Second Draft
— 14th July, 2001
Incorporating comments on First Draft received to date
ORDINANCE OF 2001
AN
ORDINANCE
for promotion, recognition and use of
information technology
WHEREAS it is expedient to provide for the promotion of use of
information technology in the national economy, delivery of government
services, promotion of public confidence in the use of electronic
communications, and for matters connected therewith and ancillary thereto;
AND WHEREAS the National Assembly and the Senate stand suspended in
pursuance of the Proclamation of Emergency of the fourteenth day of October,
1999, and the Provisional Constitution Order No.1 of 1999;
WHEREAS the President is satisfied that immediate action necessary;
NOW, THEREFORE, in pursuance of the Proclamation of Emergency of the
fourteenth day of October, 1999, and the Provisional Constitution Order No. 1
of 1999, read with the Provisional Constitution (Amendment) Order No. 9 of
1999, and in exercise of all powers enabling him in that behalf the President
of the Islamic Republic of Pakistan is pleased to make and promulgate the
following Ordinance:-
CHAPTER I
Preliminary
1. Short title, commencement
and extent. -- (1) This
Ordinance may be called the Electronic Transactions and Governance Ordinance,
2001.
(2)
It shall come into force at
once.
(3)
It extends to the whole of
Pakistan.
2. Definitions and
interpretation. – (1) In this
Ordinance, unless
there is anything repugnant in the subject or context,--
(a)
“addressee” of an electronic
communication means the intended recipient thereof, but does not include a
network service provider;
(b)
“appropriate authority”
means:
(i)
in relation to items contained in the Federal Legislative List of the
Constitution of the Islamic Republic of Pakistan, 1973, the Federal
Government;
(ii)
in relation to items contained in the Concurrent Legislative List of the
Constitution of the Islamic Republic of Pakistan, 1973, for which a Central
Act is in force, the Federal Government, and, in all other cases, the
Provincial Government;
(iii)
in relation to the functions of the State being discharged by a statutory
body, such statutory body; and
(iv)
in relation to matters in respect of which the Supreme Court or the High
Courts are empowered to make rules for the regulation of their proceedings,
the Supreme Court or the High Court, as the case may be.
(c)
“authenticity”, in relation to electronic communications, electronic records
or electronic signatures means attribution of any of the foregoing to a
particular person or information system;
(d)
“Authority” means the electronic certification licensing authority established
under section 13;
(e)
“automated” means without active human intervention;
(f)
“certificate” means a record issued by a certification service provider
for the purpose of confirming the authenticity or integrity, or both, of the
information contained therein or the electronic communication, electronic
record or electronic signature in respect of which it is issued;
(g)
“certification practice statement”, means the statement prepared by the
certification service provider and approved by the Authority specifying the
practices that the certification service provider employs in relation to the
issuance of certificates and matters connected therewith;
(h)
“certification service provider” means a person licensed under this Ordinance
to issue certificates of use of its cryptography services;
(i)
“cryptography services” means services in relation to authenticity or
integrity of electronic communications, electronic records or electronic
signatures;
(j)
“electronic” means relating to electrical, magnetic, optical,
biometric, electro-chemical wireless or electromagnetic technology;
(k)
“electronic signature” means any letters, numbers, symbols, images, characters
or any combination thereof applied to, incorporated in or directly associated
with an electronic communication or electronic record, unique to the person
signing, in order to establish authenticity or integrity, or both, of the
electronic communication or electronic record;
(l)
“information”, includes text, message, data, images, sound, database,
video, signals and the like, whether or not in electronic form;
(m)
“information system”, means an electronic system for creating, generating,
sending, receiving, storing, reproducing, displaying, recording or processing
information;
(n)
“integrity”, in relation to an electronic communication, electronic record or
electronic signature means that the electronic communication, electronic
record or electronic signature has not been altered or modified since a
particular point in time;
(o)
“network service provider” means a person who owns, operates, manages or
controls a public switched network or provides telecommunication services
pursuant to a licence granted under the Pakistan Telecommunication
(Re-organisation) Act, 1996 (XVII of 1996);
(p)
“originator”, means a person by whom, or on whose behalf, electronic record or
electronic communication purports to have been generated or sent prior to
receipt or storage, if any, but does not include a network service provider;
(q)
“person”, includes an individual, company, body corporate and a partnership;
(r)
“prescribed”, means prescribed by rules made under this Ordinance;
(s)
“repository”, means a system for storing and retrieving certificates or other
information related to certificates;
(t)
“subscriber”, means a person who subscribes to the services of a
certification service provider;
(u)
“security procedure” means the procedure, whether or not automated in whole or
in part, which:
i)
in relation to a certificate issued by a certification service
provider, is specified in its certification practice statement;
ii)
is agreed between parties; or
iii)
is implemented in the normal course by a business and which is
reasonably secure and reliable,
for establishing the
authenticity or integrity, or both, of any electronic communication or
electronic record, and includes electronic signatures;
(v)
“transaction” means an act or series of acts in relation to creation or
performance of rights and obligations; and
(w) “valid
certificate”, means a certificate, which fulfills the criteria specified in
the regulations, made by the Authority, and has not been suspended or revoked.
