Licences under the Digital Signature Act 1997 Licensed Certification Authority The function of a licensed certification authority is to issue to a subscriber upon application and upon satisfaction of the licensed certification authority's requirements as to the identity of the subscriber to be listed in the certificate and upon payment of the prescribed fees and charges. Licensed certification authority, before issuing any certificate, must take all reasonable measures to check for proper identification of the subscriber to be listed in the certificate. The licensing of certification authorities is obligatory under the Digital Signature Act 1997. The MCMC issues two stages of licences for certification authorities: a)   The establishment stage; and b)   The operation stage. The MCMC issues the establishment stage licence for a period of not exceeding one year. During the period, a person has to fulfil all licensing requirements and may apply for the operation stage. A person is only allowed to carry on or operate as a licensed certification authorities until that person has been issued with the operation stage of the licence. Qualification Requirements A person intending to carry on or operate as a certification authority must satisfy the following requirements: a)   It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961; b)   It maintains a registered office in Malaysia; c)   It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to carry on or operate as a certification authority; d)   It files with the Commission a suitable guarantee; e)   It uses a trustworthy system for the generation and management of key pairs and certificates; f)   It uses an approved digital signature scheme for the generation of key pairs and for the creation and verification of digital signatures; g)   It has an operating procedure that includes a certification practice statement, the measures to be taken to check the identity of subscribers to be listed in certificates, and the repositories and date/time stamp services to be used; h)   It employs as operative personnel only persons who: a. Have not been convicted within the past 15 years of an offence involving fraud, false statement or deception; and b. Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations; i)   It complies with the licensing, standards and technical requirements under the Act and its Regulation; and j)   It complies with such other requirement as the Commission thinks fit. Application for Certification Authority Licence a)   A person fills in Form 1; b)   A person must provide the following information for the establishment stage: The particular of the applicant The anticipated operational costs and proposed financing; Details of the personnel to be employed and their qualifications, if available; The proposed operating procedure; and The services to be provided and the fees and charges to be imposed thereof. c)   A person must provide the following information for the operation stage: All valid information submitted for the establishment stage; All new information and all the changes to the information submitted for the establishment stage, if any; A suitable guarantee; and A report from a qualified auditor certifying that the prescribed licensing, standards and technical requirements have been satisfied. d)   The prescribed fee; and e)   Such other information or document as the Commission may require.		Communications & Multimedia Act 1998 Postal Services Act 1991   Digital Signature Act 1997   Digital Signature Regulations 1998 Communications & Multimedia (Licensing) Regulations 1999 Communications & Multimedia (Licensing) Regulations 2000 Communications & Multimedia (Licensing) (Amendment) Regulations 2001 Communications & Multimedia (Licensing) (Exemption) Order 2000 Register of Individual Licences Register of Class Licences