¶ºÒõ¹Ý

Anyone who closely follows PKI news has noticed the CA/Browser Forum’s increased activity in recent years, particularly through its Server Certificate Working Group, which shapes the rules for the Web PKI. These rules are overwhelmingly designed around a single dominant use case: web browsers communicating with web servers.

Yet many TLS certificates secure far more than just websites—especially in the financial sector, where mission-critical applications often operate under very different requirements. With new CA/B Forum TLS rules coming into effect on March 15, 2026, this mismatch between browser PKI and financial application needs will become even more pronounced.

To address this gap, the Accredited Standards Committee (ASC) X9 has introduced the X9 Financial PKI, specifically designed to meet the needs of financial institutions worldwide. X9 selected ¶ºÒõ¹Ý to operate this PKI globally.

What is the X9 Financial PKI?

The X9 PKI allows organizations—primarily financial entities like banks—to request an intermediate certificate authority (CA) certificate. This enables them to issue their own leaf certificates for public-facing PKI applications while remaining compliant with X9’s sector-specific standards.

Financial institutions operate under rigorous regulatory oversight. The X9 PKI offers a governance model and technical framework that aligns with these unique requirements, providing a more appropriate alternative to the Web PKI.

Common use cases for the X9 PKI

The X9 PKI supports a full range of PKI applications—from TLS to S/MIME to client certificates. It can be cross certified with an institution’s internal PKI, integrating seamlessly into existing global infrastructure.

Key financial use cases include:

• ATM communications: ATMs are high-value targets. PKI enables strong encryption and authentication to guard against malware, data theft, and fraud.
• Point-of-sale (POS) systems: PKI secures payment terminals by ensuring device authorization and protecting sensitive transaction data.
• Interbank communications: PKI maintains the confidentiality and integrity of communications between financial institutions.
• Digital document signing: Provides verifiable assurance of document origin and integrity—essential in high-stakes financial documentation.
• Software code signing: Ensures that financial applications and updates are authentic and untampered, building trust across deployment pipelines.
• Digital transaction signatures: Enables non-repudiation and regulatory compliance for digitally signed financial transactions.
• User and client authentication: Issue and manage certificates for secure user identification and access control within institutions.
• Blockchain applications: Secure cryptocurrency and enterprise blockchain ecosystems using trusted certificates from the X9 PKI.
• Device authentication: IoT and network infrastructure devices can be authenticated more securely with certificates issued under the X9 framework.

Visit the X9 website for an .

Why is X9 different—and better—for financial institutions?

Unlike the Web PKI, which has to conform to the evolving needs of browser vendors, the X9 PKI is governed by the priorities of the financial industry. This has significant implications:

• Longer certificate lifespans: Financial environments often involve strict change control processes and blackout periods. Short certificate lifetimes, like those mandated by browsers, can be disruptive.
• Regulatory alignment: As financial regulations evolve, the X9 PKI can prioritize compliance. Its governance can adapt more quickly than browser-driven frameworks to emerging requirements.
• Quantum readiness: The X9 PKI is positioned to lead the adoption of post-quantum cryptographic (PQC) standards, helping institutions prepare for the coming era of quantum computing.
• Stability without browser dependency: By operating outside browser trust roots, X9 offers greater predictability and reduces the risk of compliance issues caused by changes in Web PKI policies.

In short, the X9 PKI delivers a stable, future-proof foundation tailored for financial institutions—supporting not just compliance, but operational resilience and innovation.

The latest developments in digital trust

Want to learn more about topics like PKI, PQC, and certificate management? Subscribe to the ¶ºÒõ¹Ý blog to ensure you never miss a story.