Section 1
Short title
This Act is the Electronic Transactions Act 2010.
/akn/sg/act/act/2010/ETA
Electronic Transactions Act 2010
The full official text, structured for quick navigation. Copy any provision or jump straight to a section.
- Type
- Act
- Status
- In force
- Enacted
- 2010
- Last amended
- 2021
- Sections
- 62
Quick answer
About this act
Electronic Transactions Act 2010 is Singapore Act, cited as Act ETA 2010, currently marked in force and first recorded in 2010.
Part 1
PRELIMINARY
Section 2
Interpretation
Amended by5/20215/2021
Definition
“addressee”, in relation to an electronic communication, means a party who is intended by the originator to receive the electronic communication, but does not include a party acting as an intermediary with respect to that electronic communication;
Definition
“authorised officer”, in relation to the exercise of any power or performance of any duty under this Act, means a person to whom the exercise of that power or performance of that duty has been delegated under section 27;
Definition
“automated message system” means a computer program or an electronic or other automated means used to initiate an action or respond to data messages or performances in whole or in part, without review or intervention by a natural person each time an action is initiated or a response is generated by the program or electronic or other means;
Definition
“communication” includes any statement, declaration, demand, notice, request, offer or the acceptance of an offer, that the parties are required to make or choose to make in connection with the formation or performance of a contract;
Definition
“Controller” means the Controller appointed under section 27(1) and includes a Deputy Controller or an Assistant Controller appointed under section 27(3);
Definition
“electronic” means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities;
Definition
“electronic communication” means any communication that the parties make by means of electronic records;
Definition
“electronic record” means a record generated, communicated, received or stored by electronic means in an information system or for transmission from one information system to another;
Definition
“electronic transferable record” has the meaning given by section 16A;
Definition
“information” includes data, text, images, sound, codes, computer programs, software and databases;
Definition
“information system” means a system for generating, sending, receiving, storing or otherwise processing electronic records;
Definition
“originator”, in relation to an electronic communication, means a party by whom, or on whose behalf, the electronic communication has been sent or generated prior to storage (if any) but does not include a party acting as an intermediary with respect to that electronic communication;
Definition
“public agency” means a department or ministry of the Government, an Organ of State or a public authority established by or under a public Act;
Definition
“record” means information that is inscribed, stored or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form;
Definition
“secure electronic record” means an electronic record that is treated as a secure electronic record by virtue of section 17(1) or any other provision of this Act;
Definition
“secure electronic signature” means an electronic signature that is treated as a secure electronic signature by virtue of section 18 or any other provision of this Act;
Definition
“security procedure” means a procedure for the purpose of —
(a)
verifying that an electronic record is that of a specific person; or
(b)
detecting error or alteration in the communication, content or storage of an electronic record since a specific point in time,which may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgment procedures, or similar security devices;
Definition
“signed” or “signature” means a method (electronic or otherwise) used to identify a person and to indicate the intention of that person in respect of the information contained in a record;
Definition
“specified security procedure” means a security procedure which is specified in the Second Schedule;
Definition
“specified security procedure provider” means a person involved in the provision of a specified security procedure.
Amended by5/2021
(2)
In this Act, “place of business”, in relation to a party, means —
(a)
any place where the party maintains a non‑transitory establishment to pursue an economic activity other than the temporary provision of goods or services out of a specific location; or
(b)
if the party is a natural person and he or she does not have a place of business, the person’s habitual residence.
(3)
For the purposes of subsection (2) —
(a)
if a party has indicated the party’s place of business, the location indicated by the party is presumed to be the party’s place of business unless another party proves that the party making the indication does not have a place of business at that location;
(b)
if a party has not indicated a place of business and has more than one place of business, then the place of business is that which has the closest relationship to the relevant contract, having regard to the circumstances known to or contemplated by the parties at any time before or at the conclusion of the contract;
(c)
a location is not a place of business merely because that location is —
(i)
where equipment and technology supporting an information system used by a party in connection with the formation of a contract, or the creation or use of electronic transferable records, are located; or
(ii)
where the information system may be accessed by other parties; and
(d)
the sole fact that a party makes use of a domain name, an electronic mail address or other electronic address, or other elements of an information system connected to a specific country does not create a presumption that its place of business is located in that country.
