Taxonomies
- Subject areas > Business, Trade and Industry
- Subject areas > Communications and Media
- Subject areas > Infrastructure and Transportation
Related documents
- Is amended by Consumer Protection Act, 2008
- Is amended by Cybercrimes Act, 2020
- Is amended by Protection of Personal Information Act, 2013
- Is commenced by Electronic Communications and Transactions Act, 2002: Commencement
South Africa
Electronic Communications and Transactions Act, 2002
Act 25 of 2002
- Published in Government Gazette 23708 on 2 August 2002
- Assented to on 31 July 2002
- Commenced on 30 August 2002 by Electronic Communications and Transactions Act, 2002: Commencement
- [This is the version of this document from 1 December 2021.]
- [Amended by Consumer Protection Act, 2008 (Act 68 of 2008) on 31 March 2011]
- [Amended by Protection of Personal Information Act, 2013 (Act 4 of 2013) on 30 June 2021]
- [Amended by Cybercrimes Act, 2020 (Act 19 of 2020) on 1 December 2021]
Chapter I
Interpretation, objects and application
1. Definitions
In this Act, unless the context indicates otherwise—"addressee", in respect of a data message, means a person who is intended by the originator to receive the data message, but not a person acting as an intermediary in respect of that data message;"advanced electronic signature" means an electronic signature which results from a process which has been accredited by the Authority as provided for in section 37;"authentication products or services" means products or services designed to identify the holder of an electronic signature to other persons;"authentication service provider" means a person whose authentication products or services have been accredited by the Accreditation Authority under section 37 or recognised under section 40;"Authority" means the .za Domain Name Authority;"automated transaction" means an electronic transaction conducted or performed, in whole or in part, by means of data messages in which the conduct or data messages of one or both parties are not reviewed by a natural person in the ordinary course of such natural person’s business or employment;"browser" means a computer program which allows a person to read hyperlinked data messages;"cache" means high speed memory that stores data for relatively short periods of time, under computer control, in order to speed up data transmission or processing;"ccTLD" means country code domain at the top level of the Internet’s domain name system assigned according to the two-letter codes in the International Standard ISO 3166-1 (Codes for Representation of Names of Countries and their Subdivision);"certification service provider" means a person providing an authentication product or service in the form of a digital certificate attached to, incorporated in or logically associated with a data message;"Commission" means the National Consumer Commission as defined in section 1 of the Consumer Protection Act 2008;[definition of "Commission" inserted by section 121(1) of Act 68 of 2008]"consumer" means any natural person who enters or intends entering into an electronic transaction with a supplier as the end user of the goods or services offered by that supplier;"Consumer Affairs Committee" [definition of "Consumer Affairs Committee" deleted by section 121(1) of Act 68 of 2008]"critical data" means data that is declared by the Minister in terms of section 53 to be of importance to the protection of the national security of the Republic or the economic and social well-being of its citizens;"critical database" means a collection of critical data in electronic form from where it may be accessed, reproduced or extracted;"critical database administrator" means the person responsible for the management and control of a critical database;"cryptography product" means any product that makes use of cryptographic techniques and is used by a sender or recipient of data messages for the purposes of ensuring—(a)that such data can be accessed only by relevant persons;(b)the authenticity of the data;(c)the integrity of the data; or(d)that the source of the data can be correctly ascertained;"cryptography provider" means any person who provides or who proposes to provide cryptography services or products in the Republic;"cryptography service" means any service which is provided to a sender or a recipient of a data message or to anyone storing a data message, and which is designed to facilitate the use of cryptographic techniques for the purpose of ensuring—(a)that such data or data message can be accessed or can be put into an intelligible form only by certain persons;(b)that the authenticity or integrity of such data or data message is capable of being ascertained;(c)the integrity of the data or data message; or(d)that the source of the data or data message can be correctly ascertained;"cyber inspector" means an inspector referred to in Chapter XII;"data" means electronic representations of information in any form;"data controller" means any person who electronically requests, collects, collates, processes or stores personal information from or in respect of a data subject;"data message" means data generated, sent, received or stored by electronic means and includes—(a)voice, where the voice is used in an automated transaction; and(b)a stored record;"data subject" means any natural person from or in respect of whom personal information has been requested, collected, collated, processed or stored, after the commencement of this Act;"Department" means the Department of Communications;"Director-General" means the Director-General of the Department;"domain name" means an alphanumeric designation that is registered or assigned in respect of an electronic address or other