\u00a0<\/p>\n
\n
ELECTRONIC SIGNATURES ACT.<\/p>\n
ARRANGEMENT OF SECTIONS<\/b><\/p>\n
\u00a0\u00a0\u00a0Section<\/p>\n
PART I
PRELIMINARY.<\/p>\n
\u00a0<\/p>\n
\u00a0\u00a0\u00a01.\u00a0\u00a0\u00a0Commencement. <\/a><\/p>\n \u00a0\u00a0\u00a02.\u00a0\u00a0\u00a0Interpretation. <\/a><\/p>\n \u00a0\u00a0\u00a03.\u00a0\u00a0\u00a0Equal treatment of signature technologies. <\/a><\/p>\n \u00a0<\/p>\n PART II \u00a0\u00a0\u00a04.\u00a0\u00a0\u00a0Compliance with a requirement for a signature. <\/a><\/p>\n \u00a0\u00a0\u00a05.\u00a0\u00a0\u00a0Conduct of the signatory. <\/a><\/p>\n \u00a0\u00a0\u00a06.\u00a0\u00a0\u00a0Variation by agreement. <\/a><\/p>\n \u00a0\u00a0\u00a07.\u00a0\u00a0\u00a0Conduct of the relying party. <\/a><\/p>\n \u00a0\u00a0\u00a08.\u00a0\u00a0\u00a0Trustworthiness. <\/a><\/p>\n \u00a0\u00a0\u00a09.\u00a0\u00a0\u00a0Conduct of the certification service provider. <\/a><\/p>\n \u00a0\u00a0\u00a010.\u00a0\u00a0\u00a0Advanced signatures. <\/a><\/p>\n \u00a0\u00a0\u00a011.\u00a0\u00a0\u00a0Secure electronic signature. <\/a><\/p>\n \u00a0\u00a0\u00a012.\u00a0\u00a0\u00a0Presumptions relating to secure and advanced electronic signatures. <\/a><\/p>\n \u00a0<\/p>\n PART III \u00a0\u00a0\u00a013.\u00a0\u00a0\u00a0Secure digital signatures. <\/a><\/p>\n \u00a0\u00a0\u00a014.\u00a0\u00a0\u00a0Satisfaction of signature requirements. <\/a><\/p>\n \u00a0\u00a0\u00a015.\u00a0\u00a0\u00a0Unreliable digital signatures. <\/a><\/p>\n \u00a0\u00a0\u00a016.\u00a0\u00a0\u00a0Digitally signed document taken to be written document. <\/a><\/p>\n \u00a0\u00a0\u00a017.\u00a0\u00a0\u00a0Digitally signed document deemed to be original document. <\/a><\/p>\n \u00a0\u00a0\u00a018.\u00a0\u00a0\u00a0Authentication of digital signatures. <\/a><\/p>\n \u00a0\u00a0\u00a019.\u00a0\u00a0\u00a0Presumptions in adjudicating disputes. <\/a><\/p>\n \u00a0<\/p>\n PART IV \u00a0\u00a0\u00a020.\u00a0\u00a0\u00a0Sphere of application. <\/a><\/p>\n \u00a0\u00a0\u00a021.\u00a0\u00a0\u00a0Controller. <\/a><\/p>\n \u00a0\u00a0\u00a022.\u00a0\u00a0\u00a0Certification service providers to be licensed. <\/a><\/p>\n \u00a0\u00a0\u00a023.\u00a0\u00a0\u00a0Qualifications of certification service providers. <\/a><\/p>\n \u00a0\u00a0\u00a024.\u00a0\u00a0\u00a0Functions of licensed certification service providers. <\/a><\/p>\n \u00a0\u00a0\u00a025.\u00a0\u00a0\u00a0Application for licence. <\/a><\/p>\n \u00a0\u00a0\u00a026.\u00a0\u00a0\u00a0Grant or refusal of licence. <\/a><\/p>\n \u00a0\u00a0\u00a027.\u00a0\u00a0\u00a0Revocation of licence. <\/a><\/p>\n \u00a0\u00a0\u00a028.\u00a0\u00a0\u00a0Appeal. <\/a><\/p>\n \u00a0\u00a0\u00a029.\u00a0\u00a0\u00a0Surrender of licence. <\/a><\/p>\n \u00a0\u00a0\u00a030.\u00a0\u00a0\u00a0Effect of revocation, surrender or expiry of licence. <\/a><\/p>\n \u00a0\u00a0\u00a031.\u00a0\u00a0\u00a0Effect of lack of licence. <\/a><\/p>\n \u00a0\u00a0\u00a032.\u00a0\u00a0\u00a0Return of licence. <\/a><\/p>\n \u00a0\u00a0\u00a033.\u00a0\u00a0\u00a0Restricted licence. <\/a><\/p>\n \u00a0\u00a0\u00a034.\u00a0\u00a0\u00a0Restriction on use of expression “certification service provider”. <\/a><\/p>\n \u00a0\u00a0\u00a035.\u00a0\u00a0\u00a0Renewal of licence. <\/a><\/p>\n \u00a0\u00a0\u00a036.\u00a0\u00a0\u00a0Lost licence. <\/a><\/p>\n \u00a0\u00a0\u00a037.\u00a0\u00a0\u00a0Recognition of other licenses. <\/a><\/p>\n \u00a0\u00a0\u00a038.\u00a0\u00a0\u00a0Performance audit. <\/a><\/p>\n \u00a0\u00a0\u00a039.\u00a0\u00a0\u00a0Activities of certification service providers. <\/a><\/p>\n \u00a0\u00a0\u00a040.\u00a0\u00a0\u00a0Requirement to display licence. <\/a><\/p>\n \u00a0\u00a0\u00a041.\u00a0\u00a0\u00a0Requirement to submit information on business operations. <\/a><\/p>\n \u00a0\u00a0\u00a042.\u00a0\u00a0\u00a0Notification of change of information. <\/a><\/p>\n \u00a0\u00a0\u00a043.\u00a0\u00a0\u00a0Use of trustworthy systems. <\/a><\/p>\n \u00a0\u00a0\u00a044.\u00a0\u00a0\u00a0Disclosures on inquiry. <\/a><\/p>\n \u00a0\u00a0\u00a045.\u00a0\u00a0\u00a0Prerequisites to issue of certificate to subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a046.\u00a0\u00a0\u00a0Publication of issued and accepted certificate. <\/a><\/p>\n \u00a0\u00a0\u00a047.\u00a0\u00a0\u00a0Adoption of more rigorous requirements permitted. <\/a><\/p>\n \u00a0\u00a0\u00a048.\u00a0\u00a0\u00a0Suspension or revocation of certificate for faculty issuance. <\/a><\/p>\n \u00a0\u00a0\u00a049.\u00a0\u00a0\u00a0Suspension or revocation of certificate by order. <\/a><\/p>\n \u00a0\u00a0\u00a050.\u00a0\u00a0\u00a0Warranties to subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a051.\u00a0\u00a0\u00a0Continuing obligations to subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a052.\u00a0\u00a0\u00a0Representations upon issuance. <\/a><\/p>\n \u00a0\u00a0\u00a053.\u00a0\u00a0\u00a0Representations upon publications. <\/a><\/p>\n \u00a0\u00a0\u00a054.\u00a0\u00a0\u00a0Implied representations by subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a055.\u00a0\u00a0\u00a0Representations by agent of subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a056.\u00a0\u00a0\u00a0Disclaimer or indemnity limited. <\/a><\/p>\n \u00a0\u00a0\u00a057.\u00a0\u00a0\u00a0Indemnification of certification service provider by subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a058.\u00a0\u00a0\u00a0Certification of accuracy of information given. <\/a><\/p>\n \u00a0\u00a0\u00a059.\u00a0\u00a0\u00a0Duty of subscriber to keep private key secure. <\/a><\/p>\n \u00a0\u00a0\u00a060.\u00a0\u00a0\u00a0Property in private key. <\/a><\/p>\n \u00a0\u00a0\u00a061.\u00a0\u00a0\u00a0Fiduciary duty of a certification service provider. <\/a><\/p>\n \u00a0\u00a0\u00a062.\u00a0\u00a0\u00a0Suspension of certificate by certification service provider. <\/a><\/p>\n \u00a0\u00a0\u00a063.