Electronic Documents
Electronic Commerce Act, 2000
AN ACT TO PROVIDE FOR THE LEGAL RECOGNITION OF ELECTRONIC CONTRACTS, ELECTRONIC WRITING, ELECTRONIC SIGNATURES AND ORIGINAL INFORMATION IN ELECTRONIC FORM IN RELATION TO COMMERCIAL AND NON-COMMERCIAL TRANSACTIONS AND DEALINGS AND OTHER MATTERS, THE ADMISSIBILITY OF EVIDENCE IN RELATION TO SUCH MATTERS, THE ACCREDITATION, SUPERVISION AND LIABILITY OF CERTIFICATION SERVICE PROVIDERS AND THE REGISTRATION OF DOMAIN NAMES, AND TO PROVIDE FOR RELATED MATTERS.
[10th July, 2000]
BE IT ENACTED BY THE OIREACHTAS AS FOLLOWS:
PART 1
Preliminary And General
Short title and commencement.
1.—(1) This Act may be cited as the Electronic Commerce Act, 2000.
(2) This Act shall come into operation on such day or days as the Minister, after consultation with the Minister for Enterprise, Trade and Employment, may appoint by order or orders, either generally or with reference to any particular purpose or provision, and different days may be so appointed for different purposes or different provisions.
Interpretation.
2.—(1) In this Act, unless the context otherwise requires—
“accreditation” means an accreditation under section 29 (2);
“addressee”, in relation to an electronic communication, means a person or public body intended by the originator to receive the electronic communication, but does not include a person or public body acting as a service provider in relation to the processing, receiving or storing of the electronic communication or the provision of other services in relation to it;
“advanced electronic signature” means an electronic signature—
(a) uniquely linked to the signatory,
(b) capable of identifying the signatory,
(c) created using means that are capable of being maintained by the signatory under his, her or its sole control, and
(d) linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
“certificate” means an electronic attestation which links signature verification data to a person or public body, and confirms the identity of the person or public body;
“certification service provider” means a person or public body who issues certificates or provides other services related to electronic signatures;
“Directive” means the European Parliament and Council Directive 1999/93/EC of 13 December, 19991 ;
“electronic” includes electrical, digital, magnetic, optical, electro-magnetic, biometric, photonic and any other form of related technology;
“electronic communication” means information communicated or intended to be communicated to a person or public body, other than its originator, that is generated, communicated, processed, sent, received, recorded, stored or displayed by electronic means or in electronic form, but does not include information communicated in the form of speech unless the speech is processed at its destination by an automatic voice recognition system;
“electronic contract” means a contract concluded wholly or partly by means of an electronic communication;
“electronic signature” means data in electronic form attached to, incorporated in or logically associated with other electronic data and which serves as a method of authenticating the purported originator, and includes an advanced electronic signature;
“excluded law” means a law referred to in section 10 ;
“information” includes data, all forms of writing and other text, images (including maps and cartographic material), sound, codes, computer programmes, software, databases and speech;
“information system” means a system for generating, communicating, processing, sending, receiving, recording, storing or displaying information by electronic means;
“legal proceedings” means civil or criminal proceedings, and includes proceedings before a court, tribunal, appellate body of competent jurisdiction or any other body or individual charged with determining legal rights or obligations;
“Minister” means the Minister for Public Enterprise;
“originator”, in relation to an electronic communication, means the person or public body by whom or on whose behalf the electronic communication purports to have been sent or generated before storage, as the case may be, but does not include a person or public body acting as a service provider in relation to the generation, processing, sending or storing of that electronic communication or providing other services in relation to it;
“person” does not include a public body;
“prescribed” means prescribed by regulations made under section 3 ;
“public body” means—
(a) a Minister of the Government or a Minister of State,
(b) a body (including a Department of State but not including a non-government organisation) wholly or partly funded out of the Central Fund or out of moneys provided by the Oireachtas or moneys raised by local taxation or charges, or
(c) a commission, tribunal, board or body established by an Act or by arrangement of the Government, a Minister of the Government or a Minister of State for a non-commercial public service or purpose;
“qualified certificate” means a certificate which meets the requirements set out in Annex I and is provided by a certification service provider who fulfils the requirements set out in Annex II;
“secure signature creation device” means a signature creation device which meets the requirements set out in Annex III;
“signatory” means a person who, or public body which, holds a signature creation device and acts in the application of a signature by use of the device either on his, her or its own behalf or on behalf of a person or public body he, she or it represents;
“signature creation data” means unique data, such as codes, passwords, algorithms or private cryptographic keys, used by a signatory or other source of the data in generating an electronic signature;
“signature creation device” means a device, such as configured software or hardware used to generate signature creation data;
“signature verification data” means data, such as codes, passwords, algorithms or public cryptographic keys, used for the purposes of verifying an electronic signature;
“signature verification device” means a device, such as configured software or hardware used to generate signature verification data.
