This is the version of this Act as it was from 31 December 2015 to 28 March 2018. Read the latest available version.
Related documents
- Is amended by Electronic Transactions (Amendment) Regulations, 2018
Seychelles
Electronic Transactions Act, 2001
Act 8 of 2001
- Commenced on 20 December 2001
- [This is the version of this document as it was at 31 December 2015 to 28 March 2018.]
Part I – Preliminary
1. Short title and application
2. Interpretation
In this Act, unless the context otherwise requires—"access" means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network;"addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary;"affixing digital signature" means adoption of any procedure by a person for the purpose of authenticating an electronic record by means of digital signature;"asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate under section 26 or a foreign certifying authority recognised under section 22;"certification practice statement" means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates;"computer" means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;"computer network" means the interconnection of one or more computers through—(a)the use of satellite, microwave, terrestrial line or other communication media; and(b)terminals or a complex consisting of two or more interconnected computers;"computer resource" means computer, computer system, computer network, data, computer database or software;"computer system" means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programs, electronic instructions, and data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;"Controller" means the Controller of Certifying Authorities appointed under section 16(1);"data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;"digital signature" means the authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with section 3;"Digital Signature Certificate" means a Digital Signature Certificate issued under section 34;"electronic form" with reference to information means any information generated, sent, received or stored in any computer storage media such as magnetic, optical, computer memory or other similar devices;"electronic record" means data, record or data generated, image or sound store, received or sent in an electronic form;"function", in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;"information" includes data, text, images, sound, codes, and databases;"intermediary", with respect to any particular electronic message, means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;"law" includes any instrument that has the force of law and any unwritten rule of law;"key pair", in an asymmetric crypto system, means a private key and it’s mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;"licence" means a licence granted to a Certifying Authority under section 26;"originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;"prescribed" means prescribed by regulation made under this Act;"private key" means the key of a key pair used to create a digital signature;"Public Authority" means a Ministry, department, division or agency of the Government or a statutory corporation or a limited liability company which is directly or ultimately under the control of the Government or any other body which is carrying out a governmental function or service or a body or person specified by an Act;"public key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;"secure system" means computer hardware, software and procedure that—(a)are reasonably secure from intrusion and misuse;(b)provide a reasonable level of reliability and correct operation;(c)are reasonably suited to performing the intended functions; and(d)adhere to generally accepted security procedures;"security procedure" means the security procedure prescribed under section 15;"subscriber" means a person in whose name the Digital Signature Certificate is issued;"verify" in relation to a digital signature, electronic record or public key, means to determine whether—(a)the initial electronic record was affixed with the digital signature by the use of the private key corresponding to the public key of the subscriber;(b)the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.Part II – Digital signature
3. Authentication of electronic records
Part III – Electronic governance
4. Legal recognition of electronic records
Where any law provides that information or any other matter shall be in writing then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is—5. Legal recognition of digital signature
Where any law provides that information or any other matter shall be authenticated by affixing the signature or any documents should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is authenticated by means of the digital signature affixed in such manner as may be prescribed.6. Use of electronic records and digital signatures in Public Authorities
7. Retention of electronic records
8. Sections 6, 7 not to confer right to insist document should be accepted in electronic form
Nothing contained in sections 6 and 7 shall confer a right upon any person to insist that any Public Authority should accept, issue, create, retain or preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.9. Power to make regulations in respect of digital signature
The Minister may, for the purposes of this Act, make regulations prescribing—Part IV – Attribution, acknowledgement and dispatch of electronic records
10. Attribution of electronic records
An electronic record shall be attributed to the originator if it was sent—11. Acknowledgement of receipt
12. Time and place of dispatch and receipt of electronic records
Part V – Secure electronic records and secure digital signatures
13. Secure electronic record
Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.14. Secure digital signature
If by application of a security procedure agreed to by the parties concerned it can be verified that a digital signature, at the time it was affixed, was—15. Security procedure
The Minister shall for the purposes of this Act prescribe the security procedure having regard to commercial circumstances prevailing at the time when the procedure is used, including—Part VI – Regulation of Certifying Authorities
16. Appointment of Controller and other officers
17. Functions of Controller
The Controller may perform all or any of the following functions, namely—18. Controller to act as repository
19. Power to delegate
