← Malta

Chapter 426

Fil-qosor

Din il-liġi tirregola l-kummerċ elettroniku u kwistjonijiet relatati, u tiżgura li t-tranżazzjonijiet elettroniċi jkunu validi legalment. Hija tistabbilixxi l-qafas għall-użu ta' komunikazzjonijiet elettroniċi biex jissodisfaw rekwiżiti legali.

X'tirregola

Min jikkonċerna

Punti ewlenin

📄 Legal text
[ CAP. 426. ELECTRONIC COMMERCE 1 CHAPTER 426 ELECTRONIC COMMERCE ACT AN ACT to provide in relation to electronic commerce and to provide for matters connected therewith or ancillary thereto. 10th May, 2002 ACT III of 2001, as amended by Acts XXVII of 2002, VII of 2004 and XIII of 2005; Legal Notice 426 of 2007; and Acts XXX of 2007, XII of 2010, XXXV of 2016 and XXXIII of 2021*, XVII of 2023 and I of 2024. P ART I P RELIMINARY 1. The short title of this Act is the Electronic Commerce Act. 2. In this Act, the definitions contained in Article 3 of the Regulation shall apply and, unless the context otherwise requires "the Act" means the Electronic Commerce Act and includes, unless the context otherwise requires, any regulations made thereunder; "addressee" in relation to an electronic communication means a person who is intended by the service provider to receive the electronic communication, but does not include a person acting as a service provider with respect to the processing, receiving or storing of that electronic communication or providing other services with respect to it; "certificate" means any one of the following: (a) a certificate for electronic signature; (b) a certificate for electronic seal; or (c) a certificate for website authentication; "certificate service provider" means the trust service provider that issues certificates; "commercial communication" means any form of communication designed to promote directly or indirectly, the goods, services or image of a company, organisation or person pursuing a commercial, industrial or craft activity or exercising a regulated profession. The following do not in themselves constitute commercial communications: (a) information allowing direct access to the activity of the company, organisation or person, in particular the domain name of an electronic mail address; (b) communications relating to the goods, services or image of the company, organisation or person compiled in an independent manner, particularly when this is without financial consideration; "competent regulator" means any such public body as may be *See commencement notice LN 296 of 2021. Short title. Interpretation. Amended by: XXVII. 2002.59; XIII. 2005.73; XXX. 2007.51, 52; XII. 2010.79; XXXV. 2016.2; XVII.2023.43. 2 [ CAP. 426. ELECTRONIC COMMERCE designated by the Minister according to the Sixth Schedule to act as the regulatory body tasked with ensuring compliance with this Act and, or with the Regulation: Provided that the Minister may amend such Schedule by Order in the Gazette, and in doing so may provide for the exercise of the regulatory powers of the regulatory body designated to act as the competent regulator for the purposes of this Act: Provided further that in doing so the Minister may designate different public bodies to administer and enforce different provisions of this Act and, or of the Regulation. In doing so the Minister shall clearly establish the remit of each such public body ensuring also that there is effective co-ordination between such bodies; "consumer" means any natural person who is acting for purposes which are outside his trade, business or profession; "coordinated field" means requirements applicable to information society service providers or information society services, regardless of whether they are of a general nature or specifically designed for them, and covers requirements with which the service provider has to comply in respect of: (a) the taking up of the activity of an information society service, such as requirements concerning qualifications, authorisation or notification; (b) the pursuit of the activity of an information society service, such as requirements concerning the behaviour of the service provider, requirements regarding the quality or content of the service, including those applicable to advertising and contracts, or requirements concerning the liability of the service provider, but does not cover requirements such as those applicable to goods as such, to the delivery of goods or to services not provided by electronic means; "cross-border infringement" means: (a) an act or omission contrary to this Act and, or to the Regulation which takes place in Malta and which harms or is likely to harm the collective interests of consumers residing in a Member State or in Member States other than Malta; or (b) an act or omission contrary to this Act and, or to the Regulation by a seller or supplier who is established in Malta and which harms or is likely to harm the collective interests of consumers residing in a Member State or in Member States other than Malta; or (c) an act or omission contrary to this Act and, or to the Regulation which takes place in Malta and which harms or is likely to harm the collective interests of consumers residing in a Member State or in Member States other than Malta where the evidence or assets ELECTRONIC COMMERCE [ CAP. 426. pertaining to the act or omission are to be found in Malta; "data" means a representation of information, knowledge, facts, concepts or instructions that has been prepared or is being prepared in any manner and has been processed, is being processed or is intended to be processed in an information system, a computer system or a computer network. Data may be in any form or derived from any device or source, including computer memory, computer printouts, any storage media, electronic or otherwise and punched cards; "data storage device" means any thing, including a disk, from which data and information is capable of being reproduced with or without the aid of any thing or device; "electronic communication" means information generated, communicated, processed, sent, received, recorded, stored or displayed by electronic means; "electronic contract" means a contract concluded wholly or partly by electronic communications or wholly or partly in an electronic form; "Electronic Commerce Directive" means Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market; "enforcement action" means any form of enforcement action, however so described, including the imposition of any sanctions that an enforcement authority, including the competent regulator, is empowered to take at law; "enforcement authority" means any public entity which at law is authorised to take enforcement action, but does not include a court however so described; "European Commission" or "Commission" means the European Commission of the European Union; "information" includes information in the form of data, text, images, sound or speech; "information society service" means any service which is provided at a distance, by electronic means and at the individual request of a recipient of the service, whether such service is provided for consideration or not, and for the purposes of this definition: (a) "at a distance" means that the service is provided without the parties being simultaneously present; (b) "by electronic means" means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by any electromagnetic means; (c) "at the individual request of a recipient of the service" 3 4 [ CAP. 426. ELECTRONIC COMMERCE means that the service is provided through the transmission of data on individual request; "information system" means a system for generating, sending, receiving, recording, storing or otherwise processing electronic communications; "information technology requirements" includes software, network and data storage requirements; "Member State" means a Member State of the European Union; "Minister" means the Minister responsible for communications; "place of business" in relation to a government, an authority of a government, a public body, a charitable, philanthropic or similar institution means a place where any operations or activities are carried out by that government, authority, body or institution; "prescribed" means prescribed by regulations made by the Minister in accordance with the provisions of this Act; "recipient of the service" means any person w ho uses an information society service for the purposes of seeking information or making it accessible; "regulated profession" means any profession within the meaning of either: (a) Article 1(d) of the European Council Directive 89/48/ EEC of the 21 December 1988 on a general system for the recognition of higher education diplomas awarded on completion of professional education and training for a duration of at least three years; or (b) Article 1(f) of the European Council Directive 92/51/ EEC of the 18 June 1992 on a second general system for the recognition of professional education and training to supplement Directive 89/84/EEC; "Regulation" means Regulation number 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic communications in the internal market and repealing Directive 1999/93/EC; "service provider" means any person established in Malta providing an information society service; Cap. 490. "transaction" includes a transaction of a non-commercial nature; " Tr i b u n a l ” m e a n s t h e A d m i n i s t r a t i v e R e v i e w Tr i b u n a l established by article 5 of the Administrative Justice Act; "Union" means the European Union. PART II APPLICATION OF LEGAL REQUIREMENTS TO ELECTRONIC COMMUNICATIONS AND TRANSACTIONS Validity of electronic transactions. 3. For the purposes of any law in Malta and subject to the other provisions of this Act, a transaction is not deemed to be invalid merely because it took place wholly or partly by means of ELECTRONIC COMMERCE [ CAP. 426. 5 one or more electronic communications. 4. (1) Unless otherwise prescribed, the provisions of this Act shall not apply to those activities or areas as are listed in the Fifth Schedule. The Minister may, after consultation with the competent regulator, by notice in the Gazette, amend the Fifth Schedule. (2) Where the Minister is of the opinion that - Excluded laws. Amended by: IV. 2004.48; XXX. 2007.53; XXXV. 2016.4; XXXIII. 2021.16. (a) technology has advanced to such an extent, and access to it is so widely available, or (b) adequate procedures and practices have developed in public registration or other services, so as to warrant such action, or (c) the public interest so requires, he may, after consultation with that Minister as in his opinion has sufficient interest or responsibility in relation to the matter, by Order in the Gazette extend the application of this Act or a provision of this Act to or in relation to a matter specified in subarticle (1) above, including the applicability to a particular area or subject, or for a particular time, for the purposes of a trial of the technology and procedures, subject to such conditions as he thinks fit. 5. (1) If under any law in Malta a person is required or permitted to give information in writing, that requirement shall be deemed to have been satisfied if the person gives the information by means of an electronic communication: Provided that (a) at the time the information was given, it was reasonable to expect that the information would be readily accessible so as to be usable for subsequent reference; and (b) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that the information be given in accordance with particular information technology requirements, by means of a particular kind of electronic communication, that person’s requirement has been met; and (c) if the information is required to be given to a person who is neither a public body nor to a person acting on behalf of a public body, then the person to whom the information is required or permitted to be given, consents to the information being given by means of an electronic communication; (d) if the information is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that a particular action be taken by way of verifying the receipt of the information, that person’s requirement has been met. (2) For the purposes of this article, giving information includes, but is not limited to, the following: Requirement or permission to give information in writing. Amended by: XXVII. 2002.59. 6 [ CAP. 426. ELECTRONIC COMMERCE (a) making an application; (b) making or lodging a claim; (c) giving, sending or serving a notification; (d) lodging a return; (e) making a request; (f) making a declaration; (g) lodging or issuing a certificate; (h) lodging an objection; and (i) making a statement. (3) For the purposes of this article, a requirement or permission in relation to a person to give information shall extend to and shall be equally applicable to the requirement or information which is stated to be sent, filed, submitted, served or otherwise transmitted and includes similar or cognate expressions, thereof. Signature. Requirement or permission for production of document and integrity. Amended by: XXVII. 2002.59. 6. (Deleted by Act XXXV. 2016.5.). 7. (1) Unless otherwise provided by or under this Act, if under any law in Malta, a person is required to produce a document that is in the form of a paper, or of any other substance or material, that requirement is deemed to have been satisfied if the person produces, by means of an electronic communication, an electronic form of that document: Provided that: (a) having regard to all the relevant circumstances at the time of the communication, the method of generating the electronic form of the document provided a reliable means of assuring the maintenance of the integrity of the information contained in the document; (b) at the time the communication was sent, it was reasonable to expect that the information contained in the electronic form of the document would be readily accessible so as to be usable for subsequent reference; (c) if the document is required to be produced to a person who is neither a public body nor to a person acting on behalf of a public body, then the person to whom the document is required to be produced, consents to the production by means of an electronic communication of an electronic form of the document; (d) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that an electronic form of the document be given, in accordance with particular information technology requirements, by means of a particular kind of electronic communication, the person’s requirement is satisfied; and (e) if the document is required to be given to a person, or to another person on his behalf, and the first mentioned person requires that a particular action be taken by way of verifying the receipt of the ELECTRONIC COMMERCE [ CAP. 426. 