|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Maltese Laws |
ELECTRONIC COMMERCE ACT
AN ACT to provide in relation to electronic commerce and to provide for matters connected therewith or ancillary thereto.
10th May, 2002
ACT III of 2001, as amended by Acts XXVII of 2002, IV of 2004 and XIII
of 2005; Legal Notice 426 of 2007; and Acts XXX of 2007 and XII of 2010.
"the Act" me ans the Elec tron ic Commerce Act and includes, unless the context otherwise requires , any regulations made
thereunder;
"addressee" in relation to an electronic communication means a person who is intended by the se rvice provide r to receive
the electronic communication, but does not include a person acting as a service provider with respect to the processing, receiving
or storing of that electronic communication or providing other services with respect to it;
"advanced electronic signature" means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
"certific a te " mea n s an electr o n i c at test at io n, wh ic h li nk s signature verification data to a person and
confirms the identity of that person;
"competent authority" means the authority so designated in terms of article 25(3);
"consumer" means any natural person who is acting for purposes which are outside his trade, business or profession;
"data" means a representation of information, knowledge, facts, concepts or instructions that has been prepared or is being
prepared in any manner and has been processed, is being processed or is intended to be processed in an information system, a computer
system or a computer network. Data may be in any form or derived from any device or source, including computer memory, computer printouts,
any storage media, electronic or otherwise and punched cards;
Short title.
Interpretation. Amended by: XXVII. 2002.59; XIII. 2005.73; XXX. 2007.51, 52; XII. 2010.79.
"data storage device" means any thing, including a disk, from which data and information is capable of being reproduced
with or without the aid of any thing or device;
"electroni c communicat i on" means information g e nerat e d, c o m m u ni ca te d, p r oc esse d, sen t , rec e i v e
d , rec o rd ed , st o r ed o r displayed by electronic means;
"elec t ronic c ontra ct" means a contract concl uded wh olly or p a rt ly b y e l ect ro ni c co mm u n ic ati ons or w
h o lly o r par t l y in an electronic form;
"electronic signature" means data in electronic form which are a t tached to, inc o rporated in or logically associa t e
d with other electronic data and which serve as a method of authentication;
"i nformat ion " i nclu des i nformat io n i n the fo rm o f data, text , images, sound or speech;
"in f ormatio n society serv ice" means any serv ice which is provided at a distance, by electronic means and at the individual
request of a recipi ent of the se rvice, whether such service is provided for consideration or not , and for the pu rposes of this
definition:
(a) "at a distance" means that the service is provided without the parties being simultaneously present;
(b) "by electronic means" means that the service is sent initially and received at its destination by means of electronic
equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received
by wire, by radio, by optical means or by any electromagnetic means;
(c) "at the individual request of a recipient of the service" means that the service is provided through the
transmission of data on individual request;
"information system" means a system for generating, sending, receiving, recording, storing or otherwise processing electronic
communications;
"info r mation technology req u irements" in clud es software, network and data storage requirements;
"Minister" means the Minister responsible for communications;
"place of business" in relation to a government, an authority of a government, a public body, a charitable, philanthropic
or similar institution means a place where any operations or activitie s are carried out by that government, authority, body or institution;
"p rescri bed" mean s prescribed by regul at ion s made by th e
Minister in accordance with the provisions of this Act;
"qualifie d c e rtifica t e" me ans a certificate which mee t s the requirements established by or under this Act and is
provided by a signature certification service provider who fulfils the requirements established by or under this Act;
"recipient of the service" means any person w ho uses an information society service for the purposes of seeking information
or making it accessible;
"signature certification service provider" means a person who issues certificates or provides other services related to
electronic signatures;
"secure signature creation device" means a signature creation device which meets the requiremen ts lai d do wn in the Fou
r th Schedule to this Act;
"signature verification data" means data, such as codes or public cryptographic keys, which are used for the purpose of
verifying an electronic signature;
"signature verification device" means configured software or hardware used to implement the signature verification data;
"transaction" includes a transaction of a non-commercial nature;
"voluntary accreditation" means any permission, setting out ri gh ts an d ob li gat i o n s sp ecifi c t o th e prov isi
o n of si gn at ure certification services, to be granted upon request by the signature certification service provider concerned,
by the public or private body char ged with the elabor at i o n of, an d su pe rvi s i o n of compliance with, such rights and obligations,
where the signature certification service provider is not entitled to exercise the rights stemming from the permission until it has
received the decision by the body.
