📄 Legal text
[ CAP. 426.
ELECTRONIC COMMERCE
1
CHAPTER 426
ELECTRONIC COMMERCE ACT
AN ACT to provide in relation to electronic commerce and to provide for
matters connected therewith or ancillary thereto.
10th May, 2002
ACT III of 2001, as amended by Acts XXVII of 2002, VII of 2004 and
XIII of 2005; Legal Notice 426 of 2007; and Acts XXX of 2007, XII of 2010,
XXXV of 2016 and XXXIII of 2021*, XVII of 2023 and I of 2024.
P ART I
P RELIMINARY
1.
The short title of this Act is the Electronic Commerce Act.
2.
In this Act, the definitions contained in Article 3 of the
Regulation shall apply and, unless the context otherwise requires "the Act" means the Electronic Commerce Act and includes,
unless the context otherwise requires, any regulations made
thereunder;
"addressee" in relation to an electronic communication means a
person who is intended by the service provider to receive the
electronic communication, but does not include a person acting as a
service provider with respect to the processing, receiving or storing
of that electronic communication or providing other services with
respect to it;
"certificate" means any one of the following:
(a) a certificate for electronic signature;
(b) a certificate for electronic seal; or
(c) a certificate for website authentication;
"certificate service provider" means the trust service provider that
issues certificates;
"commercial communication" means any form of communication
designed to promote directly or indirectly, the goods, services or image
of a company, organisation or person pursuing a commercial,
industrial or craft activity or exercising a regulated profession. The
following do not in themselves constitute commercial
communications:
(a) information allowing direct access to the activity of
the company, organisation or person, in particular the
domain name of an electronic mail address;
(b) communications relating to the goods, services or
image of the company, organisation or person
compiled in an independent manner, particularly when
this is without financial consideration;
"competent regulator" means any such public body as may be
*See commencement notice LN 296 of 2021.
Short title.
Interpretation.
Amended by:
XXVII. 2002.59;
XIII. 2005.73;
XXX. 2007.51, 52;
XII. 2010.79;
XXXV. 2016.2;
XVII.2023.43.
2
[ CAP. 426.
ELECTRONIC COMMERCE
designated by the Minister according to the Sixth Schedule to act as
the regulatory body tasked with ensuring compliance with this Act
and, or with the Regulation:
Provided that the Minister may amend such Schedule by
Order in the Gazette, and in doing so may provide for the exercise
of the regulatory powers of the regulatory body designated to act as
the competent regulator for the purposes of this Act:
Provided further that in doing so the Minister may
designate different public bodies to administer and enforce
different provisions of this Act and, or of the Regulation. In doing
so the Minister shall clearly establish the remit of each such public
body ensuring also that there is effective co-ordination between
such bodies;
"consumer" means any natural person who is acting for purposes
which are outside his trade, business or profession;
"coordinated field" means requirements applicable to
information society service providers or information society
services, regardless of whether they are of a general nature or
specifically designed for them, and covers requirements with which
the service provider has to comply in respect of:
(a) the taking up of the activity of an information society
service,
such
as
requirements
concerning
qualifications, authorisation or notification;
(b) the pursuit of the activity of an information society
service, such as requirements concerning the
behaviour of the service provider, requirements
regarding the quality or content of the service,
including those applicable to advertising and
contracts, or requirements concerning the liability of
the service provider,
but does not cover requirements such as those applicable to goods
as such, to the delivery of goods or to services not provided by
electronic means;
"cross-border infringement" means:
(a) an act or omission contrary to this Act and, or to the
Regulation which takes place in Malta and which
harms or is likely to harm the collective interests of
consumers residing in a Member State or in Member
States other than Malta; or
(b) an act or omission contrary to this Act and, or to the
Regulation by a seller or supplier who is established in
Malta and which harms or is likely to harm the
collective interests of consumers residing in a Member
State or in Member States other than Malta; or
(c) an act or omission contrary to this Act and, or to the
Regulation which takes place in Malta and which
harms or is likely to harm the collective interests of
consumers residing in a Member State or in Member
States other than Malta where the evidence or assets
ELECTRONIC COMMERCE
[ CAP. 426.
pertaining to the act or omission are to be found in
Malta;
"data" means a representation of information, knowledge, facts,
concepts or instructions that has been prepared or is being prepared
in any manner and has been processed, is being processed or is
intended to be processed in an information system, a computer
system or a computer network. Data may be in any form or derived
from any device or source, including computer memory, computer
printouts, any storage media, electronic or otherwise and punched
cards;
"data storage device" means any thing, including a disk, from
which data and information is capable of being reproduced with or
without the aid of any thing or device;
"electronic communication" means information generated,
communicated, processed, sent, received, recorded, stored or
displayed by electronic means;
"electronic contract" means a contract concluded wholly or
partly by electronic communications or wholly or partly in an
electronic form;
"Electronic Commerce Directive" means Directive 2000/31/EC
of the European Parliament and of the Council of 8 June 2000 on
certain legal aspects of information society services, in particular
electronic commerce, in the internal market;
"enforcement action" means any form of enforcement action,
however so described, including the imposition of any sanctions
that an enforcement authority, including the competent regulator, is
empowered to take at law;
"enforcement authority" means any public entity which at law is
authorised to take enforcement action, but does not include a court
however so described;
"European Commission" or "Commission" means the European
Commission of the European Union;
"information" includes information in the form of data, text,
images, sound or speech;
"information society service" means any service which is
provided at a distance, by electronic means and at the individual
request of a recipient of the service, whether such service is
provided for consideration or not, and for the purposes of this
definition:
(a) "at a distance" means that the service is provided
without the parties being simultaneously present;
(b) "by electronic means" means that the service is sent
initially and received at its destination by means of
electronic equipment for the processing (including
digital compression) and storage of data, and entirely
transmitted, conveyed and received by wire, by radio,
by optical means or by any electromagnetic means;
(c) "at the individual request of a recipient of the service"
3
4
[ CAP. 426.