\u00a0\u00a0\u00a0Suspension of certificate by Controller. <\/a><\/p>\n \u00a0\u00a0\u00a064.\u00a0\u00a0\u00a0Notice of suspension. <\/a><\/p>\n \u00a0\u00a0\u00a065.\u00a0\u00a0\u00a0Termination of suspension initiated by request. <\/a><\/p>\n \u00a0\u00a0\u00a066.\u00a0\u00a0\u00a0Alternate contractual procedures. <\/a><\/p>\n \u00a0\u00a0\u00a067.\u00a0\u00a0\u00a0Effect of suspension of certificate. <\/a><\/p>\n \u00a0\u00a0\u00a068.\u00a0\u00a0\u00a0Revocation of request. <\/a><\/p>\n \u00a0\u00a0\u00a069.\u00a0\u00a0\u00a0Revocation on subscriber’s demise. <\/a><\/p>\n \u00a0\u00a0\u00a070.\u00a0\u00a0\u00a0Revocation of unreliable certificates. <\/a><\/p>\n \u00a0\u00a0\u00a071.\u00a0\u00a0\u00a0Notice of revocation. <\/a><\/p>\n \u00a0\u00a0\u00a072.\u00a0\u00a0\u00a0Effect of revocation request on subscriber. <\/a><\/p>\n \u00a0\u00a0\u00a073.\u00a0\u00a0\u00a0Effect of notification on certification service provider. <\/a><\/p>\n \u00a0\u00a0\u00a074.\u00a0\u00a0\u00a0Expiration of certificate. <\/a><\/p>\n \u00a0\u00a0\u00a075.\u00a0\u00a0\u00a0Reliance limit. <\/a><\/p>\n \u00a0\u00a0\u00a076.\u00a0\u00a0\u00a0Liability limits for certification service providers. <\/a><\/p>\n \u00a0\u00a0\u00a077.\u00a0\u00a0\u00a0Recognition of repositories. <\/a><\/p>\n \u00a0\u00a0\u00a078.\u00a0\u00a0\u00a0Liability of repositories. <\/a><\/p>\n \u00a0\u00a0\u00a079.\u00a0\u00a0\u00a0Recognition of date or time stamp services. <\/a><\/p>\n \u00a0<\/p>\n PART V \u00a0\u00a0\u00a080.\u00a0\u00a0\u00a0Prohibition against dangerous activities. <\/a><\/p>\n \u00a0\u00a0\u00a081.\u00a0\u00a0\u00a0Obligation of confidentiality. <\/a><\/p>\n \u00a0\u00a0\u00a082.\u00a0\u00a0\u00a0False information. <\/a><\/p>\n \u00a0\u00a0\u00a083.\u00a0\u00a0\u00a0Offences by body corporate. <\/a><\/p>\n \u00a0\u00a0\u00a084.\u00a0\u00a0\u00a0Authorised officer. <\/a><\/p>\n \u00a0\u00a0\u00a085.\u00a0\u00a0\u00a0Power to investigate. <\/a><\/p>\n \u00a0\u00a0\u00a086.\u00a0\u00a0\u00a0Search by warrant. <\/a><\/p>\n \u00a0\u00a0\u00a087.\u00a0\u00a0\u00a0Search and seizure without warrant. <\/a><\/p>\n \u00a0\u00a0\u00a088.\u00a0\u00a0\u00a0Access to computerised data. <\/a><\/p>\n \u00a0\u00a0\u00a089.\u00a0\u00a0\u00a0List of things seized. <\/a><\/p>\n \u00a0\u00a0\u00a090.\u00a0\u00a0\u00a0Obstruction of authorised officer. <\/a><\/p>\n \u00a0\u00a0\u00a091.\u00a0\u00a0\u00a0Additional powers. <\/a><\/p>\n \u00a0\u00a0\u00a092.\u00a0\u00a0\u00a0General penalty. <\/a><\/p>\n \u00a0\u00a0\u00a093.\u00a0\u00a0\u00a0Institution and conduct of prosecution. <\/a><\/p>\n \u00a0\u00a0\u00a094.\u00a0\u00a0\u00a0Jurisdiction to try offences. <\/a><\/p>\n \u00a0\u00a0\u00a095.\u00a0\u00a0\u00a0Prosecution of officers. <\/a><\/p>\n \u00a0\u00a0\u00a096.\u00a0\u00a0\u00a0Limitation on disclaiming or limiting application of the Act. <\/a><\/p>\n \u00a0\u00a0\u00a097.\u00a0\u00a0\u00a0Regulations. <\/a><\/p>\n \u00a0\u00a0\u00a098.\u00a0\u00a0\u00a0Compensation. <\/a><\/p>\n \u00a0\u00a0\u00a099.\u00a0\u00a0\u00a0Power of Minister to amend schedule. <\/a><\/p>\n \u00a0\u00a0\u00a0100.\u00a0\u00a0\u00a0Savings and transitional provisions. <\/a><\/p>\n \u00a0<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Schedule\u00a0\u00a0\u00a0<\/a><\/i>Currency point.<\/p>\n \u00a0<\/p>\n ELECTRONIC SIGNATURES ACT.<\/p>\n Commencement:<\/i> 15 April 2011.<\/p>\n \u00a0\u00a0\u00a0An Act to make provision for and to regulate the use of electronic signatures and to provide for other related matters.<\/b><\/p>\n \u00a0<\/p>\n PART I \u00a0<\/p>\n <\/a>1.\u00a0\u00a0\u00a0Commencement.<\/p>\n \u00a0\u00a0\u00a0This Act shall come into force on a date appointed by the Minister by statutory instrument<\/p>\n \u00a0<\/p>\n <\/a>2.\u00a0\u00a0\u00a0Interpretation.<\/p>\n \u00a0\u00a0\u00a0In this Act, unless the context otherwise requires\u2014<\/p>\n \u00a0\u00a0\u00a0“accept a certificate”<\/b> means\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0to manifest approval of a certificate, while knowing or having notice of its contents; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0to apply to a certification service provider for a certificate, without revoking the application by delivering notice of the revocation to the licensed certification service provider and obtaining a signed, written receipt from the certification service provider, if the certification service provider subsequently issues a certificate based on the application;<\/p>\n \u00a0\u00a0\u00a0“advanced electronic signature”<\/b> means an electronic signature, which is\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0uniquely linked to the signatory;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0reliably capable of identifying the signatory;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0created using secure signature creation device that the signatory can maintain; and<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0linked to the data to which it relates in such a manner that any subsequent change of the data or the connections between the data and the signature are detectable;<\/p>\n \u00a0\u00a0\u00a0“asymmetric cryptosystem”<\/b> means an algorithm or series of algorithms, which provide a secure key pair;<\/p>\n \u00a0\u00a0\u00a0“authorised officer”<\/b> means the Controller or a police officer or a public officer performing any functions under this Act; and includes any public officer authorised by the Minister or by the controller to perform any functions under this Act;<\/p>\n \u00a0\u00a0\u00a0“certificate”<\/b> means a data message or other records confirming the link between a signatory and a signature creation data;<\/p>\n \u00a0\u00a0\u00a0“certification service provider disclosure record”<\/b> means an online and publicly