Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 1
Chapter: 553 ELECTRONIC TRANSACTIONS ORDINANCE Gazette Number Version Date
Long title 1 of 2000 07/01/2000
An Ordinance to facilitate the use of electronic transactions for commercial and other purposes, to provide for matters
arising from and related to such use, to enable the Postmaster General to provide the services of a certification
authority and to provide for connected purposes.
[Part I, sections 4 and 9, Part V (other than
in relation to the matters referred to in
Schedule 1) and Part VI, sections 31
and 33 and Parts IX, X, XI and XII
}
}
}
7 January 2000
Part VII and section 32 } 18 February 2000 L.N. 7 of 2000
Sections 3, 5, 6, 7, 8 and 10, Part IV, Part V
(in relation to the matters referred to in
Schedule 1) and Schedules 1 and 2
}
}
}
7 April 2000 L.N. 60 of 2000]
(Originally 1 of 2000)
Part: I PRELIMINARY 1 of 2000 07/01/2000
Section: 1 Short title 1 of 2000 07/01/2000
(1) This Ordinance may be cited as the Electronic Transactions Ordinance.
(2)-(3) (Omitted as spent)
Section: 2 Interpretation L.N. 120 of 2015 20/11/2015
Remarks:
For the saving and transitional provisions relating to the amendments made by the Resolution of the Legislative
Council (L.N. 130 of 2007), see paragraph (12) of that Resolution.
(1) In this Ordinance, unless the context otherwise requires-
"accept" (接受), in relation to a certificate-
(a) in the case of a person named or identified in the certificate as the person to whom the certificate is
issued, means to-
(i) confirm the accuracy of the information on the person as contained in the certificate;
(ii) authorize the publication of the certificate to any other person or in a repository;
(iii) use the certificate; or
(iv) otherwise demonstrate the approval of the certificate; or
(b) in the case of a person to be named or identified in the certificate as the person to whom the certificate
is issued, means to-
(i) confirm the accuracy of the information on the person that is to be contained in the certificate;
(ii) authorize the publication of the certificate to any other person or in a repository; or
(iii) otherwise demonstrate the approval of the certificate; (Added 14 of 2004 s. 2)
"addressee" (收訊者), in relation to an electronic record sent by an originator, means the person who is specified by
the originator to receive the electronic record but does not include an intermediary;
"asymmetric cryptosystem" (非對稱密碼系統) means a system capable of generating a secure key pair, consisting
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 2
of a private key for generating a digital signature and a public key to verify the digital signature;
"certificate" (證書) means a record which-
(a) is issued by a certification authority for the purpose of supporting a digital signature which purports to
confirm the identity or other significant characteristics of the person who holds a particular key pair;
(b) identifies the certification authority issuing it;
(c) names or identifies the person to whom it is issued;
(d) contains the public key of the person to whom it is issued; and
(e) is signed by the certification authority issuing it; (Amended 14 of 2004 s. 2)
"certification authority" (核證機關) means a person who issues a certificate to a person (who may be another
certification authority);
"certification authority disclosure record" (核證機關披露紀錄), in relation to a recognized certification authority,
means the record maintained under section 31 for that certification authority;
"certification practice statement" (核證作業準則) means a statement issued by a certification authority to specify the
practices and standards that the certification authority employs in issuing certificates;
"code of practice" (業務守則) means the code of practice published under section 33; (Amended 14 of 2004 s. 2)
"consent" (同意), in relation to a person, includes consent that can be reasonably inferred from the conduct of the
person; (Added 14 of 2004 s. 2)
"correspond" (對應), in relation to private or public keys, means to belong to the same key pair;
"digital signature" (數碼簽署), in relation to an electronic record, means an electronic signature of the signer
generated by the transformation of the electronic record using an asymmetric cryptosystem and a hash function
such that a person having the initial untransformed electronic record and the signer's public key can determine-
(a) whether the transformation was generated using the private key that corresponds to the signer's public
key; and
(b) whether the initial electronic record has been altered since the transformation was generated;
"electronic record" (電子紀錄) means a record generated in digital form by an information system, which can be-
(a) transmitted within an information system or from one information system to another; and
(b) stored in an information system or other medium;
"electronic signature" (電子簽署) means any letters, characters, numbers or other symbols in digital form attached to
or logically associated with an electronic record, and executed or adopted for the purpose of authenticating or
approving the electronic record;
"government entity" (政府單位) means a public officer or a public body; (Added 14 of 2004 s. 2)
"hash function" (雜湊函數) means an algorithm mapping or transforming one sequence of bits into another, generally
smaller, set as the hash result, such that-
(a) a record yields the same hash result every time the algorithm is executed using the same record as
input;
(b) it is computationally not feasible for a record to be derived or reconstituted from the hash result
produced by the algorithm; and
(c) it is computationally not feasible that 2 records can be found to produce the same hash result using the
algorithm;
"information" (資訊) includes data, text, images, sound codes, computer programmes, software and databases;
"information system" (資訊系統) means a system which-
(a) processes information;
(b) records information;
(c) can be used to cause information to be recorded, stored or otherwise processed in other information
systems (wherever situated); and
(d) can be used to retrieve information, whether the information is recorded or stored in the system itself
or in other information systems (wherever situated);
"intermediary" (中介人), in relation to a particular electronic record, means a person who on behalf of a person,
sends, receives or stores that electronic record or provides other incidental services with respect to that electronic
record;
"issue" (發出), in relation to a certificate, means to-
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 3
(a) create the certificate, and then notify the person named or identified in the certificate as the person to
whom the certificate is issued of the information on the person as contained in the certificate; or
(b) notify the person to be named or identified in the certificate as the person to whom the certificate is
issued of the information on the person that is to be contained in the certificate, and then create the
certificate,
and then make the certificate available for use by the person; (Replaced 14 of 2004 s. 2)
"key pair" (配對密碼匙), in an asymmetric cryptosystem, means a private key and its mathematically related public
key, where the public key can verify a digital signature that the private key generates;
"originator" (發訊者), in relation to an electronic record, means a person, by whom, or on whose behalf, the
electronic record is sent or generated but does not include an intermediary;
"Permanent Secretary" (常任秘書長) means the Permanent Secretary for Innovation and Technology; (Added 14 of
2004 s. 2. Amended L.N. 130 of 2007; L.N. 120 of 2015)
"Postmaster General" (郵政署署長) means the Postmaster General within the meaning of the Post Office Ordinance
(Cap 98);
"private key" (私人密碼匙) means the key of a key pair used to generate a digital signature;
"public key" (公開密碼匙) means the key of a key pair used to verify a digital signature;
"recognized certificate" (認可證書) means-
(a) a certificate recognized under section 22;
(b) a certificate of a type, class or description of certificate recognized under section 22; or
(c) a certificate designated as a recognized certificate issued by the certification authority referred to in
section 34;
"recognized certification authority" (認可核證機關) means a certification authority recognized under section 21 or
the certification authority referred to in section 34;
"record" (紀錄) means information that is inscribed on, stored in or otherwise fixed on a tangible medium or that is
stored in an electronic or other medium and is retrievable in a perceivable form;
"reliance limit" (倚據限額) means the monetary limit specified for reliance on a recognized certificate;
"repository" (儲存庫) means an information system for storing and retrieving certificates and other information
relevant to certificates;
"responsible officer" (負責人員), in relation to a certification authority, means a person occupying a position of
responsibility in relation to the activities of the certification authority relevant to this Ordinance;
"rule of law" (法律規則) means-
(a) an Ordinance;
(b) a rule of common law or a rule of equity; or
(c) customary law;
"Secretary" (局長) means the Secretary for Innovation and Technology; (Amended L.N. 106 of 2002; L.N. 130 of
2007; L.N. 120 of 2015)
"sign" and "signature" (簽、簽署) include any symbol executed or adopted, or any methodology or procedure
employed or adopted, by a person with the intention of authenticating or approving a record;
"subscriber" (登記人) means a person (who may be a certification authority) who-
(a) is named or identified in a certificate as the person to whom the certificate is issued;
(b) has accepted that certificate; and
(c) holds a private key which corresponds to a public key listed in that certificate;
"trustworthy system" (穩當系統) means computer hardware, software and procedures that-
(a) are reasonably secure from intrusion and misuse;
(b) are at a reasonable level in respect of availability, reliability and ensuring a correct mode of operations
for a reasonable period of time;
(c) are reasonably suitable for performing their intended function; and
(d) adhere to generally accepted security principles;
"verify a digital signature" (核實數碼簽署), in relation to a given digital signature, electronic record and public key,
means to determine that-
(a) the digital signature was generated using the private key corresponding to the public key listed in a
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 4
certificate; and
(b) the electronic record has not been altered since its digital signature was generated,
and any reference to a digital signature being verifiable is to be construed accordingly.
(2) For the purposes of this Ordinance, a digital signature is taken to be supported by a certificate if the digital
signature is verifiable with reference to the public key listed in a certificate the subscriber of which is the signer.