(2) In the application of this Act, “writing”, where used in any other Act or instrument under an Act (and whether or not qualified by reference to it being or being required to be under the hand of the writer or similar expression) shall be construed as including electronic modes of representing or reproducing words in visible form, and cognate words shall be similarly construed.
(3) In this Act—
(a) a reference to a section is a reference to a section of this Act, unless it is indicated that a reference to some other enactment is intended,
(b) a reference to a subsection, paragraph or subparagraph is a reference to a subsection, paragraph or subparagraph of the provision in which the reference is made, unless it is indicated that a reference to some other provision is intended,
(c) a reference to an enactment shall, except to the extent that the context otherwise requires, be construed as a reference to that enactment as amended by or under any other enactment, and
(d) a reference to an Annex by number is a reference to the Annex so numbered to the Directive and included in the Schedule to this Act.
(4) Where in any legal proceedings the question of whether—
(a) a body is a non-government organisation, or
(b) a body, commission, tribunal or board is or was established by an Act or by arrangement of the Government, a Minister of the Government or a Minister of State for a non-commercial service or purpose,
is in issue then, for the purpose of establishing whether it is or is not a public body as defined in subsection (1), a document signed by the Minister, a Minister of the Government or a Minister of State declaring that—
(i) he or she is the appropriate Minister for determining whether the body is or is not a non-government organisation, and that in fact it is or is not such an organisation, or
(ii) he or she is the appropriate Minister for determining whether the body, commission, tribunal or board was or was not so established for a non-commercial service or purpose, and that in fact it was or was not so established,
is sufficient evidence of those facts, until the contrary is shown, and the Minister, Minister of the Government or Minister of State may make such a declaration.
Regulations.
3.—(1) The Minister may make regulations prescribing any matter or thing referred to in this Act as prescribed or to be prescribed, or in relation to any matter referred to in this Act as the subject of regulation.
(2) Regulations under this section may contain such incidental, supplementary and consequential provisions as appear to the Minister to be necessary or expedient for the purposes of the regulations or for giving full effect to this Act.
Prosecution of offenses.
6.—(1) Summary proceedings for offences under this Act or a regulation made under section 3 may be brought and prosecuted by the Minister or a person or public body prescribed by the Minister for that purpose.
(2) Notwithstanding section 10 (4) of the Petty Sessions (Ireland) Act, 1851 , summary proceedings for an offence under this Act or a regulation made under section 3 may be commenced at any time within 12 months from the date on which evidence that, in the opinion of the person or public body by whom the proceedings are brought, is sufficient to justify the bringing of the proceedings, comes to that person’s or public body’s knowledge.
(3) For the purpose of subsection (2), a document signed by or on behalf of the person or public body bringing the proceedings as to the date on which the evidence referred to in that subsection came to his, her or its knowledge is prima facie evidence thereof and in those or any other legal proceedings a document purporting to be issued for the purpose of this subsection and to be so signed is taken to be so signed and shall be admitted as evidence without further proof of the signature of the person or public body purporting to sign it.
Offences by bodies corporate.
7.—Where an offence under this Act has been committed by a body corporate and is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of, a person being a director, shadow director (as defined in section 3 (1) of the Companies Act, 1990 ), manager, secretary or other officer of the body corporate, or a person who was purporting to act in any such capacity, that person, as well as the body corporate, shall be guilty of an offence and be liable to be proceeded against and punished as if he or she were guilty of the first-mentioned offence.
Penalties.
8.—A person or public body guilty of an offence under this Act for which no penalty other than by this section is provided shall be liable—
(a) on summary conviction, to a fine not exceeding £1,500 or, at the discretion of the court, to imprisonment for a term not exceeding 12 months, or to both the fine and the imprisonment, or
(b) on conviction on indictment, to a fine not exceeding £500,000 or, at the discretion of the court, to imprisonment for a term not exceeding 5 years, or to both the fine and the imprisonment.
PART 2
Legal Recognition and Non-Discrimination in respect of Electronic Signatures, Originals, Contracts and Related Matters
Legal Recognition of Electronic Communications and Information in Electronic Form
Electronic form not to affect legal validity or enforceability.
9.—Information (including information incorporated by reference) shall not be denied legal effect, validity or enforceability solely on the grounds that it is wholly or partly in electronic form, whether as an electronic communication or otherwise.
