Section 34

Section 34 is the comprehensive disclosure obligation for Certifying Authorities — the transparency requirement that underpins relying party trust. Four categories of disclosure are mandated. First, the CA's own Electronic Signature Certificate (the certificate issued to the CA within the Root CA/sub-CA hierarchy) containing the public key used to sign subscriber certificates — this is the anchor of the trust chain. Relying parties need this to verify that subscriber certificates were signed by a legitimately licensed CA. Second, any relevant Certification Practice Statement (CPS) — the document specifying how the CA operates, its identity verification procedures, key management practices, and certificate policies. Third, any notice of revocation or suspension of the CA's own certificate — a critical disclosure because if the CA's root or sub-CA certificate is compromised or revoked, every certificate it has signed is affected. Fourth — and most broadly — 'any other fact that materially and adversely affects either the reliability of an Electronic Signature Certificate that the Authority has issued, or the Authority's ability to perform its services.' This catch-all disclosure obligation is the PKI equivalent of a material adverse change disclosure in securities law: anything that could cause a reasonable relying party to question the reliability of the CA's certificates or the CA's operational continuity must be disclosed. Clause (d) examples would include: a key management incident that may have compromised the CA's signing key; a significant security breach; insolvency proceedings commenced against the CA; or a material change in the CA's ownership or governance.