Electronic Commerce Act (Malta)

Electronic Commerce Act

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Unlimited Searches
Weekly Updates on New Laws
Access to 5,345,848 Global Laws from 110 Countries
View the Original Law Side-by-Side with the Translation

Subscribe Now for only USD$40 per month.

Cap 426.fm ELECTRONIC COMMERCE [CAP. 426. 1
CHAPTER 426
ELECTRONIC COMMERCE ACT AN ACT to provide in relation to electronic commerce and to provide for
matters connected therewith or ancillary thereto.
10th May, 2002 ACT III of 2001, as amended by Acts XXVII of 2002, IV of 2004 and XIII
of 2005; Legal Notice 426 of 2007; and Acts XXX of 2007 and XII of 2010.
PART I PRELIMINARY
Short title.1. The short title of this Act is the Electronic Commerce Act. Interpretation. Amended by: XXVII. 2002.59; XIII. 2005.73; XXX. 2007.51, 52; XII. 2010.79.
2. In this Act, unless the context otherwise requires - "the Act" means the Electronic Commerce Act and includes,
unless the context otherwise requires, any regulations made thereunder;
"addressee" in relation to an electronic communication means a person who is intended by the service provider to receive the electronic communication, but does not include a person acting as a service provider with respect to the processing, receiving or storing of that electronic communication or providing other services with respect to it;
"advanced electronic signature" means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can
maintain under his sole control; and (d) it is linked to the data to which it relates in such a
manner that any subsequent change of the data is detectable;
"cert if icate" means an electronic at testat ion, which l inks signature verification data to a person and confirms the identity of that person;
"competent authority" means the authority so designated in terms of article 25(3);
"consumer" means any natural person who is acting for purposes which are outside his trade, business or profession;
"data" means a representation of information, knowledge, facts, concepts or instructions that has been prepared or is being prepared in any manner and has been processed, is being processed or is intended to be processed in an information system, a computer system or a computer network. Data may be in any form or derived from any device or source, including computer memory, computer printouts, any storage media, electronic or otherwise and punched cards;
2 [CAP. 426. ELECTRONIC COMMERCE
"data storage device" means any thing, including a disk, from which data and information is capable of being reproduced with or without the aid of any thing or device;
"electronic communication" means information generated, communicated, processed, sent, received, recorded, stored or displayed by electronic means;
"electronic contract" means a contract concluded wholly or partly by electronic communications or wholly or partly in an electronic form;
"electronic signature" means data in electronic form which are attached to, incorporated in or logically associated with other electronic data and which serve as a method of authentication;
"information" includes information in the form of data, text, images, sound or speech;
"information society service" means any service which is provided at a distance, by electronic means and at the individual request of a recipient of the service, whether such service is provided for consideration or not, and for the purposes of this definition:
(a) "at a distance" means that the service is provided without the parties being simultaneously present;
(b) "by electronic means" means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by any electromagnetic means;
(c) "at the individual request of a recipient of the service" means that the service is provided through the transmission of data on individual request;
"information system" means a system for generating, sending, receiving, recording, storing or otherwise processing electronic communications;
"information technology requirements" includes software, network and data storage requirements;
"Minister" means the Minister responsible for communications; "place of business" in relation to a government, an authority of a
government, a public body, a charitable, philanthropic or similar institution means a place where any operations or activities are carried out by that government, authority, body or institution;
"prescribed" means prescribed by regulations made by the Minister in accordance with the provisions of this Act;
"qualified certificate" means a certificate which meets the requirements established by or under this Act and is provided by a signature certification service provider who fulfils the requirements established by or under this Act;
"recipient of the service" means any person who uses an information society service for the purposes of seeking information
ELECTRONIC COMMERCE [CAP. 426. 3
or making it accessible; "signature certification service provider" means a person who
issues certificates or provides other services related to electronic signatures;
"secure signature creation device" means a signature creation device which meets the requirements laid down in the Fourth Schedule to this Act;
"signature verification data" means data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature;
"signature verification device" means configured software or hardware used to implement the signature verification data;
"transaction" includes a transaction of a non-commercial nature; "voluntary accreditation" means any permission, setting out
rights and obligations specific to the provision of signature certification services, to be granted upon request by the signature certification service provider concerned, by the public or private body charged wi th the e labora t ion of , and superv i s ion of compliance with, such rights and obligations, where the signature certification service provider is not entitled to exercise the rights stemming from the permission until it has received the decision by the body.
