Skip to document content Skip to main menu Skip to search

Electronic Transactions Act, 2019

Act 4 of 2019

This Act has not yet come into force in full. See the Uncommenced provisions tab for more information.
Electronic Transactions Act, 2019
Citation
Act 4 of 2019
Date
29 November 2019
Language
English
Publication
Download PDF (306.4 KB)
Related documents
Skip to document content
Coat of Arms

Electronic Transactions Act, 2019

Act 4 of 2019

  • Published in Government Gazette 7068 on 29 November 2019
  • Assented to on 7 November 2019
  • There are multiple commencements
    • Provisions Status
    Chapter 1 (section 1–3); Chapter 2 (section 4–15); Chapter 3, Part 1, section 16–19, section 21–24; Part 2 (section 25); Part 3 (section 26–33); Chapter 6 (section 49–57); Chapter 7 (section 58–60) commenced on 16 March 2020 by Government Notice 75 of 2020.
    Chapter 3, Part 1, section 20; Chapter 4 (section 34–40); Chapter 5 (section 41–48) not yet commenced.
  • [This is the version of this document from 29 November 2019 and includes any amendments published up to 2 January 2026.]
To provide for a general framework for the promotion of the use of electronic transactions in the Republic of Namibia; to provide for the legal recognition of electronic transactions; to provide for the admission of electronic evidence; to provide for consumer protection in electronic commerce; to regulate the liability of service providers for actions of their clients; and to provide for matters incidental thereto.
BE IT ENACTED, as passed by the Parliament, and assented to by the President, of the Republic of Namibia, as follows:

Chapter 1
Preliminary provisions

1. Definitions

In this Act, unless the context indicates otherwise -"accredit" means accredit under Chapter 5;"addressee" of a data message, means a person who is intended by the originator to receive the data message, but does not include a person acting as an intermediary in respect of that data message;"advanced electronic signature" means an electronic signature which is designed so that together with a security procedure it is possible to verify that the signature -(a)is unique to the signer for the purpose for which it is used;(b)can be used to identify objectively the signer of the data message;(c)was created and affixed to the data message by the signer or using a means under the sole control of the signer; or(d)was created and is linked to the data message to which it relates in a manner such that any changes in the data message can be detected;"Authority" means the Communications Regulatory Authority of Namibia established by section 4 of the Communications Act, 2009 (Act No. 8 of 2009);"automated message system" means a pre-programmed system or other electronic or other automated means, including a computer program or a device, used to initiate an action, respond to data messages or generate other performances in whole or in part, without review or intervention by a human being each time an action is initiated or a response is generated by the system;"consumer" means any natural person who enters or intends entering into an electronic transaction with a supplier as the end user of the goods or services offered by that supplier;"computer evidence" means data evidence or information evidence;"Council" means the Electronic Information Systems Management Advisory Council established by section 4;"computer system" means any device, together with input, output or other peripheral devices which is able or is intended to perform automatic processing, communication or storage of data, pursuant to a program, ;"data evidence" means evidence of any matter relevant in legal proceedings if that matter is represented in a computer system directly and can be made readily understandable to a human being without requiring any special skills or knowledge on the part of any person and includes a display, print out or other output of that data;"data message" means data generated, displayed, sent, received or stored by electronic, optical or similar means and which appears to a user as a logical unit, including, but not limited to, electronic mail, a web page, mobile communications, such as SMS messages, audio or video recordings, telegram, telex or telecopy;"digital certificate" means data or a device which enables a person to verify that a data message has been sent or created by a specific person and which data or device has been issued by a third party or by an information system on behalf of that third party;"e-government services" means -(a)any communications or the provision of information by a public body; or(b)the making available by a public body of facilities to communicate with, provide information to, make application to, or to perform any similar action with regard to that public body,which involves the interaction with, or use of computer or information systems by any member of the public;"electronic" means represented or communicated by an electric potential difference, the flow of electric current, any other state of an electronic component, the state of a mechanical component, the state of magnetisation of any matter, or by optical means, by means of other electro-magnetic radiation or by any other means whereby information can be represented in matter or radiation and can be processed or transferred by a computer system or an information system;"electronic communications" means any emission, transmission or reception of sound, pictures, text or any other information by wire, radio waves, optical means, electromagnetic systems or any other means of a like nature;"electronic signature" means data including a sound, symbol or process, executed or adopted to identify a person and to indicate that person’s approval or intention in respect of the information contained in a data message and which is attached to or logically associated with that data message;"electronic transaction" means any communication, expression of will, agreement or other transaction where a data message is used;"excluded laws"means -(a)the Wills Act, 1953 (Act No. 7 of 1953);(b)the Alienation of Land Act, 1981 (Act No. 68 of 1981);(c)the Stamp Duties Act, 1993 (Act No. 15 of 1993);(d)the Bills of Exchange Act, 2003 (Act No. 22 of 2003); and(e)any law which requires that a person that borrows money or to whom credit is provided, must conclude a written contract or must sign such contract or another document;"Executive Director" means the Executive Director of the Ministry;"information evidence" means evidence of a matter relevant in legal proceedings that is not stored in a computer system, but can be produced from data stored in a computer system by means of a statistical, mathematical or logical process;"information system"means a system comprising computer systems and communications devices used for generating, sending, receiving, storing or processing data or data messages and which is owned or operated by a single person, regardless of the fact that that person makes available facilities of, or services provided by that system to other persons;"intermediary", with respect to a particular data message, means a person who, on behalf of another person, sends, receives or stores that data message or provides other services with respect to that data message;"Minister" means the Minister responsible for technology;"Ministry" means the Ministry responsible for technology;"Online Consumer Affairs Committee" means the online consumer Affairs committee established pursuant to section 11(2);"originator" means a person by whom, or on whose behalf, a data message purports to have been sent or generated prior to storage, if any, but it does not include a person acting as an intermediary with respect to that data message;"prescribe" means prescribe by regulation;"program", when used as a verb, means to write or install a computer program, to configure or in any other way cause or instruct a computer system or an information system to send or display a data message or to perform an action if a specific condition exists or a specific event has occured;"public body" means the Government of the Republic of Namibia, any Ministry, Office or agency thereof, as well as any body created by or under any law to -(a)perform a regulatory function; or(b)perform a function for the benefit of the public or a part of the public as authorised or required by a law;"recognised electronic signature" means an advanced electronic signature complying with the requirements prescribed under section 20(3);"security procedure" means a process involving one or more of the purposes referred to in section 41(1);"security product" means a product that as part of its functionality has one or more of the purposes referred to in section 41(1);"security service" means a service (including the issuing of digital certificates) which involves anything with a purpose referred to in section 41(1);"this Act" includes regulations made in terms of this Act;"web page" means a data message providing for an information browsing framework that allows a user to locate and access information stored on an information system and to follow references to other information, facilities or functions.

2. Objects of Act

The objects of this Act are -
(a)to provide for the development, promotion and facilitation of electronic transactions and related electronic communications;
(b)to remove and prevent barriers to electronic transactions and related electronic communications;
(c)to promote legal certainty and confidence in electronic transactions and electronic communications;
(d)to promote e-government services and electronic commerce and electronic communications with, by, between and for public and private bodies, institutions and citizens;
(e)to develop a safe, secure and effective environment for consumers, business and public bodies to conduct and use electronic transactions;
(f)to promote the development of electronic transaction services responsive to the needs of consumers;
(g)to ensure that, in relation to the provision of electronic transactions and services, the special needs of vulnerable groups and communities and persons with disabilities are duly taken into account;
(h)to ensure compliance with accepted international technical standards in the provision and development of electronic transactions and related electronic communications; and
(i)to ensure that the interest and image of Namibia are not compromised through the misuse of, or failure to use electronic transactions and electronic communications.

3. General functions and powers of minister

The Minister must, after consultation with the Council -
(a)make all necessary regulations, for the development, management, and facilitation of electronic transactions and related electronic communications in Namibia;
(b)co-ordinate information technology developments at national level; and
(c)monitor and ensure compliance with this Act and such other policy documents relating to the objects of this Act which have been adopted by the Namibian Government.

Chapter 2
Electronic Information Systems Management Advisory Council

4. Establishment of council

There is established a body, to be known as the Electronic Information Systems Management Advisory Council, which may be referred to by the abbreviation "EISMAC", to exercise the powers and perform the functions conferred on and assigned to it by or under this Act.

5. Composition of council

(1)The Council consists of five members appointed by the Minister.
(2)The members of the Council must have relevant knowledge relating to the matters regulated by this Act or in general the use of computer systems, information technology, data processing and electronic communications systems.
(3)The Minister must appoint one member of the Council as Chairperson and the Council must elect another of its members as the Vice-Chairperson.