accessible record that concerns a licensed certification service provider, which is kept by the Controller under subsection 21(5);<\/p>\n \u00a0\u00a0\u00a0“certification practice statement”<\/b> means a declaration of the practices, which a certification service provider employs in issuing certificates generally or employs in issuing a particular certificate;<\/p>\n \u00a0\u00a0\u00a0“certification service provider”<\/b> means a person that issues certificates and may provide other services related to electronic signatures;<\/p>\n \u00a0\u00a0\u00a0“certify”<\/b> means to declare with reference to a certificate, with ample opportunity to reflect and with a duty to apprise oneself of all material facts;<\/p>\n \u00a0\u00a0\u00a0“confirm”<\/b> means to ascertain through diligent inquiry and investigation;<\/p>\n \u00a0\u00a0\u00a0“Controller”<\/b> means National Information Technology Authority-Uganda;<\/p>\n \u00a0\u00a0\u00a0“correspond”<\/b>, with reference to keys, means to belong to the same key pair;<\/p>\n \u00a0\u00a0\u00a0“currency point”<\/b> has the meaning assigned to it in the Schedule in this Act;<\/p>\n \u00a0\u00a0\u00a0“digital signature”<\/b> means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0whether the transformation was created using the private key that corresponds to the signer’s public key; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0whether the message has been altered since the transformation was made;<\/p>\n \u00a0\u00a0\u00a0“electronic signature”<\/b> means data in electronic form affixed to or logically associated with a data message, which may be used to identify the signatory in relation to the data message and indicate the signatory’s approval of the information contained in the data message; and includes an advance electronic signature and the secure signature;<\/p>\n \u00a0\u00a0\u00a0“electronic signature product”<\/b> means configured hardware or software or relevant components of it, which are intended to be used by a certification service provider for the provision of electronic signature services or are intended to be used for the creation or verification of electronic signatures;<\/p>\n \u00a0\u00a0\u00a0“forge a digital signature”<\/b> means\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0to create a digital signature without the authorisation of the rightful holder of the private key; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0to create a digital signature verifiable by a certificate listing as subscriber a person who either does not exist or does not hold the private key corresponding to the public key listed in the certificate;<\/p>\n \u00a0\u00a0\u00a0“hold a private key”<\/b> means to be able to utilise a private key;<\/p>\n \u00a0\u00a0\u00a0“incorporate by reference”<\/b> means to make one message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated;<\/p>\n \u00a0\u00a0\u00a0“issue a certificate”<\/b> means the act of a certification service provider in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate;<\/p>\n \u00a0\u00a0\u00a0“key pair”<\/b> means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify a digital signature that the private key creates;<\/p>\n \u00a0\u00a0\u00a0“licensed certification service provider”<\/b> means a certification service provider to whom a licence has been issued by the Controller and whose licence is in effect;<\/p>\n \u00a0\u00a0\u00a0“message”<\/b> means a digital representation of information;<\/p>\n \u00a0\u00a0\u00a0“Minister”<\/b> means the Minister responsible for information and communication technology;<\/p>\n \u00a0\u00a0\u00a0“notify”<\/b> means to communicate a fact to another person in a manner reasonably likely under the circumstances to impart knowledge of the information to the other person;<\/p>\n \u00a0\u00a0\u00a0“person”<\/b> includes any company or association or body of persons corporate or unincorporate;<\/p>\n \u00a0\u00a0\u00a0“prescribed”<\/b> means prescribed by or under this Act or any regulations made under this Act;<\/p>\n \u00a0\u00a0\u00a0“private key”<\/b> means the key of a key pair used to create a digital signature;<\/p>\n \u00a0\u00a0\u00a0“public key”<\/b> means the key of a key pair used to verify a digital signature and listed in the digital signature certificate;<\/p>\n \u00a0\u00a0\u00a0“public key infrastructure”<\/b> means a framework for creating a secure method for exchanging information based on public key cryptography;<\/p>\n \u00a0\u00a0\u00a0“publish”<\/b> means to record or file in a repository;<\/p>\n \u00a0\u00a0\u00a0“qualified certification service provider”<\/b> means a certification service provider that satisfies the requirements under section 23;<\/p>\n \u00a0\u00a0\u00a0“recipient”<\/b> means a person who receives or has a digital signature and is in a position to rely on it;<\/p>\n \u00a0\u00a0\u00a0“recognised date or time stamp service”<\/b> means a date\/time stamp service recognised by the Controller under section 79;<\/p>\n \u00a0\u00a0\u00a0“recognised repository”<\/b> means a repository recognised by the Controller under section 77;<\/p>\n \u00a0\u00a0\u00a0“recommended reliance limit”<\/b> means the monetary amount recommended for reliance on a certificate under section 76;<\/p>\n \u00a0\u00a0\u00a0“relying party”<\/b> means a person that may act on the basis of a certificate or an electronic signature;<\/p>\n \u00a0\u00a0\u00a0“repository”<\/b> means a system for storing and retrieving certificates and other information relevant to digital signatures;<\/p>\n \u00a0\u00a0\u00a0“revoke a certificate”<\/b> means to make a certificate ineffective permanently from a specified time forward;<\/p>\n \u00a0\u00a0\u00a0“rightfully hold a private key”<\/b> means to be able to utilise a private