PART II APPLICATION OF LEGAL REQUIREMENTS TO
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS
Validity of electronic transactions.
3. For the purposes of any law in Malta and subject to the other provisions of this Act, a transaction is not deemed to be invalid merely because it took place wholly or partly by means of one or more electronic communications.
Excluded laws. Amended by: IV. 2004.48; XXX. 2007.53.
4. (1) Unless otherwise prescribed, the provisions of this Act, other than any provisions relating to signature certif ication services, shall not apply to those activities or areas as are listed in the Fifth Schedule. The Minister may after consultation with the competent authority, by notice in the Gazette amend the Fifth Schedule.
(2) Where the Minister is of the opinion that - (a) technology has advanced to such an extent, and access
to it is so widely available, or (b) adequate procedures and practices have developed in
public registration or other services, so as to warrant such action, or
(c) the public interest so requires, he may, after consultation with that Minister as in his opinion has sufficient interest or responsibility in relation to the matter, by Order in the Gazette extend the application of this Act or a provision of this Act to or in relation to a matter specified in subarticle (1) above, including the applicability to a particular area
4 [CAP. 426. ELECTRONIC COMMERCE
or subject, or for a particular time, for the purposes of a trial of the technology and procedures, subject to such conditions as he thinks fit.
Requirement or permission to give information in writing. Amended by: XXVII. 2002.59.
5. (1) If under any law in Malta a person is required or permitted to give information in writing, that requirement shall be deemed to have been satisfied if the person gives the information by means of an electronic communication:
Provided that - (a) at the time the information was given, it was
reasonable to expect that the information would be readily accessible so as to be useable for subsequent reference; and
(b) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that the information be given in accordance with particular information technology requirements, by means of a particular kind of electronic communication, that person’s requirement has been met; and
(c) if the information is required to be given to a person who is neither a public body nor to a person acting on behalf of a public body, then the person to whom the information is required or permitted to be given, consents to the information being given by means of an electronic communication;
(d) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that a particular action be taken by way of verifying the receipt of the information, that person’s requirement has been met.
(2) For the purposes of this article, giving information includes, but is not limited to, the following:
(a) making an application; (b) making or lodging a claim; (c) giving, sending or serving a notification; (d) lodging a return; (e) making a request; (f) making a declaration; (g) lodging or issuing a certificate; (h) lodging an objection; and (i) making a statement.
(3) For the purposes of this article, a requirement or permission in relation to a person to give information shall extend to and shall be equally applicable to the requirement or information which is stated to be sent, filed, submitted, served or otherwise transmitted and includes similar or cognate expressions, thereof.
Signature. 6. If under any law in Malta the signature of a person is
ELECTRONIC COMMERCE [CAP. 426. 5
required, such requirement is deemed to have been satisfied if such signature is an electronic signature and such signature shall not be denied legal effectiveness on the grounds that it is:
(a) in electronic form; or (b) not based upon a qualified certificate; or (c) not based upon a qualified certificate issued by an
accredited signature certification service provider; or (d) not created by a secure signature creation device: Provided that if the electronic signature is in the form of an
advanced electronic signature, which is based on a qualified certificate and is created by a secure creation device, it shall for all intents and purposes of law be presumed to be the signature of the signatory.
Requirement or permission for production of document and integrity. Amended by: XXVII. 2002.59.
