PacLII Home | Databases | WorldLII | Search | Feedback

Vanuatu Sessional Legislation

You are here:  PacLII >> Databases >> Vanuatu Sessional Legislation >> Electronic Transactions Act 2000

Database Search | Name Search | Noteup | Download | Help

Electronic Transactions Act 2000

Assent: 12 September 2000
Commencement: 6 November 2000

REPUBLIC OF VANUATU


ELECTRONIC ACTIONS ACT


NO. 24 OF 2000

Arrangement of Sections

PART 1 - PRELIMINARY

1 Definitions
2 Objects
3 Regulatory Policy
4 Government not obliged to use electronic records
5 Acceptance of electronic records by the Government
6 General exclusions
7 Exclusions by Minister

PART 2 - LEGAL REQUIREMENTS FOR ELECTRONIC RECORDS


8 Legal recognition of electronic records
9 Writing
10 Delivery
11 Signature
12 Original form
13 Retention of electronic records
14 Admissibility and evidential weight of electronic records

PART 3 - COMMUNICATION OF ELECTRONIC RECORDS


15 tionation and validity of contracts
16 Attribution of electronic records
17 Acknowledgment of receipt of electronic records
18 Time and place of dispatch and receipt of electronic records

PART 4 - ELECTRONIC SIGNATURES


19tronitronic signature associated with accredited certificate
20 Certification and revocationertificatiocation
21 Recognition of external certification service providers
22 Pseudonyms
23 Liability of authorised certification service provider

PART 5 - ENCRYPTION AND DATA PROTECTION


24 Encryption
25 Data protection

PART 6 - INTEARIES AND E-COMMERCE SERVICE PROVIDERS


26 lityility of intermediaries
27 Procedure for dealing with unl, defamatory etc. information
28 CodesCodes of conduct and standards for intermediaries and e-commerce service providers
29 Offence to contravene code of conduct or standards

PART 7 - GENERAL


30 Regulations
31 Commencement

---------------------------------------------------- <

REPUBLIC OF VANUATU


ELECTRONIC TRANSACTIONS ACT

NO. 24 OF 2000

An Act to make provision for electronic transactions, and for related matters


BE IT ENACTED by the President and the Parliament as follows:

PART 1 - PRELIMINARY

Definitions

1. In this Act, unless the contrary intention appears:

"dccredited certificate" means an electronic record that:

(a) associates a signature verification device to a person; and

(b) confirms tentity of t of that person; and

(c) is issued authorised certification sion service provider under section 20;

#160;

"addressee", ee", in relation to an electronic record, means a person who is intended by the originator to receive the electronic record, but does not include a person acting as an intermediary with respect to that electronic record;

"appropriate law enforcement agency " means:

(a) the the Public Prosecutor; or

(b) tto) ttorney-General; or

(c

(c) a person prescribr the purposes of any proviprovision of this Act in which the expressccurs;

"approved form " means a form approved by the Minister for use under this Act;

"certifertification service provider" means a person who issues identity certificates for theoses of elef electronic signatures or provides other services to the public related to electronic signatures;

cata controller" means a person who, either alone or jointly orommon with other persons, determines the puhe purposes for which and the manner in which any personal data is, or is to be, processed;

"data processor" means a person who processes personal data on behalf of a data controller;

&#1/p>

"e-c>"e-commerce service provider" means a person who uses electronic means in providing goods, services or information;

"elp>"electronic record" means a record created, stored, generated, received mmunicated by electronic meic means;

"electrlectronic signature" means a signature in electronic form in, attached r logically associated with with, information that is used by a signatory to indicate his or her adoption of the content of that information and meets the following requirements:

(b)s cais capable of identifying the sign signatory;

( is cris created using means that the the signatory can maintaier his or her sole control;

<60;

(d) it is linked to the information to which it relates in such a manner that ubsequent alteration of thef the information is revealed;

"electronic signature product" means hardware or software, or components of either, that are intended to be used by a certification service provider for the provision of electronic signature services;

"identidentifiable individual" means an individual who can be identified, directly or indirectn particulaicular by reference to an identification number or to one or more factors specific to his or her physiological, mental, economic, cultural or social identity;

"information" includes data, text, images, sounds, codes, computer pms, software and databases;