ELECTRONIC COMMERCE
means that the service is provided through the
transmission of data on individual request;
"information system" means a system for generating, sending,
receiving, recording, storing or otherwise processing electronic
communications;
"information technology requirements" includes software,
network and data storage requirements;
"Member State" means a Member State of the European Union;
"Minister" means the Minister responsible for communications;
"place of business" in relation to a government, an authority of a
government, a public body, a charitable, philanthropic or similar
institution means a place where any operations or activities are
carried out by that government, authority, body or institution;
"prescribed" means prescribed by regulations made by the
Minister in accordance with the provisions of this Act;
"recipient of the service" means any person w ho uses an
information society service for the purposes of seeking information
or making it accessible;
"regulated profession" means any profession within the meaning
of either:
(a) Article 1(d) of the European Council Directive 89/48/
EEC of the 21 December 1988 on a general system for
the recognition of higher education diplomas awarded
on completion of professional education and training
for a duration of at least three years; or
(b) Article 1(f) of the European Council Directive 92/51/
EEC of the 18 June 1992 on a second general system
for the recognition of professional education and
training to supplement Directive 89/84/EEC;
"Regulation" means Regulation number 910/2014 of the
European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic
communications in the internal market and repealing Directive
1999/93/EC;
"service provider" means any person established in Malta
providing an information society service;
Cap. 490.
"transaction" includes a transaction of a non-commercial nature;
" Tr i b u n a l ” m e a n s t h e A d m i n i s t r a t i v e R e v i e w Tr i b u n a l
established by article 5 of the Administrative Justice Act;
"Union" means the European Union.
PART II
APPLICATION OF LEGAL REQUIREMENTS TO
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS
Validity of
electronic
transactions.
3.
For the purposes of any law in Malta and subject to the
other provisions of this Act, a transaction is not deemed to be
invalid merely because it took place wholly or partly by means of
ELECTRONIC COMMERCE
[ CAP. 426.
5
one or more electronic communications.
4. (1) Unless otherwise prescribed, the provisions of this Act
shall not apply to those activities or areas as are listed in the Fifth
Schedule. The Minister may, after consultation with the competent
regulator, by notice in the Gazette, amend the Fifth Schedule.
(2)
Where the Minister is of the opinion that -
Excluded laws.
Amended by:
IV. 2004.48;
XXX. 2007.53;
XXXV. 2016.4;
XXXIII. 2021.16.
(a) technology has advanced to such an extent, and access
to it is so widely available, or
(b) adequate procedures and practices have developed in
public registration or other services, so as to warrant
such action, or
(c) the public interest so requires,
he may, after consultation with that Minister as in his opinion has
sufficient interest or responsibility in relation to the matter, by
Order in the Gazette extend the application of this Act or a
provision of this Act to or in relation to a matter specified in subarticle (1) above, including the applicability to a particular area or
subject, or for a particular time, for the purposes of a trial of the
technology and procedures, subject to such conditions as he thinks
fit.
5. (1) If under any law in Malta a person is required or
permitted to give information in writing, that requirement shall be
deemed to have been satisfied if the person gives the information
by means of an electronic communication:
Provided that (a) at the time the information was given, it was
reasonable to expect that the information would be
readily accessible so as to be usable for subsequent
reference; and
(b) if the information is required to be given to a person,
or to another person on his behalf, and the first
mentioned person requires that the information be
given in accordance with particular information
technology requirements, by means of a particular
kind of electronic communication, that person’s
requirement has been met; and
(c) if the information is required to be given to a person who
is neither a public body nor to a person acting on behalf
of a public body, then the person to whom the
information is required or permitted to be given, consents
to the information being given by means of an electronic
communication;
(d) if the information is required to be given to a person,
or to another person on his behalf, and the first
mentioned person requires that a particular action be
taken by way of verifying the receipt of the
information, that person’s requirement has been met.
(2) For the purposes of this article, giving information
includes, but is not limited to, the following:
Requirement or
permission to give
information in
writing.
Amended by:
XXVII. 2002.59.
6
[ CAP. 426.
ELECTRONIC COMMERCE
(a) making an application;
(b) making or lodging a claim;
(c) giving, sending or serving a notification;
(d) lodging a return;
(e) making a request;
(f)
making a declaration;
(g) lodging or issuing a certificate;
(h) lodging an objection; and
(i)
making a statement.
(3) For the purposes of this article, a requirement or
permission in relation to a person to give information shall extend
to and shall be equally applicable to the requirement or information
which is stated to be sent, filed, submitted, served or otherwise
transmitted and includes similar or cognate expressions, thereof.
Signature.
Requirement or
permission for
production of
document and
integrity.
Amended by:
XXVII. 2002.59.
6.
(Deleted by Act XXXV. 2016.5.).
7. (1) Unless otherwise provided by or under this Act, if
under any law in Malta, a person is required to produce a document
that is in the form of a paper, or of any other substance or material,
that requirement is deemed to have been satisfied if the person
produces, by means of an electronic communication, an electronic
form of that document:
Provided that:
(a) having regard to all the relevant circumstances at the
time of the communication, the method of generating
the electronic form of the document provided a
reliable means of assuring the maintenance of the
integrity of the information contained in the document;
(b) at the time the communication was sent, it was
reasonable to expect that the information contained in
the electronic form of the document would be readily
accessible so as to be usable for subsequent reference;
(c) if the document is required to be produced to a person
who is neither a public body nor to a person acting on
behalf of a public body, then the person to whom the
document is required to be produced, consents to the
production by means of an electronic communication of
an electronic form of the document;
(d) if the document is required to be given to a person, or
to another person on his behalf, and the first
mentioned person requires that an electronic form of
the document be given, in accordance with particular
information technology requirements, by means of a
particular kind of electronic communication, the
person’s requirement is satisfied; and
(e) if the document is required to be given to a person, or
to another person on his behalf, and the first
mentioned person requires that a particular action be
taken by way of verifying the receipt of the
ELECTRONIC COMMERCE
[ CAP. 426.
7
information, the person’s requirement is satisfied.
(2) For the purposes of this article, the integrity of information
contained in a document is only maintained if the information
remains complete and unaltered, save for (a) the addition of any endorsement; or
(b) any change not being a change to the information,
which is necessary in the normal course of
communication, storage or display.