7 information, the person’s requirement is satisfied. (2) For the purposes of this article, the integrity of information contained in a document is only maintained if the information remains complete and unaltered, save for (a) the addition of any endorsement; or (b) any change not being a change to the information, which is necessary in the normal course of communication, storage or display. (3) For the purposes of article 8 (1) and (2), the production by means of an electronic communication of an electronic form of a document or the generation of an electronic form of a document shall not give rise to any liability for infringement of the copyright in a work or other subject matter embodied in the document. 8. (1) If under any law in Malta, a person is required to record information in writing, that requirement is deemed to have been satisfied if the person records the information in electronic form: Provided that such information in electronic form is readily accessible so as to be usable for subsequent reference and it complies with such regulations as may be prescribed. (2) If under any law in Malta, a person is required to retain, for a particular period, a document that is in the form of a paper or of any other substance or material, that requirement is deemed to have been satisfied if the person retains an electronic form of the document throughout that period: Provided that if (a) having regard to all the relevant circumstances at the time of the generation of the electronic form of the document, the method of generating the electronic form of the document, provided a reliable means of assuring the maintenance of the integrity of the information contained in that document; and (b) at the time of the generation of the electronic form of the document, it was reasonable to expect that the information contained in the electronic form of the document would be readily accessible so as to be usable for subsequent reference; and (c) it complies with such regulations as may be prescribed. (3) For the purpose of sub-article (2), the integrity of information contained in a document is only maintained if the information has remained complete and unaltered, save for(a) the addition of any endorsement; or (b) any change not being a change to the information, which is necessary in the normal course of communication, storage or display. (4) If under any law in Malta, a person is required to retain, for a pa rticular pe r iod, i nformation tha t w as t he s ubject of an Retention of information, documents and communications. 8 [ CAP. 426. ELECTRONIC COMMERCE electronic communication, that requirement is deemed to have been satisfied if that person retains, or causes another person to retain, in electronic form, that (a) at the time of commencement of the retention of the information, it was reasonable to expect that the information would be readily accessible so as to be usable for subsequent reference; and (b) having regard to all the relevant circumstances, at the time of commencement of the retention of the information, the method of retaining the information in electronic form provided a reliable means of assuring the maintenance of the integrity of the information contained in the electronic communication; and (c) throughout that period that person also retains, or causes another person to retain, in electronic form, such additional information obtained as is sufficient to enable the identification of the following: (i) the origin of the electronic communication; (ii) the destination of the electronic communication; (iii) the time when the electronic communication was sent; (iv) the time when the electronic communication was received; and (d) at the time of commencement of the retention of the additional information specified in paragraph (c) it was reasonable to expect that the additional information would be readily accessible so as to be usable for subsequent reference; and (e) it complies with prescribed. such regulations as may be (5) For the purposes of sub-article (4), the integrity of the information which is the subject of an electronic communication is only maintained if the information remains complete and unaltered, save for (a) the addition of any endorsement; or Internal market. Added by: XXXV. 2016.6. (b) any change not being a change to the information, which arises in the normal course of communication, storage or display. 8A. (1) Subject to the provisions of sub-article (4), any requirement that falls within the coordinated field shall apply to the provision of an information society service by a service provider established in Malta, irrespective of whether that service is provided in Malta or in another Member State. (2) Subject to the provisions of sub-article (4) an enforcement authority with responsibility in relation to any requirement in subarticle (1) shall ensure that the provision of an information service by a service provider established in Malta complies with that requirement irrespective of whether the service is provided in Malta or in another Member State, and any power, remedy or ELECTRONIC COMMERCE [ CAP. 426. 9 procedure for taking enforcement action shall be available to secure compliance. (3) Subject to the provisions of sub-articles (4) and (5), no requirement shall be applied to the provision of an information society service by a service provider established in a Member State other than Malta for reasons which fall within the coordinated field if the application of the requirement would restrict the freedom to provide information society services to a person in Malta from that Member State. (4) Sub-articles (1), (2) and (3) shall not apply to the fields set out in the Seventh Schedule to this Act. (5) The reference to any requirements the application of which would restrict the freedom to provide information society services from another Member State in sub-article (3) does not include any requirement maintaining the level of protection for public health and consumer interests established by European Union law. 8B. (1) Notwithstanding the provisions of article 8A(3), an enforcement authority may take measures, including applying any requirement which would otherwise not apply by virtue of article 8A(3), in respect of a given information society service, where those measures are necessary for reasons of (a) public policy, in particular the prevention, investigation, detection and prosecution of criminal offences, including the protection of minors and the fight against any incitement to hatred on grounds of race, sex, religion or nationality, and violations of human dignity concerning individual persons; (b) the protection of public health; (c) public security, including the safeguarding of national security and defence; or (d) the protection of consumers, including investors, and are proportionate to those objectives. (2) Notwithstanding the provisions of article 8A(3), in any case where an enforcement authority is not party to the proceedings, a court may, on the application of any person or of its own motion, apply any requirement which would otherwise not apply by virtue of article 8A(3) in respect of a given information society service, if the application of that law or requirement is necessary for and proportionate to any of the objectives set out in sub-article (1). (3) Sub-articles (1) and (2) shall only apply where the information society service prejudices or presents a serious and grave risk of prejudice to an objective as stated in sub-article (1)(a) to (d). (4) Subject to the provisions of sub-articles (5) and (6), an enforcement authority shall not take the measures in sub-article (1) unless it: (a) asks the Member State in which the service provider is established to take measures and the aforesaid Member Derogations from article 8A. Added by: XXXV. 2016.6. 