Recognition of Foreign Certifying Authorities

Vakul Sharma

© Vakul Corporate Advisory, 2014

Leap of faith

• Recognizing “Foreign Certifying Authorities” by two statutory instruments:

“Information Technology (Recognition of Foreign Certifying Authorities operating under a Regulatory Authority) Regulations, 2013”*

“Information Technology (Recognition of Foreign Certifying Authorities not operating under any Regulatory Authority) Regulations, 2013”*

* April 6th 2013

• Foreign CA means a CA other than one licensed to issue a DSC…….whose installed facilities and infrastructure associated with all functions of generation, issue, and management of DSCs are located outside India [Regulation 2(1)(d)]

• Recognised Foreign CA means a “foreign CA” who has been granted under these regulations pursuant to section 19 of the Information Technology Act [Recognition of foreign CA].

• Foreign CAs will have the same protection of law as it has been provided to the Indian CAs under the Information Technology Act, 2000

Deemed Recognition operating under a Regulatory Authority

• A foreign CA deemed as recognised if it has been authorised to issue DSCs by a recognised Regulatory Authority established under the laws of a country other than India. [Regulation 3A(2)]

Recognition of Foreign Certifying Authorities operating under a Regulatory Authority is based on: • Principle of reliability & reciprocity

• Controller of Certifying Authority (CCA – India) to enter into a Memorandum of Understanding (MoU) with each recognised Regulatory Authority*

• Reliability assessment for equivalence

*India has signed MoU with South Korea.

Recognition not operating under a Regulatory Authority

• Any Foreign CA may apply to Controller for recognition; it may require to submit following details, including:

• A Certificate Practice Statement (CPS)• A statement for the purpose & scope of anticipated DSC

technology, management, or operations to be outsourced• Certified copies of the business registration & license of foreign

certifying authority that intends to be recognised• Audit report of infrastructure• Maintenance of local office• Fee of USD 25,000• Issuance of recognition within 4 weeks

Global Business Model

• The idea is to provide seamless authentication, message integrity, non-repudiation, & accessibility across jurisdictions facilitating e-commerce* & e-Governance

• Time to come out of ‘cocoon’ existence (DSCs are never meant to be localized but glocalized)

* UNCITRAL Model Law on E-commerce (Resolution A/RES/51/162 adopted by the General Assembly of UN on 30th January 1997.

• Global business model based on ‘cross certifying authorities’ acting as ‘trusted third parties’ has all the ingredients to revolutionize online trust - from authentication to payments to service delivery

Thanks

vakul@vakulcorp.com

© Vakul Corporate Advisory, 2014