ELECTRONIC COMMERCE [ CAP. 426.  1
CHAPTER 426
ELECTRONIC COMMERCE ACT
AN ACT to provide in relation to electronic commerce and to provide
for matters connected therewith or ancillary thereto.
10th May, 2002
ACT III of 2001, as amended by Act XXVII of 2002.
P A R T  I 
P R E L I M I N A R Y
Short title.
Interpretation.
Amended by:
XXVII. 2002.59.
2. In this Act, unless the context otherwise requires - 
"addressee" in relation to an electronic communication means a
person who is intended by the originator to receive the electronic
communication, but does not include a person acting as a service
provider with respect to the processing, receiving or storing of that
electronic communication or providing other services with respect
to it;
"advanced electronic signature" means an electronic signature
which meets the following requirements:
( a ) it is uniquely linked to the signatory;
( b ) it is capable of identifying the signatory;
( c ) it is created using means that the signatory can
maintain under his sole control; and
( d ) it is linked to the data to which it relates in such a
manner that any subsequent change of the data is
detectable;
"certificate" means an electronic attestation, which links
signature verification data to a person and confirms the identity of
that person;
"competent authority" means the authority so designated in terms
of article 17;
"consumer" means any natural person who is acting for purposes
which are outside his trade, business or profession;
"data" means a representation of information, knowledge, facts,
concepts or instructions that has been prepared or is being prepared
in any manner and has been processed, is being processed or is
intended to be processed in an information system, a computer
system or a computer network. Data may be in any form or derived
from any device or source, including computer memory, computer
printouts, any storage media, electronic or otherwise and punched
cards;
"data storage device" means any thing, including a disk, from
which data and information is capable of being reproduced with or
without the aid of any thing or device;
"electronic communication" means information generated,
2 [ CAP. 426. ELECTRONIC COMMERCE
communicated, processed, sent, received, recorded, stored or
displayed by electronic means;
"electronic contract" means a contract concluded wholly or
partly by electronic communications or wholly or partly in an
electronic form;
"electronic signature" means data in electronic form which are
attached to, incorporated in or logically associated with other
electronic data and which serve as a method of authentication;
"information" includes information in the form of data, text,
images, sound or speech;
"information society service" means any service which is
provided at a distance, by electronic means and at the individual
request of a recipient of the service, whether such service is
provided for consideration or not, and for the purposes of this
definition:
( a ) "at a distance" means that the service is provided
without the parties being simultaneously present;
( b ) "by electronic means" means that the service is sent
initially and received at its destination by means of
electronic equipment for the processing (including
digital compression) and storage of data, and entirely
transmitted, conveyed and received by wire, by radio,
by optical means or by any electromagnetic means;
( c ) "at the individual request of a recipient of the service"
means that the service is provided through the
transmission of data on individual request;
"information system" means a system for generating, sending,
receiving, recording, storing or otherwise processing electronic
communications;
"information technology requirements" includes software,
network and data storage requirements;
"Minister" means the Minister responsible for communications;
"originator" in relation to an electronic communication means
the person by whom, or on whose behalf, the electronic
communication purports to have been sent or generated prior to
storage, if any, but does not include a person acting as a service
provider with respect to the generating, processing, sending or
storing of that electronic communication or providing other
services with respect to it;
"place of business" in relation to a government, an authority of a
government, a public body, a charitable, philanthropic or similar
institution means a place where any operations or activities are
carried out by that government, authority, body or institution;
"prescribed" means prescribed by regulations made by the
Minister in accordance with the provisions of this Act;
"qualified certificate" means a certificate which meets the
requirements established by or under this Act and is provided by a
signature certification service provider who fulfils the requirements
ELECTRONIC COMMERCE [ CAP. 426.  3
established by or under this Act;
"recipient" means any person who uses an information society
service for the purposes of seeking information or making it
accessible;
"signature certification service provider" means a person who
issues certificates or provides other services related to electronic
signatures;
"secure signature creation device" means a signature creation
device which meets the requirements laid down in the Fourth
Schedule to this Act;
"signature verification data" means data, such as codes or private
cryptographic keys, which are used for the purpose of verifying an
electronic signature;
"signature verification device" means configured software or
hardware used to implement the signature verification data;
"transaction" includes a transaction of a non-commercial nature;
"voluntary accreditation" means any permission, setting out
rights and obligations specific to the provision of signature
certification services, to be granted upon request by the signature
certification service provider concerned, by the public or private
body charged with the elaboration of, and supervision of
compliance with, such rights and obligations, where the signature
certification service provider is not entitled to exercise the rights
stemming from the permission until it has received the decision by
the body.