6. Disqualification

A person is not eligible to be appointed as a member of the Council, if he or she -
(a)is not a Namibian citizen or lawfully admitted to Namibia for permanent residence, or does not reside in Namibia;
(b)is a member of the National Assembly of Namibia or a regional council established under section 2 of the Regional Councils Act, 1992 (Act No. 22 of 1992);
(c)is an unrehabilitated insolvent;
(d)is of unsound mind; or
(e)has within ten years from the date of appointment been convicted of an offence involving an element of dishonesty, or of a contravention of this Act, or of any other law relating to the use of information and communications technologies or systems.

7. Term of office

(1)Subject to section 8, a member holds office for a period of five years.
(2)A member whose term of office has expired is eligible for reappointment.

8. Vacating of office and filling of vacancy

(1)A member ceases to hold office if he or she -
(a)becomes subject to a disqualification referred to in section 6;
(b)resigns by giving notice in writing addressed to the Minister ;
(c)is removed from office under subsection (2).
(2)The Minister may remove a member from office by notice in writing, if -
(a)there is good reason for doing so; and
(b)the member has been given reasonable opportunity of making representations to the Minister.
(3)If the office of a member becomes vacant before the expiration of his or her term of office, the Minister must appoint, another person to fill the vacancy for the unexpired portion of that term.

9. Remuneration

A member or a member of a committee, must, regardless of the fact that such member is in the full time employment of the State, be paid such remuneration and allowances as the Minister, with the concurrence of the Minister responsible for finance, may determine.

10. Meetings of council

(1)The first meeting of the Council must be held at a time and place as determined by the Minister, and thereafter the Council must meet at the times and places determined by the Council.
(2)The Chairperson must convene the next meeting if for any reason a meeting cannot take place at the date and time determined by the Council.
(3)The Council must meet at least four times a year.
(4)The Chairperson may at any time, and must upon receipt of a request in writing of at least three other members or of the Minister, convene a meeting of the Council.
(5)The Chairperson or, in the absence of the Chairperson, the Vice-Chairperson must preside at a meeting of the Council.
(6)At a meeting of the Council -
(a)a quorum is three members: Provided that no quorum is formed when neither the Chairperson nor the Vice-Chairperson is present;
(b)all decisions of the Council are made by a majority of votes of the members present and voting; and
(c)the member presiding has a deliberative vote and, in the event of an equality of votes, also a casting vote.
(7)The Council must, on a request in writing of the Minister, consider any matter specified by the Minister in relation to the Council’s functions.
(8)Unless the Council determines otherwise, the Executive Director, or his or her delegate, must attend the meetings of the Council and may take part in the deliberations of the Council, but has no vote.
(9)The Council may permit any person who has expert knowledge of a matter which is before the Council or a committee for determination to attend a meeting of the Council or the committee and take part in deliberations in relation to that matter, but that person has no vote.
(10)Subject to this Act, the Council -
(a)may regulate its own proceedings;
(b)must cause minutes of proceedings and decisions at each meeting of the Council to be kept; and
(c)must submit a copy of the minutes to the Minister as soon as possible after the minutes have been approved by the Council.

11. Committees

(1)The Council may establish such committees as it deems convenient with the approval of the Minister -
(a)to advise the Council on any matter in relation to the Council’s functions; or
(b)to perform, subject to the directions of the Council, any function of the Council which the Council delegates to it in writing.
(2)The Council must establish an Online Consumer Affairs Committee which must consist of three members of whom at least one must be a member of the Council.
(3)A committee may consist of one or more members of the Council or of one or more members of the Council and such other persons whom the Council considers to be suitable.
(4)The Council must appoint a member of the Council as chairperson of a committee.
(5)The Council may at any time dissolve or reconstitute a committee.

12. Disclosure of interest

(1)If a member of the Council or of a committee has a direct or indirect financial or other interest in any matter which is the subject of consideration by the Council or the committee and which may cause a conflict of interest in the proper performance of his or her duties as such a member, he or she must disclose that interest to the Council or to the committee as soon as is practicable after the relevant facts have come to his or her knowledge.
(2)A person who has an interest referred to in subsection (1) -
(a)if he or she is present at a meeting of the Council or the committee at which the matter is to be considered, must disclose the nature of his or her interest to the meeting immediately before the matter is considered; or
(b)if he or she is aware that the matter is to be considered at a meeting of the Council or the committee at which he or she does not intend to be present, must disclose the nature of his or her interest to the Chairperson of the Council or the chairperson of the committee before the meeting is held.
(3)A member of the Council or of a committee who has an interest referred to in subsection (1) may not -
(a)be present during any deliberation; and
(b)take part in any decision of the Council or the committee in relation to the matter in question.
(4)A disclosure by a member under this section must be recorded in the minutes of the relevant meeting of the Council or committee.
(5)A member of the Council or a committee may not -
(a)use any confidential information obtained in the performance of his or her functions as a member to obtain, directly or indirectly, a financial or other advantage for himself or herself or any other person;
(b)disclose any confidential information obtained in the performance of his or her functions as a member unless such disclosure is required by the provisions of another law or by an order of court.
(6)A person who contravenes or fails to comply with any provision of this section, commits an offence and is on conviction liable to a fine not exceeding N$10 000 or to imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

13. Functions of council

The functions of the Council are to -
(a)advise the Minister on appropriate amendments of this Act;
(b)advise the Minister on the making of or the amendment of regulations under this Act;
(c)render the necessary assistance to the Minister with the monitoring of compliance with policy documents referred to in section 3(c);
(d)recommend to any functionary the taking of any action by that functionary in order to promote the objects of this Act or in order to comply with policy documents referred to in section 3(c);
(e)recommend to the Minister the issuing of guidelines under section 14.

14. Guidelines

(1)The Minister may on the recommendation of the Council and with the approval of the Prime Minister by notice in the Gazette issue guidelines on any matter relating to the operation, design and administration of information and communication systems of the Government of Namibia.
(2)Guidelines referred to in subsection (1), may relate to -
(a)compliance with any standard or specification;
(b)interoperability with any specified system;
(c)the handling or creation of any specified data format or the ability to handle any specified communications protocol.
(3)Guidelines referred to in subsection (1) may specify any matter with reference to any published standards document, whether by a standards body created by or under the laws of any country, an international standards body, any group created by any industry or any document issued by the producer of any hardware or software: Provided that the guidelines in question must specify a place where such standard document may be inspected during such hours and at such places as may be specified.
(4)If it is necessary to exercise any power, or to accept a tender, conclude a contract or to perform any similar action, non-compliance with the guidelines issued in terms of this section is a ground for refusal to perform such action, if a matter contained in a guideline is relevant for the performance of the action in question.

15. Secretariat

(1)The Executive Director must ensure the allocation of staff members for the purpose of performing the functions, inclusive of the secretarial services, of the Council, with due regard to the resources of the Ministry.
(2)The Council may with the approval of the Minister appoint a consultant to perform any service to the Council or a committee that may be necessary or desirable for the performance of its functions.

Chapter 3
Legal recognition and effect of data messages and electronic transactions

Part 1 – Interpretation of laws

16. Application of this chapter

(1)In this Chapter any reference to a law is construed to refer to a law applicable in Namibia whether it has been enacted before or after the commencement of this Act and also to this Act.
(2)Subsection (1) is not construed in such a manner that it -
(a)invalidates any transaction or act performed before the commencement of this Act;
(b)creates criminal or civil liability for any act performed before the commencement of this Act.
(3)Except for section 18 and 25 -
(a)no provision of this Chapter relates to any matter regulated in the excluded laws; and
(b)no reference in this Chapter to "law" relates to any provision of the excluded laws.

17. Legal recognition of data messages

(1)No statement, representation, expression of will or intention, transaction or communication is without legal effect, validity or enforceability solely on the ground that it is in the form of a data message.
(2)Despite subsection (1), persons may by agreement regulate the effect, use and requirements for data messages as it relates to dealings among themselves.
(3)Subject to this Act, any other law or any agreement, no public body may compel any person to interact with it by means of a data message.

