Electronic Transactions Ordinance, 2002
AN ORDINANCE to recognize and facilitate
documents, records, information, communications and transactions
in electronic form, and to provide for the accreditation of certification service providers.
WHEREAS it is expedient to provide for the recognition and facilitation of documents, records, information, communications and transactions in electronic form, accreditation of certification service providers, and for matters connected therewith and
AND WHEREAS the President is satisfied that circumstances exist which render it necessary to take immediate action;
NOW, THEREFORE, in pursuance of the Proclamation of Emergency of the fourteenth day of October, 1999, and the Provisional Constitution Order No. 1 of 1999, read with the Provisional Constitution (Amendment) Order No. 9 of 1999, and in exercise of all powers enabling him in that behalf the President of the Islamic Republic of Pakistan is pleased to make and promulgate the following Ordinance : —
1 . Short title, extent and commencement : — (1) This Ordinance may be called the Electronic Transactions Ordinance, 2002.
(2) It extends to the whole of Pakistan.
(3) It shall come into force at once.
2. Definitions : — (1) In this Ordinance, unless there is anything repugnant in the subject or context,—
(a) “Accreditation certificate” means a certificate granted by the Certification Council to a Certification Service Provider.
(b) “Certification Council” means the Electronic Certification Accreditation Council established under Section 18;
(c) “Accredited Certification Service Provider” means a Certification Service Provider accredited under this Ordinance to issue certificates for the use of its cryptography services;
(d) “addressee” means the person intended by the originator to receive the electronic communication but does not include an intermediary;
(e) “advanced electronic signature” means an electronic signature which is either—
(i) unique to the person signing it, capable of ident ifying such person, created in a manner or using a means under the sole control of the person using it, and attached to the electronic document to which it relates in a manner that any subsequent change in the electronic document is detectable ; or
(ii) provided by an accredited certification service provider and accredited by the Certification Council as being capable of establishing authenticity and integrity of an electronic document;
(f) “appropriate authority” means —
(i) in relation to items contained in the Federal Legislative List of the Constitution of the Islamic Republic of Pakistan, 1973, the Federal Legislature or Federal Government;
(ii) in relation to items contained in the Concurrent Legislative List of the Constitution of the Islamic Republic of Pakistan, 1973, for which a Federal law is in force, the Federal Legislature or Federal Government, and, in all other cases, respective Provincial Legislature or Provincial Government;
(iii) in relation to the functions of the Federal Government or respective Provincial Governments being discharged by a statutory body, that statutory body ; and
(iv) in relation to matters in respect whereof the Supreme Court or the High Courts are empowered to make rules for the regulation of their proceedings, the Supreme Court or High Court, as the case may be.
(g) “authority” means, in relation to an electronic document or electronic signature, the identification of and attribution to a particular person or information system;
(h) “automated” means without active human intervention;
(i) “certificate” means a certificate issued by a Certification Service Provider for the purpose of confirming the authenticity or integrity or both, of the information contained therein, of an electronic document or of an electronic signature in respect of which it is issued;
(j) “certification practice statement”, means the statement prepared by a certification service provider specifying the practices it employs in relation to the issuance of certificates and matters connected therewith;
(k) “cryptography services” means services in relation to the transformation of contents of an electronic document from its original form to one that cannot be understood or decoded by any unauthorized person;
(1) “electronic” includes electrical, digital, magnetic, optical, biometric, electro-chemical, wireless or electromagnetic technology;
(m) “electronic document” includes documents, records, information, communications or transactions in electronic form;
(n) “electronic signature” means any letters, numbers, symbols, images, characters or any combination thereof in electronic form, applied to, incorporated in or associated with an electronic document, with the intention of authenticating or approving the same, in order to establish authenticity or integrity, or both;
(o) “information” includes text, message, data, voice, sound, database, video, signals, software, computer programs, codes including object code and source code;
(p) “information system” means an electronic system for creating, generating, sending, receiving, storing, reproducing, displaying, recording or processing information.
