Electronic Transactions Act, 2011
Act 8 of 2011
An Act to provide for the use, security, facilitation and regulation of electronic communications and transactions; to encourage the use of e-Government services and to provide for related matters.BE IT ENACTED by Parliament as follows:
Part I – Preliminary
This Act shall come into force on a date appointed by the Minister by statutory instrument and different dates may be appointed for the commencement of different provisions.
(1)In this Act, unless the context otherwise requires—“addressee”, in respect of a data message, means a person who is intended by the person originating the data message to receive the data message, but not a person acting as an intermediary in respect of the data message;“advanced electronic signature” means an electronic signature, which is—(a)uniquely linked to the signatory;(b)reliably capable of identifying the signatory;(c)created using secure signature creation device that the signatory can maintain under his sole control; and(d)linked to the data to which it relates in such a manner that any subsequent change of the data or the connections between the data and signature are detectable.“automated transaction” means an electronic transaction conducted or performed, in whole or in part, by means of a data message in which the conduct or data messages of one or both parties is not reviewed by a natural person in the ordinary course of the natural person’s business or employment;“computer” means electronic, magnetic, optical, electrochemical, or other data processing device or a group of such interconnected or related devices, performing logical, arithmetic or storage functions; and includes any data storage facility or communications facility directly related to or operating in conjunction with such a device or a group of such interconnected or related devices;“consumer” means a person who enters or intends to enter into an electronic transaction with a supplier as the end user of the goods or services offered by that supplier;“currency point” has the value assigned to it in Schedule 1;“data” means electronic representations of information in any form;“data message” means data generated, sent, received or stored by computer means and includes—(a)voice, where the voice is used in an automated transaction; and(b)a stored record;“data subject” means a person from whom or in respect of whom personal information has been requested, collected, collated, processed or stored;“e-Government services” includes a public service provided by computer means by a public body in Uganda;“electronic agent” means a computer program or an electronic or other automated means used independently to initiate an action or respond to data messages or performances in whole or in part, in an automated transaction;“electronic communication” means a communication by means of data messages;“electronic record” means data which is recorded or stored on any medium in or by a computer system or other similar device, that can be read or perceived by a person or a computer system or other similar device and includes a display, printout or other output of that data;“electronic records system” includes the computer system or other similar device by or in which data is recorded or stored and the procedure for recording and storing of electronic records;“electronic signature” means data in electronic form affixed to or logically associated with a data message, which may be used to identify the signatory in relation to the data message and indicates the signatory's approval of the information contained in the data message; and includes an advanced electronic signature as well as secure signature;“electronic transaction” means the exchange of information or data, the sale or purchase of goods or services, between businesses, households, individuals, governments, and other public or private organizations, conducted over computer-mediated networks;“information” includes data, text, images, sounds, codes, computer programmes, software and databases;“information system” means a system for generating, sending, receiving, storing, displaying or otherwise processing data messages and includes the internet or any other information sharing system;“information system services” includes a provision of connections, operation facilities, for information systems, the provision of access of information systems, the transmission or routing of data messages between or among points specified by a user and the processing and storage of data, at the individual request of the recipient of the service;“intermediary” means a person who, on behalf of another person, whether as agent or not, sends, receives or stores a particular data message or provides other services with respect to that data message;“Minister” means the Minister responsible for information and communications technology;“originator” means a person by whom or on whose behalf, a data message is sent or generated prior to storage, but does not include a person acting as an intermediary in respect of that data message;“person” includes any company or association or body of persons corporate or unincorporate;“public body” includes the Government, a department, service or undertaking of the Government, Cabinet, Parliament, a court, local Government administration or a local council and any committee or commission thereof, an urban authority, a municipal council and any committee of any such council, any corporation, committee, board, commission or similar body whether corporate or incorporate established by an Act of Parliament relating to undertakings of public services or such purpose for the benefit of the public or any section of the public to administer funds or property belonging to or granted by the Government or money raised by public subscription, rates, taxes, cess or charges in pursuance of any written law and any council, board, committee or society established by an Act of Parliament for the benefit, regulation and control of any profession;“service provider” means—(i)any public or private entity that provides to the users of its service the ability to communicate by means of a computer system, and(ii)any other entity that processes or stores computer data on behalf of such communication service or users of such service;“third party”, in relation to a service provider, means a subscriber to a service provided by the service provider or any other user of the service provider’s services or a user of information systems.(2)This Act shall be construed consistently with what is commercially reasonable under the circumstances as to achieve business sense.