10 [ CAP. 426. ELECTRONIC COMMERCE State does not take such measures or the measures taken are considered by the enforcement authority concerned as inadequate; and (b) notifies the European Commission and the Member State in which the service provider is established of its intention to take such measures. (5) Nothing in sub-article (4) affects the commencement of any legal proceedings or the investigation of any offence or breach, however so described, by any enforcement authority. (6) If it appears to the enforcement authority that the matter is one of urgency, it may take the measures under sub-article (1) without first applying the requirements of sub-article (4). (7) In a case where a measure is taken pursuant to sub-article (6), the enforcement authority shall notify the measures taken, to the European Commission and to the Member State concerned in the shortest time possible thereafter stating in writing the reasons for urgency. General information to be provided. Added by: XXXV. 2016.6. 8C. (1) Without prejudice to other information requirements as may be established at law, a service provider shall make available to the recipient of the service and where appropriate or requested, to the enforcement authority responsible at law in ensuring compliance, including where applicable to the competent regulator, in a form and manner which is easily, directly and permanently accessible, the following information: (a) the name of the service provider; (b) the geographic address where the service provider is established; (c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner; (d) where the service provider is registered in a trade or similar public register, the trade or other such register in which the service provider is entered and his registration number, or equivalent means of identification in that register; (e) where the activity is subject to an authorisation scheme, the particulars of the relevant supervisory authority; (f) where the service provider is a member of a regulated profession (i) any professional body or similar institution with which the service provider is registered; (ii) the professional title of the provider and the Member State where it has been granted; and (iii) a reference to the applicable professional rules in the Member State of establishment and the means to access them; ELECTRONIC COMMERCE [ CAP. 426. 11 (g) where the service provider undertakes an activity that is subject to value added tax, the identification number referred to in Article 22(1) of the Sixth Council Directive 77/388/EEC of 17th May 1977 on the harmonisation of the laws of the Member States relating to turnover taxes - Common system of value added tax: uniform basis of assessment; and (h) when a service provider sends unsolicited commercial communications, details of how users of the service can register their choice regarding unsolicited commercial communications, which details must be prominently displayed on the website of the service provider and at every point where users of the service are asked to provide information when accessing the website of the service provider. (2) Where the service provider refers to prices, such prices shall be indicated clearly and unambiguously and, in particular, shall indicate whether they are inclusive of any tax, however so described, and delivery costs. 8D. In addition to any other information requirements that may be established at law, a service provider shall ensure that any commercial communication provided by him, which constitutes or forms part of an information society service shall (a) be clearly identified as a commercial communication; Provision of information in commercial communications. Added by: XXXV. 2016.6. (b) clearly identify the person on whose behalf the commercial communication is made; (c) clearly identify as such any promotional offer, including any discount, premium or gift, and ensure that any conditions which must be met to qualify for it are easily accessible, and presented clearly and unambiguously; (d) clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously; and (e) without prejudice to the provisions of the Data Protection Act and of any other laws regulating data protection, clearly identify details of how users of the service can register their choice regarding unsolicited commercial communications, which details must be prominently displayed at every point where users of the service are asked to provide information. 8E. (1) This article establishes and regulates the right under the Act to make a commercial communication which is part of, or constitutes, a service provided by a m ember of a regulated profession. (2) Without prejudice to any other provision of the Act permitting a restriction or limitation of the right to which this article applies, a body which at law is responsible for a regulated Cap. 586. Regulated professions. Added by: XXXV. 2016.6. 12 [ CAP. 426. ELECTRONIC COMMERCE profession may, in exercise of any powers vested in it at law to regulate the activities of its members, make the exercise by a member of the profession of the right to which this article applies, subject to compliance with specified conditions as referred to in sub-article (3). (3) The conditions that may be so specified are those that may reasonably be regarded as appropriate for the purpose of maintaining the standing and integrity of the profession concerned and ensuring adherence by its members to the requisite standards and, in particular, for the purpose of ensuring (a) the independence, profession, and dignity and honour of the (b) compliance with obligations of professional secrecy and fairness towards clients and other members of the profession. No requirement for prior authorisations. Added by: XXXV. 2016.6. Amended by: XXXIII. 2021.17. Cap. 399. 8F. The provision of information society services by a service provider shall not be subject to any prior authorisation: Provided that the provision of such information society services shall be without prejudice to authorisation schemes which are not specifically and exclusively targeted at information society services, or which are covered by the Electronic Communications (Regulation) Act or any regulations made thereunder. Notification requirement. Added by: XXXV. 2016.6. 8G. (Deleted by Act XXXIII. 2021.18). Non-applicability of certain articles to the activities or areas listed in the Fifth Schedule of the Act. Added by: XXXV. 2016.6. 8H. (Deleted by Act XXXIII. 2021.18). Electronic contract. Amended by: XXXIII. 2021.19. PART III ELECTRONIC CONTRACTS 9. An electronic contract shall not be denied legal effect, validity or enforceability solely on the grounds that it is wholly or partly in electronic form, or has been entered into wholly or partly by way of electronic communications or otherwise: Provided that the provisions of this article shall not apply in relation to the contracts or laws, however so described, listed in the Eighth Schedule to this Act: Provided further that the Minister may, after consulting the competent regulator, by notice in the Gazette amend the Eighth Schedule. (2) For the purposes of any law relating to contracts, an offer, an acceptance of an offer and any related communication, including any subsequent amendment, cancellation or revocation of the offer, ELECTRONIC COMMERCE [ CAP. 426. 