18. Interpretation of power to make regulations

(1)For the purposes of enabling, promoting and facilitating the provision of e-government services, a provision in any law, whether enacted before or after the commencement of this Act, that confers a power to prescribe or determine -
(a)any form to be used for any purpose;
(b)the manner or procedure of making an application or providing any information to an institution or body, is, unless a contrary intention appears, construed to authorise the functionary concerned to -
(i)prescribe or determine a procedure involving the use of a data message or the interaction with an automatic data entry system;
(ii)require the provision of data in any format that can be processed or interpreted by a computer or information system;
(iii)prescribe or determine compliance with any specified protocol or procedure;
(iv)prescribe or determine any technical or other requirement that may be necessary in order to allow or facilitate the use of information systems;
(v)prescribe or determine that a specified type of electronic signature is required;
(vi)prescribe or determine the manner and format in which such electronic signature must be attached to, incorporated in or otherwise associated with the data message;
(vii)prescribe or determine that a specific class of accredited security product, service, provider of a security product or renderer of a security service must be used;
(viii)subject to any law regulating electronic payments in Namibia, prescribe or determine the appropriate control processes and procedures to ensure adequate integrity, security and confidentiality of data messages or payments; and
(ix)prescribe or determine any other matter that is necessary or expedient to prescribe or determine with relation to the use of data messages or information systems.
(2)A provision in any law requiring or permitting any functionary to prescribe or determine that any information must be posted, displayed, sent or transmitted in a manner prescribed or determined by that functionary is construed to include the power to prescribe or determine a method involving the transmission of a data message or the making available of that information by means of any information system.
(3)A power to prescribe or determine a duty to store or retain information in a manner so prescribed or determined is construed to include the power to prescribe or determine a manner of storage or retention that includes the storage or retention of the information in an electronic form as well as the power to prescribe or determine any requirements relating to the period of availability of the information and the ability to access the information in question.
(4)The powers referred to in subsection (1), (2) and (3) include the power to specify any requirement or matter with reference to any standard published by a standards body in Namibia or of another country, or or by any international organisation or industry body: Provided that the regulations in question must specify a place where such standard document may be inspected during such hours and at such places as may be prescribed.

19. Writing

A reference to writing in any law is construed to include a reference to a data message if the information contained therein is accessible so as to be usable for subsequent reference, unless -
(a)a different intention appears from the law in question;
(b)the law in question provides for a process that is incompatible with the use of a data message or cannot be applied to a data message; or
(c)the purpose for requiring writing is in order to protect consumers.

20. Electronic signature

(1)A reference in any law, contract or any other legal instrument to a signature or the signing of a document is construed to include a reference to a recognised electronic signature, unless -
(a)a contrary intention appears from the law or document concerned;
(b)the law in question provides for a process that is incompatible with the use of an electronic signature;
(c)the law in question is not construed in such a manner that a reference to the writing in question is construed to include a data message as contemplated in section 19.
(2)Nothing in this section is construed as limiting the use of an electronic signature that is not a recognised electronic signature if parties agree to such use or if a law provides for such use.
(3)The Minister may make regulations -
(a)prescribing the requirements with which an advanced electronic signature must comply to be a recognised electronic signature for the purposes of this Act;
(b)prescribing a process for verifying that a recognised electronic signature has been applied by a specific person;
(c)prescribing any requirement or process for applying a recognised electronic signature to any data message and prescribing a procedure or requirement for determining whether a recognised electronic signature has been applied to a specific data message and whether the data message has been altered since the recognised electronic signature has been applied;
(d)prescribing the role and the duties of accredited service providers;
(e)prescribing any presumptions that will apply when a prescribed security procedure has been followed;
(f)prescribing anything that is necessary or expedient to prescribe with relation to a recognised electronic signature.
(4)If any presumptions have been prescribed in terms of subsection (3) (e) -
(a)in criminal proceedings, it is deemed that prima facie evidence has been adduced of the presumed fact; and
(b)in civil proceedings, it is deemed that the presumed fact has been proved, unless the contrary is proved on a balance of probabilities.

21. Original information

(1)Unless a contrary intention appears, where a law requires information to be presented or retained in its original form, that requirement is met by a data message if -
(a)there exists a reliable assurance that the information has remained complete and unaltered from the time when it was first generated in its final form, as a data message or otherwise; and
(b)where it is required that information must be presented, that information is capable of being displayed in the form of a data message to the person to whom it must be presented.
(2)Subsection (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being presented or retained in its original form.
(3)For the purposes of subsection (1)(a) -
(a)information is deemed to have remained complete and unaltered if it has remained complete and unaltered, apart from the addition of any endorsement or any change which arises in the normal course of communication, storage or display; and
(b)the level of reliability must be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances.

22. Production of document or information

(1)Unless a contrary intention appears, where a law requires a person to produce a document or information, that requirement is met if the person produces, by means of a data message, an electronic form of that document or information, and if -
(a)considering all the relevant circumstances at the time that the data message was sent or generated, the method of generating the electronic form of that document provided a reliable means of assuring the maintenance of the integrity of the information contained in that data message; and
(b)at the time the data message was sent or generated, it was reasonable to expect that the information contained therein would be readily accessible so as to be usable for subsequent reference.
(2)For the purposes of subsection (1), the integrity of the information contained in a document is deemed to have been maintained if the information has remained complete and unaltered except for -
(a)the addition of any endorsement; or
(b)any immaterial change, which arises in the normal course of communication, storage or display.

23. Other requirements

(1)A requirement in a law for multiple copies of a document to be submitted to a single addressee at the same time is satisfied by the submission of a single data message that is capable of being reproduced by that addressee.
(2)Unless a contrary intention appears, where any law requires or permits a person to send a document or information by post or similar service, that requirement is met if an electronic form of that document or information is sent to the electronic address or designated information system provided by the addressee: Provided that this provision does not apply where the law requires that a document must be sent by registered post or must be delivered by hand or handed to a specific person.

24. Retention of electronic records

(1)Where a law requires that certain documents, records or information be retained, that law is construed in such a manner that the requirement in question is met by electronic record retention, if -
(a)the electronic record contained therein is a data message;
(b)the electronic record is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received;
(c)such electronic record is retained in a form that enables the identification of the origin and destination of an electronic record or data message and the date and time when it was first generated, sent or received and the date and time it was first retained; and
(d)it complies with any other requirement that may be prescribed.
(2)An obligation to retain documents, records or information in accordance with subsection (1) does not extend to any information of which the sole purpose is to enable the message to be sent or received.
(3)A person may use the services of another person in order to comply with subsection (1): Provided that the former person will be liable for the contravention of the provision in question if the latter person has failed to retain the information.

Part 2 – Evidence

25. Admissibility and evidential weight of data messages and computer evidence

(1)In any legal proceedings, nothing in the application of the rules of evidence may be applied in such a manner that it would have the effect that computer evidence is inadmissible -
(a)on the sole ground that it is computer evidence; or,
(b)if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form.
(2)When evidence is admitted in terms of this section, the court must assess the weight to be given to that evidence.
(3)In assessing the evidential weight of computer evidence, the court must have regard to -
(a)the reliability of the manner in which the computer evidence was generated, stored or communicated;
(b)the integrity of the information system in which the computer evidence was recorded, stored and maintained;
(c)the manner in which the originator of the computer evidence was identified; and
(d)any other relevant factor.
(4)A data message made by or on behalf of a person in the ordinary course of business, or a copy or printout of or an extract from such data message certified to be correct, is admissible in any civil, criminal, administrative or disciplinary proceedings under any law, the rules of a self regulatory organisation or any other law or the common law, as evidence of the facts contained in such record, copy, printout or extract against any person, if -
(a)an affidavit has been made by the person who was in control of the information system at the time when the data message was created;
(b)the facts stated in the affidavit justify a finding on the reliability of the manner in which the data message has been generated, stored or communicated;
(c)the facts stated in the affidavit justify a conclusion on the reliability of the manner in which the integrity of the data message was maintained; and
(d)the facts stated in the affidavit justify a conclusion on the manner in which the originator of the data message has been identified if the identity of the originator is relevant to a matter in dispute.
(5)In legal proceedings all rules of evidence must be applied in such a manner that a data message tendered as contemplated in this section is admissible if documentary evidence that is similar in all material respects would have been admissible.
(6)Any document containing data evidence and purporting to be a printout of data or information stored or created by a computer system is admissible in legal proceedings if it has been authenticated by means of admissible evidence.
(7)Evidence referred to in subsection (6) is not admissible to the extent that the evidence in the document in question is hearsay evidence, except where any rule of evidence would have rendered that evidence admissible if it were contained in a document.
(8)If in its opinion it is in the interest of the administration of justice, a court may allow a person to perform a demonstration on a computer system instead of a printout referred to in subsection (6), if such demonstration has been performed by a person who has authenticated such demonstration by means of admissible evidence.
(9)Evidence authenticating a printout or a demonstration must be evidence of -
(a)the steps that have been taken to create the printout;
(b)the software that has been used to create the printout or demonstration;
(c)if the steps referred to in paragraph (a), require any special expertise, the nature of the qualifications or experience of the person who performed those steps;
(d)particulars of any alterations made in order to create such printout or demonstration and if no such alteration has been made, a statement to that effect; and
(e)any other fact that is relevant in order to demonstrate that the evidence is reliable and is what it purports to be.
(10)If any matter referred to in subsection (9) is not admitted by all parties in the proceedings in question, the party or person tendering the evidence in question, bears the burden of proof of all the facts referred to in that subsection.
(11)It is presumed, unless admissible evidence to the contrary is provided, that software operates correctly.
(12)No expert evidence is required to prove the operation or functionality of software that is commonly used on personal computers or other computational devices that are commonly used by persons that are not experts in the field of computer science or a related field.
(13)Information evidence is admissible in legal proceedings if such evidence is contained in an affidavit that -
(a)states the experience and qualifications of the person making that affidavit;
(b)explains the nature of the processes performed to obtain the information in question and the reason why those processes are relevant for the informati on contained in the evidence in question; and
(c)states all the relevant conclusions embodied in that information.
(14)Information evidence admitted in terms of subsection (13) is prima facie evidence of all the relevant information contained in the affidavit in question if in the opinion of the court the person making the declaration has sufficient expertise to perform the process in question and draw the conclusions in question and there is no other reason why the conclusions should not have been drawn.
(15)Information evidence may also be given by means of oral evidence or by means of a demonstration, if admissible evidence of the facts referred to in subsection (13) has also been given.
(16)No provision of this section is construed in such a manner that it would render evidence inadmissible that would have been admissible if this section has not been enacted.