The Controller may, in writing, authorise the Deputy Controller, Assistant Controller or any other officer to exercise any of the powers of the Controller under this Part20. Power to investigate contraventions
The Controller or any officer authorised by him in that behalf may investigate any contravention of the provisions of this Act or regulations made thereunder.21. Access to computers and data
22. Recognition of foreign Certifying Authorities
23. Licence to issue Digital Signature Certificates
24. Application for licence
25. Renewal of licence
An application for renewal of a licence shall be—26. Procedure for grant or rejection of licence
The Controller may, on receipt of an application under section 23(1), after considering the documents accompanying the application and such other matters as he deems fit, grant the licence or reject the application:Provided that no application shall be rejected under this section unless the applicant has been given a reasonable opportunity of presenting his case.27. Revocation of licence
28. Notice of suspension or revocation of licence
29. Certifying Authority to follow certain procedures
Every Certifying Authority shall—30. Certifying Authority to ensure compliance with the Act, etc
Every Certifying Authority shall ensure that every person employed or otherwise engaged by it complies, in the course of that person’s employment or engagement, with the provisions of this Act and regulations made thereunder.31. Display of licence
Every Certifying Authority shall display its licence in a conspicuous place at the premises in which it carries on its business.32. Surrender of licence
Every Certifying Authority whose licence is suspended or revoked shall, immediately after such suspension or revocation, surrender the licence to the Controller:33. Disclosure
Part VII – Digital Signature Certificates
34. Certifying Authority to issue Digital Signature Certificate
35. Representations upon issuance of Digital Signature Certificate
A Certifying Authority while issuing a Digital Signature Certificate shall certify that—36. Suspension of Digital Signature Certificate
37. Revocation of Digital Signature Certificate
38. Notice of suspension or revocation
Where a Digital Signature Certificate is suspended or revoked under section 36 or section 37, the Certifying Authority shall publish a notice of such suspension or revocation, as the case may be, in the repository or repositories specified in the Digital Signature Certificate for publication of such notice.Part VIII – Duties of subscribers
39. Generating key pair
Where any Digital Signature Certificate, the public key of which corresponds to the private key of the subscriber which is to be listed in the Digital Signature Certificate has been accepted by the subscriber, then the subscriber shall generate the key pair by applying the security procedure.40. Acceptance of Digital Signature Certificate
41. Control of private key
Part IX – Offences
42. Tampering with computer source document
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be guilty of an offence and liable on conviction to imprisonment for three years and a fine of R20, 000. For the purposes of this section, "computer source code" means the listing of programs, computer commands, design and layout and program analysis of computer resource in any form.43. Penalty for failure to furnish information, return etc
If any person who is required, under this Act or any regulation made thereunder to—44. Power of the Controller to give directions
45. Supreme Court may order interception
46. Protected system
47. Penalty for misrepresentation
Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be, shall be guilty of an offence and liable to imprisonment for two years and to a fine of R10,000.48. Penalty for breach of confidentiality and privacy
Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuance of the powers conferred under this Act or regulations made thereunder, secures access to any electronic record, book, register, correspondence, information, document or other material and without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be guilty of an offence and liable to imprisonment for five years and to a fine of R10,000.49. Penalty for publishing Digital Signature Certificate false in certain particulars
50. Publication for fraudulent purpose
Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be guilty of an offence and liable on conviction to imprisonment for two years and to a fine of R10,000 or to both such imprisonment and fine.51. Act to apply to offences outside Seychelles
52. Forfeiture
Any computer, computer system, floppies, compact discs, tape drives or any other accessories related thereto, in respect of which any provision of the Act or regulations made thereunder has been contravened, shall be liable to forfeiture:Provided that where it is established to the satisfaction of the Court that the person in whose possession, power or control any such computer, computer system, floppies, compact discs, tape drives or any other accessories relating thereto are found is not responsible for the contravention of the provisions of this Act or regulations made thereunder, the Court may, instead of making an order for forfeiture of such computer, computer system, floppies, compact discs, tape drives or any other accessories related thereto, make such order authorised by this Act against the person contravening the provisions of this Act or regulations made thereunder, as it may think fit.Part X – Miscellaneous
53. Network service providers not liable in certain cases
For the removal of doubt, it is hereby declared that no person providing service as a network service provider shall be liable under this Act or regulations made thereunder for any third party information or data made available by him if he proves that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence.54. Protection of action taken in good faith
No suit, prosecution or other legal proceeding shall lie against the Government, the Controller or any person acting on behalf of the Controller for anything which is in good faith done or intended to be done in pursuance of this Act or any regulation made thereunder.55. Constitution of Advisory Committee
56. Power of Minister to make regulations
History of this document
29 March 2018
31 December 2015 this version
Consolidation
20 December 2001
Commenced
Subsidiary legislation
Title
|
Date
|
|
---|---|---|
Electronic Transactions (Affixing Digital Signature) Regulations, 2018 | Statutory Instrument 22 of 2018 | 29 March 2018 |