Malawi: Electronic Transactions and Cyber Security Act, 2016
The Electronic Transactions and Cyber Security Act of 2016 in Malawi covers a range of issues related to electronic transactions and cyber security. The Act regulates electronic transactions, electronic governance, and the protection of personal information. It also outlines offences related to cybercrime, including unauthorized access to computer systems and data, computer-related fraud, and the distribution of malicious software.
The law establishes a regulatory authority to oversee the implementation and enforcement of the Act and promote electronic transactions in Malawi. The Act also establishes a national computer emergency response team to respond to cybersecurity incidents.
Overall, the Electronic Transactions and Cyber Security Act aims to provide a legal framework for electronic transactions and promote the growth of e-commerce in Malawi while addressing the increasing risk of cybercrime in the country.
SECTION
PART I – PRELIMINARY PROVISIONS
1 – Short title and commencement
2 – Interpretation
3 – Objective of the Act
4 – Principles
5 – Implementation of this Act
PART II – ADMINISTRATION
6 – Establishment of the Malawi CERT
PART III – FORMATION AND VALIDITY OF ELECTRONIC TRANSACTIONS
7 – Recognition of electronic writing
8 – Electronic signature
9 – Equal treatment of digital signatures
10 – Conduct of a person relying on a digital signature
11 – Bearing legal consequences of relying on electronic signature
12 – Recognition of digital signature certificates and digital signatures
13 – Notarization, acknowledgement and certification
14 – Other requirements
15 – Determination of originality of an electronic message
16 – Admissibility and evidential weight of electronic messages
17 – Storage of electronic messages
18 – Secure electronic record
19 – Validity of a contract executed in electronic form
SECTION
20 – Time and place of dispatch and receipt of an electronic message
21 – Offer and acceptance
22 – Attribution of electronic messages to sender
23 – Acknowledgement of receipt of an electronic message
PART IV – LIABILITY OF ONLINE INTERMEDIARIES AND CONTENT EDITORS AND PROTECTION OF ONLINE USERS
24 – Freedom of communication and its limitations
25 – Liability of an intermediary service provider
26 – Liability for being a conduit
27 – Liability for caching services
28 – Liability for the supply of hosting services
29 – Saving of data
30 – Takedown notification
31 – Online content editors
32 – Right to reply
PART V – ELECTRONIC COMMERCE
33 – Information to be provided by supplier
34 – Formation of electronic contracts with consumers
35 – Cooling off period
36 – Performance of an electronic transaction
37 – Default in contract performance
38 – Review and cancellation of contract by a consumer
39 – Cancellation of payment
40 – Prohibition of misleading advertising
41 – Identification of advertisement content
42 – Unsolicited communication
43 – Scope of application of financial provisions
44 – Identity of a provider of financial or banking services
45 – Right of withdrawal from a contract
PART VI – SECURITY AND DIGITAL ECONOMY
46 – Use, supply, transfer, etc.
47 – Presumptions regarding digital signature certificates
48 – Unreliable digital signatures
49 – Reliance on digital signature and certificate
50 – Requirements to publish digital signature certificate
51 – The Authority to appoint a certification authority
52 – Encryption
53 – Trustworthy system
54 – Disclosure
55 – Issuing a digital signature certificate
56 – Representations upon issuance of a digital ignature certificate
57 – Suspension of a digital signature certificate
58 – Revocation of a digital signature certificate
59 – Revocation without a subscriber’s consent
60 – Notice of suspension of digital signature certificate
61 – Notification of revocation of a digital signature certificate
62 – Generating a key pair
63 – Accurate and complete representations
64 – Acceptance of a digital signature certificate
65 – Control of a private key
66 – Requesting for suspension or revocation
67 – Provision of encryption services
68 – Administrative sanctions
69 – Appointment of cyber inspectors
70 – Powers and functions of a cyber inspector
PART VII – DATA PROTECTION AND PRIVACY
71 – Processing of personal data
72 – Rights of a data subject
73 – Accuracy and completeness of information
74 – Security obligations
PART VIII – DOMAIN NAME AND MANAGEMENT
75 – Appointment of the Registrar of domain names
76 – Functions of the Registrar
77 – Recommendations relating to domain names
78 – Offence of administering domain name without authority
79 – Dispute resolution concerning domain names
PART IX – ELECTRONIC-GOVERNMENT TRANSACTIONS
80 – Requirement of electronic filing and issuing of documents
81 – Specific guidelines to public bodies
82 – Implementation of e-government
PART X – OFFENCES
83 – Search warrant
84 – Unauthorized access, interception or interference with data
85 – Child pornography
86 – Prohibition of cyber harassment
87 – Prohibition of offensive communication
88 – Prohibition of cyber stalking
89 – Prohibition of hacking, cracking and introduction of viruses
90 – Unlawfully disabling a computer system
91 – Prohibition of spamming
92 – Prohibition of illegal trade and commerce
93 – Attempting, aiding and abetting crimes
94 – Offences committed by legal persons
95 – General offence and penalty
PART XI – GENERAL PROVISIONS
96 – Lodging of complaints to the Authority
97 – Public education programmes
98 – Intermediary services providers’ levy
99 – Codes of conduct
100 – Act to prevail in case of inconsistency
101 – Administrative penalties
102 – Regulations
103 – Exemption orders
104 Transitional provision