(3) For the purposes of article 8 (1) and (2), the production by
means of an electronic communication of an electronic form of a
document or the generation of an electronic form of a document
shall not give rise to any liability for infringement of the copyright
in a work or other subject matter embodied in the document.
8. (1) If under any law in Malta, a person is required to
record information in writing, that requirement is deemed to have
been satisfied if the person records the information in electronic
form:
Provided that such information in electronic form is readily
accessible so as to be usable for subsequent reference and it
complies with such regulations as may be prescribed.
(2) If under any law in Malta, a person is required to retain, for
a particular period, a document that is in the form of a paper or of
any other substance or material, that requirement is deemed to have
been satisfied if the person retains an electronic form of the
document throughout that period:
Provided that if (a) having regard to all the relevant circumstances at the
time of the generation of the electronic form of the
document, the method of generating the electronic
form of the document, provided a reliable means of
assuring the maintenance of the integrity of the
information contained in that document; and
(b) at the time of the generation of the electronic form of
the document, it was reasonable to expect that the
information contained in the electronic form of the
document would be readily accessible so as to be
usable for subsequent reference; and
(c) it complies with such regulations as may be
prescribed.
(3) For the purpose of sub-article (2), the integrity of
information contained in a document is only maintained if the
information has remained complete and unaltered, save for(a) the addition of any endorsement; or
(b) any change not being a change to the information,
which is necessary in the normal course of
communication, storage or display.
(4) If under any law in Malta, a person is required to retain, for
a pa rticular pe r iod, i nformation tha t w as t he s ubject of an
Retention of
information,
documents and
communications.
8
[ CAP. 426.
ELECTRONIC COMMERCE
electronic communication, that requirement is deemed to have been
satisfied if that person retains, or causes another person to retain, in
electronic form, that (a) at the time of commencement of the retention of the
information, it was reasonable to expect that the
information would be readily accessible so as to be
usable for subsequent reference; and
(b) having regard to all the relevant circumstances, at the
time of commencement of the retention of the
information, the method of retaining the information in
electronic form provided a reliable means of assuring
the maintenance of the integrity of the information
contained in the electronic communication; and
(c) throughout that period that person also retains, or
causes another person to retain, in electronic form,
such additional information obtained as is sufficient to
enable the identification of the following:
(i) the origin of the electronic communication;
(ii) the destination of the electronic communication;
(iii) the time when the electronic communication was
sent;
(iv) the time when the electronic communication was
received; and
(d) at the time of commencement of the retention of the
additional information specified in paragraph (c) it
was reasonable to expect that the additional
information would be readily accessible so as to be
usable for subsequent reference; and
(e) it complies with
prescribed.
such regulations as may be
(5) For the purposes of sub-article (4), the integrity of the
information which is the subject of an electronic communication is
only maintained if the information remains complete and unaltered,
save for (a) the addition of any endorsement; or
Internal market.
Added by:
XXXV. 2016.6.
(b) any change not being a change to the information,
which arises in the normal course of communication,
storage or display.
8A. (1) Subject to the provisions of sub-article (4), any
requirement that falls within the coordinated field shall apply to the
provision of an information society service by a service provider
established in Malta, irrespective of whether that service is
provided in Malta or in another Member State.
(2) Subject to the provisions of sub-article (4) an enforcement
authority with responsibility in relation to any requirement in subarticle (1) shall ensure that the provision of an information service
by a service provider established in Malta complies with that
requirement irrespective of whether the service is provided in
Malta or in another Member State, and any power, remedy or
ELECTRONIC COMMERCE
[ CAP. 426.
9
procedure for taking enforcement action shall be available to secure
compliance.
(3) Subject to the provisions of sub-articles (4) and (5), no
requirement shall be applied to the provision of an information
society service by a service provider established in a Member State
other than Malta for reasons which fall within the coordinated field
if the application of the requirement would restrict the freedom to
provide information society services to a person in Malta from that
Member State.
(4) Sub-articles (1), (2) and (3) shall not apply to the fields set
out in the Seventh Schedule to this Act.
(5) The reference to any requirements the application of which
would restrict the freedom to provide information society services
from another Member State in sub-article (3) does not include any
requirement maintaining the level of protection for public health
and consumer interests established by European Union law.
8B. (1) Notwithstanding the provisions of article 8A(3), an
enforcement authority may take measures, including applying any
requirement which would otherwise not apply by virtue of article
8A(3), in respect of a given information society service, where
those measures are necessary for reasons of (a) public policy, in particular the prevention,
investigation, detection and prosecution of criminal
offences, including the protection of minors and the
fight against any incitement to hatred on grounds of
race, sex, religion or nationality, and violations of
human dignity concerning individual persons;
(b) the protection of public health;
(c) public security, including the safeguarding of national
security and defence; or
(d) the protection of consumers, including investors,
and are proportionate to those objectives.
(2) Notwithstanding the provisions of article 8A(3), in any case
where an enforcement authority is not party to the proceedings, a
court may, on the application of any person or of its own motion,
apply any requirement which would otherwise not apply by virtue
of article 8A(3) in respect of a given information society service, if
the application of that law or requirement is necessary for and
proportionate to any of the objectives set out in sub-article (1).
(3) Sub-articles (1) and (2) shall only apply where the
information society service prejudices or presents a serious and
grave risk of prejudice to an objective as stated in sub-article (1)(a)
to (d).
(4) Subject to the provisions of sub-articles (5) and (6), an
enforcement authority shall not take the measures in sub-article (1)
unless it:
(a) asks the Member State in which the service provider is
established to take measures and the aforesaid Member
Derogations from
article 8A.
Added by:
XXXV. 2016.6.
10
[ CAP. 426.
ELECTRONIC COMMERCE
State does not take such measures or the measures
taken are considered by the enforcement authority
concerned as inadequate; and
(b) notifies the European Commission and the Member
State in which the service provider is established of its
intention to take such measures.
(5) Nothing in sub-article (4) affects the commencement of any
legal proceedings or the investigation of any offence or breach,
however so described, by any enforcement authority.
