{"formats":[{"name":"JSON","format":"json","url":"\/downloads\/2025\/code-json\/59.1-552.json"},{"name":"Plain Text","format":"text","url":"\/downloads\/2025\/code-text\/59.1-552.txt"},{"name":"XML","format":"xml","url":"\/downloads\/2025\/code-xml\/59.1-552.xml"},{"name":"HTML","format":"html","url":"\/downloads\/2025\/code-html\/59.1-552.html"}],"law_id":64751,"edition_id":1,"section_id":64751,"structure_id":15846,"section_number":"59.1-552","catch_line":"Establishment of liability; limitation of liability","history":"2015, cc. 482, 483; 2020, c. 736.","full_text":"A\n\nAn identity trust framework operator, identity provider, federation administrator, or federation operator shall be liable if the issuance of an identity credential or assignment of an identity attribute, or a trustmark, is not in compliance with the Commonwealth&#8217;s identity management standards in place at the time of issuance. Further, the identity trust framework operator or identity provider shall be liable for noncompliance with applicable terms of any contractual agreement with a contracting party and any written rules and policies of the identity trust framework or federation of which it is a member.B\n\nAn identity trust framework operator, identity provider, federation administrator, or federation operator shall not be liable if the issuance of the identity credential or assignment of an identity attribute or a trustmark was in compliance with (i) the Commonwealth&#8217;s identity management standards in place at the time of issuance or assignment, (ii) applicable terms of any contractual agreement with a contracting party, and (iii) any written rules and policies of the identity trust framework or federation of which it is a member, provided such identity trust framework operator or identity provider did not commit an act or omission that constitutes gross negligence or willful misconduct. An identity trust framework operator or identity provider shall not be liable for misuse of an identity credential by the identity credential holder or by any other person who misuses an identity credential.","order_by":null,"text":{"0":{"id":235622,"text":"An identity trust framework operator, identity provider, federation administrator, or federation operator shall be liable if the issuance of an identity credential or assignment of an identity attribute, or a trustmark, is not in compliance with the Commonwealth&#8217;s identity management standards in place at the time of issuance. Further, the identity trust framework operator or identity provider shall be liable for noncompliance with applicable terms of any contractual agreement with a contracting party and any written rules and policies of the identity trust framework or federation of which it is a member.","type":"section","prefixes":["A"],"prefix":"A","entire_prefix":"A","prefix_anchor":"A","level":1,"next_prefix":"B"},"1":{"id":235623,"text":"An identity trust framework operator, identity provider, federation administrator, or federation operator shall not be liable if the issuance of the identity credential or assignment of an identity attribute or a trustmark was in compliance with (i) the Commonwealth&#8217;s identity management standards in place at the time of issuance or assignment, (ii) applicable terms of any contractual agreement with a contracting party, and (iii) any written rules and policies of the identity trust framework or federation of which it is a member, provided such identity trust framework operator or identity provider did not commit an act or omission that constitutes gross negligence or willful misconduct. An identity trust framework operator or identity provider shall not be liable for misuse of an identity credential by the identity credential holder or by any other person who misuses an identity credential.","type":"section","prefixes":["B"],"prefix":"B","entire_prefix":"B","prefix_anchor":"B","level":1,"prior_prefix":"A"}},"ancestry":[{"id":15846,"edition_id":1,"name":"Electronic Identity Management Act","identifier":"50","label":"chapter","depth":2,"order_by":1,"parent_id":12809,"metadata":{},"date_created":"2026-06-26 04:00:29","date_modified":"2026-06-26 