ELECTRONIC TRANSACTIONS ORDINANCE, 2002 (ETO) (CONTINUED....)
Section 24 of the ETO provides that Certification Council shall make regulations specifying the
criteria/procedure for the grant of accreditation certificates to the certification service providers. The
provision is reproduced as follows:
"24. The Certification Council may grant accreditation to certification service provider, its
cryptography services, electronic signature or advanced electronic signature and security
procedures who comply with the criteria for accreditation specified in the regulations.
The terms and conditions of the accreditation, including those relating to duration of the
accreditation, renewal, suspension or revocation, shall be specified in regulations.
The fee for grant and renewal of the accreditation shall be as prescribed.
The form and manner of proceedings for the consideration of application for grant, renewal,
suspension or revocation of accreditation shall be specified in the regulations provided that, the
regulations shall provide for a transparent procedure with due regard to the right of hearing."
Note that a certification service provider shall have proper right of hearing before a decision on its
application for the grant of accreditation certificate is made. This is based on the fundamental principle of
law that no body should be condemned unheard (also called the principle of natural justice).
Under Section 25, each certification service provider shall prepare a Certification Practice Statement (CPS)
as prescribed by the regulations of the Certification Council. CPS would be a policy document of the
certification service provider, which would be filed along with the application for grant of accreditation
A copy of the certification practice statement shall be maintained at the office of the Certification Council
and shall be open to public inspection. Subject to any regulations made by the Council, a CPS would
normally include information for persons adversely affected by a wrong/false certificate, the extent of
liability, policy about suspension or revocation of certificates etc. For details you can see section 25
below (no need to memorize any such section, just try to build a general sense):
"25. Each certification service provider, desirous of being accredited, shall prepare and have at
all times accessible a certification practice statement in such form and with such details,
particulars and contents as may be specified in regulations made by the Certification Council.
Without prejudice to the generality of the foregoing, the regulations may provide for:
Prompt information to persons likely to be adversely affected by any event relating
to the information system of the certification service provider or inaccuracy,
invalidity or misrepresentation contained in a certificate;
Identification of subscribers;
Suspension or revocation of certificates;
Accuracy of information contained in a valid accreditation certificate;
Foresee ability of reliance on valid accreditation certificates; and
Deposit of certificates or notification of any suspension or revocation of any
accreditation certificate or any other fact or circumstance affecting the certificate, in
The certificate practice statement shall be submitted to Certification Council for approval along
with the application for accreditation.
Any subsequent change in the approved certification practice statement shall be initiated and
processed in such manner as may be specified in regulations made by the Certification Council,
and upon approval by the Certification Council, shall be
incorporated in the certification
A copy of the certification practice statement shall be maintained at the office of the
Certification Council and shall be open to public inspection.
Subject to such limitations as may be specified in the regulations made under sub-section (1), a
certification service provider shall, during the period of validity of an accreditation certificate
published for reliance by any person, be deemed to warranting to such person that:
the certification service provider has complied with the requirements of this
Ordinance, rules and regulations made under this ordinance ; and
the information contained in the certificate is accurate.
The Certification Council may suspend or revoke the accreditation of a certification service
provider for failure to comply with the provisions of this section:
Provided that, an order for suspension or revocation of accreditation shall be made in the manner specified
in regulations made under sub-section (1) after providing reasonable right of hearing."
All applications and matters before the Certification Council should be decided as quickly as possible
through a speaking order (order containing reasons). The Council may appoint such officers, employees and
advisers as it considers necessary, and can also establish regional or local offices for due performance of its
Section 31 of the ETO specifies that it does not apply to five different types of documents, namely, a
negotiable instrument, a power of attorney, a trust, a will, a contract of sale or conveyance of immoveable
property. Accordingly, such documents are still required to be in paper form.
A negotiable instrument includes a promissory note, a bill of exchange and a check. A promissory note is
an unconditional promise or undertaking to pay a specified amount to a specified person. A bill of exchange
is an order by a person (person `A') to another person (person `B') to make certain payment to a third
person (person `C') on behalf of `A'. A check is a type of bill of exchange where the bank is asked by a
person (drawer of the check) to make specific payment to the person in whose favor the check is written. A
power of attorney is the document through which some authority is given by a person to another to do
certain acts or things on behalf of the person who executes the power of attorney. A document of trust or
trust deed is prepared to create a trust. A trust can own property in its name.
The property of the trust is used for the benefit of specified persons named in the trust deed called
beneficiaries of the trust. The person who establishes the trust is called author of the trust. The persons
who mange the affairs of the trust are called trustees. A will is a document through which someone can
name the person(s) who would be entitled to own his property after his death. A document through which
the ownership in a property is legally transferred to someone is called a conveyance deed (such as a sale
A contract of sale of immoveable property (land etc.) and/or a conveyance deed in this behalf are still
required to be in paper form. Note that the Federal Government, however, has been given the power to
make whole or any part of the ETO applicable to all or any of the above documents through a notification
in the official gazette.