160;

"information processing system" means an electronic system for creating, geneg, sending, receiving, stor storing, displaying, or otherwise processing information;

"intermntermediary", in relation to an electronic record, means a person who, on behalf of an person, sen, sends, receives or stores that electronic record or provides other services with respect to that electronic record;

Ministinister" means the Minister responsible for telecommunications and electronic commerce;

inriginator", in relation to an electronic record, means a persowhom, or on whose behalf, the electronic reic record purports to have been sent or generated prior to storage (if any) but does not include a person acting as an intermediary with respect to that electronic record;

"personal data" means any information relating to an identified or identifiable;

<60;

"prescribed" med" means prescribed by the regulations made under this Act;

"record" means information that is inscribed on a tangible medium or that is stored in ectronic, paper-based or anor any other medium and is retrievable in perceivable form;

"signature creation device" means unique data or a uniquely configured physical device wis used by the signatory inry in creating an electronic signature;

Objects

2. The objects of this Act are:

(a) han) hance the reputation of Vanf Vanuatu as an international business cenand

(b)p>(b) to facilitate electronic transactions by means of reliable electronic records; and

(d) to promote public confidence in the validity, integrity and relity of conducting transactions electronicalnically; and

(e) to promote the development of the legal and business infrastructure necessary to implement electronic transactions securely.

Regulatory policy

3. The Government is to regulate transactions carried out by electronics so as to:s to:

(a) permit and encourage the growth of business by electronic means through the operation of free market forces; and

ro) promote the greatest possible use of industry self-regulation.

verGovernmet obliged tged to use electronic records

4. Nothing in thi obliges any ministry, depa department or agency of the government to generate, send, receive, store or otherwise process any record by electronic means.

Acceptance of electronic records by the Government

5. The Minister may, tice published in the GazetGazette, indicate that a ministry, department or agency of the government will receive and process electronic records relating to such matters as may be specified in the notice.

6. Parts 2 and 3 do not apply to any rule of law requiring writi signaturestures for the following matters:

(a) the creation, execution or revocation of a will or testamentary instrumebr>
(b) the conveyance of real prol property or the transfer of any interest in real property.

cluExclusions by Minister

7. The Minister may, by order in writing, pe that this Act, or such prch provisions as are specified in the order, do not apply to any class of transactions, persons, matters or things specified in the order.

PART 2 - LEGAL REQUIREMENTS FOR ELECTRONIC RECORDS

Legal recognition of electronic records

8. Information is not to be denied legal effect, validity, admissibility or enforceability solely on the ground that it is:

(a) in the form of an electronic record; or

(b) not not contained in the electronic record purporting to give rise to suchl effect, but is referred tred to in that electronic record.

Writing

9. (1) If information is:

(a) required by law to be in writing; or

(b) desc described in any statutory provision as being written>

that requirement or description is mets met by an electronic record if the information contained in the electronic record is accessible and is capable of retention for subsequent reference.

(2) Subsection (1) applies whether the requirement for the information to be in writing is in the form of an obligation or the law provides consequences if it is not in writing.

10 (1) If information is required by law to be delivered, dispatched, given or sent to, or to be served on a person, that requirement is met by doing so in the form of an electronic record if:

(a) the originator of the electronic record states that the receipt of tectronic record is to be acknowledged; and and

(2) Suion (1) applies whether the requirement fort for delivery, dispatch, giving, sending or serving is in the form of an obligation or the law provides consequences for the information not being delivered, dispatched, given, sent or served.

11. (1) If the signature of a person is red by law, that requirement is met by an elan electronic record if:

2) An elec electronic record that meets the requirements of paragraphs (1)(a) and (b) is not to be denied legal effect, validity and enforceability solely on the ground that it:

s ) is not an electronic signature; or

(b) is not associated with an accredited certificate.

(3) Subsection (1) applies whether the requirement for a signature is in the form of an obligation or the law provides consequences for the absence of a signature.

Original form

12 (1) If information is required by law presented or retained in its original form form, that requirement is met by an electronic record if:

) ther there exists a reliable assurance as to the integrity of the information the time it was first genergenerated in its final form as an electronic record or otherwise; and


(2)ectbsection (1) applies whether the requirement for the information to be presented or retained s original inal form is in the form of an obligation or the law provides consequences if it is not presented or retained in its original form.