3. Construction of certain
references. -- (1)
Notwithstanding anything to the contrary contained in any other law for the
time being in force, the expressions “attestation”, “books”, “books of
account”, “certificate”, “charts”, “deed”, “document”, “document of title”,
“execution”, “instrument”, “ledger”, “map”, “original”, “plans”, “publish”,
“record”, “register”, “seal”, “signature”, “witnessing” “words”, “writing” or
other words assuming paper or other tangible medium in relation thereto,
shall, mutatis mutandis, include and extend to electronic forms
thereof.
CHAPTER II
Recognition of Electronic Form
4. Legal recognition of
electronic form.-- (1)
Information shall not be denied legal recognition, effect, validity or
enforceability solely on the ground that it is in electronic form.
(2) The requirement under any law
for information to be in written form shall be deemed satisfied where the
information is in electronic form, if such information is accessible so as to
be usable for subsequent reference.
(3) The requirement under any law
for signatures shall be deemed satisfied where electronic signatures are used.
(4) The requirement under any law
for retention or presentation information in original form shall be met where
such information:
(a)
was subjected to a security
procedure when it was first generated in its final form in a manner which
ensures that the authenticity and integrity of the information could not have
been interfered with after the applicability of the security procedure; and
(b)
is reproduced or displayed in
perceivable form along with evidence of application of the security procedure.
(5) The requirement under any law
for retention of documents, records or information shall be met by retention
thereof in electronic form where:
(a)
a security procedure is applied at the time of storage in a manner that
the authenticity and integrity of the document, record or information cannot
be interfered with after the application of the security procedure; and
(b)
the information contained therein is accessible so as to be usable for
subsequent reference.
(6) A transaction is not invalid
solely for the reason that it took place by means of electronic
communications, electronic records or by affixation of electronic signatures.
(7) Pending an authorisation by an
appropriate authority under section 10, nothing contained in subsections (1)
to (6) shall confer any right on any person to insist that any document or
information required under any law to be presented to or filed with an
appropriate authority, or any transaction with an appropriate authority, be
accepted by such authority in electronic form.
5. Attribution of
communications. -- (1) As
between an originator and the addressee, an electronic communication shall be
deemed to be that of the originator if it was sent:
(a)
by the originator himself;
(b)
by a person who had the
authority to act on behalf of the originator in respect of that electronic
communication; or
(c)
by an automated information
system programmed by, or on behalf of, the originator.
(2) As between the originator and
the addressee, the addressee is to regard an electronic message as being that
of the originator, and to act entitled on that assumption if:
(a)
upon proper application of a
security procedure, the addressee has no reason to suspect the authenticity or
integrity of the electronic communication; or
(b)
there do not exist any
circumstances where the addressee knows, or ought to be fastened with
constructive knowledge on account of failure to exercise reasonable care, that
the electronic communication was not authentic or that its integrity has been
compromised.
6. Acknowledgment of Receipt.
-- (1) Where the originator has
stated that the electronic communication is conditional on receipt of
acknowledgment, the electronic communication is treated as though it has never
been sent, until the acknowledgment is received.
(2) Where the originator has not
agreed with the addressee that the acknowledgment be given in a particular
form or by a particular method, an acknowledgment may be given by:
(a)
any communication, automated
or otherwise, by the addressee; or
(b)
any conduct of the addressee,
sufficient to indicate to the originator that the electronic communication is
received.
7. Time and place of dispatch
and receipt of electronic communication.