PART II
APPLICATION OF LEGAL REQUIREMENTS TO 
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS
Validity of 
electronic 
transactions.
3. For the purposes of any law in Malta and subject to the
other provisions of this Act, a transaction is not deemed to be
invalid merely because it took place wholly or partly by means of
one or more electronic communications.
Excluded laws.
5 to 15 shall not apply to -
( a ) the law governing the creation, execution, amendment,
variation or revocation of -
(i) a will or any other testamentary instrument;
(ii) a trust; or
(iii) a power of attorney;
( b ) any law governing the manner in which rights over
immovable property other than leases may be created,
acquired, disposed of or registered;
( c ) any law governing the making of an affidavit or a
solemn declaration, or requiring or permitting the use
of one for any purpose;
( d ) any provision of the law of persons;
4 [ CAP. 426. ELECTRONIC COMMERCE
( e ) the rules, practices or procedures of a court or tribunal;
( f ) any law relating to the imposition, collection or
recovery of taxation and other Government imposts,
including fees, fines and penalties;
( g ) any law relating to contracts of suretyship and
collateral security furnished by persons for the purpose
of their trade, business or profession; or
( h ) any law relating to the giving of evidence in criminal
proceedings.
(2) Where the Minister is of the opinion that -
( a ) technology has advanced to such an extent, and access
to it is so widely available, or
( b ) adequate procedures and practices have developed in
public registration or other services, so as to warrant
such action, or
( c ) the public interest so requires,
he may, after consultation with the Minister as in the Minister’s
opinion has sufficient interest or responsibility in relation to the
matter, by Order in the Gazette extend the application of this Act or
a provision of this Act to or in relation to a matter specified in
subarticle (1) above, including the applicability to a particular area
or subject, or for a particular time, for the purposes of a trial of the
technology and procedures, subject to such conditions as he thinks
fit.
Requirement or 
permission to give 
information in 
writing.
Amended by:
XXVII. 2002.59.
5. (1) If under any law in Malta a person is required or
permitted to give information in writing, that requirement shall be
deemed to have been satisfied if the person gives the information
by means of an electronic communication:
Provided that -
( a ) at the time the information was given, it was
reasonable to expect that the information would be
readily accessible so as to be useable for subsequent
reference; and
( b ) if the information is required to be given to a person,
or to another person on his behalf, and the first
mentioned person requires that the information be
given in accordance with particular information
technology requirements, by means of a particular
kind of electronic communication, that person’s
requirement has been met; and
( c ) if the information is required to be given to a person who
is neither a public body nor to a person acting on behalf
of a public body, then the person to whom the
information is required or permitted to be given, consents
to the information being given by means of an electronic
communication;
( d ) if the information is required to be given to a person,
or to another person on his behalf, and the first
mentioned person requires that a particular action be
ELECTRONIC COMMERCE [ CAP. 426.  5
taken by way of verifying the receipt of the
information, that person’s requirement has been met.
(2) For the purposes of this article, giving information
includes, but is not limited to, the following:
( a ) making an application;
( b ) making or lodging a claim;
( c ) giving, sending or serving a notification;
( d ) lodging a return;
( e ) making a request;
( f ) making a declaration;
( g ) lodging or issuing a certificate;
( h ) lodging an objection; and
( i ) making a statement.
(3) For the purposes of this article, a requirement or
permission in relation to a person to give information shall extend
to and shall be equally applicable to the requirement or information
which is stated to be sent, filed, submitted, served or otherwise
transmitted and includes similar or cognate expressions, thereof.