Excluded laws.
10.—(1) Sections 12 to 23 are without prejudice to—
(a) the law governing the creation, execution, amendment, variation or revocation of—
(i) a will, codicil or any other testamentary instrument to which the Succession Act, 1965 , applies,
(ii) a trust, or
(iii) an enduring power of attorney,
(b) the law governing the manner in which an interest in real property (including a leasehold interest in such property) may be created, acquired, disposed of or registered, other than contracts (whether or not under seal) for the creation, acquisition or disposal of such interests,
(c) the law governing the making of an affidavit or a statutory or sworn declaration, or requiring or permitting the use of one for any purpose, or
(d) the rules, practices or procedures of a court or tribunal,
except to the extent that regulations under section 3 may from time to time prescribe.
(2) Where the Minister is of the opinion that—
(a) technology has advanced to such an extent, and access to it is so widely available, or
(b) adequate procedures and practices have developed in public registration or other services, so as to warrant such action, or
(c) the public interest so requires,
he or she may, after consultation with such Minister or Ministers as in the Minister’s opinion has or have a sufficient interest or responsibility in relation to the matter, by regulations made under section 3 , for the purpose of encouraging the efficient use of electronic communication facilities and services in commerce and the community generally while at the same time protecting the public interest, extend the application of this Act or a provision of this Act to or in relation to a matter specified in subsection (1) (including a particular aspect of such a matter) subject to such conditions as he or she thinks fit, and the Act as so extended shall apply accordingly.
(3) Without prejudice to the generality of subsection (2), the regulations may apply to a particular area or subject, or for a particular time, in the nature of a trial of technology and procedures.
Certain laws not to be affected.
11.—Nothing in this Act shall prejudice the operation of—
(a) any law relating to the imposition, collection or recovery of taxation or other Government imposts, including fees, fines and penalties,
(b) the Companies Act, 1990 (Uncertificated Securities) Regulations, 1996 ( S.I. No. 68 of 1996 ) or any regulations made in substitution for those regulations,
(c) the Criminal Evidence Act, 1992 , or
(d) the Consumer Credit Act, 1995 , or any regulations made thereunder and the European Communities (Unfair Terms in Consumer Contracts) Regulations, 1995 No. 27 of 1995 ).
Writing.
12.—(1) If by law or otherwise a person or public body is required (whether the requirement is in the form of an obligation or consequences flow from the information not being in writing) or permitted to give information in writing (whether or not in a form prescribed by law), then, subject to subsection (2), the person or public body may give the information in electronic form, whether as an electronic communication or otherwise.
(2) Information may be given as provided in subsection (1) only—
(a) if at the time the information was given it was reasonable to expect that it would be readily accessible to the person or public body to whom it was directed, for subsequent reference,
(b) where the information is required or permitted to be given to a public body or to a person acting on behalf of a public body and the public body consents to the giving of the information in electronic form, whether as an electronic communication or otherwise, but requires—
(i) the information to be given in accordance with particular information technology and procedural requirements, or
(ii) that a particular action be taken by way of verifying the receipt of the information,
if the public body’s requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(c) where the information is required or permitted to be given to a person who is neither a public body nor acting on behalf of a public body—if the person to whom the information is required or permitted to be given consents to the information being given in that form.
(3) Subsections (1) and (2) are without prejudice to any other law requiring or permitting information to be given—
(a) in accordance with particular information technology and procedural requirements,
(b) on a particular kind of data storage device, or
(c) by means of a particular kind of electronic communication.
(4) This section applies to a requirement or permission to give information whether the word “give”, “send”, “forward”, “deliver”, “serve” or similar word or expression is used.
(5) In this section, “give information” includes but is not limited to—
(a) make an application,
(b) make or lodge a claim,
(c) make or lodge a return,
(d) make a request,
(e) make an unsworn declaration,
(f) lodge or issue a certificate,
(g) make, vary or cancel an election,
(h) lodge an objection,
(i) give a statement of reasons,
(j) record and disseminate a court order,
(k) give, send or serve a notification.
Signatures.
13.—(1) If by law or otherwise the signature of a person or public body is required (whether the requirement is in the form of an obligation or consequences flow from there being no signature) or permitted, then, subject to subsection (2), an electronic signature may be used.