-- (1) Unless otherwise agreed between the
originator and the addressee, the dispatch of an electronic communication
occurs when it enters an information system outside the control of the
originator.
(2) Unless otherwise agreed between
the originator and the addressee, or unless proved otherwise, the time of
receipt of an electronic communication is determined as follows:
(a) if the addressee has designated an
information system for the purpose of receiving the electronic communication,
receipt occurs:
(i)
at the time when the
electronic communication enters the designated information system; or
(ii)
if the electronic
communication is sent to an information system of the addressee that is not
the designated information system, at the time when the data message is
retrieved by the addressee;
(b) if the addressee has not designated
an information system, receipt occurs when the electronic communication enters
an information system of the addressee.
(3) Subsection (2) applies notwithstanding that the place where the
information system is located may be different from the place where the
electronic communication is deemed to be received under subsection (4).
(4) Unless otherwise agreed between the originator and the addressee,
an electronic communication is deemed to be dispatched at the place where
originator ordinarily resides or has his place of business, and is deemed to
be received at the place where the addressee ordinarily resides or has his
place of business.
Explanation.
-- For the purposes of this subsection, if the originator or the
addressee has more than one place of business, the place of business is that
which has the closest relationship to the underlying transaction or, where
there is no underlying transaction, the principal place of business.
8. Evidential matters.
-- (1) In any legal proceedings,
unless evidence to the contrary is adduced:
(a)
the authenticity and
integrity of so much of the electronic record or electronic communication, as
is the subject-matter of or identified in a valid certificate, shall be
presumed;
(b)
any other case, the
authenticity and integrity of an electronic record or electronic communication
shall be presumed where:
i)
a security procedure was applied to the electronic communication or
electronic record when it was first generated, sent, received or stored in its
final form;
ii)
the security procedure
provides reasonable assurance of protection against unilateral alteration of
the electronic communication or electronic record by the person alleging the
authenticity and integrity of the electronic communication or electronic
record, and
iii)
the information system used
for application of the security procedure was in working order at all material
times.
(2) Where any law requires or
permits the production of certified copies of any records, such requirement or
permission shall extend to printouts or other forms of display of electronic
records where, in addition to fulfillment of the requirements as may be
specified in such law relating to certification, it is certified together with
an affidavit sworn by a responsible person from whose custody the electronic
record is reproduced that:
a) a security procedure was applied
to the electronic record when it was first stored in its final form which
provides reasonable assurance against alteration after its application;
b) the electronic record was
maintained in a form accessible for subsequent reference;
c) the information system used for
storage, retrieval and reproduction of the electronic record was in working
order at all material times; and
d) to the best of his knowledge and
belief, the record or communication has not been altered or modified in any
manner since the date of its creation, provided that, where the record or
communication has been modified, the affidavit shall provide details of such
modifications and alterations.
9. Stamp Duty.
-- (1) Notwithstanding anything contained
in the Stamp Act, 1899 (II of 1899), for a period of two years from the date
of commencement of this Ordinance, stamp duty shall not be payable in respect
of any instrument executed in electronic form.
(2) The Provincial Governments
shall, within the period specified in sub-section (1), devise and implement
appropriate measures for payment of stamp duty through electronic means before
or at the time of execution of the instrument in electronic form.
CHAPTER III
Electronic Documentation and Record Keeping
10. Electronic documentation and record
keeping. -- (1) The appropriate
authority may, by notification in the official Gazette and subject to such
conditions and limitations as may be specified by such authority, authorise:
(a)
retention of records by any
person or class of persons in electronic form;
(b)
filing of records with the
appropriate authority in electronic form; or
(c)
discharge of any financial or
fiscal obligation in electronic form:
Provided that, a valid certificate shall be
mandatory in respect of all electronic communications and electronic records
in respect of which the authorisation is issued.
(2) The appropriate authority shall
not authorise the doing of any act specified in sub-section (1) unless it is
satisfied that the authorisation is such that the extent (if any) to which
records of things done for that purpose will be available will be no less
satisfactory in cases where use is made of electronic form than in other
cases.
(3) For the purpose of sub-section
(2), the appropriate authority shall, inter alia, keep the following
factors in view:
(a)
accessibility of information
contained in electronic communications or electronic records for subsequent
reference;
(b)
authentication and integrity;
and
(c)
retention of such other
information which enables confirmation of the time and date of the creation,
dispatch, receipt or storage of the electronic communication or electronic
record (but excluding information which is automatically generated solely for
the purpose of enabling the electronic communication or electronic record to
be sent or received).