(q) “integrity” means, in relation to an electronic document, electronic signature or advanced electronic signature, the electronic document, electronic signature or advanced electronic signature that has not been tampered with, altered or
modified since a particular point in time;
(r) “intermediary” means a person acting as a service provider in relation to the sending, receiving, storing or processing of the electronic communication or the provision of other services in relation to it;
(s) “network service provider” means a person who owns, possesses, operates, manages or controls a public switched network or provides telecommunication services;
(t) “originator”, means a person by whom, or on whose behalf, electronic document purports to have been generated or sent prior to receipt or storage, if any, but does not include an intermediary;
(u) “person” includes an individual, appropriate authority, trust, waqf, association, statutory body, firm, company including joint venture or consortium, or any other entity whether registered or not;
(v) “prescribed” means prescribed by rules made under this Ordinance;
(w) “repository” means an information system for storing and retrieving certificates or other information related thereto established under section 23;
(x) “security procedure” means a procedure which :
(i) is agreed between parties;
(ii) is implemented in the normal course by a business and which is reasonably secure and reliable ; or
(iii) in relation to a certificate issued by a certification service provider, is specified in its certification practice statement;
for establishing the authenticity or integrity, or both, of any electronic document, which may require the use of algorithms or codes,. identifying words and numbers, encryption, answer back or acknowledgment procedures, software, hardware or similar security devices;
(y) “subscriber” means a person who subscribes to the services of a certification service provider;
(z) “transaction” means an act or series of acts in relation to creation or performance of rights and obligations;
(aa) “valid accreditation certificate” means an accreditation certificate which has not been suspended or revoked.
RECOGNITION AND PRESUMPTION
3. Legal recognition of electronic forms : — No document, record, information, communication or transaction shall be denied legal recognition, admissibility, effect, validity, proof or enforceability on the ground that it is in electronic form and has not been attested by any witness.
4. Requirement for writing : — The requirement under any law for any document, record, information, communication or transaction to be in written form shall be deemed satisfied where the document, record, information, communication or transaction is in electronic form, if the same is accessible so as to be usable for subsequent reference.
5. Requirement for original form : — (1) The requirement under any law for any document, record, information, communication or transaction to be presented or retained in its original form shall be deemed satisfied by presenting or retaining the same if:
(a) there exists a reliable assurance as to the integrity thereof from the time when it was first generated in its final form ; and
(b) it is required that the presentation thereof is capable of being displayed in a legible form..
(2) For the purposes of clause (a) of sub-section (1);
(a) the criterion for assessing the integrity of the document, record, information, communication or transaction is whether the same has remained complete and unaltered, apart from the addition of any endorsement or any change which arises in the normal course of communication, storage or display ; and
(b) the standard for reliability of the assurance shall be assessed having regard to the purpose for which the document, record, information, communication or transaction was generated and all other relevant circumstances.
6. Requirement for retention : — The requirement under any law that certain document, record, information, communication or transaction be retained shall be deemed satisfied by retaining it in electronic form if :
(a) the contents of the document, record, information, communication or transaction remain accessible so as to be usable for subsequent reference;
(b) the contents and form of the document, record, information, communication or transaction are as originally generated, sent or received, or can be demonstrated to represent accurately the contents and form in which it was originally generated, sent or received; and
(c) such document, record, information, communication or transaction, if any, as enables the identification of the origin and destination of document, record, information, communication or transaction and the date and time when it was generated, sent or received, is retained.
7. Legal recognition of electronic signatures : — The requirement under any law for affixation of signatures shall be deemed satisfied where electronic signatures or advanced electronic signature are applied.
8. Proof of electronic signature : — An electronic signature may be proved in any manner, in order to verify that the electronic document is of the person that has executed it with the intention and for the purpose of verifying its authenticity or integrity or both.
9. Presumption relating to advanced electronic signature : — In any proceedings, involving an advanced electronic signature, it shall be presumed unless evidence to contrary is adduced, that:.(a) the electronic document affixed with an advanced electronic signature, as is the subject-matter of or identified in a valid accreditation certificate is
authentic and has integrity; or
(b) the advanced electronic signature is the signature of the person to whom it correlates, the advanced electronic signature was affixed by that person with the intention of signing or approving the electronic document and the electronic document has not been altered since that point in time.