key\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0which the holder or the holder’s agents have not disclosed to any person in contravention of this act; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0which the holder has not obtained through theft, deceit, eavesdropping or other unlawful means;<\/p>\n \u00a0\u00a0\u00a0“security procedure”<\/b> means a procedure for the purpose of\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0verifying that an electronic record is that of a specific person; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0detecting error or alteration in the communication, content or storage of an electronic record since a specific point in time, which may require the use of algorithms or codes, identifying words or numbers, encryption, answer back or acknowledgement procedures or similar security devices;<\/p>\n \u00a0\u00a0\u00a0“secure signature creation device”<\/b> means a signature creation device which meets the requirements laid down in section 4;<\/p>\n \u00a0\u00a0\u00a0“signatory”<\/b> means a person that holds signature creation data and acts either on its own behalf or on behalf of the person it represents<\/p>\n \u00a0\u00a0\u00a0“signature creation device”<\/b> means configured software or hardware, used by the signatory to create an electronic signature;<\/p>\n \u00a0\u00a0\u00a0“signature verification data”<\/b> means unique data such as codes or public cryptographic keys, used for the purpose of verifying an electronic signature;<\/p>\n \u00a0\u00a0\u00a0“signature verification device”<\/b> means configured software or hardware, used for the purpose of verifying an electronic signature;<\/p>\n \u00a0\u00a0\u00a0“signed”<\/b> or “signature”<\/b> and its grammatical variations includes any symbol executed or adapted or any methodology or procedure employed or adapted, by a person with the intention of authenticating a record, including an electronic or digital method;<\/p>\n \u00a0\u00a0\u00a0“subscriber”<\/b> means a person who\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0is the subject listed in a certificate;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0accepts the certificate; and<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0holds a private key which corresponds to a public key listed in that certificate;<\/p>\n \u00a0\u00a0\u00a0“suspend a certificate”<\/b> means to make a certificate ineffective temporarily for a specified time forward;<\/p>\n \u00a0\u00a0\u00a0“this Act”<\/b> includes any regulations made under this Act;<\/p>\n \u00a0\u00a0\u00a0“time-stamp”<\/b> means\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0to append or attach to a message, digital signature or certificate a digitally signed notation indicating at least the date, time and identity of the person appending or attaching the notation; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the notation appended or attached;<\/p>\n \u00a0\u00a0\u00a0“transactional certificate”<\/b> means a certificate, incorporating by reference one or more digital signatures, issued and valid for a specific transaction;<\/p>\n \u00a0\u00a0\u00a0“trustworthy system”<\/b> means computer hardware and software which\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0are reasonably secure from intrusion and misuse;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0provide a reasonable level of availability, reliability and correct operation; and<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0are reasonably suited to performing their intended functions;<\/p>\n \u00a0\u00a0\u00a0“valid certificate” means a certificate which\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0a licensed certification service provider has issued;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0has been accepted by the subscriber listed in it;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0has not been revoked or suspended; and<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0has not expired,<\/p>\n but a transactional certificate is a valid certificate only in relation to the digital signature incorporated in it by reference;<\/p>\n \u00a0\u00a0\u00a0“verify a digital signature”<\/b> means, in relation to a given digital signature, message and public key, to determine accurately that\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the digital signature was created by the private key corresponding to the public key; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the message has not been altered since its digital signature was created;<\/p>\n \u00a0\u00a0\u00a0“writing”<\/b> or “written”<\/b> includes any handwriting, typewriting, printing, electronic storage or transmission or any other method of recording information or fixing information in a form capable of being preserved.<\/p>\n \u00a0\u00a0\u00a0(2) For the purposes of this Act, a certificate shall be revoked by making a notation to that effect on the certificate or by including the certificate in a set of revoked certificates.<\/p>\n \u00a0\u00a0\u00a0(3) The revocation of a certificate does not mean that it is destroyed or made illegible.<\/p>\n \u00a0<\/p>\n <\/a>3.\u00a0\u00a0\u00a0Equal treatment of signature technologies.<\/p>\n Nothing in this Act shall be applied so as to exclude, restrict or deprive of legal effect any method of creating an electronic signature that satisfies the requirements for a signature in this Act or otherwise meets with the requirements of any other applicable law.<\/p>\n \u00a0<\/p>\n PART II \u00a0<\/p>\n <\/a>4.\u00a0\u00a0\u00a0Compliance with a requirement for a signature.<\/p>\n \u00a0\u00a0\u00a0(1) Where the law requires a signature of a person, that requirement is met in relation to a data message if an electronic signature is used which is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in light of all the circumstances, including any relevant agreement.