unless waived, recognized repository or the owner or operator of a repository is recognized — (a) it is not held liable for the failure to record the broadcast of a suspension or cancellation, unless a repository that has received a notice of publication and one business days has elapsed since the notice was received;
(b) it shall not held liable under subsection (1) exceeds the amount specified in the certificate as the recommended limits of dependence;
(c) it shall not held liable under subsection (1) for — (i) exemplary or punitive damages; or (ii) damages for pain or suffering;
(d) it is not held liable for misrepresentation in the certificate published by certification authorities;
(e) it shall not held liable as recorded or reported accurately the information broadcast by the licensed certification authority, the Court or Commission Digital signature 49 as required or authorized under this Act, including information on the suspension or revocation of a certificate; and (f) it shall not held liable because of the reported information about an authority certification, a certificate or a client, if the information is published as required or authorized under this Act or published by order of the Commission on licensing and pengawalseliaannya of its duties under this Act.
Recognition of date/time marker service 70. (1) the Commission may recognise one or more marker service date/time, having determined that a service be recognized satisfying specified in regulations made under this Act.
(2) the Procedure for recognition of service date/time markers shall be as prescribed by the regulations made under this Act.
(3) the Commission shall publish the list of date/time marker service recognised in such form and in such manner as may be determined by him.
PART VII GENERAL Prohibition against dangerous activities 71. (1) no certification authorities, whether licensed or not, can run its business in a way that produces unreasonable risk of losing customers to the certification authority, to the person who relies on a certificate issued by the certification authority or to a repository.
50 laws of Malaysia ACT 562 (2) the Commission may publish one or more repository recognised statement simple advice customers, those who rely on a digital signature and a repository of any activities of certification authorities, whether licensed or not, which generates the risk that prohibited under subsection (1).
(3) the certification authority named in a statement as produce or cause a risk may object to the publication of the statement by filing a brief pleadings.
(4) on receipt of an objection made under subsection (3), the Commission shall publish the pleadings together with a statement of the Commission, and shall immediately give the certification authority notice as well as the opposing a reasonable opportunity to be heard.
(5) If, after a hearing, the Commission determines that the publication of a statement that improper advice, the Commission shall cancel the Advisory statement.
(6) If, after a hearing, the Commission determines that the Advisory statement is no longer appropriate, the Commission shall cancel the Advisory statement.
(7) If, after a hearing, the Commission determines that a statement that advice remains appropriate, the Commission may continue or alter the advice statement and may take further legal action to get rid of or reduce the risk of prohibited under subsection (1).
(8) the Commission shall publish its decision under subsection (5), (6) or (7), as the case may be, in one or more repository sites.
Obligation of secrecy 72. (1) except for the purposes of this Act, no person shall have access to any records, books, registers, letters, information, documents or other materials obtained under this Act may disclose records, books, registers, letters, information, documents or other materials to any other person.
Digital signature 51 (2) any person who contravenes subsection (1) commits an offence and shall, on conviction, to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
False information 73. A person who makes, orally or in writing, sign or giving any declaration, statement, recommendation or other document or information required under this Act that is untrue, inaccurate or misleading in any details commits an offence and shall, on conviction, to a fine not exceeding five hundred thousand dollars or to imprisonment for a term not exceeding ten years or both.
Offences by body corporate

74. (1) If a body corporate commits an offence under this Act, then any person who at the time of the Commission of the offence was a Director, Manager, Secretary or other similar officer of the body corporate or purporting to act on any such property or in any way or up to any extent is responsible for the management of any Affairs of the body corporate or assist in the management of such — (a) can be prosecuted separately or in association in the same proceedings together with such Corporation; and (b) if the body corporate is found to have committed the offence, shall be deemed to have committed the offence unless, having regard to the type of functions on the properties and all the circumstances, he proves — (i) that the offence was committed without the knowledge, consent or pembiarannya; and (ii) that he took all reasonable steps and conducted all due diligence to prevent the Commission of the offence.
52 laws of Malaysia ACT 562 (2) where any person may, under this Act, be liable to any penalty or penalties for any act, omission, neglect or default, in which case he shall be liable to the same punishment or penalty for every act, omission, neglect or default of any employee or his agent, or employee of the agent, if the Act, omission, neglect or default that was done — (a) by its employees within its employment;
(b) by the agent while acting on his behalf; or (c) by the agent within the employee's employment with the agent or otherwise on behalf of the agent.
Authorized officers 75. (1) the Minister may authorize in writing any public officer or officer of the Commission to exercise enforcement powers under this Act.
(2) any officer authorized under subsection (1) shall be deemed to be a public servants within the meaning of the Penal Code [Act 574].
(3) in the exercise of any powers of enforcement under this Act, a person authorized officers shall, when requested, submit to the person against whom he is acting powers of Attorney issued to him by the Minister.
Enforcement by police officer 75A. (1) Notwithstanding subsection 75 (1), any police officer not meteoric of Inspector shall have and may exercise the powers of enforcement conferred by this Act to an officer duly authorised.