(Amended 14 of 2004 s. 2; L.N. 131 of 2004)
Part: II APPLICATION L.N. 60 of 2000 07/04/2000
Section: 3 Matters to which sections 5, 5A, 6, 7, 8 and 17 are not
applicable
14 of 2004 30/06/2004
Sections 5, 5A, 6, 7, 8 and 17 do not apply to any- (Amended 14 of 2004 s. 3)
(a) requirement or permission for information to be or given in writing;
(aa) requirement or permission for a document to be served by personal service or by post; (Added 14 of
2004 s. 3)
(b) requirement for the signature of a person;
(c) requirement for information to be presented or retained in its original form;
(d) requirement for information to be retained,
under a rule of law in a matter or for an act set out in Schedule 1, unless that rule of law expressly provides otherwise.
Section: 4 Ordinance to bind Government 1 of 2000 07/01/2000
This Ordinance binds the Government.
Part: III ELECTRONIC RECORDS AND DIGITAL
SIGNATURES
L.N. 60 of 2000 07/04/2000
Section: 5 Requirement for writing L.N. 60 of 2000 07/04/2000
(1) If a rule of law requires information to be or given in writing or provides for certain consequences if it is
not, an electronic record satisfies the requirement if the information contained in the electronic record is accessible so
as to be usable for subsequent reference.
(2) If a rule of law permits information to be or given in writing, an electronic record satisfies that rule of law if
the information contained in the electronic record is accessible so as to be usable for subsequent reference.
Section: 5A Service of documents 14 of 2004 30/06/2004
(1) Without limiting the generality of section 5, if a rule of law under a provision set out in Schedule 3 requires
a document to be served on a person by personal service or by post (whether or not there is any further specification as
to the address or place at which such service is to be effected), the provision shall be construed as also providing that
service of the document in the form of an electronic record to an information system designated by the person satisfies
the requirement under the provision if the information contained in the electronic record is accessible so as to be
usable for subsequent reference.
(2) Without limiting the generality of section 5, if a rule of law under a provision set out in Schedule 3 permits
a document to be served on a person by personal service or by post (whether or not there is any further specification as
to the address or place at which such service is to be effected), the provision shall be construed as also providing that
service of the document in the form of an electronic record to an information system designated by the person is
permitted under the provision if the information contained in the electronic record is accessible so as to be usable for
subsequent reference.
(Added 14 of 2004 s. 4)
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 5
Section: 6 Electronic signatures, digital signatures, etc. L.N. 131 of 2004 01/07/2004
(1) Where-
(a) a rule of law requires the signature of a person ("the first mentioned person") on a document or
provides for certain consequences if the document is not signed by the first mentioned person; and
(b) neither the first mentioned person nor the person to whom the signature is to be given ("the second
mentioned person") is or is acting on behalf of a government entity,
an electronic signature of the first mentioned person satisfies the requirement if-
(c) the first mentioned person uses a method to attach the electronic signature to or logically associate the
electronic signature with an electronic record for the purpose of identifying himself and indicating his
authentication or approval of the information contained in the document in the form of the electronic
record;
(d) having regard to all the relevant circumstances, the method used is reliable, and is appropriate, for the
purpose for which the information contained in the document is communicated; and
(e) the second mentioned person consents to the use of the method by the first mentioned person.
(Replaced 14 of 2004 s. 5)
(1A) Where-
(a) a rule of law requires the signature of a person on a document or provides for certain consequences if
the document is not signed by the person; and
(b) either or both of the person mentioned in paragraph (a) and the person to whom the signature is to be
given is or are or is or are acting on behalf of a government entity or government entities,
a digital signature of the person mentioned in paragraph (a) satisfies the requirement if the digital signature is-
(c) supported by a recognized certificate;
(d) generated within the validity of that certificate; and
(e) used in accordance with the terms of that certificate. (Added 14 of 2004 s. 5)
(2) In subsection (1A)(d), "within the validity of that certificate" (在該證書的有效期內) means that at the
time the digital signature is generated- (Amended 14 of 2004 s. 5)
(a) the recognition of the recognized certificate is not revoked or suspended by the Government Chief
Information Officer, and the certificate is not revoked or suspended by the recognized certification
authority that issues the certificate; (Amended 14 of 2004 s. 5; L.N. 131 of 2004)
(aa) in the case of a recognized certificate that is a certificate designated as a recognized certificate issued
by the recognized certification authority referred to in section 34, the designation is not withdrawn by
the certification authority; (Added 14 of 2004 s. 5)
(b) if the Government Chief Information Officer has specified a period of validity for the recognition of
the recognized certificate, the certificate is within that period; and (Amended L.N. 131 of 2004)
(c) if the recognized certification authority has specified a period of validity for the recognized certificate,
the certificate is within that period.
Section: 7 Presentation or retention of information in its original
form
L.N. 60 of 2000 07/04/2000
(1) Where a rule of law requires that certain information be presented or retained in its original form, the
requirement is satisfied by presenting or retaining the information in the form of electronic records if-
(a) there exists a reliable assurance as to the integrity of the information from the time when it was first
generated in its final form; and
(b) where it is required that information be presented, the information is capable of being displayed in a
legible form to the person to whom it is to be presented.
(2) For the purposes of subsection (1)(a)-
(a) the criterion for assessing the integrity of the information is whether the information has remained
complete and unaltered, apart from the addition of any endorsement or any change which arises in the
normal course of communication, storage or display; and
(b) the standard for reliability of the assurance is to be assessed having regard to the purpose for which the
information was generated and all the other relevant circumstances.
(3) This section applies whether the requirement in subsection (1) is in the form of an obligation or whether the
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 6
rule of law merely provides consequences for the information not being presented or retained in its original form.
Section: 8 Retention of information in electronic records L.N. 60 of 2000 07/04/2000
(1) Where a rule of law requires certain information to be retained, whether in writing or otherwise, the
requirement is satisfied by retaining electronic records, if-
(a) the information contained in the electronic record remains accessible so as to be usable for subsequent
reference;
(b) the relevant electronic record is retained in the format in which it was originally generated, sent or
received, or in a format which can be demonstrated to represent accurately the information originally
generated, sent or received; and
(c) the information which enables the identification of the origin and destination of the electronic record
and the date and time when it was sent or received, is retained.
(2) This section applies whether the requirement in subsection (1) is in the form of an obligation or whether the
rule of law merely provides consequences for the information not being retained.
Section: 9 Admissibility of electronic records 1 of 2000 07/01/2000
Without prejudice to any rules of evidence, an electronic record shall not be denied admissibility in evidence in
any legal proceeding on the sole ground that it is an electronic record.
Section: 10 Construction of this Part subject to Part IV L.N. 60 of 2000 07/04/2000
This Part is to be construed subject to Part IV.
Part: IV LIMITATIONS ON OPERATION OF SECTIONS 5, 5A,
6, 7 AND 8*
14 of 2004 30/06/2004
_____________________________________________________________________
Note:
* (Amended 14 of 2004 s. 6)
Section: 11 Permanent Secretary may make orders excluding
application of section 5, 6, 7 or 8, etc.
14 of 2004 30/06/2004
(1) The Permanent Secretary may by order published in the Gazette exclude an Ordinance or a particular
requirement or permission in an Ordinance or a class or description of requirements or permissions in an Ordinance, to
which this Ordinance would otherwise apply, from the application of section 5, 6, 7 or 8. (Amended 14 of 2004 s. 7)
(2) The Permanent Secretary may, in relation to an Ordinance to which section 5, 5A, 6, 7 or 8 applies, specify
by notice published in the Gazette- (Amended 14 of 2004 s. 7)
(a) the manner and format in which information in the form of an electronic record is to be given,
presented or retained or a document in the form of an electronic record is to be served for the purposes
of that Ordinance or a particular requirement or permission in that Ordinance or a class or description
of requirements or permissions in that Ordinance; and (Amended 14 of 2004 s. 7)
(b) the procedure and criteria for verification of the receipt of that information and for ensuring the
integrity and confidentiality of the information.
(3) The Permanent Secretary may specify different requirements under subsection (2)(a) or (b) in relation to
persons or cases of different classes or descriptions. (Amended 14 of 2004 s. 7)
(4) An order under subsection (1) is subsidiary legislation.
(5) A notice under subsection (2) is not subsidiary legislation.
(6) In this section, "manner and format" (方式及規格) includes requirements as to software, communication,
data storage, how the electronic record is to be generated, sent, stored or received and where a signature is required,
the type of signature and how the signature is to be affixed to the electronic record.
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 7
Section: 12 Electronic record to comply with specified requirements to
satisfy sections 5, 5A, 6, 7 and 8
14 of 2004 30/06/2004
If the Permanent Secretary has specified any requirement under section 11(2) in relation to an Ordinance, the
information given, presented or retained, the document served or the signature made, as the case may require, for the
purpose of that Ordinance does not satisfy that Ordinance unless it complies with the specified requirements.
(Amended 14 of 2004 s. 8)
Section: 13 Rules of court or procedure only to apply where relevant
authority provides for application
14 of 2004 30/06/2004
(1) Section 5, 5A, 6, 7 or 8 does not apply in relation to information given, presented or retained, documents
served or signatures required for the purposes of any proceedings set out in Schedule 2, unless any rule of law relating
to those proceedings provide for its application.