7. (1) Unless otherwise provided by or under this Act, if under any law in Malta, a person is required to produce a document that is in the form of a paper, or of any other substance or material, that requirement is deemed to have been satisfied if the person produces, by means of an electronic communication, an electronic form of that document:
Provided that: (a) having regard to all the relevant circumstances at the
time of the communication, the method of generating the electronic form of the document provided a reliable means of assuring the maintenance of the integrity of the information contained in the document;
(b) at the time the communication was sent, it was reasonable to expect that the information contained in the electronic form of the document would be readily accessible so as to be useable for subsequent reference;
(c) if the document is required to be produced to a person who is neither a public body nor to a person acting on behalf of a public body, then the person to whom the document is required to be produced, consents to the production by means of an electronic communication of an electronic form of the document;
(d) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that an electronic form of the document be given, in accordance with particular information technology requirements, by means of a particular kind of electronic communication, the person’s requirement is satisfied; and
(e) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that a particular action be taken by way of verifying the receipt of the information, the person’s requirement is satisfied.
(2) For the purposes of this article, the integrity of information
6 [CAP. 426. ELECTRONIC COMMERCE
contained in a document is only maintained if the information remains complete and unaltered, save for -
(a) the addition of any endorsement; or (b) any change not being a change to the information,
which is necessary in the normal course of communication, storage or display.
(3) For the purposes of article 8 (1) and (2), the production by means of an electronic communication of an electronic form of a document or the generation of an electronic form of a document shall not give rise to any liability for infringement of the copyright in a work or other subject matter embodied in the document.
Retention of information, documents and communications.
8. (1) If under any law in Malta, a person is required to record information in writing, that requirement is deemed to have been satisfied if the person records the information in electronic form:
Provided that such information in electronic form is readily accessible so as to be useable for subsequent reference and it complies with such regulations as may be prescribed.
(2) If under any law in Malta, a person is required to retain, for a particular period, a document that is in the form of a paper or of any other substance or material, that requirement is deemed to have been satisfied if the person retains an electronic form of the document throughout that period:
Provided that if - (a) having regard to all the relevant circumstances at the
time of the generation of the electronic form of the document, the method of generating the electronic form of the document, provided a reliable means of assuring the maintenance of the integrity of the information contained in that document; and
(b) at the time of the generation of the electronic form of the document, it was reasonable to expect that the information contained in the electronic form of the document would be readily accessible so as to be useable for subsequent reference; and
(c) it complies with such regulations as may be prescribed.
(3) For the purpose of subarticle (2), the integrity of information contained in a document is only maintained if the information has remained complete and unaltered, save for-
(a) the addition of any endorsement; or (b) any change not being a change to the information,
which is necessary in the normal course of communication, storage or display.
(4) If under any law in Malta, a person is required to retain, for a par t icular per iod, informat ion that was the subject of an electronic communication, that requirement is deemed to have been satisfied if that person retains, or causes another person to retain, in
ELECTRONIC COMMERCE [CAP. 426. 7
electronic form, that - (a) at the time of commencement of the retention of the
information, it was reasonable to expect that the information would be readily accessible so as to be useable for subsequent reference; and
(b) having regard to all the relevant circumstances, at the time of commencement of the retention of the information, the method of retaining the information in electronic form provided a reliable means of assuring the maintenance of the integrity of the information contained in the electronic communication; and
(c) throughout that period that person also retains, or causes another person to retain, in electronic form, such additional information obtained as is sufficient to enable the identification of the following:
(i) the origin of the electronic communication; (ii) the destination of the electronic communication;
(iii) the time when the electronic communication was sent;
(iv) the time when the electronic communication was received; and
(d) at the time of commencement of the retention of the additional information specified in paragraph (c) it was reasonable to expect that the additional information would be readily accessible so as to be useable for subsequent reference; and
(e) it complies with such regulations as may be prescribed.
(5) For the purposes of subarticle (4), the integrity of the information which is the subject of an electronic communication is only maintained if the information remains complete and unaltered, save for -
(a) the addition of any endorsement; or (b) any change not being a change to the information,
which arises in the normal course of communication, storage or display.
PART III ELECTRONIC CONTRACTS
Electronic contract.
9. (1) An electronic contract shall not be denied legal effect, validity or enforceability solely on the grounds that it is wholly or partly in electronic form or has been entered into wholly or partly by way of electronic communications or otherwise.