Part 3 – Contracts, offer and acceptance

26. Formation and validity of contracts

(1)Where data messages are used in the formation of a contract, that contract is not without legal effect, validity or enforceability on the sole ground that a data message has been used to make an offer or to accept an offer.
(2)A proposal to conclude a contract made through one or more data messages, which is not addressed to one or more specific person but is generally accessible to the public or a specific portion of the public (including proposals that make use of interactive applications for the placement of orders through information systems) is presumed to be an invitation to make offers, unless it clearly indicates the intention of the person making the proposal to be bound in case of acceptance.
(3)This section does not confer any validity to transactions referred to in the excluded laws.

27. Incorporation by reference

(1)Subject to subsection (2), information may not be denied legal effect, validity or enforceability solely on the ground that it is not contained in the data message purporting to give rise to such legal effect, validity or enforceability, if such information is referred to in that data message in a manner that indicates that that information is regarded to have been incorporated in that data message.
(2)The onus to prove that information has been referred to as contemplated in subsection (1) is on the party who originated that data message and such onus is only discharged if -
(a)it is proved that the data message clearly referred to the incorporated information as contemplated in subsection (1);
(b)it was possible for a person who read the referring data message to easily read the incorporated information;
(c)the information claimed to be incorporated was actually the information referred to by the incorporating message at the time when the referring message was accessed.

28. Variation by agreement

The provisions of this Chapter apply, unless the parties involved in generating, sending, receiving, storing or otherwise processing data messages, have agreed otherwise.

29. Time of dispatch and receipt of data messages

(1)Subject to subsection (2), for all purposes in law it is deemed that a data message has been dispatched at the time when it enters an information system outside the control of the originator or of the person that sent the data message on behalf of the originator.
(2)If the originator and the addressee are in the same information system, it is deemed for all purposes in law that the data message has been dispatched at the time when it is capable of being retrieved by the addressee.
(3)For all purposes in law, a data message sent to an electronic address designated by the addressee is deemed to have been received at the time when it becomes capable of being retrieved by the addressee at that electronic address.
(4)For all purposes in law, a data message sent to an electronic address different from the electronic address referred to in subsection (3) is deemed to have been received at that address at the time when it becomes capable of being retrieved by the addressee at that address and the addressee has become aware that the electronic communication has been sent to that address.

30. Place of dispatch and receipt of data messages

(1)For all purposes in law it is deemed that a data message have been dispatched at the place of business of the originator, and is deemed to have been received at the place of business of the addressee.
(2)For the purposes of this section a place of business is any place where a person maintains a non-transitory establishment to pursue an economic activity other than the temporary provision of goods or services out of a specific location.
(3)If a person has more than one place of business, the place of business contemplated in subsection (2) is -
(a)the place of business which has the closest relationship to the underlying transaction having regard to the circumstances known to or contemplated by the parties at any time before or at the conclusion of the contract; or
(b)where there is no underlying transaction, the principal place of business.
(4)If the originator or the addressee does not have a place of business, it is deemed for the purposes of this section that that person has a place of business at that person’s habitual residence.

31. Time and place of contract formation

(1)If parties conclude a contract by means of data messages that contract is formed at the time when and the place where the acceptance of the offer becomes effective as provided by subsection (3).
(2)An offer in the form of a data message becomes effective -
(a)at the time when it is deemed to have been received by the offeree as provided by section 29(3) or 29(4) as the case may be; and
(b)at the place where it is deemed to have been received by the offeree as provided by section 30.
(3)The acceptance of an offer in the form of a data message becomes effective -
(a)at the time when it is deemed to have been received by the offerer as provided by section 29(3) or (4), as the case may be; and
(b)at the place where it is deemed to have been received by the offerer as provided by section 30.

32. Attribution of data messages

(1)For all purposes in law, it is deemed that a person has sent a data message, if -
(a)that person has sent the message personally;
(b)the message has been sent by a person who had authority to act on behalf of the originator in respect of that data message; or
(c)the message has been sent by an information system programmed by or on behalf of the originator to operate automatically unless the originator proves that the information system did not properly execute such programming.
(2)For the purposes of subsection (1), a computer system or information system is not deemed to have been programmed if -
(a)software is installed, or an option is selecting which appears to have a different purpose, but then causes the system to send the data message contemplated in that subsection, while the sending of the message is not a reasonably foreseeable consequence of the installation of that software or the selection of that option; or
(b)an action is performed which has the consequence that a message is sent as contemplated in subsection (1), while the sending of the message is not a reasonably foreseeable consequence of that action.

33. Automated message systems

(1)A contract formed by the interaction of an automated message system and a person, or by the interaction of automated message systems, are not without legal effect, validity or enforceability on the sole ground that no natural person reviewed any of the individual actions carried out by the systems or the resulting contract.
(2)Where a natural person makes an input error in a data message exchanged with the automated message system of another party and the automated message system does not provide the person with an opportunity to correct the error, that person, or the party on whose behalf that person was acting, has the right to withdraw the data message in which the input error was made if -
(a)the person, or the party on whose behalf that person was acting, notifies the other party of the error as soon as possible after having learned of the error and indicates that he or she made an error in the data message and wishes to cancel the contract or correct the input error;
(b)the person, or the party on whose behalf that person was acting, takes reasonable steps, including steps that conform to the instructions given by the other party, to return the goods or services received, if any, as a result of the error or, if instructed to do so, to destroy the goods or services, or to correct the input error; and
(c)the person, or the party on whose behalf that person was acting, has not used or received any material benefit or value from the goods or services, or the input error, if any, from the other party.
(3)If a person who has made an input error as contemplated in subsection (2), has paid for any goods or services prior to exercising a right referred to in that subsection, that person is entitled to a full refund of such payment, which refund must be made within 30 days of the date of cancellation.
(4)Nothing in this section affects the application of any rule of law that may govern the consequences of any errors made during the formation or performance of the type of contract in question other than an input error that occurs in the circumstances referred to in subsection (2).

Chapter 4
Consumer protection

34. Information to be provided

(1)A supplier offering goods or services for sale, for hire or for exchange by way of an electronic transaction must make the following information available to consumers on the web site where such goods or services are offered or if it is not offered on a website in the data message in which it is offered -
(a)its full contact details, including its place of business, e-mail addresses and telefax number;
(b)a sufficient description of the main characteristics of the goods or services offered by that supplier to enable a consumer to make an informed decision on the proposed electronic transaction;
(c)the full price of the goods or services, including transport costs, taxes and any other fees or costs;
(d)any terms of agreement and the manner and period within which consumers can access and maintain a full record of the transaction; and
(e)the rights conferred to consumers by section 35, where applicable.
(2)The supplier must provide a consumer with an opportunity -
(a)to review the entire electronic transaction;
(b)to correct any mistakes; and
(c)to withdraw from the transaction, before finally placing any order.
(3)If a supplier fails to comply with the provisions of subsection (1) or (2), the consumer may cancel the transaction within 14 days of receiving the goods or services under the transaction.
(4)If a transaction is cancelled in terms of subsection (3) -
(a)the consumer must return the performance of the supplier or, where applicable, cease using the services performed;
(b)the supplier must refund all payments made by the consumer including the direct cost of returning the goods.
(5)The supplier must utilise a payment system that is sufficiently secure with reference to accepted technological standards at the time of the transaction and the type of transaction concerned.
(6)The supplier is liable for any damage suffered by a consumer due to a failure by the supplier to comply with subsection (5).