(2) in the exercise of any powers of enforcement conferred under this Act to a police officer that meteoric not of Inspector, police officer that, if not uniform, shall, when requested, stating his position and shows to the person against whom he is acting authority card as directed by the Inspector General of police that carried by the police officer.
Digital signature authority to investigate 76 53. (1) the Commission may investigate the activities of a certification authority material to its compliance with this Act.
(2) for the purposes of subsection (1), the Commission may issue orders to the certification authority to extend his investigation and obtain compliance with this Act.
(3) further, in any matters relating to the Commission of an offence under this Act, any authorized officers carrying out the investigation may exercise all or any of the special powers in relation to police investigation in the case can capture provided by the criminal procedure code [Act 593].
Search with warrant 77. (1) where a Magistrate found, the information given in writing and after such inquiry as he thinks necessary, that there is reasonable cause to believe that an offence under this Act is being or has been committed in any premises, the Magistrate may issue a warrant empowering any police officer not meteoric of Inspector, or any authorized officer who named it , get into the premises at any reasonable time either during the day or night, with or without assistance and if necessary by force, and there search and seize — (a) a copy of any book, account or other document, including computerized data, containing or suspected with reasonable contains information about any suspected offences have done so;
(b) any signs, cards, letters, pamphlets, sheet, notice or other tools that reflect or imply that the person is a licensed certification authority; and (c) any document, article or other things with its reasonable believed to give evidence of the Commission of the offence.
54 laws of Malaysia ACT 562 (2) a police officer or a person authorized officers carrying out a search under subsection (1) may, if in its opinion is necessary to do so reasonably required for the purpose of investigating into the offence, examine the body of any person who is in or on the premises.
(3) a police officer or an officer authorised inspection body who makes under subsection (2) may seize, detain or take possession of any books, accounts, documents, computerized data, cards, letters, pamphlets, sheets, notices, tools, article or thing found on that person for the purpose of surveys conducted by the officer.
(4) no woman may be inspected her body under this section except by a another woman.
(5) where, by reason of the type, size or its recoverable amount, it is not practical to transfer any books, accounts, documents, computerized data, signs, cards, letters, pamphlets, sheets, notices, tools, article or thing seized under this section, the officer shall seize, in any way, prevent books, accounts, documents, computerized data, signs, cards, letters, pamphlets, sheets, notices, tools, articles or article in the premises or in the container in which it was found.
(6) any person who, without lawful authority, break, interrupt or impair lak referred to in subsection (5) or transfer any books, accounts, documents, computerized data, signs, cards, letters, pamphlets, sheets, notices, tools, article or thing dilak or attempting to do so commits an offence.
Search and seizure without a warrant 78. If a police officer is not meteoric of Inspector in any of the circumstances referred to in section 77 has reasonable cause to believe that by reason of the delay in obtaining a search warrant under section of that investigation will be affected or evidence of the Commission of an offence is likely to be interrupted, transferred, damaged or destroyed, the officer can enter a Digital signature 55 into the premises and conduct in the , above and in respect of premises that all the powers referred to in section 77 in a way that fully and adequately as if he is authorized to do so by a warrant issued under that section.
Access to computerized data 79. (1) a police officer conducting a search under section 77 or 78 or someone authorized officers carrying out the search under section 77 shall be given access to computerised data, whether stored in a computer or otherwise.
(2) for the purposes of this section, "access" includes with assigned password, code encryption, encrypting code, software or hardware required and any other means required to enable computerised data understandable.
List of things seized 80. (1) except as provided in subsection (2), where any books, accounts, documents, computerized data, signs, cards, letters, pamphlets, sheets, notices, tools, article or thing seized under section 77 or 78, officers seize the provides a list of the things seized and immediately menghantarserahkan a copy of the list signed by him to the occupier of the premises searched, or ask your agent or pekhidmatnya , the on-premises.
(2) if the premises were unoccupied, the officer shall seize any time can patch list things seized it in conspicuous place in the premises.
Obstacles of authorized officers 81. Any person that prevent, thwart, attack or interfere with any authorized officers in the performance of its functions under this Act commits an offence.
56 laws of Malaysia ACT 562 an 82. An officer authorized shall, for the purposes of implementing this Act, have power to do all or any of the following: (a) require the production of records, computerized data, accounts and documents kept by a licensed certification authorities and examine, inspect and copy any records, accounts, computerised data and the document;
(b) require the production of any document identification of any person in respect of any matters or of an offence under this Act;
(c) make such investigations as are necessary to determine whether the provisions of this Act are complied with.
83. General penalty (1) any person guilty of an offence under this Act for which no penalty expressly provided, on conviction, be liable to a fine not exceeding two hundred thousand ringgit or to imprisonment for a term not exceeding four years or both, and in the case of a continuing offence can in addition be penalised daily not exceeding two thousand dollars for each day the offence continues to do.

(2) for the purposes of this section, "this Act" does not include regulations made under this Act.