(2) An electronic signature may be used as provided in subsection (1) only—
(a) where the signature is required or permitted to be given to a public body or to a person acting on behalf of a public body and the public body consents to the use of an electronic signature but requires that it be in accordance with particular information technology and procedural requirements (including that it be an advanced electronic signature, that it be based on a qualified certificate, that it be issued by an accredited certification service provider or that it be created by a secure signature creation device)— if the public body’s requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(b) where the signature is required or permitted to be given to a person who is neither a public body nor acting on behalf of a public body— if the person to whom the signature is required or permitted to be given consents to the use of an electronic signature.
(3) Subsections (1) and (2) are without prejudice to any other provision of this Act or law requiring or permitting an electronic communication to contain an electronic signature, an advanced electronic signature, an electronic signature based on a qualified certificate, an electronic signature created by a secure signature creation device or other technological requirements relating to an electronic signature.
Signatures required to be witnessed.
14.—(1) If by law or otherwise a signature to a document is required to be witnessed (whether the requirement is in the form of an obligation or consequences flow from the signature not being witnessed) that requirement is taken to have been met if—
(a) the signature to be witnessed is an advanced electronic signature, based on a qualified certificate, of the person or public body by whom the document is required to be signed,
(b) the document contains an indication that the signature of that person or public body is required to be witnessed, and
(c) the signature of the person purporting to witness the signature to be witnessed is an advanced electronic signature, based on a qualified certificate.
(2) An advanced electronic signature based on a qualified certificate may be used as provided in subsection (1) only—
(a) where the signature required or permitted to be witnessed is on a document to be given to a public body or to a person acting on behalf of a public body and the public body consents to the use of an electronic signature of both the person attesting the document and witnessing the signature but requires that the document and signatures be in accordance with particular information technology and procedural requirements (including that a qualified certificate on which the signature or signatures are based be issued by an accredited certification service provider)— if the public body’s requirements are met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(b) where the document on or in respect of which the signature is to be witnessed is required or permitted to be given to a person who is neither a public body nor acting on behalf of a public body— if the person to whom it is required or permitted to be given consents to the use of an advanced electronic signature based on a qualified certificate for that purpose.
Consumer law to apply.
15.—All electronic contracts within the State shall be subject to all existing consumer law and the role of the Director of Consumer Affairs in such legislation shall apply equally to consumer transactions, whether conducted electronically or non-electronically.
Documents under seal.
16.—(1) If by law or otherwise a seal is required to be affixed to a document (whether the requirement is in the form of an obligation or consequences flow from a seal not being affixed) then, subject to subsection (2), that requirement is taken to have been met if the document indicates that it is required to be under seal and it includes an advanced electronic signature, based on a qualified certificate, of the person or public body by whom it is required to be sealed.
(2) An advanced electronic signature based on a qualified certificate may be used as provided in subsection (1) only—
(a) where the document to be under seal is required or permitted to be given to a public body or to a person acting on behalf of a public body and the public body consents to the use of an electronic signature but requires that it be in accordance with particular information technology and procedural requirements (including that a qualified certificate on which it is based be issued by an accredited certification service provider)— if the public body’s requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(b) where the document to be under seal is required or permitted to be given to a person who is neither a public body nor acting on behalf of a public body— if the person to whom it is required or permitted to be given consents to the use of an advanced electronic signature based on a qualified certificate.
Electronic originals.
17.—(1) If by law or otherwise a person or public body is required (whether the requirement is in the form of an obligation or consequences flow from the information not being presented or retained in its original form) or permitted to present or retain information in its original form, then, subject to subsection (2), the information may be presented or retained, as the case may be, in electronic form, whether as an electronic communication or otherwise.
(2) Information may be presented or retained as provided in subsection (1) only—
(a) if there exists a reliable assurance as to the integrity of the information from the time when it was first generated in its final form, whether as an electronic communication or otherwise,
(b) where it is required or permitted that the information be presented— if the information is capable of being displayed in intelligible form to a person or public body to whom it is to be presented,
(c) if, at the time the information was generated in its final form, it was reasonable to expect that it would be readily accessible so as to be useable for subsequent reference,
(d) where the information is required or permitted to be presented to or retained for a public body or for a person acting on behalf of a public body, and the public body consents to the information being presented or retained in electronic form, whether as an electronic communication or otherwise, but requires that it be presented or retained in accordance with particular information technology and procedural requirements— if the public body’s requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(e) where the information is required or permitted to be presented to or retained for a person who is neither a public body nor acting on behalf of a public body— if the person to whom the information is required or permitted to be presented or for whom it is required or permitted to be retained consents to the information being presented or retained in that form.
(3) Subsections (1) and (2) are without prejudice to any other law requiring or permitting information to be presented or retained—
(a) in accordance with particular information technology and procedural requirements,
(b) on a particular kind of data storage device, or
(c) by means of a particular kind of electronic communication.