(6) If it appears to the enforcement authority that the matter is
one of urgency, it may take the measures under sub-article (1)
without first applying the requirements of sub-article (4).
(7) In a case where a measure is taken pursuant to sub-article
(6), the enforcement authority shall notify the measures taken, to
the European Commission and to the Member State concerned in
the shortest time possible thereafter stating in writing the reasons
for urgency.
General
information to be
provided.
Added by:
XXXV. 2016.6.
8C. (1) Without prejudice to other information requirements as
may be established at law, a service provider shall make available
to the recipient of the service and where appropriate or requested,
to the enforcement authority responsible at law in ensuring
compliance, including where applicable to the competent regulator,
in a form and manner which is easily, directly and permanently
accessible, the following information:
(a) the name of the service provider;
(b) the geographic address where the service provider is
established;
(c) the details of the service provider, including his
electronic mail address, which allow him to be
contacted rapidly and communicated with in a direct
and effective manner;
(d) where the service provider is registered in a trade or
similar public register, the trade or other such register
in which the service provider is entered and his
registration number, or equivalent means of
identification in that register;
(e) where the activity is subject to an authorisation
scheme, the particulars of the relevant supervisory
authority;
(f)
where the service provider is a member of a regulated
profession (i)
any professional body or similar institution with
which the service provider is registered;
(ii) the professional title of the provider and the
Member State where it has been granted; and
(iii) a reference to the applicable professional rules
in the Member State of establishment and the
means to access them;
ELECTRONIC COMMERCE
[ CAP. 426.
11
(g) where the service provider undertakes an activity that
is subject to value added tax, the identification number
referred to in Article 22(1) of the Sixth Council
Directive 77/388/EEC of 17th May 1977 on the
harmonisation of the laws of the Member States
relating to turnover taxes - Common system of value
added tax: uniform basis of assessment; and
(h) when a service provider sends unsolicited commercial
communications, details of how users of the service
can register their choice regarding unsolicited
commercial communications, which details must be
prominently displayed on the website of the service
provider and at every point where users of the service
are asked to provide information when accessing the
website of the service provider.
(2) Where the service provider refers to prices, such prices
shall be indicated clearly and unambiguously and, in particular,
shall indicate whether they are inclusive of any tax, however so
described, and delivery costs.
8D. In addition to any other information requirements that may
be established at law, a service provider shall ensure that any
commercial communication provided by him, which constitutes or
forms part of an information society service shall (a) be clearly identified as a commercial communication;
Provision of
information in
commercial
communications.
Added by:
XXXV. 2016.6.
(b) clearly identify the person on whose behalf the
commercial communication is made;
(c) clearly identify as such any promotional offer,
including any discount, premium or gift, and ensure
that any conditions which must be met to qualify for it
are easily accessible, and presented clearly and
unambiguously;
(d) clearly identify as such any promotional competition
or game and ensure that any conditions for
participation are easily accessible and presented
clearly and unambiguously; and
(e) without prejudice to the provisions of the Data
Protection Act and of any other laws regulating data
protection, clearly identify details of how users of the
service can register their choice regarding unsolicited
commercial communications, which details must be
prominently displayed at every point where users of
the service are asked to provide information.
8E. (1) This article establishes and regulates the right under
the Act to make a commercial communication which is part of, or
constitutes, a service provided by a m ember of a regulated
profession.
(2) Without prejudice to any other provision of the Act
permitting a restriction or limitation of the right to which this
article applies, a body which at law is responsible for a regulated
Cap. 586.
Regulated
professions.
Added by:
XXXV. 2016.6.
12
[ CAP. 426.
ELECTRONIC COMMERCE
profession may, in exercise of any powers vested in it at law to
regulate the activities of its members, make the exercise by a
member of the profession of the right to which this article applies,
subject to compliance with specified conditions as referred to in
sub-article (3).
(3) The conditions that may be so specified are those that may
reasonably be regarded as appropriate for the purpose of
maintaining the standing and integrity of the profession concerned
and ensuring adherence by its members to the requisite standards
and, in particular, for the purpose of ensuring (a) the independence,
profession, and
dignity
and
honour
of
the
(b) compliance with obligations of professional secrecy
and fairness towards clients and other members of the
profession.
No requirement for
prior
authorisations.
Added by:
XXXV. 2016.6.
Amended by:
XXXIII. 2021.17.
Cap. 399.
8F. The provision of information society services by a service
provider shall not be subject to any prior authorisation:
Provided that the provision of such information society
services shall be without prejudice to authorisation schemes which
are not specifically and exclusively targeted at information society
services, or which are covered by the Electronic Communications
(Regulation) Act or any regulations made thereunder.
Notification
requirement.
Added by:
XXXV. 2016.6.
8G. (Deleted by Act XXXIII. 2021.18).
Non-applicability
of certain articles
to the activities or
areas listed in the
Fifth Schedule of
the Act.
Added by:
XXXV. 2016.6.
8H. (Deleted by Act XXXIII. 2021.18).
Electronic
contract.
Amended by:
XXXIII. 2021.19.
PART III
ELECTRONIC CONTRACTS
9.
An electronic contract shall not be denied legal effect,
validity or enforceability solely on the grounds that it is wholly or
partly in electronic form, or has been entered into wholly or partly
by way of electronic communications or otherwise:
Provided that the provisions of this article shall not apply
in relation to the contracts or laws, however so described, listed in
the Eighth Schedule to this Act:
Provided further that the Minister may, after consulting the
competent regulator, by notice in the Gazette amend the Eighth
Schedule.
(2) For the purposes of any law relating to contracts, an offer,
an acceptance of an offer and any related communication, including
any subsequent amendment, cancellation or revocation of the offer,
ELECTRONIC COMMERCE
[ CAP. 426.
13
the acceptance of the contract may, unless otherwise agreed by the
contracting parties, be communicated by means of electronic
communications.
10. (1) Unless otherwise agreed by parties who are not
consumers, where the recipient of the service places his order
through technological means:
(a) an electronic contract is concluded when after placing
his order, the recipient of the service has received from
the service provider an acknowledgement of receipt of
the order made by the recipient:
Formation of
electronic contract.