<\/p>\n \u00a0\u00a0\u00a0(2) Subsection (1) applies whether the requirement referred to in that subsection in the form of an obligation or whether the law simply provides consequences for the absence of a signature.<\/p>\n \u00a0\u00a0\u00a0(3) An electronic signature is considered to be reliable for the purpose of satisfying the requirement referred to in subsection (1) if\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the signature creation data are, within the context in which they are used, linked to the signatory and to no other person;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the signature creation data were, at the time of signing, under the control of the signatory and of no other person;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0any alteration to the electronic signature, made after the time of signing, is detectable; and<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0where a purpose of legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable.<\/p>\n \u00a0\u00a0\u00a0(4) Subsection (3) does not limit the liability of any person\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0to establish in any other way, for the purpose of satisfying the requirement referred to in subsection (1), the reliability of an electronic signature; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0to adduce evidence of the non-reliability of an electronic signature.<\/p>\n \u00a0<\/p>\n <\/a>5.\u00a0\u00a0\u00a0Conduct of the signatory.<\/p>\n \u00a0\u00a0\u00a0(1) Where signature creation data can be used to create a signature that has legal effect, each signatory shall\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0exercise reasonable care to avoid unauthorised use of its signature creation data;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0without undue delay, notify any person that may reasonably be expected by the signatory to rely on or to provide services in support of the electronic signature if\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0the signatory knows that the signature creation data have been compromised; or<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0the circumstances known to the signatory give rise to a substantial risk that the signature creation data may have been compromised;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0where a certificate is used to support the electronic signature, exercise reasonable care to ensure the accuracy and completeness of all material representations made by the signatory which are relevant to the certificate throughout its life-cycle or which are to be included in the certificate.<\/p>\n \u00a0<\/p>\n <\/a>6.\u00a0\u00a0\u00a0Variation by agreement.<\/p>\n \u00a0\u00a0\u00a0The provisions of this Act may be derogated from or their effect may be varied by agreement unless that agreement would not be valid or effective under any law.<\/p>\n \u00a0<\/p>\n <\/a>7.\u00a0\u00a0\u00a0Conduct of the relying party.<\/p>\n \u00a0\u00a0\u00a0A relying party shall bear the legal consequences of his or her failure to\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0take reasonable steps to verify the reliability of an electronic signature; or<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0where an electronic signature is supported by a certificate, take reasonable steps\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0to verify the validity, suspension or revocation of the certificate; and<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0to observe any limitation with respect to the certificate.<\/p>\n \u00a0<\/p>\n <\/a>8.\u00a0\u00a0\u00a0Trustworthiness.<\/p>\n \u00a0\u00a0\u00a0When determining whether or to what extent any systems procedures and human resources utilised by a certification service provider are trustwo<\/p>\n {mprestriction ids=”1,2,3″}<\/p>\n rthy, regard may be had to the following factors\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0financial and human resources, including existence of assets;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0quality of hardware and software systems;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0procedure for processing of certificates and applications for certificates and retention of records;<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0availability of information to signatories identified in certificates and to potential relying parties;<\/p>\n \u00a0\u00a0\u00a0(e<\/i>)\u00a0\u00a0\u00a0regularity and extent of audit by an independent body;<\/p>\n \u00a0\u00a0\u00a0(f<\/i>)\u00a0\u00a0\u00a0the existence of a declaration by the state, an accreditation body or the certification service provider regarding compliance with or existence of the foregoing; or<\/p>\n \u00a0\u00a0\u00a0(g<\/i>)\u00a0\u00a0\u00a0any other relevant factor.<\/p>\n \u00a0<\/p>\n <\/a>9.\u00a0\u00a0\u00a0Conduct of the certification service provider.