4.—(1) Where—
(a)a certification-service-provider either—
(i)issues a certificate as a qualified certificate to the public, or
(ii)guarantees a qualified certificate to the public,
(b)a person reasonably relies on that certificate for any of the following matters—
(i)the accuracy of any of the information contained in the qualified certificate at the time of issue,
(ii)the inclusion in the qualified certificate of all the details referred to in Schedule 1,
(iii)the holding by the signatory identified in the qualified certificate at the time of its issue of the signature-creation data corresponding to the signature-verification data given or identified in the certificate, or
(iv)the ability of the signature-creation data and the signature-verification data to be used in a complementary manner in cases where the certification-service-provider generates them both,
(c)that person suffers loss as a result of such reliance, and
(d)the certification-service-provider would be liable in damages in respect of any extent of the loss—
(i)had a duty of care existed between him and the person referred to in sub-paragraph (b) above, and
(ii)had the certification-service-provider been negligent,
then that certification-service-provider shall be so liable to the same extent notwithstanding that there is no proof that the certification-service-provider was negligent unless the certification-service-provider proves that he was not negligent.
(2) For the purposes of the certification-service-provider’s liability under paragraph (1) above there shall be a duty of care between that certification-service-provider and the person referred to in paragraph (1)(b) above.
(3) Where—
(a)a certification-service-provider issues a certificate as a qualified certificate to the public,
(b)a person reasonably relies on that certificate,
(c)that person suffers loss as a result of any failure by the certification-service-provider to register revocation of the certificate, and
(d)the certification-service-provider would be liable in damages in respect of any extent of the loss—
(i)had a duty of care existed between him and the person referred to in sub-paragraph (b) above, and
(ii)had the certification-service-provider been negligent,
then that certification-service-provider shall be so liable to the same extent notwithstanding that there is no proof that the certification-service-provider was negligent unless the certification-service-provider proves that he was not negligent.
(4) For the purposes of the certification-service-provider’s liability under paragraph (3) above there shall be a duty of care between that certification-service-provider and the person referred to in paragraph (3)(b) above.