diff --git a/SecurityPolicy.html b/SecurityPolicy.html
index db8116e..0e248b1 100644
--- a/SecurityPolicy.html
+++ b/SecurityPolicy.html
@@ -775,7 +775,7 @@ and progress information should be published as soon as
 possible.
 The knowledge of the existence of the event must not be kept
 secret, nor the manner and methods be kept confidential.
-See §9.7.
+See §9.5.
 </p>
 
 <h2><a name="6">6.</a> DISASTER RECOVERY</h2>
@@ -1203,15 +1203,15 @@ Recovery must only be conducted under Arbitrator authority.
 </p>
 
 
-<h3> <a name="9.5"> 9.5. </a> Legal</h3>
+<h3> <a name="9.3"> 9.3. </a> Legal</h3>
 
-<h4> <a name="9.5.1"> 9.5.1. </a> Responsibility</h4>
+<h4> <a name="9.3.1"> 9.3.1. </a> Responsibility</h4>
 
 <p>
 The board is responsible for the CA at the executive level.
 </p>
 
-<h4> <a name="9.5.2"> 9.5.2. </a> Response to external (legal) inquiry</h4>
+<h4> <a name="9.3.2"> 9.3.2. </a> Response to external (legal) inquiry</h4>
 
 <p>
 All external inquiries of security import are filed as disputes and placed before the Arbitrator under DRP.
@@ -1227,7 +1227,7 @@ The Arbitrator's ruling may instruct individuals,
 and becomes your authority to act. 
 </p>
 
-<h3><a name="9.6">9.6.</a> Outsourcing </h3>
+<h3><a name="9.4">9.4.</a> Outsourcing </h3>
 
 <p>
 Components may be outsourced.
@@ -1270,7 +1270,7 @@ Contracts should be written with the above in mind.
 </p>
 
 
-<h3> <a name="9.7">9.7</a> Confidentiality, Secrecy </h3>
+<h3> <a name="9.5">9.5</a> Confidentiality, Secrecy </h3>
 
 <p>
 CAcert is an open organisation and adopts a principle