04:00:29","permalink":{"id":262637,"object_type":"structure","relational_id":15846,"identifier":"50","token":"59.1\/50","url":"\/59.1\/50\/","edition_id":1,"permalink":0,"preferred":1}},{"id":12809,"edition_id":1,"name":"Trade and Commerce","identifier":"59.1","label":"title","depth":1,"order_by":1,"parent_id":null,"metadata":{},"date_created":"2026-06-26 03:43:54","date_modified":"2026-06-26 03:43:54","permalink":{"id":259521,"object_type":"structure","relational_id":12809,"identifier":"59.1","token":"59.1","url":"\/59.1\/","edition_id":1,"permalink":0,"preferred":1}}],"structure_contents":[{"id":80291,"structure_id":15846,"section_number":"59.1-550","catch_line":"Definitions","url":"\/59.1-550\/","token":"59.1\/50\/59.1-550","metadata":false},{"id":86192,"structure_id":15846,"section_number":"59.1-551","catch_line":"Trustmark; warranty","url":"\/59.1-551\/","token":"59.1\/50\/59.1-551","metadata":false},{"id":64751,"structure_id":15846,"section_number":"59.1-552","catch_line":"Establishment of liability; limitation of liability","url":"\/59.1-552\/","token":"59.1\/50\/59.1-552","metadata":false},{"id":75096,"structure_id":15846,"section_number":"59.1-553","catch_line":"Commercially reasonable security procedures for electronic fund transfers","url":"\/59.1-553\/","token":"59.1\/50\/59.1-553","metadata":false},{"id":61185,"structure_id":15846,"section_number":"59.1-554","catch_line":"Applicability of chapter","url":"\/59.1-554\/","token":"59.1\/50\/59.1-554","metadata":false},{"id":69724,"structure_id":15846,"section_number":"59.1-555","catch_line":"Sovereign immunity","url":"\/59.1-555\/","token":"59.1\/50\/59.1-555","metadata":false}],"previous_section":{"id":86192,"structure_id":15846,"section_number":"59.1-551","catch_line":"Trustmark; warranty","url":"\/59.1-551\/","token":"59.1\/50\/59.1-551","metadata":false},"next_section":{"id":75096,"structure_id":15846,"section_number":"59.1-553","catch_line":"Commercially reasonable security procedures for electronic fund transfers","url":"\/59.1-553\/","token":"59.1\/50\/59.1-553","metadata":false},"metadata":false,"official_url":"https:\/\/law.lis.virginia.gov\/vacode\/59.1-552\/","history_text":"<p>This law was first created in 2015. The record of its establishment is cataloged in chapters <a href=\"https:\/\/legacylis.virginia.gov\/cgi-bin\/legp604.exe?151+ful+CHAP0482\">482<\/a> and <a href=\"https:\/\/legacylis.virginia.gov\/cgi-bin\/legp604.exe?151+ful+CHAP0483\">483<\/a> of that year\u2019s edition of \u201cActs of Assembly,\u201d the annual state publication listing all changes made to the Code of Virginia in that year. It has been modified 1 time. Those modifications are cataloged by \u201cThe Acts of Assembly,\u201d a state publication, by year and chapter. Those modifications that can be read on the General Assembly\u2019s website will be linked accordingly. That modification is as follows: in 2020, chapter <a href=\"https:\/\/legacylis.virginia.gov\/cgi-bin\/legp604.exe?201+ful+CHAP0736\">736<\/a>.<\/p>","references":false,"refers_to":false,"permalink":{"id":262647,"object_type":"law","relational_id":64751,"identifier":"59.1-552","token":"59.1\/50\/59.1-552","url":"\/59.1-552\/","edition_id":1,"permalink":0,"preferred":1},"url":"\/59.1-552\/","token":"59.1\/50\/59.1-552","dublin_core":{"Title":"Establishment of liability; limitation of liability","Type":"Text","Format":"text\/html","Identifier":"\u00a7 59.1-552","Relation":"Code of Virginia"},"html":"\n\t\t\t\t\t\t<section id=\"A\"><p><span class=\"prefix-number\">A.<\/span> An <span class=\"dictionary\"><span class=\"dictionary\">identity trust framework<\/span> operator<\/span>, <span class=\"dictionary\">identity provider<\/span>, <span class=\"dictionary\">federation administrator<\/span>, or <span class=\"dictionary\">federation operator<\/span> shall be liable if the issuance of an <span class=\"dictionary\">identity credential<\/span> or assignment of an <span class=\"dictionary\">identity attribute<\/span>, or a <span class=\"dictionary\">trustmark<\/span>, is not in compliance with the Commonwealth&#8217;s identity management standards in place at the time of issuance. Further, the <span class=\"dictionary\"><span class=\"dictionary\">identity trust framework<\/span> operator<\/span> or <span class=\"dictionary\">identity provider<\/span> shall be liable for noncompliance with applicable terms of any contractual agreement with a contracting <span class=\"dictionary\">party<\/span> and any written rules and policies of the <span class=\"dictionary\">identity trust framework<\/span> or federation of which it is a member. <a id=\"paragraph-235622\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/59.1-552\/#A\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>\n\t\t\t\t\t\t<section id=\"B\"><p><span class=\"prefix-number\">B.