35. Cooling-off period

(1)Subject to subsection (5), a consumer is entitled to cancel without reason and without penalty any transaction for the supply -
(a)of goods within seven days after the date of the receipt of the goods; or
(b)of services within seven days after the date of the conclusion of the agreement.
(2)The only charge that may be levied on the consumer is the direct cost of returning the goods.
(3)If payment for the goods or services has been effected prior to a consumer exercising a right referred to in subsection (1), the consumer is entitled to a full refund of that payment, which refund must be made within 30 days of the date of cancellation.
(4)This section is not construed as prejudicing the rights of a consumer provided for in any other law.
(5)This section does not apply to an electronic transaction -
(a)for financial services, including but not limited to, investment services, insurance and reinsurance operations, banking services and operations relating to dealings in securities;
(b)relating to goods and services sold by way of an auction;
(c)for the supply of foodstuffs, beverages or other goods intended for everyday consumption supplied to the home, residence or workplace of the consumer;
(d)for services which began with the consumer’s consent before the end of the seven-day period referred to in subsection (1)(b);
(e)where the price for the supply of goods or services is dependent on fluctuations in the financial markets and which cannot be controlled by the supplier;
(f)where the goods-
(i)are made to the consumer’s specifications;
(ii)are clearly personalised;
(iii)by reason of their nature cannot be returned; or
(iv)are likely to deteriorate or expire rapidly;
(g)where audio or video recordings or computer software was unsealed by the consumer;
(h)for the sale of newspapers, periodicals, magazines or books;
(i)for the provision of gaming, online gambling and lottery services insofar as such services are legally provided in Namibia; and
(j)for the provision of accommodation, transport, catering or leisure services and where the supplier undertakes, when the transaction is concluded, to provide these services on a specific date or within a specific period.

36. Unsolicited goods, services or communications

(1)Marketing (to a consumer or any other person) by means of data message must include the following information in all such data messages -
(a)the originator’s identity and contact details including its place of business, e-mail, addresses and telefax number;
(b)a valid and operational opt-out facility from receiving similar electronic communications in future; and
(c)the identifying particulars of the source from which the originator obtained the addressee’s personal information.
(2)Unsolicited commercial messages may only be sent to addressees where the opt-in requirement is met.
(3)The opt-in requirement is met if -
(a)the addressee’s e-mail address and other personal information was collected by the originator of the message in the course of a sale or negotiations for a sale;
(b)the originator only sends promotional messages relating to its similar products and services to the addressee;
(c)when the personal information and address was collected by the originator, the originator offered the addressee the opportunity to opt-out (free of charge except for the cost of transmission) and the addressee declined to opt-out; and
(d)the opportunity to opt-out is provided by the originator to the addressee with every subsequent message.
(4)In spite of any wording in the message concerned, no contract is formed where the addressee has failed to respond to unsolicited electronic communications.
(5)An originator who fails to provide the recipient with an operational opt-out facility referred to in subsections (1)(b) and 3(d) commits an offence.
(6)Any originator who persists in intentionally sending unsolicited commercial electronic communications to an addressee, who has advised the originator by means of the opt-out facility that such electronic communications are unwelcome, commits an offence.
(7)Any person whose goods or services are advertised or promoted in contravention of this section commits an offence.
(8)A person who commits an offence as contemplated in subsection (5), (6) or (7) is on conviction liable to a fine not exceeding N$500 000 or to imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

37. Performance

(1)The supplier must execute the order within 30 days after the day on which the supplier received the order, unless the parties have agreed otherwise.
(2)Where a supplier has failed to execute the order within 30 days or within the agreed period the consumer may cancel the agreement with seven days written notice.
(3)If a supplier is unable to perform in terms of the contract on the grounds that the goods or services ordered are unavailable, the supplier must immediately notify the consumer of this fact and refund any payments within 30 days after the date of such notification.

38. Applicability of foreign law

The protection provided to consumers in this Chapter, applies irrespective of the legal system applicable to the contract in question.

39. Non-exclusion

Any provision in a contract which excludes any rights provided for in this Chapter is null and void.

40. Complaints to Online Consumer Affairs Committee

(1)A consumer may lodge a complaint with the Online Consumer Affairs Committee in respect of any non-compliance with the provisions of this Chapter by a supplier.
(2)After the committee has investigated the matter, it may after giving the supplier an opportunity to be heard -
(a)order the supplier to comply with the provision of this Act which has been contravened; or
(b)impose a fine not exceeding N$20 000 which fine may be collected as a debt due to the state.
(3)A supplier who fails to comply with an order made in terms of subsection (2)(a) commits an offence and is on conviction liable to a fine not exceeding N$50 000 or imprisonment for a period not exceeding one year or to both such fine and such imprisonment.

Chapter 5
Accreditation of security services or products

41. Security products or services

(1)A product or service may be accredited by the Authority as complying with the requirements of one or more classes prescribed under subsection (2) if that product or service -
(a)has as its purpose the encryption or decryption of data;
(b)ensures that data has not been altered;
(c)ensures that data has been altered or created by a specific person only;
(d)creates keys for the encryption or decryption of data;
(e)prevents unauthorised persons from accessing an information system or certain functions of an information system;
(f)enables the detection of unauthorised access or tampering with data or an information system;
(g)has for its purpose the linking of a specific person with a transaction or action;
(h)has any other purpose relating to the security or integrity of data or an information system, or the linking of any action to a specific information system or person; or
(i)has a combination of such purposes.
(2)The Authority may prescribe different classes of security services, products, providers of security products or renderers of security services which classes may include one or more classes of issuers of digital certificates.

42. Accreditation

(1)A person who supplies a security product or who renders a security service, may apply in the prescribed manner to the Authority for the accreditation of that product or service or may apply to the Authority to be accredited as a supplier of that security product or as a provider of that security service.
(2)The Authority may on the application of any person or on its own motion accredit a product available in Namibia, or a service that is provided by a person outside Namibia in a class prescribed in section 41(2).
(3)The Authority may accredit a person in a class prescribed under section 41(2) as the provider of a specific security product or as the renderer of a specific security service if it is of the opinion that -
(a)the product or service is sufficiently secure for the purpose concerned; and
(b)the person who provides the product or who renders the service has the necessary expertise to ensure that the product or service as the case may be, is provided or rendered in such a manner that the process concerned is as secure as is required for the purpose concerned.
(4)The Authority must issue a certificate of accreditation in respect of every product, service, provider or renderer accredited in terms of subsection (3) which must state -
(a)the name and address of the person to whom the certificate has been issued;
(b)the name and any information necessary to identify the product or service for which the certificate has been issued;
(c)the purpose for which the product or service has been accredited;
(d)the class in which the service or product has been accredited; and
(e)any other relevant information that the Authority considers necessary.
(5)The Authority must make an accreditation in terms of this section known in the prescribed manner.
(6)Different methods may be prescribed in terms of subsection (5) in respect of different types of accreditation.

43. Powers and duties of authority in relation to accreditation

(1)The Authority has all the powers with relation to a person whose service or product has been accredited that it has in terms of the Communications Act, 2009 (Act No. 8 of 2009) with relation to the provider of telecommunications services contemplated in that Act and -
(a)may enforce any provision of this Act as if it were a provision of that Act; and
(b)enforce any condition imposed when a product or service has been accredited as if that condition were a licence condition imposed in terms of that Act.
(2)The Authority must in the prescribed manner maintain a publicly accessible database in respect of -
(a)all security products and services accredited;
(b)all accredited providers of security products and all accredited renderers of security services;
(c)revoked and suspended accreditations; and
(d)such other information as may be prescribed.
(3)The Authority may without giving notice perform a security test or cause such test to be performed by a person that in its view has sufficient skill, in respect of the information system of a person whose product or service has been accredited.
(4)Every person who obtains any information which is stored on any computer system as a result of a security test contemplated in subsection (3) and that does not directly relate to the security of the tested system, must treat that information as confidential and may not reveal that information, unless its revealing is required for the resolution of a dispute relating to the quality, reliability or security of the security service rendered by the accredited service provider in question.
(5)A person who contravenes subsection (4), commits an offence and is on conviction liable to a fine not exceeding N$100 000 or to imprisonment for a period not exceeding five years or to both such fine and such imprisonment.

44. Criteria for accreditation

The Authority may not accredit security services, products, providers of security products or renderers of security services, unless the product, service, provider and renderer comply with the requirements prescribed for the class of service or product in question.