(2) For the purposes of any law relating to contracts, an offer, an acceptance of an offer and any related communication, including any subsequent amendment, cancellation or revocation of the offer, the acceptance of the contract may, unless otherwise agreed by the contracting parties, be communicated by means of electronic communications.
8 [CAP. 426. ELECTRONIC COMMERCE
Formation of electronic contract. Amended by: VII. 2004.49. Substituted by: XXX. 2007.54.
10. (1) Unless otherwise agreed by parties who are not consumers, where the recipient of the service places his order through technological means:
(a) an electronic contract is concluded when after placing his order, the recipient of the service has received from the service provider an acknowledgement of receipt of the order made by the recipient: Provided that the service provider must acknowledge receipt of the order made by the recipient without undue delay and by electronic means; and
(b) the order made by the recipient and the acknowledgement of receipt are deemed to have been received when the parties to whom they are addressed are able to access them.
(2) Unless otherwise agreed by parties who are not consumers, the service provider shall provide the recipient of the service with effective and accessible technical means to identify and correct handling and input errors and accidental transactions prior to the conclusion of the contract.
(3) The provisions of subarticle (1)(a) and of subarticle (2) shall not apply to contracts concluded exclusively by electronic mail or by equivalent individual communications.
Information requirements relating to electronic contracts. Substituted by: VII. 2004.50. Amended by: XXX. 2007.52.
11. (1) Unless otherwise agreed by parties who are not consumers, and without prejudice to any consumer rights under the provisions of any other law, the service provider shall provide information in clear, comprehensive and unambiguous terms regarding the matters set out in the First Schedule, which Schedule may by notice in the Gazette, be amended by the Minister after consultation with the competent authority:
Provided that any such information shall be provided to the addressee prior to the placement of the order by him.
(2) Unless parties who are not consumers have agreed otherwise, a service provider shall indicate which relevant codes of conduct he subscribes to and provide information as to how those codes can be consulted electronically.
(3) Where the service provider provides terms and conditions applicable to the contract to the addressee, the service provider shall make them available to the addressee in a way that allows the addressee to store and reproduce them.
(4) The provisions of subarticles (1) and (2) shall not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications.
PART IV TRANSMISSION OF ELECTRONIC COMMUNICATIONS
Time of dispatch. 12. (1) If an electronic communication enters a single information system outside of the control of the originator, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the dispatch of the electronic
ELECTRONIC COMMERCE [CAP. 426. 9
communication occurs at the time when it enters the information system.
(2) If an electronic communication enters successively two or more information systems outside of the control of the originator, then, unless otherwise agreed between the originator and the addressee of the electronic communication, the dispatch of the electronic communication occurs when it enters the first of those information systems.
Time of receipt.13. (1) If the addressee of an electronic communication has designated an information system for the purpose of receiving electronic communications, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communication is the time when the electronic communication enters the information system.
(2) If the addressee of an electronic communication has not designated an information system for the purpose of receiving electronic communications, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communication is the time when the electronic communication comes to the attention of the addressee.
Place of dispatch and receipt.
14. (1) Save as may be otherwise agreed between the originator and the addressee of an electronic communication -
(a) the electronic communication is deemed to have been dispatched at the place where the originator has his place of business; and
(b) the electronic communication is deemed to have been received at the place where the addressee has his place of business.
(2) For the purposes of the subarticle (1) - (a) if the originator or the addressee has more than one
place of business, and one of those places has a closer relationship to the underlying transaction, that place of business shall be deemed to be the originator’s or the addressee’s place of business; and
(b) if the originator or the addressee has more than one place of business, but paragraph (a) does not apply, the originator’s or the addressee’s principal place of business shall be deemed to be the originator’s or the addressee’s place of business; and
(c) if the originator or addressee does not have a place of business, the originator’s or the addressee’s place of business shall be deemed to be the originator’s or addressee’s ordinary residence.
Attribution of electronic communication.
15. (1) Save as otherwise agreed between the originator and the addressee of an electronic communication, the originator of an electronic communication is bound by that communication only if the communication was sent by him or under his authority.
