DigiCert QuoVadis

News and Events

CSP Regulations Presented to Parliament
8 Feb 2002


By The Hon. Renee Webb, JP, MP

"Mr Speaker, I rise to report to the House on the Certification Service Providers (Relevant Criteria and Security Guidelines) Regulations 2002 that I have the honour and privilege to lay before the House today.

These Regulations, made in exercise of my powers under sections 20 and 32 of the Electronic Transactions Act 1999, allowed the Department of E-Commerce, in my Ministry, to introduce, last month, an authorisation Scheme for Certification Service Providers.

The Scheme allows organisations, either in Bermuda or in other countries, which issue electronic signature certificates to demonstrate to their clients their compliance with standards and criteria that are compatible to those being introduced both in the European Union and North America. The standards and criteria, which are enshrined within the Regulations laid before the House today, were derived after much fruitful discussion between the Ministry and business on the Island. They include measures to ensure that the organisation concerned has the management, financial, procedural and technical ability to issue certificates to the public or to businesses. It is clearly important that the public should have absolute trust in companies which issue certificates that the former will subsequently use to identify themselves when undertaking transactions on the Internet.

Essentially, an electronic signature (or to be precise, public-key) certificate is an electronic attestation of the identity of an individual or of specific attributes a person or other body holds. They allow the owner – having been issued with the certificate after a process of identification – to identify themselves in electronic transactions, with either Government or commercial entities, and also to electronically sign documents. An electronic (or digital) signature is in essence a code (or key) applied to an electronic document – such as a will for example - that ensures that the content of the document cannot be altered during transmission and allows the recipient to have confidence that it did originate from the signatory.

Mr Speaker, these Regulations, complex as they may be, represent a significant step forward in the development of e-business in Bermuda. They demonstrate to business internationally that we are a serious jurisdiction for sophisticated e-business. And of equal significance they will play an important role in the development of e-Government in Bermuda, something that will be of benefit for all Bermudians.

The Scheme, which I launched last month, has already generated considerable interest, and I am pleased to report that we have already received an application for authorisation from QuoVadis, the local certification service provider. I also hope to receive applications from other businesses on the Island and have just been informed that an application will be submitted by the Bank of Bermuda. I also anticipate receiving applications from Certification Service Providers outside of Bermuda. There are many countries that are yet to introduce authorisation schemes and the sophisticated and comprehensive nature of our Scheme, along with its flexibility, will hopefully prove attractive.

Looking to the future my Ministry has already initiated discussions with the European Commission in Brussels on whether the Scheme we have introduced could be recognised as being compatible with European Union Law. If it were to be so recognised this would mean that certificates issued by authorised CSPs, in Bermuda, would have legal standing throughout the European Union. This would clearly be a considerable achievement for Bermuda, as no other country outside of the Europe has yet been recognised.

Mr Speaker, in concluding, I commend these Regulations to the House and thank you, and members of the House, for allowing me to speak on this important issue for my Ministry."