Amended by5/2021
(4)
Where an electronic communication does not relate to any contract, references to a contract in subsection (3) refer to the relevant transaction.
Section 3
Purposes and construction
Amended by5/2021
This Act is to be construed consistently with what is commercially reasonable under the circumstances and to give effect to the following purposes:
(a)
to facilitate electronic communications by means of reliable electronic records;
(b)
to facilitate electronic commerce, to eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements, and to promote the development of the legal and business infrastructure necessary to implement secure electronic commerce;
(c)
to facilitate electronic filing of documents with public agencies, and to promote efficient delivery by public agencies of services by means of reliable electronic records;
(d)
to minimise the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce and other electronic transactions;
(e)
to help to establish uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records;
(f)
to promote public confidence in the integrity and reliability of electronic records and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium;
(g)
to implement the United Nations Convention on the Use of Electronic Communications in International Contracts adopted by the General Assembly of the United Nations on 23 November 2005 and to make the law of Singapore on electronic transactions, whether or not involving parties whose places of business are in different States, consistent with the provisions of that Convention;
(h)
to adopt the UNCITRAL Model Law on Electronic Transferable Records adopted by the United Nations Commission on International Trade Law on 13 July 2017 in its application to an electronic transferable record, whether the electronic transferable record is issued or used in Singapore or outside Singapore.
Section 4
Excluded matters
(1)
The provisions of this Act specified in the first column of the First Schedule do not apply to any rule of law requiring writing or signatures in any of the matters specified in the second column of that Schedule.
Section 5
Party autonomy
(1)
Nothing in Part 2 affects any rule of law or obligation requiring the agreement or consent of the parties as to the form of a communication or record, and (unless otherwise agreed or provided by a rule of law) such agreement or consent may be inferred from the conduct of the parties.
(2)
Nothing in Part 2 prevents the parties to a contract or transaction from —
(a)
excluding the use of electronic records, electronic communications or electronic signatures in the contract or transaction by agreement; or
(b)
imposing additional requirements as to the form or authentication of the contract or transaction by agreement.
(3)
Subject to any other rights or obligations of the parties to a contract or transaction, the parties may, by agreement —
(a)
exclude section 6, 11, 12, 13, 14, 15 or 16 from applying to the contract or transaction; or
(b)
derogate from or vary the effect of all or any of those provisions in respect of the contract or transaction.
Part 2
ELECTRONIC RECORDS, SIGNATURES AND CONTRACTS
Section 6
Legal recognition of electronic records
To avoid doubt, it is declared that information is not to be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.
Section 7
Requirement for writing
Where a rule of law requires information to be written, in writing, to be presented in writing or provides for certain consequences if it is not, an electronic record satisfies that rule of law if the information contained in the electronic record is accessible so as to be usable for subsequent reference.
Section 8
Requirement for signature
Where a rule of law requires a signature, or provides for certain consequences if a document or a record is not signed, that requirement is satisfied in relation to an electronic record if —
(a)
a method is used to identify the person and to indicate that person’s intention in respect of the information contained in the electronic record; and
(b)
the method used is either —
(i)
as reliable as appropriate for the purpose for which the electronic record was generated or communicated, in the light of all the circumstances, including any relevant agreement; or
(ii)
proven in fact to have fulfilled the functions described in paragraph (a), by itself or together with further evidence.