(1)This Act does not apply to the list of documents specified in Schedule 2.(2)Nothing in this Act shall limit the operation of a law which expressly authorises, prohibits or regulates the use of electronic documents.
4. Object of the Act
(1)The object of this Act is to provide a legal and regulatory framework to—(a)enable and facilitate electronic communication and transactions;(b)remove and eliminate the legal and operational barriers to electronic transactions;(c)promote technology neutrality in applying legislation to electronic communications and transactions;(d)provide legal certainty and public confidence in the use of electronic communications and transactions;(e)promote e-Government services through electronic communications and transactions with the Government, public and statutory bodies;(f)ensure that electronic transactions in Uganda conform to the best practices by international standards;(g)encourage investment and innovation in information communications and technology to promote electronic transactions;(h)develops a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;(i)promote the development of electronic transactions that are responsive to the needs of users and consumers; and(j)foster economic and social prosperity.
Part II – Facilitating electronic transactions
5. Legal effect of electronic records
(1)Information shall not be denied legal effect, validity or enforcement solely on the ground that it is wholly or partly in the form of a data message.(2)Information incorporated into a contract that is not in the public domain is regarded as having been incorporated into a data message if the information is—(a)referred to in a way that a reasonable person would have noticed the reference to the information or incorporation in the contract; and(b)accessible in a form in which it may be read, stored and retrieved by the other party, whether electronically or as a computer printout as long as the information is reasonably capable of being reduced into electronic form by the party incorporating it.(3)Where—(a)an act;(b)a document; or(c)information,is required to be in writing, produced, recorded or retained, it may be written, produced, recorded or retained in electronic form.(4)For purposes of subsection (3) the requirement for a document or information to be in writing is fulfilled if the document or information is—(a)in the form of a data message; and(b)accessible in a manner which is usable for subsequent reference.
6. Use of electronic signature
Where a law requires a signature or provides for consequences where a document is not signed, the requirement is fulfilled if an electronic signature is used.
7. Authenticity of data message
(1)Where a law requires information to be presented or retained in its original form, the requirement is fulfilled by a data message if—(a)the integrity of the information from the time when it was first generated in its final form as a data message or otherwise has passed assessment in terms of subsection (2); and(b)that information is capable of being displayed or produced to the person to whom it is to be presented.(2)For the purposes of subsection 1(a), the authenticity of a data message shall be assessed—(a)by considering whether the information has remained complete and unaltered, except for the addition of an endorsement and any change which arises in the normal course of communication, storage or display;(b)in light of the purpose for which the information was generated; and(c)having regard to all other relevant circumstances.
8. Admissibility and evidential weight of a data message or an electronic record
(1)In legal proceedings, the rules of evidence shall not be applied so as to deny the admissibility of a data message or an electronic record—(a)merely on the ground that it is constituted by a data message or an electronic record;(b)if it is the best evidence that the person adducing the evidence could reasonably be expected to obtain; or(c)merely on the ground that it is not in its original form.(2)A person seeking to introduce a data message or an electronic record in legal proceeding has the burden of proving its authenticity by evidence capable of supporting a finding that the electronic record is what the person claims it to be.(3)Subject to subsection (2), where the best evidence rule is applicable in respect of an electronic record, the rule is fulfilled upon proof of the authenticity of the electronic records system in or by which the data was recorded or stored.(4)When assessing the evidential weight of a data message or an electronic record, the court shall have regard to—(a)the reliability of the manner in which the data message was generated, stored or communicated;(b)the reliability of the manner in which the authenticity of the data message was maintained;(c)the manner in which the originator of the data message or electronic record was identified; and(d)any other relevant factor.(5)The authenticity of the electronic records system in which an electronic record is recorded or stored shall, in the absence of evidence to the contrary, be presumed where—(a)there is evidence that supports a finding that at all material times the computer system or other similar device was operating properly or, if it was not, the fact of its not operating properly did not affect the integrity of the electronic record and there are no other reasonable grounds to doubt the integrity of the electronic records system;(b)it is established that the electronic record was recorded or stored by a party to the proceedings who is adverse in interest to the party seeking to introduce it; or(c)it is established that the electronic record was recorded or stored in the usual and ordinary course of business by a person who is not a party to the proceedings and who did not record or store it under the control of the party seeking to introduce the record.(6)For the purposes of determining whether an electronic record is admissible under this section, evidence may be presented in respect of set standards, procedure, usage or practice on how electronic records are to be recorded or stored, with regard to the type of business or endeavours that used, recorded or stored the electronic record and the nature and purpose of the electronic record.(7)This section does not modify the common law or a statutory rule relating to the admissibility of records, except the rules relating to authentication and best evidence.