10. Stamp Duty : — Notwithstanding anything contained in the Stamp Act, 1899 (II of 1899), for a period of two years from the date of commencement of this Ordinance or till the time the Provincial Governments devise and implement appropriate measures for payment and recovery of stamp duty through electronic means, whichever is later, stamp duty shall not be payable in respect of any instrument executed in electronic form.
11. Attestation and notarization : — Notwithstanding anything contained in any law for the time being in force, no electronic document shall require attestation and notarization for a period of two years from the date of commencement of this Ordinance
or till the time the appropriate authority devise and implement measures for attestation and notarization of electronic ocuments, whichever is later.
12. Certified copies : — Where any law requires or permits the production of certified copies of any records, such requirement or permission shall extend to printouts or other forms of display of electronic documents where, in addition to fulfillment of the requirements as may be specified in such law relating to certification, it is verified in the manner laid down by the appropriate authority.
13. Attribution of communications : — (1) Unless otherwise agreed as between an originator and the addressee, an electronic communication shall be deemed to be that of the originator if it was sent:
(a) by the originator himself;
(b) by a person who had the authority to act for and on behalf of the originator in respect of that electronic communication ; or.(c) by an automated information system programmed by, or on behalf of the originator.
(2) Unless otherwise agreed as between the originator and the addressee, the addressee is to regard an electronic communication as being that of the originator, and is entitled to act on that assumption if:
(a) the addressee has no reason to suspect the authenticity of the electronic communication; or
(b) there do not exist any circumstances where the addressee knows, or ought to have known by exercising reasonable care, that the electronic communication was not authentic.
14. Acknowledgment of receipt : — (1) Unless otherwise agreed where the originator has stated that the electronic communication is conditional on receipt of acknowledgment, the electronic communication is treated as though it has never been sent, until the acknowledgment is received.
(2) Where the originator has not agreed with the addressee that the acknowledgment be given in a particular form or by a particular method, an acknowledgment may be given by:
(a) any communication, automated or otherwise, by the addressee ; or
(b) any conduct of the addressee, sufficient to indicate to the originator that the electronic communication is received.
15. Time and place of dispatch and receipt of electronic communication : — (l) Unless otherwise agreed between the originator and the addressee, the dispatch of an electronic communication occurs when it enters an information system outside the control of the originator.
(2) Unless otherwise agreed between the originator and the addressee, or unless proved otherwise, the time of receipt of an electronic communication is determined as follows:
(a) if the addressee has designated an information system for the purpose of receiving the electronic communication, receipt occurs:.(i) at the time when the electronic communication enters the designated information system ; or
(ii) if the electronic communication is sent to an information system of the addressee that is not the designated information system, at the time when the electronic communication is retrieved by the addressee;
(b) if the addressee has not designated an information system, receipt occurs when the electronic communication enters and information system of the addressee.
(3) Sub-section (2) applies notwithstanding that the place where the information system is located may be different from the place where the electronic communication is deemed to be received under subsection (4).
(4) Unless otherwise agreed between the originator and the addressee, an electronic communication is deemed to be dispatched at the place where originator ordinarily resides or has his place of business, and is deemed to be received at the place where the addressee ordinarily resides or has his place of business.
(5) For the purpose of this section:
(a) if the originator or the addressee has more than one place of business, the place of business is that which has the closest relationship to the underlying transaction or, where there is no underlying transaction, the principal place of business ;
(b) if the originator or the addressee does not have a place of business, reference is to be made to the usual place of residence ; and
(c) “usual place of residence” in relation to a body corporate, means the place where it is incorporated or otherwise legally constituted.
16. Electronic documentation of appropriate authority.(1) Nothing contained hereinbefore shall confer a right upon any person that any appropriate authority should accept, issue, create, retain, preserve any document in electronic form or effect
monetary transaction in electronic form.
