Memorandum of Agreement (Template)
Parties to the agreement:
Ministry of Economic Affairs 〈MOEA〉
For the PCA that has passed the review of joining into interoperation with
MOEA, and qualified as a Principal Certification Authority as defined under “Taiwan
Bridge Certification Authority Certification Practice Statement” and so applied for
issuing of “Cross Certificates” (the Certificate) from MOEA. Henceforth, both parties
agree to execute this collaboration agreement (the Agreement) with terms &
conditions as follows:
Clause 1. Applicable Scope
In the Cross Certificates application, PCA shall clearly identify the CA
and the name of CA’s it controlled that are conducting interoperation with
the MOEA; where there are changes to the controlled CA’s conducting
interoperation under PCA, the PCA shall notify the MOEA in writing and
announce it on the open website of PCA.
The approved version 1.6 of “Taiwan Bridge Certification Authority
Certification Practice Statement” (appendix 1) forms part of this agreement,
and has the same power as this agreement. But where there is a conflict
between the content of appendices and this agreement, this agreement shall
Clause 2. Service Scope
MOEA shall provide public key cross certificates issuing, managing,
renewing and revoking related certificate services to PCA according to the
operating process clearly stated on appendix 1
Clause 3. Scope and Limit on use of Certificates
Usage scope of Certificate: MOEA issues certificates to establish mutual
trust between PCA and the MOEA, so as to enable the different levels of
certificates issued by PCA can establish the certificate trust route required
for interoperation with other Public key infrastructure areas already
interoperating with the MOEA.
Certificate usage restrictions: Certificates issued by MOEA can only be
used within the scope specified by this agreement. The certificates can not
be used in applications or businesses that can cause death, harm to people
physically or psychologically, or major harm to social order or social
environment. Neither can it be used on any applications or businesses
clearly prohibited by the Electronic Signatures Act or other relevant laws
and regulations enacted by the authority.
Clause 4. Fees
Unless there is separate written agreement between both parties, MOEA
does not currently charge for the cross certification services that it provides
now. Where MOEA starts charging at a later date, both parties shall
document the agreement in writing then.
Clause 5. Rights & Responsibilities
The PCA shall comply with the Certification Operation Standard
already approved by the authority.
Where the PCA uses the certificates issued by MOEA in scopes beyond
this agreement, leading to any dispute situation, then PCA shall be solely
responsible without any liability on the part of MOEA.
MOEA shall keep the registration information, certificates information
and other relevant information of PCA safely, avoiding any leakage, illegal
uses or tampering. The retention period for the above mentioned
information shall be in accordance with the operating process recorded
within appendix 1 “4.6.2 Filing retention period”.
MOEA shall complete the certificate revocation, CRL and publish them
on the database within 10 days of receiving certificate revocation
application from the PCA. The PCA shall announce the application for
revoking the certificate on the website of PCA prior to the certificate
revocation status has been published, so as to reduce its effect on other
public certification authorities and take on all responsibilities arising out of
using such certificates.
The PCA and MOEA shall ensure their employees do not disclose, steal,
misuse, forge or tamper the information, password or private key of any
Both parties shall safeguard the private key and passwords
corresponding to their certificates, and if they are damaged, lost, cracked,
tampered with or stolen, the other party shall be notified for immediate
processing and announcements.
Both parties shall safeguard electronic information, and prevent any
third parties from entering the computer operation and network system
When either party accesses the registration information, certificates
information and other relevant information in possession, it must be strictly
for business requirements and strictly controlled, and operated by the people
with access rights to the operation.
Clause 6. Non-Disclosure.
Beside the content of certificates are public information, both parties
shall protect the privacy of either party in accordance with the requirements
clearly stated in appendix 1.
Upon termination of this agreement, the duty to non-disclosure shall
remain valid within 3 years of terminating this agreement.
Clause 7. Changes, suspension or revocation of certificates.
MOEA does not provide PCA certificate suspension services.
Prior to the certificates expiring, if there is any change or revocation of
certificate information, the PCA shall notify MOEA immediately. After
confirming certificate amendment or revocation application from PCA, it
shall process the application according to the rules in appendix 1.
The process for applying for certificate revocation by the PCA shall be
in accordance with appendix 1 “4.4.4 Procedure for requesting certificate
Where the PCA falls into any one of the following situations, it shall
notify MOEA in writing or through digitally signed email:
I. There have been changes to certificate contents and information
relating to PCA.
II. The information recorded in the certificate fields or extended
certificate fields of the certificates held by PCA does not comply
with the requirement of appendix 1.
III. The PCA believes there are other causes justifying the submission
of certificate revocation application.
Clause 8. Procedures for processing cracked private keys.
Where there are concerns that the private key held by either party has
been destroyed, lost, cracked, tampered with or stolen, the other party shall
be notified to take action, and both parties shall revoke the certificate of the
opposite party in accordance with the required procedure in appendix 1 “4.4
certificates on temporary suspension and revocation”, and then issue and
public CRL on the database of both parties; after certificates has been
revoked, the certificates shall be reissued.
Clause 9. Ending operation.
