Table of Contents
Introduction to Electronic Transaction Act
The Electronic Transaction Act 2063 (2008) was officially published with the purpose of creating legal regulations pertaining to the authentication and regularization of electronic records.
Its significance is emphasized by the requirement to guarantee the validity, reliability, recognition, and integrity of all operations associated with electronic record generation, production, processing, storage, communication, and transmission.
Controlling and preventing unauthorized activities related to electronic records, including their illicit modification, is also addressed.
Provisions Relating to Electronic Record and Digital Signature
Authenticity of Electronic Record
As per the provisions of the Electronic Transaction Act, an electronic record can be verified by a subscriber through the utilization of their individual digital signature.
Utilizing a hash function and an asymmetric crypto system, the electronic record is transformed into another electronic record as part of the authentication procedure.
Using the subscriber’s public key, anyone is granted the authority to authenticate the electronic record.
Legal Recognition of Electronic Record
An electronic record will also have legal validity if it is maintained in compliance with the prescribed procedures if the law requires that information be kept in written or printed form.
Legal Validity of Electronic Signatures
In cases where certification via signatures is mandated by law, the legal validity of a digital signature can be maintained by adhering to the prescribed procedures.
Any matter, document, record, or information that requires certification by affixing a signature or a document to be signed by an individual; provided that the requisite procedures are followed and said information, documents, records, or matters are certified using a digital signature.
Protection of Digital Records
The electronic preservation of said document, record, or information is contingent upon the fulfillment of the following conditions:
- It is necessary to maintain the electronic information, document, or record in a state that is easily accessible, enabling future retrieval for reference purposes.
- The electronic content mentioned above must be maintained in a secure manner and be in a format that allows for dependable reproduction, reproducing it exactly as it was generated, transmitted, or received.
- Information that allows for the identification of the electronic record’s source, destination, transmission, or the date and time of its reception should be preserved.
Secured Electronic Record and Digital Signature
When applicable law mandates the submission or preservation of any record in its primary or original form, or mandates secure retention, electronic records can satisfy these requirements, and submission is deemed to have occurred under the following specified conditions:
- A prescribed premise, supported by belief, must exist to ensure that the electronic record has not been modified since its inception.
- The record’s nature should allow for its submission to any designated individual, plainly demonstrating the document to the person to whom it is obligated to be presented.
Provisions Concerning the Transmission and Reception of Electronic Records
Attribution of the Electronic Record to the Originator
Under the subsequent circumstances, electronic records must be ascribed to the originator:
- If an electronic record was transmitted by the originator, that record is ascribed to the originator.
- The electronic record is attributed to the originator if it was transmitted by an individual who is authorized to act on their behalf.
An electronic record that is transmitted via an information system that has been programmed to operate automatically by the originator or on their behalf is assigned the originator’s attribution.
The addressee is obligated to presume that the electronic record is attributed to a specific addressee if any of the conditions for an electronic record are met. Consequently, the addressee is authorized to take appropriate action in response to the electronic record.
Protocol for the Confirmation and Acceptance of an Electronic Document
When the originator and addressee have an existing agreement, when the originator requests the addressee to transmit the acknowledgment or receipt of an electronic record either at the time of or prior to dispatch.
The stipulated terms by the originator are as follows:
- In the event that the originator restricts the enforceability of an electronic record to the addressee’s acknowledgment, said acknowledgment is of the utmost importance.
- In the absence of the specified acknowledgment, it is automatic that the originator has not transmitted the electronic record.
License associated with the Certifying Authority and Controller
Permit to be Acquired
Without first obtaining a license as mandated by this Act, no person shall perform or assist in the operations of a certifying authority. It specifies the procedural requirements for obtaining a license to function as a Certifying Authority, as well as the application process.
Submission of an Application for a License
In order to qualify for the position of Certifying Authority, an individual is required to submit a carefully constructed application to the controller. The application must adhere to a designated format and be accompanied by the charge as prescribed in the Company. The applicant is required to include the following documents with their application:
- Specifications pertaining to certification.
- Proof of identification and verification of the applicant.
- Statements outlining the applicant’s financial, human, and other essential resources.
- Any other documents as prescribed.
The applicant’s suitability for carrying out the duties and obligations of a Certifying Authority is thoroughly evaluated. In the absence of the requested supplementary documents and information, no further action shall be taken regarding the application.
Procedure for Granting of a License
The Controller is obligated to carefully evaluate the applicant’s qualifications, examine all pertinent documents and statements, and render a decision within the specified two-month timeframe after receiving an application in accordance with section 16.
The aforementioned assessment is contingent upon the applicant having access to the necessary facilities, including the prescribed financial, physical, and human resources. It is mandated that the applicant be issued a formal notice conveying the decision.
The Controller shall, in determining whether to grant the license, undertake an examination of the applicant’s facilities, financial, and physical assets. A license in accordance with the prescribed format shall be issued to the applicant if the Controller renders a favorable decision.
The license must contain explicit provisions regarding its validity period and the conditions and terms to which the licensee is obligated.
Period of License Renewal
The renewal of licenses acquired by Certifying Authorities is the subject matter. A Certifying Authority’s license must be renewed annually as is mandated by law. the renewal process requires the submission of an application to the Controller in the prescribed format, with a minimum notice of two months remaining until the expiration of the license’s validity period.
The prescribed renewal fee must be accompanied by this application. The completion of the prescribed procedures one month prior to the expiration date of the license’s validity constitutes this decision-making process.
License may be Suspended
Under particular conditions, the Controller retains the authority to suspend a Certifying Authority’s license.
Such suspension may take place if the documents or statements provided by the Certifying Authority are discovered to be incorrect or false, if the prescribed conditions for conducting business are not met, or if there is a breach of the Act or the Rules promulgated thereunder.
The suspension will persist until the investigation is fully concluded. Significantly, the Certifying Authority is granted a reasonable opportunity to present their defense prior to the occurrence of the suspension.
License may be revoked
The Controller has the authority to revoke a license if, following a properly conducted investigation, specific circumstances are discovered.
Failure of the Certifying Authority to comply with the legal obligations, submission of false or inaccurate documents, conduct detrimental to the public interest or national economy, or violation of the Act or Rules are some examples of these circumstances.
Prior to revocation, the Controller is obligated to afford the Certifying Authority a reasonable opportunity to present their defense.
Foreign Certifying Authority Recognition
The Controller may, subject to prescribed conditions and with the prior sanction of the Government of Nepal, recognize a Certifying Authority licensed under foreign law. In accordance with the Act or Rules, a foreign certifying authority that is duly recognized may issue certificates across Nepal.
Conclusion
A framework for the legal authentication and recognition of digital signatures and electronic records is established by the Electronic Transaction Act. When maintained in compliance with prescribed procedures, legal recognition is granted to electronic signatures and records.
Accessibility, reliable reproduction, and preservation of origin information are all contingent on the safety of electronic records. Before granting a license, the Controller evaluates the applicant’s resources, facilities, and qualifications; renewal, suspension, and revocation provisions are included.
With government sanction, the Controller may recognize foreign certifying authorities under the Act, thereby enabling them to issue certificates in Nepal.
Disclaimer: This article is for informational purposes only and shall not be construed as legal advice, advertisement, personal communication, solicitation or inducement of any sort from the firm or any of its members. The firm shall not be liable for consequences arising out of any action undertaken by any person relying on the information provided herein.