{"kind":"expression","expression":{"expr_id":"70","doc_id":"70","label":"2003 Revision","is_as_enacted":"f","commenced_on":null,"superseded_on":null,"valid_from":null,"valid_to":null,"is_current":"t","incorporating":null,"akn_expr_iri":"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01","akn_envelope":"{\"_canary\": {\"iri\": {\"work\": \"\/akn\/ky\/act\/2000\/7\", \"expression\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01\", \"manifestation\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01.pdf\"}, \"pdf\": {\"md5\": \"bd87e1bb0009d91ad2a8ceb4c493160a\", \"path\": \"\/Users\/q\/kyleg-data\/working\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.pdf\", \"pages\": 26, \"filename\": \"2000-0007_2003 Revision.pdf\"}, \"errors\": [], \"extraction\": {\"model\": null, \"stats\": {\"word_count\": 8168, \"paragraph_count\": 40, \"text_char_count\": 53605}, \"usage\": null, \"method\": \"pymupdf-text\", \"version\": \"kyleg-akn-1.0\", \"extracted_at\": \"2026-06-22\"}, \"classification\": \"text_layer\", \"validation_flags\": [], \"docai_processor_id\": null}, \"akomaNtoso\": {\"act\": {\"body\": [{\"eId\": \"sec_n1\", \"num\": null, \"text\": \"Electronic Transactions Law 16. 17. Part V - Electronic Signatures 18. 19. 20. 21. 22. 23. Part VI - Information Security Service Providers 24. 25. 26. 27. 28. 29. 30. 31. Part VII - Intermediaries and E-commerce Service Providers 32. Part VIII - Data Protection 33. 34. Part IX - Miscellaneous 35. 36. 37. 38. 39. Electronic Transactions Law ELECTRONIC TRANSACTIONS LAW (2003 Revision) ENACTED by the Legislature of the Cayman Islands. PART 1 \u2013 Introductory\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_1\", \"num\": \"1.\", \"text\": \"Short title 1. This Law may be cited as the Electronic Transactions Law (2003 Revision).\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_2\", \"num\": \"2.\", \"text\": \"Definitions 2. In this Law \u2014 \u201caddressee\u201d, in relation to an electronic record, means a person who is intended by the originator to receive the electronic record, but does not include a person acting as an intermediary with respect to that electronic record; \u201cAuthority\u201d means the Information and Communications Technology (ICT) Authority established by section 3 of the Information and Communications Technology Law, 2001 [Law 4 of 2002]; \u201cBoard\u201d means the e-Business Advisory Board appointed under section 39; \u201ccertificate\u201d means an electronic record which purports to ascertain the identity of a person or entity who, at the time of creation of that record, controls a particular signature device; \u201cdata controller\u201d means a person who, either alone or jointly or in common with other persons, determines the purposes for which and the manner in Electronic Transactions Law which any personal data is, or is to be, stored, altered, transmitted, distributed or otherwise processed; \u201cdata processor\u201d means a person who processes personal data on behalf of a data controller; \u201cdeliver\u201d includes give, serve and file; \u201ce-commerce service provider\u201d means a person who uses electronic means in providing real or personal property, services or information; \u201celectronic\u201d means relating to technology having electrical, magnetic, optical, electromagnetic, or similar capabilities, whether digital, analogue or otherwise; \u201celectronic agent\u201d means a program, or other electronic or automated means, configured and enabled by a person, that is used to initiate or respond to an electronic record or event in whole or in part, without review by an individual; \u201celectronic record\u201d means a record processed and maintained by electronic means; \u201celectronic signature\u201d means an electronic sound, symbol or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record; \u201cGovernor\u201d, except in the definition \u201cministry or portfolio\u201d, means Governor in Council; \u201cinformation\u201d includes data, text, images, sounds, codes, computer programmes, software and databases; \u201cinformation processing system\u201d means an electronic system for processing information; \u201cinformation security service\u201d and \u201cinformation security procedure\u201d includes a service or procedure which is provided to an originator, intermediary or recipient of an electronic record, and which is designed to \u2014 (a) secure that that record can be accessed, or can be put into an intelligible form, only by certain persons; or (b) secure that \u2014 (i) the authenticity; (ii) the time of processing; or (iii) the integrity, of such a record is capable of being ascertained; \u201cintermediary\u201d, with respect to an electronic record, means a person who processes that electronic record for another person; \u201cMinister\u201d means the minister for the time being responsible for commerce; Electronic Transactions Law \u201cministry or portfolio\u201d includes the office of the Governor, the office of the Auditor-General and the courts\u2019 administrative service; \u201coriginator\u201d, in relation to an electronic record, means a person who \u2014 (a) sends an electronic record; (b) instructs another to send an electronic record on his behalf; or (c) has an electronic record sent by his electronic agent, but does not include \u2014 (i) a person who sends an electronic record on the instructions of another; or (ii) a person acting as an intermediary with respect to that electronic record; \u201cpersonal data\u201d means data which relate to a person who can be identified \u2014 (a) from those data; or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about that person and any indication of the intentions of the data controller or any other person in respect of that person; \u201cprescribed\u201d means prescribed in regulations made by the Governor; \u201cprocess\u201d, in relation to an electronic record, means create, generate, send, transmit, receive, store, communicate, modify or display the record; \u201crecord\u201d means information that is inscribed, stored or otherwise maintained on a tangible medium or that is stored in an electronic or any other medium and is accessible in a perceivable form; \u201csignature device\u201d means unique data or a uniquely configured physical device, which is used by the signatory for the purposes of creating an electronic signature; and \u201ctransaction\u201d means a transaction whether or not for consideration and whether or not of a commercial nature.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_3\", \"num\": \"3.\", \"text\": \"Exclusions 3. (1) This Law shall not apply to any rule of law requiring writing or signatures for the creation, execution, variation or revocation of a will or other testamentary instrument. (2) The Governor may provide, by regulations subject to affirmative resolution, that this Law, or such of its provisions as may be specified in the regulations, shall not apply to any class of transactions, persons, matters or things. Electronic Transactions Law\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_4\", \"num\": \"4.\", \"text\": \"Variation by agreement 4. The provisions of Part II, so far as they relate to a contract or deed, (except section 15(b) and (c) and Parts III, IV and V (except sections 20 and 22(2) to (6) may be varied or excluded by agreement.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_5\", \"num\": \"5.\", \"text\": \"Crown to be bound 5. (1) This Law binds the Crown. (2) Notwithstanding subsection (1), nothing in this Law shall require a ministry or portfolio to process an electronic record, but either the Minister or the appropriate minister or official member may, by notice published in the Gazette, indicate that a ministry or portfolio will process electronic records relating to such matters as may be specified in the notice. (3) Until a notice under subsection (2) is published, no person dealing with such ministry or portfolio shall be entitled, by means of an electronic record, to satisfy a requirement to process a record. Part II - Legal Requirements Respecting Electronic Records\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_6\", \"num\": \"6.\", \"text\": \"Legal recognition of electronic record 6. Information shall not be denied legal effect or validity solely on the ground that it is \u2014 (a) in the form of an electronic record; or (b) referred to but not contained in an electronic record.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_7\", \"num\": \"7.\", \"text\": \"Writing 7. (1) Where a document, record or information is required or permitted by any statutory provision, rule of law, contract or deed to be in writing, or is described in any statutory provision or contract as being written, that requirement, permission or description may be met by information in the form of an electronic record. (2) Subsection (1) shall apply if the requirement for the document, record or information to be in writing is in the form of an obligation or if the statutory provision, rule of law, contract or deed provides consequences if it is not in writing.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_8\", \"num\": \"8.\", \"text\": \"Delivery 8. (1) Where a document, record or information is required or permitted by any statutory provision, rule of law, contract or deed to be delivered or sent to a person, that requirement or permission may be met by delivery of it in the form of an electronic record if \u2014 Electronic Transactions Law (a) the format of the electronic record and the means of delivery is acceptable to the parties; and (b) where the originator of the electronic record states that the receipt of the electronic record is to be acknowledged, the addressee has knowingly acknowledged the receipt. (2) Subsection (1) applies whether or not the requirement for delivery or sending is in the form of an obligation or whether or not the statutory provision, rule of law, contract or deed provides consequences for the document, record or information not being delivered or sent.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_9\", \"num\": \"9.\", \"text\": \"Original form 9. (1) (a) Where a statutory provision, rule of law, contract or deed requires conclusive evidence of the original form of a document, record or information to be presented or retained, that requirement shall be met by the presentation or retention of an electronic record if the document, record or information is accurately represented therein. (b) Paragraph (a) shall apply if the requirement for the presentation or retention of evidence of the original form of document, record or information is in the form of an obligation or if the statutory provision, rule of law, contract or deed provides consequences if conclusive evidence of the original form of document, record or information is not provided. (2) (a) Where a statutory provision, rule of law, contract or deed requires a document, record or information to be presented or retained in its original form and such document, record or information was first generated in its final form as an electronic record, that requirement shall be met by the presentation or retention of an electronic record if the document, record or information is accurately represented therein. (b) Paragraph (a) shall apply if the requirement to present or retain the document, record or information in its original form is in the form of an obligation or if the statutory provision, rule of law, contract or deed provides consequences if the original form of the document, record or information is not presented or retained. (3) For the purposes of subsections (1) and (2), the document, record or information is accurately represented where it has remained complete and unaltered from the time it was first generated in its final form, whether as an electronic record or on any other medium, apart from the application of an information security procedure, or apart from \u2014 (a) the addition of an endorsement; or Electronic Transactions Law (b) an immaterial change, which arises in the normal course of communication, translation, conversion, storage or display.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_10\", \"num\": \"10.\", \"text\": \"Retention of records 10. (1) Where documents, records or information are required by any statutory provision, rule of law, contract or deed to be retained, that requirement is met by retaining them in the form of electronic records if \u2014 (a) the information contained in the electronic record is accessible and capable of retention for subsequent reference; (b) the electronic record is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the document, record or information when it was generated, sent or received; and (c) any information that enables the identification of the origin and destination of an electronic record and the date and time when it was sent and received is retained. (2) An obligation to retain documents, records or information, under subsection (1) does not extend to information, the sole purpose of which is to enable the message to be sent or received. (3) A person may satisfy the requirement referred to in subsection (1) by using the services of another person, if the conditions set out in subsection (1)(a), (b) and (c) are met.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_11\", \"num\": \"11.\", \"text\": \"Records available for inspection 11. Where documents, records or information are required by any statutory provision, rule of law, contract or deed to be made available for inspection, that requirement shall be met by making such documents, records or information available for inspection in perceivable form as an electronic record.