10 [CAP. 426. ELECTRONIC COMMERCE
(2) Nothing in subarticle (1) shall affect the operation of any law that makes provision for-
(a) the conduct engaged by a person within the scope of the person’s actual or apparent authority to be attributed to another person; or
(b) a person to be bound by conduct engaged in by another person within the scope of the other person’s actual or apparent authority.
(3) An electronic communication between an originator and an addressee shall be deemed to be of the originator if it was sent by an information system programmed to operate automatically by or on behalf of the originator.
(4) An addressee shall have the right to consider each electronic communication received by him as a separate electronic communication and to act on that assumption, except to the extent that such communication is a duplicate of another electronic communication and the addressee knew or should have known, had he exercised reasonable care or used any agreed procedure, that the electronic communication was a duplicate.
PART V PROVISION OF SIGNATURE CERTIFICATION SERVICES
Accreditation of signature certification service providers.
16. (1) The provision of signature certification services or services otherwise related to electronic signatures shall not be subject to prior authorisation.
(2) Without prejudice to the generality of subarticle (1) the Minister may by regulations, introduce and maintain a voluntary accreditation scheme aiming at enhanced levels of signature certification service provision and may designate accreditation authorities and may also make regulations on any other matter relating to such designation as the Minister may deem necessary.
Supervision of signature certification service providers that issue qualified certificates. Amended by: XIII. 2005.74.
17. The Minister may, in the context of the supervision of signature certification service providers established in Malta, prescribe on any of the following matters:
(a) the powers and functions of the competent authority; (b) any other matter relating to the competent authority
which may appear to the Minister to be necessary or desirable.
Liability of signature certification service providers.
18. (1) Signature certification service providers who issue a certificate as a qualified certificate to the public or who guarantee such certificate shall be liable for any damage caused to any person who reasonably relies on such certificate.
(2) It shall be the duty of the signature certification service provider who issues a certificate as a qualified certificate to the public or who guarantees such certificate to reasonably assure -
(a) the accuracy of all information in the qualified certificate as of the time of issue and that the certificate contains all the details prescribed in relation
ELECTRONIC COMMERCE [CAP. 426. 11
to a qualified certificate; (b) that at the time of the issue of the certificate, the
signatory identified in the qualified certificate held the signature creation device corresponding to the signature verification device given or identified in the certificate;
(c) that the signature creation device and the signature verification device act together in a complementary manner, in cases where the signature certification service provider generates the two.
(3) A signature certification service provider who has issued a certificate as a qualified certificate to the public or who has guaranteed such certificate is liable for damage caused to any person who reasonably relies on the certificate for failure to register or publish revocation or suspension of the certificate unless the signature certification service provider proves he has not acted negligently.
(4) A signature certification service provider who issues a certificate as a qualified certificate to the public or who guarantees such certificate may indicate in the qualified certificate limits on the uses of that certificate:
Provided that the limits are clear and readily identifiable as limitations, the signature certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes limits on its user.
(5) A signature certification service provider who issues a certificate as a qualified certificate to the public or who guarantees such certificate may indicate in the qualified certificate a limit on the value of transactions for which the certificate can be used. Any such indicat ion must be c lear and readi ly identi f iable as a limitation.
PART VI INTERMEDIARY SERVICE PROVIDERS
Mere conduit.19. (1) Where an information society service is provided, and such service consists in the transmission, in a communication network, of information provided by the recipient of the service, or the provision of access to a communication network, the provider of such a service shall not be l iable, otherwise than under a prohibitory injunction, for the information transmitted. Provided that such provider:
(a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not select or modify the information contained in
the transmission. (2) The acts of transmission and of the provision of access
referred to in subar t ic le (1) hereof , inc lude the automat ic intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the
12 [CAP. 426. ELECTRONIC COMMERCE
transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
Caching. 20. Where an information society service is provided, and such service consists in the transmission, in a communication network, of information provided by a recipient of the service, the provider of that service shall not be liable for damages for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information’s onward transmission to other recipients of the service upon their request.
