[cabfpub] Pre-Ballot 133 - Insurance Requirements for EV Issuers

Ben Wilson ben.wilson at digicert.com
Wed Aug 27 16:01:10 MST 2014

Here is a pre-ballot draft of a proposal to modify the insurance requirements for Extended Validation Certificates.  

Attached is a PDF and it’s also posted here - https://cabforum.org/wiki/133%20-%20Insurance%20Requirements%20for%20EV%20Issuers 

I’m looking for two endorsers and/or comments.

Ballot 133 - Insurance Requirements for EV Issuers 

Motion: Ben Wilson made the following motion, and ______ and _________ endorsed it:


The purpose of this ballot is to simplify the insurance requirements in section 8.4 of the EV Guidelines by replacing commercial general liability with ordinary casualty insurance and complicated third party coverage of $5 million with simpler €2 million liability insurance. This should make it easier for CAs to obtain insurance required by the EV Guidelines. 


1. Amend the second paragraph of Section 8.1 as follows: 

If a court or government body with jurisdiction over the activities covered by these Guidelines determines that the performance of any mandatory requirement is illegal or would conflict with local law, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations, or certificate issuances, or insurance requirements that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Guidelines accordingly. 

2. Amend Section 8.4 as follows: 

8.4. Insurance 

Prior to 1 October 2015, eEach CA SHALL maintain the following insurance related to their its respective performance and obligations under these Guidelines: 

(A) (1) Casualty insurance sufficient to cover damage or loss to CA systems due to fire, water, electrical failure, or natural disaster, or (2) Commercial General Liability insurance (occurrence form) with policy limits of at least two million US dollars in coverage; and 

(B) (1) non-contractual liability coverage of at least two million Euros (€2,000,000 per claim and in the aggregate) for financial loss to third parties arising out of a negligent act, error, or omission by the CA in issuing or maintaining EV certificates, or (2) Professional Liability/Errors and Omissions insurance, with policy limits of at least five million US dollars in coverage, and including coverage for (i) claims for damages arising out of an act, error, or omission, unintentional breach of contract, or neglect in issuing or maintaining EV Certificates, and (ii) claims for damages arising out of infringement of the proprietary rights of any third party (excluding copyright, and trademark infringement), and invasion of privacy and advertising injury. 

Effective as of 1 October 2015, each CA SHALL maintain the insurance specified in sections (A)(1) and (B)(1) above. 

The insurance specified in subsection (B) SHOULD BE global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction 

Such insurance MUST NOT exclude coverage when providing public key infrastructure services and MUST be: 

(i) maintained for all periods during which an EV Certificate issued by the CA is still valid (and if coverage is canceled or not renewed, the CA shall purchase an extended reporting period for such periods); 

(ii) global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction; and 

(iii) with a company rated good or better by Standard & Poor's, A.M. no less than A- as to Policy Holder's Rating in the current edition of Best's Insurance Guide, Fitch, Moody's, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or another similarly recognized insurance rating agency (or with an association of companies each of the members of which are so rated). 

If available at reasonable cost, a CA SHOULD maintain coverage for damage or loss to data, software, systems, and for business interruption due to IT security failure, malware, network attack, criminal hacker, or theft. 

A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in liquid assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of liquid assets to current liabilities) of not less than 1.0. 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140827/14e3051b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ballot 133 8.1-8.4.pdf
Type: application/pdf
Size: 110263 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140827/14e3051b/attachment-0001.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4998 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140827/14e3051b/attachment-0001.bin 

More information about the Public mailing list