13 the acceptance of the contract may, unless otherwise agreed by the contracting parties, be communicated by means of electronic communications. 10. (1) Unless otherwise agreed by parties who are not consumers, where the recipient of the service places his order through technological means: (a) an electronic contract is concluded when after placing his order, the recipient of the service has received from the service provider an acknowledgement of receipt of the order made by the recipient: Formation of electronic contract. Amended by: VII. 2004.49. Substituted by: XXX. 2007.54. Provided that the service provider must acknowledge receipt of the order made by the recipient without undue delay and by electronic means; and (b) the order made by the recipient and the acknowledgement of receipt are deemed to have been received when the parties to whom they are addressed are able to access them. (2) Unless otherwise agreed by parties who are not consumers, the service provider shall provide the recipient of the service with effective and accessible technical means to identify and correct handling and input errors and accidental transactions prior to the conclusion of the contract. (3) The provisions of sub-article (1)(a) and of sub-article (2) shall not apply to contracts concluded exclusively by electronic mail or by equivalent individual communications. 11. (1) Unless otherwise agreed by parties who are not consumers, and without prejudice to any consumer rights under the provisions of any other law, the service provider shall provide information in clear, comprehensive and unambiguous terms regarding the matters set out in the First Schedule, which Schedule may by notice in the Gazette, be amended by the Minister after consultation with the competent regulator: Provided that any such information shall be provided to the addressee prior to the placement of the order by him. (2) Unless parties who are not consumers have agreed otherwise, a service provider shall indicate which relevant codes of conduct he subscribes to and provide information as to how those codes can be consulted electronically. (3) Where the service provider provides terms and conditions applicable to the contract to the addressee, the service provider shall make them available to the addressee in a way that allows the addressee to store and reproduce them. (4) The provisions of sub-articles (1) and (2) shall not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications. Information requirements relating to electronic contracts. Substituted by: VII. 2004.50. Amended by: XXX. 2007.52; XXXV. 2016.3. 14 [ CAP. 426. ELECTRONIC COMMERCE PART IV TRANSMISSION OF ELECTRONIC COMMUNICATIONS Time of dispatch. 12. (1) If an electronic communication enters a single information system outside of the control of the originator, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the dispatch of the electronic communication occurs at the time when it enters the information system. (2) If an electronic communication enters successively two or more information systems outside of the control of the originator, then, unless otherwise agreed between the originator and the addressee of the electronic communication, the dispatch of the electronic communication occurs when it enters the first of those information systems. Time of receipt. Amended by: XXXV. 2016.7. 13. (1) If the addressee of an electronic communication has designated an information system for the purpose of receiving electronic communications, then, save as otherwise agreed between the originator and the addressee of the electronic communication or as otherwise required under the Regulation, the time of receipt of the electronic communication is the time when the electronic communication enters the information system. (2) If the addressee of an electronic communication has not designated an information system for the purpose of receiving electronic communications, then, save as otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communication is the time when the electronic communication comes to the attention of the addressee. Place of dispatch and receipt. 14. (1) Save as may be otherwise agreed between the originator and the addressee of an electronic communication (a) the electronic communication is deemed to have been dispatched at the place where the originator has his place of business; and (b) the electronic communication is deemed to have been received at the place where the addressee has his place of business. (2) For the purposes of the sub-article (1) (a) if the originator or the addressee has more than one place of business, and one of those places has a closer relationship to the underlying transaction, that place of business shall be deemed to be the originator’s or the addressee’s place of business; and (b) if the originator or the addressee has more than one place of business, but paragraph (a) does not apply, the originator’s or the addressee’s principal place of business shall be deemed to be the originator’s or the addressee’s place of business; and (c) if the originator or addressee does not have a place of ELECTRONIC COMMERCE [ CAP. 426. 15 business, the originator’s or the addressee’s place of business shall be deemed to be the originator’s or addressee’s ordinary residence. 15. (1) Save as otherwise agreed between the originator and the addressee of an electronic communication, the originator of an electronic communication is bound by that communication only if the communication was sent by him or under his authority. Attribution of electronic communication. (2) Nothing in sub-article (1) shall affect the operation of any law that makes provision for(a) the conduct engaged by a person within the scope of the person’s actual or apparent authority to be attributed to another person; or (b) a person to be bound by conduct engaged in by another person within the scope of the other person’s actual or apparent authority. (3) An electronic communication between an originator and an addressee shall be deemed to be of the originator if it was sent by an information system programmed to operate automatically by or on behalf of the originator. (4) An addressee shall have the right to consider each electronic communication received by him as a separate electronic communication and to act on that assumption, except to the extent that such communication is a duplicate of another electronic communication and the addressee knew or should have known, had he exercised reasonable care or used any agreed procedure, that the electronic communication was a duplicate. 15A. Wherever any legal requirement exists to communicate by way of registered mail, this requirement shall be deemed to be satisfied by the use of a qualified electronic registered delivery service by all parties participating in the communication: Communications by registered mail. Added by: XXXV. 2016.8. Provided that this article shall come into force on such date as the Minister may expressly determine by order in the Gazette. PART V PROVISION OF SIGNATURE CERTIFICATION SERVICES 16. (Deleted by Act XXXV. 2016.9.). Accreditation of signature certification service providers. 