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_12\", \"num\": \"12.\", \"text\": \"Admissibility of electronic records 12. In proceedings in a court, tribunal or arbitration, whether of a legal, judicial, quasijudicial or administrative nature, the admissibility of an electronic record or an electronic signature in evidence shall not be denied solely on the grounds that it is an electronic record or an electronic signature. Part III - Formation and Validity of Contracts\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_13\", \"num\": \"13.\", \"text\": \"Formation and validity of contracts 13. (1) In the context of the formation of a contract \u2014 Electronic Transactions Law (a) an offer; (b) subject to any condition included in the offer (notwithstanding section 4), the acceptance of an offer; and (c) the method of payment of any consideration payable, may be expressed by an electronic record. (2) As between the originator and the addressee of an electronic record, a declaration of intention or other statement shall not be denied legal effect or validity solely on the ground that it is in the form of an electronic record. Part IV - Communication of Electronic Records\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_14\", \"num\": \"14.\", \"text\": \"Attribution of electronic records 14. (1) An electronic record is that of an originator if it was sent by the originator himself. (2) As between the originator and the addressee, an electronic record shall be attributable to the originator if it was sent \u2014 (a) by a person who had been authorised by the originator to send the electronic record on his behalf; or (b) by the originator\u2019s electronic agent. (3) As between the originator and the addressee, an addressee shall be entitled to attribute an electronic record to the originator, and to act on that assumption, if \u2014 (a) in order to ascertain whether the electronic record was that of the originator, the addressee properly applied a procedure previously agreed to by the originator for that purpose; or (b) the electronic record as received by the addressee resulted from the actions of a person whose relationship with the originator, or with any agent of the originator, enabled that person to gain access to a method used by the originator to identify electronic records as his own. (4) Subsection (3) does not apply \u2014 (a) as of the time when the addressee has both received notice from the originator that the electronic record is not that of the originator, and had reasonable time to act accordingly; or (b) in a case to which subsection (3)(b) applies, at any time when the addressee knew or should have known, had he exercised reasonable care or used any agreed procedure, that the electronic record was not that of the originator. Electronic Transactions Law (5) The addressee shall be entitled to regard each electronic record received as a separate electronic record and to act on that assumption, except to the extent that it duplicates another electronic record and the addressee knew or should have known, had he exercised reasonable care or used any agreed procedure, that the electronic record was a duplicate.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_15\", \"num\": \"15.\", \"text\": \"Effect of change or error 15. If a change or error occurs in the transmission of an electronic record \u2014 (a) if the originator and the addressee have agreed to use an information security procedure in respect of the electronic record and one of them has conformed to the procedure, but the other has not, and the nonconforming person would have detected the change or error had he also conformed, the conforming person may avoid the effect of the changed or erroneous electronic record; (b) if an individual is either the originator or the addressee of an electronic record, he may avoid the effect of the electronic record if the error was made by the individual in dealing with the electronic agent of another person if the electronic agent did not provide an opportunity for the prevention or correction of the error and, at the time the individual learns of the error, the individual \u2014 (i) promptly notifies the other person of the error and that he did not intend to be bound by the electronic record received by the other person; (ii) takes reasonable steps, including steps that conform to the other person\u2019s reasonable instructions, to return to the other person or, if instructed by the other person, to destroy the consideration received, if any, as a result of the erroneous electronic record; and (iii) has not used or received any benefit or value from the consideration, if any, received from the other person; and (c) if neither paragraph (a) nor paragraph (b) applies, the change or error shall have the effect provided by any other law and any contract between the originator and the addressee.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_16\", \"num\": \"16.\", \"text\": \"Acknowledgement of receipt of electronic records 16. (1) Subsections (2), (3) and (4) apply where, on or before sending an electronic record, or by means of that electronic record, the originator has requested, or agreed with, the addressee that receipt of the electronic record be acknowledged by the addressee. (2) Where the originator has not agreed with the addressee that the acknowledgement be given in a particular form or by a particular method, an acknowledgement may be given by \u2014 Electronic Transactions Law (a) a communication by the addressee to the originator, automated or otherwise; or (b) conduct of the addressee, that is reasonably sufficient to indicate to the originator that the electronic record has been received. (3) Where the originator has stated that an electronic record is conditional on receipt by him of an acknowledgement, the electronic record shall be presumed not to have been sent until an acknowledgment has been received by him. (4) Where the originator has not stated that the electronic record is conditional on receipt of the acknowledgement and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time, the originator \u2014 (a) may give notice to the addressee \u2014 (i) stating that no acknowledgement has been received and that the electronic record is to be treated as though it had never been sent; or (ii) specifying a reasonable time by which the acknowledgement must be received; and (b) if the acknowledgement is not received within the time specified in paragraph (a), may, upon notice to the addressee \u2014 (i) treat the electronic record as though it had never been sent; and (ii) exercise any other rights the originator may have. (5) Where the originator receives the addressee\u2019s acknowledgement of receipt it may be presumed that the related electronic record has been received by the addressee but that presumption shall not imply that the electronic record received corresponds to the electronic record as sent. (6) Where the addressee\u2019s received acknowledgment states that the related electronic record met technical requirements that the originator and the addressee have agreed should be met, it shall be presumed that the requirements have been met. (7) Except insofar as it relates to the sending or receipt of an electronic record, this section shall not affect the legal or equitable consequences that may flow either from that electronic record or from the acknowledgement of its receipt.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_17\", \"num\": \"17.\", \"text\": \"Time and place of sending and receipt of electronic records 17. (1) An electronic record which is transmitted by electronic means is sent at the time when it enters an information processing system outside the control of the originator, his agent, his electronic agent, or his agent\u2019s electronic agent. (2) An electronic record which is transmitted by electronic means is received \u2014 Electronic Transactions Law (a) in the case where the addressee has designated an information processing system for the purpose of receiving an electronic record \u2014 (i) at the time when the electronic record enters the designated information processing system; or (ii) if the electronic record is sent to an information processing system of the addressee that is not the designated information processing system, at the time when the electronic record is retrieved by the addressee; or (b) in the case where the addressee has not designated an information processing system, at the time when the electronic record enters an information processing system of the addressee or is otherwise retrieved by the addressee. (3) Subsection (2) applies notwithstanding that the place where the information processing system is located may be different from the place where the electronic record is deemed to be received under subsection (4). (4) Subject to subsection (6), an electronic record shall be deemed to have been sent at the place where the originator or his agent has his place of business, and shall be deemed to have been received at the place where the addressee or his agent has his place of business. (5) For the purposes of subsection (4), if the originator or the addressee has more than one place of business, his place of business is \u2014 (a) that place of business which has the closest relationship to the transaction to which the electronic record relates; or (b) where there is no transaction to which the electronic record relates \u2014 (i) if he is a body corporate or a registered partnership, his registered office; or (ii) in any other case, his principal place of business. (6) Where the originator or the addressee of an electronic record does not have a place of business, or the electronic record does not relate to the originator\u2019s business, the electronic record shall be deemed to have been sent or received \u2014 (a) if it is a company, whether established in the Islands or in any other jurisdiction, at its registered office; or (b) in any other case, at the place where he ordinarily resides. Electronic Transactions Law Part V - Electronic Signatures\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_18\", \"num\": \"18.\", \"text\": \"Equal treatment of signatures 18. Except as provided in section 19, this law shall not be applied so as to exclude, restrict or deprive of legal effect, any method of creating an electronic signature which \u2014 (a) satisfies the requirements of section 19(1); or (b) otherwise meets the requirements of an applicable statutory provision, rule of law, contract or deed.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_19\", \"num\": \"19.\", \"text\": \"Compliance with a requirement for a signature 19. (1) Where the signature of a person is required by a statutory provision, rule of law, contract or deed, that requirement shall be met in relation to an electronic record if an electronic signature is used that is as reliable as was appropriate for the purpose for which the electronic record was generated or communicated, in all the circumstances, including any relevant agreements. (2) Subsection (1) applies whether the requirement for a signature is in the form of an obligation or the statutory provision, rule of law, contract or deed provides consequences for the absence of a signature. (3) An electronic signature shall be reliable for the purpose of satisfying the requirement referred to in paragraph (1) if \u2014 (a) the means of creating the electronic signature is, within the context in which it is used, linked to the signatory and to no other person; (b) the means of creating the electronic signature was, at the time of signing, under the control of the signatory and of no other person; (c) any alteration to the electronic signature, made after the time of signing, is detectable; and (d) where a purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable. (4) Subsection (3) does not limit the ability of any person \u2014 (a) to establish in any other way, for the purpose of satisfying the requirement referred to in subsection (1), the reliability of an electronic signature; or (b) to adduce evidence of the non-reliability of an electronic signature.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_20\", \"num\": \"20.\", \"text\": \"Determination of standards 20. The Governor may make regulations prescribing methods which satisfy the requirements of section 19. Electronic Transactions Law\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_21\", \"num\": \"21.\", \"text\": \"Conduct of a person relying on an electronic signature 21. A person relying on an electronic signature shall bear the legal consequences of his failure to \u2014 (a) take reasonable steps to verify the reliability of an electronic signature; or (b) where an electronic signature is supported by a certificate, take reasonable steps to \u2014 (i) verify the validity, suspension or revocation of the certificate; or (ii) observe any limitation with respect to the certificate.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_22\", \"num\": \"22.