Amended by:
VII. 2004.49.
Substituted by:
XXX. 2007.54.
Provided that the service provider must acknowledge
receipt of the order made by the recipient without
undue delay and by electronic means; and
(b) the order made by the recipient and the
acknowledgement of receipt are deemed to have been
received when the parties to whom they are addressed
are able to access them.
(2) Unless otherwise agreed by parties who are not consumers,
the service provider shall provide the recipient of the service with
effective and accessible technical means to identify and correct
handling and input errors and accidental transactions prior to the
conclusion of the contract.
(3) The provisions of sub-article (1)(a) and of sub-article (2)
shall not apply to contracts concluded exclusively by electronic
mail or by equivalent individual communications.
11. (1) Unless otherwise agreed by parties who are not
consumers, and without prejudice to any consumer rights under the
provisions of any other law, the service provider shall provide
information in clear, comprehensive and unambiguous terms
regarding the matters set out in the First Schedule, which Schedule
may by notice in the Gazette, be amended by the Minister after
consultation with the competent regulator:
Provided that any such information shall be provided to the
addressee prior to the placement of the order by him.
(2) Unless parties who are not consumers have agreed
otherwise, a service provider shall indicate which relevant codes of
conduct he subscribes to and provide information as to how those
codes can be consulted electronically.
(3) Where the service provider provides terms and conditions
applicable to the contract to the addressee, the service provider
shall make them available to the addressee in a way that allows the
addressee to store and reproduce them.
(4) The provisions of sub-articles (1) and (2) shall not apply to
contracts concluded exclusively by exchange of electronic mail or
by equivalent individual communications.
Information
requirements
relating to
electronic
contracts.
Substituted by:
VII. 2004.50.
Amended by:
XXX. 2007.52;
XXXV. 2016.3.
14
[ CAP. 426.
ELECTRONIC COMMERCE
PART IV
TRANSMISSION OF ELECTRONIC COMMUNICATIONS
Time of dispatch.
12. (1) If an electronic communication enters a single
information system outside of the control of the originator, then,
save as otherwise agreed between the originator and the addressee
of the electronic communication, the dispatch of the electronic
communication occurs at the time when it enters the information
system.
(2) If an electronic communication enters successively two or
more information systems outside of the control of the originator,
then, unless otherwise agreed between the originator and the
addressee of the electronic communication, the dispatch of the
electronic communication occurs when it enters the first of those
information systems.
Time of receipt.
Amended by:
XXXV. 2016.7.
13. (1) If the addressee of an electronic communication has
designated an information system for the purpose of receiving
electronic communications, then, save as otherwise agreed between
the originator and the addressee of the electronic communication or
as otherwise required under the Regulation, the time of receipt of
the electronic communication is the time when the electronic
communication enters the information system.
(2) If the addressee of an electronic communication has not
designated an information system for the purpose of receiving
electronic communications, then, save as otherwise agreed between
the originator and the addressee of the electronic communication,
the time of receipt of the electronic communication is the time
when the electronic communication comes to the attention of the
addressee.
Place of dispatch
and receipt.
14. (1) Save as may be otherwise agreed between the
originator and the addressee of an electronic communication (a) the electronic communication is deemed to have been
dispatched at the place where the originator has his
place of business; and
(b) the electronic communication is deemed to have been
received at the place where the addressee has his place
of business.
(2)
For the purposes of the sub-article (1) (a) if the originator or the addressee has more than one
place of business, and one of those places has a closer
relationship to the underlying transaction, that place of
business shall be deemed to be the originator’s or the
addressee’s place of business; and
(b) if the originator or the addressee has more than one
place of business, but paragraph (a) does not apply, the
originator’s or the addressee’s principal place of
business shall be deemed to be the originator’s or the
addressee’s place of business; and
(c) if the originator or addressee does not have a place of
ELECTRONIC COMMERCE
[ CAP. 426.
15
business, the originator’s or the addressee’s place of
business shall be deemed to be the originator’s or
addressee’s ordinary residence.
15. (1) Save as otherwise agreed between the originator and
the addressee of an electronic communication, the originator of an
electronic communication is bound by that communication only if
the communication was sent by him or under his authority.
Attribution of
electronic
communication.
(2) Nothing in sub-article (1) shall affect the operation of any
law that makes provision for(a) the conduct engaged by a person within the scope of
the person’s actual or apparent authority to be
attributed to another person; or
(b) a person to be bound by conduct engaged in by another
person within the scope of the other person’s actual or
apparent authority.
(3) An electronic communication between an originator and an
addressee shall be deemed to be of the originator if it was sent by
an information system programmed to operate automatically by or
on behalf of the originator.
(4) An addressee shall have the right to consider each
electronic communication received by him as a separate electronic
communication and to act on that assumption, except to the extent
that such communication is a duplicate of another electronic
communication and the addressee knew or should have known, had
he exercised reasonable care or used any agreed procedure, that the
electronic communication was a duplicate.
15A. Wherever any legal requirement exists to communicate by
way of registered mail, this requirement shall be deemed to be
satisfied by the use of a qualified electronic registered delivery
service by all parties participating in the communication:
Communications
by registered mail.
Added by:
XXXV. 2016.8.
Provided that this article shall come into force on such date
as the Minister may expressly determine by order in the Gazette.
PART V
PROVISION OF SIGNATURE CERTIFICATION SERVICES
16.
(Deleted by Act XXXV. 2016.9.).
Accreditation of
signature
certification
service providers.
17.
(Deleted by Act XXXV. 2016.9.).
Supervision of
signature
certification
service providers
that issue qualified
certificates.
Amended by:
XIII. 2005.74.
18.
(Deleted by Act XXXV. 2016.9.).
Liability of
signature
certification
service providers.
PART VI
INTERMEDIARY SERVICE PROVIDERS
16
[ CAP. 426.
ELECTRONIC COMMERCE
Mere conduit.
19. Repealed by Act I.2024.20.
Caching.
Amended by:
XXXV. 2016.3.
20.
Hosting.
21. Repealed by Act I.2024.20.
Obligations of
intermediary
service providers.
22.
Prohibition on
misuse of
electronic
signatures,
signature creation
devices,
certificates and
fraud.
Amended by:
XXXV. 2016.10.
Repealed by Act I.2024.20.
Repealed by Act I.2024.20.
PART VII
GENERAL
23. (1) No person shall access, copy or otherwise obtain
possession of or recreate the electronic signature creation device or
an electronic seal creation device of another person without
authorisation, for the purpose of creating, or allowing or causing
another person to create an unauthorised electronic signature or
electronic seal using such signature device.
(2) No person shall alter, disclose or use the electronic
signature creation device or an electronic seal creation device of
another person without authorisation, or in excess of lawful
authorisation, for the purpose of creating or allowing or causing
another person to create an unauthorised electronic signature using
such electronic signature creation device or an electronic seal
creation device.
(3) No person shall create, publish, alter or otherwise use a
certificate or an electronic signature or electronic seal for any
fraudulent or other unlawful purpose.
(4) No person shall misrepresent his identity or authorisation
in requesting or accepting a certificate or in requesting suspension
or revocation of a certification.
(5) No person shall access, alter, disclose or use the electronic
signature creation device or an electronic seal creation device of a
certificate service provider used to issue certificates without the
authorisation of the certificate service provider, or in excess of
lawful authorisation, for the purpose of creating, or allowing or
causing another person to create, an unauthorised electronic
signature or electronic seal using such electronic signature creation
device or an electronic seal creation device.
(6) No person shall publish a certificate, or otherwise
knowingly make it available to anyone likely to rely on the
certificate or on an electronic signature or electronic seal that is
verifiable with reference to data such as codes, passwords,
algorithms, public cryptographic keys or other data which are used
for the purposes of verifying an electronic signature or electronic
seal, listed in the certificate, if such person knows that (a) the certificate service provider listed in the certificate
has not issued it; or
(b) the subscriber listed in the certificate has not accepted
it; or
(c) the certificate has been revoked or suspended, unless
such publication is for the purpose of verifying an
ELECTRONIC COMMERCE
[ CAP. 426.
17
electronic signature or electronic seal created prior to
such revocation or suspension, or giving notice of
revocation or suspension.
(7) No person shall use cryptographic or other similar
techniques for any illegal purpose.
23A. (1) The competent regulator shall be responsible for the
supervisory tasks stated in the Regulation and in doing so shall in
particular:
(a) supervise qualified trust service providers established
in Malta ensuring through ex ante and ex post
supervisory activities, that such qualified trust service
providers and the qualified trust services that they
provide, meet the requirements laid down in the
Regulation;
(b) take action if necessary, in relation to non-qualified
trust service providers established in Malta through ex
post supervisory activities, when informed that those
non-qualified trust service providers or the trust
services they provide allegedly do not meet the
requirements laid down in the Regulation.
(2) Without prejudice to the generality of the tasks onerous on
the competent regulator as stated in sub-article (1), the competent
regulator shall be responsible for the following:
(a) cooperating with other supervisory bodies and provide
them with assistance in accordance with Article 18 of
the Regulation;
(b) analysing the conformity assessment reports referred
to in Articles 20(1) and 21(1) of the Regulation;
(c) informing other supervisory bodies and the public
about breaches of security or loss of integrity in
accordance with Article 19(2) of the Regulation;
(d) reporting to the European Commission about its main
activities in accordance with paragraph 6 of Article 17
of the Regulation;
(e) carrying out audits or requesting a conformity
assessment body to perform a conformity assessment
of the qualified trust service providers in accordance
with Article 20(2) of the Regulation;
(f)
cooperating with the Office of the Information and
Data Protection Commissioner in Malta, in particular,
by informing that Office without undue delay, about
the results of audits of qualified trust service
providers, where personal data protection rules may in
the opinion of the competent regulator have been
breached;
(g) granting qualified status to trust service providers and
to the services they provide and to withdraw this status
in accordance with Articles 20 and 21 of the
Regulation;
Supervisory body
for the purposes of
the Regulation.
Added by:
XXXV. 2016.11.
Amended by:
XXXIII. 2021.20.
18
[ CAP. 426.
ELECTRONIC COMMERCE
(h) informing the body responsible for the national trusted
list referred to in Article 22(3) of the Regulation about
its decisions to grant or to withdraw qualified status:
Provided that such a requirement shall not apply if the
competent regulator also performs the tasks of the
body referred to in this paragraph;
(i)
verifying the existence and correct application of
provisions on termination plans in cases where the
qualified trust service provider ceases its activities
including how information is kept accessible in
accordance with point (h) of Article 24(2) of the
Regulation;
(j)
requiring that trust service providers remedy any
failure to fulfil the requirements laid down in the
Regulation;
(k) establishing, maintaining and publishing trusted lists
in accordance with Articles 22(1) and 22(2) of the
Regulation, and notifying the Commission in relation
thereto in accordance with Article 22(3) of the
Regulation; and
(l)
notifying the Commission in relation to any lists in
accordance with Articles 31(1) and 39(3) of the
Regulation.
(3) The competent regulator may, in the performance of its
supervisory tasks as stated in the Regulation, determine any such
technical and, or operational requirements as it may consider
necessary for the effective implementation and, or compliance with
any of the provisions of the Regulation:
Non-compliance
with the
Regulation.
Added by:
XXXV. 2016.11.
Provided that in doing so the competent regulator shall first
consult with any interested parties.
23B. Unless stated otherwise in this Act, where applicable, any
non-compliance with the provisions of this Act or of the
Regulation, shall constitute a breach of this Act, and shall be
treated accordingly by the competent regulator who shall as it
considers appropriate take the necessary regulatory measures in
accordance with its powers at law.
Non-compliance
with the Act and
powers of the
competent
regulator.
Added by:
XXXV. 2016.11.
23C. Unless stated otherwise in the Act, a breach of any of the
provisions of the Act shall be subject to any such sanctions as the
competent regulator is empowered by law to impose.
Offences and
penalties.
Amended by:
L.N. 426 of 2007.