(4) No appropriate authority shall
revoke or suspend an authorization issued pursuant to sub-section (1), unless
it has demonstrated to the satisfaction of the Authority that the
authorization has resulted in serious disruption in the discharge of its
functions.
(5) Nothing in this section shall
apply to any practices already approved by an appropriate authority for
retention of electronic records:
Provided that, after giving notice of not
less than six months, the appropriate authority may declare that such
practices shall be carried out in accordance with the new procedure as
authorised.
CHAPTER IV
Certification Service Providers
11. Certification Service
Providers. -- No person shall
hold himself out as a licensed certification service provider unless he holds
a valid licence issued under this Ordinance.
12. Certification Practice
Statement. -- (1) Each
certification service provider shall prepare and shall have at all times in
force a certification practice statement in such form and with such details,
particulars and contents as may be specified in regulations made by the
Authority.
(2) Without prejudice to the
generality of the foregoing, the regulations may provide for:
(a) prompt notification to persons likely
to be adversely affected by any event relating to the information system of
the certification service provider or inaccuracy, invalidity or
misrepresentation contained in a certificate;
(b)
identification of
subscribers;
(c)
suspension or revocation of
certificates;
(d)
accuracy of information
contained in a valid certificate;
(e)
foreseeability of reliance on
valid certificates;
(f)
deposit of certificates or
notification of any suspension or revocation of any certificate or any other
fact or circumstance affecting the certificate, in the repository; and
(g)
[others]
(3) The certification practice
statement shall be submitted to Authority for approval along with the
application for the licence.
(4) Either the Authority or the
certification service provider may propose changes to the certification
practice statement. A proposed change shall be initiated and processed in such
manner as may be specified in regulations made by the Authority, and upon
approval by the Authority, shall be incorporated in the certification practice
statement.
(5) A copy of the certification
practice statement shall be maintained at the office of the Authority and
shall be open to public inspection.
(6) Subject to such limitations as
may be specified in the regulations made under sub-section (1), a
certification service provider shall, during the period of validity of a
certificate published for reliance by any person, be deemed to warranting to
such person that:
a) the certification service
provider has complied with the requirements of this Ordinance, the rules,
regulations and the terms of its licence; and
b) the information contained in the
certificate is accurate.
Provided that, the warranty in relation to
clause (b) shall not apply to the extent that the person relying on the
certificate knew or ought reasonably to have known that any information
contained in the certificate was not accurate.
(7) The Authority may suspend or
revoke the licence of a certification service provider for failure to comply
with the provisions of this section:
Provided that, an order for suspension or
revocation of licence shall be made in the manner specified in regulations
made under sub-section (1) with due regard to the principles of natural
justice.
CHAPTER V
Electronic Certification Licensing
Authority
13. Establishment of the
Authority. -- (1) No later than
three months after the promulgation of this Ordinance, the Federal Government
shall, by notification in the official Gazette, constitute an authority to be
known as Electronic Certification Licensing Authority.
(2) The Authority shall be a body
corporate with perpetual succession and a common seal, and shall by the said
name sue or be sued.
(3) The Authority shall comprise of
three members, with two members from the private sector. One of the members
shall be designated as the chairman.
(4) The members of the Authority
shall be appointed for a term of three years and shall be eligible for
reappointment after expiry of their first term of appointment.
(5) No act or proceeding of the
Authority shall be invalid by reason only of the existence of any vacancy
among its members or any defect in its constitution discovered after such act
or proceeding of the Authority.
(6) Except for the grant, renewal,
revocation or suspension of a licence, the Authority may from time to time
delegate one or more of its functions and powers to one or more of its
members.
(7) A member of the Authority shall
not be removed except by decision of the Federal Public Service Commission on
a reference by the Federal Government on the grounds of misconduct in office.
(8) No member shall have any direct
or indirect financial interest in any concern or business relating to
cryptography services.
(9) Decisions of the Authority shall
be taken by a majority of the members.
(10) Save as provided herein, the
terms of service of the members of the Authority shall be such as may be
prescribed.
14. Qualifications of members. –
Of the three members of the Authority:
a) one shall be a telecommunications
engineer with at least seven years work experience, of which at least one year
is in the field of cryptography services;
b) one shall be a professional or
academic with at least seven years work experience in the field of information
technology; and
c) one member shall be a person who
is qualified for appointment as a judge of the High Court.