(2) Any appropriate authority pursuant to any law or procedure:.(a) accepts the filing of documents, or requires that documents be created or retained;
(b) issues any permit, certificate, licence or approval ; or
(c) provides for the method and manner of payment, procurement or transaction may notwithstanding anything contained to the contrary in such law or procedure:
(i) accept the filing of such documents, or creation or retention of such documents in the form of electronic documents;
(ii) issue such permits, certificate, licence or approval in the form of electronic document ; or
(iii) make such payment, procurement or transaction in electronic form.
(3) In any case where an appropriate authority decides to perform any of the functions in clause (1) (i), (ii) and (iii) of sub-section (2) may specify:
(a) the manner and format in which such electronic documents shall be filed, created, retained or issued;
(b) when such electronic documents has to be signed, the type of electronic signature, advanced electronic signature or a security procedure required;
(c) the manner and format in which such signature shall be affixed to the electronic document, and the identity of or criteria that shall be met by any certification service provider used by the person filing the document;
(d) control process and procedures as appropriate to ensure adequate integrity, security and confidentiality of electronic documents, procurement, transactions or payments; and
(e) any other required attributes for electronic documents or payments that are currently specified for corresponding paper documents..
CERTIFICATION SERVICE PROVIDERS
17. Certification Service Providers. (1) Nothing in this Ordinance shall impede or in any way restrict the rights of any certificate service provider to engage in the business of providing certification services without being accredited.
(2) No person shall hold himself out as an accredited certification service provider unless he holds a valid accreditation certificate issued under section 24 by the Certification Council.
18. Establishment of the Certification Council : — (1) Within sixty days of the promulgation of this Ordinance, the Federal Government shall, by notification in the official Gazette, constitute an Certification Council to be known as Electronic
Certification Accreditation Council.
(2) The Certification Council shall be a body corporate with perpetual succession and a common seal, and shall by the said name sue or be sued.
(3) The Certification Council shall comprise of five members, with four members from the private sector. One of the Members shall be designated as the chairman.
(4) The members of the Certification Council shall be appointed by the Federal Government for a term of three years and shall be eligible for reappointment once for an equal term after the expiry of their first term of appointment.
(5) No act or proceeding of the Certification Council shall be invalid by reason only of the existence of any vacancy among its members or any defect in its constitution discovered after such act or proceeding of the Certification Council..
(6) Except for the grant, renewal, revocation or suspension of accreditation, the Certification Council may from time to time delegate one or more of its functions and powers to one or more of its members.
(7) A member of the Certification Council shall not be removed except on the grounds of misconduct.
(8) No member, once appointed, shall have any direct financial interest in any concern or business relating to cryptography services.
(9) Decisions of the Certification Council shall be taken by a majority of the members, however in case of tie the Chairman shall have a casting vote.
(10) Save as provided herein, the terms and conditions of service of the members of the Certification Council shall be such as may be prescribed.
19. Qualifications of member : — Of the five members of the Certification Council:
(a) one shall be telecommunications engineer with at least seven years work experience, of which at least one year is in the field of cryptography services;
(b) two shall be professional or academics with at least seven years work experience in the field of information technology;
(c) one shall have an administrative background with at least seven years experience in a private or public organization ; and
(d) one member shall be an advocate with at least seven years experience and adequate knowledge of laws relating to information technology and telecommunications.
20. Funds of the Certification Council : — The funds of the Certification Council shall comprise of:
(a) grants from the Federal Government;.
(b) fee for grant and renewal of accreditation certificate; and
(c) fee, not exceeding ten Rupees, for every certificate deposited in the repository.
21. Functions of the Certification Council : — (1) The Certification Council shall perform such functions as are specified in this Ordinance or may be prescribed.
(2) Without prejudice to the generality of the foregoing subsection, the Certification Council shall:
(a) grant and renew accreditation certificates to certification service providers, their cryptography services and security procedures;
(b) monitor and ensure compliance by accredited certification service providers with the terms of their accreditation and revoke or suspend accreditation in the manner and on the grounds as may be specified in regulations;
(c) monitor compliance of accredited certification service providers with the provisions of this Ordinance;