PART II - THE COMMISSION AND THE LICENSING OF CERTIFICATION AUTHORITIES
Section 21. Exemption from performance audit.
(1) The Commission may exempt a licensed certification authority from the requirements of section 20 if-
[Am Act A1121:s.2]
(a) the licensed certification authority requests in writing for exemption;
(b) the most recent performance audit, if any, of the licensed certification authority resulted in a finding of full or substantial compliance with this Act; and
(c) the licensed certification authority declares under oath or affirmation that one or more of the following is true with respect to the licensed certification authority:
(i) the licensed certification authority has issued fewer than six certificates during the past year and the total of the recommended reliance limits of all such certificates does not exceed twenty-five thousand ringgit;
(ii) the aggregate lifetime of all certificates issued by the licensed certification authority during the past year is less than thirty days and the total of the recommended reliance limits of all such certificates does not exceed twenty-five thousand ringgit;
(iii) the recommended reliance limits of all certificates outstanding and issued by the licensed certification authority total less than two thousand five hundred ringgit.
(2) Where the licensed certification authority's declaration under paragraph (1)(c) falsely states a material fact, the licensed certification authority shall be deemed to have failed to comply with the performance audit requirement under section 20.
(3) Where a licensed certification authority is exempted under subsection (1), the Commission shall publish in the certification authority disclosure record that it maintains for the licensed certification authority concerned a statement that the licensed certification authority is exempted from the performance audit requirement under section 20.