BT Trust Services Relying Third Party Charter for Qualified Certificates Issue 1 (July 2004) You should read this Relying Third Party Charter (the "Charter") before validating a VeriSign Trust Network (VTN) qualified certificate issued by BT (a " Qualified Certificate"), using BT's Online Certificate Status Protocol ("OCSP") services or otherwise accessing or using the BT database of Qualified Certificate revocation or other information ("Repository") or any Certificate Revocation List issued by BT ("BT CRL"). You will be deemed to have accepted this Charter by validating or relying upon a Qualified Certificate or the information embedded in a Qualified Certificate, or by accessing or using the Repository, even if you have not read the Charter. You demonstrate your knowledge and acceptance of the Charter by submitting a query to search for, or to verify the revocation status of a Qualified Certificate or by otherwise relying on or using any information or services provided by BT's Repository or the BT Trust Services website. If you do not accept the Charter, do not submit a query and do not download, access or use any BT CRL. Customers of BT Trust Services are reminded that their reliance on or use of Certificates is governed by the Conditions for BT Trust Services. The Charter sets out the actions BT will take to enable you to make an informed decision as to whether you wish to rely on a Qualified Certificate (including the information embedded in a Qualified Certificate), and contains guidelines and procedures you must follow before validating, relying on, or otherwise using a Qualified Certificate or information embedded in a Qualified Certificate. The Charter applies when you submit a query in search of a Qualified Certificate or to verify a digital signature created with a Private Key corresponding to a Public Key contained in a Qualified Certificate, or when you otherwise rely on or use any information or services provided by BT at the Repository or the BT Trust Services website. Qualified Certificates are issued in accordance with the requirements set out in Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (the "EU Directive"). The following table indicates how you know what the object identifier (the "OID2) and certificate policy (the "EDSP") corresponding to the certificate is. A copy of the EDSP is available at http://www.trustwise.com/repository/CPS/cps.htm. OID EU Directive Article ETSI Policy terminology EDSP terminology id-edsp-dl1 (2.16.840.1.113733.1.7.44.1) Article 5.2 QCP public DL1 id-edsp-dl2 (2.16.840.1.113733.1.7.44.2) Article 5.1 QCP public + SSCD DL2 BT publishes a document titled the BT Certification Practice Statement (the "CPS"), which is a summary of the practices that BT will follow with respect to the provision of Certificates. BT will comply with the assurance level for information contained in a Certificate as specified in the description of each class of Certificate in section 1.1 of the CPS. In particular, BT represents that all information contained in a Certificate, except non-verified customer information, has been validated in accordance with the procedures in the CPS. The CPS is available in the Repository at http://www.trustwise.com/repository/CPS/cps.htm. If there are changes to the CPS, BT will post the changes in the Repository. To the extent permitted by the law of England and Wales, BT makes no representations and holds out no warranties in respect of Certificates or the Repository other than those expressly set out in the CPS and this Charter. You acknowledge that your use of the Repository and your reliance on or use of any Qualified Certificate or the information embedded in it will be governed by the CPS (as amended from time to time) and this Charter. Section 2.1.4 of the CPS sets out specific procedures you must use to validate a Qualified Certificate before relying on the Qualified Certificate or any information embedded in the Qualified Certificate. If you rely on or use a Qualified Certificate (including the information embedded in the Qualified Certificate) without first complying with the procedures set out in section 2.1.4 of the CPS, your reliance on or use of that Certificate or the information will be inconsistent with this Charter and will be considered unreasonable and in derogation of your duty of care under the Common Law of England and Wales. You acknowledge that you have sufficient access to information to ensure that you can make an informed decision as to the extent to which you will choose to rely on or use a Qualified Certificate or the information embedded in it. You further acknowledge that you are responsible for deciding whether to rely on a Qualified Certificate or information embedded in it. You acknowledge that the information provided in the Repository, Certificates, and the BT Trust Services website is provided to you by BT only and that no other person shall be liable to you in respect of such information. Customers of BT Trust Services are obliged to inform BT if their Private Keys are compromised, and on receipt of such a notice BT will revoke the compromised Qualified Certificate and post notice of the revocation in the Certificate Status List. However, you acknowledge the possibility of theft or other form of compromise of a Private Key corresponding to a Public Key contained in a Qualified Certificate which may not be detected, and of the possibility of use of a stolen or compromised key to forge a digital signature to a document BT's liability to you is limited to £25,000 for any one incident or series of related incidents and to £100,000 for all incidents in any period of 12 months. BT is not liable to you (including for negligence) for direct or indirect loss of profits, business or anticipated savings, nor for any indirect or consequential loss or damage or for any destruction of data. BT accepts unlimited liability for death or personal injury resulting from its negligence and the limits set out above do not apply to such liability. BT is not liable to you for the acts or omissions of other providers of telecommunications or Internet services (including domain name registration authorities) or for faults in or failures of their equipment. Each point of this Charter is separate and the invalidity or unenforceability of any point for any reason will not affect the validity or enforceability of any other point. This Charter is published by British Telecommunications plc a company registered In England No.1800000, any claims, complaints, disputes or proceedings in connection with the provision of Certificates, the Repository, BT Trust Services or with this Charter must be commenced under the jurisdiction of the courts of England and Wales.   Copyright © British Telecommunications plc 2004