Provided that: (a) the provider does not modify the information; (b) the provider complies with the conditions on access to
the information; (c) the provider complies with any conditions regulating
the updating of the information; (d) the provider does not interfere with the technology
used to obtain data on the use of the information; and (e) the provider acts expeditiously to remove or to bar
access to the information upon obtaining actual knowledge of any of the following:
(i) the information at the initial source of the transmission has been removed from the network;
(ii) access to it has been barred; (iii) the Court or other competent authority has
ordered such removal or barring. Hosting. 21. (1) Where an information society service is provided, and
such service consists in the storage of information provided by a recipient of the service, the provider of that service shall not be liable for damages for the information stored at the request of a recipient of the service.
Provided that: (a) the provider does not have actual knowledge that the
activity is illegal and is not aware of facts or circumstances from which illegal activity is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
(2) Subarticle (1) shall not apply when the recipient of the service is acting under the authority or the control of the provider of the service.
Obligations of intermediary service providers.
22. Information society service providers shall promptly inform the public authorities competent in the matter of any alleged illegal activity undertaken or information provided by recipients of their service and shall grant to any such authority upon request
ELECTRONIC COMMERCE [CAP. 426. 13
information enabling the identification of recipients of their service with whom they have storage agreements:
Provided that nothing in this Part of the Act shall be interpreted as imposing an obligation on information society service providers to monitor the information which they transmit or store or to actively seek facts or circumstances indicating illegal activity in connection with the activities described in articles 19 to 21.
PART VII GENERAL
Prohibition on misuse of electronic signatures, signature creation devices, certificates and fraud.
23. (1) No person shall access, copy or otherwise obtain possession of or recreate the signature creation device of another person without authorisation, for the purpose of creating, or allowing or causing another person to create an unauthorised electronic signature using such signature device.
(2) No person shall alter, disclose or use the signature creation device of another person without authorisation, or in excess of lawful authorisation, for the purpose of creating or allowing or causing another person to create an unauthorised electronic signature using such signature creation device.
(3) No person shall create, publish, alter or otherwise use a certificate or an electronic signature for any fraudulent or other unlawful purpose.
(4) No person shall misrepresent his identity or authorisation in requesting or accepting a certificate or in requesting suspension or revocation of a certification.
(5) No person shall access, alter, disclose or use the signature creation device of a signature certification service provider used to issue certif icates without the authorisation of the signature certification service provider, or in excess of lawful authorisation, for the purpose of creating, or allowing or causing another person to create, an unauthorised electronic signature using such signature creation device.
(6) No person shall publish a certificate, or otherwise knowingly make it available to anyone l ikely to rely on the certificate or on an electronic signature that is verifiable with reference to data such as codes, passwords, algorithms, public cryptographic keys or other data which are used for the purposes of verifying an electronic signature, listed in the certificate, if such person knows that -
(a) the signature certification service provider listed in the certificate has not issued it; or
(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying an electronic signature created prior to such revocation or suspension, or giving notice of revocation or
14 [CAP. 426. ELECTRONIC COMMERCE
suspension. (7) No person shall use cryptographic or other similar
techniques for any illegal purpose.
Offences and penalties. Amended by: L.N. 426 of 2007.
24. Any person contravening any of the provisions of this Act or of any regulations made thereunder shall be guilty of an offence and shall, on conviction, be liable to a fine (multa) not exceeding two hundred and thirty-two thousand and nine hundred and thirty- five euro (232,935) or to imprisonment not exceeding six months, or to both such fine and imprisonment, and in the case of a continuous offence to a fine not exceeding two thousand and three hundred and twenty-five euro (2,325) for each day during which the offence continues.
Power to make regulations. Amended by: VII. 2004.51; XIII. 2005.75; L.N. 426 of 2007.
