In order for an X 509 digital certificate issued by a certificate authority to be considered legally useful for business purposes, in must have what is known in the industry as non-repudiation. In essence non-repudiation is a form of deniability in that if the company that receives the certificate can show that the issuer is not operating with the appropriate laws, all transactions made using the certificate can be denied.
You Must Have Proof the CA Issuing Your X 509 Is In Full Compliance
In order for this non-repudiation to exist, the issuing CA is required to document the operation of your X 509 using a Certificate Practice Statement along with a Certificate Policy. The Certificate Policy is used to describe the full details of the Digital Certificate including how it has been issued, why it was issued and how the end user intends to apply it and all of the laws pertaining to it.