Section 9
Retention of electronic records
(1)
Where a rule of law requires any document, record or information to be retained, or provides for certain consequences if it is not, that requirement is satisfied by retaining the document, record or information in the form of an electronic record if the following conditions are satisfied:
(a)
the information contained therein remains accessible so as to be usable for subsequent reference;
(b)
the electronic record is retained in the format in which it was originally generated, sent or received, or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
(c)
such information (if any) as enables the identification of the origin and destination of an electronic record and the date and time when it was sent or received, is retained; and
(d)
any additional requirements relating to the retention of such electronic records specified by the public agency which has supervision over the requirement for the retention of such records are complied with.
(2)
An obligation to retain any document, record or information in accordance with subsection (1)(c) does not extend to any information necessarily and automatically generated solely for the purpose of enabling a record to be sent or received.
(3)
A person may satisfy the requirement mentioned in subsection (1) by using the services of any other person, if the conditions in paragraphs (a) to (d) of that subsection are complied with.
(4)
Nothing in this section applies to —
(a)
any rule of law which expressly provides for the retention of documents, records or information in the form of electronic records; or
(b)
any rule of law requiring that any document, record or information be retained (or which provides for consequences if not) that the Minister, by order in the Gazette, excludes from the application of this section in respect of such document, record or information.
Section 10
Provision of originals
(1)
Where a rule of law requires any document, record or information to be provided or retained in its original form, or provides for certain consequences if it is not, that requirement is satisfied by providing or retaining the document, record or information in the form of an electronic record if the following conditions are satisfied:
(a)
there exists a reliable assurance as to the integrity of the information contained in the electronic record from the time the document, record or information was first made in its final form, whether as a written document or as an electronic record;
(b)
where the document, record or information is to be provided to a person, the electronic record that is provided to the person is capable of being displayed to the person; and
(c)
any additional requirements relating to the provision or retention of such electronic records specified by the public agency which has supervision over the requirement for the provision or retention of such records are complied with.
(2)
For the purposes of subsection (1)(a) —
(a)
the criterion for assessing integrity is whether the information has remained complete and unaltered, apart from the introduction of any changes that arise in the normal course of communication, storage and display; and
(b)
the standard of reliability required must be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances.
(3)
A person may satisfy the requirement mentioned in subsection (1) by using the services of any other person, if the conditions in paragraphs (a), (b) and (c) of that subsection are complied with.
(4)
Nothing in this section applies to any rule of law requiring that any document, record or information be provided or retained in its original form (or which provides for consequences if not) that the Minister, by order in the Gazette, excludes from the application of this section in respect of such document, record or information.
Section 11
Formation and validity of contracts
(1)
To avoid doubt, it is declared that in the context of the formation of contracts, an offer and the acceptance of an offer may be expressed by means of electronic communications.
(2)
Where an electronic communication is used in the formation of a contract, that contract is not to be denied validity or enforceability solely on the ground that an electronic communication was used for that purpose.
Section 12
Effectiveness between parties
As between the originator and the addressee of an electronic communication, a declaration of intent or other statement is not to be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic communication.
Section 13
Time and place of despatch and receipt
Amended by5/2021
(1)
The time of despatch of an electronic communication is —
(a)
the time when it leaves an information system under the control of the originator or of the party who sent it on behalf of the originator; or
(b)
if the electronic communication has not left an information system under the control of the originator or of the party who sent it on behalf of the originator, the time when the electronic communication is received.
(2)
The time of receipt of an electronic communication is the time when the electronic communication becomes capable of being retrieved by the addressee at an electronic address designated by the addressee.
(3)
The time of receipt of an electronic communication at an electronic address that has not been designated by the addressee is the time when the electronic communication becomes capable of being retrieved by the addressee at that address and the addressee becomes aware that the electronic communication has been sent to that address.
(4)
For the purposes of subsections (2) and (3), an electronic communication is presumed to be capable of being retrieved by the addressee when it reaches the electronic address of the addressee.
