Enabling Legal Environment
eLaws play a major role in use of ICT, as those should provide the necessary legal environment for using electronic data and documents for official as well as personnel purposes and carrying out electronic transactions. Moreover, the activities that are detrimental for the use of eGovernment should be controlled by Computer Crime laws. This page provides information and links related to eLaws which have been adopted in Sri Lanka.
Electronic Transactions Act
The most relevant legislation for use of ICT in government and establishment of e-government services is the Electronic Transactions Act No. 19 of 2006. The drafting of Electronic Transactions legislation was enabled through a joint Cabinet Memorandum of the Prime Minister, the Minister of Trade and Commerce and the Minister of Science and Technology. Consequently, on 22nd September 2004 the Cabinet of Ministers decided that legislation on Electronic Transactions should be prepared through the Legal Draftsman’s Department in conjunction with ICTA. The legislation was prepared by the Legal Draftsman with legal and policy inputs from ICTA and presented to Parliament on 7th March 2006. The Electronic Transactions Act was brought into operation with effect from 1st October 2007 (vide Gazette Extraordinary No. 1516/25 of 27th September 2007).
The Electronic Transactions Act No. 19 of 2006 is based on the standards established by United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996) and Model Law on Electronic Signatures (2001).
The objectives of the Act as are as follows
to facilitate domestic and international electronic commerce by eliminating legal barriers and establishing legal certainty;
to encourage the use of reliable forms of electronic commerce;
to facilitate electronic filing of documents with government and to promote efficient delivery of government services by means of reliable forms of electronic communications and
to promote public confidence in the authenticity, integrity and reliability of data messages and electronic communications. This has ensured that electronic communication is officially and legally accepted as a proper means of communication (emphasis added).
Based on this Act steps could now be taken by government organizations to provide services by electronic means as well as to retain data and information in electronic form.
As a follow-up to the enactment of the Electronic Transactions Act, Sri Lanka became one of the first three countries in the Asian Region (and first country in South Asia) to sign the United Nations Convention on the Use of Electronic Communications in International Contracts (commonly known as the e-Contracting convention). This was consequent to a Cabinet decision initiated by the Ministry of Science and Technology.
The Convention aims to enhance legal certainty and commercial predictability where electronic communications are used in relation to international contracts. It addresses the determination of a party’s location in an electronic environment; the time and place of dispatch and receipt of electronic communications; the use of automated message systems for contract formation; and the criteria to be used for establishing functional equivalence between electronic communications and paper documents – including “original” paper documents – as well as between electronic authentication methods and hand-written signatures.
As another necessary follow up action, ICTA is in the process of setting up a Certifying Authority for issuing digital signatures for Sri Lankan government organizations and citizens to ensure the authenticity and Non-repudiation.
The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes. The Bill was presented in Parliament and debated on 23rd August 2005 and thereafter extensively revised by the Parliamentary Standing Committee “B”. It was enacted as legislation in May 2007 and certified by the Speaker of Parliament on 9th July 2007.
The basis of the Computer Crimes Act No. 24 of 2007 is to criminalize attempts at unauthorized access to a computer, computer programme, data or information. It also contains a provision to deal with unauthorized use of computers regardless of whether the offender had authority to access the computer.
The Act creates offences for unauthorized modification, alteration or deletion of information and denial of access, which makes it an offence for any person to program the computer in such a manner so as to prevent authorized persons from obtaining access. Other offences sought to be created under the proposed Act include causing damage or harm to the computer by the introduction of viruses and logic bombs etc, unauthorized copying of information, unauthorized use of computer service and interception of a computer programme, data or information while it is been transmitted from one computer to another.
The Act introduces a new regime for the investigation of offences. Provisions have been made in the Act to designate a panel of ‘Experts’ to assist the Police in the investigation of computer crime offences.
Data protection rules have become an increasingly important legal regime in an information age where personal data has become a significant asset of many companies, especially those operating over the Internet. However, in a connected global economy, national data protection rules can be easily circumvented and protections granted to the citizens lost as data is transferred out of the jurisdiction. In an attempt to prevent such circumvention, the EU data protection regime contains provisions controlling the transfer of personal data to non-EU countries, such as Sri Lanka.
At present the Government is pursuing a policy based on the adoption of a Data Protection Code of Practice, encompassing the private sector, with the possibility of the code being placed on a statutory footing through regulations issued under the Information and Communication Technology Act of 2003. As such, this approach can be seen as self- or co-regulatory approach. (Refer section 0103)
Intellectual Property Rights (IPR)
As regards the protection of intellectual property rights (IPR), the Intellectual Property Act no. 36 of 2003 replaced the Code of Intellectual Property Act no. 52 of 1979. The IP Act of 2003 contains several new features in relation to the protection of software, trade secrets and integrated circuits. (Refer Sections 0204 and 0205 of this document for detail)
Below acts, regulations, circulars, guidelines are related to eLaws and policies of Sri Lanka government
- Information and Communication Technology Act No.27 of 2003
- Intellectual Property Act No. 36 of 2003 (Sections related to Copyright)
- Electronic Transactions Act No. 19 of 2006
- Computer Crimes Act No. 24 of 2007
- Payment And Settlement Systems Act, No. 28 of 2005
- Payment Devices Frauds Act No.30 of 2006
- Mobile Payment Guidelines – 13_mobile_payment_2011_1e
- Mobile Payment Guidelines – 14_mobile_payment_2011_2e
- Electronic Payments to Government Institutions PF447E
- Electronic Payments by Government Institutions 02_2013E
- Use of Electronic Documents and Electronic Communication for Official Use -Circular
- Use of E-Mail and ICT in general in Government Business