ELECTRONIC TRANSACTIONS ACT, 2001

(Act 8 of 2001)

I assent

F.A. Rene President

30th July 2001



AN ACT to provide for legal recognition of transactions carried out by means of electronic data interchange and other means of electronic communication, to facilitate electronic filing of documents with Public Authorities and to provide for matters connected therewith or incidental thereto.

ENACTED

by the President and the National Assembly.

1. (I) This Act may be cited as the Electronic Transactions Act, 2001.

(2) This Act shall come into force on such date as the Minister may, by notice published in the Gazette appoint, and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the commencement of that provision.

(3) Nothing in this Act shall apply to the documents and transactions specified in the Schedule to this Act.

2. In this Act, unless the context otherwise requires— "access" means gaining entry into, instructing or communicating with, the logical, arithmetical or memory function resources of a computer, computer system or computer network;

"addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary;

"affixing digital signature" means adoption of any procedure by a person, for the purpose of authenticating an electronic record by means of digital signature;

"'asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;

"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate under section 26 or a foreign certifying authority recognised under section 22:

"Certification practice statement means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates;

"computer" means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic optical impulses, and includes all input, output processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;

"computer network" means the interconnection clone or more computers through—

(i) the use of satellite, microwave, terrestrial line or other communication media: and

(ii) terminals or a complex consisting of two or more interconnected computers;

"computer resource" means computer, computer system, computer network, data, computer database or software;

"computer system" means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, and data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

"Controller" means the controller of Certifying Authorities appointed under section 16 (1):

"data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

"digital signature" means the authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with section 3;

"Digital Signature Certificate" means a Digital Signature Certificate issued under section 34;

"electronic form" with reference to information means any information generated, sent, received or stored in any computer storage media such as magnetic, optical, computer memory or other similar devices;

"electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form;

"function", in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;

"information" includes data, text, images, sound, codes and databases;

"intermediary" with respect to any particular electronic message, means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;

"law" includes any instrument that has the force of law and any unwritten rule of law;

"key pair" in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;

"licence" means a licence granted to a Certifying Authority under section 26

"originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;

'prescribed' means prescribed by regulation made under this Act;

'private key" means the key of a key pair used to create a digital signature;

"Public Authority" means a Ministry, department, division or agency of the Government or a statutory corporation or a limited liability company which is directly or ultimately under the control of the Government or any other body which is carrying out a governmental function or service or a body or person specified by an Act;

"public key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;

"secure system" means computer hardware, software and procedure that—

(a) are reasonably secure from intrusion and misuse;

(b) provide a reasonable level of reliability and correct operation:

(c) area reasonably suited to performing the intended functions; and

(d) adhere to generally accepted security procedures;

"'security procedure" means the security procedure Prescribed under section 15;

"subscriber" means a person in whose name the Digital Signature Certificate is issued;

"verify" in relation to a digital signature, electronic record or public key, means to determine whether—

(i) the initial electronic record was affixed with the digital signature by the use of the private key corresponding to the public key of the subscriber;

(ii) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.