(4) For the purposes of subsections (1) and (2)—
(a) the criteria for assessing integrity is whether the information has remained complete and unaltered, apart from the addition of any endorsement or change which arises in the normal course of generating, communicating, processing, sending, receiving, recording, storing or displaying, and
(b) the standard of reliability shall be assessed in the light of the purpose for which and the circumstances in which the information was generated.
Retention and production.
18.—(1) If by law or otherwise a person or public body is required (whether the requirement is in the form of an obligation or consequences flow from the information not being retained or produced in its original form) or permitted to retain for a particular period or produce a document that is in the form of paper or other material on which information may be recorded in written form, then, subject to subsection (2), the person or public body may retain throughout the relevant period or, as the case may be, produce, the document in electronic form, whether as an electronic communication or otherwise.
(2) A document may be retained throughout the period, or produced, by the person or public body as provided in subsection (1) only—
(a) if there exists a reliable assurance as to the integrity of the information from the time when it was first generated in its final form as an electronic communication,
(b) in the case of a document to be produced— if the information is capable of being displayed in intelligible form to the person or public body to whom it is to be produced,
(c) in the case of a document to be retained— if, at the time of the generation of the final electronic form of the document, it was reasonable to expect that the information contained in the electronic form of the document would be readily accessible so as to be useable for subsequent reference,
(d) where the document is required or permitted to be retained for or produced to a public body or for or to a person acting on behalf of a public body, and the public body consents to the document being retained or produced in electronic form, whether as an electronic communication or otherwise, but requires that the electronic form of the document be retained or produced in accordance with particular information technology and procedural requirements— if the public body’s requirements have been met and those requirements have been made public and are objective, transparent, proportionate and non-discriminatory, and
(e) where the document is required or permitted to be retained for or produced to a person who is neither a public body nor acting on behalf of a public body— if the person for or to whom the document is required or permitted to be retained or produced consents to it being retained or produced in that form.
(3) Subsections (1) and (2) are without prejudice to any other law requiring or permitting documents in the form of paper or other material to be retained or produced—
(a) in accordance with particular information technology and procedural requirements,
(b) on a particular kind of data storage device, or
(c) by means of a particular kind of electronic communication.
(4) For the purposes of subsections (1) and (2)—
(a) the criteria for assessing integrity is whether the information has remained complete and unaltered, apart from the addition of any endorsement or change which arises in the normal course of generating, communicating, processing, sending, receiving, recording, storing or displaying, and
(b) the standard of reliability shall be assessed in the light of the purpose for which the information was generated and the circumstances in which it was generated.
Contracts.
19.—(1) An electronic contract shall not be denied legal effect, validity or enforceability solely on the grounds that it is wholly or partly in electronic form, or has been concluded wholly or partly by way of an electronic communication.
(2) In the formation of a contract, an offer, acceptance of an offer or any related communication (including any subsequent amendment, cancellation or revocation of the offer or acceptance of the offer) may, unless otherwise agreed by the parties, be communicated by means of an electronic communication.
Acknowledgement of receipt of electronic communications.
20.—(1) Subject to any other law, where the originator of an electronic communication indicates that receipt of the electronic communication is required to be acknowledged but does not indicate a particular form or method of acknowledgement, then, unless the originator and the addressee of the electronic communication agree otherwise, the acknowledgement shall be given by way of an electronic communication or any other communication (including any conduct of the addressee) sufficient to indicate to the originator that the electronic communication has been received.
(2) Where the originator of an electronic communication indicates that receipt of the electronic communication is required to be acknowledged, the electronic communication, in relation to the establishing of legal rights and obligations between parties, shall, until the acknowledgement is received by the originator and unless the parties otherwise agree, be treated as if it had never been sent.
(3) Where the originator of an electronic communication has indicated that receipt of the electronic communication is required to be acknowledged but has not stated that the electronic communication is conditional on the receipt of acknowledgement and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time, then the electronic communication, in relation to the establishing of legal rights and obligations between parties, shall, unless the parties otherwise agree, be treated as if it had never been sent.
Time and place of dispatch and receipt of electronic communications.
21.—(1) Where an electronic communication enters an information system, or the first information system, outside the control of the originator, then, unless otherwise agreed between the originator and the addressee, it is taken to have been sent when it enters such information system or first information system.
(2) Where the addressee of an electronic communication has designated an information system for the purpose of receiving electronic communications, then, unless otherwise agreed between the originator and the addressee or the law otherwise provides, the electronic communication is taken to have been received when it enters that information system.