(2) Where the Minister is of the opinion that -
(a) technology has advanced to such an extent, and access to it is so widely available, or
(b) adequate procedures and practices have developed in public registration or other services, so as to warrant such action, or
(c) the public interest so requires,
he may, after consultation with that Minister as in his opinion has sufficient interest or responsibility in relation to the m atter,
by Order in t h e Gazette extend th e app licati on o f thi s Act or a provision of t h is Act to or in relation t o a m a tter
specified in subarticle (1) above, including the applicability to a particular area
Validity of electronic transactions.
Excluded laws. Amended by: IV. 2004.48; XXX. 2007.53.
Requirement or permission to give information in writing.
Amended by: XXVII. 2002.59.
or subject, or for a particular time, for the purposes of a trial of the technology and procedures, subject to such conditions as he thinks fit.
Provided that -
(a) at the time the information was given, it was reasonable to expect that the information would be readily
accessible so as to be useable for subsequent reference; and
(b) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned
person requires that the information be given in accordance with particular information technology requirements,
by means of a particular kind of electronic communication, that person’s requirement has been met; and
(c) if the information is required to be given to a person who is neither a public body nor to a person acting on behalf of a
public body, then the person to whom the information is required or permitted to be given, consents to the information
being given by means of an electronic communication;
(d) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned
person requires that a particular action be taken by way of verifying the receipt of the information, that person’s
requirement has been met.
(2) For the purposes of this article, giving information includes, but is not limited to, the following:
(a) making an application;
(b) making or lodging a claim;
(c) giving, sending or serving a notification; (d) lodging a return;
(e) making a request;
(f) making a declaration;
(g) lodging or issuing a certificate; (h) lodging an objection; and
(i) making a statement.
(3) For the purposes of this article, a requirement or permission in relation to a person to give information
shall extend to and shall be equally applicable to the requirement or information which is stated to be sent, filed, submitted,
served or otherwise transmitted and includes similar or cognate expressions, thereof.
Signature. 6. If under any law in Malta the signature of a person is
required, such requirement is deemed to have been satisfied if such signature is an electronic signature and such signature shall
not be denied legal effectiveness on the grounds that it is:
(a) in electronic form; or
(b) not based upon a qualified certificate; or
(c) not based upon a qualified certificate issued by an accredited signature certification service provider; or
(d) not created by a secure signature creation device:
Provided that if the electronic signature is in the form of an advanced electronic signature, w h i c h is based o n a qu ali f i
e d certificate and is created by a secure creation device, it shall for all intents and purposes of law be presumed to be the signature
of the signatory.
Provided that:
(a) having regard to all the relevant circumstances at the time of the communication, the method of generating the electronic
form of the document provided a reliable means of assuring the maintenance of the integrity of the information contained
in the document;
(b) at the time the communication was sent, it was reasonable to expect that the information contained in the electronic form
of the document would be readily accessible so as to be useable for subsequent reference;
(c) if the document is required to be produced to a person who is neither a public body nor to a person acting on behalf of a public
body, then the person to whom the document is required to be produced, consents to the production by means of an electronic
communication of an electronic form of the document;
(d) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned
person requires that an electronic form of the document be given, in accordance with particular information technology requirements,
by means of a particular kind of electronic communication, the person’s requirement is satisfied; and
(e) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned
person requires that a particular action be taken by way of verifying the receipt of the information, the person’s
requirement is satisfied.
(2) For the purposes of this article, the integrity of information
Requirement or permission for production of document and integrity. Amended by: XXVII. 2002.59.
Retention of information, documents and communications.
contained in a document is o n ly m ain tai n ed if th e inform ation remains complete and unaltered, save for -
(a) the addition of any endorsement; or
(b) any change not being a change to the information, which is necessary in the normal course of communication,
storage or display.