<\/p>\n \u00a0\u00a0\u00a0(1) Where a certification service provider provides services to support an electronic signature that may be used for legal effect as a signature, that certification service provider shall\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0act in accordance with representations made by it with respect to its policies and practices;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0exercise reasonable care to ensure the accuracy and completeness of all material representations made by it that are relevant to the certificate throughout its life-cycle or which are included in the certificate;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0provide reasonably accessible means which enable a relying party to ascertain from the certificate\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0the identity of the certification service provider;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0that the signatory that is identified in the certificate had control of the signature creation data at the time when the certificate was issued;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iii)\u00a0\u00a0\u00a0that signature creation data were valid at or before the time when the certificate was issued;<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0provide reasonably accessible means which enable a relying party to ascertain, where relevant, from the certificate or otherwise\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0the method used to identify the signatory;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0any limitation on the purpose or value for which the signature creation data or the certificate may be used;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iii)\u00a0\u00a0\u00a0that the signature creation data are valid and have not been compromised;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iv)\u00a0\u00a0\u00a0any limitation on the scope or extent of liability stipulated by the certification service provider;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(v)\u00a0\u00a0\u00a0whether means exist for the signatory to give notice under section 4(1);<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(vi)\u00a0\u00a0\u00a0whether a timely revocation service is offered;<\/p>\n \u00a0\u00a0\u00a0(e<\/i>)\u00a0\u00a0\u00a0where services under paragraph (d<\/i>)(v) are offered, provide a means for a signatory to give notice under section 4(1)(b<\/i>) and, where services under paragraph (d)<\/i>(vi) are offered, ensure the availability of a timely revocation service;<\/p>\n \u00a0\u00a0\u00a0(f<\/i>)\u00a0\u00a0\u00a0utilise trustworthy systems, procedures and human resources in performing its services.<\/p>\n \u00a0\u00a0\u00a0(2) A certification service provider shall be liable for its failure to satisfy the requirements of subsection (1).<\/p>\n \u00a0<\/p>\n <\/a>10.\u00a0\u00a0\u00a0Advanced signatures.<\/p>\n \u00a0\u00a0\u00a0(1) An advanced electronic signature, verified with a qualified certificate, is equal to an autographic signature in relation to data in electronic form and has therefore equal legal effectiveness and admissibility as evidence.<\/p>\n \u00a0\u00a0\u00a0(2) The advanced signature verification process shall ensure that\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the data used for verifying the electronic signature correspond to the data displayed to the verifier;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the signature is reliably verified and the result of the verification and identity of the certificate holder is correctly displayed to the verifier;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0the verifier can reliably establish the contents of the signed data;<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0the authenticity and validity of the certificate required at the time of signature verification are verified;<\/p>\n \u00a0\u00a0\u00a0(e<\/i>)\u00a0\u00a0\u00a0the use of a pseudonym is clearly indicated;<\/p>\n \u00a0\u00a0\u00a0(f<\/i>)\u00a0\u00a0\u00a0any security-relevant changes can be detected.<\/p>\n \u00a0<\/p>\n <\/a>11.\u00a0\u00a0\u00a0Secure electronic signature.<\/p>\n \u00a0\u00a0\u00a0Where, through the application of a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved, an electronic signature is executed in a trustworthy manner, reasonably and in good faith relied upon by the relying party, that signature shall be treated as a secure electronic signature at the time of verification to the extent that it can be verified that the electronic signature satisfied, at the time it was made, the following criteria\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the signature creation data used for signature creation is unique and its secrecy is reasonably assured;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0it was capable of being used to objectively identify that person;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0it was created in a manner or using a means under the sole control of the person using it, that cannot be readily duplicated or compromised;<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0it is linked to the electronic record to which it relates in such a manner that if the record was changed to electronic signature would be invalidated;<\/p>\n \u00a0\u00a0\u00a0(e<\/i>)\u00a0\u00a0\u00a0the signatory can reliably protect his or her signature creation data from unauthorised access.<\/p>\n \u00a0<\/p>\n <\/a>12.\u00a0\u00a0\u00a0Presumptions relating to secure and advanced electronic signatures.<\/p>\n \u00a0\u00a0\u00a0(1) In any civil proceedings involving a secure electronic record, it shall be presumed, unless the contrary is proved, that the secure or advanced electronic record has not been altered since the specific point in time to which the secure status relates.<\/p>\n \u00a0\u00a0\u00a0(2) In any civil proceedings involving a secure or advanced electronic signature, the following shall be presumed unless the contrary is proved\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the secure or advanced electronic signature is the signature of the person to whom it correlates; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the secure or advanced electronic signature was affixed by that person with the intention of signing or approving the electronic record.<\/p>\n \u00a0\u00a0\u00a0(3) In the absence of a secure or advanced electronic signature, nothing in this Part shall create any presumption relating to the authenticity and integrity of the electronic record or an electronic signature.