(3) Where the addressee of an electronic communication has not designated an information system for the purpose of receiving electronic communications, then, unless otherwise agreed between the originator and the addressee, the electronic communication is taken to have been received when it comes to the attention of the addressee.
(4) Subsections (1), (2) and (3) apply notwithstanding that the place where the relevant information system is located may be different from the place where the electronic communication is taken to have been sent or received, as the case may be, under those subsections.
(5) Unless otherwise agreed between the originator and the addressee of an electronic communication, the electronic communication is taken to have been sent from and received at, respectively, the place where the originator and the addressee have their places of business.
(6) For the purposes of subsection (5), but subject to subsection (7)—
(a) if the originator or addressee has more than one place of business, the place of business is the place that has the closest relationship to the underlying transaction or, if there is no underlying transaction, the principal place of business, and
(b) if the originator or addressee does not have a place of business, the place of business is taken to be the place where he or she ordinarily resides.
(7) If an electronic communication is or is in connection with a notification or other communication required or permitted by or under an Act to be sent or given to, or served on, a company at its registered office, the registered office is taken to be the place of business of the company in connection with that electronic communication for the purpose of subsection (5).
Admissibility.
22.—In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility in evidence of—
(a) an electronic communication, an electronic form of a document, an electronic contract, or writing in electronic form—
(i) on the sole ground that it is an electronic communication, an electronic form of a document, an electronic contract, or writing in electronic form, or
(ii) if it is the best evidence that the person or public body adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form,
or
(b) an electronic signature—
(i) on the sole ground that the signature is in electronic form, or is not an advanced electronic signature, or is not based on a qualified certificate, or is not based on a qualified certificate issued by an accredited certification service provider, or is not created by a secure signature creation device, or
(ii) if it is the best evidence that the person or public body adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form.
Defamation law to apply.
23.—All provisions of existing defamation law shall apply to all electronic communications within the State, including the retention of information electronically.
General
Electronic form not required.
24.—Nothing in this Act shall be construed as—
(a) requiring a person or public body to generate, communicate, produce, process, send, receive, record, retain, store or display any information, document or signature by or in electronic form, or
(b) prohibiting a person or public body engaging in an electronic transaction from establishing reasonable requirements about the manner in which the person will accept electronic communications, electronic signatures or electronic forms of documents.
Prohibition of fraud and misuse of electronic signatures and signature creation device.
25.—A person or public body who or which—
(a) knowingly accesses, copies or otherwise obtains possession of, or recreates, the signature creation device of another person or a public body, without the authorisation of that other person or public body, for the purpose of creating or allowing, or causing another person or public body to create, an unauthorised electronic signature using the signature creation device,
(b) knowingly alters, discloses or uses the signature creation device of another person or a public body, without the authorisation of that other person or public body or in excess of lawful authorisation, for the purpose of creating or allowing, or causing another person or public body to create, an unauthorised electronic signature using the signature creation device.
(c) knowingly creates, publishes, alters or otherwise uses a certificate or an electronic signature for a fraudulent or other unlawful purpose,
(d) knowingly misrepresents the person’s or public body’s identity or authorisation in requesting or accepting a certificate or in requesting suspension or revocation of a certificate,
(e) knowingly accesses, alters, discloses or uses the signature creation device of a certification service provider used to issue certificates, without the authorisation of the certification service provider or in excess of lawful authorisation, for the purpose of creating, or allowing or causing another person or a public body to create, an unauthorised electronic signature using the signature creation device, or
(f) knowingly publishes a certificate, or otherwise knowingly makes it available to anyone likely to rely on the certificate or on an electronic signature that is verifiable with reference to data such as codes, passwords, algorithms, public cryptographic keys or other data which are used for the purposes of verifying an electronic signature, listed in the certificate, if the person or public body knows that—
(i) the certification service provider listed in the certificate has not issued it,
(ii) the subscriber listed in the certificate has not accepted it, or
(iii) the certificate has been revoked or suspended, unless its publication is for the purpose of verifying an electronic signature created before such revocation or suspension, or giving notice of revocation or suspension,
is guilty of an offence.
Activities partly outside the State.
26.—The provisions of section 25 extend to activities that took place partly outside the State.
Investigative procedures.
27.—(1) Where, on the sworn information of an officer of the Minister or a member of the Garda Síochána not below the rank of Inspector, a judge of the District Court is satisfied that there are reasonable grounds for suspecting that evidence of or relating to an offence under this Act is to be found at a place specified in the information, the judge may issue a warrant for the search of that place and any persons found at that place.