17. (Deleted by Act XXXV. 2016.9.). Supervision of signature certification service providers that issue qualified certificates. Amended by: XIII. 2005.74. 18. (Deleted by Act XXXV. 2016.9.). Liability of signature certification service providers. PART VI INTERMEDIARY SERVICE PROVIDERS 16 [ CAP. 426. ELECTRONIC COMMERCE Mere conduit. 19. Repealed by Act I.2024.20. Caching. Amended by: XXXV. 2016.3. 20. Hosting. 21. Repealed by Act I.2024.20. Obligations of intermediary service providers. 22. Prohibition on misuse of electronic signatures, signature creation devices, certificates and fraud. Amended by: XXXV. 2016.10. Repealed by Act I.2024.20. Repealed by Act I.2024.20. PART VII GENERAL 23. (1) No person shall access, copy or otherwise obtain possession of or recreate the electronic signature creation device or an electronic seal creation device of another person without authorisation, for the purpose of creating, or allowing or causing another person to create an unauthorised electronic signature or electronic seal using such signature device. (2) No person shall alter, disclose or use the electronic signature creation device or an electronic seal creation device of another person without authorisation, or in excess of lawful authorisation, for the purpose of creating or allowing or causing another person to create an unauthorised electronic signature using such electronic signature creation device or an electronic seal creation device. (3) No person shall create, publish, alter or otherwise use a certificate or an electronic signature or electronic seal for any fraudulent or other unlawful purpose. (4) No person shall misrepresent his identity or authorisation in requesting or accepting a certificate or in requesting suspension or revocation of a certification. (5) No person shall access, alter, disclose or use the electronic signature creation device or an electronic seal creation device of a certificate service provider used to issue certificates without the authorisation of the certificate service provider, or in excess of lawful authorisation, for the purpose of creating, or allowing or causing another person to create, an unauthorised electronic signature or electronic seal using such electronic signature creation device or an electronic seal creation device. (6) No person shall publish a certificate, or otherwise knowingly make it available to anyone likely to rely on the certificate or on an electronic signature or electronic seal that is verifiable with reference to data such as codes, passwords, algorithms, public cryptographic keys or other data which are used for the purposes of verifying an electronic signature or electronic seal, listed in the certificate, if such person knows that (a) the certificate service provider listed in the certificate has not issued it; or (b) the subscriber listed in the certificate has not accepted it; or (c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying an ELECTRONIC COMMERCE [ CAP. 426. 17 electronic signature or electronic seal created prior to such revocation or suspension, or giving notice of revocation or suspension. (7) No person shall use cryptographic or other similar techniques for any illegal purpose. 23A. (1) The competent regulator shall be responsible for the supervisory tasks stated in the Regulation and in doing so shall in particular: (a) supervise qualified trust service providers established in Malta ensuring through ex ante and ex post supervisory activities, that such qualified trust service providers and the qualified trust services that they provide, meet the requirements laid down in the Regulation; (b) take action if necessary, in relation to non-qualified trust service providers established in Malta through ex post supervisory activities, when informed that those non-qualified trust service providers or the trust services they provide allegedly do not meet the requirements laid down in the Regulation. (2) Without prejudice to the generality of the tasks onerous on the competent regulator as stated in sub-article (1), the competent regulator shall be responsible for the following: (a) cooperating with other supervisory bodies and provide them with assistance in accordance with Article 18 of the Regulation; (b) analysing the conformity assessment reports referred to in Articles 20(1) and 21(1) of the Regulation; (c) informing other supervisory bodies and the public about breaches of security or loss of integrity in accordance with Article 19(2) of the Regulation; (d) reporting to the European Commission about its main activities in accordance with paragraph 6 of Article 17 of the Regulation; (e) carrying out audits or requesting a conformity assessment body to perform a conformity assessment of the qualified trust service providers in accordance with Article 20(2) of the Regulation; (f) cooperating with the Office of the Information and Data Protection Commissioner in Malta, in particular, by informing that Office without undue delay, about the results of audits of qualified trust service providers, where personal data protection rules may in the opinion of the competent regulator have been breached; (g) granting qualified status to trust service providers and to the services they provide and to withdraw this status in accordance with Articles 20 and 21 of the Regulation; Supervisory body for the purposes of the Regulation. Added by: XXXV. 2016.11. Amended by: XXXIII. 2021.20. 18 [ CAP. 426. ELECTRONIC COMMERCE (h) informing the body responsible for the national trusted list referred to in Article 22(3) of the Regulation about its decisions to grant or to withdraw qualified status: Provided that such a requirement shall not apply if the competent regulator also performs the tasks of the body referred to in this paragraph; (i) verifying the existence and correct application of provisions on termination plans in cases where the qualified trust service provider ceases its activities including how information is kept accessible in accordance with point (h) of Article 24(2) of the Regulation; (j) requiring that trust service providers remedy any failure to fulfil the requirements laid down in the Regulation; (k) establishing, maintaining and publishing trusted lists in accordance with Articles 22(1) and 22(2) of the Regulation, and notifying the Commission in relation thereto in accordance with Article 22(3) of the Regulation; and (l) notifying the Commission in relation to any lists in accordance with Articles 31(1) and 39(3) of the Regulation. (3) The competent regulator may, in the performance of its supervisory tasks as stated in the Regulation, determine any such technical and, or operational requirements as it may consider necessary for the effective implementation and, or compliance with any of the provisions of the Regulation: Non-compliance with the Regulation. Added by: XXXV. 2016.11. Provided that in doing so the competent regulator shall first consult with any interested parties. 23B. Unless stated otherwise in this Act, where applicable, any non-compliance with the provisions of this Act or of the Regulation, shall constitute a breach of this Act, and shall be treated accordingly by the competent regulator who shall as it considers appropriate take the necessary regulatory measures in accordance with its powers at law. Non-compliance with the Act and powers of the competent regulator. Added by: XXXV. 2016.11. 