<\/p>\n \u00a0\u00a0\u00a0(4) The effect of presumptions provided in this section is to place on the party challenging the genuineness of a secure or advanced electronic signature both the burden of going forward with evidence to rebut the presumption and the burden of persuading the court of the fact that the non-existence of the presumed fact is more.<\/p>\n \u00a0<\/p>\n PART III \u00a0<\/p>\n <\/a>13.\u00a0\u00a0\u00a0Secure digital signatures.<\/p>\n \u00a0\u00a0\u00a0When a portion of an electronic record is signed with a digital signature the digital signature shall be treated as a secure electronic signature in respect of that portion of the record, if\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0the digital signature was created during the operational period of a valid certificate and is verified by reference to a public key listed in the certificate; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0the certificate is considered trustworthy, in that it is an accurate binding of a public key to a person’s identity because\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0the certificate was issued by a certification service provider operating in compliance with regulations made under this Act;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0the certificate was issued by a certification service provider outside Uganda recognised for the purpose by the Controller pursuant to regulations made under this Act;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iii)\u00a0\u00a0\u00a0the certificate was issued by a department or ministry of the Government, an organ of state of statutory corporation approved by the minister to act as a certification service provider on such conditions as the regulations may specify; or<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iv)\u00a0\u00a0\u00a0the parties have expressly agreed between themselves to use digital signatures as a security procedure and the digital signature was properly verified by reference to the sender’s public key.<\/p>\n \u00a0<\/p>\n <\/a>14.\u00a0\u00a0\u00a0Satisfaction of signature requirements.<\/p>\n \u00a0\u00a0\u00a0(1) Where a rule of law requires a signature or provides for certain consequences in the absence of a signature, that rule shall be satisfied by a digital signature where\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification service provider;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0that digital signature was affixed by the signer with the intention of signing the message; and<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0the recipient has no knowledge or notice that the signer\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0has breached a duty as a subscriber; or<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0does not rightfully hold the private key used to affix the digital signature.<\/p>\n \u00a0\u00a0\u00a0(2) Notwithstanding any written law to the contrary\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0a document signed with a digital signature in accordance with this Act shall be as legally binding as a document signed with a handwritten signature, an affixed thumbprint or any other mark; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0a digital signature created in accordance with this Act shall be taken to be a legally binding signature.<\/p>\n \u00a0\u00a0\u00a0(3) Nothing in this Act shall preclude a symbol from being valid as a signature under any other applicable law.<\/p>\n \u00a0<\/p>\n <\/a>15.\u00a0\u00a0\u00a0Unreliable digital signatures.<\/p>\n \u00a0\u00a0\u00a0(1) Unless otherwise provided by law or contract, the recipient of a digital signature assumes the risk that a digital signature is forged, if reliance on the digital signature is not reasonable under the circumstances.<\/p>\n \u00a0\u00a0\u00a0(2) Where the recipient decides not to rely on a digital signature under this section, the recipient shall promptly notify the signer of its determination not to rely on a digital signature and the grounds for that determination.<\/p>\n \u00a0<\/p>\n <\/a>16.\u00a0\u00a0\u00a0Digitally signed document taken to be written document.<\/p>\n \u00a0\u00a0\u00a0(1) A message shall be as valid, enforceable and effective as if it had been written on paper if\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0it bears in its entirety a digital signature; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0that digital signature is verified by the public key listed in a certificate which\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0was issued by a licensed certification service provider; and<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0was valid at the time the digital signature was created.<\/p>\n \u00a0\u00a0\u00a0(2) Nothing in this Act shall preclude any message, document or record from being considered written or in writing under any other applicable law.<\/p>\n \u00a0<\/p>\n <\/a>17.\u00a0\u00a0\u00a0Digitally signed document deemed to be original document.<\/p>\n \u00a0\u00a0\u00a0A copy of a digitally signed message shall be as valid, enforceable and effective as the original of the message unless it is evident that the signer designated an instance of the digitally signed message to be a unique original, in which case only that instance constitutes the valid, enforceable and effective message.<\/p>\n \u00a0<\/p>\n <\/a>18.\u00a0\u00a0\u00a0Authentication of digital signatures.