15. Funds of the Authority
-- The funds of the Authority shall
comprise of:
(a) an annual grant by the Federal
Government of [________] million rupees;
(b) fee for grant and renewal of
licenses; and
(c) fee, not exceeding ten Rupees, for
every certificate deposited in the repository.
16. Functions of the Authority.
-- (1) The Authority shall
perform such functions as are specified in this Ordinance for performance by
the Authority, or as may be prescribed from time to lime.
(2) Without prejudice to the
generality of the foregoing subsection, the Authority shall:
(a)
grant and renew licences to
certification service providers;
(b)
monitor and ensure compliance
by certification service providers with the terms of their licences and revoke
or suspend any licence in the manner and on the grounds as may be specified in
regulations made by the Authority;
(c)
monitor compliance with the
provisions of this Ordinance;
(d)
commence prosecution for
commission of any offences specified here under;
(e)
provide certification
services to certification service providers;
(f)
establish and manage the
repository;
(g)
carry out research and
studies in relation to cryptography services and to elicit public opinion in
connection therewith;
(h)
licence, recognize or
accredit foreign certification service providers;
(i)
encourage uniformity of
standards and practices;
(j)
give advice to any person in
relation to any matter covered under this Ordinance;
(k)
make recommendations to an
appropriate authority in relation to the matters covered under this Ordinance;
and
(l)
[others]
17. Powers of the Authority.
-- (1) The Authority shall, in
relation to the performance of its functions, have the same powers as are
vested in the Civil Court under the Code of Civil Procedure, 1908 (Act V 1908)
while trying a suit, in respect of the following matters, namely:--
(a)
the summoning and enforcing
the attendance of any witness and examining him on oath;
(b)
the discovery and production
of any document or other object which can be produced as evidence;
(c)
the reception of evidence on
affidavits;
(d)
the requisitioning of any
public record from any Court or office; and
(e)
the issuing of commissions
for the examination of witnesses and documents.
(2) Any proceeding before the
Authority shall be deemed to be a judicial proceeding within the meaning of
sections 193 and 228 of the Pakistan Penal Code (Act XLV of 1860), and
the Authority shall be deemed to be a Civil Court for the purposes of section
195 and Chapter XXXV of the Code of Criminal Procedure, 1898 (Act V of 1898).
18. Application of Act XVII of
1996. -- Notwithstanding
anything to the contrary contained in the Pakistan Telecommunication
(Re-organisation) Act, 1996 (XVII of 1996), the Authority shall be exclusively
responsible to grant, renew, suspend or revoke the licenses granted to
certification service providers otherwise carry out regulation thereof in
accordance with the provisions of this Ordinance:
Provided that, the foregoing provision
shall not affect the applicability or operation of the provisions of the
Pakistan Telecommunication (Re-organisation) Act, 1996 (XVII of 1996) to the
telecommunication systems or telecommunication services, other than
cryptography services, provided by the cryptography service providers.
19. Repository.
-- (1) The Authority shall establish and
manage a repository for all certificates issued by certification service
providers and for such other information as may be specified in regulations
made by the Authority.
(2) The Authority shall take
appropriate measures to ensure the security of all information contained in
the repository.
(3) All information contained in the
repository shall be open to public inspection and copies thereof shall be
available on request against payment of charges not exceeding the cost of
preparation thereof.
(4) Notice of suspension or
revocation of any licence or of certificate issued by a certification service
provider, shall be posted in the repository without delay.
20. Jurisdiction of
Civil Courts barred. No Civil
Court shall have jurisdiction to entertain any suit in respect of any matter
relating to the grant, renewal, revocation or suspension of licenses to
certification service providers, nor shall any in junction in relation to any
such matter be issued by a Civil Court.
CHAPTER VI
Grant, renewal, suspension or revocation
of licences
21. Grant of licence.
-- (1) The Authority may grant a licence to
provide certification services to any person who complies with the
requirements specified in regulations made by the Authority.
(2) The terms and conditions of the
licence, including those relating to duration of the licence, renewal,
suspension or revocation, shall be specified in regulations made by the
Authority.
(3) The fee for grant and renewal of
the licence shall be in such amount as may be prescribed.