Signature.
required, such requirement is deemed to have been satisfied if such
signature is an electronic signature and such signature shall not be
denied legal effectiveness on the grounds that it is:
( a ) in electronic form; or
( b ) not based upon a qualified certificate; or
( c ) not based upon a qualified certificate issued by an
accredited signature certification service provider; or
( d ) not created by a secure signature creation device:
Provided that if the electronic signature is in the form of an
advanced electronic signature, which is based on a qualified
certificate and is created by a secure creation device, it shall for all
intents and purposes of law be presumed to be the signature of the
signatory.
Requirement or 
permission for 
production of 
document and 
integrity.
Amended by:
XXVII. 2002.59.
7. (1) Unless otherwise provided by or under this Act, if
under any law in Malta, a person is required to produce a document
that is in the form of a paper, or of any other substance or material,
that requirement is deemed to have been satisfied if the person
produces, by means of an electronic communication, an electronic
form of that document:
Provided that:
( a ) having regard to all the relevant circumstances at the
time of the communication, the method of generating
the electronic form of the document provided a
reliable means of assuring the maintenance of the
integrity of the information contained in the document;
( b ) at the time the communication was sent, it was
reasonable to expect that the information contained in
6 [ CAP. 426. ELECTRONIC COMMERCE
the electronic form of the document would be readily
accessible so as to be useable for subsequent
reference;
( c ) if the document is required to be produced to a person
who is neither a public body nor to a person acting on
behalf of a public body, then the person to whom the
document is required to be produced, consents to the
production by means of an electronic communication of
an electronic form of the document;
( d ) if the document is required to be given to a person, or
to another person on his behalf, and the first
mentioned person requires that an electronic form of
the document be given, in accordance with particular
information technology requirements, by means of a
particular kind of electronic communication, the
person’s requirement is satisfied; and
( e ) if the document is required to be given to a person, or
to another person on his behalf, and the first
mentioned person requires that a particular action be
taken by way of verifying the receipt of the
information, the person’s requirement is satisfied.
(2) For the purposes of this article, the integrity of information
contained in a document is only maintained if the information
remains complete and unaltered, save for -
( a ) the addition of any endorsement; or
( b ) any change not being a change to the information,
which is necessary in the normal course of
communication, storage or display.
(3) For the purposes of subarticles (1) and (2) and of article 8,
the production by means of an electronic communication of an
electronic form of a document or the generation of an electronic
form of a document shall not give rise to any liability for
infringement of the copyright in a work or other subject matter
embodied in the document.
Retention of 
information, 
documents and 
communications.
8. (1) If under any law in Malta, a person is required to
record information in writing, that requirement is deemed to have
been satisfied if the person records the information in electronic
form:
Provided that such information in electronic form is readily
accessible so as to be useable for subsequent reference and it
complies with such regulations as may be prescribed.
(2) If under any law in Malta, a person is required to retain, for
a particular period, a document that is in the form of a paper or of
any other substance or material, that requirement is deemed to have
been satisfied if the person retains an electronic form of the
document throughout that period:
Provided that if -
( a ) having regard to all the relevant circumstances at the
time of the generation of the electronic form of the
ELECTRONIC COMMERCE [ CAP. 426.  7
document, the method of generating the electronic
form of the document, provided a reliable means of
assuring the maintenance of the integrity of the
information contained in that document; and
( b ) at the time of the generation of the electronic form of
the document, it was reasonable to expect that the
information contained in the electronic form of the
document would be readily accessible so as to be
useable for subsequent reference; and
( c ) it complies with such regulations as may be
prescribed.
(3) For the purpose of subarticle (2), the integrity of
information contained in a document is only maintained if the
information has remained complete and unaltered, save for-
( a ) the addition of any endorsement; or
( b ) any change not being a change to the information,
which is necessary in the normal course of
communication, storage or display.