\", \"text\": \"Recognition of foreign certificates and electronic signatures 22. (1) In determining whether, or the extent to which, a certificate or an electronic signature is legally effective, no regard shall be had to the place where the certificate or the electronic signature was issued, nor to the jurisdiction in which the issuer had its place of business. (2) If the Minister, on the recommendation of the Authority, considers that the practices of a foreign information security service provider provide a level of reliability at least equivalent to that required of information security service providers in order that they may be approved under section 25, he may, by notice published in the Gazette, recognise certificates or classes of certificates issued by the foreign provider as legally equivalent to certificates issued by information security service providers approved under section 25. (3) The Minister may, by notice published in the Gazette, recognise signatures complying with the laws of a foreign jurisdiction relating to electronic signatures as legally equivalent to signatures issued by information security service providers approved under section 25 if the laws of the other foreign jurisdiction require a level of reliability at least equivalent to that required for such signatures under this Law. (4) The Governor may make regulations prescribing the matters to be taken into account by the Minister when deciding whether to exercise his powers under subsections (2) and (3). (5) Notwithstanding subsections (2) and (3), parties to commercial and other transactions may specify that a particular information security service provider, class of information security service providers or class of certificates shall be used in connection with messages or signatures submitted to them. (6) Where, notwithstanding subsections (2) and (3), the parties to a transaction agree to the use of particular types of electronic signatures and certificates, that agreement shall be recognised as sufficient for the purpose of cross-border recognition in respect of that transaction. Electronic Transactions Law\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_23\", \"num\": \"23.\", \"text\": \"Notarisation and acknowledgment 23. Where information or a signature, document or record is required by a statutory provision, rule of law, contract or deed to be notarised, acknowledged, verified or made under oath, the requirement shall be satisfied if, in relation to an electronic signature, electronic document or electronic record, the electronic signature of the person authorised to perform those acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the electronic signature, electronic document or electronic record. Part VI - Information Security Service Providers\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_24\", \"num\": \"24.\", \"text\": \"Register of approved providers 24. (1) The Minister may require the Authority to establish and maintain a register of approved information security services, and of providers of such services, which shall contain particulars of every person who, or service which, is for the time being approved under any arrangements in force under section 25. (2) The Governor, on the recommendation of the Authority may make regulations prescribing the particulars that are to be included in entries in the register maintained under subsection (1). (3) The Authority shall \u2014 (a) allow public inspection, at all times, of an electronic copy of the register; and (b) publicise any withdrawal or modification of an approval under section 25, in accordance with arrangements prescribed by the Governor in regulations.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_25\", \"num\": \"25.\", \"text\": \"Arrangements for the grant of approvals 25. The Governor may make regulations enabling the Authority to grant approvals, whether subject to conditions or otherwise, on payment of a prescribed fee, to persons who \u2014 (a) are providing information security services in the Islands or are proposing to do so; and (b) seek approval in respect of any such services that they are providing, or are proposing to provide, whether in the Islands or elsewhere.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_26\", \"num\": \"26.\", \"text\": \"Restrictions on disclosure of information 26. (1) Subject to subsection (2), information which \u2014 (a) has been obtained under or by virtue of this Part; and Electronic Transactions Law (b) relates to the private affairs of any individual or to any particular business, shall be deemed to be confidential information for the purposes of the Confidential Relationships (Preservation) Law (1995 Revision). (2) Section 5 of the Confidential Relationships (Preservation) Law (1995 Revision) does not apply to any disclosure of information which is made \u2014 (a) for the purpose of facilitating the carrying out of any functions under this Part, or any prescribed functions, of the Minister or the Authority; (b) for the purpose of facilitating the carrying out of prescribed functions of any prescribed person; (c) in connection with the investigation by the police of a criminal offence or for the purposes of any criminal proceedings; or (d) for the purposes of any civil proceedings which \u2014 (i) relate to the provision of information security services; and (ii) are proceedings to which a person approved in accordance with arrangements under section 24 is a party. (3) If information is disclosed to the public in circumstances in which the disclosure does not contravene the Confidential Relationships (Preservation) Law (1995 Revision), that law shall not prevent its further disclosure by any person.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_27\", \"num\": \"27.\", \"text\": \"Provision of information security services. 27. (1) References in this Part to the provision of an information security service do not include references to the supply of, or of any right to use, computer software or computer hardware unless the supply or the right to use is integral to the provision of information security services which do not consist of such a supply or right to use. (2) For the purposes of this Part, information security services are provided in the Islands if they are provided from premises in the Islands and \u2014 (a) they are provided to a person who is in the Islands when he makes use of the services; or (b) they are provided to a person who makes use of the services for the purposes of a business carried on in the Islands or from premises in the Islands.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_28\", \"num\": \"28.\", \"text\": \"Conduct of the information security service provider 28. (1) An information security service provider shall \u2014 (a) act in accordance with the representations it makes with respect to its policies and practices; Electronic Transactions Law (b) exercise reasonable care to ensure the accuracy and completeness of all material representations made by it \u2014 (i) that are relevant to the certificate throughout its life cycle; or (ii) which are included in the certificate; (c) provide reasonably accessible means which enable a person who relies on the certificate to ascertain from the certificate \u2014 (i) the identity of the information security service provider; (ii) that the person who is identified in the certificate had control of the signature device at the time of signing; (iii) that the signature device was operational on or before the date when the certificate was issued; (d) provide reasonably accessible means which enable a person who relies on the certificate to ascertain, where relevant, from the certificate or otherwise \u2014 (i) the method used to identify the signature device holder; (ii) any limitation on the purpose or value for which the signature device or the certificate may be used; (iii) that the signature device is operational and has not been compromised; (iv) any limitation on the scope or extent of liability stipulated by the information security service provider; (v) whether means exist for the signature device holder to give notice that a signature device has been compromised; and (vi) whether a timely revocation service is offered; (e) provide a means for a signature device holder to give notice that a signature device has been compromised and ensure the availability of a timely revocation service; and (f) utilise trustworthy systems, procedures and human resources in performing its services. (2) An information security service provider shall be liable for its failure to satisfy the requirements of subsection (1)\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_29\", \"num\": \"29.\", \"text\": \"Criteria for determining trustworthiness 29. The Governor, on the recommendation of the Authority, may make regulations prescribing the factors to which regard shall be had in determining whether, and the extent to which, systems, procedures and human resources are trustworthy for the purposes of section 28(1)(f). Electronic Transactions Law\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_30\", \"num\": \"30.\", \"text\": \"Contents of a certificate 30. The Governor, on the recommendation of the Authority, may make regulations prescribing the matters that shall be specified in a certificate.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_31\", \"num\": \"31.\", \"text\": \"Conduct of the signature device holder 31. A signature device holder shall \u2014 (a) exercise reasonable care to avoid unauthorised use of its signature device; (b) without undue delay, notify any person who may reasonably be expected by the signature device holder to rely on or to provide services in support of the electronic signature if \u2014 (i) the signature device holder knows that the signature device has been compromised; or (ii) the circumstances known to the signature device holder give rise to a substantial risk that the signature device may have been compromised; and (c) where a certificate is used to support the electronic signature, exercise reasonable care to ensure the accuracy and completeness of all material representations made by the signature device holder, which are relevant to the certificate throughout its life-cycle, or which are to be included in the certificate. Part VII - Intermediaries and E-commerce Service Providers\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_32\", \"num\": \"32.\", \"text\": \"Liability of e-commerce service providers 32. (1) In proceedings against an intermediary or e-commerce service provider for a offence consisting of or arising out of the processing of an electronic record by means of his system, it shall be a defence for him to show that he was not the originator of the record and either \u2014 (a) that he did not know, and had no reasonable cause to suspect that, the processing of the record would (apart from this subsection) constitute or give rise to that offence; or (b) as soon as reasonably practicable after he knew or had reasonable cause to suspect that the processing of the record would (apart from this subsection) constitute or give rise to that offence that \u2014 (i) he took such steps as were reasonable to prevent such processing by means of his system; and (ii) he notified a constable of any relevant facts in his possession. Electronic Transactions Law (2) An intermediary or e-commerce service provider shall not be subject to any civil liability in respect of an electronic record which is processed by means of his system if he was not the originator of the record and \u2014 (a) he did not know and had no reasonable cause to suspect that the processing of it would (apart from this subsection) give rise to that liability; or (b) as soon as reasonably practicable after he knew or had reasonable cause to suspect that the processing of the record would (apart from this subsection) give rise to that liability, he took such steps as were reasonable to prevent such processing by means of his system. (3) An intermediary or e-commerce service provider shall not be subject to any civil liability for any action he takes in good faith under subsection (1)(b) or (2)(b). (4) An intermediary or e-commerce service provider shall not be required to monitor any electronic record processed by means of his system in order to ascertain whether its processing would (apart from this section) constitute or give rise to an offence or give rise to civil liability. (5) Except as provided by subsection (3), nothing in this section shall relieve an intermediary or e-commerce service provider from \u2014 (a) any obligation to comply with an order or direction of a court or other competent authority; or (b) any contractual obligation. Part VIII - Data Protection\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_33\", \"num\": \"33.\", \"text\": \"Data protection 33. (1) The Governor, on the recommendation of the Authority, may make regulations prescribing standards for the processing of personal data, whether or not the personal data originates inside the Islands. (2) Regulations made under subsection (1) may provide for \u2014 (a) the protection of privacy; (b) the voluntary registration and de-registration to those standards by data controllers and data processors; (c) the establishment by the Authority of a register that is available for public inspection showing particulars of data controllers and data processors who have registered or de-registered to those standards and the dates of such registration or de-registration, and the countries in respect of which the registration or de-registration applies; Electronic Transactions Law (d) the application of those standards to the countries specified in the regulations; (e) different standards to be applied in respect of personal data originating from different countries; and (f) such matters as may be necessary or convenient for giving effect to this Part or for its administration. (3) A data controller or data processor who voluntarily registers to a standard prescribed in regulations made under subsection (1) and who fails to comply with that standard, as it may be amended from time to time, in respect of any personal data originating from a country to which the standard applies that is collected by the data controller during the period of registration, including any time after de-registration is guilty of an offence and liable on summary conviction to a fine of fifty thousand dollars and to imprisonment for six months, and if the offence of which he is convicted is continued after conviction he commits a further offence and liable to a fine of five thousand dollars for every day on which the offence is so continued.