Section 40

Section 40 provides the voluntary exit mechanism for Certifying Authorities — a licensed CA can surrender its licence rather than waiting for the Controller to revoke or suspend it. This is important for orderly market exits: if a CA decides to cease operations due to business closure, merger, or commercial decision, surrendering the licence through Section 40 is the correct procedure. The two-step process: the CA forwards the licence to the Controller with written notice of intent to surrender. The Controller then has discretion under Section 40(2) to require the CA to continue operating for a period if subscriber protection requires it. This continued-operations power is critical — a CA that has issued thousands of Digital Signature Certificates cannot simply walk away overnight. Its Certificate Revocation List must continue to be maintained, its OCSP responders must remain operational, and its subscriber records must be transferred or archived. The Controller's power to direct continued operations under Section 40(2) ensures that the CA fulfils its remaining obligations to existing certificate holders before exiting. Section 40 must be read alongside the Controller of Certifying Authorities' regulations on licence surrender, which prescribe the minimum notice period, subscriber notification requirements, and transition arrangements that must be completed before a surrender is accepted.