(4) If under any law in Malta, a person is required to retain, for
a particular period, information that was the subject of an
electronic communication, that requirement is deemed to have been
satisfied if that person retains, or causes another person to retain, in
electronic form, that -
( a ) at the time of commencement of the retention of the
information, it was reasonable to expect that the
information would be readily accessible so as to be
useable for subsequent reference; and
( b ) having regard to all the relevant circumstances, at the
time of commencement of the retention of the
information, the method of retaining the information in
electronic form provided a reliable means of assuring
the maintenance of the integrity of the information
contained in the electronic communication; and
( c ) throughout that period that person also retains, or
causes another person to retain, in electronic form,
such additional information obtained as is sufficient to
enable the identification of the following:
(i) the origin of the electronic communication;
(ii) the destination of the electronic communication;
(iii) the time when the electronic communication was
sent;
(iv) the time when the electronic communication was
received; and
( d ) at the time of commencement of the retention of the
additional information specified in paragraph ( c ) it
was reasonable to expect that the additional
information would be readily accessible so as to be
useable for subsequent reference; and
( e ) it complies with such regulations as may be
8 [ CAP. 426. ELECTRONIC COMMERCE
prescribed.
(5) For the purposes of subarticle (4), the integrity of the
information which is the subject of an electronic communication is
only maintained if the information remains complete and unaltered,
save for -
( a ) the addition of any endorsement; or
( b ) any change not being a change to the information,
which arises in the normal course of communication,
storage or display.
PART III
ELECTRONIC CONTRACTS
Electronic 
contract.
9. (1) An electronic contract shall not be denied legal effect,
validity or enforceability solely on the grounds that it is wholly or
partly in electronic form or has been entered into wholly or partly
by way of electronic communications or otherwise.
(2) For the purposes of any law relating to contracts, an offer,
an acceptance of an offer and any related communication, including
any subsequent amendment, cancellation or revocation of the offer,
the acceptance of the contract may, unless otherwise agreed by the
contracting parties, be communicated by means of electronic
communications.
Formation of 
electronic contract.
10. (1) Unless otherwise agreed by parties who are not
consumers, where the addressee of an electronic communication is
required to give his consent through technological means:
( a ) in accepting the originator’s offer, an electronic
contract is concluded when the addressee has received
from the originator, electronically, an
acknowledgement of receipt of the addressee’s
consent; and
( b ) for the purposes of paragraph ( a ), an
acknowledgement of receipt is deemed to have been
received when the addressee is able to access it.
(2) Unless otherwise agreed by parties who are not consumers,
the originator shall provide the addressee with effective and
accessible means to identify and correct handling errors and
accidental transactions prior to the conclusion of the contract. 
(3) The provisions of subarticle (1)( a ) and of subarticle (2)
above shall not apply to contracts concluded exclusively by
electronic mail or by any other similar technological means.
Information 
requirements 
relating to 
electronic contract.
11. Unless otherwise agreed by parties who are not consumers,
and without prejudice to any consumer rights under the provisions
of any other law, the originator shall provide information in clear,
comprehensive and unambiguous terms regarding the matters set
out in the First Schedule to the Act. Such information shall be
provided prior to the placement of the order by the addressee.
ELECTRONIC COMMERCE [ CAP. 426.  9
PART IV
TRANSMISSION OF ELECTRONIC COMMUNICATIONS
Time of dispatch.
information system outside of the control of the originator, then,
save as otherwise agreed between the originator and the addressee
of the electronic communication, the dispatch of the electronic
communication occurs at the time when it enters the information
system.
(2) If an electronic communication enters successively two or
more information systems outside of the control of the originator,
then, unless otherwise agreed between the originator and the
addressee of the electronic communication, the dispatch of the
electronic communication occurs when it enters the first of those
information systems.
Time of receipt.
designated an information system for the purpose of receiving
electronic communications, then, save as otherwise agreed between
the originator and the addressee of the electronic communication,
the time of receipt of the electronic communication is the time
when the electronic communication enters the information system.
(2) If the addressee of an electronic communication has not
designated an information system for the purpose of receiving
electronic communications, then, save as otherwise agreed between
the originator and the addressee of the electronic communication,
the time of receipt of the electronic communication is the time
when the electronic communication comes to the attention of the
addressee.
Place of dispatch 
and receipt.
