CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 174 – Reform of Requirements Relating to Conflict with Local Laws

Ballot 174 – Reform of Requirements Relating to Conflict with Local Laws

Voting on Ballot 174, “Reform of requirements relating to conflict with local laws” has now closed. The results are as follows:

From the CAs, we received 21 YES votes, 0 NO votes and 1 Abstention

From the Browsers, we received 3 YES votes, 0 NO votes and 0 Abstentions

Therefore the ballot passes.

CAs are required to make this change to their processes by a date 90 days from the date this ballot passes.

Detailed voting results are on the ballot tracker here: https://docs.google.com/spreadsheets/d/1FBsMZjlzyvK3mFR1u4qMqvZwlI86yJ-v0am1pCBo8uI

Ballot 174 – Reform of Requirements Relating to Conflicts with Local Law

The following motion has been proposed by Gervase Markham of Mozilla and endorsed by Kirk Hall of Entrust and Moudrick Dadashov of SSC:

Statement of Intent: The purpose of this change is to reform section 9.16.3 of the BRs, titled “Severability”, which deals with what a CA must do when it encounters a conflict between the requirements of a jurisdiction under which it operates and the requirements of the BRs. At the moment, this clause is triggered only by a court determination rather than by the CA encountering a conflict, which makes it unlikely to ever be triggered, and it requires notification to the CAB Forum but not documentation of the outcome. The current clause is:

9.16.3. Severability

If a court or government body with jurisdiction over the activities covered by these Requirements determines that the performance of any mandatory requirement is illegal, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations or certificate issuances that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Requirements accordingly. –Motion Begins–

Delete section 9.16.3 from the Baseline Requirements in its entirety and replace it with the following:

9.16.3. Severability

In the event of a conflict between these Requirements and a law, regulation or government order (hereinafter ‘Law’) of any jurisdiction in which a CA operates or issues certificates, a CA MAY modify any conflicting requirement to the minimum extent necessary to make the requirement valid and legal in the jurisdiction. This applies only to operations or certificate issuances that are subject to that Law. In such event, the CA SHALL immediately (and prior to issuing a certificate under the modified requirement) include in Section 9.16.3 of the CA’s CPS a detailed reference to the Law requiring a modification of these Requirements under this section, and the specific modification to these Requirements implemented by the CA.

The CA MUST also (prior to issuing a certificate under the modified requirement) notify the CA/Browser Forum of the relevant information newly added to its CPS by sending a message to and receiving confirmation that it has been posted to the Public Mailing List and is indexed in the Public Mail Archives available at (or such other email addresses and links as the Forum may designate), so that the CA/Browser Forum may consider possible revisions to these Requirements accordingly.

Any modification to CA practice enabled under this section MUST be discontinued if and when the Law no longer applies, or these Requirements are modified to make it possible to comply with both them and the Law simultaneously. An appropriate change in practice, modification to the CA’s CPS and a notice to the CA/Browser Forum, as outlined above, MUST be made within 90 days.

CAs are required to make this change to their processes by a date 90 days from the date this ballot passes.

–Motion Ends–

The review period for this ballot shall commence immediately and close at 2200 UTC on Monday 22nd August. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Monday 29th August. Votes must be cast by posting an on-list reply to this thread.

A vote in favor of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:

In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently ten (10) members – at least ten members must participate in the ballot, either by voting in favor, voting against, or abstaining.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).