Substituted by:
XXXV. 2016.12.
Amended by:
XXXIII. 2021.21;
I.2024.21.
24. Any person contravening article 23 of the Act, or Articles
19(2), 20(1), 21(1), 21(3), 23 and 24 of the Regulation, shall be
guilty of an offence and shall on conviction be liable to a fine
(multa) of not more than two hundred and fifty thousand euro
(€250,000) or to imprisonment not exceeding two years or to both
such fine (multa) and imprisonment, and in the case of a continuous
offence to a fine not exceeding two thousand, five hundred euro
(€2,500) for each day during which the offence continues:
ELECTRONIC COMMERCE
[ CAP. 426.
19
Provided that where any proceedings are undertaken by the
Commissioner of Police under this sub-article, the Commissioner
of Police shall in writing notify the competent regulator of the
taking of such proceedings and of the final outcome of the same.
24A. (1) Where a dispute however so described arises between
a service provider and a consumer further to a complaint by a
consumer alleging an infringement of the Act or of the Regulation
as are enforced by the competent regulator, any party to such a
dispute may refer the dispute to the competent regulator:
Provided that in making a complaint the consumer must
prima facie show that he has been affected by the act or omission of
the service provider giving rise to the complaint.
(2) Upon receipt of any reference as aforesaid, or upon
otherwise becoming aware of any such dispute that the competent
regulator believes should be investigated, the competent regulator
shall notify all the parties to the dispute that the matter is being
investigated. In doing so, the competent regulator shall regulate its
own procedure, which procedure shall, as far as is reasonably
possible, be transparent, simple, inexpensive and conducive to a
prompt and fair settlement of the dispute, and shall afford all
parties to the dispute reasonable opportunity to make their
submissions and to produce any relevant information:
Provided that the competent regulator may decide not to
initiate an investigation in accordance with this article where it is
satisfied that other means of resolving the dispute in a timely
manner are available to the parties, or if legal proceedings in
relation to the dispute have been initiated by any party to the
dispute, or if another public authority is already investigating the
same dispute.
(3) The competent regulator in resolving any disputes referred
to it under this article, may issue directives to the service provider
requiring that service provider to comply with any measure the
competent regulator may specify for the resolution of the dispute.
Such directives may, having regard to its determination of the
dispute and to all other relevant matters, include an order to effect
the reimbursement of payments received or to make compensation
payments. Such payments may also include the whole or part of the
costs of any party relating to the engagement of a lawyer and, or of
a technical adviser in relation to any submissions relating to the
dispute.
(4) The competent regulator shall make publicly available any
administrative procedures it may from time to time establish in
relation to the handling of any disputes referred to it under this
article.
(5) The provisions of this article shall be without prejudice to
the right of the consumer to have recourse, in accordance with
Maltese law, to any other body empowered to resolve any such
disputes and, or to any out-of-court dispute resolution processes,
however so described.
(6)
In issuing a decision under this article the competent
Disputes between a
service provider
and a consumer.
Added by:
XXXV. 2016.13.
20
[ CAP. 426.
ELECTRONIC COMMERCE
regulator shall state the reasons on which it is based, and shall,
subject to such requirements of commercial confidentiality as it
may deem appropriate, notify the parties to the dispute with a copy
of the decision.
(7) The competent regulator shall publish notice of a decision
given under this article and shall state from where copies of, or
information regarding the decision, may be obtained.
Issue of a
compliance order.
Added by:
XXXV. 2016.13.
Amended by:
XVII.2023.44.
24B. (1) Where the competent regulator feels it is reasonably
appropriate or necessary for the protection of consumers, it may
issue a compliance order against a service provider or any other
person for one or more of the following purposes:
(a) requiring any person to take any measures specified in
the compliance order, within the time specified in the
order to ensure that the provisions of the Act and, or of
the Regulation are complied with; or
(b) requiring any person to cease and desist from
committing a breach of the Act and, or of the
Regulation.
(2) The competent regulator shall when issuing a compliance
order under this article:
(a) notify a copy of the compliance order on each person
against whom the order is made;
(b) include with the compliance order, information about
the right to contest the order before the Tribunal; and
(c) briefly state the reasons for issuing the compliance
order, which reasons shall be notified to each person
against whom the order is issued and, if any, to the
qualifying body on whose application the order is
issued.
(3) No precautionary warrant or other similar order under this
or any other law shall be issued by the Tribunal or by any court
restraining or restricting the competent regulator from issuing a
compliance order under this Act.
(4) A compliance order issued by the competent regulator shall
come into force with immediate effect, unless the order provides
otherwise.
Application for the
issue of a
compliance order.
Added by:
XXXV. 2016.13.
24C. Repealed by Act XVII.2023.45.
Discretion of the
competent
regulator to issue a
compliance order.
Added by:
XXXV. 2016.13.
24D. Repealed by Act XVII.2023.45.
ELECTRONIC COMMERCE
[ CAP. 426.
24E. (1) A person against whom a compliance order has been
made, may, within twenty days from receipt of notification of the
compliance order, appeal in writing to the Tribunal for the
revocation or amendment of the compliance order, giving detailed
grounds for the request. The competent regulator shall be notified
with the appeal and shall have twenty (20) days from the date when it
is notified with the appeal in which to reply.
21
Appeals from a
compliance order.
Added by:
XXXV. 2016.13.
Amended by:
XVII.2023.46.
(2) The Tribunal may confirm, change or cancel the
compliance order as it considers appropriate, provided that in doing
so the Tribunal shall in all instances state its reasons.
(3) Where an appeal is instituted under this article the
compliance order shall remain in force unless the Tribunal, at the
request of the party contesting the order, specifically orders that the
compliance order shall be suspended pending the outcome of the
appeal, subject to such conditions and amendments to the order as
the Tribunal may determine:
Provided that in deciding any such request for a suspension
of the compliance order, the Tribunal shall give its reason in
writing for its decision.
24F. (1) Appeals instituted under article 24E shall be heard and
determined by the Tribunal with urgency and as expeditiously as
possible.