(2) Subsection (1) is not to be construed as affecting any provision in a rule of law referred to in that
subsection, requiring or permitting, otherwise than by reference to this Ordinance, the use of electronic records or
electronic signatures for the purposes of the proceedings to which the rule of law relates.
(3) Any authority given by a rule of law to make rules (however described) for the purpose of any proceedings
set out in Schedule 2 is to be construed as including a power to provide for-
(a) the application of section 5, 5A, 6, 7 or 8; and
(b) the specification of the matters referred to in section 11(2)(a) and (b), by subsidiary legislation or
otherwise, consequent to such application.
(Amended 14 of 2004 s. 9)
Section: 14 Sections 5, 6, 7 and 8 not to affect specific provisions as to
electronic records in other Ordinances
L.N. 60 of 2000 07/04/2000
If an Ordinance requires or permits giving, presenting or retaining information in the form of an electronic
record or the authentication of information by an electronic signature for the purposes of that Ordinance, but contains
an express provision which-
(a) specifies requirements, procedures or other specifications for that purpose;
(b) requires the use of a specified service; or
(c) confers a discretion on a person whether or when to accept electronic records or electronic signatures
for that purpose,
section 5, 6, 7 or 8 is not to be construed as affecting that express provision.
Section: 15 Consent required for sections 5, 5A and 7 to apply to
transactions between persons who are not government
entities
14 of 2004 30/06/2004
(1) If an Ordinance requires information to be given by a person to another and neither person is or is acting on
behalf of a government entity, section 5(1) applies only if the person to whom the information is to be given consents
to it being given in the form of an electronic record.
(2) If an Ordinance permits information to be given by a person to another and neither person is or is acting on
behalf of a government entity, section 5(2) applies only if the person to whom the information is to be given consents
to it being given in the form of an electronic record.
(2A) If an Ordinance requires a document to be served by a person on another by personal service or by post and
neither person is or is acting on behalf of a government entity, section 5A(1) applies only if the person on whom the
document is to be served consents to it being served in the form of an electronic record. (Added 14 of 2004 s. 10)
(2B) If an Ordinance permits a document to be served by a person on another by personal service or by post and
neither person is or is acting on behalf of a government entity, section 5A(2) applies only if the person on whom the
document is to be served consents to it being served in the form of an electronic record. (Added 14 of 2004 s. 10)
(3) (Repealed 14 of 2004 s. 10)
(4) If an Ordinance requires information to be presented in its original form and neither the person presenting it
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 8
nor the person to whom it is to be presented ("the second mentioned person") is or is acting on behalf of a government
entity, section 7(1) applies only if the second mentioned person consents to it being presented in the form of an
electronic record.
(5) (Repealed 14 of 2004 s. 10)
Section: 16 Sections 5, 6, 7 and 8 not to have effect if their operation
affects other statutory requirements
L.N. 60 of 2000 07/04/2000
(1) If the effect of section 5 on a requirement or permission in an Ordinance for information to be or given in
writing ("requirement for writing") is such that any other requirement in that Ordinance or a related Ordinance (that is
a requirement other than the requirement for writing) cannot be complied with due to the operation of that section,
section 5 does not apply to the requirement for writing.
(2) If the effect of section 6 on a requirement in an Ordinance for the signature of a person is such that any
other requirement in that Ordinance or a related Ordinance (that is a requirement other than the requirement for the
signature of a person) cannot be complied with due to the operation of that section, section 6 does not apply to the
requirement for the signature of a person.
(3) If the effect of section 7 on a requirement in an Ordinance for information to be presented or retained in its
original form ("requirement for original form") is such that any other requirement in that Ordinance or a related
Ordinance (that is a requirement other than the requirement for original form) cannot be complied with due to the
operation of that section, section 7 does not apply to the requirement for original form.
(4) If the effect of section 8 on a requirement in an Ordinance for information to be retained ("requirement for
retention") is such that any other requirement in that Ordinance or a related Ordinance (that is a requirement other than
the requirement for retention) cannot be complied with due to the operation of that section, section 8 does not apply to
the requirement for retention.
Part: V ELECTRONIC CONTRACTS 1 of 2000 07/01/2000
Section: 17 Formation and validity of electronic contracts 14 of 2004 30/06/2004
Remarks:
1. This section has come into operation on 7 January 2000 other than in relation to the matters referred to in
Schedule 1 of this Ordinance.
2. This section has come into operation on 7 April 2000 in relation to the matters referred to in Schedule 1 of this
Ordinance.
(1) For the avoidance of doubt, it is declared that in the context of the formation of contracts, unless otherwise
agreed by the parties, an offer and the acceptance of an offer may be in whole or in part expressed by means of
electronic records.
(2) Where an electronic record is used in the formation of a contract, that contract shall not be denied validity
or enforceability on the sole ground that an electronic record was used for that purpose.
(2A) For the avoidance of doubt, it is declared that in the context of the formation of contracts, if an offer or the
acceptance of an offer is in whole or in part expressed by means of an electronic record, an electronic signature
attached to or logically associated with the electronic record shall not be denied legal effect on the sole ground that it
is an electronic signature. (Added 14 of 2004 s. 11)
(3) For the avoidance of doubt, it is stated that this section does not affect any rule of common law to the effect
that the offeror may prescribe the method of communicating acceptance.
Part: VI ATTRIBUTION OF SENDING AND RECEIVING
ELECTRONIC RECORDS
1 of 2000 07/01/2000
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 9
Section: 18 Attribution of electronic record 1 of 2000 07/01/2000
(1) Unless otherwise agreed between the originator and the addressee of an electronic record, an electronic
record is that of the originator if it was-
(a) sent by the originator;
(b) sent with the authority of the originator; or
(c) sent by an information system programmed by or on behalf of the originator to operate and to send the
electronic record automatically.
(2) Nothing in subsection (1) is to affect the law of agency or the law on the formation of contracts.
Section: 19 Sending and receiving electronic records 1 of 2000 07/01/2000
(1) Unless otherwise agreed between the originator and the addressee of an electronic record, an electronic
record is sent when it is accepted by an information system outside the control of the originator or of the person who
sent the electronic record on behalf of the originator.
(2) Unless otherwise agreed between the originator and the addressee of an electronic record, the time of
receipt of an electronic record is determined as follows-
(a) if the addressee has designated an information system for the purpose of receiving electronic records,
receipt occurs-
(i) at the time when the electronic record is accepted by the designated information system; or
(ii) if the electronic record is sent to an information system of the addressee that is not the designated
information system, at the time when the electronic record comes to the knowledge of the
addressee;
(b) if the addressee has not designated an information system, receipt occurs when the electronic record
comes to the knowledge of the addressee.
(3) Subsections (1) and (2) apply notwithstanding that the place where the information system is located is
different from the place where the electronic record is taken to have been sent or received under subsection (4).
(4) Unless otherwise agreed between the originator and the addressee, an electronic record is taken to have
been-
(a) sent at the place of business of the originator; and
(b) received at the place of business of the addressee.
(5) For the purposes of subsection (4)-
(a) if the originator or the addressee has more than one place of business, the place of business is that
which has the closest relationship to the underlying transaction, or where there is no underlying
transaction, the principal place of business of the originator or the addressee, as the case may be;
(b) if the originator or the addressee does not have a place of business, the place of business is the place
where the originator or the addressee ordinarily resides.
(6) Where the originator and the addressee are in different time zones, time refers to Universal Standard Time.
Part: VII RECOGNITION OF CERTIFICATION AUTHORITIES
AND CERTIFICATES BY GOVERNMENT CHIEF
INFORMATION OFFICER*
L.N. 131 of 2004 01/07/2004
___________________________________________________________________
Note:
* (Amended L.N. 131 of 2004)
Section: 20 Certification authority may apply to Government Chief
Information Officer for recognition
L.N. 131 of 2004 01/07/2004
(1) A certification authority may apply to the Government Chief Information Officer to become a recognized
certification authority for the purposes of this Ordinance.
(2) Subject to subsection (4) and section 21(3), an application under subsection (1) must be made in the
prescribed manner and in a form specified by the Government Chief Information Officer and the applicant must pay
the prescribed fee in respect of the application.
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 10
(3) An applicant must furnish to the Government Chief Information Officer- (Amended L.N. 131 of 2004)
(a) the relevant particulars and documents specified under section 30; (Amended 14 of 2004 s. 12)
(b) a report which-
(i) contains an assessment as to whether the applicant is capable of complying with such provisions
of this Ordinance and of the code of practice as are specified in the code of practice for the
purposes of this subparagraph; and
(ii) is made by a person approved by the Government Chief Information Officer as being qualified to
make such a report; and (Replaced 14 of 2004 s. 12)
(c) a statutory declaration which-
(i) states whether the applicant is capable of complying with such provisions of this Ordinance and
of the code of practice as are specified in the code of practice for the purposes of this
subparagraph; and
(ii) is made by a responsible officer of the applicant. (Added 14 of 2004 s. 12)
(3A) Any report or statutory declaration required to be furnished under subsection (3) must be made at the
expense of the applicant. (Added 14 of 2004 s. 12)
(4) The Government Chief Information Officer may waive- (Amended L.N. 131 of 2004)
(a) the requirements as to manner and form of making the application in subsection (2); or
(b) the requirement of a report or statutory declaration under subsection (3), (Amended 14 of 2004 s. 12)
in relation to a certification authority, in the circumstances specified in subsection (5).