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_34\", \"num\": \"34.\", \"text\": \"Pseudonyms 34. (1) Information security service providers may, at the request of a particular signature device holder, indicate in the relevant certificate a pseudonym instead of the signature device holder\u2019s name. (2) Where a pseudonym is indicated under subsection (1), the information security service provider shall, where necessary for the investigation by the police of an offence involving the use of electronic signatures, or where otherwise required by law to do so, transfer to a constable all personal data relating to the signature device holder that is in his possession. (3) Where personal data is transferred under subsection (2), the information security service provider shall make a record of the transfer. (4) The Governor may, by regulations, prescribe information that is to be provided in addition to the personal data that is to be transferred under subsection (2). Part IX - Miscellaneous\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_35\", \"num\": \"35.\", \"text\": \"Code of practice 35. (1) The Governor, on the recommendation of the Authority, may, by regulations, establish standards or conduct requirements with which e-commerce service providers or intermediaries carrying on business in or from within the Islands must comply. (2) A standard established by regulations made under subsection (1) may relate to one or more of the following matters \u2014 Electronic Transactions Law (a) the types of services that are permitted to be provided by intermediaries; (b) the types of customers to whom services may be provided by intermediaries; (c) the types of information permitted to be contained in an electronic record for which services are provided by intermediaries; (d) the contractual application of relevant codes of conduct or standards to customers of intermediaries and e-commerce service providers; (e) the information to be disclosed by intermediaries and e-commerce service providers including the name, address, e-mail address and contact and registration details; (f) the actions to be taken in the event of customers of intermediaries or ecommerce service providers sending bulk, unsolicited electronic records; (g) the practical application of the relevant laws of the Islands to intermediaries and e-commerce service providers; (h) procedures for dealing with complaints; (i) procedures for dispute resolution, including dispute resolution by electronic means; and (j) such other matters as the Governor may require. (3) Regulations made under subsection (1) shall provide \u2014 (a) that an intermediary or e-commerce service provider who fails to comply with a standard prescribed in the regulations shall in the first instance be given a written warning by the Authority; (b) that the Authority may direct that person to cease or correct his practices; and (c) that if that person fails to do so within such period as may be stated in the direction, he commits an offence and is liable to such penalties as may be prescribed. (4) If the Authority is satisfied that a person, body or organisation represents intermediaries or e-commerce service providers carrying on business in the Islands, the Authority may, by notice given to the person, body or organisation, request that person, body or organisation to \u2014 (a) develop standards or conduct requirements that apply to intermediaries or e-commerce service providers and that deal with one or more specified matters relating to the provision of services by those intermediaries or ecommerce service providers; and (b) provide details relating to those standards or conduct requirements to the Authority within such time as may be specified in the request. (5) If the Minister, on the recommendation of the Authority, is satisfied with the standards and conduct requirements provided under subsection (4), he shall Electronic Transactions Law approve such standards and conduct requirements by notice published in the Gazette, and thereupon such standards and conduct requirements shall apply to such intermediaries or e-commerce service providers as may be specified in the notice. (6) If the Minister has approved any standard or conduct requirement that applies to intermediaries or e-commerce service providers, and \u2014 (a) he receives notice from a person, body or organisation representing intermediaries or e-commerce service providers or proposals to amend the standard or conduct requirement; or (b) he no longer considers that the standard or conduct requirement is appropriate, he may, by notice published in the Gazette, revoke or amend any existing standard or conduct requirement. (7) References in this section to intermediaries and e-commerce service providers include references to a particular class of intermediaries or to a particular class of e-commerce service providers.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_36\", \"num\": \"36.\", \"text\": \"Offences by bodies corporate 36. (1) Where an offence under this Law, which has been committed by a body corporate, is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of, any director, manager, secretary or other similar officer of the body corporate, or any person who was purporting to act in any such capacity, he, as well as the body corporate, is guilty of that offence and liable to be proceeded against and punished accordingly. (2) Where the affairs of a body corporate are managed by its members, subsection (1) shall apply in relation to the acts and defaults of a member in connection with his functions of management as if he were a director of the body corporate.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_37\", \"num\": \"37.\", \"text\": \"Regulations 37. (1) Without derogating from the powers to make regulations conferred elsewhere in this Law, the Governor may make regulations \u2014 (a) prescribing matters required or permitted by this Law to be prescribed; (b) authorising or facilitating \u2014 (i) the investigation of; or (ii) the bringing of criminal proceedings in respect of the processing of electronic records that may be, or is, an offence under this or any other Law; or (c) for carrying the purpose and provisions of this Law into effect. Electronic Transactions Law (2) Regulations made under this Law may provide that the contravention of any provision constitutes an offence and may prescribe penalties for any such offence not exceeding the maximum fine and term of imprisonment prescribed in this Law for any offence under this Law.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_38\", \"num\": \"38.\", \"text\": \"Prohibition on key escrow requirements 38. (1) Nothing in this Law shall confer a power on the Governor, or a minister or official member or the Authority \u2014 (a) by conditions of an approval under Part VI, or (b) by any regulations under this Law, to impose a requirement on any person to deposit a key for electronic records with another person. (2) In this section \u2014 \u201ckey\u201d, in relation to electronic records, means any code, password, algorithm or other data the use of which (with or without other keys) \u2014 (a) allows access to the electronic record; or (b) facilitates the putting of the electronic record into an intelligible form, and references in this section to depositing a key for electronic records with a person include references to doing anything that has the effect of making the key available to that person.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_39\", \"num\": \"39.\", \"text\": \"Appointment of e-Business Advisory Board 39. (1) The Governor shall appoint a Board, to be known as the e-Business Advisory Board. (2) The Board shall advise the Governor and the Minister \u2014 (a) on the discharge of their functions under this Law; (b) on any matter connected with the functions referred to in paragraph (a); (c) on any matter connected with the administration of this Law; and (d) on any matter referred to it by the Governor or the Minister that is connected or relates to the matters dealt with by this Law. (3) The members of the Board shall hold office at the pleasure of the Governor. (4) The Board shall consist of not less than seven nor more than ten persons appearing to the Governor to be knowledgeable about electronic business. (5) The Board shall, at their first meeting, and at the first meeting in every calendar year thereafter, appoint one of their number to be the chairman of the Board until the date of the first meeting of the Board in the following calendar year. (6) The Board shall determine its own procedure. Electronic Transactions Law Publication in consolidated and revised form authorised by the Governor in Council this 10th day of June, 2003. Carmena Watler Clerk of Executive Council\", \"element\": \"section\", \"heading\": null}], \"meta\": {\"notes\": null, \"workflow\": null, \"lifecycle\": {\"source\": \"#cilegis\", \"eventRef\": [{\"eId\": \"e_commence_2003_01_01\", \"date\": \"2003-01-01\", \"type\": \"generation\", \"source\": \"#cilegis\"}]}, \"references\": {\"source\": \"#canary\", \"TLCRole\": [], \"TLCEvent\": [{\"eId\": \"ev_commencement\", \"href\": \"\/akn\/ontology\/canary\/event\/commencement\", \"showAs\": \"commencement\"}], \"TLCPerson\": [], \"TLCConcept\": [{\"eId\": \"inForce\", \"href\": \"\/akn\/ontology\/canary\/concept\/temporal\/in-force\", \"showAs\": \"in force\"}], \"TLCProcess\": [], \"TLCLocation\": [], \"TLCOrganization\": [{\"eId\": \"cilegis\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\", \"showAs\": \"Cayman Islands legislation mirror (kyleg)\"}]}, \"temporalData\": {\"source\": \"#cilegis\", \"temporalGroup\": [{\"eId\": \"tg_inforce_2003_01_01\", \"timeInterval\": [{\"end\": null, \"start\": \"#e_commence_2003_01_01\", \"duration\": null, \"refersTo\": \"#inForce\"}]}]}, \"classification\": null, \"identification\": {\"source\": \"#cilegis\", \"FRBRWork\": {\"FRBRuri\": \"\/akn\/ky\/act\/2000\/7\", \"FRBRdate\": [{\"date\": \"2003-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/2000\/7\/!main\", \"FRBRalias\": [{\"name\": \"cmsId\", \"value\": \"2000-0007\"}], \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRnumber\": \"7 of 2000\", \"FRBRcountry\": \"ky\", \"FRBRsubtype\": \"principal\"}, \"FRBRExpression\": {\"FRBRuri\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01\", \"FRBRdate\": [{\"date\": \"2003-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01\/!main\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRlanguage\": \"eng\"}, \"FRBRManifestation\": {\"FRBRuri\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01.xml\", \"FRBRdate\": [{\"date\": \"2026-06-22\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/2000\/7\/eng@2003-01-01.xml\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRformat\": \"application\/xml\"}}}, \"name\": \"act\", \"header\": {\"title\": \"Electronic Transactions Act\", \"actNumber\": \"7 of 2000\", \"longTitle\": null}}, \"doc\": null, \"bill\": null, \"judgment\": null}}","akn_full_text":"CAYMAN ISLANDS\n\nELECTRONIC TRANSACTIONS LAW\n\n(2003 Revision)\nSupplement No. 2 published with Gazette No. 15 of 28th July, 2003.\n\nPage 2\nRevised as at 10th day of June, 2003\nc\n\nPUBLISHING DETAILS\nLaw 7 of 2000 consolidated with Law 4 of 2002 (part).\nRevised under the authority of the Law Revision Law (1999 Revision).\nOriginally enacted \u2013\nLaw 7 of 2000-20th July, 2000\nLaw 4 of 2002-18th March, 2002\nConsolidated and revised this 10th day of June, 2003.\n\nElectronic Transactions Law\nArrangement of Sections\n\nc\nRevised as at 10th day of June, 2003\nPage 3\n\nCAYMAN ISLANDS\n\nELECTRONIC TRANSACTIONS LAW\n(2003 Revision)\nArrangement of Sections\nSection\nPage\nPART 1 \u2013 Introductory\n1.\nShort title ...................................................................................................................................5\n2.\nDefinitions ..................................................................................................................................5\n3.\nExclusions .................................................................................................................................7\n4.\nVariation by agreement ..............................................................................................................8\n5.\nCrown to be bound ....................................................................................................................8\nPart II - Legal Requirements Respecting Electronic Records\n6.\nLegal recognition of electronic record ........................................................................................8\n7.\nWriting .......................................................................................................................................8\n8.\nDelivery .....................................................................................................................................8\n9.\nOriginal form ..............................................................................................................................9\n10.\nRetention of records ................................................................................................................ 10\n11.\nRecords available for inspection .............................................................................................. 