Get the cost of prosedural 84. If the Commission finds that the certification authority has violated this Act, the Commission may order the certification authorities that pay the costs incurred by the Commission in the proceedings the prosecution and judgment with respect to the order and in menguatkuasakannya.
There are no costs or damages arising from seizure can diperdapatkan 85. No person shall, in any proceedings before any court in respect of the seizure of any books, accounts, documents, computerized data, signs, cards, letters, pamphlets, sheets, notices, tools, article or thing seized on carrying out Digital signature 57 or alleged in exercise of any power conferred under this Act, be entitled to the costs of the proceedings or to any damages or other relief unless the seizure is made without reasonable cause.
Start and conduct of prosecution 86. (1) no prosecution for or in relation to any offence under this Act shall be instituted without the consent in writing of the Prosecutor.
(2) any officer of the Commission authorized in writing by reasonable public prosecutor may conduct a prosecution for any offence under this Act.
Jurisdiction try error 87. Notwithstanding any law to the contrary, a first class Magistrate Court has jurisdiction shall try any offence under this Act and impose a sentence full for any such offence.
The Commission's protection officer and 88. No action or prosecution can be brought, instituted or maintained in any court against — (a) the Commission or any officer duly authorized under this Act to or upon or in respect of any act directed or performed for the purpose of implementing this Act; and (b) any other person for or on or in respect of any act done or said to be performed by him under the order, direction or instruction of the Commission or any officer duly authorized under this Act if the act done in good faith and with reasonable believing that it is necessary for the purposes intended achieved by him.
58 laws of Malaysia ACT 562 Power to exclude 89. (1) the Minister may, by order published in the Gazette, exempt any person or class of persons from all or any provisions of this Act, except section 4.
(2) the Minister may impose such terms and conditions as he thinks fit upon any exemption under subsection (1).
Limitations upon the refusal or limitation of application of Act 90. Unless expressly provided for under this Act, no person shall refuse or limit in contractual adoption of this Act.
Regulations 91. (1) the Minister may make regulations for all or any of the following purposes: (a) prescribing the eligibility requirements for the certification authority;
(b) prescribing the manner of applying for the license and certificate under this Act, the particulars should be submitted by the applicant, and to recommend ways of licensing, fees payable thereon, conditions or restrictions which should be imposed and the form for license and certification;
(c) regulating the operation of licensed certification authorities;
(d) prescribing the requirements for the content, nature and sources of information in the record of the certification authority disclosure, updates and accuracy of the information on a timely basis as well as other policies and practices relating to the certification authority disclosure record;
(e) prescribing certification practice statement forms;
(f) prescribing the eligibility requirements for Auditors and setting for the audit;
Digital signature 59 (g) prescribing the requirements for a repository of and procedure for recognition of a repository;
(h) prescribing requirements for service indicator date/time and procedure for recognition of service date/time markers;
(i) establish a procedure for examining the software used in the creation of the digital signature and the standard applicable in relation to digital signature and certification of practices as well as for broadcast reports about the software and standards;
(j) prescribing forms for the purposes of this Act;
(k) prescribing the fees and charges payable under this Act and the manner of collecting and spending the fees and charges;
(l) provide for any other matters proposed by, or necessary to carry out the full, the provisions of this Act and for the Administration accordingly.
(2) regulations made under subsection (1) may prescribe any act in violation of the regulations as an offence and may prescribe a penalty to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
Savings and transitional 92. (1) a certification authority that has run or operate as a certification authority before this Act comes into force shall, not later than three months from the first currency that, acquiring a licence under this Act.
(2) If an authority the certification referred to in subsection (1) shall not acquire a license after the period specified in subsection (1), it shall be deemed to be an unlicensed certification authority and provisions of this Act shall apply to him and that the certificate issued by him accordingly.
60 laws of Malaysia ACT 562 (3) If an authority the certification referred to in subsection (1) has obtained a licence in accordance with this Act within the period specified in subsection (1), all certificates issued by that certification authority before this Act comes into force, to the extent it in accordance with this Act, shall be deemed to have been issued under this Act and shall have effect accordingly.
Digital signature 61 laws of MALAYSIA Act 562 DIGITAL SIGNATURE ACT 1997 LIST AMENDMENT law short title force amend of Digital Signature Act A1121 Act 01-11-2001 2001 62 (Amendment) laws of Malaysia ACT 562 laws of MALAYSIA Act 562 DIGITAL SIGNATURE ACT 1997 LIST of SECTION AMENDED Section Power amend with effect from 2 Act A1121 01-11-2001 PART II Act A1121 01-11-2001 3 A1121 Act 01-11-2001 8 A1121 Act 01-11-2001 9 Act A1121 01-11-2001 75 A1121 Act 01-11-2001 75A of the Act A1121 01-11-2001 88 A1121 Act 01-11-2001 Overall A1121 Act 01-11-2001 the word "controller" is replaced by "Commission" PRINTED by PERCETAKAN NASIONAL MALAYSIA BERHAD, KUALA LUMPUR on BEHALF and by ORDER of the GOVERNMENT of MALAYSIA