(5) The Government Chief Information Officer may waive the requirements referred to in subsection (4) only
if- (Amended L.N. 131 of 2004)
(a) the applicant is a certification authority with a status in a place outside Hong Kong comparable to that
of a recognized certification authority ("comparable status"); and
(b) the competent authority of that place accords to a recognized certification authority a comparable
status on the basis of it being a recognized certification authority.
(Amended L.N. 131 of 2004)
Section: 21 Government Chief Information Officer may on application
recognize certification authorities
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer may- (Amended L.N. 131 of 2004)
(a) recognize an applicant under section 20 as a recognized certification authority if the Government Chief
Information Officer is satisfied that the applicant is suitable for such recognition; or (Amended L.N.
131 of 2004)
(b) refuse the application for recognition.
(2) The Government Chief Information Officer must give reasons in writing to the applicant for refusing an
application under subsection (1)(b). (Amended L.N. 131 of 2004)
(3) The Government Chief Information Officer may, in recognizing a certification authority referred to in
section 20(4), waive the whole or part of the prescribed fee as the Government Chief Information Officer may decide
in relation to a particular case. (Amended L.N. 131 of 2004)
(4) In determining whether an applicant is suitable for recognition under subsection (1), the Government Chief
Information Officer shall, in addition to any other matter the Government Chief Information Officer considers
relevant, take into account the following- (Amended L.N. 131 of 2004)
(a) whether the applicant has the appropriate financial status for operating as a recognized certification
authority in accordance with this Ordinance and the code of practice;
(b) the arrangements put in place or proposed to be put in place by the applicant to cover any liability that
may arise from its activities relevant for the purposes of this Ordinance;
(c) the system, procedure, security arrangements and standards used or proposed to be used by the
applicant to issue certificates to subscribers;
(d) any report or statutory declaration furnished by the applicant under section 20(3); (Replaced 14 of
2004 s. 13)
(e) whether the applicant and the responsible officers are fit and proper persons; and
(f) the reliance limits set or proposed to be set by the applicant for its certificates.
(5) In determining whether a person referred to in subsection (4)(e) is a fit and proper person, the Government
Chief Information Officer shall, in addition to any other matter the Government Chief Information Officer considers
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 11
relevant, have regard to the following- (Amended L.N. 131 of 2004)
(a) the fact that the person has a conviction in Hong Kong or elsewhere for an offence for which it was
necessary to find that the person had acted fraudulently, corruptly or dishonestly;
(b) the fact that the person has been convicted of an offence against this Ordinance;
(c) if the person is an individual, the fact that the person is an undischarged bankrupt or has entered into a
composition or a scheme of arrangement or a voluntary arrangement within the meaning of the
Bankruptcy Ordinance (Cap 6) within the 5 years preceding the date of the application; and
(d) if the person is a body corporate, the fact that the person is in liquidation, is the subject of a winding-
up order or there is a receiver appointed in relation to it or it has entered into a composition or a
scheme of arrangement or a voluntary arrangement within the meaning of the Bankruptcy Ordinance
(Cap 6) within the 5 years preceding the date of the application.
(6) In recognizing a certification authority under subsection (1), the Government Chief Information Officer
may- (Amended L.N. 131 of 2004)
(a) attach conditions to the recognition; or
(b) specify a period of validity for the recognition.
Section: 22 Government Chief Information Officer may recognize
certificates
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer may recognize certificates issued by a recognized certification
authority as recognized certificates, upon application by that authority.
(2) An applicant under subsection (1) must make the application in the prescribed manner and in a form
specified by the Government Chief Information Officer and furnish to the Government Chief Information Officer the
relevant particulars and documents specified under section 30.
(3) A recognition under subsection (1) may relate to-
(a) all certificates issued by the recognized certification authority;
(b) certificates of a type, class or description; or
(c) particular certificates.
(4) An applicant must pay the prescribed fee (if any) in respect of an application under subsection (1) unless the
Government Chief Information Officer waives it in whole or in part.
(5) In recognizing certificates under this section, the Government Chief Information Officer shall in addition to
any other matter the Government Chief Information Officer considers relevant take into account the following-
(Amended L.N. 131 of 2004)
(a) whether the certificates are issued in accordance with the certification practice statement;
(b) whether the certificates are issued in accordance with the code of practice;
(c) the reliance limit set or proposed to be set for that type, class or description or the particular certificate,
as the case may require; and
(d) the arrangements put in place or proposed to be put in place by the certification authority to cover any
liability that may arise from the issue of that type, class or description or the particular certificate, as
the case may be.
(6) The Government Chief Information Officer may refuse an application under subsection (1).
(7) The Government Chief Information Officer must give reasons in writing to the applicant for refusing an
application under subsection (6).
(8) The Government Chief Information Officer may specify a period of validity for a recognition under this
section.
(9) The Government Chief Information Officer may upon application renew a recognition under this section.
(10) Subsections (2), (3), (4), (5), (6), (7) and (8) apply to a renewal under subsection (9) as they apply to an
application for recognition, subject to necessary modifications. (Amended 14 of 2004 s. 14)
(Amended L.N. 131 of 2004)
Section: 23 Government Chief Information Officer may revoke
recognition
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer may revoke a recognition granted under section 21 or 22 or
renewed under section 22 or 27.
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 12
(2) Before revoking a recognition, the Government Chief Information Officer must give the certification
authority a notice of intention to revoke the recognition specifying the reasons for the intended revocation.
(3) In a notice under subsection (2), the Government Chief Information Officer must invite the certification
authority to make representations as to why the recognition should not be revoked and specify a period for making the
representations.
(4) If the Government Chief Information Officer decides to revoke a recognition, the Government Chief
Information Officer must immediately give the certification authority notice in writing of the decision specifying the
reasons for the decision and the date on which the decision was made.
(5) A revocation of recognition in relation to certificates may relate to all certificates issued by a recognized
certification authority or to a type, class or description of certificates or a particular certificate.
(6) Subject to subsection (7), a revocation takes effect on the expiry of 7 days from the date on which the
decision to revoke the recognition is made.
(7) If the certification authority appeals under section 28 against the revocation, the revocation does not take
effect until the expiry of 7 days from the date on which the Secretary confirms the revocation on appeal.
(Amended L.N. 131 of 2004)
Section: 24 Government Chief Information Officer may suspend
recognition
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer may suspend a recognition granted under section 21 or 22 or
renewed under section 22 or 27 for a period not exceeding 14 days. (Amended L.N. 131 of 2004)
(2) If the Government Chief Information Officer decides to suspend a recognition, the Government Chief
Information Officer must immediately give the certification authority notice in writing of the decision specifying the
reasons for the decision and the date on which the decision was made. (Amended L.N. 131 of 2004)
(3) A suspension of recognition in relation to certificates may relate to all certificates issued by a recognized
certification authority or to a type, class or description of certificates or a particular certificate.
(4) Subject to subsection (5), a suspension takes effect on the expiry of 7 days from the date on which the
decision to suspend the recognition is made.
(5) If the certification authority appeals under section 28 against the suspension, the suspension does not take
effect until the expiry of 7 days from the date on which the Secretary confirms the suspension on appeal.
(6) If the period of suspension expires during the validity of a recognition and the recognition is not revoked,
the recognition is taken to be reinstated.
Section: 25 Matters Government Chief Information Officer may take
into account in revoking or suspending a recognition
L.N. 131 of 2004 01/07/2004
The Government Chief Information Officer may, in revoking or suspending a recognition under section 23 or 24,
in addition to any other matter that the Government Chief Information Officer considers relevant, take into account the
following- (Amended L.N. 131 of 2004)
(a) any matter set out in section 21(4);
(b) whether the certification authority has failed-
(i) to operate in accordance with the certification practice statement;
(ii) to comply with the code of practice;
(iii) to use a trustworthy system; or
(iv) to comply with any provision of this Ordinance; and
(c) any report or statutory declaration furnished by the certification authority under section 43(1) or
43A(1). (Replaced 14 of 2004 s. 15)
Section: 26 Effect of revocation, suspension of recognition or expiry of
validity of recognized certificate
L.N. 7 of 2000 18/02/2000
(1) Where the revocation or suspension of a recognition of a certification authority has taken effect or the
period of validity of a recognition specified under section 21(6)(b) has expired, the provisions of this Ordinance
relating to-
(a) a recognized certification authority do not apply to that certification authority;
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 13
(b) recognized certificates issued by a recognized certification authority do not apply to the certificates
issued by that certification authority; and
(c) digital signatures supported by a recognized certificate issued by a recognized certification authority
do not apply to the digital signatures supported by the certificates issued by that certification authority.