9. Retention of information or record
(1)Where a law requires that a document, record or information be retained, the requirement is fulfilled by retaining the document, record or information in electronic form if—(a)the information contained in the electronic record remains accessible and can be used for subsequent reference;(b)the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to accurately represent the information originally generated, sent or received;(c)the information which is retained enables the identification of the origin and destination of an electronic record and the date and time when it was sent or received; and(d)the consent of the department or ministry of the Government, or the statutory corporation, which has supervision over the requirement for retaining the record, has been obtained.(2)The obligation to retain a document, record or information in accordance with subsection (1) (c) shall not extend to information generated solely for the purpose of enabling a document, record or information to be sent or received.(3)Subsection (1) may be fulfilled by using the services of a person other than the person who originated the document, record or information.(4)Nothing in this section shall—(a)affect a law which expressly provides for the retention of documents, records or information in the form of electronic records;(b)preclude a department or ministry of the Government, a statutory corporation from specifying additional requirements for retaining electronic records that are subject to the jurisdiction of the department or ministry of the Government, or statutory corporation.
10. Production of document or information
(1)For purposes of section 5(3), a requirement to produce a document or information is fulfilled if a person produces the document or information in electronic form if—(a)considering all the relevant circumstances at the time that the data message was sent, the method of generating the electronic form of that document provided a reliable means of assuring the maintenance of the integrity of the information contained in that document; and(b)at the time the data message was sent, it was reasonable to expect that the information contained in the data message would be readily accessible so as to be usable for subsequent reference.(2)For the purposes of subsection (1), the authenticity of the information contained in a document is maintained if the information has remained complete and unaltered, except for—(a)the addition of an endorsement; or(b)an immaterial change, which arises in the normal course of communication, storage or display.
11. Notarisation, acknowledgement and certification
(1)A requirement for a signature, statement or document to be notarised, acknowledged, verified or made under oath, is fulfilled if an advanced or secure electronic signature of a person authorised by law to sign or notarise the document is attached, incorporated or is logically associated with the electronic record.(2)Where a person is required or permitted to provide a certified copy of a document which is in electronic form, the requirement is fulfilled if the person provides a printout certified to be a true copy of the document or information.(3)Where a person is required or permitted to provide a certified copy of a document and the document exists in paper or other physical form, that requirement is fulfilled if an electronic copy of the document is certified to be a true copy of the document and the certification is confirmed with an advanced electronic signature.
12. Other requirements
(1)A requirement for multiple copies of a document to be submitted to a person at the same time is fulfilled by submitting a single data message which is capable of being reproduced by the person to whom the data message is submitted.(2)Where a document is required to be sealed and the law does not prescribe the method or form in which it is to be the sealed, the document may be sealed by electronic means.(3)For purposes of subsection (2) a document is sealed by electronic means if the document includes the advanced electronic signature of the person authorised to seal the document.(4)Where a person is required or permitted to send a document or information by registered or certified mail, that requirement is fulfilled if an electronic copy of the document or information is sent to an authorised service provider and the document, is registered by the service provider and sent to the electronic address provided by the sender provided that such reproduction does not affect the integrity of the document.
