Mauritius
Electronic Transactions Act
Act 23 of 2000
- Commenced on 1 August 2001
- [This is the version of this document at 30 June 2017.]
Part I – Preliminary
1. Short title
This Act may be cited as the Electronic Transactions Act.2. Interpretation
In this Act—"asymmetric cryptosystem" means a system capable of generating a secure key pair, consisting of a private key for creating a digital signature, and a public key to verify the digital signature;"authorised officer" means the person designated as such under section 25 of the Information and Communication Technologies Act;"automated transaction" means a transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction;"certificate" means a record issued by a certification authority for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;"certification authority" means a person duly authorised under this Act to issue a certificate;"certification practice statement" means a statement issued by a certification authority to specify the practices that the certification authority employs in issuing certificates;"Controller" means the Controller of Certification Authorities referred to in section 37;"correspond", in relation to a private key or public key, means to belong to the same key pair;"digital signature"—(a)means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine—(i)whether the transformation was created using the private key that corresponds to the signer’s public key; and(ii)whether the initial electronic record has been altered since the transformation was made; and(b)includes voice recognition features, digital finger-printing or such other biotechnology features or process, as may be prescribed;"electronic" means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities;"electronic agent" means a computer programme or an electronic or other automated means used to initiate an action or response to electronic records or performances in whole or in part without review or action by an individual;"electronic record" means a record created, generated, sent, communicated, received or stored by electronic means;"electronic signature" means an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record;"ICT Authority" means the Information and Communication Technologies Authority established under the Information and Communication Technologies Act;"information" means data, text, images, sounds, codes, computer programmes, software, databases, or the like;"information processing system" means an electronic system for creating, generating, sending, receiving, storing, displaying, or processing information;"key pair", in an asymmetric crytosystem, means a private key and its mathematically related public key, having the property that the public key can verify a digital signature that the private key creates;"licensed certification authority" means a certification authority licensed by the Controller;"Minister" means the Minister to whom responsibility for the subject of information technology is assigned;"private key" means the key of a key pair used to create a digital signature;"public key" means the key of a key pair used to verify a digital signature;"public sector agency" includes any Ministry or Government Department, local authority or statutory body;"record" means information that is inscribed, stored or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form;"repository" means a system for storing and retrieving certificates or other information relevant to certificates;"security procedure" means a procedure for the purpose of—(a)verifying that an electronic record is that of a specific person; or(b)detecting error or alteration in the communication, content or storage of an electronic record since a specific point in time,which may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgement procedures, or similar security devices;"subscriber" means a person who is the subject named or identified in a certificate issued to him and who holds a private key that corresponds to a public key listed in that certificate;"transaction" means an action or set of actions relating to the conduct of business, commercial, or public sector activities and occurring between 2 or more persons;"trustworthy system" means computer hardware, software, and procedures that—(a)are reasonably secure from intrusion or misuse;(b)provide a reasonable level of availability, reliability and correct operation;(c)are reasonably suitable for performing their intended functions; and(d)adhere to generally accepted security procedures;"verify a digital signature", in relation to a given digital signature, record and public key, means to determine accurately that—(a)the digital signature was created using the private key corresponding to the public key listed in the certificate; and(b)the record has not been altered since its digital signature was created.[S. 2 amended by s. 3 of Act 7 of 2009 w.e.f. 15 July 2009.]3. Objects of Act
The objects of this Act are to—4. Application of Act
Part II – Electronic records and signatures
5. Legal recognition of electronic records
No record or signature shall be denied legal effect, validity or enforceability solely on the ground that it is in electronic form.6. Requirement for writing
Where an enactment requires any information or record to be in writing, that requirement shall be satisfied by an electronic record where the information contained therein is accessible so as to be usable for subsequent reference.7. Electronic records
8. Electronic signatures
Where any enactment requires a signature, or provides for certain consequences if a document is not signed, an electronic signature shall satisfy that requirement.Part III – Liability of network service providers
9. Liability of network service providers
Part IV – Electronic contracts
10. Validity of contracts