(3) For the purposes of article 8 (1) and (2), the production by means of an electronic communication of an electronic form of
a document or the generation of an electronic form of a document shall not give rise to any liability for infringement of the copyright
in a work or other subject matter embodied in the document.
Provided that such information in electronic form is readily acc ess i ble s o as to be us ea ble for subsequent reference and it
complies with such regulations as may be prescribed.
(2) If under any law in Malta, a person is required to retain, for a particular period, a document that is in the form of a paper
or of any other substance or material, that requirement is deemed to have b een sa ti sfi e d i f t h e pe rso n r e ta in s an e
l ec tr on ic f o r m of t h e document throughout that period:
Provided that if -
(a) having regard to all the relevant circumstances at the time of the generation of the electronic form of the document, the
method of generating the electronic form of the document, provided a reliable means of assuring the maintenance of the
integrity of the information contained in that document; and
(b) at the time of the generation of the electronic form of the document, it was reasonable to expect that the information
contained in the electronic form of the document would be readily accessible so as to be useable for subsequent reference;
and
(c) it complies with such regulations as may be prescribed.
(3) For the purpose of subarticle (2), the integrity of in form at ion contained in a document i s on ly maint
ain ed if the information has remained complete and unaltered, save for-
(a) the addition of any endorsement; or
(b) any change not being a change to the information, which is necessary in the normal course of communication,
storage or display.
(4) If under any law in Malta, a person is required to retain, for a particul ar period , in formatio n t h at w a s t h e subj
ect of an electronic communication, that requirement is deemed to have been satisfied if that person retains, or causes another person
to retain, in
electronic form, that -
(a) at the time of commencement of the retention of the information, it was reasonable to expect that the information would
be readily accessible so as to be useable for subsequent reference; and
(b) having regard to all the relevant circumstances, at the time of commencement of the retention of the information,
the method of retaining the information in electronic form provided a reliable means of assuring the maintenance of the integrity
of the information contained in the electronic communication; and
(c) throughout that period that person also retains, or causes another person to retain, in electronic form, such
additional information obtained as is sufficient to enable the identification of the following:
(i) the origin of the electronic communication;
(ii) the destination of the electronic communication; (iii) the time when the electronic communication was
sent;
(iv) the time when the electronic communication was received; and
(d) at the time of commencement of the retention of the additional information specified in paragraph (c) it was reasonable to expect that the additional information would be readily accessible so as to be useable
for subsequent reference; and
(e) it complies with such regulations as may be prescribed.
(5) For the purposes of subarticle (4), the integrity of the information which is the subject of an electronic communication
is only maintained if the information remains complete and unaltered, save for -
(a) the addition of any endorsement; or
(b) any change not being a change to the information, which arises in the normal course of communication, storage or display.
(2) For the purposes of any law relating to contracts, an offer, an acceptance of an offer and any related communication, including any subsequent amendment, cancellation or revocation of the offer, the acceptance of the contract may, unless otherwise agreed by the contractin g part ies, be communicated by means of electronic communications.
Electronic contract.
Formation of electronic contract. Amended by:
VII. 2004.49. Substituted by:
XXX. 2007.54.
(a) an electronic contract is concluded when after placing his order, the recipient of the service has received from the service provider
an acknowledgement of receipt of the order made by the recipient:
Provided that the service provider must acknowledge receipt of the order made by the recipient without undue delay and by
electronic means; and
(b) the order made by the recipient and the acknowledgement of receipt are deemed to have been received when
the parties to whom they are addressed are able to access them.
(2) Unless otherwise agreed by parties who are not consumers, the service provider shall provide the recipient of the service with
effective and accessible technical means to identify and correct handling and input errors and accidental transactions prior to
the conclusion of the contract.
(3) The provisions of subarticle (1)(a) and of subarticle (2) shall not apply to contracts concluded exclusively by electronic mail or by equivalent individual communications.
Information requirements relating to electronic contracts. Substituted by: VII. 2004.50. Amended by: XXX. 2007.52.