10\n12.\nAdmissibility of electronic records ............................................................................................ 10\nPart III - Formation and Validity of Contracts\n13.\nFormation and validity of contracts ........................................................................................... 10\nPart IV - Communication of Electronic Records\n14.\nAttribution of electronic records ................................................................................................ 11\n15.\nEffect of change or error .......................................................................................................... 12\n\nArrangement of Sections\nElectronic Transactions Law\n\nPage 4\nRevised as at 10th day of June, 2003\nc\n\n16.\nAcknowledgement of receipt of electronic records ................................................................... 12\n17.\nTime and place of sending and receipt of electronic records .................................................... 13\nPart V - Electronic Signatures\n18.\nEqual treatment of signatures .................................................................................................. 15\n19.\nCompliance with a requirement for a signature ........................................................................ 15\n20.\nDetermination of standards ...................................................................................................... 15\n21.\nConduct of a person relying on an electronic signature ............................................................ 16\n22.\nRecognition of foreign certificates and electronic signatures .................................................... 16\n23.\nNotarisation and acknowledgment ........................................................................................... 17\nPart VI - Information Security Service Providers\n24.\nRegister of approved providers ................................................................................................ 17\n25.\nArrangements for the grant of approvals .................................................................................. 17\n26.\nRestrictions on disclosure of information .................................................................................. 17\n27.\nProvision of information security services. ............................................................................... 18\n28.\nConduct of the information security service provider ................................................................ 18\n29.\nCriteria for determining trustworthiness .................................................................................... 19\n30.\nContents of a certificate ........................................................................................................... 20\n31.\nConduct of the signature device holder .................................................................................... 20\nPart VII - Intermediaries and E-commerce Service Providers\n32.\nLiability of e-commerce service providers ................................................................................ 20\nPart VIII - Data Protection\n33.\nData protection ........................................................................................................................ 21\n34.\nPseudonyms ............................................................................................................................ 22\nPart IX - Miscellaneous\n35.\nCode of practice ...................................................................................................................... 22\n36.\nOffences by bodies corporate .................................................................................................. 24\n37.\nRegulations ............................................................................................................................. 24\n38.\nProhibition on key escrow requirements .................................................................................. 25\n39.\nAppointment of e-Business Advisory Board ............................................................................. 25\n\nElectronic Transactions Law\nSection 1\n\nc\nRevised as at 10th day of June, 2003\nPage 5\n\nCAYMAN ISLANDS\n\nELECTRONIC TRANSACTIONS LAW\n(2003 Revision)\nENACTED by the Legislature of the Cayman Islands.\nPART 1 \u2013 Introductory\n1.\nShort title\n1.\nThis Law may be cited as the Electronic Transactions Law (2003 Revision).\n2.\nDefinitions\n2.\nIn this Law \u2014\n\u201caddressee\u201d, in relation to an electronic record, means a person who is\nintended by the originator to receive the electronic record, but does not include\na person acting as an intermediary with respect to that electronic record;\n\u201cAuthority\u201d means the Information and Communications Technology (ICT)\nAuthority established by section 3 of the Information and Communications\nTechnology Law, 2001 [Law 4 of 2002];\n\u201cBoard\u201d means the e-Business Advisory Board appointed under section 39;\n\u201ccertificate\u201d means an electronic record which purports to ascertain the\nidentity of a person or entity who, at the time of creation of that record,\ncontrols a particular signature device;\n\u201cdata controller\u201d means a person who, either alone or jointly or in common\nwith other persons, determines the purposes for which and the manner in\n\nSection 2\nElectronic Transactions Law\n\nPage 6\nRevised as at 10th day of June, 2003\nc\n\nwhich any personal data is, or is to be, stored, altered, transmitted, distributed\nor otherwise processed;\n\u201cdata processor\u201d means a person who processes personal data on behalf of a\ndata controller;\n\u201cdeliver\u201d includes give, serve and file;\n\u201ce-commerce service provider\u201d means a person who uses electronic means in\nproviding real or personal property, services or information;\n\u201celectronic\u201d means relating to technology having electrical, magnetic, optical,\nelectromagnetic, or similar capabilities, whether digital, analogue or\notherwise;\n\u201celectronic agent\u201d means a program, or other electronic or automated means,\nconfigured and enabled by a person, that is used to initiate or respond to an\nelectronic record or event in whole or in part, without review by an individual;\n\u201celectronic record\u201d means a record processed and maintained by electronic\nmeans;\n\u201celectronic signature\u201d means an electronic sound, symbol or process attached\nto or logically associated with an electronic record and executed or adopted by\na person with the intent to sign the electronic record;\n\u201cGovernor\u201d, except in the definition \u201cministry or portfolio\u201d, means\nGovernor in Council;\n\u201cinformation\u201d includes data, text, images, sounds, codes, computer\nprogrammes, software and databases;\n\u201cinformation processing system\u201d means an electronic system for processing\ninformation;\n\u201cinformation security service\u201d and \u201cinformation security procedure\u201d\nincludes a service or procedure which is provided to an originator,\nintermediary or recipient of an electronic record, and which is designed to \u2014\n(a)\nsecure that that record can be accessed, or can be put into an intelligible\nform, only by certain persons; or\n(b) secure that \u2014\n(i)\nthe authenticity;\n(ii) the time of processing; or\n(iii) the integrity,\nof such a record is capable of being ascertained;\n\u201cintermediary\u201d, with respect to an electronic record, means a person who\nprocesses that electronic record for another person;\n\u201cMinister\u201d means the minister for the time being responsible for commerce;\n\nElectronic Transactions Law\nSection 3\n\nc\nRevised as at 10th day of June, 2003\nPage 7\n\n\u201cministry or portfolio\u201d includes the office of the Governor, the office of the\nAuditor-General and the courts\u2019 administrative service;\n\u201coriginator\u201d, in relation to an electronic record, means a person who \u2014\n(a)\nsends an electronic record;\n(b) instructs another to send an electronic record on his behalf; or\n(c)\nhas an electronic record sent by his electronic agent,\nbut does not include \u2014\n(i)\na person who sends an electronic record on the instructions of\nanother; or\n(ii) a person acting as an intermediary with respect to that electronic\nrecord;\n\u201cpersonal data\u201d means data which relate to a person who can be identified \u2014\n(a)\nfrom those data; or\n(b) from those data and other information which is in the possession of, or is\nlikely to come into the possession of, the data controller,\nand includes any expression of opinion about that person and any indication of\nthe intentions of the data controller or any other person in respect of that\nperson;\n\u201cprescribed\u201d means prescribed in regulations made by the Governor;\n\u201cprocess\u201d, in relation to an electronic record, means create, generate, send,\ntransmit, receive, store, communicate, modify or display the record;\n\u201crecord\u201d means information that is inscribed, stored or otherwise maintained\non a tangible medium or that is stored in an electronic or any other medium\nand is accessible in a perceivable form;\n\u201csignature device\u201d means unique data or a uniquely configured physical\ndevice, which is used by the signatory for the purposes of creating an\nelectronic signature; and\n\u201ctransaction\u201d means a transaction whether or not for consideration and\nwhether or not of a commercial nature.\n3.\nExclusions\n3.\n(1) This Law shall not apply to any rule of law requiring writing or signatures for\nthe creation, execution, variation or revocation of a will or other testamentary\ninstrument.\n(2) The Governor may provide, by regulations subject to affirmative resolution,\nthat this Law, or such of its provisions as may be specified in the regulations,\nshall not apply to any class of transactions, persons, matters or things.\n\nSection 4\nElectronic Transactions Law\n\nPage 8\nRevised as at 10th day of June, 2003\nc\n\n4.\nVariation by agreement\n4.\nThe provisions of Part II, so far as they relate to a contract or deed, (except\nsection 15(b) and (c) and Parts III, IV and V (except sections 20 and 22(2) to (6)\nmay be varied or excluded by agreement.\n5.\nCrown to be bound\n5.\n(1) This Law binds the Crown.\n(2) Notwithstanding subsection (1), nothing in this Law shall require a ministry or\nportfolio to process an electronic record, but either the Minister or the\nappropriate minister or official member may, by notice published in the\nGazette, indicate that a ministry or portfolio will process electronic records\nrelating to such matters as may be specified in the notice.\n(3) Until a notice under subsection (2) is published, no person dealing with such\nministry or portfolio shall be entitled, by means of an electronic record, to\nsatisfy a requirement to process a record.\nPart II - Legal Requirements Respecting Electronic Records\n6.\nLegal recognition of electronic record\n6.\nInformation shall not be denied legal effect or validity solely on the ground that\nit is \u2014\n(a)\nin the form of an electronic record; or\n(b) referred to but not contained in an electronic record.\n7.\nWriting\n7.\n(1) Where a document, record or information is required or permitted by any\nstatutory provision, rule of law, contract or deed to be in writing, or is\ndescribed in any statutory provision or contract as being written, that\nrequirement, permission or description may be met by information in the form\nof an electronic record.\n(2) Subsection (1) shall apply if the requirement for the document, record or\ninformation to be in writing is in the form of an obligation or if the statutory\nprovision, rule of law, contract or deed provides consequences if it is not in\nwriting.\n8.\nDelivery\n8.\n(1) Where a document, record or information is required or permitted by any\nstatutory provision, rule of law, contract or deed to be delivered or sent to a\nperson, that requirement or permission may be met by delivery of it in the\nform of an electronic record if \u2014\n\nElectronic Transactions Law\nSection 9\n\nc\nRevised as at 10th day of June, 2003\nPage 9\n\n(a)\nthe format of the electronic record and the means of delivery is\nacceptable to the parties; and\n(b) where the originator of the electronic record states that the receipt of the\nelectronic record is to be acknowledged, the addressee has knowingly\nacknowledged the receipt.\n(2) Subsection (1) applies whether or not the requirement for delivery or sending\nis in the form of an obligation or whether or not the statutory provision, rule of\nlaw, contract or deed provides consequences for the document, record or\ninformation not being delivered or sent.\n9.\nOriginal form\n9.\n(1)\n(a)\nWhere a statutory provision, rule of law, contract or deed requires\nconclusive evidence of the original form of a document, record or\ninformation to be presented or retained, that requirement shall be met by\nthe presentation or retention of an electronic record if the document,\nrecord or information is accurately represented therein.\n(b) Paragraph (a) shall apply if the requirement for the presentation or\nretention of evidence of the original form of document, record or\ninformation is in the form of an obligation or if the statutory provision,\nrule of law, contract or deed provides consequences if conclusive\nevidence of the original form of document, record or information is not\nprovided.