25. (1) The Minister may make regulations to provide for any matter related to electronic commerce in order to give fuller effect to the provisions of this Act , and in part icular, but without prejudice to the generality of the aforesaid, such regulations may provide for -
(a) any derogation from or restriction in relation to any cross-border transaction where this is necessary for one of the following reasons -
(i) public policy, in particular the protection of minors, or the fight against any incitement to hatred on grounds of race, sex, religion, political opinion or nationality;
(ii) the protection of public health; (iii) public security; (iv) consumer protection;
(b) identifying: (i) transactions;
(ii) requirements or permissions to give information in writing;
(iii) requirements or permissions to produce documents;
(iv) requirements to retain information, documents and communications;
(v) signatures; that may be exempt from any provision of this Act;
(c) additional requirements for the use of signatures in electronic communications in the public sector;
(d) the recognition of signature certification service providers who had they been operating in Malta would have satisfied the requirements set out for such providers;
(e) any matter relating to commercial communications, including, but not limited to matters relating to:-
(i) information to be provided in commercial communications;
ELECTRONIC COMMERCE [CAP. 426. 15
(ii) unsolicited commercial communications; (iii) commercial communications by regulated
professions; (f) the authorisation to the competent authority to impose
administrative fines or sanctions on any person acting in contravention of any provision of this Act or of any regulation made thereunder: Provided that - (i) any administrative fine provided for by
regulations made under this article shall not exceed the amount of twenty-three thousand and two hundred and ninety euro (23,290) for each offence and two thousand and three hundred and twenty-five euro (2,325) for each day during which failure to observe the provisions of this Act or of any regulation made thereunder persists;
(ii) administrative fines stipulated in paragraph (i) of this proviso may be increased by regulation up to a maximum of one hundred and sixteen thousand and four hundred and sixty-five euro (116,465) and eleven thousand and six hundred and forty-five euro (11,645) for each day during which any contravention persists, respectively;
Cap. 12.
(iii) regulations made under this paragraph may prescribe that any such administrative penalty or sanction shall be due to the competent authority as a civil debt constituting an executive title for the purposes of Title VII of Part I of Book Second of the Code of Organization and Civil Procedure as if the payment of the amount of the fine had been ordered by a judgement of a court of civil jurisdiction;
(iv) such regulations may also prescribe any right of appeal from decisions of the competent authority to impose an administrative sanction;
(g) procedures to be established for out of court schemes, for the settlement of disputes arising in relation to information society services including appropriate electronic measures;
(h) the compliance with any international obligation entered into by Government in relation to any aspect of electronic commerce regulated by or under this Act.
(2) The Minister may also by regulations amend the Schedules to this Act and prescribe anything that may or is required to be prescribed under this Act.
(3) The Minister shall by Order designate a competent authority which shall be responsible for monitoring and ensuring compliance with the provisions of this Act and for the undertaking of any such other functions as the Minister may from time to time consider necessary.
16 [CAP. 426. ELECTRONIC COMMERCE
English text to prevail.
26. In the case of conflict between the Maltese and English texts of this Act, the English text shall prevail.
ELECTRONIC COMMERCE [CAP. 426. 17
(a) the name and address where the service provider is established; (b) the electronic-mail address where the service provider can be contracted in a
direct manner; (c) the registration number of the service provider in any trade register or of any
professional body if applicable; (d) where the activity of the service provider is subject to an authorisation, the
activities covered by the authorisation granted to the service provider and the particulars of the authority providing such authorisation;
(e) the Value Added Tax (VAT) registration number of the service provider where the service provider undertakes an activity that is subject to VAT;
(f) the different steps to follow to conclude the contract; (g) the technical means for identifying and correcting input errors prior to the
placing of the order; (h) the language or languages in which the contract may be concluded; (i) a statement of whether the concluded contract will be filed by the service
provider and whether it will be accessible.
SECOND SCHEDULE
(Article 2)
Requirements for Qualified Certificates Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate; (b) the identification of the signature certification service provider and the State in
which it is established; (c) the name of the signatory or a pseudonym, which shall be identified as such; (d) provision for a specific attribute of the signatory to be included if relevant,
depending on the purpose for which the certificate is intended; (e) signature-verification data which correspond to signature-creation data under
the control of the signatory; (f) an indication of the beginning and end of the period of validity of the
certificate; (g) the identity code of the certificate; (h) the advanced electronic signature of the signature certification service provider
issuing it;
FIRST SCHEDULE Amended by: VII. 2004.52; XXX. 2007.52.(Article 11)
Information Requirements Relating to Electronic Contracts
18 [CAP. 426. ELECTRONIC COMMERCE
(i) limitations on the scope of the use of the certificate, if applicable; and (j) limits on the value of transactions for which the certificate can be used, if
applicable.
