PKI Service Providers assume no liability whatsoever in relation to the use of Certificates or associated key
pairs for any use other than in accordance with this Policy or related agreements.
The PKI Service Providers, and their employees, servants or agents, make no representations or warranties,
express or implied, other than as expressly stated in this Policy or in an agreement between the PKI Service
Provider and a Subscriber or Relying Party.
Except as expressly prohibited in this Policy, PKI Service Providers may disclaim all warranties and
obligations of any type, including without limitation (i) any warranty of merchantability; (ii) any warranty
of fitness for a particular purpose; (iii) any warranty of accuracy of information provided; and (iv) any
warranty of non-infringement.
The PKI Service Providers are neither intermediaries nor guarantors of the underlying transactions between
Subscribers and Relying Parties. Recourse, liability, and dispute resolution for claims solely between
Subscribers and Relying Parties (e.g., claims of non-performance not related to Subscriber identity) shall be
under applicable law.
Claims against PKI Service Providers are limited to showing that the PKI Service Providers operated in a
manner inconsistent with this Policy, the applicable CPS, or a related agreement or warranty.
PKI Service Providers are responsible to a Relying Party only if the Relying Party has complied with all
obligations, terms, and conditions of this Policy and of the applicable Relying Party Agreement, and only to
the extent otherwise allowed by this Policy. In addition, PKI Service Providers are responsible to a Relying
Party only for direct damages suffered by such Relying Party that are (a) caused by the failure of the PKI
Service Provider to comply with the terms of this Policy, the CPS, or a related agreement or warranty, and
(b) sustained by such Relying Party as a result of Reasonable Reliance on a Certificate in accordance with
this Policy.
PKI Service Providers may enter into indemnification agreements with other PKI Service Providers to
appropriately allocate the risk and financial responsibility arising from the parties’ respective duties and
obligations. Notwithstanding the immediately preceding sentence, for tasks delegated by a CA to any
Delegated Third Party, the CA and Delegated Third Party may allocate liability between themselves
contractually as they determine, but the CA shall remain fully responsible for the performance of all parties
in accordance with the CA/B Forum Baseline Requirements, as if the tasks had not been delegated and
regardless of whether CA and the Delegated Third Party entered an indemnification agreement in
accordance with the immediately preceding sentence.
Except to the extent such liability is specified by the other provisions of this Policy, a CA’s liability to a
Subscriber or Relying Party will be determined in accordance with any agreement between the CA and the
Subscriber or Relying Party.
Except to the extent liability is limited by the other provisions of this Policy, an RA’s liability to a
Subscriber will be determined in accordance with any agreement between the RA and the Subscriber.
A Relying Party found to have acted in a manner counter to the obligations of a Relying Party under this
Policy forfeits all claims he, she, or it may have against any PKI Service Providers.
This Policy establishes an open-but-bounded PKI. PKI Service Providers will not be liable to any person
who relies upon a Certificate unless such liability is clearly established by contract, special warranty or law.
Unless otherwise provided in separate writing or in contract, the total, maximum, aggregate liability of a
CA or RA for all Certificates issued under this Policy and for all transactions relying on Certificates is
$10,000,000.