45. Conditions for accreditation

(1)The Authority may impose any conditions in respect of an accreditation in terms of this Chapter.
(2)Conditions imposed in terms of subsection (1) may relate to -
(a)the financial well-being of the provider of the service or product;
(b)the technical competence of the provider of the service or product and its employees or partners;
(c)the reporting of any matter to the Authority, the keeping of records and the provision of any information to the Authority on request;
(d)the making available of information to the public or to its clients, or to persons requesting verification or authentication from the provider;
(e)the circumstances under which digital certificates, keys or other authentication data must be revoked or changed, as well as any procedural matter or any other duty relating to such change or revocation;
(f)the steps which must be taken and the duties or other requirements to which an accredited service provider is subject if a security breach occurs;
(g)the procedure and duties to be imposed upon the provider of the product or service if it ceases its operation and may include the payment of a deposit or the provision of other security for the performance of such actions, in order to ensure that the service is ceased with the minimum possible disruption; and
(h)any other matter that may be necessary or expedient in order to ensure that a secure and efficient authentication service is rendered to the Namibian public and that the service or product is in accordance with internationally accepted technical standards.

46. Revocation or suspension of accreditation

(1)The Authority may suspend or revoke an accreditation if it is satisfied that the product, service, provider or renderer has failed to comply with, or fails to meet any of the requirements, conditions or restrictions subject to which accreditation was granted.
(2)Subject to subsection (3), the Authority may not suspend or revoke an accreditation in terms of subsection (1) unless -
(a)it has notified the provider of the service or product in question in writing of its intention to do so;
(b)it has given a description of the alleged breach of any of the requirements, conditions or restrictions subject to which accreditation was granted; and
(c)it has given the provider in question the opportunity to respond to the allegations in writing; and remedy the alleged failure within a reasonable time if in its opinion such remedy is possible.
(3)The Authority may suspend any accreditation with immediate effect for a period not exceeding 90 days, pending implementation of the procedures necessary to remedy a failure referred to in subsection (2), if the continued accreditation is reasonably likely to result in irreparable harm to consumers or persons involved in an electronic transaction in Namibia.

47. Accreditation regulations

(1)The Authority may make regulations prescribing -
(a)the rights and obligations of customers of service providers and members of the public relating to the provision of accredited products and services including the provision of information or the authentication of electronic services or digital certificates;
(b)types of security services that may not be rendered or types of security products that may not be provided, unless the service, product, provider or renderer has been accredited in a specified class prescribed under section 41(2);
(c)the manner in which the Authority must administer and supervise compliance with those obligations;
(d)the procedure pertaining to the granting, suspension and revocation of accreditation;
(e)fees to be paid to the Authority in respect of anything done in terms of this Act;
(f)any matter relating to which conditions may be imposed in terms of section 45;
(g)any other matter which is necessary or expedient to prescribe for the proper implementation of this Chapter.
(2)The Authority has all the powers in relation to the making of regulations under subsection (1) that it has in relation to the making of regulations in terms of the Communications Act, 2009 (Act No. 8 of 2009).

48. Offences relating to accreditation

A person who -
(a)holds out a service, product, renderer of a service or provider of a product to have been accredited, while that service, product, renderer or provider has not been accredited or who holds out that a service, product, renderer of a service or provider of a product has been accredited in a specific class, while that service, product, renderer or provider has not been accredited in that class;
(b)renders a service or provides a product under circumstances where the product or service must be accredited in a prescribed class, while the service or product has not been accredited in that class; or
(c)renders a service or provides a product under circumstances where the renderer of the service or the provider of the product must be accredited in a prescribed class, while he or she is not accredited in the class concerned,
commits an offence and is on conviction liable to a fine not exceeding N$50 000 or imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

Chapter 6
Liability of service providers for unlawful material

49. Definition for purposes of this chapter

For the purposes of this Chapter a service provider is a person who renders -
(a)telecommunications services as contemplated in the Communications Act, 2009 (Act No. 8 of 2009) or resells such services as contemplated in that Act;
(b)any service relating to the hosting, or development of a website; or
(c)any service relating to the storage or backup of data.

50. Mere conduit

(1)A service provider is not subject to any civil or criminal liability in respect of third-party material in the form of data to which he or she merely provides access to information system services for the transmitting, routing or storage of data via an information system under his or her control, as long as the service provider -
(a)does not initiate the transmission;
(b)does not select the addressee;
(c)performs the functions in an automatic, technical manner without selection of the data; and
(d)does not modify the data contained in the transmission.
(2)Transmission, routing and provision of access contemplated in subsection (1) include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place -
(a)for the sole purpose of carrying out the transmission in the information system;
(b)in a manner that makes it ordinarily inaccessible to anyone other than anticipated recipients; and
(c)for a period no longer than is reasonably necessary for the transmission.

51. Caching

(1)A service provider is not subject to any civil or criminal liability in respect of third-party material in the form of data for the automatic, intermediate and temporary storage of that data, where the purpose of storing such data is to make the onward transmission of the data more efficient to other recipients of the service upon their request, as long as the service provider -
(a)does not modify the data;
(b)complies with conditions on access to the data;
(c)complies with rules regarding the updating of the data, specified in a manner widely recognised and used by industry;
(d)does not interfere with the lawful use of rights management information, widely recognised and used by industry, to obtain information on the use of the data; and
(e)removes or disables access to the data it has stored upon receiving a take down notice referred to in section 54.

52. Hosting

(1)A service provider is not subject to criminal or civil liability in respect of third-party material in the form of data where the service provider provides a service at the request of the recipient of the service that consists of the storage of data provided by a recipient of the service, as long as the service provider -
(a)does not have actual knowledge that the data message or an activity relating to the data message is infringing the rights of a third party;
(b)is not aware of facts or circumstances from which the infringing activity or the infringing nature of the data message is apparent; and
(c)upon receipt of a take down notice referred to in section 54, acts expeditiously to remove or to disable access to the data.
(2)The limitations on liability provided for by this section do not apply to a service provider unless that service provider has designated an agent to receive notifications of infringement and has provided through its service, including on its websites in locations accessible to the public, the contact details of the agent.
(3)Subsection (1) does not apply when the recipient of the service is acting under the authority or the control of the service provider.

53. Information location tools

A service provider is not subject to criminal or civil liability in respect of third-party material in the form of data if the service provider refers or links users to a web page containing infringing data or an infringing activity, by using information location tools, including a directory, index, reference, pointer, or hyperlink, where the service provider -
(a)does not have actual knowledge that the data or an activity relating to the data is infringing the rights of that person;
(b)is not aware of facts or circumstances from which the infringing activity or the infringing nature of the data is apparent;
(c)does not receive a financial benefit directly attributable to the infringing activity; and
(d)removes, or disables access to the reference or link to the data or activity within a reasonable time after being informed that the data or the activity relating to such data infringes the rights of a person.

54. Take down notice

(1)For the purposes of this Chapter, a notification of unlawful activity must be in writing, must be addressed by the complainant to the service provider or its designated agent and must include -
(a)the full names and address of the complainant;
(b)the signature of the complainant;
(c)identification of the right that has allegedly been infringed;
(d)identification of the material or activity that is claimed to be the subject of unlawful activity;
(e)the remedial action required to be taken by the service provider in respect of the complaint;
(f)telephonic and electronic contact details, if any, of the complainant;
(g)a statement that the complainant is acting in good faith; and
(h)a statement by the complainant that the information in the take down notice is to his or her knowledge true and correct.
(2)A service provider is not liable for wrongful take down in a bona fide response to a notification of unlawful activity if the notice complies with subsection (1).
(3)If a service provider removes material in compliance with a take down notice, the service provider must notify the person by whom the information has been made available within three days from such take down.
(4)A person who has been notified of such take down may object to such take down by giving notice of such objection and the reason for such objection to the service provider concerned.
(5)If an objection has been received by the service provider, it must be forwarded to the person who requested the take down of the information.
(6)The person who requested the take down may provide further information to the service provider within three days from the receipt of the objection.
(7)After the receipt of the information referred to in subsection (6) or if the period for providing that information has passed, the service provider must restore the information if he or she has a bona fide belief that the information may reasonably be lawful.
(8)Any person who makes a false or misleading statement in -
(a)a request for a take down notice;
(b)a notice referred to in subsection (4); or
(c)further information provided in terms of subsection (6),
commits an offence and is on conviction liable to a fine not exceeding N$10 000 or to imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

55. No general obligation to monitor

When providing the services contemplated in this Chapter there is no general obligation on a service provider to -
(a)monitor the data which it transmits or stores; and
(b)actively seek facts or circumstances indicating an unlawful activity.