Provided that any such information shall be provided to the addressee prior to the placement of the order by him.
(2) Unless parties who are not consumers have agreed otherwise, a service provider shall indicate which relevant
codes of conduct he subscribes to and provide information as to how those codes can be consulted electronically.
(3) Where the service provider provides terms and conditions applicable to the contract to the addressee, the service provider
shall make them available to the addressee in a way that allows the addressee to store and reproduce them.
(4) The provisions of subarticles (1) and (2) shall not apply to contracts concluded exclusively by exchange of electronic mail
or by equivalent individual communications.
Time of dispatch. 12. (1) If an electronic communication enters a single information system outside of the control of the originator, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the dispat ch of the electronic
communication occurs at the time when it enters the information system.
(2) If an electronic communication enters successively two or more information systems outside of the control of the originator,
then, unless otherwise agreed between the originator and the addressee of the elect ronic communicat io n, t he di spatc h o f th
e electronic communication occurs when it enters the first of those information systems.
(2) If the addressee of an electronic communication has not designated an information system for the purpose of receiving electronic communications, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communicat ion is the time when the electronic communication comes to the attention of the addressee.
Time of receipt.
(a) the electronic communication is deemed to have been dispatched at the place where the originator has his place of business; and
(b) the electronic communication is deemed to have been received at the place where the addressee has his place of business.
(2) For the purposes of the subarticle (1) -
(a) if the originator or the addressee has more than one place of business, and one of those places has a closer relationship to the
underlying transaction, that place of business shall be deemed to be the originator ’s or the addressee’s place of business;
and
(b) if the originator or the addressee has more than one place of business, but paragraph (a) does not apply, the originator ’s or the addressee’s principal place of business shall be deemed to be the originator
’s or the addressee’s place of business; and
(c) if the originator or addressee does not have a place of business, the originator ’s or the addressee’s place of business
shall be deemed to be the originator ’s or addressee’s ordinary residence.
Place of dispatch and receipt.
Attribution of electronic communication.
(2) Nothing in subarticle (1) shall affect the operation of any law that makes provision for-
(a) the conduct engaged by a person within the scope of the person’s actual or apparent authority to be attributed
to another person; or
(b) a person to be bound by conduct engaged in by another person within the scope of the other person’s actual or apparent authority.
(3) An electronic communication between an originator and an addressee shall be deemed to be of the originator if it was sent
by an information system programmed to operate automatically by or on behalf of the originator.
(4) An addressee shall have the right to consider each electronic communication received by him as a separate electronic
communication and to act on that assumption, except to the extent th at such com m un icat ion i s a dupli c at e of ano t her el
ectronic communication and the addressee knew or should have known, had he exercised reasonable care or used any agreed procedure,
that the electronic communication was a duplicate.
Accreditation of signature certification service providers.
(2) Without prejudice to the generality of subarticle (1) the Minister may by regulations, introduce and maintain a voluntary ac cr edi t a tion s c he me ai ming at en han c e d l e ve ls o f s i gna tu re certification service provision and may designate accreditat ion author ities and may also make regulations on any other matter relating to such designation as the Minister may deem necessary.
Supervision of signature certification service providers
that issue qualified certificates.
Amended by: XIII. 2005.74.
(a) the powers and functions of the competent authority; (b) any other matter relating to the competent authority
which may appear to the Minister to be necessary or
desirable.
Liability of signature certification service providers.
(2) It shall be the duty of the signature certification service provider who issues a certificate as a qualified certificate
to the public or who guarantees such certificate to reasonably assure -
(a) the accuracy of all information in the qualified certificate as of the time of issue and that the
certificate contains all the details prescribed in relation
to a qualified certificate;
(b) that at the time of the issue of the certificate, the signatory identified in the qualified certificate held the signature
creation device corresponding to the signature verification device given or identified in the certificate;
(c) that the signature creation device and the signature verification device act together in a complementary manner,
in cases where the signature certification service provider generates the two.