(2) A warrant issued under this section shall authorise a named officer of the Minister or member of the Garda Síochána, alone or accompanied by such member or other members of the Garda Síochána and such other persons as may be necessary—
(a) to enter, within 7 days from the date of the warrant, and if necessary by the use of reasonable force, the place named in the warrant,
(b) to search the place and any person reasonably suspected of being connected with any activities of the place found thereon, and
(c) to seize anything found there, or anything found in the possession of a person present there at the time of the search, which that officer or member reasonably believes to be evidence of or relating to an offence under this Act and, where the thing seized is or contains information or an electronic communication that cannot readily be accessed or put into intelligible form, to require the disclosure of the information or electronic communication in intelligible form.
(3) An officer of the Minister or member of the Garda Síochána acting in accordance with a warrant issued under this section may require any person found at the place where the search is carried out to give the officer or member the person’s name and address.
(4) A person who or public body which—
(a) obstructs or attempts to obstruct an officer of the Minister or member of the Garda Síochána acting in accordance with a warrant issued under subsection (1),
(b) fails or refuses to comply with a requirement under this section, or
(c) gives a name or address which is false or misleading,
is guilty of a summary offence.
(5) An officer of the Minister or member of the Garda Síochána may retain anything seized under subsection (2)(c) which he or she has reasonable grounds for believing to be evidence of an offence under this Act, for use as evidence in relation to proceedings in relation to any such offence, for such period as is reasonable or, if proceedings are commenced in which the thing is required to be used in evidence, until the conclusion of the proceedings.
(6) In this section, “place” includes any dwelling, any building or part of a building and any vehicle, vessel or structure.
Confidentiality of deciphering data.
28.—Nothing in this Act shall be construed as requiring the disclosure or enabling the seizure of unique data, such as codes, passwords, algorithms, private cryptographic keys, or other data, that may be necessary to render information or an electronic communication intelligible.
PART III
Certification Services
Accreditation and supervision of certification service providers.
29.—(1) A person or public body is not required to obtain the prior authority of any other person or public body to provide certification or other services relating to electronic signatures.
(2) (a) The Minister, after consultation with the Minister for Enterprise, Trade and Employment, may by regulations made under section 3 establish a scheme of voluntary accreditation of certification service providers for the purpose of the Directive and to enhance levels of certification service provision in the State, and may designate accreditation authorities and prescribe such matters relating to their designation as the Minister thinks appropriate for the purpose.
(b) A person or public body who or which provides certification or other services in the State relating to electronic signatures may apply as prescribed to the accreditation authority designated under paragraph (a) to participate in any scheme of voluntary accreditation established pursuant to that paragraph.
(c) The regulations may prescribe—
(i) the rights and obligations specific to the provision of certification services of participants in a scheme of voluntary accreditation, and
(ii) the manner in which the accreditation authority designated under paragraph (a) shall elaborate and supervise compliance with those rights and obligations in accordance with the Directive and, in particular, Annex II.
(d) A participant in a scheme referred to in paragraph (a) shall not exercise a right under the scheme without the prior permission of the accreditation authority.
(3) The Minister shall prescribe a scheme of supervision of certification service providers established in the State who issue qualified certificates to the public.
(4) (a) The Minister may, after consultation with the Minister for Enterprise, Trade and Employment, by order, designate persons or public bodies for the purposes of determining whether secure signature creation devices conform with the requirements of Annex III.
(b) The Minister may, by order, amend or revoke an order under this subsection, including an order under this paragraph.
(5) No civil action shall lie or be maintained against a person or public body designated under or for the purposes of subsection (2), (3) or (4) in respect of any determination made or thing done by the person or public body, in good faith, in the performance or purported performance of a function under a scheme referred to in subsection (2) or (3) or for which he, she or it is designated under subsection (4).
Liability of certification service providers.
30.—(1) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate or guarantees such a certificate, shall be liable for any damage caused to a person who, or public body which, reasonably relies on the certificate unless the certification service provider proves that he, she or it has not acted negligently.
(2) It shall be the duty of every certification service provider who provides to the public a service of issuing certificates and who issues a certificate as a qualified certificate or guarantees such a certificate, to take reasonable steps to ensure—
(a) the accuracy of all information in the qualified certificate as at the time of issue and that the certificate contains all the details required by Annex I to be so contained in a qualified certificate,
(b) that, at the time of the issue of the certificate, the signatory identified in the certificate held the signature creation device corresponding to the signature verification device given or identified in the certificate, and
(c) that the signature creation device and the signature verification device act together in a complementary manner, in cases where the certification service provider generates both.