resource on the Internet;"domain name system" means a system to translate domain names into IP addresses or other information;"e-government services" means any public service provided by electronic means by any public body in the Republic;"electronic agent" means a computer program or an electronic or other automated means used independently to initiate an action or respond to data messages or performances in whole or in part, in an automated transaction;"electronic communication" means a communication by means of data messages;"electronic signature" means data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature;"e-mail" means electronic mail, a data message used or intended to be used as a mail message between the originator and addressee in an electronic communication;"home page" means the primary entry point web page of a web site;"hyperlink" means a reference or link from some point in one data message directing a browser or other technology or functionality to another data message or point therein or to another place in the same data message;"ICANN" means the Internet Corporation for Assigned Names and Numbers, a California non-profit public benefit corporation established in terms of the laws of the state of California in the United States of America;"information system" means a system for generating, sending, receiving, storing, displaying or otherwise processing data messages and includes the Internet;"information system services" includes the provision of connections, the operation of facilities for information systems, the provision of access to information systems, the transmission or routing of data messages between or among points specified by a user and the processing and storage of data, at the individual request of the recipient of the service;"intermediary" means a person who, on behalf of another person, whether as agent or not, sends, receives or stores a particular data message or provides other services with respect to that data message;"Internet" means the interconnected system of networks that connects computers around the world using the TCP/IP and includes future versions thereof;"IP address" means the number identifying the point of connection of a computer or other device to the Internet;"Minister" means the Minister of Communications;"originator" means a person by whom, or on whose behalf, a data message purports to have been sent or generated prior to storage, if any, but does not include a person acting as an intermediary with respect to that data message;"person" includes a public body;"personal information" means information relating to an identifiable natural person, including, but not limited to—(a)information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;(b)information relating to the education or the medical, financial, criminal or employment history of the person;(c)any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assigned to the person;(d)the biometric information of the person;(e)the personal opinions, views or preferences of the person;(f)correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;(g)the views or opinions of another individual about the person; and(h)the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person,but excludes information about an individual who has been dead for more than 20 years;[definition of "personal information" substituted by section 110 of Act 4 of 2013]"prescribe" means prescribe by regulation under this Act;"private body" means—(a)a natural person who carries or has carried on any trade, business or profession, but only in such capacity;(b)a partnership which carries or has carried on any trade, business or profession; or(c)any former or existing juristic person,but not a public body;"public body" means—(a)any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or(b)any other functionary or institution when—(i)exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or(ii)exercising a power or performing a function in terms of any legislation;"registrant" means an applicant for or holder of a domain name;"registrar" means an entity which is licensed by the Authority to update a repository;"registry" means an entity licensed by the Authority to manage and administer a specific subdomain;"repository" means the primary register of the information maintained by a registry;"second level domain" means the subdomain immediately following the ccTLD;"SMMEs" means Small, Medium and Micro Enterprises contemplated in the Schedules to the Small Business Development Act, 1996 (Act No. 102 of 1996);"subdomain" means any subdivision of the .za domain name space which begins at the second level domain;"TCP/IP" means the Transmission Control Protocol Internet Protocol used by an information system to connect to the Internet;"TLD" means a top level domain of the domain name system;"third party", in relation to a service provider, means a subscriber to the service provider’s services or any other user of the service provider's services or a user of information systems;"transaction" means a transaction of either a commercial or non-commercial nature, and includes the provision of information and e-government services;"universal access" means access by all citizens of the Republic to Internet connectivity and electronic transactions;"WAP" means Wireless Application Protocol, an open international standard developed by the Wireless Application Protocol Forum Limited, a company incorporated in terms of the laws of the United Kingdom, for applications that use wireless communication and includes Internet access from a mobile phone;"web page" means a data message on the World Wide Web;"web site" means any location on the Internet containing a home page or web page;"World Wide Web" means an information browsing framework that allows a user to locate and access information stored on a remote computer and to follow references from one computer to related information on another computer; and".za domain name space" means the .za ccTLD assigned to the Republic according to the two-letter codes in the International Standard ISO 3166-1.2. Objects of Act