(3) For the purposes of paragraph (1)(a):

(a the criterion for assessing integrity is whether the information has remained complete and unaltered, apart from the addition of any endorsement and any change which arises in the normal course of communication, storage and display; and

Retention of electronic records

13 (1) If certacuments, records or information are requirequired by law to be retained, that requirement is met by retaining electronic records if the following conditions are satisfied:

(a) the information contained in the electronic record is accessible a capable of retention for subsequent refereeference;

(b) the) the electronic record is retained in the format in wht was generated, sent or received, or in a in a format which can be demonstrated to represent accurately the information generated, sent or received;

(c) any) any information that enables the identification of the origin and destination of an eonic recordecord and the date and time when it was sent or received, is retained.

(2) An obligation to retain documents, records or information in accordance with subsection (1) does not extend to any information the sole purpose of which is to enable the message to be sent or received.

(3) A person may satisfy the requirement referred to in subsection (1) by using the services of any other person, if the conditions set out in paragraphs (1)(a), (b) and (c) are met.

Admissibility and evidential weight of electronic records

) In any legal proceedings, nothing in the the rules of evidence is to apply so as to deny the admissibility of an electronic record in evidence:

f ) if it i best evideevidence that the person adducing it could reasonably be eed to obtain, on the groundround that it is not in its original form.

(2) Information in the form of an electronic record is to be given due evidential weight and in assessing the evidential weight of an electronic record, regard is to be had to:

(a) the reliability of the manner in which the electronic record was generated, stored or communicated; and

(b) the reliability of the manner in which the integrity of the information was maintained; and

(c) the manner in which the originator was identified; and

&

(d) any other relevant factor.

PART 3 - COMMUNICATION OF ELECTRONIC RECORDS

Formation and validity of y of contracts

15 (1) In the context of the formation of contracts, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of electronic records.

(2) As between the originator and the addressee of an electronic record, a declaration of intention or other statement or delivery of a deed is not to be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.

16 (1) An electronic record is attributable to a p if the elee electronic record resulted from the action of the person, by the person's agent or the person's electronic agent device.

(2) Attribution may be proven in any manner, including by showing the efficacy of any security procedure applied to determine the person to whom the electronic record was attributable.

Acknowledgement of receipt of electronic records

17 (1) Subsections (2), (3) and (4) applye, on or beor before sending an electronic record, or by means of that electronic record, the originator has requested or has agreed with the addressee that receipt of the electronic record be acknowledged.

(2) If the originator has not agreed with the addressee that the acknowledgement be given in a particular form or by a particular method, an acknowledgement may be given by:

) any) any communication by the addressee, automated or otherwise; or

(b) any) any conduct of the addressee;

that is reasonably sufficient to indicate to thginator thar that the electronic record has been received.

(3) If the originator has stated that the electronic record is conditional on receipt of the acknowledgement, the electronic record is to be treated as though it had never been sent until the acknowledgement is received.

(4) If the originator has not stated that the electronic record is conditional on receipt of the acknowledgement, and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time, the originator:

) may) may give notice to the addressee stating that no acknowledgement has been received and sping a reasoreasonable time by which the acknowledgement must be received; and

f ) if the acknowledgement is not received within the time specified in paragraph (a), may, uponce to the athe addressee, treat the electronic record as though it had never been sent or exercise any other rights the originator may have.

(5) If the originator receives the addressee's acknowledgement of receipt, it is presumed that the relatectronic recc record was received by the addressee, but that presumption does not imply that the electronic record corresponds to the record received.

xcept cept in so far as it relates to the sending or receipt of the electronic record, this sects not intenintended to deal with the legal consequences that may flow either from that electronic record or from the acknowledgement of its receipt.

>Time>Time and place of dispatch and receipt of electronic records

18 (1) Unless othe agreed betd between the originator and the addressee, the dispatch of an electronic record occurs when it enters an information processing system outside the control of the originator.

