# Finnish Trust Network (FTN)
Last updated: 28/09/2023
Current version effective from: 28/09/2023
Page contents
This appendix is part of the Agreement between Signicat and the Customer. It specifies obligations of the Parties when Signicat is providing the Signicat Services as a member of the Finnish Trust Network (“FTN”) in accordance with the Finnish Act on Strong Electronic Identification and Trust Services (617/2009).
If there is a contradiction between the terms of this Appendix and those of the Application Service Provider Agreement, the terms of this Appendix apply. Signicat reserves the right to change the terms of this Appendix following changes to applicable legislation or to Signicat’s contractual obligations with Identity Issuers.
As an ID broker in the FTN network, Signicat redirects End Users to their Identity Issuer, receives authenticated End User’s information from the Identity Issuer and returns the information to the Customer. Signicat has ID brokering agreements (based on Signicat Connect service) with Identity Issuers that are members of the FTN.
The Customer is obliged to comply with all applicable laws and regulations, including, but not limited to the Finnish Act on Strong Electronic Identification and Trust Services (617/2009) when using the Signicat Services.
# Technical terms and restrictions
In accordance with the Finnish Act on Strong Electronic Identification and Trust Services (617/2009), Identity Issuers may set restrictions to the use of the identity they issue. The Customer is obliged to comply with the restrictions and limitations.
The following restrictions apply to all strong eIDs:
# a) WebSSO
Forwarding a strong e-identity authentication transaction and web session to an external 3rd party service provider is NOT permitted.
# b) Creation of a strong FTN e-identity
Applicable only to TRAFICOM supervised entities. Only certified members of the Finnish Trust Network (FTN) may create new strong FTN e-identities based on an existing strong FTN e-identity provided in accordance with Finnish Act on Strong Electronic Identification and Trust Services (617/2009).
# Liability
Signicat is not liable for any damages to the Customer, End User or a third party caused by unauthorized use of electronic identity or the data brokered by Signicat. Unauthorized use means any use that does not comply with applicable legislation, with the restrictions and limitations on identity use defined by Identity Issuers, or with the contractual terms and conditions that apply between End Users and Identity Issuers.
If, based on an ID-brokering agreement, Signicat is liable to compensate an Identity Issuer the liability of the Identity Issuer for damages to an End User or a third party due to unauthorized use of the identity, the Customer is liable to compensate Signicat for the full amount, unless the damage is caused by Signicat’s breach of contract. No limitation of liability applies.