(2) The Tribunal, at the request of any of the parties to the
proceedings before it, may abridge any time limits established
under this Act in relation to the conduct of the appeal before it:
Cases to be heard
and determined
with urgency.
Added by:
XXXV. 2016.13.
Amended by:
XVII.2023.47.
Provided that in doing so the Tribunal shall state its reasons
in writing.
24G. The competent regulator when issuing a compliance order
under the Act shall not be required to prove:
(a) actual loss or damage; or
No need to prove
actual loss.
Added by:
XXXV. 2016.13.
(b) actual recklessness, negligence or fault on the part of
the service provider or person against whom the order
is made.
24H. (1) Without prejudice to any other powers it has at law, the
competent regulator may, in writing, order any person to cease and
desist from committing any cross-border infringement and, or from
acting in breach of any of the provisions of the Act, and, or of the
Regulation.
(2) The competent regulator may, in issuing an order under
sub-article (1) require the person concerned to provide it with a
written undertaking whereby that person agrees to cease and desist
from any such breach and which undertaking shall include any
conditions as the competent regulator may consider necessary in
the circumstances.
(3) A person who makes an undertaking in accordance with this
article and who subsequently acts in breach of any conditions stated
in the undertaking, shall be liable to the imposition of an
administrative fine by the competent regulator not exceeding the
Taking of other
measures to ensure
compliance.
Added by:
XXXV. 2016.13.
22
[ CAP. 426.
ELECTRONIC COMMERCE
sum of twenty-five thousand euro (€25,000) and, or five hundred
euro (€500) for each day during which the failure to comply with
the undertaking persists:
Provided that the imposition of a fine under this sub-article
shall be without prejudice to any other sanctions however so
described that the competent regulator may impose at law.
Competent
regulator may
require
publication.
Added by:
XXXV. 2016.13.
24I. (1) The competent regulator may, for the better
information of the public, require the service provider or person
against whom the compliance order has been issued, at the expense
of the latter to communicate in any manner the competent regulator
considers appropriate, including publication in at least two daily
newspapers:
(a) a copy in full or in part (i)
of a compliance order made under article 24B;
and, or
(ii) a copy of an undertaking given under article 24H
or an abstract of any such order and, or of any
such undertaking; and, or
(b) a corrective statement in relation to any contravention
of the Act and, or of the Regulation.
(2) Any communications required in terms of sub-article (1)
must be made within seven days from receipt of a notice issued by
the competent regulator requiring the service provider or person
concerned to make any such communications. Where the said
communications are not effected as aforesaid, the competent
regulator may proceed to issue the communications itself and any
expenses incurred by the competent regulator in issuing any
communications made by it in accordance with the provisions of
this article shall be recoverable as a civil debt from the person
against whom the compliance order was issued.
Right of appeal.
Added by:
XXXV. 2016.13.
Amended by:
XVII.2023.48.
24J. Any person aggrieved by a decision however so described
taken by the competent regulator in accordance with the Act and
having a legal interest to contest such a decision, may appeal to the
Tribunal:
Provided that in the case of a contestation of any matter
relating to the issue of a compliance order as provided for in this
Act, the procedures as stated in article 24E shall apply.
Consultation with
and by other
enforcement
authorities.
Added by:
XXXV. 2016.13.
24K. (1) The competent regulator may request the advice of
and where appropriate shall consult with any other enforcement
authority in the exercise of any of its functions under the Act and,
or the Regulation.
(2) In acting in accordance with any of the provisions of this
Act, an enforcement authority shall, in all instances, first consult
and act in co-ordination with the competent regulator.
ELECTRONIC COMMERCE
[ CAP. 426.
25. (1) The Minister may make regulations to provide for any
matter related to electronic commerce however so described,
electronic identification, trust services, electronic transactions, and
any such other matters as may be complementary or related thereto,
in order to give fuller effect to the provisions of this Act, and in
particular, but without prejudice to the generality of the aforesaid,
such regulations may provide for (a) any derogation from or restriction in relation to any
cross-border transaction where this is necessary for
one of the following reasons (i)
public policy, in particular the protection of
minors, or the fight against any incitement to
hatred on grounds of race, sex, religion, political
opinion or nationality;
(ii) the protection of public health;
(iii) public security;
(iv) consumer protection;
(b) identifying:
(i) transactions;
(ii) requirements or permissions to give information
in writing;
(iii) requirements or permissions to produce
documents;
(iv) requirements to retain information, documents
and communications;
(v) trust services;
that may be exempt from any provision of this Act;
(c) (Deleted by Act XXXV. 2016.14.);
(d) (Deleted by Act XXXV. 2016.14.);
(e) any matter relating to commercial communications,
including, but not limited to matters relating to:(i)
information to be provided in commercial
communications;
(ii) unsolicited commercial communications;
(iii) commercial communications by regulated
professions;
(f)
the authorisation to the competent regulator to impose
administrative fines or sanctions on any person acting
in contravention of any provision of this Act or of any
regulation made thereunder:
Provided that (i) any administrative fine provided for by regulations
made under this article shall not exceed the amount
of one hundred and twenty-five thousand euro
(€125,000) for each breach and two thousand and
five hundred euro (€2,500) for each day during
which failure to observe the provisions of any
regulation made thereunder persists;
23
Power to make
regulations.
Amended by:
VII. 2004.51;
XIII. 2005.75;
L.N. 426 of 2007;
XXXV. 2016.3, 14;
XXXIII. 2021.22.
24
[ CAP. 426.
ELECTRONIC COMMERCE
(ii)
Cap. 12.
(iv)
regulations made under this paragraph may
prescribe that any such administrative penalty or
sanction shall be due to the competent regulator
as a civil debt constituting an executive title for
the purposes of Title VII of Part I of Book
Second of the Code of Organization and Civil
Procedure as if the payment of the amount of the
fine had been ordered by a judgement of a court
of civil jurisdiction;
such regulations may also prescribe any right of
appeal from decisions of the competent regulator
to impose an administrative sanction;
(g) procedures to be established for out of court schemes,
for the settlement of disputes arising in …
AI explanation based on the official legal text. Indicative, not a substitute for legal advice.