(2) Unless otherwise agreed between the originator and the addressee, the time of receipt of an electronic record is determined as follows:

(a) if the addressee has designated an information processing system for the purpose of receiving eleic records,ords, receipt occurs:

) at ) at the time when the electronic record enters the designated information ssing system; or

&#

(ii) ifi) if the electronic record is sent to an information processing system of the addressat is not tnot the designated information processing system, at the time when the electronic record comes to the attention of the addressee; or

(b) if the addressee has not designated an information processing system, receipt occurs when the ronic recorrecord enters an information processing system of the addressee or otherwise comes to the attention of the addressee.

(3) Subsection (2) applies notwithstanding that the place where the information processing system is located may be different from the place where the electronic record is taken to be received under subsection (4).

(4) Unless otherwise agreed between the originator and the addressee, an electronic record is taken to be dispatched at the place where the originator has his or her place of business, and is taken to be received at the addressee's place of business.

(5) For the purposes of subsection (4):

(a)he the originator or the addressee has more than one place of business, the place of business it which hash has the closest relationship to the transaction to which the electronic record relates or, where there is no such transaction, the place of business is presumed to be the principal place of business; or

PART 4 - ELECTRSIGNATURES

eb>Eleb>Electronic signature associated with an accredited certificate

19 An electrongnature thae that is associated with an accredited certificate issued by an authorised certification service provider under section 20 is taken to satisfy the requirements of paragraphs 11(1)(a) and (b).

Certification and revocation of certification

20 (1) A person may apply to the Ministr authorisaorisation to provide accredited certificates.

(2) The application must be in the approved form and be accompanied by the prescribed fee.

(3) The Minister may, if satisfied that the applicant:

(a) has the knowledge and expertise to provide accredited certificates; and

&

(b) has the technicchnical capabilities to provide accredited certificates; and

(c) meets any other prescribed criteria

by notice published in the Gazette, aute the applicant to provide vide accredited certificates.

(4) Subject to subsection (5), the Minister, if satisfied that an authorised certification service provider no longer meets the criteria in paragraphs (3)(a), (b) and (c), may by notice published in the Gazette revoke an authorisation.

(5) Before revoking an authorisation, the Minister must give the authorised certification service provider written notice:

tat stating the Minister intends to revoke the authorisation; an>

(d) indicating the reas reasons for the proposed revocation; and

(6) The Minister must consider any such representations in deciding whether to revoke the authorisation and give the authorised certification service provider written notice of his or her decision within 7 days after making it.

(7) The revocation takes effect on the date specified in the notice.

Recognition of external certification service providers

(a) certificates or classes of certificates issued in other jurisdictions; or

(btification tion service providers or classes of certification serviceiders established in other jurisdictions.

(2) Upon publication of the notice and on payment of the prescribed fee:

(a) those certificates or classes of certificates taken to be accredited certificates; and

(b) those certification service providers or classes of certification ce providers are taken to be authorised undd under subsection 20(2).

(3) In determining to accord recognition under subsection (1) the Minister must have regard to whether:

(a) the the certificates or classes of certificates are requir, and do in fact, meet obligations equivaleivalent to those required for an accredited certificate; and

(b) the certification service providers or classes of certification serproviders are required to, and do in fact, act, meet criteria equivalent to those required for an authorised certification service provider.

(4) The Minister may, by notice published in the Gazette, revoke any recognition accorded under subsectio.

(

(5) Before revoking any recognition, the Minister must give the person affected by the proposed revocation written notice:

(a) stating the Minister intends to revoke the recognition; and

(b) indicating easons for for the proposed revocation;

(c) ing) ing that person, within 14 d 14 days of the notice, to submit represenns in writing as to why they the recognition should not be revoked.

(6) The Minister must consider any such representations in deciding whether to revoke the recognition and give the person written notice of his or her decision within 7 days after making it.

(7) The revocation takes effect on the date specified in the notice.

Pseudonyms

22 (1) Certification service providers may, at the request of ticular signatory, indicateicate in the relevant certificate a pseudonym instead of the signatory's name.

(2) If a pseudonym is indicated pursuant to subsection (1), the certification service provider must, where necessary for the investigation of an offence involving the use of electronic signatures or where otherwise required by law to do so, transfer personal data relating to the signatory.

(3) If personal data is transferred pursuant to subsection (2), the certification service provider must make a record of the transfer and as soon as possible thereafter give notice to the signatory of the transfer.