Amended by5/2021
(5)
An electronic communication is deemed to be despatched at the place where the originator has its place of business and is deemed to be received at the place where the addressee has its place of business.
(6)
Subsections (2), (3) and (4) apply even though the place where the information system supporting an electronic address is located may be different from the place where the electronic communication is deemed to be received under subsection (5).
Section 14
Invitation to make offer
A proposal to conclude a contract made through one or more electronic communications which is not addressed to one or more specific parties, but is generally accessible to parties making use of information systems, including a proposal that makes use of interactive applications for the placement of orders through such information systems, is to be considered as an invitation to make offers, unless it clearly indicates the intention of the party making the proposal to be bound in case of acceptance.
Section 15
Use of automated message systems for contract formation
A contract formed by the interaction of an automated message system and a natural person, or by the interaction of automated message systems, is not to be denied validity or enforceability solely on the ground that no natural person reviewed or intervened in each of the individual actions carried out by the automated message systems or the resulting contract.
Section 16
Error in electronic communications
(1)
Where a natural person makes an input error in an electronic communication exchanged with the automated message system of another party and the automated message system does not provide the person with an opportunity to correct the error, that person, or the party on whose behalf that person was acting, has the right to withdraw the portion of the electronic communication in which the input error was made.
(2)
Subsection (1) does not apply unless the person, or the party on whose behalf that person was acting —
(a)
notifies the other party of the error as soon as possible after having learned of the error and indicates that he or she made an error in the electronic communication; and
(b)
has not used or received any material benefit or value from the goods or services (if any) received from the other party.
(3)
Nothing in this section affects the application of any rule of law that may govern the consequences of any error other than as provided for in subsections (1) and (2).
Part 2A
ELECTRONIC TRANSFERABLE RECORDS
Section 16A
Interpretation of this Part
Amended by5/20215/2021
Definition
“bill of exchange” includes a bill of exchange within the meaning of the Bills of Exchange Act 1949, or under any other rule of law, or the law of a country or territory outside Singapore;
Definition
“bill of lading” includes a bill of lading within the meaning of the Carriage of Goods by Sea Act 1972, the Bills of Lading Act 1992, or under any other rule of law, or the law of a country or territory outside Singapore;
Definition
“electronic record” means a record generated, communicated, received or stored by electronic means, including (where appropriate) all information logically associated with or otherwise linked together so as to become part of the record, whether generated contemporaneously or not;
Definition
“electronic transferable record” means an electronic record that complies with all the requirements of section 16H;
Definition
“electronic transferable records management system” means an information system for the issuance, transfer, control, presentation and storage of electronic transferable records;
Definition
“Model Law” means the UNCITRAL Model Law on Electronic Transferable Records adopted by the United Nations Commission on International Trade Law on 13 July 2017;
Definition
“promissory note” includes a promissory note within the meaning of the Bills of Exchange Act 1949, or under any other rule of law, or the law of a country or territory outside Singapore;
Definition
“provider”, in relation to an electronic transferable records management system, means a person that provides to another person the use of an electronic transferable records management system;
Definition
“transferable document or instrument” means a document or an instrument issued on paper that entitles the holder to claim the performance of the obligation indicated in the document or instrument and to transfer the right to performance of the obligation indicated in the document or instrument through the transfer of that document or instrument, and includes —
(a)
a bill of exchange;
(b)
a promissory note; and
(c)
a bill of lading.
Amended by5/2021
(2)
In the interpretation of any provision of this Part —
(a)
regard is to be had to the international origin of the Model Law and the need to promote uniformity in its application; (b)the following documents are relevant documents for the purposes of section 9A(3)(f) of the Interpretation Act 1965:
(i)
any document relating to the Model Law that is issued by, or that forms part of the record on the preparation of the Model Law maintained by, the United Nations Commission on International Trade Law and its working group for the preparation of the Model Law;
(ii)
the Explanatory Note to the UNCITRAL Model Law on Electronic Transferable Records; and
(c)
any question concerning matters governed by this Part which are not expressly settled in this Part are to be settled in conformity with the general principles on which the Model Law is based.