\n(2)\n(a)\nWhere a statutory provision, rule of law, contract or deed requires a\ndocument, record or information to be presented or retained in its original\nform and such document, record or information was first generated in its\nfinal form as an electronic record, that requirement shall be met by the\npresentation or retention of an electronic record if the document, record\nor information is accurately represented therein.\n(b) Paragraph (a) shall apply if the requirement to present or retain the\ndocument, record or information in its original form is in the form of an\nobligation or if the statutory provision, rule of law, contract or deed\nprovides consequences if the original form of the document, record or\ninformation is not presented or retained.\n(3) For the purposes of subsections (1) and (2), the document, record or\ninformation is accurately represented where it has remained complete and\nunaltered from the time it was first generated in its final form, whether as an\nelectronic record or on any other medium, apart from the application of an\ninformation security procedure, or apart from \u2014\n(a)\nthe addition of an endorsement; or\n\nSection 10\nElectronic Transactions Law\n\nPage 10\nRevised as at 10th day of June, 2003\nc\n\n(b) an immaterial change,\nwhich arises in the normal course of communication, translation, conversion,\nstorage or display.\n10.\nRetention of records\n10. (1) Where documents, records or information are required by any statutory\nprovision, rule of law, contract or deed to be retained, that requirement is met\nby retaining them in the form of electronic records if \u2014\n(a)\nthe information contained in the electronic record is accessible and\ncapable of retention for subsequent reference;\n(b) the electronic record is retained in the format in which it was generated,\nsent or received, or in a format which can be demonstrated to represent\naccurately the document, record or information when it was generated,\nsent or received; and\n(c)\nany information that enables the identification of the origin and\ndestination of an electronic record and the date and time when it was sent\nand received is retained.\n(2) An obligation to retain documents, records or information, under\nsubsection (1) does not extend to information, the sole purpose of which is to\nenable the message to be sent or received.\n(3) A person may satisfy the requirement referred to in subsection (1) by using the\nservices of another person, if the conditions set out in subsection (1)(a), (b)\nand (c) are met.\n11.\nRecords available for inspection\n11. Where documents, records or information are required by any statutory provision,\nrule of law, contract or deed to be made available for inspection, that requirement\nshall be met by making such documents, records or information available for\ninspection in perceivable form as an electronic record.\n12.\nAdmissibility of electronic records\n12. In proceedings in a court, tribunal or arbitration, whether of a legal, judicial, quasijudicial or administrative nature, the admissibility of an electronic record or an\nelectronic signature in evidence shall not be denied solely on the grounds that it is\nan electronic record or an electronic signature.\nPart III - Formation and Validity of Contracts\n13.\nFormation and validity of contracts\n13. (1) In the context of the formation of a contract \u2014\n\nElectronic Transactions Law\nSection 14\n\nc\nRevised as at 10th day of June, 2003\nPage 11\n\n(a)\nan offer;\n(b) subject to any condition included in the offer (notwithstanding section 4),\nthe acceptance of an offer; and\n(c)\nthe method of payment of any consideration payable,\nmay be expressed by an electronic record.\n(2) As between the originator and the addressee of an electronic record, a\ndeclaration of intention or other statement shall not be denied legal effect or\nvalidity solely on the ground that it is in the form of an electronic record.\nPart IV - Communication of Electronic Records\n14.\nAttribution of electronic records\n14. (1) An electronic record is that of an originator if it was sent by the originator\nhimself.\n(2) As between the originator and the addressee, an electronic record shall be\nattributable to the originator if it was sent \u2014\n(a)\nby a person who had been authorised by the originator to send the\nelectronic record on his behalf; or\n(b) by the originator\u2019s electronic agent.\n(3) As between the originator and the addressee, an addressee shall be entitled to\nattribute an electronic record to the originator, and to act on that\nassumption, if \u2014\n(a)\nin order to ascertain whether the electronic record was that of the\noriginator, the addressee properly applied a procedure previously agreed\nto by the originator for that purpose; or\n(b) the electronic record as received by the addressee resulted from the\nactions of a person whose relationship with the originator, or with any\nagent of the originator, enabled that person to gain access to a method\nused by the originator to identify electronic records as his own.\n(4) Subsection (3) does not apply \u2014\n(a)\nas of the time when the addressee has both received notice from the\noriginator that the electronic record is not that of the originator, and had\nreasonable time to act accordingly; or\n(b) in a case to which subsection (3)(b) applies, at any time when the\naddressee knew or should have known, had he exercised reasonable care\nor used any agreed procedure, that the electronic record was not that of\nthe originator.\n\nSection 15\nElectronic Transactions Law\n\nPage 12\nRevised as at 10th day of June, 2003\nc\n\n(5) The addressee shall be entitled to regard each electronic record received as a\nseparate electronic record and to act on that assumption, except to the extent\nthat it duplicates another electronic record and the addressee knew or should\nhave known, had he exercised reasonable care or used any agreed procedure,\nthat the electronic record was a duplicate.\n15.\nEffect of change or error\n15. If a change or error occurs in the transmission of an electronic record \u2014\n(a)\nif the originator and the addressee have agreed to use an information\nsecurity procedure in respect of the electronic record and one of them has\nconformed to the procedure, but the other has not, and the\nnonconforming person would have detected the change or error had he\nalso conformed, the conforming person may avoid the effect of the\nchanged or erroneous electronic record;\n(b) if an individual is either the originator or the addressee of an electronic\nrecord, he may avoid the effect of the electronic record if the error was\nmade by the individual in dealing with the electronic agent of another\nperson if the electronic agent did not provide an opportunity for the\nprevention or correction of the error and, at the time the individual learns\nof the error, the individual \u2014\n(i)\npromptly notifies the other person of the error and that he did not\nintend to be bound by the electronic record received by the other\nperson;\n(ii) takes reasonable steps, including steps that conform to the other\nperson\u2019s reasonable instructions, to return to the other person or, if\ninstructed by the other person, to destroy the consideration received,\nif any, as a result of the erroneous electronic record; and\n(iii) has not used or received any benefit or value from the\nconsideration, if any, received from the other person; and\n(c)\nif neither paragraph (a) nor paragraph (b) applies, the change or error\nshall have the effect provided by any other law and any contract between\nthe originator and the addressee.\n16.\nAcknowledgement of receipt of electronic records\n16. (1) Subsections (2), (3) and (4) apply where, on or before sending an electronic\nrecord, or by means of that electronic record, the originator has requested, or\nagreed with, the addressee that receipt of the electronic record be\nacknowledged by the addressee.\n(2) Where the originator has not agreed with the addressee that the\nacknowledgement be given in a particular form or by a particular method, an\nacknowledgement may be given by \u2014\n\nElectronic Transactions Law\nSection 17\n\nc\nRevised as at 10th day of June, 2003\nPage 13\n\n(a)\na communication by the addressee to the originator, automated or\notherwise; or\n(b) conduct of the addressee,\nthat is reasonably sufficient to indicate to the originator that the electronic\nrecord has been received.\n(3) Where the originator has stated that an electronic record is conditional on\nreceipt by him of an acknowledgement, the electronic record shall be\npresumed not to have been sent until an acknowledgment has been received\nby him.\n(4) Where the originator has not stated that the electronic record is conditional on\nreceipt of the acknowledgement and the acknowledgement has not been\nreceived by the originator within the time specified or agreed or, if no time has\nbeen specified or agreed, within a reasonable time, the originator \u2014\n(a)\nmay give notice to the addressee \u2014\n(i)\nstating that no acknowledgement has been received and that the\nelectronic record is to be treated as though it had never been sent; or\n(ii) specifying a reasonable time by which the acknowledgement must\nbe received; and\n(b) if the acknowledgement is not received within the time specified in\nparagraph (a), may, upon notice to the addressee \u2014\n(i)\ntreat the electronic record as though it had never been sent; and\n(ii) exercise any other rights the originator may have.\n(5) Where the originator receives the addressee\u2019s acknowledgement of receipt it\nmay be presumed that the related electronic record has been received by the\naddressee but that presumption shall not imply that the electronic record\nreceived corresponds to the electronic record as sent.\n(6) Where the addressee\u2019s received acknowledgment states that the related\nelectronic record met technical requirements that the originator and the\naddressee have agreed should be met, it shall be presumed that the\nrequirements have been met.\n(7) Except insofar as it relates to the sending or receipt of an electronic record,\nthis section shall not affect the legal or equitable consequences that may flow\neither from that electronic record or from the acknowledgement of its receipt.\n17.\nTime and place of sending and receipt of electronic records\n17. (1) An electronic record which is transmitted by electronic means is sent at the\ntime when it enters an information processing system outside the control of the\noriginator, his agent, his electronic agent, or his agent\u2019s electronic agent.\n(2) An electronic record which is transmitted by electronic means is received \u2014\n\nSection 17\nElectronic Transactions Law\n\nPage 14\nRevised as at 10th day of June, 2003\nc\n\n(a)\nin the case where the addressee has designated an information processing\nsystem for the purpose of receiving an electronic record \u2014\n(i)\nat the time when the electronic record enters the designated\ninformation processing system; or\n(ii) if the electronic record is sent to an information processing system\nof the addressee that is not the designated information processing\nsystem, at the time when the electronic record is retrieved by the\naddressee; or\n(b) in the case where the addressee has not designated an information\nprocessing system, at the time when the electronic record enters an\ninformation processing system of the addressee or is otherwise retrieved\nby the addressee.\n(3) Subsection (2) applies notwithstanding that the place where the information\nprocessing system is located may be different from the place where the\nelectronic record is deemed to be received under subsection (4).\n(4) Subject to subsection (6), an electronic record shall be deemed to have been\nsent at the place where the originator or his agent has his place of business,\nand shall be deemed to have been received at the place where the addressee or\nhis agent has his place of business.\n(5) For the purposes of subsection (4), if the originator or the addressee has more\nthan one place of business, his place of business is \u2014\n(a)\nthat place of business which has the closest relationship to the transaction\nto which the electronic record relates; or\n(b) where there is no transaction to which the electronic record relates \u2014\n(i)\nif he is a body corporate or a registered partnership, his registered\noffice; or\n(ii) in any other case, his principal place of business.\n(6) Where the originator or the addressee of an electronic record does not have a\nplace of business, or the electronic record does not relate to the originator\u2019s\nbusiness, the electronic record shall be deemed to have been sent or\nreceived \u2014\n(a)\nif it is a company, whether established in the Islands or in any other\njurisdiction, at its registered office; or\n(b) in any other case, at the place where he ordinarily resides.\n\nElectronic Transactions Law\nSection 18\n\nc\nRevised as at 10th day of June, 2003\nPage 15\n\nPart V - Electronic Signatures\n18.\nEqual treatment of signatures\n18. Except as provided in section 19, this law shall not be applied so as to exclude,\nrestrict or deprive of legal effect, any method of creating an electronic signature\nwhich \u2014\n(a)\nsatisfies the requirements of section 19(1); or\n(b) otherwise meets the requirements of an applicable statutory provision,\nrule of law, contract or deed.\n19.\nCompliance with a requirement for a signature\n19. (1) Where the signature of a person is required by a statutory provision, rule of\nlaw, contract or deed, that requirement shall be met in relation to an electronic\nrecord if an electronic signature is used that is as reliable as was appropriate\nfor the purpose for which the electronic record was generated or\ncommunicated, in all the circumstances, including any relevant agreements.