LiabiLiability of authorised certification service provider

23 (1) By issuing an accredited certifertificate, an authorised certification service provider is liable to any person who reasonably relied on the certificate for:
(a) the the accuracy of all information in the accredited certificate as from ate on which it was issued,sued, unless the authorised certification service provider has stated otherwise in the accredited certificate; and

( a an assurance that the person identified in the accredited certificate held, at the time the aited certifertificate was issued, the signature creation device corresponding to the signature verification device given or identified in the accredited certificate; and

(c) if the authorised certification service provider generates both ignature creation device and the signature ture verification device, assurance that the two devices function together in a complementary manner;

unless the person who relied on the accredited certificate knows or ought reasonably to have known that the authorisation of the certification service provider has been revoked.

(2) An authorised certification service provider is not liable for errors in the information in an accredited certificate where:

he) the information was provided by or on behalf of the person identified in the accredited certte; and

(e) the certification service provider can demonstrate that all reasonably practical measures havn taken to n to verify that information.

(3) An authorised certification service provider that:
(a) ind) indicates in the accredited certificate limits on the uses of that cerate; and

(b) makes those limits known to third parties,

t lnot liable for damages ag from the the use of the accredited certificate contrary to those l.

(

(4) The limits in subsection (3) may include a limit on the value of transactions for which the accredited certificate is valid.

PART 5 - ENCRYPTION AND DATA PROTECTION

Encryp/b>

>

24 (1) The Minister may make regulations:

(arelatrelation to the uthe use, import and export of encryption pms or other encryption products; and

(b) prohibiting the export of encryption programs or other encryptioducts from Vanuatu generally or subject to t to such restrictions as may be prescribed.

(2) For the avoidance of doubt, but subject to any regulations made under subsection (1), it is lawful in Vanuatu for a person to use any encryption program or other encryption product if it has lawfully come into the possession of that person.

Data Data protection

25 (1) The Minister may make orders prescribing standards fe processinessing of personal data, whether or not the personal data originates inside Vanuatu.

(2) The regulations may provide for the following:

(a) the voluntary registration and de-registration to the standards by data controllers ata processors;

&#1p>

(b) the) the establishment of a register that is available for public inspection showing partis of data cata controllers and data processors who have registered or de-registered to the standards and the dates thereof and the countries in respect of which the registration applies;

(c) the application of the standards to those countries specified in the regulations;

(3) A data controller or data processor who voluntarily registers to a standard in subsection (1) must comply with the standard, as it may be amended from time to time, in respect to any personal data that:

(4) A data controller who fails to comply with subsection (3) is guilty of an offence punishable on conviction by a fine not exceeding VT 1,000,000 or imprisonment for a term not exceeding 6 months, or both.

ign="ign="center">PART 6 - INTERMEDIARIES AND E-COMMERCE SERVICE PROVIDERS

Liab>Liability of intermediaries

26 (1) An intermediary is not subject to any civil or criminal liability in respect of any information contained in an electronic record in respect of which the intermediary provides services if the intermediary was not the originator of that electronic record and the intermediary:

(a) has no actual knowledge that the information gives rise to civil or criminal liabi or

>

(b

(b) is not aware of any facts or circumstances from which the likelihood of civil or criminal liability in respect of the information ought reasonably to have been known; or

(c) follows the procedure set out in section 27 if the intermediary:

(ii) becomes aware of facts or circumstances from which the likelihood of civil or criminal liabiln respect oect of the information ought reasonably to have been known.

(2) An intermediary is not required to monitor any information contained in an electronic record in respect of which the intermediary provides services in order to establish knowledge of, or to become aware of, facts or circumstances to determine whether or not the information gives rise to civil or criminal liability.

(3) Nothing in this section relieves an intermediary from complying with any contractual or other legal obligation in respect of an electronic record.

oceProcedure for dealing with unlawful, defamatory etc. informatb>

27 (1) If an intermediary has acts actual knowledge that the information in an electronic record gives rise to civil or criminal liability, the intermediary must as soon as practicable:

(b) notify the Minister or appropriate law enforcement agency of the relevant facts and of the ide of the pere person for whom the intermediary was supplying services in respect of the information, if the identity of that person is known to the intermediary.