(3) A signature certification service provider who has issued a certificate as a qualif ie d c e rt if ic ate to t h e pu bl ic
or w h o h a s gua ranteed such certificate is li able for da mage caused to any person who r easo n ably reli es o n th e certif
icate f o r failu re to register or publish revocation or suspension of the certificate unless the signature certification service
provider proves he has not acted negligently.
(4) A signature certification service provider who issues a certificate as a qualified certificate to the public or who
guarantees such certificate may indicate in the qualified certificate limits on the uses of that certificate:
Provided that the limits are clear and readily identifiable as limitations, the signature certification service provider shall not
be liable for damages arising from a con t rary u s e of a qualifi e d certificate which includes limits on its user.
(5) A signature certification service provider who issues a certificate as a qualified certificate to the public or who
guarantees such certificate may indicate in the qualified certificate a limit on the value of transactions for which the certificate
can be used. Any su ch i ndi cat i on mu st b e cl ear and read il y i d ent i fi ab le as a limitation.
(a) does not initiate the transmission;
(b) does not select the receiver of the transmission; and
(c) does not select or modify the information contained in the transmission.
(2) The acts of transmission and of the provision of access r e ferred t o in subart icl e (1) hereof, include the automatic
intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying
out the
Mere conduit.
transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
Caching. 20. Where an information society service is provided, and such service consists in the transmission, in a communication network, of information provided by a recipient of the service, the provider of that service shall not be liable for damages for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient th e information’s onward transmission to other recipients of the service upon their request.
Provided that:
(a) the provider does not modify the information;
(b) the provider complies with the conditions on access to the information;
(c) the provider complies with any conditions regulating the updating of the information;
(d) the provider does not interfere with the technology used to obtain data on the use of the information; and
(e) the provider acts expeditiously to remove or to bar access to the information upon obtaining actual knowledge
of any of the following:
(i) the information at the initial source of the transmission has been removed from the network;
(ii) access to it has been barred;
(iii) the Court or other competent authority has ordered such removal or barring.
Hosting. 21. (1) Where an information society service is provided, and such service consists in the storage of information provided by a recipient of the service, the provider of that service shall not be liable for damages for the information stored at the request of a recipient of the service.
Provided that:
(a) the provider does not have actual knowledge that the activity is illegal and is not aware of facts or circumstances
from which illegal activity is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the
information.
(2) Subarticle (1) shall not apply when the recipient of the service is acting under the authority or the control of the
provider of the service.
Obligations of intermediary service providers.
information enabling the identification of recipients of their service with whom they have storage agreements:
Provided that nothing in this Part of the Act shall be inter p reted as imposing an o b ligation on information society
service providers to monitor the information which they transmit or store or to actively seek facts or circumstances indicating illegal
activity in connection with the activities described in articles 19 to
21.
(2) No person shall alter, disclose or use the signature creation device o f an other perso n wi thou t aut horisat ion , o r
i n excess of lawful authorisation, for the purpose of creating or allowing or causing anoth e r person to creat e an un aut hori
s ed el ectro n ic signature using such signature creation device.
(3) No person shall create, publish, alter or otherwise use a certificate or an electronic signature for any fraudulent or other
unlawful purpose.
(4) No person shall misrepresent his identity or authorisation in requesting or accepting a certificate or in requesting suspension
or revocation of a certification.
(5) No person shall access, alter, disclose or use the signature creation device of a signature certification service provider
used to issue certificat es wit hout th e aut horisation o f the signature certification service provider, or in excess of lawful
authorisation, for the purpose of creating, or allowing or causing another person to create, an unauthorised electronic signature
using such signature creation device.
(6) No person shall publish a certificate, or otherwise k nowing l y mak e i t avail a b l e to an yon e lik ely
to rely on the certificate or on an electronic si gnat u re that is v e ri fiab le w ith reference to data such as codes, passwo
rds, algorithms, public cryptographic keys or other data which are used for the purposes of verifying an electronic signature, listed
in the certificate, if such person knows that -
(a) the signature certification service provider listed in the certificate has not issued it; or
(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying an electronic signature
created prior to such revocation or suspension, or giving notice of revocation or
Prohibition on misuse of electronic signatures, signature creation devices, certificates and fraud.
suspension.