<\/span> An <span class=\"dictionary\"><span class=\"dictionary\">identity trust framework<\/span> operator<\/span>, <span class=\"dictionary\">identity provider<\/span>, <span class=\"dictionary\">federation administrator<\/span>, or <span class=\"dictionary\">federation operator<\/span> shall not be liable if the issuance of the identity credential or assignment of an <span class=\"dictionary\">identity attribute<\/span> or a <span class=\"dictionary\">trustmark<\/span> was in compliance with (i) the Commonwealth&#8217;s identity management standards in place at the time of issuance or assignment, (ii) applicable terms of any contractual agreement with a contracting <span class=\"dictionary\">party<\/span>, and (iii) any written rules and policies of the <span class=\"dictionary\">identity trust framework<\/span> or federation of which it is a member, provided such <span class=\"dictionary\"><span class=\"dictionary\">identity trust framework<\/span> operator<\/span> or <span class=\"dictionary\">identity provider<\/span> did not commit an act or omission that constitutes gross <span class=\"dictionary\">negligence<\/span> or willful misconduct. An <span class=\"dictionary\"><span class=\"dictionary\">identity trust framework<\/span> operator<\/span> or <span class=\"dictionary\">identity provider<\/span> shall not be liable for misuse of an identity credential by the <span class=\"dictionary\">identity credential holder<\/span> or by any other person who misuses an identity credential. <a id=\"paragraph-235623\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/59.1-552\/#B\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>","plain_text":"                                 CODE OF VIRGINIA\n\nESTABLISHMENT OF LIABILITY; LIMITATION OF LIABILITY (\u00a7 59.1-552)\n\nA. An identity trust framework operator, identity provider, federation\nadministrator, or federation operator shall be liable if the issuance of an\nidentity credential or assignment of an identity attribute, or a trustmark, is\nnot in compliance with the Commonwealth&#8217;s identity management standards in\nplace at the time of issuance. Further, the identity trust framework operator or\nidentity provider shall be liable for noncompliance with applicable terms of any\ncontractual agreement with a contracting party and any written rules and\npolicies of the identity trust framework or federation of which it is a member.\n\nB. An identity trust framework operator, identity provider, federation\nadministrator, or federation operator shall not be liable if the issuance of the\nidentity credential or assignment of an identity attribute or a trustmark was in\ncompliance with (i) the Commonwealth&#8217;s identity management standards in\nplace at the time of issuance or assignment, (ii) applicable terms of any\ncontractual agreement with a contracting party, and (iii) any written rules and\npolicies of the identity trust framework or federation of which it is a member,\nprovided such identity trust framework operator or identity provider did not\ncommit an act or omission that constitutes gross negligence or willful\nmisconduct. An identity trust framework operator or identity provider shall not\nbe liable for misuse of an identity credential by the identity credential holder\nor by any other person who misuses an identity credential.\n\nHISTORY: 2015, cc. 482, 483; 2020, c. 736.","edition":{"id":1,"name":"2025","slug":"2025","date_created":"2026-06-21 22:39:22","date_modified":"2026-06-21 22:39:22","current":1,"order_by":1,"last_import":null}}