(2) If an intermediary is aware of facts or circumstances from which the likelihood of civil or criminal liability in respect of the information in an electronic record ought reasonably to have been known, the intermediary must as soon as practicable:

(a) foll follow the relevant procedure set out in a code of conduct or standardoved under section 28 if suif such code or standard applies to the intermediary; or

(b) not) notify the Minister.

(3) If the Minister is notified in respect of any informaunder subsesubsection (2), the Minister may direct the intermediary to:
(a) rem) remove the electronic record from any information processing system within the control of the intermediary; and

(b) cease to provide services to the person to whom the intermediary was supplying services in respe that electelectronic record; and

c) cea) cease to provide services in respect of that electronic record.

n intermediary is not liablliable (whether in contract, tort, under statute or pursuant to any other right) to any person, including any person on whose behalf the intermediary provides services in respect of information in an electronic record, for any action:

(a) the the intermediary takes in good faith under subsection (1); or

(b) as directed by the Minister under subsection (3).

desCodes ofuct and standards for interintermediaries and e-commerce service prov
28 (1) If the Mini Minister is satisfied that a body or organization represents intermediaries or e-commerce service providers, the Minister may, by notice given to the body or organization, request that body or organization to:

(a) develop a code of conduct that applies to intermediaries or e-com service providers and that deals with one one or more specified matters relating to the provision of services by those intermediaries or e-commerce service providers; and

(o) provide a copy of that code of conduct to the Minister within time as may be specified in the request.
(2) If the Minister is satisfied with the code of conduct provided undesection (1), the Minister is to approve thee the code of conduct by notice published in the Gazette. Upon publication, the code of conduct applies to intermediaries or e-commerce service providers as may be specified in the notice.

(3) If the Minister is satisfied that:

a) no b no body or organization represents intermediaries or e-commerce service providers; or

(b) a body or organization to which notice is given under subsection (1) has not complied with the request of the Minister under that subsection;

the Minister may, by notice published in the Gazette, approve a standard that applies to intermediaries or e-commerce service providers.

(4) e oode of conduct or standard approved under this section may reto one or more of the following matters:

(a) the types of services and customers that are permitted to be provservices by intermediaries;

<160;

(b) the types of information permitted to be contained in electronic records fich services are provided bded by intermediaries;

) the the contractual application of relevant codes of conduct andards to customers of intermediaries and and e-commerce service providers;

(fo information to be disclosed by intermediaries and e-commerce service providers including nameress, e-maie-mail address and contact and registration details;

(f) the the actions to be taken in the event of customers of intermediaries or e-commerce serproviders sers sending bulk, unsolicited electronic records;

(gi business activities carried out electronically by companies under the Companies Act [CAP 191] or the International Companies Act No. 32 of 1992 which are prohibited under that Act;

(h) publication of material that contravenes any Act in Vanuatu;

(i) procedures foling with cith complaints;

(j) pro) procedures for te resolution, including ding dispute resolution by electronic means.

Offence to contravene code of conduct or standard

29 (1) If a code of conduct or a standard is approved by the Minister under section 28 to apply to intermediaries or e-commerce service providers, those intermediaries or e-commerce service providers must comply with the code of conduct or standard.

(2) If an intermediary or e-commerce service provider fails to comply with an approved code of conduct or standard, the Minister:

a) must must in the first instance give a written warning to the person; and

) maycdirecdirect the person to cease or otherwise to correct the per practices.

(3) If a person fails tils to cease or otherwise correct the person's practices within such period as may be specified in a direction given under paragraph (2)(b), the person is guilty of an offence punishable on conviction by a fine not exceeding VT 100,000 for each day on which the contravention continues.

PART 7 - GENERAL

30 (1) The Minister may make regulations prescribing all matters:

(a) required or permitted by this Act to be prescribed; or

;

(b) necessary or convenient to beto be prescribed for carrying out or giving effect to this Act.

(2) The regulations may prescribe penalties for offences against the regulations. A penalty must not exceed VT 50,000.


Commencement

31 This Act commences on the day on which it blished in the Gazette.

---------------------------------------------


PacLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.paclii.org/vu/legis/num_act/eta2000256