13. Automated transactions
(1)In an automated transaction—(a)a contract may be formed where an electronic agent performs an action required by law in order to form a contract; or(b)a contract may be formed by a party to the transaction using an electronic agent to enter into the contract.(2)A party using an electronic agent to enter into a contract shall, subject to subsection (3), be bound by the terms of the contract irrespective of whether the party reviewed the actions of the electronic agent or the terms of the contract.(3)A party interacting with an electronic agent to form a contract is not bound by the terms of the contract unless the terms are capable of being reviewed by a person representing that party before the formation of the contract.(4)A contract shall not be formed under subsection (1) where a person interacts directly with the electronic agent of another party and the electronic agent makes a material error when creating a data message unless—(a)the other party notifies the natural person of the error as soon as practicable after he or she has learnt of the error;(b)the electronic agent provides the natural person with an opportunity to prevent or correct the error;(c)the party takes reasonable steps, including steps that conform to the instructions of the natural person to return any performance received, or, if instructed to do so, to destroy that performance; and(d)the party has not used or received any material benefit or value from the performance received from the natural person.
14. Formation and validity of a contract
(1)A contract shall not be denied legal effect merely because it is concluded partly or wholly by means of a data message.(2)A contract by means of a data message is concluded at the time when and the place where acceptance of the offer is received by the person making the offer.
15. Time of dispatch of data message
(1)Subject to an agreement to the contrary, where a data message enters a single information system outside the control of the person originating the data message or a person who sent the message on behalf of the person originating the message, the dispatch of the message occurs when the data message enters the information system.(2)Where a data message successively enters two or more information systems outside the control of the person originating the data message, unless otherwise agreed between the person originating the message and the addressee, the dispatch of the message occurs when the data message enters the first of the information systems.
16. Time of receipt of data message
(1)Unless otherwise agreed between the person originating the data message and the addressee, the time of receipt of a data message is determined where the addressee designates an information system for receiving a data message the receipt of a data message occurs—(a)at the time when the data message enters the designated information system; or(b)if the data message is sent to an information system of the addressee which is not the designated information system, at the time when the data message is received by the addressee.(2)Where the addressee has not designated an information system, receipt occurs when the data message enters an information system of the addressee.(3)Subsections (1) and (2) shall apply notwithstanding that the place where the information system is located is different from the place where the data message is received under section 17.
17. Place of dispatch or receipt
(1)Unless otherwise agreed by the person originating a data message and the addressee, a data message is deemed to have been—(a)dispatched at the place of business of the originator; and(b)received at the place of business of the addressee.(2)For the purposes of subsection (1) the person originating the data message or the addressee—(a)has more than one place of business—(i)and one of the places can more closely be associated with the transaction, the place of business which can be closely associated with the transaction is presumed to be the place of business;(ii)but paragraph (a) does not apply, the principal place of business of the person originating the data message or the addressee is presumed to be the place of business;(b)does not have a place of business, the place where the person originating the data message or the addressee ordinarily resides is presumed to be the place of business.
18. Expression of interest
An expression of interest may be in the form of a data message and may be without an electronic signature as long as it is possible to infer the interest of the person from the data message.
19. Attributing a data message to person originating the message
(1)A data message is attributed to the person who originated the data message if the message is sent by—(a)the person originating the message;(b)an agent of the person originating the message or a person who has the authority to act on behalf of the person originating the data message; or(c)an information system which is programmed by the person originating the message or on behalf of the person originating the message to operate automatically unless it is proved that the information system did not execute the programming properly.(2)The addressee shall regard a data message as sent by the originator and to act on that assumption if—(a)in order to ascertain whether the data message is sent by the person originating the message, the addressee properly applies a method previously agreed to by the person originating the message for that purpose;(b)the data message received by the addressee resulted from the action of a person whose relationship with the originator enabled the person to gain access to a method used by the originator to identify electronic records as records of the originator; or(c)the data message is sent by an agent of the originator.(3)Subsection (2) shall not apply where—(a)the addressee receives notice from the originator that the originator did not send the data message;(b)the addressee knows or ought to have known, had he or she exercised reasonable care or used the agreed method, that the data message was not sent by the originator; or(c)in the circumstances it is unreasonable for the addressee to regard the data message as a message of the originator or to act on the assumption that the data message was sent by the originator.(4)This section shall not affect the law of agency or the law on formation of contracts.