Amended by5/2021
Section 16B
Adoption of Model Law
Amended by5/20215/2021
(1)
This Part adopts the Model Law in its application to an electronic transferable record in accordance with the provisions of this Part.
Amended by5/2021
(2)
Unless otherwise provided, nothing in this Part affects the application to an electronic transferable record of any rule of law governing a transferable document or instrument.
Amended by5/2021
Section 16C
Additional information in electronic transferable records
Amended by5/2021
Nothing in this Part precludes the inclusion of any information in an electronic transferable record in addition to any information contained in a transferable document or instrument.Examples (a) An electronic transferable record may contain additional information that is included due to its electronic nature such as metadata or a unique identifier. (b) An electronic transferable record may contain additional dynamic information, that is, additional information that may change periodically or continuously, based on an external source, for example the price of a publicly‑traded commodity or the position of a vessel.
Section 16D
Requirement of consent
Amended by5/20215/20215/2021
(1)
Nothing in this Part requires a person to use an electronic transferable record without the person’s consent.
Amended by5/2021
(2)
The consent of a person to use an electronic transferable record may be inferred from the person’s conduct.
Amended by5/2021
(3)
Pursuant to subsection (1) —
(a)
the parties who do not consent to the use of an electronic transferable record may derogate from all the provisions of this Part; but(b)the parties may not derogate from only some but not all the provisions of this Part.
Amended by5/2021
Section 16E
Legal recognition of electronic transferable record
Amended by5/2021
To avoid doubt, an electronic transferable record is not to be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.
Section 16F
Requirement for writing
Amended by5/2021
Section 7 applies to an electronic transferable record as it applies to an electronic record within the meaning of section 2(1).
Section 16G
Requirement for signature
Amended by5/2021
Where a rule of law requires a signature of a person, or provides for certain consequences if a transferable document or instrument is not signed, that requirement is met with respect to an electronic transferable record if a reliable method is used —
(a)
to identify that person; and (b)to indicate that person’s intention in respect of the information contained in the electronic transferable record.
Section 16H
Transferable documents or instruments
Amended by5/20215/2021
(1)
Where a rule of law requires a transferable document or instrument, that requirement is met by an electronic record if —
(a)
the electronic record contains the information that would be required to be contained in the transferable document or instrument; and
(b)
a reliable method is used —
(i)
to identify that electronic record as the authoritative electronic record constituting the electronic transferable record;
(ii)
to render that electronic record capable of being subject to control from its creation until it ceases to have any effect or validity; and
(iii)
to retain the integrity of that electronic record.
Amended by5/2021
(2)
For the purposes of subsection (1)(b)(iii), the criterion for assessing integrity is whether information contained in the electronic record, including any authorised change that arises from its creation until it ceases to have any effect or validity, has remained complete and unaltered apart from any change that arises in the normal course of communication, storage or display.
Amended by5/2021
Section 16I
Requirement for possession or transfer of possession
Amended by5/20215/2021
(1)
Where a rule of law requires the possession of a transferable document or instrument, or provides for certain consequences if a transferable document or instrument is not possessed, that requirement is met with respect to an electronic transferable record if a reliable method is used —
(a)
to establish exclusive control of that electronic transferable record by a person; and (b)to identify that person as the person in control.
Amended by5/2021
(2)
Where a rule of law requires the transfer of possession of a transferable document or instrument, or provides for certain consequences if possession of a transferable document or instrument is not transferred, that requirement is met with respect to an electronic transferable record through the transfer of control over the electronic transferable record to another person in accordance with subsection (1).
Amended by5/2021
Section 16J
Indication of time and place in electronic transferable record
Amended by5/2021
Where a rule of law requires the indication of time or place with respect to a transferable document or instrument, or provides for certain consequences if time or place is not indicated with respect to a transferable document or instrument, that requirement is met if a reliable method is used to indicate that time or place with respect to an electronic transferable record.