23C. Unless stated otherwise in the Act, a breach of any of the provisions of the Act shall be subject to any such sanctions as the competent regulator is empowered by law to impose. Offences and penalties. Amended by: L.N. 426 of 2007. Substituted by: XXXV. 2016.12. Amended by: XXXIII. 2021.21; I.2024.21. 24. Any person contravening article 23 of the Act, or Articles 19(2), 20(1), 21(1), 21(3), 23 and 24 of the Regulation, shall be guilty of an offence and shall on conviction be liable to a fine (multa) of not more than two hundred and fifty thousand euro (€250,000) or to imprisonment not exceeding two years or to both such fine (multa) and imprisonment, and in the case of a continuous offence to a fine not exceeding two thousand, five hundred euro (€2,500) for each day during which the offence continues: ELECTRONIC COMMERCE [ CAP. 426. 19 Provided that where any proceedings are undertaken by the Commissioner of Police under this sub-article, the Commissioner of Police shall in writing notify the competent regulator of the taking of such proceedings and of the final outcome of the same. 24A. (1) Where a dispute however so described arises between a service provider and a consumer further to a complaint by a consumer alleging an infringement of the Act or of the Regulation as are enforced by the competent regulator, any party to such a dispute may refer the dispute to the competent regulator: Provided that in making a complaint the consumer must prima facie show that he has been affected by the act or omission of the service provider giving rise to the complaint. (2) Upon receipt of any reference as aforesaid, or upon otherwise becoming aware of any such dispute that the competent regulator believes should be investigated, the competent regulator shall notify all the parties to the dispute that the matter is being investigated. In doing so, the competent regulator shall regulate its own procedure, which procedure shall, as far as is reasonably possible, be transparent, simple, inexpensive and conducive to a prompt and fair settlement of the dispute, and shall afford all parties to the dispute reasonable opportunity to make their submissions and to produce any relevant information: Provided that the competent regulator may decide not to initiate an investigation in accordance with this article where it is satisfied that other means of resolving the dispute in a timely manner are available to the parties, or if legal proceedings in relation to the dispute have been initiated by any party to the dispute, or if another public authority is already investigating the same dispute. (3) The competent regulator in resolving any disputes referred to it under this article, may issue directives to the service provider requiring that service provider to comply with any measure the competent regulator may specify for the resolution of the dispute. Such directives may, having regard to its determination of the dispute and to all other relevant matters, include an order to effect the reimbursement of payments received or to make compensation payments. Such payments may also include the whole or part of the costs of any party relating to the engagement of a lawyer and, or of a technical adviser in relation to any submissions relating to the dispute. (4) The competent regulator shall make publicly available any administrative procedures it may from time to time establish in relation to the handling of any disputes referred to it under this article. (5) The provisions of this article shall be without prejudice to the right of the consumer to have recourse, in accordance with Maltese law, to any other body empowered to resolve any such disputes and, or to any out-of-court dispute resolution processes, however so described. (6) In issuing a decision under this article the competent Disputes between a service provider and a consumer. Added by: XXXV. 2016.13. 20 [ CAP. 426. ELECTRONIC COMMERCE regulator shall state the reasons on which it is based, and shall, subject to such requirements of commercial confidentiality as it may deem appropriate, notify the parties to the dispute with a copy of the decision. (7) The competent regulator shall publish notice of a decision given under this article and shall state from where copies of, or information regarding the decision, may be obtained. Issue of a compliance order. Added by: XXXV. 2016.13. Amended by: XVII.2023.44. 24B. (1) Where the competent regulator feels it is reasonably appropriate or necessary for the protection of consumers, it may issue a compliance order against a service provider or any other person for one or more of the following purposes: (a) requiring any person to take any measures specified in the compliance order, within the time specified in the order to ensure that the provisions of the Act and, or of the Regulation are complied with; or (b) requiring any person to cease and desist from committing a breach of the Act and, or of the Regulation. (2) The competent regulator shall when issuing a compliance order under this article: (a) notify a copy of the compliance order on each person against whom the order is made; (b) include with the compliance order, information about the right to contest the order before the Tribunal; and (c) briefly state the reasons for issuing the compliance order, which reasons shall be notified to each person against whom the order is issued and, if any, to the qualifying body on whose application the order is issued. (3) No precautionary warrant or other similar order under this or any other law shall be issued by the Tribunal or by any court restraining or restricting the competent regulator from issuing a compliance order under this Act. (4) A compliance order issued by the competent regulator shall come into force with immediate effect, unless the order provides otherwise. Application for the issue of a compliance order. Added by: XXXV. 2016.13. 24C. Repealed by Act XVII.2023.45. Discretion of the competent regulator to issue a compliance order. Added by: XXXV. 2016.13. 24D. Repealed by Act XVII.2023.45. ELECTRONIC COMMERCE [ CAP. 426. 24E. (1) A person against whom a compliance order has been made, may, within twenty days from receipt of notification of the compliance order, appeal in writing to the Tribunal for the revocation or amendment of the compliance order, giving detailed grounds for the request. The competent regulator shall be notified with the appeal and shall have twenty (20) days from the date when it is notified with the appeal in which to reply. 21 Appeals from a compliance order. Added by: XXXV. 2016.13. Amended by: XVII.2023.46. (2) The Tribunal may confirm, change or cancel the compliance order as it considers appropriate, provided that in doing so the Tribunal shall in all instances state its reasons. (3) Where an appeal is instituted under this article the compliance order shall remain in force unless the Tribunal, at the request of the party contesting the order, specifically orders that the compliance order shall be suspended pending the outcome of the appeal, subject to such conditions and amendments to the order as the Tribunal may determine: Provided that in deciding any such request for a suspension of the compliance order, the Tribunal shall give its reason in writing for its decision. 