(7) No person shall use cryptographic or other similar techniques for any illegal purpose.
Offences and penalties. Amended by:
L.N. 426 of 2007.
Power to make regulations. Amended by: VII. 2004.51; XIII. 2005.75;
L.N. 426 of 2007.
24. Any person contravening any of the provisions of this Act or of any regulations made thereunder shall be guilty of an offence and shall, on conviction, be liable to a fine (multa) not exceeding two hundred and thirty-two thousand and nine hundred and thirty- five euro (232,935) or to imprisonment not exceeding six months, or to bot h such fi ne and impri so nmen t, and i n th e case of a continuous offence to a fine not exceeding two thousand and three hundred and twenty-five euro (2,325) for each day during which the offence continues.
(a) any derogation from or restriction in relation to any cross-border transaction where this is necessary for one of the following
reasons -
(i) public policy, in particular the protection of minors, or the fight against any incitement to hatred on grounds of
race, sex, religion, political opinion or nationality;
(ii) the protection of public health; (iii) public security;
(iv) consumer protection; (b) identifying:
(i) transactions;
(ii) requirements or permissions to give information in writing;
(iii) requirements or permissions to produce documents;
(iv) requirements to retain information, documents and communications;
(v) signatures;
that may be exempt from any provision of this Act;
(c) additional requirements for the use of signatures in electronic communications in the public sector;
(d) the recognition of signature certification service providers who had they been operating in Malta would have satisfied
the requirements set out for such providers;
(e) any matter relating to commercial communications, including, but not limited to matters relating to:-
(i) information to be provided in commercial communications;
(ii) unsolicited commercial communications;
(iii) commercial communications by regulated professions;
(f) the authorisation to the competent authority to impose administrative fines or sanctions on any person acting in contravention
of any provision of this Act or of any regulation made thereunder:
Provided that -
(i) any administrative fine provided for by regulations made under this article shall not exceed the amount
of twenty-three thousand and two hundred and ninety euro (23,290) for each offence and two thousand and three hundred and twenty-five
euro (2,325) for each day during which failure to observe the provisions of this Act or of any regulation made
thereunder persists;
(ii) administrative fines stipulated in paragraph (i) of this proviso may be increased by regulation up to a maximum of one
hundred and sixteen thousand and four hundred and sixty-five euro (116,465) and eleven thousand and six hundred and forty-five euro
(11,645) for each day during which any contravention persists, respectively;
(iii) regulations made under this paragraph may prescribe that any such administrative penalty or sanction shall be due
to the competent authority as a civil debt constituting an executive title for the purposes of Title VII of Part I of Book
Second of the Code of Organization and Civil Procedure as if the payment of the amount of the fine had been ordered by a judgement of a court of civil jurisdiction;
(iv) such regulations may also prescribe any right of appeal from decisions of the competent authority to impose an administrative
sanction;
(g) procedures to be established for out of court schemes, for the settlement of disputes arising in relation to information
society services including appropriate electronic measures;
(h) the compliance with any international obligation entered into by Government in relation to any aspect of electronic
commerce regulated by or under this Act.
(2) The Minister may also by regulations amend the Schedules to this Act and prescribe anything that may or is required to be
prescribed under this Act.
(3) The Minister shall by Order designate a competent authority which shall be responsible for monitoring and ensuring
compliance with the provisions of this Act and for the undertaking of any such other functions as the Minister may from time to time
consider necessary.
Cap. 12.
English text to prevail.
(Article 11)
XXX. 2007.52.
(a) the name and address where the service provider is established;
(b) the electronic-mail address where the service provider can be contracted in a direct manner;
(c) the registration number of the service provider in any trade register or of any professional body if applicable;
(d) where the activity of the service provider is subject to an authorisation, the activities covered by the authorisation granted
to the service provider and the particulars of the authority providing such authorisation;
(e) the Value Added Tax (VAT) registration number of the service provider where the service provider undertakes an activity that
is subject to VAT;
(f) the different steps to follow to conclude the contract;
(g) the technical means for identifying and correcting input errors prior to the placing of the order;
(h) the language or languages in which the contract may be concluded;
(i) a statement of whether the concluded contract will be filed by the service provider and whether it will be accessible.