Section 16K
Indorsement
Amended by5/2021
Where a rule of law requires the indorsement in any form of a transferable document or instrument, or provides for certain consequences if a transferable document or instrument is not indorsed, that requirement is met with respect to an electronic transferable record if the information required for the indorsement is included in the electronic transferable record in compliance with the requirements for writing and signature in sections 16F and 16G respectively.
Section 16L
Amendment
Amended by5/2021
Where a rule of law requires the amendment of a transferable document or instrument, or provides for certain consequences if a transferable document or instrument is not amended, that requirement is met with respect to an electronic transferable record if a reliable method is used for the amendment of any information in the electronic transferable record so that the amended information is identified as such.
Section 16M
Change of medium from transferable document or instrument to electronic transferable record
Amended by5/20215/20215/20215/2021
(1)
An electronic transferable record may replace a transferable document or instrument if a reliable method for the change of medium in accordance with this section is used.
Amended by5/2021
(2)
For the change of medium mentioned in subsection (1) to take effect, the following requirements must be satisfied:
(a)
all the information contained in the transferable document or instrument must be accurately reproduced in the electronic transferable record that replaces the transferable document or instrument; (b)a statement indicating a change of medium must be inserted in the electronic transferable record that replaces the transferable document or instrument.
Amended by5/2021
(3)
Upon the issuance of the electronic transferable record in accordance with subsections (1) and (2), the transferable document or instrument —
(a)
ceases to have any effect or validity; and
(b)
must be made inoperative.
Amended by5/2021
(4)
A change of medium in accordance with subsections (1) and (2) does not affect the rights and obligations of the parties.
Amended by5/2021
Section 16N
Change of medium from electronic transferable record to transferable document or instrument
Amended by5/20215/20215/20215/20215/2021
(1)
A transferable document or instrument may replace an electronic transferable record if a reliable method for the change of medium in accordance with this section is used.
Amended by5/2021
(2)
For the change of medium mentioned in subsection (1) to take effect, the following requirements must be satisfied:
(a)
all the information contained in the electronic transferable record must be accurately reproduced in the transferable document or instrument that replaces the electronic transferable record;
(b)
a statement indicating a change of medium must be inserted in the transferable document or instrument that replaces the electronic transferable record.
Amended by5/2021
(3)
For the purposes of subsection (2)(a), the information in the electronic transferable record that must be accurately reproduced in the transferable document or instrument that replaces the electronic transferable record does not include any additional information that may be contained in an electronic transferable record mentioned in section 16C.
Amended by5/2021
(4)
Upon the issuance of the transferable document or instrument in accordance with subsections (1) and (2), the electronic transferable record —
(a)
ceases to have any effect or validity; and
(b)
must be made inoperative.
Amended by5/2021
(5)
A change of medium in accordance with subsections (1) and (2) does not affect the rights and obligations of the parties.
Amended by5/2021
Section 16O
General reliability standard
Amended by5/20215/20215/2021
(1)
For the purposes of sections 16G, 16H, 16I, 16J, 16L, 16M and 16N, the reliable method mentioned in each of these provisions must be —
(a)
as reliable as appropriate for the fulfilment of the function for which the method is being used, in the light of all the relevant circumstances, which may include —
(i)
any operational rules that are relevant to the assessment of reliability;
(ii)
the assurance of data integrity;
(iii)
the ability to prevent unauthorised access to and use of the system;
(iv)
the security of hardware and software;
(v)
the regularity and extent of audit by an independent body;
(vi)
the existence of a declaration by a supervisory body, an accreditation body or a voluntary scheme, regarding the reliability of the method; or
(vii)
any applicable industry standard; or
(b)
proven in fact to have fulfilled the function by itself or together with any further evidence.