(2) Where the revocation or suspension of the recognition of a recognized certificate has taken effect, the
provisions of this Ordinance relating to a recognized certificate or digital signatures supported by a recognized
certificate do not apply to-
(a) the certificate of which the recognition is revoked or suspended;
(b) any certificate of the type, class or description of certificate the recognition of which is revoked or
suspended;
(c) digital signatures supported by that certificate or a certificate of that type, class or description,
as the case may be.
(3) Where the validity of a recognized certificate or the period of validity of a recognition specified under
section 22(8) has expired, the provisions of this Ordinance relating to recognized certificates issued by a recognized
certification authority and digital signatures supported by a recognized certificate issued by a recognized certification
authority do not apply to the certificate and the digital signatures supported by the certificate.
(4) The revocation or suspension of the recognition of a certification authority does not affect the valid use of a
recognized certificate issued by that certification authority before the revocation or suspension took effect or after the
reinstatement of the recognition.
(5) The revocation or suspension of the recognition of a certificate does not affect the valid use of the
certificate concerned before the revocation or suspension took effect or after the reinstatement of the recognition.
(6) The expiry of the period of validity of the recognition of a certificate specified under section 22(8) or the
expiry of the period of validity of a recognized certificate does not affect the valid use of the certificate concerned
before the expiry of the period of validity of the recognition or the certificate, as the case may be.
(7) The expiry of the period of validity of the recognition of a certification authority specified under section
21(6)(b) does not affect the valid use of a recognized certificate issued by that certification authority during the period
of validity of its recognition.
Section: 27 Government Chief Information Officer may renew
recognition of certification authority
L.N. 131 of 2004 01/07/2004
(1) A certification authority recognized under section 21 may apply to the Government Chief Information
Officer for renewal of a recognition.
(2) An application for renewal must be made at least 30 days before but not earlier than 60 days before the
expiry of the period of validity of the recognition.
(3) An application for renewal must be sent to the Government Chief Information Officer as an electronic
record or delivered by hand to the Government Chief Information Officer or left at the office of the Government Chief
Information Officer during the ordinary business hours of that office.
(4) Subject to subsections (2), (3) and (6), an application for renewal must be made in the prescribed manner
and in a form specified by the Government Chief Information Officer. (Amended 14 of 2004 s. 16)
(5) Subject to subsection (6), an applicant must pay the prescribed fee in respect of an application for renewal.
(5A) An applicant must furnish to the Government Chief Information Officer- (Amended L.N. 131 of 2004)
(a) the relevant particulars and documents specified under section 30;
(b) a report which-
(i) contains an assessment as to whether the applicant is and is capable of complying with such
provisions of this Ordinance and of the code of practice as are specified in the code of practice
for the purposes of this subparagraph; and
(ii) is made by a person approved by the Government Chief Information Officer as being qualified to
make such a report; and
(c) a statutory declaration which—
(i) states whether the applicant is and is capable of complying with such provisions of this
Ordinance and of the code of practice as are specified in the code of practice for the purposes of
this subparagraph; and
(ii) is made by a responsible officer of the applicant. (Added 14 of 2004 s. 16)
(5B) Any report or statutory declaration required to be furnished under subsection (5A) must be made at the
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 14
expense of the applicant. (Added 14 of 2004 s. 16)
(6) The Government Chief Information Officer may, in the circumstances specified in section 20(5), waive the
requirements in subsection (4) or (5A) or the whole or part of the prescribed fee as the Government Chief Information
Officer may decide in relation to a particular case. (Amended 14 of 2004 s. 16)
(6A) In determining an application for renewal, the Government Chief Information Officer shall, in addition to
any other matter the Government Chief Information Officer considers relevant, take into account- (Amended L.N.
131 of 2004)
(a) any matter set out in section 21(4)(a), (b), (c), (e) or (f) which applies to the application for renewal as
it applies to an application for recognition, subject to necessary modifications; and
(b) any report or statutory declaration furnished by the applicant under subsection (5A). (Added 14 of
2004 s. 16)
(6B) Where-
(a) an applicant has furnished to the Government Chief Information Officer a report for the purpose of
complying with the requirements referred to in section 43(1)(a) or 43A(1)(c); and
(b) the Government Chief Information Officer considers that had the report been furnished for the purpose
of complying with the requirements referred to in subsection (5A)(b), it would have satisfied those
requirements,
the Government Chief Information Officer may accept the report, and the report shall, for all purposes, be regarded as
a report that is furnished under subsection (5A)(b) and that satisfies the requirements referred to in that subsection.
(Added 14 of 2004 s. 16)
(6C) Where-
(a) an applicant has furnished to the Government Chief Information Officer a statutory declaration for the
purpose of complying with the requirements referred to in section 43(1)(b) or 43A(1)(d); and
(b) the Government Chief Information Officer considers that had the statutory declaration been furnished
for the purpose of complying with the requirements referred to in subsection (5A)(c), it would have
satisfied those requirements,
the Government Chief Information Officer may accept the statutory declaration, and the statutory declaration shall, for
all purposes, be regarded as a statutory declaration that is furnished under subsection (5A)(c) and that satisfies the
requirements referred to in that subsection. (Added 14 of 2004 s. 16)
(7) In renewing the recognition of a certification authority, the Government Chief Information Officer may-
(Amended L.N. 131 of 2004)
(a) attach conditions to the renewal of the recognition; or
(b) specify a period of validity for the renewed recognition. (Replaced 14 of 2004 s. 16)
(Amended L.N. 131 of 2004)
Section: 28 Certification authority may appeal to Secretary against
decision of Government Chief Information Officer
L.N. 131 of 2004 01/07/2004
(1) A certification authority aggrieved by a decision of the Government Chief Information Officer- (Amended
L.N. 131 of 2004)
(a) refusing an application for recognition under section 21 or 22;
(b) refusing an application for renewal of a recognition under section 22 or 27; or
(c) revoking or suspending a recognition under section 23 or 24,
may appeal to the Secretary against the decision within 7 days from the date on which the relevant decision is made.
(2) An appeal under subsection (1) must be commenced by sending a notice of appeal to the Secretary as an
electronic record or delivering the notice by hand to the Secretary or leaving the notice at the office of the Secretary
during the ordinary business hours of that office.
(3) A certification authority who appeals to the Secretary under this section must also give notice of the appeal
to the Government Chief Information Officer as soon as practicable. (Amended L.N. 131 of 2004)
(4) On appeal under subsection (1), the Secretary may confirm, vary or reverse the decision of the Government
Chief Information Officer. (Amended L.N. 131 of 2004)
(5) The Secretary must give the appellant notice of the decision on appeal, together with reasons-
(a) by sending it to the appellant as an electronic record; or
(b) by sending it by post or registered post to the last known address of the appellant.
(6) If in a particular case it is not reasonably practicable to give the notice of the decision on appeal by either of
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 15
the means specified in subsection (5), the notice is taken to have been given if the Secretary publishes it in the
certification authority disclosure record maintained under section 31 for the appellant.
Section: 29 How Government Chief Information Officer may give
notices under this Part
L.N. 131 of 2004 01/07/2004
(1) A notice or other document the Government Chief Information Officer is required to give to a certification
authority under this Part is taken to have been given if it is- (Amended L.N. 131 of 2004)
(a) sent to the certification authority as an electronic record; or
(b) sent by post or registered post to the last known address of the certification authority.
(2) If in a particular case it is not reasonably practicable to give a notice or other document under this Part by
either of the means specified in subsection (1), the notice or document is taken to have been given if the Government
Chief Information Officer publishes it in the relevant certification authority disclosure record. (Amended L.N. 131 of
2004)
Section: 30 Government Chief Information Officer to specify
particulars and documents by notice in the Gazette
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer must specify by notice published in the Gazette any particulars
and documents to be furnished under sections 20(3)(a), 22(2) and (10) and 27(5A). (Amended 14 of 2004 s. 17; L.N.
131 of 2004)
(2) A notice under subsection (1) is not subsidiary legislation.
Part: VIII CERTIFICATION AUTHORITY DISCLOSURE
RECORDS AND CODE OF PRACTICE
1 of 2000 07/01/2000
Section: 31 Government Chief Information Officer to maintain
certification authority disclosure record
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer must maintain for each recognized certification authority an on-
line and publicly accessible record.
(2) The Government Chief Information Officer must publish in the certification authority disclosure record
information regarding that certification authority relevant for the purposes of this Ordinance (in addition to the
information required to be given in it under other provisions of this Ordinance).
(Amended L.N. 131 of 2004)
Section: 32 Government Chief Information Officer to notify
revocations, suspensions and non-renewals of recognition,
etc.
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer must give notice in the relevant certification authority
disclosure record, immediately- (Amended L.N. 131 of 2004)
(a) when the Government Chief Information Officer makes a decision to revoke a recognition under
section 23(4);
(b) when a revocation has taken effect under section 23(6) or (7);
(c) when the Government Chief Information Officer makes a decision to suspend a recognition under
section 24(2);
(d) when a suspension has taken effect under section 24(4) or (5);
(e) when the recognition of a suspended recognition is reinstated;
(f) when the Government Chief Information Officer receives a notice of appeal under section 28(3); or
(g) on becoming aware that the Secretary has confirmed, varied or reversed the decision of the
Government Chief Information Officer to revoke or suspend a recognition.