20. Acknowledgement of receipt of data message
(1)Subject to this section, an acknowledgement of receipt of a data message is not necessary to give legal effect to the data message.(2)Where the originator specifies that the data message is conditional on receipt of the acknowledgement, the data message is taken as not sent, until the acknowledgement is received by the originator.(3)Where the originator specifies that the data message is conditional on receipt of an acknowledgement and the acknowledgement is not received by the originator within the time specified or agreed upon or, if no time has been specified or agreed upon, within a reasonable time, the originator may—(a)give notice to the addressee stating that an acknowledgement has not been received and specify a reasonable time within which the acknowledgement should be received; and(b)upon notice to the addressee, treat the data message as though it has never been sent or exercise any other rights that he or she may have in respect of the data message.(4)Where the originator does not specify that the acknowledgement is to be given in a particular form or by a particular method, the acknowledgement may be given by—(a)any communication from the addressee, automated or otherwise; or(b)any conduct of the addressee which is sufficient to indicate to the originator that the addressee received the data message.(5)Where the originator receives the acknowledgement of receipt from the addressee, unless there is evidence to the contrary it is presumed, that the addressee received the data message.(6)The presumption in subsection (5) does not imply that the content of the electronic record corresponds to the content of the record received.(7)Where the acknowledgement states that the related data message fulfilled the technical requirements, either agreed upon or set forth in applicable standards, it is presumed, unless evidence to the contrary is adduced, that those requirements have been met.(8)Except in so far as it relates to sending or receiving of a data message, this section does not apply to the legal consequences that arise from the data message or from the acknowledgement of its receipt.
21. Variation of conditions or requirements by agreement
Sections 16, 17, 18, 19 or 20 may be varied by an agreement made between the parties involved in generating, sending, storing or processing a data message.
Part III – E-Government services
22. Electronic filing and issuing of documents
Where a law provides that a public body may—(a)accept the filing of a document or requires that a document be created or retained;(b)issue a permit, licence or an approval; or(c)provide for the making of a payment,the public body may,(i)accept the document to be filed, created or retained in the form of a data message;(ii)issue the permit, licence or approval in electronic form; or(iii)make or receive payment by electronic means.
23. Specific requirements by public body
(1)A public body may for the purposes of section 22 by notice in the Gazette, specify—(a)the manner and format in which the data message shall be filed, created or retained;(b)the manner and format in which the permit, licence or approval shall be issued;(c)where the data message has to be signed, the type of electronic signature required;(d)the manner and format in which the electronic signature shall be attached to or incorporated into the data message;(e)the criteria that shall be met by an authentication service provider used by the person filing the data message or that the authentication service provider shall be a preferred authentication service provider;(f)the appropriate control process and the procedure to ensure adequate integrity, security and confidentiality of a data messages or a payment; and(g)any other requirements in respect of the data message or payment.(2)For the purposes of subsection (1) (e) a relevant generic service provider shall be a preferred authentication service provider.
Part IV – Consumer protection
24. Information to be provided by suppliers or sellers
25. Cancelling electronic transaction after receipt of goods or services
(1)Subject to sub section (2), a consumer may cancel an electronic transaction and any related credit agreement for the supply of goods or services—(a)within seven days after the date of receipt of the goods or services; or(b)within seven days after the date of conclusion of the agreement.(2)A consumer who returns goods after cancelling an electronic transaction under subsection (1) shall not be charged for the returning of the goods other than the direct cost of returning the goods(3)Where payment for the goods or services has been effected before a consumer exercises the right to cancel the transaction under subsection (1), the consumer is entitled to a full refund of money paid within thirty days of the date of the cancellation.(4)This section shall not be construed as prejudicing the rights of a consumer which are provided for in any other law.
26. Unsolicited goods, services or communications
(1)A person who sends an unsolicited commercial communication to a consumer, shall provide—(a)it at no cost;(b)the consumer with the option to cancel his or her subscription to the mailing list of that person at no cost.(2)A person who contravenes subsection (1) commits an offence and is liable, on conviction to a fine not exceeding seventy two currency points or to imprisonment not exceeding three years or both.(3)A person who sends an unsolicited commercial communication to a person who has advised the sender that he or she should not send the communication, commits an offence and is liable on conviction, to a fine not exceeding one hundred and twenty currency points or imprisonment not exceeding five years or both.