Where PCA has to end its operation, it must try to reduce its impact on
the operation of business system to the minimum, and transfer the related
certificates operation smoothly to other PCA to continue operation.
Where MOEA has to end its operations, it shall proceed in accordance
with the requirements contained in appendix 1 “4.9 BCA termination
Clause 10. Liabilities for compensation and limitations of liability
If MOEA breaches this agreement or relevant legal regulations
intentionally or by neglect, leading to losses by the PCA, then MOEA shall
compensate for the losses of PCA, but the scope of compensation is limited
to the direct losses endured by the PCA, and the compensation ceiling shall
be as per required by appendix 2 of this agreement.
If the PCA breaches the certificates operation standards approved by
relevant authority, conditions of this agreement or relevant legal regulations
intentionally or by neglect, leading to losses by MOEA or other PCA, then
it shall compensate for the losses of MOEA or other PCA. But the scope of
compensation is limited to the direct losses endured, and the compensation
ceiling amount is as per appendix 2 of this agreement.
If either party causes losses to the other party due to disconnections in
internet links, equipment malfunctions, or other force majeure natural
disasters (e.g.: wars or earth quakes, etc), or other causes of no fault from
either party, then the party shall not be liable for compensation.
When either party terminates operation or this agreement, and causes
other party or other PCA to ensure losses, then the party initiating the
termination shall compensate the other party for the losses except
terminating in accordance with the condition of item 1 under clause 14. The
scope of compensation is limited to direct losses only, and the maximum
amount of compensation is as per the conditions setout in appendix 2 of this
agreement. The Certification service provided by MOEA is completely free
of charge, the scope of compensation for losses caused by its certification
service is restricted to direct losses only, and the maximum amount of
compensation is as per the conditions setout in appendix 2 of this
Clause 11. Intellectual Property Rights
Both parties agree to comply with the terms under appendix 1 “2.9
Intellectual property rights”, and if either party infringes on the intellectual
property right, the infringing party shall be liable for compensation.
The intellectual property of private key and public key generated by the
PCA belong to PCA, but after its public key has been issued in certificate
format by MOEA, the intellectual property of the certificate belongs to
MOEA, the PCA and trusted certificate users only have the usage right to
public key certificates.
Clause 12. Validity
This agreement is effective from the date of execution for a period of
five years. Before this agreement expires, if neither party notifies the
termination of this agreement in writing, then it is deemed as extended.
Clause 13. Changes
Any addition or amendment to this agreement shall be made in writing
after negotiation between both parties, and if either party does not agree, it
shall notify the other party in writing within three months to terminate this
MOEA can amend the content of appendix 1 to this agreement or
supplement the requirements at any time. But it shall notify PCA in writing
and publish it on MOEA website three months prior to the amendment
comes into effect, and if PCA has not responded with any disagreement in
writing within one month of receiving the written notification, then the
amendment is deemed accepted.
Clause 14. Termination
Unless otherwise required, if either party would like to terminate this
agreement, the party shall notify the other party in writing three months
prior to termination.
Both parties shall complete the certificate revocation, issuing of CRL
and publish them onto the database with ten days prior to the termination
If either party breaches the conditions of this agreement and failed to
rectify the situation after the other party has notified for rectification within
certain time limit, then the party not breaching the terms of this agreement
can terminate this agreement with three months written notice. If the
termination of this agreement causes damage to the non-breaching party of
this agreement or other PCA, then the breaching party shall be liable for
Clause 15. Dispute resolution.
Any disputes arising out of this agreement shall be arbitrated according
to the arbitration laws of the Republic of China by the ROC arbitration
association in Taipei City. For the parts not related to disputes or unaffected
by it, both parties shall continue to perform their duties under the
Clause 16. Basic laws and Jurisdiction
This agreement is based on the laws of the Republic of China.
For any litigations arising out of this agreement, both parties agree to
submit to the authority of the district court of Taipei, Taiwan as the first
Clause 17. Notifications
Notifications by and between the parties to this agreement shall be made
in writing, and the method and entity of notification for the parties to this
agreement is as follows:
MOEA：Ministry of Economic Affairs Department of Commerce
Address: No. 15 FuZhou Street, Taipei 100.
Where there is change to the notification unit and notification method
above, the other party shall be notified in writing. Where either party
neglected in notifying the other party of the changes in notification unit and
notification method, causing notifications to be rejected or undeliverable,
then notice is deemed served at the time of issuing notice.
Clause 18. Severability
If any one clause of this agreement breaches any prohibitions required
by law or become null and void due to other causes, then other clauses in
this agreement are still valid.
Clause 19. This agreement is executed in duplicates with both parties holding a
original each, and 8 copies of the agreement with each party holding 4
Parties to the agreement:
MOEA： Ministry of Economic Affairs
Maximum Compensation Amount
(1) The maximum amount MOEA shall be liable as follows:
Cross Certificate Type Maximum Compensation Amount (NTD)
Test Level Nil
Level 1 100,000
Level 2 500,000
Level 3 2,500,000
Level 4 5,000,000
(2) PCA shall be liable for the same maximum compensation amount as
described in the table above.