14. (1) Save as may be otherwise agreed between the
originator and the addressee of an electronic communication -
( a ) the electronic communication is deemed to have been
dispatched at the place where the originator has his
place of business; and
( b ) the electronic communication is deemed to have been
received at the place where the addressee has his place
of business.
(2) For the purposes of the subarticle (1) -
( a ) if the originator or the addressee has more than one
place of business, and one of those places has a closer
relationship to the underlying transaction, that place of
business shall be deemed to be the originator’s or the
addressee’s place of business; and
( b ) if the originator or the addressee has more than one
place of business, but paragraph ( a ) does not apply, the
originator’s or the addressee’s principal place of
business shall be deemed to be the originator’s or the
addressee’s place of business; and
( c ) if the originator or addressee does not have a place of
business, the originator’s or the addressee’s place of
10 [ CAP. 426. ELECTRONIC COMMERCE
business shall be deemed to be the originator’s or
addressee’s ordinary residence.
Attribution of 
electronic 
communication.
15. (1) Save as otherwise agreed between the originator and
the addressee of an electronic communication, the originator of an
electronic communication is bound by that communication only if
the communication was sent by him or under his authority.
(2) Nothing in subarticle (1) shall affect the operation of any
law that makes provision for-
( a ) the conduct engaged by a person within the scope of
the person’s actual or apparent authority to be
attributed to another person; or
( b ) a person to be bound by conduct engaged in by another
person within the scope of the other person’s actual or
apparent authority.
(3) An electronic communication between an originator and an
addressee shall be deemed to be of the originator if it was sent by
an information system programmed to operate automatically by or
on behalf of the originator.
(4) An addressee shall have the right to consider each
electronic communication received by him as a separate electronic
communication and to act on that assumption, except to the extent
that such communication is a duplicate of another electronic
communication and the addressee knew or should have known, had
he exercised reasonable care or used any agreed procedure, that the
electronic communication was a duplicate.
PART V
PROVISION OF SIGNATURE CERTIFICATION SERVICES
Accreditation of 
signature 
certification 
service providers.
16. (1) The provision of signature certification services or
services otherwise related to electronic signatures shall not be
subject to prior authorisation.
(2) Without prejudice to the generality of subarticle (1) the
Minister may by regulations, introduce and maintain a voluntary
accreditation scheme aiming at enhanced levels of signature
certification service provision and may designate accreditation
authorities and may also make regulations on any other matter
relating to such designation as the Minister may deem necessary.
Supervision of 
signature 
certification 
service providers 
that issue qualified 
certificates.
17. (1) The Minister shall by Order designate a competent
authority for the supervision of signature certification service
providers established in Malta which issue qualified certificates to
the public.
(2) The Minister may prescribe on any of the following
matters -
( a ) the powers and functions of the competent authority;
( b ) any other matter relating to the competent authority
which may appear to the Minister to be necessary or
desirable.
ELECTRONIC COMMERCE [ CAP. 426.  11
Liability of 
signature 
certification 
service providers.
18. (1) Signature certification service providers who issue a
certificate as a qualified certificate to the public or who guarantee
such certificate shall be liable for any damage caused to any person
who reasonably relies on such certificate.
(2) It shall be the duty of the signature certification service
provider who issues a certificate as a qualified certificate to the
public or who guarantees such certificate to reasonably assure -
( a ) the accuracy of all information in the qualified
certificate as of the time of issue and that the
certificate contains all the details prescribed in relation
to a qualified certificate;
( b ) that at the time of the issue of the certificate, the
signatory identified in the qualified certificate held the
signature creation device corresponding to the
signature verification device given or identified in the
certificate;
( c ) that the signature creation device and the signature
verification device act together in a complementary
manner, in cases where the signature certification
service provider generates the two.
(3) A signature certification service provider who has issued a
certificate as a qualified certificate to the public or who has
guaranteed such certificate is liable for damage caused to any
person who reasonably relies on the certificate for failure to
register or publish revocation or suspension of the certificate unless
the signature certification service provider proves he has not acted
negligently.