27. Performance of electronic transaction
(1)Where a person makes an order for goods or services by electronic means, unless otherwise agreed by the parties, the supplier shall execute the order within thirty days.(2)Where the supplier fails to execute the order within thirty days or within the agreed period, the consumer may cancel the order after giving written notice of seven days.(3)Where the supplier is not able to supply the goods or services, on the ground that the goods or services ordered are not available, he or she shall notify the consumer before the expiry of the agreed time and refund any payment made in respect of the goods or services within thirty days.
28. Invalidity of provisions excluding consumer rights
A provision in an agreement, which excludes any rights provided for in this Part, is void.
Part V – Limitation of liability of service providers
29. Liability of a service provider
(1)A service provider shall not be subject to civil or criminal liability in respect of third-party material which is in the form of electronic records to which he or she merely provides access if the liability is founded on—(a)the making, publication, dissemination or distribution of the material or a statement made in the material; or(b)the infringement of any rights subsisting in or in relation to the material.(2)This section shall not affect—(a)an obligation in a contract;(b)the obligation of a network service provider under a licencing or regulatory framework which is established by law; or(c)an obligation which is imposed by law or a court to remove, block or deny access to any material.(3)For the purposes of this section, provides access, in relation to third-party material, means providing the necessary technical means by which third-party material may be accessed and includes the automatic and temporary storage of the third-party material for the purpose of providing access.
30. Information location tools
Where a service provider refers or links users to a data message containing an infringing data message or infringing activity, the service provider is not liable for damage incurred by the user if the service provider—(a)does not have actual knowledge that the data message or an activity relating to the data message is infringing the rights of the user;(b)is not aware of the facts or circumstances from which the infringing activity or the infringing nature of the data message is apparent;(c)does not receive a financial benefit directly attributable to the infringing activity; or(d)removes or disables access to the reference or link to the data message or activity within a reasonable time after being informed that the data message or the activity relating to the data message infringes the rights of the user.
31. Notification of infringing data message or activity
(1)A person who complains that a data message or an activity relating to the data message is unlawful shall notify the service provider or his or her designated agent in writing and the notification shall include—(a)the full name and address of the person complaining;(b)the written or electronic signature of the person complaining;(c)the right that has allegedly been infringed;(d)a description of the material or activity which is alleged to be the subject of infringing activity;(e)the remedial action required to be taken by the service provider in respect of the complaint;(f)telephone and electronic contact details of the person complaining;(g)a declaration that the person complaining is acting in good faith; and(h)a declaration that the information in the notification is correct to his or her knowledge.(2)A person who knowingly makes a false statement on the notification in subsection(1) is liable to the service provider for the loss or damage suffered by the service provider.
32. Service provider not obliged to monitor data
(1)For the purposes of complying with this Part, a service provider is not obliged to—(a)monitor the data which the service provider transmits or stores; or(b)actively seek for facts or circumstances indicating an unlawful activity,(2)The Minister in consultation with the National Information Technology Authority—Uganda may by statutory instrument, prescribe the procedure for service providers to—(a)inform the competent public authorities of any alleged illegal activities undertaken or information provided by recipients of their service; and(b)communicate information enabling the identification of a recipient of the service provided by the service provider, at the request of a competent authority
33. Territorial jurisdiction
(1)Subject to subsection (2), this Act shall have effect, in relation to any person, whatever his or her nationality or citizenship and whether he or she is outside or within Uganda.(2)Where an offence under this Act, is committed by any person in any place outside Uganda, he or she may be dealt with as if the offence had been committed within Uganda.
34. Jurisdiction of courts
A court presided over by the Chief Magistrate or Magistrate Grade 1 has jurisdiction to hear and determine all offences in this Act and, notwithstanding anything to the contrary in any written law, has power to impose the penalty or punishment in respect of any offence under this Act.
The Minister may, by statutory instrument make regulations for any—(a)matter which is required to be prescribed;(b)administrative or procedural matter which is necessary to give effect to this Act; or(c)matter which is necessary and expedient to give effect to this Act.
36. Power of the Minister to amend Schedule
The Minister in consultation with the National Information Technology Authority- Uganda may, by statutory instrument, with the approval of Cabinet amend the Schedules.