\n(2) Subsection (1) applies whether the requirement for a signature is in the form of\nan obligation or the statutory provision, rule of law, contract or deed provides\nconsequences for the absence of a signature.\n(3) An electronic signature shall be reliable for the purpose of satisfying the\nrequirement referred to in paragraph (1) if \u2014\n(a)\nthe means of creating the electronic signature is, within the context in\nwhich it is used, linked to the signatory and to no other person;\n(b) the means of creating the electronic signature was, at the time of signing,\nunder the control of the signatory and of no other person;\n(c)\nany alteration to the electronic signature, made after the time of signing,\nis detectable; and\n(d) where a purpose of the legal requirement for a signature is to provide\nassurance as to the integrity of the information to which it relates, any\nalteration made to that information after the time of signing is detectable.\n(4) Subsection (3) does not limit the ability of any person \u2014\n(a)\nto establish in any other way, for the purpose of satisfying the\nrequirement referred to in subsection (1), the reliability of an electronic\nsignature; or\n(b) to adduce evidence of the non-reliability of an electronic signature.\n20.\nDetermination of standards\n20. The Governor may make regulations prescribing methods which satisfy the\nrequirements of section 19.\n\nSection 21\nElectronic Transactions Law\n\nPage 16\nRevised as at 10th day of June, 2003\nc\n\n21.\nConduct of a person relying on an electronic signature\n21. A person relying on an electronic signature shall bear the legal consequences of his\nfailure to \u2014\n(a)\ntake reasonable steps to verify the reliability of an electronic signature; or\n(b) where an electronic signature is supported by a certificate, take\nreasonable steps to \u2014\n(i)\nverify the validity, suspension or revocation of the certificate; or\n(ii) observe any limitation with respect to the certificate.\n22.\nRecognition of foreign certificates and electronic signatures\n22. (1) In determining whether, or the extent to which, a certificate or an electronic\nsignature is legally effective, no regard shall be had to the place where the\ncertificate or the electronic signature was issued, nor to the jurisdiction in\nwhich the issuer had its place of business.\n(2) If the Minister, on the recommendation of the Authority, considers that the\npractices of a foreign information security service provider provide a level of\nreliability at least equivalent to that required of information security service\nproviders in order that they may be approved under section 25, he may, by\nnotice published in the Gazette, recognise certificates or classes of certificates\nissued by the foreign provider as legally equivalent to certificates issued by\ninformation security service providers approved under section 25.\n(3) The Minister may, by notice published in the Gazette, recognise signatures\ncomplying with the laws of a foreign jurisdiction relating to electronic\nsignatures as legally equivalent to signatures issued by information security\nservice providers approved under section 25 if the laws of the other foreign\njurisdiction require a level of reliability at least equivalent to that required for\nsuch signatures under this Law.\n(4) The Governor may make regulations prescribing the matters to be taken into\naccount by the Minister when deciding whether to exercise his powers under\nsubsections (2) and (3).\n(5) Notwithstanding subsections (2) and (3), parties to commercial and other\ntransactions may specify that a particular information security service\nprovider, class of information security service providers or class of certificates\nshall be used in connection with messages or signatures submitted to them.\n(6) Where, notwithstanding subsections (2) and (3), the parties to a transaction\nagree to the use of particular types of electronic signatures and certificates,\nthat agreement shall be recognised as sufficient for the purpose of cross-border\nrecognition in respect of that transaction.\n\nElectronic Transactions Law\nSection 23\n\nc\nRevised as at 10th day of June, 2003\nPage 17\n\n23.\nNotarisation and acknowledgment\n23. Where information or a signature, document or record is required by a statutory\nprovision, rule of law, contract or deed to be notarised, acknowledged, verified or\nmade under oath, the requirement shall be satisfied if, in relation to an electronic\nsignature, electronic document or electronic record, the electronic signature of the\nperson authorised to perform those acts, together with all other information required\nto be included by other applicable law, is attached to or logically associated with the\nelectronic signature, electronic document or electronic record.\nPart VI - Information Security Service Providers\n24.\nRegister of approved providers\n24. (1) The Minister may require the Authority to establish and maintain a register of\napproved information security services, and of providers of such services,\nwhich shall contain particulars of every person who, or service which, is for\nthe time being approved under any arrangements in force under section 25.\n(2) The Governor, on the recommendation of the Authority may make regulations\nprescribing the particulars that are to be included in entries in the register\nmaintained under subsection (1).\n(3) The Authority shall \u2014\n(a)\nallow public inspection, at all times, of an electronic copy of the\nregister; and\n(b) publicise any withdrawal or modification of an approval under\nsection 25,\nin accordance with arrangements prescribed by the Governor in regulations.\n25.\nArrangements for the grant of approvals\n25. The Governor may make regulations enabling the Authority to grant approvals,\nwhether subject to conditions or otherwise, on payment of a prescribed fee, to\npersons who \u2014\n(a)\nare providing information security services in the Islands or are\nproposing to do so; and\n(b) seek approval in respect of any such services that they are providing, or\nare proposing to provide, whether in the Islands or elsewhere.\n26.\nRestrictions on disclosure of information\n26. (1) Subject to subsection (2), information which \u2014\n(a)\nhas been obtained under or by virtue of this Part; and\n\nSection 27\nElectronic Transactions Law\n\nPage 18\nRevised as at 10th day of June, 2003\nc\n\n(b) relates to the private affairs of any individual or to any particular\nbusiness,\nshall be deemed to be confidential information for the purposes of the\nConfidential Relationships (Preservation) Law (1995 Revision).\n(2) Section 5 of the Confidential Relationships (Preservation) Law (1995\nRevision) does not apply to any disclosure of information which is made \u2014\n(a)\nfor the purpose of facilitating the carrying out of any functions under this\nPart, or any prescribed functions, of the Minister or the Authority;\n(b) for the purpose of facilitating the carrying out of prescribed functions of\nany prescribed person;\n(c)\nin connection with the investigation by the police of a criminal offence or\nfor the purposes of any criminal proceedings; or\n(d) for the purposes of any civil proceedings which \u2014\n(i)\nrelate to the provision of information security services; and\n(ii) are proceedings to which a person approved in accordance with\narrangements under section 24 is a party.\n(3) If information is disclosed to the public in circumstances in which the\ndisclosure does not contravene the Confidential Relationships (Preservation)\nLaw (1995 Revision), that law shall not prevent its further disclosure by any\nperson.\n27.\nProvision of information security services.\n27. (1) References in this Part to the provision of an information security service do\nnot include references to the supply of, or of any right to use, computer\nsoftware or computer hardware unless the supply or the right to use is integral\nto the provision of information security services which do not consist of such a\nsupply or right to use.\n(2) For the purposes of this Part, information security services are provided in the\nIslands if they are provided from premises in the Islands and \u2014\n(a)\nthey are provided to a person who is in the Islands when he makes use of\nthe services; or\n(b) they are provided to a person who makes use of the services for the\npurposes of a business carried on in the Islands or from premises in the\nIslands.\n28.\nConduct of the information security service provider\n28. (1) An information security service provider shall \u2014\n(a)\nact in accordance with the representations it makes with respect to its\npolicies and practices;\n\nElectronic Transactions Law\nSection 29\n\nc\nRevised as at 10th day of June, 2003\nPage 19\n\n(b) exercise reasonable care to ensure the accuracy and completeness of all\nmaterial representations made by it \u2014\n(i)\nthat are relevant to the certificate throughout its life cycle; or\n(ii) which are included in the certificate;\n(c)\nprovide reasonably accessible means which enable a person who relies\non the certificate to ascertain from the certificate \u2014\n(i)\nthe identity of the information security service provider;\n(ii) that the person who is identified in the certificate had control of the\nsignature device at the time of signing;\n(iii) that the signature device was operational on or before the date when\nthe certificate was issued;\n(d) provide reasonably accessible means which enable a person who relies\non the certificate to ascertain, where relevant, from the certificate or\notherwise \u2014\n(i)\nthe method used to identify the signature device holder;\n(ii) any limitation on the purpose or value for which the signature\ndevice or the certificate may be used;\n(iii) that the signature device is operational and has not been\ncompromised;\n(iv) any limitation on the scope or extent of liability stipulated by the\ninformation security service provider;\n(v) whether means exist for the signature device holder to give notice\nthat a signature device has been compromised; and\n(vi) whether a timely revocation service is offered;\n(e)\nprovide a means for a signature device holder to give notice that a\nsignature device has been compromised and ensure the availability of a\ntimely revocation service; and\n(f)\nutilise trustworthy systems, procedures and human resources in\nperforming its services.\n(2) An information security service provider shall be liable for its failure to satisfy\nthe requirements of subsection (1)\n29.\nCriteria for determining trustworthiness\n29. The Governor, on the recommendation of the Authority, may make regulations\nprescribing the factors to which regard shall be had in determining whether, and the\nextent to which, systems, procedures and human resources are trustworthy for the\npurposes of section 28(1)(f).\n\nSection 30\nElectronic Transactions Law\n\nPage 20\nRevised as at 10th day of June, 2003\nc\n\n30.\nContents of a certificate\n30. The Governor, on the recommendation of the Authority, may make regulations\nprescribing the matters that shall be specified in a certificate.\n31.\nConduct of the signature device holder\n31. A signature device holder shall \u2014\n(a)\nexercise reasonable care to avoid unauthorised use of its signature\ndevice;\n(b) without undue delay, notify any person who may reasonably be expected\nby the signature device holder to rely on or to provide services in support\nof the electronic signature if \u2014\n(i)\nthe signature device holder knows that the signature device has\nbeen compromised; or\n(ii) the circumstances known to the signature device holder give rise to\na substantial risk that the signature device may have been\ncompromised; and\n(c)\nwhere a certificate is used to support the electronic signature, exercise\nreasonable care to ensure the accuracy and completeness of all material\nrepresentations made by the signature device holder, which are relevant\nto the certificate throughout its life-cycle, or which are to be included in\nthe certificate.\nPart VII - Intermediaries and E-commerce Service Providers\n32.\nLiability of e-commerce service providers\n32. (1) In proceedings against an intermediary or e-commerce service provider for a\noffence consisting of or arising out of the processing of an electronic record by\nmeans of his system, it shall be a defence for him to show that he was not the\noriginator of the record and either \u2014\n(a)\nthat he did not know, and had no reasonable cause to suspect that, the\nprocessing of the record would (apart from this subsection) constitute or\ngive rise to that offence; or\n(b) as soon as reasonably practicable after he knew or had reasonable cause\nto suspect that the processing of the record would (apart from this\nsubsection) constitute or give rise to that offence that \u2014\n(i)\nhe took such steps as were reasonable to prevent such processing by\nmeans of his system; and\n(ii) he notified a constable of any relevant facts in his possession.\n\nElectronic Transactions Law\nSection 33\n\nc\nRevised as at 10th day of June, 2003\nPage 21\n\n(2) An intermediary or e-commerce service provider shall not be subject to any\ncivil liability in respect of an electronic record which is processed by means of\nhis system if he was not the originator of the record and \u2014\n(a)\nhe did not know and had no reasonable cause to suspect that the\nprocessing of it would (apart from this subsection) give rise to that\nliability; or\n(b) as soon as reasonably practicable after he knew or had reasonable cause\nto suspect that the processing of the record would (apart from this\nsubsection) give rise to that liability, he took such steps as were\nreasonable to prevent such processing by means of his system.