<\/p>\n \u00a0\u00a0\u00a0A certificate issued by a licensed certification service provider shall be an acknowledgement of a digital signature verified by reference to the public key listed in the certificate, regardless of whether words of an express acknowledgement appear with the digital signature and regardless of whether the signer physically appeared before the licensed certification service provider when the digital signature was created, if that digital signature is\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0verifiable by that certificate; and<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0was affixed when that certificate was valid.<\/p>\n \u00a0<\/p>\n <\/a>19.\u00a0\u00a0\u00a0Presumptions in adjudicating disputes.<\/p>\n \u00a0\u00a0\u00a0In adjudicating a dispute involving a digital signature, a court shall presume\u2014<\/p>\n \u00a0\u00a0\u00a0(a<\/i>)\u00a0\u00a0\u00a0that a certificate digitally signed by a licensed certification service provider and\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0published in a recognised repository; or<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0made available by the issuing licensed certification service provider or by the subscriber listed in the certificate, is issued by the licensed certification service provider which digitally signed it and is accepted by the subscriber listed in it;<\/p>\n \u00a0\u00a0\u00a0(b<\/i>)\u00a0\u00a0\u00a0that the information listed in a valid certificate and confirmed by a licensed certification service provider issuing the certificate is accurate;<\/p>\n \u00a0\u00a0\u00a0(c<\/i>)\u00a0\u00a0\u00a0that where the public key verifies a digital signature listed in a valid certificate issued by a licensed certification service provider\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(i)\u00a0\u00a0\u00a0that digital signature is the digital signature of the subscriber listed in that certificate;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ii)\u00a0\u00a0\u00a0that digital signature was affixed by that subscriber with the intention of signing the message; and<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(iii)\u00a0\u00a0\u00a0the recipient of that digital signature has no knowledge or notice that the signer\u2014<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(aa<\/i>)\u00a0\u00a0\u00a0has breached a duty as a subscriber; or<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(ab<\/i>)\u00a0\u00a0\u00a0does not rightfully hold the private key used to affix the digital signature; and<\/p>\n \u00a0\u00a0\u00a0(d<\/i>)\u00a0\u00a0\u00a0that a digital signature was created before it was time-stamped by a recognised date or time stamp service utilising a trustworthy system.<\/p>\n \u00a0<\/p>\n PART IV \u00a0<\/p>\n <\/a>20.\u00a0\u00a0\u00a0Sphere of application.<\/p>\n \u00a0\u00a0\u00a0This part applies to digital signatures or signatures that are able to use the public key infrastructure (PKI).<\/p>\n \u00a0<\/p>\n <\/a>21.\u00a0\u00a0\u00a0Controller.<\/p>\n \u00a0\u00a0\u00a0(1) The Controller shall, in particular be responsible for monitoring and overseeing the activities of certification service providers and shall perform the functions conferred on the Controller under this Act.<\/p>\n \u00a0\u00a0\u00a0(2) The Controller shall exercise its functions under this Act subject to such directions as to the general policy guidelines as may be given by the Minister.<\/p>\n \u00a0\u00a0\u00a0(3) The Controller shall maintain a publicly accessible database containing a certification service provider disclosure record for each certification service provider, which shall contain all the particulars required under regulations made under this Act.<\/p>\n \u00a0\u00a0\u00a0(4) The Controller shall publish the contents of the database in at least one recognised repository.<\/p>\n \u00a0<\/p>\n <\/a>22.\u00a0\u00a0\u00a0Certification service providers to be licensed.<\/p>\n \u00a0\u00a0\u00a0(1) A person shall not carry on or operate or hold himself out as carrying on or operating, as a certification service provider unless that person has a valid licence issued under this Act.<\/p>\n \u00a0\u00a0\u00a0(2) A person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding 240 currency points or imprisonment not exceeding 10 years or both; and in the case of a continuing offence is in addition liable to a daily fine not exceeding 10 currency points for each day the offence continues.<\/p>\n \u00a0\u00a0\u00a0(3) The Minister may, on an application in writing being made in accordance with this Act, exempt a person operating as a certification service provider within an organisation from the requirement of a licence under this section where certificates and key pairs are issued to members of the organisation for internal use only; but the Minister shall not delegate that power to the Controller.<\/p>\n \u00a0\u00a0\u00a0(4) The liability limits specified in Part IV shall not apply to an exempted certification service provider and Part V shall not apply in relation to a digital signature verified by a certificate issued by an exempted certification service provider.<\/p>\n \u00a0<\/p>\n <\/a>23.\u00a0\u00a0\u00a0Qualifications of certification service providers.<\/p>\n \u00a0\u00a0\u00a0(1) The Minister in consultation with National Information Technology Authority-Uganda shall, by regulations made under this Act, prescribe the qualifications required for certification service providers.<\/p>\n \u00a0\u00a0\u00a0(2) The Minister in consultation with National Information Technology Authority-Uganda may vary or amend the qualifications prescribed under subsection (1) but any such variation or amendment shall not be applied to a certification service provider holding a valid licence under this Act until the expiry of that licence.<\/p>\n \u00a0<\/p>\n
ELECTRONIC SIGNATURES.<\/p>\n
SECURE DIGITAL SIGNATURES.<\/p>\n
PUBLIC KEY INFRASTRUCTURE.<\/p>\n
MISCELLANEOUS.<\/p>\n
PRELIMINARY.<\/p>\n
ELECTRONIC SIGNATURES.<\/p>\n
SECURE DIGITAL SIGNATURES.<\/p>\n
PUBLIC KEY INFRASTRUCTURE.<\/p>\n