ELECTRONIC TRANSACTIONS ACT, 2001

Arrangement of Sections

PART I

PRELIMINARY

1. Short title and application.

2. Interpretation.

PART II

DIGITAL SIGNATURE

3. Authentication of electronic records.

PART III

ELECTRONIC GOVERNANCE

4. Legal recognition of electronic records.

5. Legal recognition of digital signature.

6. Use of electronic records and digital signatures in Public Authorities.

7. Retention of electronic records.

8. Sections 6, 7 not to confer right to insist document should be accepted in electronic form.

9. Power to make regulations in respect of digital signature.

PART IV

ATTRIBUTION, ACKNOWLEDGeMENT AND DISPATCH OF ELECTRONIC RECORDS

10. Attribution of electronic records.

11. Acknowledgement of receipt.

12. Time and place of dispatch and receipt of electronic records.

PART V

SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES

13. Secure electronic record.

14. Secure digital signature.

15. Security procedure.

PART VI

REGULATION OF CERTIFYING AUTHORITIES

16. Appointment of Controller and other officers.

17. Functions of Controller.

18. Controller to act as repository.

19. Power to delegate.

20. Power to investigate contraventions.

21. Access to computers and data.

22. Recognition of foreign Certifying Authorities.

23. Licence to issue Digital Signature Certificates.

24. Application for licence.

25. Renewal of licence.

26. Procedure for grant or rejection of licence.

27. Revocation of licence.

28. Notice of suspension or revocation of licence.

29. Certifying Authority to follow certain procedures.

30. Certifying Authority to ensure compliance with the Act, etc.

31. Display of licence.

32. Surrender of licence.

33. Disclosure.

PART VII

DIGITAL SIGNATURE CERTIFICATES

34. Certifying Authority to issue Digital Signature Certificate.

35. Representations upon issuance of Digital Signature Certificate.

36. Suspension of Digital Signature Certificate.

37. Revocation of Digital Signature Certificate.

38. Notice of suspension or revocation.

PART VIII

DUTIES OF SUBSCRIBERS

39. Generating key pair.

40. Acceptance of Digital Signature Certificate.

41. Control of private key.

PART IX

OFFENCES

42. Tampering with computer source document.

43. Penalty for failure to furnish information, return etc.

44. Power of the Controller to give directions.

45. Supreme Court may order interception.

46. Protected system.

47. Penalty for misrepresentation.

48. Penalty for breach of confidentiality and privacy.

49. Penalty for publishing Digital Signature Certificate false in certain particulars.

50. Publication for fraudulent purpose.

51. Act to apply to offences outside Seychelles.

52. Forfeiture.

PART X

MISCELLANEOUS

53. Network service providers not liable in certain cases.

54. Protection of action taken in good faith.

55. Constitution of Advisory Committee.

56. Power of Minister to make regulations.

SCHEDULE

8 of 2001.

SI 38 of 2001.

AN ACT to provide for legal recognition of transactions carried out by means of electronic data interchange and other means of electronic communication, to facilitate electronic filing of documents with Public Authorities and to provide for matters connected therewith or incidental thereto.

[Date of commencement: 20th December 2001]

PART I

PRELIMINARY

1. Short title and application.

(1) This Act may be cited as the Electronic Transactions Act, 2001.

(2) [Commencement - omitted as spent.]

(3) Nothing in this Act shall apply to the documents and transactions specified in the Schedule to this Act.

2. Interpretation.

In this Act, unless the context otherwise requires—

“access” means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network;

“addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary;

“affixing digital signature” means adoption of any procedure by a person for the purpose of authenticating an electronic record by means of digital signature;

“asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;

“Certifying Authority” means a person who has been granted a licence to issue a Digital Signature Certificate under section 26 or a foreign certifying authority recognised under section 22;

“certification practice statement” means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates;

“computer” means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;

“computer network” means the interconnection of one or more computers through—

(a) the use of satellite, microwave, terrestrial line or other communication media; and

(b) terminals or a complex consisting of two or more interconnected computers;

“computer resource” means computer, computer system, computer network, data, computer database or software;

“computer system” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programs, electronic instructions, and data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

“Controller” means the Controller of Certifying Authorities appointed under section 16(1);

“data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

“digital signature” means the authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with section 3;

“Digital Signature Certificate” means a Digital Signature Certificate issued under section 34;

“electronic form” with reference to information means any information generated, sent, received or stored in any computer storage media such as magnetic, optical, computer memory or other similar devices;

“electronic record” means data, record or data generated, image or sound store, received or sent in an electronic form;

“function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;

“information” includes data, text, images, sound, codes, and databases;

“intermediary”, with respect to any particular electronic message, means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;

“law” includes any instrument that has the force of law and any unwritten rule of law;

“key pair”, in an asymmetric crypto system, means a private key and it’s mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;

“licence” means a licence granted to a Certifying Authority under section 26;

“originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;

“prescribed” means prescribed by regulation made under this Act;

“private key” means the key of a key pair used to create a digital signature;

“Public Authority” means a Ministry, department, division or agency of the Government or a statutory corporation or a limited liability company which is directly or ultimately under the control of the Government or any other body which is carrying out a governmental function or service or a body or person specified by an Act;

“public key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;

“secure system” means computer hardware, software and procedure that—

(a) are reasonably secure from intrusion and misuse;

(b) provide a reasonable level of reliability and correct operation;

(c) are reasonably suited to performing the intended functions; and

(d) adhere to generally accepted security procedures;

“security procedure” means the security procedure prescribed under section 15;

“subscriber” means a person in whose name the Digital Signature Certificate is issued;

“verify” in relation to a digital signature, electronic record or public key, means to determine whether—

(a) the initial electronic record was affixed with the digital signature by the use of the private key corresponding to the public key of the subscriber;

(b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

PART II

DIGITAL SIGNATURE

3. Authentication of electronic records.

(1) Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature.

(2) The authentication of an electronic record shall be effected by the use of an asymmetric crypto system and hash function. For the purposes of this subsection, “hash function” means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “hash result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible—

(a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm;

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.

Please click here to login