\n(3) An intermediary or e-commerce service provider shall not be subject to any\ncivil liability for any action he takes in good faith under subsection (1)(b)\nor (2)(b).\n(4) An intermediary or e-commerce service provider shall not be required to\nmonitor any electronic record processed by means of his system in order to\nascertain whether its processing would (apart from this section) constitute or\ngive rise to an offence or give rise to civil liability.\n(5) Except as provided by subsection (3), nothing in this section shall relieve an\nintermediary or e-commerce service provider from \u2014\n(a)\nany obligation to comply with an order or direction of a court or other\ncompetent authority; or\n(b) any contractual obligation.\nPart VIII - Data Protection\n33.\nData protection\n33. (1) The Governor, on the recommendation of the Authority, may make regulations\nprescribing standards for the processing of personal data, whether or not the\npersonal data originates inside the Islands.\n(2) Regulations made under subsection (1) may provide for \u2014\n(a)\nthe protection of privacy;\n(b) the voluntary registration and de-registration to those standards by data\ncontrollers and data processors;\n(c)\nthe establishment by the Authority of a register that is available for\npublic inspection showing particulars of data controllers and data\nprocessors who have registered or de-registered to those standards and\nthe dates of such registration or de-registration, and the countries in\nrespect of which the registration or de-registration applies;\n\nSection 34\nElectronic Transactions Law\n\nPage 22\nRevised as at 10th day of June, 2003\nc\n\n(d) the application of those standards to the countries specified in the\nregulations;\n(e)\ndifferent standards to be applied in respect of personal data originating\nfrom different countries; and\n(f)\nsuch matters as may be necessary or convenient for giving effect to this\nPart or for its administration.\n(3) A data controller or data processor who voluntarily registers to a standard\nprescribed in regulations made under subsection (1) and who fails to comply\nwith that standard, as it may be amended from time to time, in respect of any\npersonal data originating from a country to which the standard applies that is\ncollected by the data controller during the period of registration, including any\ntime after de-registration is guilty of an offence and liable on summary\nconviction to a fine of fifty thousand dollars and to imprisonment for six\nmonths, and if the offence of which he is convicted is continued after\nconviction he commits a further offence and liable to a fine of five thousand\ndollars for every day on which the offence is so continued.\n34.\nPseudonyms\n34. (1) Information security service providers may, at the request of a particular\nsignature device holder, indicate in the relevant certificate a pseudonym\ninstead of the signature device holder\u2019s name.\n(2) Where a pseudonym is indicated under subsection (1), the information security\nservice provider shall, where necessary for the investigation by the police of\nan offence involving the use of electronic signatures, or where otherwise\nrequired by law to do so, transfer to a constable all personal data relating to the\nsignature device holder that is in his possession.\n(3) Where personal data is transferred under subsection (2), the information\nsecurity service provider shall make a record of the transfer.\n(4) The Governor may, by regulations, prescribe information that is to be provided\nin addition to the personal data that is to be transferred under subsection (2).\nPart IX - Miscellaneous\n35.\nCode of practice\n35. (1) The Governor, on the recommendation of the Authority, may, by regulations,\nestablish standards or conduct requirements with which e-commerce service\nproviders or intermediaries carrying on business in or from within the Islands\nmust comply.\n(2) A standard established by regulations made under subsection (1) may relate to\none or more of the following matters \u2014\n\nElectronic Transactions Law\nSection 35\n\nc\nRevised as at 10th day of June, 2003\nPage 23\n\n(a)\nthe types of services that are permitted to be provided by intermediaries;\n(b) the types of customers to whom services may be provided by\nintermediaries;\n(c)\nthe types of information permitted to be contained in an electronic record\nfor which services are provided by intermediaries;\n(d) the contractual application of relevant codes of conduct or standards to\ncustomers of intermediaries and e-commerce service providers;\n(e)\nthe information to be disclosed by intermediaries and e-commerce\nservice providers including the name, address, e-mail address and contact\nand registration details;\n(f)\nthe actions to be taken in the event of customers of intermediaries or ecommerce service providers sending bulk, unsolicited electronic records;\n(g) the practical application of the relevant laws of the Islands to\nintermediaries and e-commerce service providers;\n(h) procedures for dealing with complaints;\n(i)\nprocedures for dispute resolution, including dispute resolution by\nelectronic means; and\n(j)\nsuch other matters as the Governor may require.\n(3) Regulations made under subsection (1) shall provide \u2014\n(a)\nthat an intermediary or e-commerce service provider who fails to comply\nwith a standard prescribed in the regulations shall in the first instance be\ngiven a written warning by the Authority;\n(b) that the Authority may direct that person to cease or correct his\npractices; and\n(c)\nthat if that person fails to do so within such period as may be stated in the\ndirection, he commits an offence and is liable to such penalties as may be\nprescribed.\n(4) If the Authority is satisfied that a person, body or organisation represents\nintermediaries or e-commerce service providers carrying on business in the\nIslands, the Authority may, by notice given to the person, body or\norganisation, request that person, body or organisation to \u2014\n(a)\ndevelop standards or conduct requirements that apply to intermediaries or\ne-commerce service providers and that deal with one or more specified\nmatters relating to the provision of services by those intermediaries or ecommerce service providers; and\n(b) provide details relating to those standards or conduct requirements to the\nAuthority within such time as may be specified in the request.\n(5) If the Minister, on the recommendation of the Authority, is satisfied with the\nstandards and conduct requirements provided under subsection (4), he shall\n\nSection 36\nElectronic Transactions Law\n\nPage 24\nRevised as at 10th day of June, 2003\nc\n\napprove such standards and conduct requirements by notice published in the\nGazette, and thereupon such standards and conduct requirements shall apply to\nsuch intermediaries or e-commerce service providers as may be specified in\nthe notice.\n(6) If the Minister has approved any standard or conduct requirement that applies\nto intermediaries or e-commerce service providers, and \u2014\n(a)\nhe receives notice from a person, body or organisation representing\nintermediaries or e-commerce service providers or proposals to amend\nthe standard or conduct requirement; or\n(b) he no longer considers that the standard or conduct requirement is\nappropriate,\nhe may, by notice published in the Gazette, revoke or amend any existing\nstandard or conduct requirement.\n(7) References in this section to intermediaries and e-commerce service providers\ninclude references to a particular class of intermediaries or to a particular class\nof e-commerce service providers.\n36.\nOffences by bodies corporate\n36. (1) Where an offence under this Law, which has been committed by a body\ncorporate, is proved to have been committed with the consent or connivance\nof, or to be attributable to any neglect on the part of, any director, manager,\nsecretary or other similar officer of the body corporate, or any person who was\npurporting to act in any such capacity, he, as well as the body corporate, is\nguilty of that offence and liable to be proceeded against and punished\naccordingly.\n(2) Where the affairs of a body corporate are managed by its members,\nsubsection (1) shall apply in relation to the acts and defaults of a member in\nconnection with his functions of management as if he were a director of the\nbody corporate.\n37.\nRegulations\n37. (1) Without derogating from the powers to make regulations conferred elsewhere\nin this Law, the Governor may make regulations \u2014\n(a)\nprescribing matters required or permitted by this Law to be prescribed;\n(b) authorising or facilitating \u2014\n(i)\nthe investigation of; or\n(ii) the bringing of criminal proceedings in respect of the processing of\nelectronic records that may be, or is, an offence under this or any\nother Law; or\n(c)\nfor carrying the purpose and provisions of this Law into effect.\n\nElectronic Transactions Law\nSection 38\n\nc\nRevised as at 10th day of June, 2003\nPage 25\n\n(2) Regulations made under this Law may provide that the contravention of any\nprovision constitutes an offence and may prescribe penalties for any such\noffence not exceeding the maximum fine and term of imprisonment prescribed\nin this Law for any offence under this Law.\n38.\nProhibition on key escrow requirements\n38. (1) Nothing in this Law shall confer a power on the Governor, or a minister or\nofficial member or the Authority \u2014\n(a)\nby conditions of an approval under Part VI, or\n(b) by any regulations under this Law,\nto impose a requirement on any person to deposit a key for electronic records\nwith another person.\n(2) In this section \u2014\n\u201ckey\u201d, in relation to electronic records, means any code, password, algorithm\nor other data the use of which (with or without other keys) \u2014\n(a)\nallows access to the electronic record; or\n(b) facilitates the putting of the electronic record into an intelligible form,\nand references in this section to depositing a key for electronic records with a\nperson include references to doing anything that has the effect of making the\nkey available to that person.\n39.\nAppointment of e-Business Advisory Board\n39. (1) The Governor shall appoint a Board, to be known as the e-Business Advisory\nBoard.\n(2) The Board shall advise the Governor and the Minister \u2014\n(a)\non the discharge of their functions under this Law;\n(b) on any matter connected with the functions referred to in paragraph (a);\n(c)\non any matter connected with the administration of this Law; and\n(d) on any matter referred to it by the Governor or the Minister that is\nconnected or relates to the matters dealt with by this Law.\n(3) The members of the Board shall hold office at the pleasure of the Governor.\n(4) The Board shall consist of not less than seven nor more than ten persons\nappearing to the Governor to be knowledgeable about electronic business.\n(5) The Board shall, at their first meeting, and at the first meeting in every\ncalendar year thereafter, appoint one of their number to be the chairman of the\nBoard until the date of the first meeting of the Board in the following\ncalendar year.\n(6) The Board shall determine its own procedure.\n\nSection 39\nElectronic Transactions Law\n\nPage 26\nRevised as at 10th day of June, 2003\nc\n\nPublication in consolidated and revised form authorised by the Governor in Council\nthis 10th day of June, 2003.\nCarmena Watler\nClerk of Executive Council","akn_extracted_at":"2026-06-22 15:32:44.710064+00","cms_id":"2000-0007","law_type":"principal","year":"2000","number":"7","title":"Electronic Transactions Act","status":"in_force"},"provenance":{"files":[{"file_id":"4873","expr_id":"70","kind":"akn_xml","filename":"2000-0007_2003 Revision.akn.xml","source_url":null,"storage_path":"\/Users\/q\/kyleg-data\/working\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.akn.xml","content_md5":"724f0f0fc35f65efab5fa047796fc51a","byte_size":"53589","http_last_modified":null,"fetched_at":"2026-06-22 15:32:45.393734+00"},{"file_id":"139","expr_id":"70","kind":"pristine_pdf","filename":"2000-0007_2003 Revision.pdf","source_url":"\/cms\/images\/LEGISLATION\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.pdf","storage_path":"\/Users\/q\/kyleg-data\/pristine\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.pdf","content_md5":"bd87e1bb0009d91ad2a8ceb4c493160a","byte_size":"537028","http_last_modified":null,"fetched_at":"2026-06-21 23:09:35.081419+00"},{"file_id":"140","expr_id":"70","kind":"working_pdf","filename":"2000-0007_2003 Revision.pdf","source_url":"\/cms\/images\/LEGISLATION\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.pdf","storage_path":"\/Users\/q\/kyleg-data\/working\/PRINCIPAL\/2000\/2000-0007\/2000-0007_2003 Revision.pdf","content_md5":"bd87e1bb0009d91ad2a8ceb4c493160a","byte_size":"537028","http_last_modified":null,"fetched_at":"2026-06-21 23:09:35.081419+00"}],"paragraph_count":31,"latest_history":null},"quality":{"expr_id":"70","doc_id":"70","quality_state":"needs_review","quality_score":"84","needs_human_review":"t","deterministic_categories":"{duplicate_text,page_header_footer_noise}","llm_categories":"{truncated_text,other}","repair_actions":"{collapse_duplicate_text,manual_review,reextract_full_text,strip_page_furniture}","finding_severity_counts":"{\"low\": 1, \"medium\": 1}","finding_summary":"Sample ends mid\u2011definition; likely missing continuation due to character omission marker. Review full document for completeness.","assessed_at":"2026-06-22 15:29:45.008085+00","updated_at":"2026-06-22 15:29:45.008085+00"}}