(4) The form and manner of
proceedings for the consideration of application for grant, renewal,
suspension or revocation of a licence shall be specified in regulations made
by the Authority:
Provided that, the regulations shall
provide for a transparent procedure with due regard to principles of natural
justice.
22. Appeal. – (1) Any person
aggrieved by a decision of the Authority may, within thirty days of the date
of receipt of a certified copy of the decision, appeal to the High Court in
the manner prescribed for the filing of first appeal against an interlocutory
order of a Civil Court.
(2) All matters coming before the
High Court under sub-section (1) shall be disposed of, and the judgment
pronounced, as expeditiously as possible but not later than ninety days from
the date of presentation of the appeal and, except in extraordinary
circumstances and for reasons to be recorded, the Court shall hear the case
from day to day.
(3) There shall be in each High
Court one or more benches, constituted by the Chief Justice of the High Court,
to exercise the appellate jurisdiction vested in the High Court under
sub-section (1).
CHAPTER VII
Offences
23. Provision of false
information, etc. by the subscriber
– (1) Any subscriber who:
(a) provides information to a
certification service provider knowing such information to be false or not
believing it to be correct to the best of his knowledge and belief;
(b) fails to bring promptly to the
knowledge of the certification service provider any change in circumstances as
a consequence whereof any information contained in a certificate accepted by
the subscriber or authorised by him for publication or reliance by any person,
ceases to be accurate or becomes misleading; or
(c) knowingly causes or allows a
certificate or his electronic signatures to be used in any fraudulent or
unlawful manner,
shall be guilty of an offence under this Ordinance.
(2) A subscriber shall, on conviction under sub-section (1), be
punished with imprisonment for seven years, or with fine which may extend to
[ten million] Rupees, or with both.
24. Issue of false certificate,
etc. — (1) Every director,
secretary and other responsible officer, by whatever designation called,
connected with the management of the affairs of a certification service
provider, which:
(a) issues, publishes or
acknowledges a certificate knowing any information contained therein to be
false or misleading;
(b) fails to revoke or suspend a
certificate after acquiring knowledge that any information contained therein
is false or misleading;
(c) fails to revoke or suspend a
certificate in circumstances where it ought reasonably to have been known that
any information contained in the certificate is false or misleading;
(d) issues a certificate while its
licence is suspended or after its licence is revoked;
(e) [others]
shall, to the extent any of the foregoing offences is committed with
his knowledge, be guilty of any offence under this Ordinance.
(2) Upon conviction under
sub-section (1), the person convicted shall be punished with imprisonment
which may extent to seven years, or with fine which may extend to ten million
rupees, or with both.
(3) The certification service
provider shall, upon conviction of one or more persons specified in
sub-section (1), be liable to pay compensation for any foreseeable damage
suffered by any person as a direct consequence of any of the events specified
in clauses (a) to (e) of sub-section (2).
(4) The compensation mentioned in
sub-section (3) shall be recoverable as arrears of land revenue.
25. Violation of privacy of information.
-- (1) Any person who gains or attempts to gain access to any information
system with intent to acquire the information contained therein or to gain
knowledge of such information, whether or not he is aware of the nature or
contents of such information, when to his knowledge he is not authorised to
gain access, as aforesaid, shall be guilty of an offence under this Ordinance
and shall, on conviction, be liable to fine which may extend to [one million),
or to imprisonment for [seven] years, or with both.
26. Damage to information system, etc.
— (1) Any person who does or attempts to do
any act with intent to alter, modify, delete, remove, generate, transmit or
store any information through or in any information system with knowledge that
he is not authorised to do any of the foregoing, shall be guilty of an offence
under this Ordinance and shall, on conviction, be liable to imprisonment for a
term not exceeding [seven] years, or to fine which may extend to [one million]
Rupees, or with both.
(2) Any person who does or attempts
to do any act with intent to impair the operation of, or prevent or hinder
access to, any information contained in any information system, with knowledge
that he is not authorised to do any of the foregoing, shall be guilty of an
offence under this Ordinance and shall, on conviction, be liable to
imprisonment for a term not exceeding [seven] years, or to fine which may
extend to [one million] Rupees, or with both.
27.
Offences to be non-bailable and non-cognizable.- All offences under
this Ordinance shall be non-bailable and non-cognizable.
28. Prosecution and trial of
offences. (1) No proceedings for
any offence under this Ordinance shall commence except on a complaint in
writing made by the Authority.