56. Regulations relating to take down notices

The Minister may make regulations -
(a)prescribing the form of or any procedural requirement relating to notices under this Chapter;
(b)the manner and content of information to be provided by service providers in order to assist members of the public to comply with the provisions of this Chapter.

57. Savings

The provisions of this Chapter does not affect -
(a)any obligation founded on an agreement;
(b)the obligation of a service provider acting as such under a licensing or other regulatory regime established by or under any law;
(c)an obligation imposed by a court order to remove, block or deny access to any data message or to terminate or prevent unlawful activity; and
(d)any provision in another law specifically applicable to a service provider.

Chapter 7
Miscellaneous matters

58. Regulations

(1)The Minister may make regulations relating to any matter that may or must be prescribed and to any matter that is reasonably necessary or expedient to be prescribed to achieve the objects of this Act.
(2)The provisions of section 18(4) apply to regulations made under this Act.
(3)When the Minister intends to make regulations under this Act, he or she may instruct the Authority to conduct a rule-making procedure in terms of the Communications Act, 2009 (Act No. 8 of 2009).

59. Repeal

The Computer Evidence Act, 1985 (Act No. 32 of 1985) is repealed.

60. Short title and commencement

(1)This Act is called the Electronic Transactions Act, 2019, and comes into operation on a date determined by the Minister by notice in the Gazette.
(2)Different dates may be determined under subsection (1) for different provisions of this Act.

History of this document

16 March 2020
29 November 2019 this version
07 November 2019
Assented to

Uncommenced provisions

Legislation provisions that have not yet come into force. All uncommenced provisions →
  • 20. Electronic signature

    20. Electronic signature

    (1)A reference in any law, contract or any other legal instrument to a signature or the signing of a document is construed to include a reference to a recognised electronic signature, unless -
    (a)a contrary intention appears from the law or document concerned;
    (b)the law in question provides for a process that is incompatible with the use of an electronic signature;
    (c)the law in question is not construed in such a manner that a reference to the writing in question is construed to include a data message as contemplated in section 19.
    (2)Nothing in this section is construed as limiting the use of an electronic signature that is not a recognised electronic signature if parties agree to such use or if a law provides for such use.
    (3)The Minister may make regulations -
    (a)prescribing the requirements with which an advanced electronic signature must comply to be a recognised electronic signature for the purposes of this Act;
    (b)prescribing a process for verifying that a recognised electronic signature has been applied by a specific person;
    (c)prescribing any requirement or process for applying a recognised electronic signature to any data message and prescribing a procedure or requirement for determining whether a recognised electronic signature has been applied to a specific data message and whether the data message has been altered since the recognised electronic signature has been applied;
    (d)prescribing the role and the duties of accredited service providers;
    (e)prescribing any presumptions that will apply when a prescribed security procedure has been followed;
    (f)prescribing anything that is necessary or expedient to prescribe with relation to a recognised electronic signature.
    (4)If any presumptions have been prescribed in terms of subsection (3) (e) -
    (a)in criminal proceedings, it is deemed that prima facie evidence has been adduced of the presumed fact; and
    (b)in civil proceedings, it is deemed that the presumed fact has been proved, unless the contrary is proved on a balance of probabilities.
  • Chapter 4 – Consumer protection

    Chapter 4
    Consumer protection

    34. Information to be provided

    (1)A supplier offering goods or services for sale, for hire or for exchange by way of an electronic transaction must make the following information available to consumers on the web site where such goods or services are offered or if it is not offered on a website in the data message in which it is offered -
    (a)its full contact details, including its place of business, e-mail addresses and telefax number;
    (b)a sufficient description of the main characteristics of the goods or services offered by that supplier to enable a consumer to make an informed decision on the proposed electronic transaction;
    (c)the full price of the goods or services, including transport costs, taxes and any other fees or costs;
    (d)any terms of agreement and the manner and period within which consumers can access and maintain a full record of the transaction; and
    (e)the rights conferred to consumers by section 35, where applicable.
    (2)The supplier must provide a consumer with an opportunity -
    (a)to review the entire electronic transaction;
    (b)to correct any mistakes; and
    (c)to withdraw from the transaction, before finally placing any order.
    (3)If a supplier fails to comply with the provisions of subsection (1) or (2), the consumer may cancel the transaction within 14 days of receiving the goods or services under the transaction.
    (4)If a transaction is cancelled in terms of subsection (3) -
    (a)the consumer must return the performance of the supplier or, where applicable, cease using the services performed;
    (b)the supplier must refund all payments made by the consumer including the direct cost of returning the goods.
    (5)The supplier must utilise a payment system that is sufficiently secure with reference to accepted technological standards at the time of the transaction and the type of transaction concerned.
    (6)The supplier is liable for any damage suffered by a consumer due to a failure by the supplier to comply with subsection (5).

    35. Cooling-off period

    (1)Subject to subsection (5), a consumer is entitled to cancel without reason and without penalty any transaction for the supply -
    (a)of goods within seven days after the date of the receipt of the goods; or
    (b)of services within seven days after the date of the conclusion of the agreement.
    (2)The only charge that may be levied on the consumer is the direct cost of returning the goods.
    (3)If payment for the goods or services has been effected prior to a consumer exercising a right referred to in subsection (1), the consumer is entitled to a full refund of that payment, which refund must be made within 30 days of the date of cancellation.
    (4)This section is not construed as prejudicing the rights of a consumer provided for in any other law.
    (5)This section does not apply to an electronic transaction -
    (a)for financial services, including but not limited to, investment services, insurance and reinsurance operations, banking services and operations relating to dealings in securities;
    (b)relating to goods and services sold by way of an auction;
    (c)for the supply of foodstuffs, beverages or other goods intended for everyday consumption supplied to the home, residence or workplace of the consumer;
    (d)for services which began with the consumer’s consent before the end of the seven-day period referred to in subsection (1)(b);
    (e)where the price for the supply of goods or services is dependent on fluctuations in the financial markets and which cannot be controlled by the supplier;
    (f)where the goods-
    (i)are made to the consumer’s specifications;
    (ii)are clearly personalised;
    (iii)by reason of their nature cannot be returned; or
    (iv)are likely to deteriorate or expire rapidly;
    (g)where audio or video recordings or computer software was unsealed by the consumer;
    (h)for the sale of newspapers, periodicals, magazines or books;
    (i)for the provision of gaming, online gambling and lottery services insofar as such services are legally provided in Namibia; and
    (j)for the provision of accommodation, transport, catering or leisure services and where the supplier undertakes, when the transaction is concluded, to provide these services on a specific date or within a specific period.

    36. Unsolicited goods, services or communications

    (1)Marketing (to a consumer or any other person) by means of data message must include the following information in all such data messages -
    (a)the originator’s identity and contact details including its place of business, e-mail, addresses and telefax number;
    (b)a valid and operational opt-out facility from receiving similar electronic communications in future; and
    (c)the identifying particulars of the source from which the originator obtained the addressee’s personal information.
    (2)Unsolicited commercial messages may only be sent to addressees where the opt-in requirement is met.
    (3)The opt-in requirement is met if -
    (a)the addressee’s e-mail address and other personal information was collected by the originator of the message in the course of a sale or negotiations for a sale;
    (b)the originator only sends promotional messages relating to its similar products and services to the addressee;
    (c)when the personal information and address was collected by the originator, the originator offered the addressee the opportunity to opt-out (free of charge except for the cost of transmission) and the addressee declined to opt-out; and
    (d)the opportunity to opt-out is provided by the originator to the addressee with every subsequent message.
    (4)In spite of any wording in the message concerned, no contract is formed where the addressee has failed to respond to unsolicited electronic communications.
    (5)An originator who fails to provide the recipient with an operational opt-out facility referred to in subsections (1)(b) and 3(d) commits an offence.
    (6)Any originator who persists in intentionally sending unsolicited commercial electronic communications to an addressee, who has advised the originator by means of the opt-out facility that such electronic communications are unwelcome, commits an offence.
    (7)Any person whose goods or services are advertised or promoted in contravention of this section commits an offence.
    (8)A person who commits an offence as contemplated in subsection (5), (6) or (7) is on conviction liable to a fine not exceeding N$500 000 or to imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

    37. Performance

    (1)The supplier must execute the order within 30 days after the day on which the supplier received the order, unless the parties have agreed otherwise.
    (2)Where a supplier has failed to execute the order within 30 days or within the agreed period the consumer may cancel the agreement with seven days written notice.
    (3)If a supplier is unable to perform in terms of the contract on the grounds that the goods or services ordered are unavailable, the supplier must immediately notify the consumer of this fact and refund any payments within 30 days after the date of such notification.