Amended by5/2021
(2)
In any proceedings involving an electronic transferable record that is issued, transferred, controlled, presented and stored by means of an accredited electronic transferable records management system provided by a provider that is registered, licensed, accredited or recognised in accordance with regulations made under section 16Q, it is presumed, unless evidence to the contrary is adduced, that the methods used by the electronic transferable records management system to fulfil the requirements under this Part in relation to the electronic transferable record are as reliable as appropriate.
Amended by5/2021
(3)
The presumption in subsection (2) applies only if the electronic transferable record is issued, transferred, controlled, presented and stored by means of the accredited electronic transferable records management system provided by the provider during the period in which the provider is registered, licensed, accredited or recognised under this Part.
Amended by5/2021
Section 16P
Non‑discrimination of foreign electronic transferable records
Amended by5/20215/2021
(1)
An electronic transferable record is not to be denied legal effect, validity or enforceability solely on the ground that it was issued or used outside Singapore.
Amended by5/2021
(2)
Nothing in this Part affects the application to an electronic transferable record of any rule of private international law governing a transferable document or instrument.
Amended by5/2021
Section 16Q
Regulations
Amended by5/20215/20215/2021
(1)
The Minister may make regulations for the carrying out of this Part and, without limiting such general power, may make regulations for the following purposes:
(a)
the registration, licensing or accreditation of providers of an electronic transferable records management system;
(b)
the accreditation of electronic transferable records management systems that satisfy the requirements of providing a reliable method under section 16O for the fulfilment of the requirements in relation to an electronic transferable record under this Part;
(c)
to prescribe the accounts to be kept by a provider of an electronic transferable records management system that is registered, licensed or accredited under this Part;
(d)
to provide for the appointment and remuneration of an auditor for the audit of a provider of an electronic transferable records management system that is registered, licensed or accredited under this Part, and for the costs of an audit carried out under the regulations;
(e)
to provide for the use of any accreditation mark in relation to the activities of a provider of an electronic transferable records management system in relation to such system, and for controls over the use of such accreditation mark;
(f)
to prescribe the duties and liabilities of a provider of an electronic transferable records management system that is registered, licensed or accredited under this Part in respect of its customers;
(g)
to provide for the conduct of any inquiry into the conduct of any provider of an electronic transferable records management system and its authorised representatives and the recovery of the costs and expenses involved in such an inquiry;
(h)
to prescribe the forms and fees applicable for the purposes of this Part.
Amended by5/2021
(2)
Without limiting subsection (1), the Minister may make regulations to provide for the cross‑border recognition of a provider of an electronic transferable records management system that is incorporated, formed or established in a country or territory outside Singapore (called in this section a foreign provider) where the foreign provider —
(a)
is registered, licensed or accredited under a particular registration, licensing or accreditation scheme (as the case may be) established outside Singapore; and
(b)
carries on its business relating to the electronic transferable records management system in accordance with requirements that are at least equivalent or comparable to the requirements applicable to a provider of an electronic transferable records management system that is or would be registered, licensed or accredited under this Part.
Amended by5/2021
(3)
Regulations made under this section may provide that a contravention of a specified provision shall be an offence and shall be punishable with a fine not exceeding $50,000 or with imprisonment for a term not exceeding 12 months or with both.
Amended by5/2021
Section 16R
Controller may give directions for compliance
Amended by5/20215/2021
(1)
The Controller may, by written notice, direct a provider of an electronic transferable records management system that is registered, licensed or accredited under this Part, or any of its officers, employees or authorised representatives, to take any measure or stop carrying on any activity specified in the notice that is necessary to ensure compliance with this Part.
Amended by5/2021
(2)
Any person who fails to comply with any direction specified in a notice issued under subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 12 months or to both.