(2) No Court inferior to the Court
of Sessions shall try any offence under this Ordinance.
CHAPTER VIII
Amendment of certain laws
29. Amendment of Act XVII of
1996.-- (1) In the Pakistan
Telecommunication (Re-organisation) Act, 1996 (XVII of 1996), clause (b) of
sub-section (2) of section 57 shall be deleted.
(2) Any provision in any licence
issued by the Pakistan Telecommunication Authority under the aforesaid Act
prohibiting the provision or use of cryptography services shall cease to have
effect.
30. Amendment of Presidential
Order No. X of 1984. – The
Qanun-e-Shahadat Order, 1984, (P.O. X of 1984) shall be amended in the
manner specified in the Schedule to this Act.
CHAPTER IX
Miscellaneous
31. Application to certain laws
barred. -- (1) Subject to
sub-section
(2), nothing in this Ordinance shall apply to:
(a) a negotiable instrument as
defined in section 13 of the Negotiable Instruments Act, 1881 (XXVI of
1881);
(b) a power-of-attorney under
the Power-of-Attorney Act, 1882 (VII of 1882);
(c) a trust as defined in the Trusts
Act (II of 1882), but excluding constructive, implied and resulting trusts;
(d) a will or any form of
testamentary disposition under any law for the time being in force; and
(e) a contract for sale or
conveyance of immovable property or any interest in such property.
(2) The Federal Government may, by
notification in the official Gazette and subject to such conditions and
limitations as may be specified therein, declare that the whole or part of
this Ordinance shall apply to the whole or part of one or more Acts,
contracts, documents or instruments specified in clauses (a) to (e) of
sub-section (1), and different notifications at different times may be issued
for this purpose.
32. Application to acts done
outside Pakistan. -- The
provisions of this Ordinance shall apply notwithstanding the matters being the
subject hereof occurring outside Pakistan, in so far as they are directly or
indirectly connected to, or have an effect on or bearing in relation to
persons, things or events in Pakistan.
33. Overriding effect.
-- The provisions of this Ordinance shall
apply notwithstanding any thing to the contrary contained in any other law for
the time being in force.
34. Limitation on liability of
network service providers. -- In the absence of intent to facilitate, aid or abet, a network
service provider shall not be subject to any civil or criminal liability
solely for the reason of use of his telecommunication system in connection
with a contravention of this Ordinance by a person not subject to the
direction or control of the network service provider.
Explanation:
Telecommunication system in this section bears the meaning given
thereto under the Pakistan Telecommunication (Re-organisation) Act, 1996 (XVII
of 1996).
35. Immunity against disclosure
of information relating to security procedure.
-- (1) Subject to sub-section (2), no
person shall be compelled to disclose any password, key or other secret
information exclusively within his private knowledge which enables his use of
the security procedure.
(2) Sub-section (1) shall not
confer any immunity where such information as is mentioned therein is used for
the commission of any offence under any law for the time being in force.
36. Power to make rules.
-- The Authority may, with the prior
approval of the Federal Government, by notification in the official Gazette,
make rules to carry out the purposes of this Ordinance.
37. Power to make regulations.
-- The Authority may, by
notification in the official Gazette, make regulations for the purpose of this
Ordinance.
(2) Without prejudice to the
generality of the foregoing provision, the regulations may provide for:
(a)
safety, control or management
of keys, passwords or other secret information relating to use of services of
certification service providers;
(b)
standards, procedures and
practices for time and date stamping;
(c)
minimum qualifications of
staff of certification service providers;
(d)
adequacy of facilities and
equipment for secure and reliable operation;
(e)
privacy and protection of
data of subscribers;
(f)
inspection of operations;
(g)
cross-certification,
accreditation, recognition, bridge certification or other arrangements with
certification service providers based in other countries;
(h)
development of certification
management system;
(i)
reparation to subscribers for
damage arising from negligence of certification service provider with
conditions for and limits to liability;
(j)
identification of areas of
commerce or governance for use of certificates;
(k)
standardization and
technology relating to protocols, algorithms, interoperability of systems,
applications and infrastructure for licensed certification services;
(l)
form and contents of
applications for licenses;
(m)
suspension or revocation of
certificates;
(n)
suspension or revocation of
licenses;
(o)
certificate profiles with
mandatory and optional fields and extension fields (if any)
(p)
certificate revocation and
suspension list profiles with mandatory and optional fields, and extension
fields (if any);
(q)
retention of records by
certification authorities and the repository;
(r)
recommended code of practice
for handling and storage of business information and records in electronic
form; and
(s)
regulation of access and
audit trails.