(Article 2)
Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the signature certification service provider and the State in which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate
is intended;
(e) signature-verification data which correspond to signature-creation data under the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the signature certification service provider issuing it;
(i) limitations on the scope of the use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if applicable.
(Article 2)
Signature Certification service providers must:
(a) demonstrate the reliability necessary for providing signature certification services;
(b) ensure the operation of a prompt and secure directory and a secure and immediate revocation service;
(c) ensure that the date and time when a certificate is issued or revoked can be determined precisely;
(d) verify, by appropriate means in accordance with national law, the identity and, if appl icab le, any specifi c at tribu t es
o f the per s on to wh om a qu al ified certificate is issued;
(e) employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services
provided, in particular competence at managerial level, expertise in electronic signature technology and familiarity w i t h p r
op er s e cu rit y p r ocedures; they must a l so apply administrative and managem ent procedures wh ich are adequa te and correspond
to re cognised standards;
(f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security
of the processes supported by them;
(g) take measures against forgery of certificates, and, in cases where the signature certif ication service provider genera tes
signature-creation da ta, guarantee confidentiality during the process of generating such data;
(h) maintain sufficient financial resources to operate in conformity with the requirements laid down in the Act, in particular
to bear the risk of liability for damages, for example, by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an appropriate period of time, in particular
for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically;
(j) not store copy signature-creation data of the person to whom the signature certification service provider provided
key management services;
(k) before entering into a contractual relationship with a person seeking a certificate to support his electronic signature,
inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificat e,
includin g any lim ita tions on its use, th e exi s tence of a
voluntary accreditation sc heme and proc ed ures for complains and dispute settlement. Such information, which may be transmitted
electronically, must be in writing and in readi l y understandabl e l a nguage. Relevant parts of this information must also be made
available on request to third-parties relying on the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that:
- only authorised persons can make entries and changes;
- information can be checked for authenticity;
- certificates are publicly available for retrieval in only those cases for which the certificate-holder ’s consent
has been obtained; and
- any technical changes compromising these security requirements are apparent to the operator.
(Article 2)
01. Secure signature creation devices must, by appropriate technical and procedural means, ensure at the least that:
(a) the signature creation data used for signature generation can practically occur only once, and that their secrecy is reasonably
assured;
(b) the signature creation data used for signature generation cannot, with reasonable assurance, be derived and the signature is
protected against forgery using currently available technology;
(c) the signature-creation-data used for signature generation can be reliably protected by the legitimate signatory against the
use of others.
02. Secure signature creation devices must not alter the data to be signed or prevent such data from being presented to the signatory
prior to the signature process.
(Article 4)
(a) the field of taxation;
Amended by: XXX. 2007.55.
(b) matters in relation to information society services covered by any laws relating to data protection including the
Data Protection Act, the Processing of Personal Data (Electronic Communications Sector) Regulations and the Electronic Communications (Personal Data and Protection of Privacy) Regulations;
(c) questions in relation to agreements or practices governed by competition law;
(d) the following activities of information society services:
(i) the activities of notaries or equivalent professions to the extent that they involve a direct and specific connection with
the exercise of public authority,
(ii) the representation of a client and defence of his interests before the courts,
(iii) gambling activities which involve wagering a stake with monetary value in games of chance, including lotteries and betting transactions;
(e) contracts that create or transfer rights over immovable property other than leasing rights;
(f) contracts of suretyship granted and on collateral security furnished by persons acting for purposes outside their
trade, business or profession;
(g) the law governing the creation, execution, amendment, variation or revocation of:
(i) a will or any other testamentary instrument; (ii) a trust; or
(iii) a power of attorney;
(h) any law governing the making of an affidavit or a solemn declaration, or requiring or permitting the use of one for any purpose;
(i) the rules, practices or procedures of a court or tribunal however so described;
(j) any law relating to the giving of evidence in criminal proceedings; (k) any contracts governed by family law.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/mt/legis/laws/eca426c308