THIRD SCHEDULE
(Article 2)
Requirements for Signature Certification Service Providers Issuing Qualified Certificates
Signature Certification service providers must: (a) demonstrate the reliability necessary for providing signature certification
services; (b) ensure the operation of a prompt and secure directory and a secure and
immediate revocation service; (c) ensure that the date and time when a certificate is issued or revoked can be
determined precisely; (d) verify, by appropriate means in accordance with national law, the identity and,
if applicable, any specific attributes of the person to whom a qualified certificate is issued;
(e) employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic signature technology and familiarity with proper security procedures; they must also apply administrative and management procedures which are adequate and correspond to recognised standards;
(f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the processes supported by them;
(g) take measures against forgery of certificates, and, in cases where the signature certification service provider generates signature-creation data, guarantee confidentiality during the process of generating such data;
(h) maintain sufficient financial resources to operate in conformity with the requirements laid down in the Act, in particular to bear the risk of liability for damages, for example, by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an appropriate period of time, in particular for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically;
(j) not store copy signature-creation data of the person to whom the signature certification service provider provided key management services;
(k) before entering into a contractual relationship with a person seeking a certificate to support his electronic signature, inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the existence of a
ELECTRONIC COMMERCE [CAP. 426. 19
voluntary accreditation scheme and procedures for complains and dispute settlement. Such information, which may be transmitted electronically, must be in writing and in readily understandable language. Relevant parts of this information must also be made available on request to third-parties relying on the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that: - only authorised persons can make entries and changes; - information can be checked for authenticity; - certificates are publicly available for retrieval in only those cases for
which the certificate-holder’s consent has been obtained; and - any technical changes compromising these security requirements are
apparent to the operator.
FOURTH SCHEDULE
(Article 2)
Requirements for Secure Signature-Creation Devices 01. Secure signature creation devices must, by appropriate technical and procedural
means, ensure at the least that: (a) the signature creation data used for signature generation can practically
occur only once, and that their secrecy is reasonably assured; (b) the signature creation data used for signature generation cannot, with
reasonable assurance, be derived and the signature is protected against forgery using currently available technology;
(c) the signature-creation-data used for signature generation can be reliably protected by the legitimate signatory against the use of others.
02. Secure signature creation devices must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process.
(a) the field of taxation; (b) matters in relation to information society services covered by any laws
relating to data protection including the Data Protection Act, the Processing of Personal Data (Electronic Communications Sector) Regulations and the Electronic Communications (Personal Data and Protection of Privacy) Regulations;
(c) questions in relation to agreements or practices governed by competition law;
FIFTH SCHEDULE Added by: VII. 2004.53. Amended by: XXX. 2007.55.
(Article 4) Activities or areas listed in accordance with article 4
20 [CAP. 426. ELECTRONIC COMMERCE
(d) the following activities of information society services: (i) the activities of notaries or equivalent professions to the extent that they
involve a direct and specific connection with the exercise of public authority,
(ii) the representation of a client and defence of his interests before the courts,
(iii) gambling activities which involve wagering a stake with monetary value in games of chance, including lotteries and betting transactions;
(e) contracts that create or transfer rights over immovable property other than leasing rights;
(f) contracts of suretyship granted and on collateral security furnished by persons acting for purposes outside their trade, business or profession;
(g) the law governing the creation, execution, amendment, variation or revocation of:
(i) a will or any other testamentary instrument; (ii) a trust; or (iii) a power of attorney;
(h) any law governing the making of an affidavit or a solemn declaration, or requiring or permitting the use of one for any purpose;
(i) the rules, practices or procedures of a court or tribunal however so described;
(j) any law relating to the giving of evidence in criminal proceedings; (k) any contracts governed by family law.