    38. Applicability of foreign law

    The protection provided to consumers in this Chapter, applies irrespective of the legal system applicable to the contract in question.

    39. Non-exclusion

    Any provision in a contract which excludes any rights provided for in this Chapter is null and void.

    40. Complaints to Online Consumer Affairs Committee

    (1)A consumer may lodge a complaint with the Online Consumer Affairs Committee in respect of any non-compliance with the provisions of this Chapter by a supplier.
    (2)After the committee has investigated the matter, it may after giving the supplier an opportunity to be heard -
    (a)order the supplier to comply with the provision of this Act which has been contravened; or
    (b)impose a fine not exceeding N$20 000 which fine may be collected as a debt due to the state.
    (3)A supplier who fails to comply with an order made in terms of subsection (2)(a) commits an offence and is on conviction liable to a fine not exceeding N$50 000 or imprisonment for a period not exceeding one year or to both such fine and such imprisonment.
  • Chapter 5 – Accreditation of security services or products

    Chapter 5
    Accreditation of security services or products

    41. Security products or services

    (1)A product or service may be accredited by the Authority as complying with the requirements of one or more classes prescribed under subsection (2) if that product or service -
    (a)has as its purpose the encryption or decryption of data;
    (b)ensures that data has not been altered;
    (c)ensures that data has been altered or created by a specific person only;
    (d)creates keys for the encryption or decryption of data;
    (e)prevents unauthorised persons from accessing an information system or certain functions of an information system;
    (f)enables the detection of unauthorised access or tampering with data or an information system;
    (g)has for its purpose the linking of a specific person with a transaction or action;
    (h)has any other purpose relating to the security or integrity of data or an information system, or the linking of any action to a specific information system or person; or
    (i)has a combination of such purposes.
    (2)The Authority may prescribe different classes of security services, products, providers of security products or renderers of security services which classes may include one or more classes of issuers of digital certificates.

    42. Accreditation

    (1)A person who supplies a security product or who renders a security service, may apply in the prescribed manner to the Authority for the accreditation of that product or service or may apply to the Authority to be accredited as a supplier of that security product or as a provider of that security service.
    (2)The Authority may on the application of any person or on its own motion accredit a product available in Namibia, or a service that is provided by a person outside Namibia in a class prescribed in section 41(2).
    (3)The Authority may accredit a person in a class prescribed under section 41(2) as the provider of a specific security product or as the renderer of a specific security service if it is of the opinion that -
    (a)the product or service is sufficiently secure for the purpose concerned; and
    (b)the person who provides the product or who renders the service has the necessary expertise to ensure that the product or service as the case may be, is provided or rendered in such a manner that the process concerned is as secure as is required for the purpose concerned.
    (4)The Authority must issue a certificate of accreditation in respect of every product, service, provider or renderer accredited in terms of subsection (3) which must state -
    (a)the name and address of the person to whom the certificate has been issued;
    (b)the name and any information necessary to identify the product or service for which the certificate has been issued;
    (c)the purpose for which the product or service has been accredited;
    (d)the class in which the service or product has been accredited; and
    (e)any other relevant information that the Authority considers necessary.
    (5)The Authority must make an accreditation in terms of this section known in the prescribed manner.
    (6)Different methods may be prescribed in terms of subsection (5) in respect of different types of accreditation.

    43. Powers and duties of authority in relation to accreditation

    (1)The Authority has all the powers with relation to a person whose service or product has been accredited that it has in terms of the Communications Act, 2009 (Act No. 8 of 2009) with relation to the provider of telecommunications services contemplated in that Act and -
    (a)may enforce any provision of this Act as if it were a provision of that Act; and
    (b)enforce any condition imposed when a product or service has been accredited as if that condition were a licence condition imposed in terms of that Act.
    (2)The Authority must in the prescribed manner maintain a publicly accessible database in respect of -
    (a)all security products and services accredited;
    (b)all accredited providers of security products and all accredited renderers of security services;
    (c)revoked and suspended accreditations; and
    (d)such other information as may be prescribed.
    (3)The Authority may without giving notice perform a security test or cause such test to be performed by a person that in its view has sufficient skill, in respect of the information system of a person whose product or service has been accredited.
    (4)Every person who obtains any information which is stored on any computer system as a result of a security test contemplated in subsection (3) and that does not directly relate to the security of the tested system, must treat that information as confidential and may not reveal that information, unless its revealing is required for the resolution of a dispute relating to the quality, reliability or security of the security service rendered by the accredited service provider in question.
    (5)A person who contravenes subsection (4), commits an offence and is on conviction liable to a fine not exceeding N$100 000 or to imprisonment for a period not exceeding five years or to both such fine and such imprisonment.

    44. Criteria for accreditation

    The Authority may not accredit security services, products, providers of security products or renderers of security services, unless the product, service, provider and renderer comply with the requirements prescribed for the class of service or product in question.

    45. Conditions for accreditation

    (1)The Authority may impose any conditions in respect of an accreditation in terms of this Chapter.
    (2)Conditions imposed in terms of subsection (1) may relate to -
    (a)the financial well-being of the provider of the service or product;
    (b)the technical competence of the provider of the service or product and its employees or partners;
    (c)the reporting of any matter to the Authority, the keeping of records and the provision of any information to the Authority on request;
    (d)the making available of information to the public or to its clients, or to persons requesting verification or authentication from the provider;
    (e)the circumstances under which digital certificates, keys or other authentication data must be revoked or changed, as well as any procedural matter or any other duty relating to such change or revocation;
    (f)the steps which must be taken and the duties or other requirements to which an accredited service provider is subject if a security breach occurs;
    (g)the procedure and duties to be imposed upon the provider of the product or service if it ceases its operation and may include the payment of a deposit or the provision of other security for the performance of such actions, in order to ensure that the service is ceased with the minimum possible disruption; and
    (h)any other matter that may be necessary or expedient in order to ensure that a secure and efficient authentication service is rendered to the Namibian public and that the service or product is in accordance with internationally accepted technical standards.

    46. Revocation or suspension of accreditation

    (1)The Authority may suspend or revoke an accreditation if it is satisfied that the product, service, provider or renderer has failed to comply with, or fails to meet any of the requirements, conditions or restrictions subject to which accreditation was granted.
    (2)Subject to subsection (3), the Authority may not suspend or revoke an accreditation in terms of subsection (1) unless -
    (a)it has notified the provider of the service or product in question in writing of its intention to do so;
    (b)it has given a description of the alleged breach of any of the requirements, conditions or restrictions subject to which accreditation was granted; and
    (c)it has given the provider in question the opportunity to respond to the allegations in writing; and remedy the alleged failure within a reasonable time if in its opinion such remedy is possible.
    (3)The Authority may suspend any accreditation with immediate effect for a period not exceeding 90 days, pending implementation of the procedures necessary to remedy a failure referred to in subsection (2), if the continued accreditation is reasonably likely to result in irreparable harm to consumers or persons involved in an electronic transaction in Namibia.

    47. Accreditation regulations

    (1)The Authority may make regulations prescribing -
    (a)the rights and obligations of customers of service providers and members of the public relating to the provision of accredited products and services including the provision of information or the authentication of electronic services or digital certificates;
    (b)types of security services that may not be rendered or types of security products that may not be provided, unless the service, product, provider or renderer has been accredited in a specified class prescribed under section 41(2);
    (c)the manner in which the Authority must administer and supervise compliance with those obligations;
    (d)the procedure pertaining to the granting, suspension and revocation of accreditation;
    (e)fees to be paid to the Authority in respect of anything done in terms of this Act;
    (f)any matter relating to which conditions may be imposed in terms of section 45;
    (g)any other matter which is necessary or expedient to prescribe for the proper implementation of this Chapter.
    (2)The Authority has all the powers in relation to the making of regulations under subsection (1) that it has in relation to the making of regulations in terms of the Communications Act, 2009 (Act No. 8 of 2009).

    48. Offences relating to accreditation

    A person who -
    (a)holds out a service, product, renderer of a service or provider of a product to have been accredited, while that service, product, renderer or provider has not been accredited or who holds out that a service, product, renderer of a service or provider of a product has been accredited in a specific class, while that service, product, renderer or provider has not been accredited in that class;
    (b)renders a service or provides a product under circumstances where the product or service must be accredited in a prescribed class, while the service or product has not been accredited in that class; or
    (c)renders a service or provides a product under circumstances where the renderer of the service or the provider of the product must be accredited in a prescribed class, while he or she is not accredited in the class concerned,
    commits an offence and is on conviction liable to a fine not exceeding N$50 000 or imprisonment for a period not exceeding two years or to both such fine and such imprisonment.

Subsidiary legislation

To the top