3. Interpretation
This Act must not be interpreted so as to exclude any statutory law or the common law from being applied to, recognising or accommodating electronic transactions, data messages or any other matter provided for in this Act.4. Sphere of application
Chapter II
Maximising benefits and policy framework
Part 1 – National e-strategy
5. National e-strategy
6. Universal access
In respect of universal access, the national e-strategy must outline strategies and programmes to—7. Previously disadvantaged persons and communities
The Minister, in developing the national e-strategy, must provide for ways of maximising the benefits of electronic transactions to historically disadvantaged persons and communities, including, but not limited to—8. Development of human resources
9. SMMEs
The Minister must, in consultation with the Minister of Trade and Industry, evaluate the adequacy of any existing processes, programmes and infrastructure providing for the utilisation by SMMEs of electronic transactions and, pursuant to such evaluation, may—Part 2 – Electronic transactions policy
10. Electronic transactions policy
Chapter III
Facilitating electronic transactions
Part 1 – Legal requirements for data messages
11. Legal recognition of data messages
12. Writing
A requirement in law that a document or information must be in writing is met if the document or information is—13. Signature
14. Original
15. Admissibility and evidential weight of data messages
16. Retention
17. Production of document or information
18. Notarisation, acknowledgement and certification
19. Other requirements
20. Automated transactions
In an automated transaction—Part 2 – Communication of data messages
21. Variation by agreement between parties
This Part only applies if the parties involved in generating, sending, receiving, storing or otherwise processing data messages have not reached agreement on the issues provided for therein.22. Formation and validity of agreements
23. Time and place of communications, dispatch and receipt
A data message—24. Expression of intent or other statement
As between the originator and the addressee of a data message an expression of intent or other statement is not without legal force and effect merely on the grounds that—25. Attribution of data messages to originator
A data message is that of the originator if it was sent by—26. Acknowledgement of receipt of data message
Chapter IV
E-government services
27. Acceptance of electronic filing and issuing of documents
Any public body that, pursuant to any law—28. Requirements may be specified
Chapter V
Cryptography providers
29. Register of cryptography providers
30. Registration with Department
31. Restrictions on disclosure of information
32. Application of Chapter and offences
Chapter VI
Authentication service providers
Part 1 – Accreditation Authority
33. Definition
In this Chapter, unless the context indicates otherwise—"accreditation" means recognition of an authentication product or service by the Accreditation Authority.34. Appointment of Accreditation Authority and other officers
35. Accreditation to be voluntary
Subject to section 30, a person may, without the prior authority of any other person, sell or provide authentication products or services in the Republic.36. Powers and duties of Accreditation Authority
Part 2 – Accreditation
37. Accreditation of authentication products and services
38. Criteria for accreditation
39. Revocation or termination of accreditation
40. Accreditation of foreign products and services
41. Accreditation regulations
The Minister may make regulations in respect of—Chapter VII
Consumer protection
42. Scope of application
43. Information to be provided
44. Cooling-off period
45. ***
[section 45 repealed by section 110 of Act 4 of 2013]46. Performance
47. Applicability of foreign law
The protection provided to consumers in this Chapter, applies irrespective of the legal system applicable to the agreement in question.48. Non-exclusion
Any provision in an agreement which excludes any rights provided for in this Chapter is null and void.49. Complaints to Commission
A consumer may lodge a complaint with the Commission in respect of any non-compliance with the provisions of this Chapter by a supplier.[section 49 substituted by section 121(1) of Act 68 of 2008]Chapter VIII
Protection of personal information
50. ***
[section 50 repealed by section 110 of Act 4 of 2013]51. ***
[section 51 repealed by section 110 of Act 4 of 2013]Chapter IX
Protection of critical databases
52. Scope of critical database protection
The provisions of this Chapter only apply to a critical database administrator and critical databases or parts thereof.53. Identification of critical data and critical databases
The Minister may by notice in the Gazette—54. Registration of critical databases
55. Management of critical databases
56. Restrictions on disclosure of information
57. Right of inspection
58. Non-compliance with Chapter
Chapter X
Domain name authority and administration
Part 1 – Establishment and incorporation of .za domain name authority
59. Establishment of Authority
A juristic person to be known as the .za Domain Name Authority is hereby established for the purpose of assuming responsibility for the .za domain name space as from a date determined by the Minister by notice in the Gazette and by notifying all relevant authorities.60. Incorporation of Authority