(2) Where the revocation or suspension of a recognition has taken effect, the Government Chief Information
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 16
Officer must, as soon as practicable, give notice of the revocation or suspension for at least 3 consecutive days in one
English language daily newspaper and one Chinese language daily newspaper in circulation in Hong Kong.
(3) If a recognized certification authority does not apply for renewal before the end of the period during which
an application for renewal can be made under section 27(2), the Government Chief Information Officer must, at least
21 days before the expiry of the period of validity of the recognition, give notice- (Amended L.N. 131 of 2004)
(a) for at least 3 consecutive days in one English language daily newspaper and one Chinese language
daily newspaper in circulation in Hong Kong; and
(b) in the certification authority disclosure record maintained for the certification authority,
of the date of the expiry of the validity and that the certification authority has not applied for renewal.
(Amended L.N. 131 of 2004)
Section: 33 Government Chief Information Officer may publish code
of practice
L.N. 131 of 2004 01/07/2004
(1) The Government Chief Information Officer may publish in the Gazette a code of practice- (Amended L.N.
131 of 2004)
(a) specifying standards and procedures for carrying out the functions of recognized certification
authorities;
(b) specifying the provisions of this Ordinance and of the code of practice for the purposes of-
(i) section 20(3)(b)(i) and (c)(i);
(ii) section 27(5A)(b)(i) and (c)(i);
(iii) section 43(1)(a)(i) and (b)(i); and
(iv) section 43A(1)(c)(i) and (d)(i).
(2) The code of practice published under subsection (1) may make different provisions for different
circumstances and provide for different cases or classes of cases.
(3) The Government Chief Information Officer may from time to time amend the whole or any part of the code
of practice published under subsection (1) in a manner consistent with the power to publish the code under subsection
(1), and any reference in this Ordinance to the code shall, unless the context otherwise requires, be construed as a
reference to the code as so amended. (Amended L.N. 131 of 2004)
(4) Any code of practice published under subsection (1) is not subsidiary legislation.
(Replaced 14 of 2004 s. 18)
Part: IX POSTMASTER GENERAL TO BE RECOGNIZED
CERTIFICATION AUTHORITY
1 of 2000 07/01/2000
Section: 34 The Postmaster General as recognized certification
authority
1 of 2000 07/01/2000
(1) The Postmaster General is a recognized certification authority for the purposes of this Ordinance.
(2) Part VII does not apply to the Postmaster General as a certification authority.
Section: 35 Postmaster General may perform functions and provide
services of certification authority
1 of 2000 07/01/2000
(1) For the purposes of section 34, the Postmaster General may by himself or by the officers of the Post Office-
(a) perform the functions and provide the services of a certification authority and services incidental or
related to the functions or services of a certification authority; and
(b) do anything that is necessary or expedient for the purposes of paragraph (a) and for complying with
any provision of this Ordinance relating to a recognized certification authority.
(2) The Postmaster General may determine and charge fees for providing the services of a certification
authority or services incidental or related to the functions or services of a certification authority.
(3) The fees determined and charged under subsection (2) shall not be limited by reference to the administrative
or other costs incurred or likely to be incurred or recovery of expenditure in the provision of the services of a
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 17
certification authority or services incidental or related to the functions or services of a certification authority.
(4) The Postmaster General may give particulars of any fees determined under subsection (2) in such manner as
the Postmaster General thinks fit.
Part: X GENERAL PROVISIONS AS TO RECOGNIZED
CERTIFICATION AUTHORITIES
1 of 2000 07/01/2000
Section: 36 Publication of issued and accepted certificates 14 of 2004 30/06/2004
Where a person named or identified, or to be named or identified, in a recognized certificate as the person to
whom the certificate is issued-
(a) accepts the certificate, the recognized certification authority concerned must publish the certificate in a
repository as soon as reasonably practicable after it issues the certificate;
(b) does not accept the certificate, the recognized certification authority concerned must not publish the
certificate.
(Replaced 14 of 2004 s. 19)
Section: 37 Recognized certification authority to use trustworthy
system
14 of 2004 30/06/2004
A recognized certification authority must use a trustworthy system in performing its services-
(a) to issue, revoke or suspend a recognized certificate; or
(b) to publish in a repository or give notice of the issue, revocation or suspension of a recognized
certificate.
(Amended 14 of 2004 s. 20)
Section: 38 Presumption as to correctness of information 1 of 2000 07/01/2000
It shall be presumed, unless there is evidence to the contrary, that the information contained in a recognized
certificate issued by a recognized certification authority (except information identified as subscriber's information
which has not been verified by the recognized certification authority) is correct if the certificate was published in a
repository.
Section: 39 Representations upon issuance of recognized certificate 1 of 2000 07/01/2000
By issuing a recognized certificate, a recognized certification authority represents to any person who reasonably
relies on the information contained in the certificate or a digital signature verifiable by the public key listed in the
certificate, that the recognized certification authority has issued the certificate in accordance with any applicable
certification practice statement incorporated by reference in the certificate, or of which the relying person has notice.
Section: 40 Representations upon publication of recognized certificate 1 of 2000 07/01/2000
By publishing a recognized certificate, a recognized certification authority represents to any person who
reasonably relies on the information contained in the certificate, that the recognized certification authority has issued
the certificate to the subscriber concerned.
Section: 41 Reliance limit 1 of 2000 07/01/2000
(1) A recognized certification authority may, in issuing a recognized certificate, specify a reliance limit in the
certificate.
(2) The recognized certification authority may specify different limits in different recognized certificates or in
different types, classes or description of certificates.
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 18
Section: 42 Liability limits for recognized certification authorities 1 of 2000 07/01/2000
(1) Unless a recognized certification authority waives the application of this subsection, the recognized
certification authority is not liable for any loss caused by reliance on a false or forged digital signature of a subscriber
supported by a recognized certificate issued by that certification authority, if the recognized certification authority has
complied with the requirements of this Ordinance and the code of practice with respect to that certificate.
(2) Unless a recognized certification authority waives the application of this subsection, the recognized
certification authority is not liable in excess of the amount specified in the certificate as its reliance limit, for a loss
caused by reliance on any information-
(a) that the recognized certification authority is required to confirm according to the certification practice
statement and the code of practice; and
(b) which is misrepresented on that recognized certificate or in a repository,
if the recognized certification authority has, in relation to that certificate, complied with the requirements of this
Ordinance and the code of practice.
(3) The limitation of liability under subsection (2) does not apply if the fact was misrepresented due to the
negligence of the recognized certification authority or it was intentionally or recklessly misrepresented by the
recognized certification authority.
Section: 43 Recognized certification authority to furnish report and
statutory declaration on compliance with Ordinance and
code of practice
L.N. 131 of 2004 01/07/2004
(1) At least once in every 12 months, a recognized certification authority must furnish to the Government Chief
Information Officer- (Amended L.N. 131 of 2004)
(a) a report which-
(i) contains an assessment as to whether the certification authority has, from the specified date until
the last day of the period to which the report relates, complied with such provisions of this
Ordinance and of the code of practice as are specified in the code of practice for the purposes of
this subparagraph; and
(ii) is made by a person approved by the Government Chief Information Officer as being qualified to
make such a report; and
(b) a statutory declaration which-
(i) states whether the certification authority has, from the specified date until the last day of the
period to which the statutory declaration relates, complied with such provisions of this Ordinance
and of the code of practice as are specified in the code of practice for the purposes of this
subparagraph; and
(ii) is made by a responsible officer of the certification authority. (Replaced 14 of 2004 s. 21)
(2) Any report or statutory declaration required to be furnished under subsection (1) must be made at the
expense of the certification authority. (Replaced 14 of 2004 s. 21)
(3) The Government Chief Information Officer must publish in the certification authority disclosure record for
the certification authority the respective dates of the report and statutory declaration and the material information in
the report and statutory declaration. (Amended 14 of 2004 s. 21)
(3A) Where-
(a) the certification authority has furnished to the Government Chief Information Officer a report for the
purpose of complying with the requirements referred to in section 27(5A)(b) or 43A(1)(c); and
(b) the Government Chief Information Officer considers that had the report been furnished for the purpose
of complying with the requirements referred to in subsection (1)(a), it would have satisfied those
requirements,
the Government Chief Information Officer may accept the report, and the report shall, for all purposes, be regarded as
a report that is furnished under subsection (1)(a) and that satisfies the requirements referred to in that subsection.