(4) A signature certification service provider who issues a
certificate as a qualified certificate to the public or who guarantees
such certificate may indicate in the qualified certificate limits on
the uses of that certificate:
Provided that the limits are clear and readily identifiable as
limitations, the signature certification service provider shall not be
liable for damages arising from a contrary use of a qualified
certificate which includes limits on its user.
(5) A signature certification service provider who issues a
certificate as a qualified certificate to the public or who guarantees
such certificate may indicate in the qualified certificate a limit on
the value of transactions for which the certificate can be used. Any
such indication must be clear and readily identifiable as a
limitation.
PART VI 
INTERMEDIARY SERVICE PROVIDERS
Mere conduit.
such service consists in the transmission, in a communication
network, of information provided by the recipient of the service, or
the provision of access to a communication network, the provider
of such a service shall not be liable, otherwise than under a
prohibitory injunction, for the information transmitted. Provided
12 [ CAP. 426. ELECTRONIC COMMERCE
that such provider:
( a ) does not initiate the transmission;
( b ) does not select the receiver of the transmission; and
( c ) does not select or modify the information contained in
the transmission.
(2) The acts of transmission and of the provision of access
referred to in subarticle (1) hereof, include the automatic
intermediate and transient storage of the information transmitted in
so far as this takes place for the sole purpose of carrying out the
transmission in the communication network, and provided that the
information is not stored for any period longer than is reasonably
necessary for the transmission.
Caching. 20. Where an information society service is provided, and such
service consists in the transmission, in a communication network,
of information provided by a recipient of the service, the provider
of that service shall not be liable for damages for the automatic,
intermediate and temporary storage of that information, performed
for the sole purpose of making more efficient the information’s
onward transmission to other recipients of the service upon their
request. 
Provided that:
( a ) the provider does not modify the information;
( b ) the provider complies with the conditions on access to
the information;
( c ) the provider complies with any conditions regulating
the updating of the information;
( d ) the provider does not interfere with the technology
used to obtain data on the use of the information; and
( e ) the provider acts expeditiously to remove or to bar
access to the information upon obtaining actual
knowledge of any of the following:
(i) the information at the initial source of the
transmission has been removed from the
network;
(ii) access to it has been barred;
(iii) the Court or other competent authority has
ordered such removal or barring.
Hosting. 21. (1) Where an information society service is provided, and
such service consists in the storage of information provided by a
recipient of the service, the provider of that service shall not be
liable for damages for the information stored at the request of a
recipient of the service. 
Provided that:
( a ) the provider does not have actual knowledge that the
activity is illegal and is not aware of facts or
circumstances from which illegal activity is apparent;
or
ELECTRONIC COMMERCE [ CAP. 426.  13
( b ) the provider, upon obtaining such knowledge or
awareness, acts expeditiously to remove or to disable
access to the information.
(2) Subarticle (1) shall not apply when the recipient of the
service is acting under the authority or the control of the provider
of the service.
Obligations of 
intermediary 
service providers.
22. Information society service providers shall promptly
inform the public authorities competent in the matter of any alleged
illegal activity undertaken or information provided by recipients of
their service and shall grant to any such authority upon request
information enabling the identification of recipients of their service
with whom they have storage agreements:
Provided that nothing in this Part of the Act shall be
interpreted as imposing an obligation on information society
service providers to monitor the information which they transmit or
store or to actively seek facts or circumstances indicating illegal
activity in connection with the activities described in articles 19 to
21.
PART VII
GENERAL
Prohibition on 
misuse of 
electronic 
signatures, 
signature creation 
devices, 
certificates and 
fraud.
23. (1) No person shall access, copy or otherwise obtain
possession of or recreate the signature creation device of another
person without authorisation, for the purpose of creating, or
allowing or causing another person to create an unauthorised
electronic signature using such signature device.
(2) No person shall alter, disclose or use the signature creation
device of another person without authorisation, or in excess of
lawful authorisation, for the purpose of creating or allowing or
causing another person to create an unauthorised electronic
signature using such signature creation device.
(3) No person shall create, publish, alter or otherwise use a
certificate or an electronic signature for any fraudulent or other
unlawful purpose.
(4) No person shall misrepresent his identity or authorisation
in requesting or accepting a certificate or in requesting suspension
or revocation of a certification.