(3) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate, or guarantees such a certificate, is liable for any damage caused to a person who, or public body which, reasonably relies on the certificate, for the certification service provider’s failure to register or publish notice of the revocation or suspension of the certificate as prescribed, unless the certification service provider proves that he, she or it has not acted negligently.
(4) A certification service provider who provides a service to the public of issuing certificates and who as a part of that service issues a certificate as a qualified certificate, or guarantees such a certificate, may indicate in the qualified certificate limits on the uses of the certificate (including a limit on the value of transactions for which the certificate can be used) and, if the limits are clear and readily identifiable as limitations, the certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes such limits on its uses.
PART 4
Domain Name Registration
Registration of domain names.
31.—(1) The Minister may, by regulations made for the purpose of easy comprehension, fairness, transparency, avoidance of deception, promotion of fair competition and public confidence under section 3 after consultation with the Minister for Enterprise. Trade and Employment and such other persons and public bodies, if any, as the Minister thinks fit, including the body known as the Internet Corporation for Assigned Names and Numbers, authorise, prohibit or regulate the registration and use of the ie domain name in the State.
(2) Without prejudice to the generality of subsection (1), the regulations may prescribe—
(a) designated registration authorities,
(b) the form of registration,
(c) the period during which registration continues in force,
(d) the manner in which, the terms on which and the period or periods for which registration may be renewed,
(e) the circumstances and manner in which registrations may be granted, renewed or refused by the registration authorities,
(f) the right of appeal and appeal processes,
(g) the fees, if any, to be paid on the grant or renewal of registration and the time and manner in which such fees are to be paid,
(h) such other matters relating to registration as appear to the Minister to be necessary or desirable to prescribe.
(3) A person who contravenes or fails to comply with a regulation made pursuant to this section is liable on summary conviction to a fine not exceeding £500.
(4) In this section, “ie domain name” means the top level of the global domain name system assigned to Ireland according to the two-letter code in the International Standard ISO 3166-1 (Codes for Representation of Names of Countries and their Subdivision) of the International Organisation for Standardisation.
SCHEDULE
Annexes to Directive of the European Parliament and of the Council on a Community Framework for Electronic Signatures
Section 2 (3)(d).
ANNEX I
Requirements for qualified certificates
Section 30 (2)(a).
Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the certification-service-provider and the State in which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
(e) signature-verification data which correspond to signature-creation data under the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the certification-service-provider issuing it;
(i) limitations on the scope of use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if applicable.
ANNEX II
Requirements for certification-service-providers issuing qualified certificates
Section 29 (2)(c)(ii).
Certification-service-providers must:
(a) demonstrate the reliability necessary for providing certification services;
(b) ensure the operation of a prompt and secure directory and a secure and immediate revocation service;
(c) ensure that the date and time when a certificate is issued or revoked can be determined precisely;
(d) verify, by appropriate means in accordance with national law, the identity and, if applicable, any specific attributes of the person to which a qualified certificate is issued;
(e) employ personnel who possess the expert knowledge, experience and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic signature technology and familiarity with proper security procedures; they must also apply administrative and managerial procedures which are adequate and correspond to recognised standards;
(f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the processes supported by them;
(g) take measures against forgery of certificates, and, in cases where the certification-service-provider generates signature-creation data, guarantee confidentiality during the process of generating such data;
(h) maintain sufficient financial resources to operate in conformity with the requirements laid down in the Directive, in particular to bear the risk of liability for damages, for example by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an appropriate period of time, in particular for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically;
(j) not store or copy signature-creation data of the person to whom the certification-service-provider provides key management services;
(k) before entering into a contractual relationship with a person seeking a certificate to support his electronic signature, inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the experience of a voluntary accreditation scheme and procedures for complaints and dispute settlement. Such information, which may be transmitted electronically, must be in writing and in readily understandable language. Relevant parts of this information must also be made available on request to third-parties relying on the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that:
—only authorised persons can make entries and changes,
—information can be checked for authenticity,
—certificates are publicly available for retrieval in only those cases for which the certificate-holder’s consent has been obtained, and
—any technical changes comprising these security requirements are apparent to the operator.
ANNEX III
Requirements for secure signature-creation devices
Section 29 (4).
1. Secure signature-creation devices must, by appropriate technical and procedural means, ensure at the least that:
(a) the signature-creation-data used for signature generation can practically occur only once, and that their secrecy is reasonably assured;
(b) the signature-creation-data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology;
(c) the signature-creation-data used for signature generation can be reliably protected by the legitimate signatory against the use of others.
2. Secure signature-creation devices must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process.
1 OJ No. L13/12 of 19/1/2000, p. 13