Use of Certificates Clause Samples
The 'Use of Certificates' clause defines the requirements and limitations regarding the use, presentation, or reliance on certificates within the context of an agreement. Typically, this clause specifies which types of certificates are acceptable, who must issue them, and under what circumstances they must be provided—such as certificates of insurance, compliance, or completion. Its core function is to ensure that parties have verifiable proof of certain facts or conditions, thereby reducing uncertainty and establishing clear standards for documentation and compliance.
Use of Certificates. Subject to clause 12, Certificates (as defined in the Regulations in Section B) may be utilised at the Client's discretion but only if the Certificate is reproduced and provided in full. Certificates cannot be reproduced or provided in part.
Use of Certificates. Certificates are used at various levels. The figure below shows which components require which kind of private and public keys. The red boxes represent the usage of private keys and green boxes represent public keys. 9 ▇▇▇▇▇://▇▇▇.▇-▇▇▇▇▇.▇▇/node/47 Although the individual usage of these keys is not relevant for the purpose of this document, their purposes should still be summarised: keypairs of public/private keys are necessary for • Sending messages from the backend to the Connector • Sending messages from the Connector to the backend • Encrypting the (hash code) of ETSI-REM evidences for confirming the transmission status of messages • Signing the secure “ASiC-S” container for the messages • Sending messages from the Connector to the Gateway • Sending messages from the Gateway to the Connector • Sending messages from the Gateway to other Gateways All these authentication and encryption functionalities rely on certificates. e-CODEX itself does not impose any requirements which kinds of certificates must be used. At the same time, it can process all kinds of certificates – be it regular qualified certificates. Although e-CODEX does not impose any requirements it recommends applying a minimum level of security. The e-CODEX security recommendations are available at the e-CODEX Website.
Use of Certificates as demonstration of compliant processing
a) Suitable and valid certificates for IT security and data protection (e.g. (BSI) IT-Basic Protection, ISO 27001, TISAX etc.) can also be presented as proof of compliant processing, provided that the respective subject of the certification also applies to the corresponding service(s) and related processing. However, the presentation of a relevant certificate shall not substitute the controller's right to inspect/audit the processor nor the obligation to document the security measures within the meaning of Clause 7.6 of this agreement.
b) Such an inspection/audit is subject to the following conditions: ▪ Scope: Audits shall be limited to the processor's data processing systems and personnel involved in the processing activities covered by this agreement. ▪ Frequency: Audits shall be carried out at most once a year or with such other frequency as required by applicable data protection legislation or by a competent supervisory author- ity, or immediately after a significant personal data breach affecting the personal data pro- cessed by the processor under this agreement. ▪ Period: The Audits shall, where possible, be carried out during normal business hours (Monday to Friday from 9 a.m. to 6 p.m.).
Use of Certificates as demonstration of compliant processing