(5) No person shall access, alter, disclose or use the signature
creation device of a signature certification service provider used to
issue certificates without the authorisation of the signature
certification service provider, or in excess of lawful authorisation,
for the purpose of creating, or allowing or causing another person
to create, an unauthorised electronic signature using such signature
creation device.
(6) No person shall publish a certificate, or otherwise
knowingly make it available to anyone likely to rely on the
certificate or on an electronic signature that is verifiable with
reference to data such as codes, passwords, algorithms, public
cryptographic keys or other data which are used for the purposes of
14 [ CAP. 426. ELECTRONIC COMMERCE
verifying an electronic signature, listed in the certificate, if such
person knows that -
( a ) the signature certification service provider listed in the
certificate has not issued it; or
( b ) the subscriber listed in the certificate has not accepted
it; or
( c ) the certificate has been revoked or suspended, unless
such publication is for the purpose of verifying an
electronic signature created prior to such revocation or
suspension, or giving notice of revocation or
suspension.
(7) No person shall use cryptographic or other similar
techniques for any illegal purpose.
Offences and 
penalties.
24. Any person contravening any of the provisions of this Act
or of any regulations made thereunder shall be guilty of an offence
and shall, on conviction, be liable to a fine ( multa ) not exceeding
one hundred thousand liri or to imprisonment not exceeding six
months, or to both such fine and imprisonment, and in the case of a
continuous offence to a fine not exceeding one thousand liri for
each day during which the offence continues.
Power to make 
regulations,
25. (1) The Minister may make regulations to provide for any
matter related to electronic commerce in order to give fuller effect
to the provisions of this Act, and in particular, but without
prejudice to the generality of the aforesaid, such regulations may
provide for -
( a ) any derogation from or restriction in relation to any
cross-border transaction where this is necessary for
one of the following reasons -
(i) public policy, in particular the protection of
minors, or the fight against any incitement to
hatred on grounds of race, sex, religion, political
opinion or nationality;
(ii) the protection of public health;
(iii) public security;
(iv) consumer protection;
( b ) identifying:
(i) transactions;
(ii) requirements or permissions to give information
in writing;
(iii) requirements or permissions to produce
documents;
(iv) requirements to retain information, documents
and communications;
(v) signatures;
that may be exempt from any provision of this Act;
( c ) additional requirements for the use of signatures in
electronic communications in the public sector;
ELECTRONIC COMMERCE [ CAP. 426.  15
( d ) the recognition of signature certification service
providers who had they been operating in Malta would
have satisfied the requirements set out for such
providers;
( e ) any matter relating to commercial communications,
including, but not limited to matters relating to:-
(i) information to be provided in commercial
communications;
(ii) unsolicited commercial communications;
(iii) commercial communications by regulated
professions;
( f ) the authorisation to the competent authority to impose
administrative fines or sanctions on any person acting
in contravention of any provision of this Act or of any
regulation made thereunder:
Provided that -
(i) any administrative fine provided for by
regulations made under this article shall not
exceed the amount of ten thousand liri for each
offence and one thousand liri for each day
during which failure to observe the provisions of
this Act or of any regulation made thereunder
persists;
(ii) administrative fines stipulated in paragraph (i)
of this proviso may be increased by regulation
up to a maximum of fifty thousand liri and five
thousand liri for each day during which any
contravention persists, respectively;
Cap. 12.
(iii) regulations made under this paragraph may
prescribe that any such administrative penalty or
sanction shall be due to the competent authority
as a civil debt constituting an executive title for
the purposes of Title VII of Part I of Book
Second of the Code of Organization and Civil
Procedure as if the payment of the amount of the
fine had been ordered by a judgement of a court
of civil jurisdiction;
(iv) such regulations may also prescribe any right of
appeal from decisions of the competent authority
to impose an administrative sanction;
( g ) procedures to be established for out of court schemes,
for the settlement of disputes arising in relation to
information society services including appropriate
electronic measures.
(2) The Minister may also by regulations amend the Schedules
to this Act and prescribe anything that may or is required to be
prescribed under this Act.