(Added 14 of 2004 s. 21)
(3B) Where-
(a) the certification authority has furnished to the Government Chief Information Officer a statutory
declaration for the purpose of complying with the requirements referred to in section 27(5A)(c) or
43A(1)(d); and
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 19
(b) the Government Chief Information Officer considers that had the statutory declaration been furnished
for the purpose of complying with the requirements referred to in subsection (1)(b), it would have
satisfied those requirements,
the Government Chief Information Officer may accept the statutory declaration, and the statutory declaration shall, for
all purposes, be regarded as a statutory declaration that is furnished under subsection (1)(b) and that satisfies the
requirements referred to in that subsection. (Added 14 of 2004 s. 21)
(4) In subsection (1), "specified date" (指明日期) means-
(a) the date on which recognition is granted under section 21 or section 34 comes into operation; or
(b) the day following the last day of the period for which the last report or last statutory declaration, as the
case may be, was furnished under that subsection,
as the case may require. (Replaced 14 of 2004 s. 21)
(Amended L.N. 131 of 2004)
Section: 43A Recognized certification authority to furnish report and
statutory declaration when required by Government Chief
Information Officer
L.N. 131 of 2004 01/07/2004
(1) Where the Government Chief Information Officer considers that there have been or will be- (Amended
L.N. 131 of 2004)
(a) major changes in-
(i) the financial status of a recognized certification authority for operating as such in accordance
with this Ordinance and the code of practice;
(ii) the arrangements put in place by a recognized certification authority to cover any liability that
may arise from its activities relevant for the purposes of this Ordinance; or
(iii) the system, procedure, security arrangements and standards used by a recognized certification
authority to issue recognized certificates; or
(b) any other major changes that may affect the determination of the Government Chief Information
Officer as to whether to- (Amended L.N. 131 of 2004)
(i) revoke under section 23(1) the recognition of any certification authority or the recognition of any
certificate issued by a recognized certification authority; or
(ii) suspend under section 24(1) the recognition of any certification authority or the recognition of
any certificate issued by a recognized certification authority,
the Government Chief Information Officer may, by notice given to the certification authority, specify the major
changes and require the certification authority to furnish to the Government Chief Information Officer within the
period specified in such notice all or any of the following- (Amended L.N. 131 of 2004)
(c) a report which-
(i) contains an assessment as to-
(A) whether, having regard to the major changes that have occurred, the certification authority
is and is capable of complying;
(B) whether, having regard to the major changes that will occur, the certification authority is
capable of complying,
with such provisions of this Ordinance and of the code of practice as are specified in the code of
practice for the purposes of this subparagraph; and
(ii) is made by a person approved by the Government Chief Information Officer as being qualified to
make such a report; and
(d) a statutory declaration which-
(i) states-
(A) whether, having regard to the major changes that have occurred, the certification authority
is and is capable of complying;
(B) whether, having regard to the major changes that will occur, the certification authority is
capable of complying,
with such provisions of this Ordinance and of the code of practice as are specified in the code of
practice for the purposes of this subparagraph; and
(ii) is made by a responsible officer of the certification authority.
(2) Any report or statutory declaration required to be furnished under subsection (1) must be made at the
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 20
expense of the certification authority.
(3) The Government Chief Information Officer must publish in the certification authority disclosure record for
the certification authority the date of any of the report and statutory declaration and the material information in any of
the report and statutory declaration.
(4) Where-
(a) the certification authority has furnished to the Government Chief Information Officer a report for the
purpose of complying with the requirements referred to in section 27(5A)(b) or 43(1)(a); and
(b) the Government Chief Information Officer considers that had the report been furnished for the purpose
of complying with the requirements referred to in subsection (1)(c), it would have satisfied those
requirements,
the Government Chief Information Officer may accept the report, and the report shall, for all purposes, be regarded as
a report that is furnished under subsection (1)(c) and that satisfies the requirements referred to in that subsection.
(5) Where-
(a) the certification authority has furnished to the Government Chief Information Officer a statutory
declaration for the purpose of complying with the requirements referred to in section 27(5A)(c) or
43(1)(b); and
(b) the Government Chief Information Officer considers that had the statutory declaration been furnished
for the purpose of complying with the requirements referred to in subsection (1)(d), it would have
satisfied those requirements,
the Government Chief Information Officer may accept the statutory declaration, and the statutory declaration shall, for
all purposes, be regarded as a statutory declaration that is furnished under subsection (1)(d) and that satisfies the
requirements referred to in that subsection.
(6) A notice under subsection (1) is taken to have been given by the Government Chief Information Officer to a
recognized certification authority if it is- (Amended L.N. 131 of 2004)
(a) sent to the certification authority as an electronic record; or
(b) sent by post or registered post to the last known address of the certification authority.
(7) If in a particular case it is not reasonably practicable to give a notice under subsection (1) by either of the
means specified in subsection (6), the notice is taken to have been given if the Government Chief Information Officer
publishes it in the relevant certification authority disclosure record.
(Added 14 of 2004 s. 22. Amended L.N. 131 of 2004)
Section: 44 Recognized certification authority to issue a certification
practice statement
L.N. 131 of 2004 01/07/2004
A recognized certification authority must issue and maintain an up to date certification practice statement and
notify the Government Chief Information Officer of changes to the practices of the certification authority as set out in
that statement.
(Amended L.N. 131 of 2004)
Section: 45 Recognized certification authority to maintain repository L.N. 131 of 2004 01/07/2004
(1) A recognized certification authority must maintain or cause to be maintained an on-line and publicly
accessible repository.
(2) The Government Chief Information Officer must publish in the Gazette a list of the repositories maintained
under subsection (1). (Amended L.N. 131 of 2004)
(3) Any list of repositories published under subsection (2) is not subsidiary legislation. (Added 14 of 2004 s.
23)
Part: XI PROVISIONS AS TO SECRECY, DISCLOSURE AND
OFFENCES
1 of 2000 07/01/2000
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 21
Section: 46 Obligation of secrecy 14 of 2004 30/06/2004
(1) Subject to subsection (2), a person who has access to any record, book, register, correspondence,
information, document or other material in the course of performing a function under or for the purposes of this
Ordinance shall not disclose or permit or suffer to be disclosed any information relating to another person as contained
in such record, book, register, correspondence, information, document or other material to any other person.
(Amended 14 of 2004 s. 24)
(2) Subsection (1) does not apply to disclosure-
(a) which is necessary for performing or assisting in the performance of a function under or for the
purposes of this Ordinance;
(b) for the purpose of any criminal proceedings in Hong Kong;
(c) for the purpose of complying with a requirement made under a rule of law with a view to instituting a
criminal proceeding in Hong Kong; or
(d) under the direction or order of a magistrate or court.
(3) A person who contravenes subsection (1) commits an offence and is liable to a fine at level 6 and in the
case of an individual also to imprisonment for 6 months.
Section: 47 False information 1 of 2000 07/01/2000
A person who knowingly or recklessly makes, orally or in writing, signs or furnishes any declaration, return,
certificate or other document or information required under this Ordinance which is untrue, inaccurate or misleading
commits an offence and is liable in the case of an individual to a fine at level 6 and to imprisonment for 6 months and
in any other case, to a fine at level 6.
Section: 48 Other offences 1 of 2000 07/01/2000
A person who makes a false claim that a person is a recognized certification authority commits an offence and is
liable in the case of an individual to a fine at level 6 and to imprisonment for 6 months and in any other case, to a fine
at level 6.
Part: XII SECRETARY'S POWER TO AMEND SCHEDULES
AND MAKE SUBSIDIARY LEGISLATION AND
IMMUNITY OF PUBLIC OFFICERS
1 of 2000 07/01/2000
Section: 49 Regulations L.N. 131 of 2004 01/07/2004
The Secretary may make regulations for all or any of the following-
(a) to prescribe the manner of applying to the Government Chief Information Officer for recognition or
renewal of recognition as a recognized certification authority or for recognition or renewal of
recognition of certificates and the manner of recognition; (Amended L.N. 131 of 2004)
(b) to prescribe the fees payable in respect of applications for the recognition of certification authorities,
the recognition of certificates or the renewal of such recognition;
(c) to prescribe the form of certification practice statements;
(d) to provide for the manner of appealing against a decision of the Government Chief Information Officer
and the procedure for determining appeals; (Amended L.N. 131 of 2004)
(e) to provide for such other matters as are necessary or expedient to give effect to the provisions of this
Ordinance.
Section: 50 Secretary may amend Schedules 14 of 2004 30/06/2004
The Secretary may by order published in the Gazette amend Schedules 1, 2 and 3.
(Amended 14 of 2004 s. 25)
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 22
Section: 51 Protection of public officers 1 of 2000 07/01/2000
(1) No liability is incurred by the Government or a public officer by reason only of the fact that a recognition is
granted, renewed, revoked, suspended or reinstated under Part VII.
(2) Without prejudice to subsection (1), no civil liability is incurred by a public officer in respect of anything
done or omitted to be done by the public officer in good faith in the performance or purported performance of any
function under a Part other than Part VII.
(3) The protection conferred under subsection (2) does not in any way affect the liability, if any, of the
Government for the act or omission of the public officer in the performance or purported performance of the relevant
function.
Schedule: 1 Matters Excluded from Application of Sections 5, 5A, 6, 7,
8 and 17 of this Ordinance under Section 3 of this
Ordinance*
L.N. 141 of 2014 01/04/2015
[sections 3 & 50]
1. The creation, execution, variation, revocation, revival or rectification of a will, codicil or any other testamentary
document.
2. The creation, execution, variation or revocation of a trust (other than resulting, implied or constructive trusts).
3. The creation, execution, variation or revocation of a power of attorney.
4. The making, execution or making and execution of any instrument which is required to be stamped or endorsed
under the Stamp Duty Ordinance (Cap 117) other than a contract note to which an agreement under section 5A
of that Ordinance relates.