24F. (1) Appeals instituted under article 24E shall be heard and determined by the Tribunal with urgency and as expeditiously as possible. (2) The Tribunal, at the request of any of the parties to the proceedings before it, may abridge any time limits established under this Act in relation to the conduct of the appeal before it: Cases to be heard and determined with urgency. Added by: XXXV. 2016.13. Amended by: XVII.2023.47. Provided that in doing so the Tribunal shall state its reasons in writing. 24G. The competent regulator when issuing a compliance order under the Act shall not be required to prove: (a) actual loss or damage; or No need to prove actual loss. Added by: XXXV. 2016.13. (b) actual recklessness, negligence or fault on the part of the service provider or person against whom the order is made. 24H. (1) Without prejudice to any other powers it has at law, the competent regulator may, in writing, order any person to cease and desist from committing any cross-border infringement and, or from acting in breach of any of the provisions of the Act, and, or of the Regulation. (2) The competent regulator may, in issuing an order under sub-article (1) require the person concerned to provide it with a written undertaking whereby that person agrees to cease and desist from any such breach and which undertaking shall include any conditions as the competent regulator may consider necessary in the circumstances. (3) A person who makes an undertaking in accordance with this article and who subsequently acts in breach of any conditions stated in the undertaking, shall be liable to the imposition of an administrative fine by the competent regulator not exceeding the Taking of other measures to ensure compliance. Added by: XXXV. 2016.13. 22 [ CAP. 426. ELECTRONIC COMMERCE sum of twenty-five thousand euro (€25,000) and, or five hundred euro (€500) for each day during which the failure to comply with the undertaking persists: Provided that the imposition of a fine under this sub-article shall be without prejudice to any other sanctions however so described that the competent regulator may impose at law. Competent regulator may require publication. Added by: XXXV. 2016.13. 24I. (1) The competent regulator may, for the better information of the public, require the service provider or person against whom the compliance order has been issued, at the expense of the latter to communicate in any manner the competent regulator considers appropriate, including publication in at least two daily newspapers: (a) a copy in full or in part (i) of a compliance order made under article 24B; and, or (ii) a copy of an undertaking given under article 24H or an abstract of any such order and, or of any such undertaking; and, or (b) a corrective statement in relation to any contravention of the Act and, or of the Regulation. (2) Any communications required in terms of sub-article (1) must be made within seven days from receipt of a notice issued by the competent regulator requiring the service provider or person concerned to make any such communications. Where the said communications are not effected as aforesaid, the competent regulator may proceed to issue the communications itself and any expenses incurred by the competent regulator in issuing any communications made by it in accordance with the provisions of this article shall be recoverable as a civil debt from the person against whom the compliance order was issued. Right of appeal. Added by: XXXV. 2016.13. Amended by: XVII.2023.48. 24J. Any person aggrieved by a decision however so described taken by the competent regulator in accordance with the Act and having a legal interest to contest such a decision, may appeal to the Tribunal: Provided that in the case of a contestation of any matter relating to the issue of a compliance order as provided for in this Act, the procedures as stated in article 24E shall apply. Consultation with and by other enforcement authorities. Added by: XXXV. 2016.13. 24K. (1) The competent regulator may request the advice of and where appropriate shall consult with any other enforcement authority in the exercise of any of its functions under the Act and, or the Regulation. (2) In acting in accordance with any of the provisions of this Act, an enforcement authority shall, in all instances, first consult and act in co-ordination with the competent regulator. ELECTRONIC COMMERCE [ CAP. 426. 25. (1) The Minister may make regulations to provide for any matter related to electronic commerce however so described, electronic identification, trust services, electronic transactions, and any such other matters as may be complementary or related thereto, in order to give fuller effect to the provisions of this Act, and in particular, but without prejudice to the generality of the aforesaid, such regulations may provide for (a) any derogation from or restriction in relation to any cross-border transaction where this is necessary for one of the following reasons (i) public policy, in particular the protection of minors, or the fight against any incitement to hatred on grounds of race, sex, religion, political opinion or nationality; (ii) the protection of public health; (iii) public security; (iv) consumer protection; (b) identifying: (i) transactions; (ii) requirements or permissions to give information in writing; (iii) requirements or permissions to produce documents; (iv) requirements to retain information, documents and communications; (v) trust services; that may be exempt from any provision of this Act; (c) (Deleted by Act XXXV. 2016.14.); (d) (Deleted by Act XXXV. 2016.14.); (e) any matter relating to commercial communications, including, but not limited to matters relating to:(i) information to be provided in commercial communications; (ii) unsolicited commercial communications; (iii) commercial communications by regulated professions; (f) the authorisation to the competent regulator to impose administrative fines or sanctions on any person acting in contravention of any provision of this Act or of any regulation made thereunder: Provided that (i) any administrative fine provided for by regulations made under this article shall not exceed the amount of one hundred and twenty-five thousand euro (€125,000) for each breach and two thousand and five hundred euro (€2,500) for each day during which failure to observe the provisions of any regulation made thereunder persists; 23 Power to make regulations. Amended by: VII. 2004.51; XIII. 2005.75; L.N. 426 of 2007; XXXV. 2016.3, 14; XXXIII. 2021.22. 24 [ CAP. 426. ELECTRONIC COMMERCE (ii) Cap. 12. (iv) regulations made under this paragraph may prescribe that any such administrative penalty or sanction shall be due to the competent regulator as a civil debt constituting an executive title for the purposes of Title VII of Part I of Book Second of the Code of Organization and Civil Procedure as if the payment of the amount of the fine had been ordered by a judgement of a court of civil jurisdiction; such regulations may also prescribe any right of appeal from decisions of the competent regulator to impose an administrative sanction; (g) procedures to be established for out of court schemes, for the settlement of disputes arising in …

🔗 Għas-sors uffiċjali

AI explanation based on the official legal text. Indicative, not a substitute for legal advice.