English text to 
prevail.
26. In the case of conflict between the Maltese and English
texts of this Act, the English text shall prevail.
16 [ CAP. 426. ELECTRONIC COMMERCE
FIRST SCHEDULE
(Article 11)
Information Requirements Relating to Electronic Contracts
(a) the name and address where the originator is established;
(b) the electronic-mail address where the originator can be contracted in a direct
manner;
(c) the registration number of the originator in any trade register or of any
professional body if applicable;
(d) where the activity of the originator is subject to an authorisation, the activities
covered by the authorisation granted to the originator and the particulars of the
authority providing such authorisation;
(e) the Value Added Tax (VAT) registration number of the originator where the
originator undertakes an activity that is subject to VAT;
(f) the different steps to follow to conclude the contract;
(g) a statement of whether the concluded contract will be filed by the originator and
whether it will be accessible.
SECOND SCHEDULE
(Article 2)
Requirements for Qualified Certificates
Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the signature certification service provider and the State in
which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant,
depending on the purpose for which the certificate is intended;
(e) signature-verification data which correspond to signature-creation data under
the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the
certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the signature certification service provider
issuing it;
(i) limitations on the scope of the use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if
applicable.
ELECTRONIC COMMERCE [ CAP. 426.  17
THIRD SCHEDULE
(Article 2)
Requirements for Signature Certification Service 
Providers Issuing Qualified Certificates
Signature Certification service providers must:
(a) demonstrate the reliability necessary for providing signature certification
services;
(b) ensure the operation of a prompt and secure directory and a secure and
immediate revocation service;
(c) ensure that the date and time when a certificate is issued or revoked can be
determined precisely;
(d) verify, by appropriate means in accordance with national law, the identity and,
if applicable, any specific attributes of the person to whom a qualified
certificate is issued;
(e) employ personnel who possess the expert knowledge, experience, and
qualifications necessary for the services provided, in particular competence at
managerial level, expertise in electronic signature technology and familiarity
with proper security procedures; they must also apply administrative and
management procedures which are adequate and correspond to recognised
standards;
(f) use trustworthy systems and products which are protected against modification
and ensure the technical and cryptographic security of the processes supported
by them;
(g) take measures against forgery of certificates, and, in cases where the signature
certification service provider generates signature-creation data, guarantee
confidentiality during the process of generating such data;
(h) maintain sufficient financial resources to operate in conformity with the
requirements laid down in the Act, in particular to bear the risk of liability for
damages, for example, by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an
appropriate period of time, in particular for the purpose of providing evidence
of certification for the purposes of legal proceedings. Such recording may be
done electronically;
(j) not store copy signature-creation data of the person to whom the signature
certification service provider provided key management services;
(k) before entering into a contractual relationship with a person seeking a
certificate to support his electronic signature, inform that person by a durable
means of communication of the precise terms and conditions regarding the use
of the certificate, including any limitations on its use, the existence of a
voluntary accreditation scheme and procedures for complains and dispute
settlement. Such information, which may be transmitted electronically, must be
in writing and in readily understandable language. Relevant parts of this
information must also be made available on request to third-parties relying on
the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that:
- only authorised persons can make entries and changes;
18 [ CAP. 426. ELECTRONIC COMMERCE
- information can be checked for authenticity;
- certificates are publicly available for retrieval in only those cases for
which the certificate-holder’s consent has been obtained; and
- any technical changes compromising these security requirements are
apparent to the operator.
FOURTH SCHEDULE
(Article 2)
Requirements for Secure Signature-Creation Devices
01. Secure signature creation devices must, by appropriate technical and procedural
means, ensure at the least that:
(a) the signature creation data used for signature generation can practically
occur only once, and that their secrecy is reasonably assured;
(b) the signature creation data used for signature generation cannot, with
reasonable assurance, be derived and the signature is protected against
forgery using currently available technology;
(c) the signature-creation-data used for signature generation can be reliably
protected by the legitimate signatory against the use of others.
02. Secure signature creation devices must not alter the data to be signed or prevent
such data from being presented to the signatory prior to the signature process.