No contract shall be denied legal effect, validity or enforceability solely on the ground that an electronic record was used in its formation.11. Declaration of intent
No declaration of intent or other similar statement between the originator and the addressee of an electronic record shall be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.12. Attribution of electronic record and signature
13. Acknowledgement of receipt
14. Time and place of sending and receipt
Part V – Secure electronic records and signatures
15. Secure electronic records
16. Secure electronic signatures
Where, in the application of a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved, it can be verified that an electronic signature was, at the time it was made—17. Presumptions relating to secure electronic records and signatures
Part VI – Effect of digital signatures
[Part VI came into operation on 1 December 2010.]18. Secure electronic records with digital signatures
Where a digital signature is a secure electronic signature by virtue of section 19, the portion of an electronic record that is signed with a digital signature shall be treated as a secure electronic record.[S. 18 came into operation on 1 December 2010.]19. Secure digital signatures
Where any portion of an electronic record is signed with a digital signature, the digital signature shall be treated as a secure electronic signature with respect to such portion of the record, where—20. Presumptions regarding certificates
It shall be presumed, unless evidence to the contrary is adduced, that any information, other than information identified as subscribed information which has not been verified, set out in a certificate issued by a licensed certification authority and accepted by the subscriber, is correct.[S. 20 came into operation on 1 December 2010.]21. Unreliable digital signatures
Unless otherwise provided for in any enactment or agreement, a person relying on a digitally signed electronic record shall assume the risk that the digital signature is invalid as a signature or authentication of the signed electronic record, where reliance on the digital signature is not reasonable under the circumstances having regard to—Part VII – Obligations relating to digital signatures
22. Reliance on certificates
Any person relying on a digital signature shall also rely on a valid certificate containing the public key by which the digital signature can be verified.23. Prerequisites to publication of certificates
No person shall publish a certificate or otherwise make it available to a person known by that person to be in a position to rely on the certificate or on a digital signature that is verifiable with reference to a public key listed in the certificate, where that person knows that—Part VIII – Obligations of certification authorities
24. Trustworthy system
Every certification authority shall utilise a trustworthy system in performing its services.25. Disclosure
26. Issuing of certificate
27. Representations on issue of certificate
28. Suspension of certificate
A certification authority shall, unless it has otherwise agreed with the subscriber, immediately suspend a certificate which it has issued to the subscriber upon a request by—29. Revocation of certificate
A certification authority shall revoke a certificate upon receiving a request to the effect by the subscriber referred to in the certificate after confirming that the person making the request is the subscriber, or is an agent of the subscriber with authority to make the request.30. Revocation without subscriber’s consent
31. Notice of suspension
32. Notice of revocation
Part IX – Obligations of subscribers
33. Generating key pair
34. Acceptance of certificate
35. Control of private key
36. Initiating suspension or revocation
Where the private key corresponding to the public key referred to in a certificate has been compromised or otherwise becomes unreliable, a subscriber who has accepted the certificate shall forthwith request the relevant certification authority to suspend or revoke the certificate.Part X – Regulation of Certification Authorities
[Part X came into operation on 1 December 2010.]37. Controller of Certification Authorities
38. Recommended reliance limit
39. Liability limits for licensed certification authorities
A licensed certification authority shall not be liable—Part XI – Public sector use of electronic records and signatures
40. Acceptance of electronic filing and issue of documents
Part XII – Administration
41. Confidentiality
42. Authorised officer
43. Directions by Controller
The Controller may, for the purposes of ensuring compliance with this Act, by notice in writing, direct a certification authority to take such measures or cease such activities as may be necessary.[S. 43 came into operation on 1 December 2010.]44. Production of documents and data
The Controller or an authorised officer may—45. Power of access to computers and data
46. Warrant to search and seize
46A. Police assistance
The Controller or an authorised officer may, for the purposes of this Act, make use of the services of a police officer who shall assist the Controller or authorised officer, as the case may be.[S. 46A inserted by s. 6 of Act No. 7 of 2009 w.e.f. 1 December 2010.][S. 46A came into operation on 1 December 2010.]Part XIII – Miscellaneous
47. Offences
48. Consent of Director of Public Prosecutions
No prosecution in respect of an offence under this Act shall be instituted except with the consent of the Director of Public Prosecutions.49. Jurisdiction
Notwithstanding any other enactment, the Intermediate Court shall have jurisdiction to try an offence under this Act and may impose any penalty provided in this Act including forfeiture.50. Regulations
51. ***
52. ***
53. ***
History of this document
30 June 2017 this version
Consolidation
01 August 2001
Commenced