61. Authority’s memorandum and articles of association
Part 2 – Governance and staffing of Authority
62. Board of directors of Authority
63. Staff of Authority
Part 3 – Functions of Authority
64. Licensing of registrars and registries
65. Functions of Authority
Part 4 – Finances and reporting
66. Finances of Authority
67. Reports
As soon as practicable after the end of every financial year, the Board must submit a report on its activities during that year to the Minister who must table that report in Parliament.Part 5 – Regulations
68. Regulations regarding Authority
The Authority may, with the approval of the Minister, make regulations regarding—Part 6 – Alternative dispute resolution
69. Alternative dispute resolution
Chapter XI
Limitation of liability of service providers
70. Definition
In this Chapter, "service provider" means any person providing information system services.71. Recognition of representative body
72. Conditions for eligibility
The limitations on liability established by this Chapter apply to a service provider only if—73. Mere conduit
74. Caching
75. Hosting
76. Information location tools
A service provider is not liable for damages incurred by a person if the service provider refers or links users to a web page containing an infringing data message or infringing activity, by using information location tools, including a directory, index, reference, pointer, or hyperlink, where the service provider—77. Take-down notification
78. No general obligation to monitor
79. Savings
This Chapter does not affect—Chapter XII
Cyber inspectors
80. Appointment of cyber inspectors
81. Powers of cyber inspectors
82. Power to inspect, search and seize
83. Obtaining warrant
84. Preservation of confidentiality
Chapter XIII
Cyber crime
85. ***
[section 85 deleted by section 58 of Act 19 of 2020]86. ***
[section 86 deleted by section 58 of Act 19 of 2020]87. ***
[section 87 deleted by section 58 of Act 19 of 2020]88. ***
[section 88 deleted by section 58 of Act 19 of 2020]89. Penalties
A person convicted of an offence referred to in sections 37(3), 40(2), 58(2), 80(5) or 82(2) is liable to a fine or imprisonment for a period not exceeding 12 months.[section 89 substituted by section 58 of Act 19 of 2020]Chapter XIV
General provisions
90. Jurisdiction of courts
A court in the Republic trying an offence in terms of this Act has jurisdiction where—91. Saving of common law
This Chapter does not affect criminal or civil liability in terms of the common law.92 Repeal of Act 57 of 1983
The Computer Evidence Act, 1983, is hereby repealed.93. Limitation of liability
Neither the State, the Minister, nor any employee of the State is liable in respect of any act or omission in good faith and without gross negligence in performing a function in terms of this Act.94. Regulations
The Minister may make regulations regarding any matter that may or must be prescribed in terms of this Act or any matter which it is necessary or expedient to prescribe for the proper implementation or administration of this Act.95. Short title and commencement
This Act is called the Electronic Communications and Transactions Act, 2002, and comes into operation on a date fixed by the President by proclamation in the Gazette.History of this document
01 December 2021 this version
Amended by
Cybercrimes Act, 2020
30 June 2021
31 March 2011
Amended by
Consumer Protection Act, 2008
Read this version
30 August 2002
02 August 2002
31 July 2002
Assented to
Cited documents 11
Act 11
1. | Criminal Procedure Act, 1977 | 3753 citations |
2. | Public Finance Management Act, 1999 | 2230 citations |
3. | Promotion of Access to Information Act, 2000 | 1631 citations |
4. | Banks Act, 1990 | 866 citations |
5. | Constitution of the Republic of South Africa, 1996 | 601 citations |
6. | Alienation of Land Act, 1981 | 242 citations |
7. | Mutual Banks Act, 1993 | 163 citations |
8. | National Small Enterprise Act, 1996 | 126 citations |
9. | Wills Act, 1953 | 78 citations |
10. | Bills of Exchange Act, 1964 | 56 citations |
Documents citing this one 347
Gazette 244
Judgment 59
By-law 17
Act 16
1. | Companies Act, 2008 | 1898 citations |
2. | Consumer Protection Act, 2008 | 1130 citations |
3. | National Credit Act, 2005 | 617 citations |
4. | Independent Communications Authority of South Africa Act, 2000 | 441 citations |
5. | Long-term Insurance Act, 1998 | 296 citations |
6. | Financial Markets Act, 2012 | 211 citations |
7. | Protection of Personal Information Act, 2013 | 194 citations |
8. | Collective Investment Schemes Control Act, 2002 | 143 citations |
9. | Financial Sector Regulation Act, 2017 | 120 citations |
10. | Financial Institutions (Protection of Funds) Act, 2001 | 94 citations |
Government Notice 8
Board Notice 1
1. | Guidelines on the Conduct of Curators, 2015 | 1 citation |
Guide 1
1. | A Practical Approach to Evidence for Judicial Officers |
Provincial Notice 1
1. | Western Cape Land Use Planning Regulations, 2015 | 3 citations |
Subsidiary legislation
Title | Numbered title |
---|---|
Alternative Dispute Resolution Regulations: Amendment | Government Notice 1228 of 2015 |
Alternative Dispute Resolution Regulations: Amendment | Government Notice 1246 of 2017 |
Cryptography Regulations, 2006 | Government Notice R216 of 2006 |
Guidelines for recognition of industry representative bodies of information system service providers, 2006 | Government Notice 1283 of 2006 |
National e-Government strategy and roadmap, 2017 | General Notice 886 of 2017 |
National e-Strategy, 2017 | Government Notice 887 of 2017 |
Notice of responsibility date for the .za domain name space, 2007 | Government Notice 458 of 2007 |