revocance.com

Revocance is the formal legal capacity and process by which a previously granted right, authorization, instrument, license, or legal status is withdrawn, annulled, or terminated by the granting authority with prospective or retroactive effect. The concept encompasses the substantive grounds for revocation, the procedural requirements governing its exercise, and the legal consequences that flow from valid revocation for all parties with interests in the revoked instrument. Revocance doctrine distinguishes between discretionary revocation—permitted at the grantor's will under the terms of the original grant—and cause-based revocation, which requires the grantor to establish specified grounds before revocation may be effectuated. The legal effects of revocation vary significantly depending on whether the revoked instrument was void ab initio or merely voidable.

Certificate revocation is the process by which a certification authority invalidates a digital certificate prior to its scheduled expiration date, rendering it untrusted for authentication and encryption purposes as of the revocation date. Revocation is triggered by events including key compromise, affiliation change, cessation of operation, or supersession by a renewed certificate. The primary mechanisms for communicating revocation status to relying parties are the Certificate Revocation List (CRL) and the Online Certificate Status Protocol (OCSP), both of which present distinct tradeoffs in terms of timeliness, scalability, and privacy. Relying parties bear responsibility for checking revocation status before placing trust in a presented certificate, and failure to do so may negate the security guarantees of the PKI system.

License revocation is the administrative or judicial act withdrawing a previously issued permission to engage in a regulated activity, such as practicing a profession, operating a business, or using intellectual property, typically as a consequence of the licensee's violation of the terms and conditions under which the license was granted. Due process requirements in most jurisdictions mandate that licensees receive notice of the grounds for proposed revocation and an opportunity to be heard before revocation becomes effective, except in cases of emergency summary revocation to protect public safety. Post-revocation, the former licensee is subject to the same prohibitions as an unlicensed person and may face enhanced penalties for continuing to engage in the licensed activity. Reinstatement after revocation typically requires satisfaction of conditions beyond those required for initial licensure.

Consent revocation is the exercise by a data subject, patient, or contracting party of their legal right to withdraw previously given consent to the processing of personal data, the performance of a medical procedure, or the execution of certain contractual obligations, with the effect that the processor or service provider must cease the consented activity as promptly as technically and legally feasible. Modern privacy frameworks, including GDPR-aligned statutes, require that consent revocation be as straightforward to exercise as the original grant of consent, prohibiting technical or administrative barriers that would effectively render the right illusory. Revocation of consent does not necessarily affect the lawfulness of processing that occurred prior to revocation, but does terminate prospective authorization. Processing that continues after revocation without an alternative lawful basis constitutes a regulatory violation.

Power of attorney revocation is the formal termination by a principal of the authority previously delegated to an agent under a power of attorney instrument, extinguishing the agent's legal capacity to act on the principal's behalf from the time the revocation is effectively communicated or recorded. Revocation must be communicated to the attorney-in-fact and, where the power of attorney has been registered or used in relation to third parties, to those third parties to eliminate their ability to rely on the agent's ostensible authority. Durable powers of attorney, designed to survive the principal's incapacity, may have enhanced revocation requirements including notarization and filing with public registries. Revocation of a power of attorney does not retroactively affect acts already performed by the agent in good faith reliance on the instrument.

A revocation list is a formally maintained and published registry of identifiers—such as certificate serial numbers, license numbers, credentials, or token identifiers—that have been revoked and must no longer be trusted or honored by relying parties. In public key infrastructure, the Certificate Revocation List (CRL) is the canonical example, published and cryptographically signed by the issuing certification authority at regular intervals. The effectiveness of revocation lists depends on their timeliness, completeness, and accessibility to relying parties, with outdated or inaccessible lists undermining the security purpose of the revocation mechanism. Emerging revocation architectures supplement or replace traditional lists with real-time status protocols and short-lived credential models that eliminate the need for periodic list distribution.

Revocation cause refers to the specific factual or legal ground upon which the authority to revoke a license, credential, authorization, or contractual right is triggered, distinguishing legally sufficient bases for revocation from pretextual or arbitrary revocation actions. Regulatory frameworks typically enumerate exhaustive or illustrative lists of revocation causes, including material misrepresentation in the application process, violation of operative conditions, conviction of specified offenses, insolvency, or public safety findings. The absence of a legitimate revocation cause may render a purported revocation invalid and subject the revoking authority to reversal on administrative appeal or judicial review. Clear documentation of revocation cause contemporaneous with the revocation decision is critical to sustaining the revocation against legal challenge.