5. Government conditions of grant and Government leases.
6. Any deed, conveyance or other document or instrument in writing, judgments, and lis pendens referred to in the
Land Registration Ordinance (Cap 128) by which any parcels of ground tenements or premises in Hong Kong
may be affected.
7. Any assignment, mortgage or legal charge within the meaning of the Conveyancing and Property Ordinance
(Cap 219) or any other contract relating to or effecting the disposition of immovable property or an interest in
immovable property.
8. A document effecting a floating charge referred to in section 2A of the Land Registration Ordinance (Cap 128).
9. Oaths and affidavits.
10. Statutory declarations.
11. Judgments (in addition to those referred to in section 6) or orders of court.
12. A warrant issued by a court or a magistrate.
13. Negotiable instruments (but excluding cheques that bear the words “not negotiable”). (Amended L.N. 141 of
2014)
(Format changes—E.R. 1 of 2013)
________________________________________________________________________________
Note:
* (Amended 14 of 2004 s. 26)
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 23
Schedule: 2 Proceedings in Relation to which Sections 5, 5A, 6, 7 and 8
of this Ordinance do not Apply under Section 13(1) of this
Ordinance*
18 of 2015 13/11/2015
[sections 13(1) & (3) & 50]
Proceedings before any of the following-
(a) the Court of Final Appeal;
(b) the Court of Appeal;
(c) the Court of First Instance;
(ca) the Competition Tribunal established by the Competition Ordinance (Cap 619); (Added 15 of 2014 s.
16)
(d) the District Court;
(e) the Mental Health Review Tribunal established under the Mental Health Ordinance (Cap 136);
(f) the Lands Tribunal;
(g) a coroner appointed under section 3 of the Coroners Ordinance (Cap 504);
(h) the Labour Tribunal;
(i) the Obscene Articles Tribunal established under the Control of Obscene and Indecent Articles
Ordinance (Cap 390);
(j) the Small Claims Tribunal;
(k) a magistrate; (Amended L.N. 59 of 2000)
(l) the Municipal Services Appeals Board established under the Municipal Services Appeals Board
Ordinance (Cap 220); (Added L.N. 59 of 2000)
(m) the Insider Dealing Tribunal established under the Securities (Insider Dealing) Ordinance (Cap 395)
repealed under the Securities and Futures Ordinance (Cap 571); (Added L.N. 59 of 2000. Amended 5
of 2002 s. 407)
(ma) the Securities and Futures Appeals Tribunal or the Market Misconduct Tribunal established under Part
XI or XIII of the Securities and Futures Ordinance (Cap 571); (Added 5 of 2002 s. 407)
(mb) any person arbitrating disputes in accordance with rules made under section 118(2) of the Securities
and Futures Ordinance (Cap 571); (Added 5 of 2002 s. 407)
(n) the Administrative Appeals Board established under the Administrative Appeals Board Ordinance
(Cap 442); (Added L.N. 59 of 2000)
(o) the Appeal Tribunal established under the Buildings Ordinance (Cap 123); (Added L.N. 59 of 2000)
(p) an Appeal Board established under the Town Planning Ordinance (Cap 131); (Added L.N. 59 of 2000)
(q) a Drainage Appeal Board established under the Land Drainage Ordinance (Cap 446); (Added L.N. 59
of 2000)
(r) the Minor Employment Claims Adjudication Board established under the Minor Employment Claims
Adjudication Board Ordinance (Cap 453); (Added L.N. 59 of 2000)
(s) the panel and a tribunal established under the Housing Ordinance (Cap 283); (Added L.N. 59 of 2000)
(t) the Appeal Board established under the Hotel and Guesthouse Accommodation Ordinance (Cap 349);
(Added L.N. 59 of 2000)
(u) the Appeal Board established under the Clubs (Safety of Premises) Ordinance (Cap 376); (Added L.N.
59 of 2000)
(v) the Appeal Board established under the Bedspace Apartments Ordinance (Cap 447); (Added L.N. 59
of 2000)
(w) the Appeal Board established under the Amusement Game Centres Ordinance (Cap 435); (Added L.N.
59 of 2000)
(x) an appeal board established under the Amusement Rides (Safety) Ordinance (Cap 449); (Added L.N.
59 of 2000)
(y) an Appeal Board established under the Air Pollution Control Ordinance (Cap 311); (Added L.N. 59 of
2000)
(z) the Appeal Board established under the Noise Control Ordinance (Cap 400); (Added L.N. 59 of 2000)
(za) an Appeal Board established under the Dumping at Sea Ordinance (Cap 466); (Added L.N. 59 of
2000)
(zb) an Appeal Board established under the Environmental Impact Assessment Ordinance (Cap 499);
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 24
(Added L.N. 59 of 2000)
(zc) an Appeal Board established under the Waste Disposal Ordinance (Cap 354); (Added L.N. 59 of
2000)
(zd) an Appeal Board established under the Water Pollution Control Ordinance (Cap 358); (Added L.N. 59
of 2000)
(ze) the Immigration Tribunal established under the Immigration Ordinance (Cap 115); (Added L.N. 59 of
2000)
(zf) the Registration of Persons Tribunal established under the Registration of Persons Ordinance (Cap
177); (Added L.N. 59 of 2000)
(zg) the Hong Kong Special Administrative Region Passports Appeal Board established under the Hong
Kong Special Administrative Region Passports (Appeal Board) Regulation (Cap 539 sub. leg. A);
(Added L.N. 59 of 2000)
(zh) the Copyright Tribunal established under the Copyright Ordinance (Cap 528); (Added L.N. 59 of
2000)
(zi) an arbitration tribunal established under the Labour Relations Ordinance (Cap 55); (Added L.N. 59 of
2000)
(zj) a board of inquiry established under the Labour Relations Ordinance (Cap 55); (Added L.N. 59 of
2000)
(zk)-(zl) (Repealed 5 of 2002 s. 407)
(zm)a Solicitors Disciplinary Tribunal established under the Legal Practitioners Ordinance (Cap 159);
(Added L.N. 59 of 2000. Amended 7 of 2004 s. 55)
(zn) the Deposit Protection Appeals Tribunal established by the Deposit Protection Scheme Ordinance (Cap
581); (Added 7 of 2004 s. 55. Amended 18 of 2004 s. 69)
(zo) the Construction Workers Appeal Board appointed under the Construction Workers Registration
Ordinance (Cap 583); (Added 18 of 2004 s. 69. Amended 20 of 2004 s. 59)
(zp) the Payment Systems and Stored Value Facilities Appeals Tribunal established under the Payment
Systems and Stored Value Facilities Ordinance (Cap 584); (Replaced 18 of 2015 s. 66)
(zq) the Banking Review Tribunal established under the Banking Ordinance (Cap 155); (Added 19 of 2005
s. 7. Amended 23 of 2005 s. 28; 3 of 2012 s. 22)
(zr) the Civil Celebrant of Marriages Appointment Appeal Board established under the Marriage
Ordinance (Cap 181); (Added 23 of 2005 s. 28. Amended 9 of 2007 s. 63)
(zs) the Unsolicited Electronic Messages (Enforcement Notices) Appeal Board established under the
Unsolicited Electronic Messages Ordinance (Cap 593). (Added 9 of 2007 s. 63)
(Format changes—E.R. 1 of 2013)
________________________________________________________________________________
Note:
* (Amended 14 of 2004 s. 27)
Schedule: 3 Service of Documents E.R. 1 of 2013 25/04/2013
[sections 5A & 50]
Item Enactment
Provision
1. Landlord and Tenant (Consolidation) Ordinance (Cap 7) Section 119Y(1)(a) and (b)
2. Rating Ordinance (Cap 116) Section 50(1)
3. Government Rent (Assessment and Collection) Ordinance (Cap 515) Section 45(1)
4. Mass Transit Railway (Land Resumption and Related Provisions)
Ordinance (Cap 276) (Added L.N. 151 of 2006)
Section 21(1)
5. Roads (Works, Use and Compensation) Ordinance (Cap 370) (Added
L.N. 151 of 2006)
Sections 10(1) and (3) and
29(1)
6. Railways Ordinance (Cap 519) (Added L.N. 151 of 2006) Sections 10(1) and (4),
27(6) and (7) and 34(1)
7. Electricity Ordinance (Cap 406) (Added L.N. 214 of 2007) Section 52
8. Inland Revenue Ordinance (Cap 112) (Added L.N. 214 of 2007) Section 58(2)
Cap 553 - ELECTRONIC TRANSACTIONS ORDINANCE 25
9. Waterworks Regulations (Cap 102 sub. leg. A) (Added L.N. 249 of
2008)
Regulation 49(1)(a) and (b)
10. Census and Statistics Ordinance (Cap 316) (Added L.N. 83 of 2009) Section 12(3)(a) and (b)
11. Business Registration Ordinance (Cap 310) (Added 13 of 2010 s. 30) Section 20
(Schedule 3 added 14 of 2004 s. 28)
(Format changes—E.R. 1 of 2013)
