(b) the licensed certification authority for the subscriber on a written request by the subscriber and on payment of the approved fee.
(2) If the subscriber generates the key pair, the licensed certification authority shall reasonably ascertain whether the subscriber has used the prescribed technical components for the generation of the key pair and for the storage of the key pair.
(3) If the licensed certification authority generates a key pair for the subscriber, the licensed certification authority shall ensure that -
(a) it uses a secure protocol that incorporates adequate safeguards and security features for the distribution or transmission of the private key to the subscriber; and
(b) no copy of the subscriber's private key is retained or otherwise kept by the licensed certification authority.
(4) A licensed certification authority that contravenes subregulation (3) commits an offence and shall on conviction be liable to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.