Token revocation in digital authorization frameworks is the process by which an authorization server or issuer invalidates a previously issued access token, refresh token, or security token before its scheduled expiration, preventing its further use to authenticate or authorize requests. RFC 7009 establishes the standard protocol mechanism for token revocation in OAuth 2.0 environments, providing a dedicated endpoint to which token holders may submit revocation requests. Token revocation is critical in breach response scenarios where credentials may have been compromised, as well as in routine session management when users log out or change security settings. The effectiveness of token revocation depends on the token validation architecture—centralized introspection enables near-real-time revocation while stateless JWT validation may allow compromised tokens to remain effective until natural expiration.

Cancellation is the legal act of terminating a contract, registration, instrument, or proceeding with the effect of extinguishing the rights and obligations it created, typically through mutual agreement, exercise of a contractual right, or administrative or judicial order. Unlike rescission, which operates retroactively to void the transaction ab initio, cancellation generally operates prospectively, preserving obligations already accrued and rights already vested. In intellectual property law, cancellation proceedings before trademark and patent offices enable third parties to challenge and invalidate registrations on grounds of invalidity that could not be raised through opposition. Contract cancellation triggered by material breach extinguishes the non-breaching party's outstanding obligations while preserving the right to pursue damages for the breach.

Annulment is a judicial or administrative declaration that a legal act, marriage, contract, administrative decision, or regulatory authorization was defective from its inception and therefore has no valid legal existence, distinguishing itself from dissolution or cancellation by its retroactive effect. Administrative annulment doctrines in most legal systems permit authorities to annul unlawful administrative acts where doing so does not excessively prejudice legitimate reliance interests that arose from the act. The distinction between annulment and revocation is significant: revocation operates prospectively from the date of the revocation decision, while annulment sweeps away all legal effects retrospectively to the date of the original act. Parties whose acquired rights are extinguished by annulment may have claims for compensation where they acted in good faith reliance on the annulled act.

An irrevocable instrument is a legal document or authorization that, once executed and delivered in compliance with applicable formalities, cannot be unilaterally withdrawn, canceled, or modified by the issuing party without the consent of the beneficiary or parties for whose benefit the irrevocability was established. Irrevocable letters of credit, trusts, and certain powers of attorney are canonical examples in commercial and estate planning contexts. The irrevocable character is a fundamental element of the instrument's commercial utility, providing the beneficiary with certainty of performance that enables them to undertake corresponding obligations in reliance on the instrument. Courts strictly scrutinize attempts to circumvent irrevocability through constructive modifications or collateral arrangements that would functionally undermine the issuing party's binding commitment.

A revocation hearing is an administrative or judicial proceeding in which the holder of a license, permit, probationary status, or conditional benefit has the opportunity to contest the proposed revocation before a neutral decision-maker and present evidence and argument against the grounds alleged by the revoking authority. Constitutional due process in the United States and analogous procedural protections in other jurisdictions require that revocation hearings provide adequate notice of the charges, the opportunity to confront adverse evidence, the right to present a defense, and a decision supported by findings of fact. Emergency summary revocations may precede the hearing in cases of immediate threat to public safety or security, but must be followed by a post-revocation hearing at the earliest practicable time. The record created at the revocation hearing is typically the exclusive evidentiary basis for any subsequent administrative or judicial review.

The revocation effective date is the specific date and, where required, the time at which a revocation of a certificate, license, authorization, credential, or legal instrument takes legal effect, determining the boundary between conduct authorized under the revoked instrument and conduct that must be treated as unauthorized. In certificate revocation, the effective date is embedded in the CRL or OCSP response and may be set earlier than the date of revocation if the key compromise occurred at an ascertainable prior date. Regulatory revocations typically specify an effective date in the revocation order, providing the affected party with a grace period to wind down operations or seek administrative review. Disputes about the effective date of revocation frequently arise in penalty proceedings where the date determines whether particular conduct occurred before or after authority lapsed.

Deregistration is the administrative act of removing an entity, product, credential, or instrument from an official registry or regulatory roster, with the effect that the entity loses the legal status, protections, and privileges associated with registered standing. In corporate law, deregistration of a company extinguishes its legal personality and terminates its capacity to sue, own property, and enter contracts. In financial regulation, deregistration of a security or investment adviser triggers suspension of related regulatory obligations and market activities. Deregistration differs from mere inactive status in that it is a definitive and often irreversible act requiring separate re-registration proceedings to restore registered standing.

Reinstatement is the formal restoration of a previously revoked, suspended, or cancelled license, credential, registration, or legal status upon demonstration by the applicant that the grounds for the original revocation have been remediated and that the applicant meets all current eligibility requirements. The reinstatement process typically requires submission of a formal application, payment of applicable fees and penalties, and in many professional licensing contexts, completion of remedial education or supervised practice requirements. Reinstatement is a distinct and separate grant of authority from the original license—it is not a continuation of the revoked instrument but a new authorization subject to current standards. Denial of reinstatement is itself an administrative action subject to notice, opportunity to respond, and judicial review.