For reference, section 31 is given as under:
"31. Subject to sub-section
Nothing in this Ordinance shall apply to:
a negotiable instrument as defined in section 13 of the Negotiable Instruments Act,
1881 (XXVI of 1881);
a power-of-attorney under the Powers of Attorney Act, 1881 (VII of 1882);
a trust as defined in the Trust Act 1882 (II of 1882), but excluding constructive,
implied and resulting trusts;
a will or any form of testamentary disposition under any law for the time being in
a contract for sale or conveyance of immovable property or any interest in such
The Federal Government after consultation with the provinces may, by
the official Gazette and subject to such conditions and limitations as may be specified
therein, declare that the whole or part of this Ordinance shall apply to the whole or part of
one or more instruments specified in clauses (a) to (e) of sub-Section (1)."
Section 32 of the ETO says that courts in Pakistan shall have jurisdiction or authority to decide any matter
that relates to persons or information systems or events in Pakistan and covered by the terms of the
Ordinance. Assume that someone from England accesses an information system in Pakistan and deletes or
modifies the data of a person contained therein without any authority, then this act may be treated as an
offence under the ETO and Pakistani courts would have jurisdiction to try such a matter. Note that ETO
would have an overriding or dominating effect as opposed to a law which is inconsistent with its terms.
Sections 32 and 33 are reproduced as under in this behalf:
"32. The provisions of this Ordinance shall apply notwithstanding the matters being the
subject hereof occurring outside Pakistan, in so far as they are directly or indirectly connected
to, or have an effect on or bearing in relation to persons, information systems or events within
the territorial jurisdiction of Pakistan."
"33. The provisions of this Ordinance shall apply notwithstanding anything to the contrary
contained in any other law for the time being in force."
Sections 34 to 37 of the ETO deal with offences. Four different types of offences are mentioned in ETO.
Where a subscriber obtains a certificate from the certification service provider providing false information,
deliberately, he is guilty of an offence. Any directors or other officers of a certification service provider
commit an offence in case they issue a certificate knowing that it is false or they do not cancel a certificate
after they have come to know that the information it contains is wrong/false.
A person who accesses or attempts to access an information system with or without the intention to acquire
information contained therein is also guilty of an offence under the ETO in case he does so without any
A person would also be said to have committed an offence where he, without any authority, deletes,
removes, or alters any information contained in any information system, or he hinders or attempts to hinder
access to an information system without any authority to do so. Note that each of the above offences
prescribes imprisonment or fine or both. The aforesaid provisions are reproduced below in case you want
to look into details: (for exam you are not supposed to memorize these sections)
"34. any subscriber who:
Provides information to a certification service provider knowing such information to be
false or not believing it to be correct to the best of his knowledge and belief;
Fails to bring promptly to the knowledge of the certification service provider any change in
circumstances as a consequence whereof any information contained in a certificate
accepted by the subscriber or authorized by him for publication or reliance by any person,
ceases to be accurate or becomes misleading, or
Knowingly causes or allows a certificate or his electronic signatures to be used in any
fraudulent or unlawful manner, shall be guilty of an offence under this Ordinance.
The offence under sub-section (1) shall be punishable with imprisonment either description of
a term not exceeding seven years, or with fine which may extend to ten million rupees, or with
"35. Every director, secretary and other responsible officer, by whatever designation called,
connected with the management of the affairs of a certification service provider, which:
Issues, publishes or acknowledges a certificate containing false or
Fails to revoke or suspend a certificate after acquiring knowledge that any
information contained therein has become false or misleading;
Fails to revoke or suspend a certificate in circumstances where it ought
reasonably to have been known that any information contained in the
certificate is false or misleading;
Issues a certificate as accredited certification service provider while its
accreditation is suspended or revoked; shall be guilty of any offence under
The offence under sub-section (l) shall be punishable with imprisonment either description of a
term not exceeding seven years, or with fine which may extend to ten million rupees, or with
The certification service provider or its employees specified in sub-section (1) shall also be
liable, upon conviction, to pay compensation for any foreseeable damage suffered by any
person or subscriber as a direct consequence of any of the events specified in clauses (a) to (d)
of sub-section (1).
The compensation mentioned in sub-section (3) shall be recoverable as arrears of land
"36. Any person who gains or attempts to gain access to any information system with or
without intent to acquire the information contained therein or to gain knowledge of such
information, whether or not he is aware of the nature or contents of such information, when
he is not authorized to gain access, as aforesaid, shall be guilty of an offence under this
Ordinance punishable with either description of a term not exceeding seven years, or fine
which may extend to one million rupees, or with both."
"37. Any person who does or attempts to do any act with intent to alter, modify, delete,
remove, generate, transmit or store any information through or in any information system
knowingly that he is not authorized to do any of the foregoing, shall be guilty of an offence
under this Ordinance.
Any person who does or attempts to do any act with intent to impair the operation of, or
prevent or hinder access to, any information contained in any information system, knowingly
that he is not authorized to do any of the foregoing, shall be guilty of an offence under this
The offences under sub-section (1) and (2) of this section will be punishable with either
description of a term not exceeding seven years or fine which may extend to one million
rupees, or with both."
Table of Contents: