34
No. 23708
Act No. 25,2002
GOVERNMENT
AUGUST 2GAZETTE,
2002
ELECTRONIC COMMUNICATIONS AND
TRANSACTIONS ACT, 2002
(0) issues any permit, licence or approval; or
(c) provides for a manner of payment,
may, notwithstanding anything to the contrary in such law(i)accept the filing of suchdocuments, or the creation or retention of such
documents
formin the messages;
of data
(ii) issue such permit, licence or approval in the form of a data message; or
(iii) make or receive payment in electronic form or by electronic means.
5
Requirements may be specified
28. (1) In any case where a public body performs any of the functions referred to in
section 27, such body may specify by notice in the Gazette(ai the manner and format in which the data messages must be filed, created,
retained or issued;
( h ) in cases where the data messagehas to be signed,thetype
of electronic
signature required;
(c) the manner and format in which such electronic signature must be attached to.
incorporated in or otherwise associated with the data message;
(d) the identity of or criteria that must be met by any authenticationservice
provider used by the person filing the data messageor that such authentication
service provider must be a preferred authentication service provider;
( e ) the appropriate control processes and procedures to ensure adequate integrity,
security and confidentiality of data messages or payments; and
(S, any other requirements for data messages or payments.
(2) For the purposes of subsection ( I ) ( d )the South African Post Office Limited is a
preferred authenticationserviceprovider and the Minister may designate any other
authentication service provider as a preferred authentication service provider based on
such authenticationserviceprovider'sobligations
in respect of the provision of
universal access.
10
15
20
25
CHAPTER V
CRYPTOGRAPHY PROVIDERS
Register of cryptography providers
30
29. (1) The Director-General must establish and maintain a register of cryptography
providers.
( 2 ) The Director-Generalmust record thefollowingparticulars
in respect of a
cryptography provider in that register:
( a ) The name and address of the cryptography provider;
35
(0) a description of the type of cryptography service or cryptography product
being provided; and
ic) such orher particulars as maybe
prescribed to identify and locate the
cryptography provider or its products or services adequately.
(3) A cryptography provider is not required to disclose confidential information or 40
trade secrets in respect of its cryptography products or services.
Registration with Department
30. (1) No person may provide cryptography servicesor cryptography products in the
Republic until the particulars referredto in section 29 in respect of that person have been
recorded in thecontemplated
register
in section 29.
45
( 2 ) A cryptography provider must in the prescribed manner furnish the DirectorGeneral with the information required and pay the prescribed administrative fee.
(3) A cryptography service or cryptography product is regarded as being provided in
the Republic if it is provided-