38. Prior publication of rules and
regulations. -- (1) All rules and regulations proposed to be made by the
Authority under this Ordinance shall be published in the official Gazette and
in at least one English and one Urdu daily with nationwide circulation, in
draft form at least thirty days before the intended date of notification.
(2) The Authority shall keep record
of all comments received on the draft of the rules or regulations, and shall
prepare a report thereon addressing each comment.
(3) The notification of the rules or
regulations in their final form in the official Gazette shall be accompanied
with a report of the Authority referred to in sub-section (2).
39. Removal of difficulties.
-- The Federal Government may,
for a period of one year commencing from the date of this Ordinance, by
notification in the official Gazette, make provisions for removal of
difficulties in a manner not inconsistent with the provisions of this
Ordinance.
__________________________________
SCHEDULE
Amendments to Qanun-e-Shahadat Order,
1984 (P.O. X of 1984)
1. Amendment of Article 2.
In the Qanun-e-Shahadat Order,
1984 (P.O. X of 1984), hereinafter referred to as the said Order, in
sub-article (1), after clause (d), the following clauses (e) and (f) shall be
added, namely:
“(e) the expressions, “automated”,
“electronic”, “information”, “information system” and “security procedure”,
shall bear the meanings given in the Electronic Transactions Governance
Ordinance, 2001.
(f) the expression “certificate”,
where the context so admits, includes the meaning given in the Electronic
Transactions and Governance Ordinance, 2001.”
2. Amendment of Article 17.
--- In the said Order, in
sub-article (2), after clause (b), the following proviso shall be added,
namely:
“Provided that, clause (a) shall not apply
where the future or financial obligation is recorded in electronic form and a
security procedure is applied thereto.”
3.
Amendment of Article 30. -- In the said Order, in Article 30, the full
stop at the end will be substituted with a colon and the following explanation
shall be added, namely:
“Explanation. -- Statements generated by
automated information systems may be attributed to the person exercising power
or control over the said information system.”
4. Amendment of Article 46.
--- In the said Order, after
Article 46, the following new Article shall be added, namely:
“46- A. Relevance of
information generated, received or recorded by automated information system.—
Statements in the form of
information generated, received or recorded by an automated information system
while it is in working order, are relevant facts.
5.
Amendment of Article 59. --- In the said Order, Article 59 shall be
substituted with the following Article, namely:
“59 Opinions of experts.
-- When the Court has to form an
opinion upon a point of foreign law, or of science, or art, or as to identity
of handwriting or finger impressions, or as to authenticity and integrity of
statements made by or through an information system, the opinions upon that
point of persons specially skilled in such foreign law, science or art, or in
questions as to identity of hand writing or finger impressions, or as to the
functioning, specifications, programming and operations of information
systems, are relevant facts.
Such persons are called experts.”
6. Amendment of Article 73.
--- In the said Order, in
Article 73, after the second Explanation, the following additional
Explanations shall be added, namely:
“Explanation 3--
A printout or other form of output of an
automated information system shall not be denied the status of primary
evidence solely for the reason that it was generated, sent, received or stored
in electronic form if the automated information system was in working order at
all material times and, for the purposes hereof, in the absence of evidence to
the contrary, it shall be presumed that the automated information system was
in working order at all material times.
Explanation 4.
-- A printout or other form of reproduction of a document, other than
a document mentioned in Explanation 3 above, first generated, sent, received
or stored in electronic form, shall be treated as primary evidence where a
security procedure was applied thereto at the time it was generated, sent,
received or stored.”
7. Amendment of Article 78.
In the said Order, after
Article 78, the following new Article shall be added, namely:
“78-A. Proof of electronic signature and
electronic document. --If a document is alleged to be signed or to have
been generated wholly or in part by any person through the use of an
information system, and where such allegation is denied, the application of a
security procedure to the signature or the document must be proved.”
8. Amendment of Article 85.---
In the said Order, in Article 85, the following new clause (6) shall be
added, namely:
“(6) certificates deposited in a
repository pursuant to the provisions of the Electronic Transactions and
Governance Ordinance, 2001.”