Amended by5/2021
Section 16S
Power to investigate
Amended by5/20215/2021
(1)
The Controller or an authorised officer may investigate the activities of a provider of an electronic transferable records management system that is registered, licensed or accredited under this Part, or any of its officers, employees or authorised representatives, in relation to their compliance with this Part.
Amended by5/2021
(2)
For the purposes of subsection (1), the Controller may issue a written order to the provider or any of its officers, employees or authorised representatives, to further an investigation under this section or to secure compliance with this Part, including an order to produce records, accounts, data and documents kept by the provider, and to allow the Controller or an authorised officer to examine and copy any of them.
Amended by5/2021
Part 3
SECURE ELECTRONIC RECORDS AND SIGNATURES
Section 17
Secure electronic record
(1)
If a specified security procedure, or a commercially reasonable security procedure agreed to by the parties involved, has been properly applied to an electronic record to verify that the electronic record has not been altered since a specific point in time, such record is treated as a secure electronic record from such specific point in time to the time of verification.
(2)
For the purposes of this section and section 18, whether a security procedure is commercially reasonable must be determined having regard to the purposes of the procedure and the commercial circumstances at the time the procedure was used, including —
(a)
the nature of the transaction;
(b)
the sophistication of the parties;
(c)
the volume of similar transactions engaged in by either or all parties;
(d)
the availability of alternatives offered to but rejected by any party;
(e)
the cost of alternative procedures; and
(f)
the procedures in general use for similar types of transactions.
Section 18
Secure electronic signature
(1)
If, through the application of a specified security procedure, or a commercially reasonable security procedure agreed to by the parties involved, it can be verified that an electronic signature was, at the time it was made —
(a)
unique to the person using it;
(b)
capable of identifying such person;
(c)
created in a manner or using a means under the sole control of the person using it; and
(d)
linked to the electronic record to which it relates in a manner such that if the record was changed the electronic signature would be invalidated,such signature is treated as a secure electronic signature.
(2)
Whether a security procedure is commercially reasonable must be determined in accordance with section 17(2).
Section 19
Presumptions relating to secure electronic records and signatures
(1)
In any proceedings involving a secure electronic record, it is presumed, unless evidence to the contrary is adduced, that the secure electronic record has not been altered since the specific point in time to which the secure status relates.
(2)
In any proceedings involving a secure electronic signature, it is presumed, unless evidence to the contrary is adduced, that —
(a)
the secure electronic signature is the signature of the person to whom it correlates; and
(b)
the secure electronic signature was affixed by that person with the intention of signing or approving the electronic record.
(3)
In the absence of a secure electronic record or a secure electronic signature, nothing in this Part creates any presumption relating to the authenticity and integrity of the electronic record or electronic signature.
Part 4
REGULATION OF SPECIFIED SECURITY PROCEDURES AND SPECIFIED SECURITY PROCEDURE PROVIDERS
Section 20
Interpretation of this Part
(1)
In this Part, “designated person” means any member of a class of specified security procedure providers specified in the Fourth Schedule.
(2)
To avoid doubt, a reference to this Part includes a reference to the Second, Third and Fourth Schedules.
Section 21
Specified security procedures
(1)
The Minister may, by order in the Gazette, amend the Second Schedule to add, delete or modify any specified security procedure for the purposes of this Act.
(2)
The provisions set out in the Third Schedule apply to the corresponding specified security procedures.
(3)
The Minister may, by order in the Gazette, amend the Third Schedule to make provisions relating to any of the specified security procedures, including —
(a)
specifying the conditions under which any electronic signature may be treated as a secure electronic signature;
(b)
specifying the conditions under which any electronic record may be treated as a secure electronic record;
(c)
prescribing the effect of and duties relating to the use of specified security procedures, including the rights and duties of any persons relating to the use of such procedures and specifying rules relating to the presumptions, assumption of risk, foreseeability of reliance and liability limits applicable to the use of specified security procedures; and
(d)
prescribing offences in respect of the contravention of any provision in that Schedule, and prescribing fines not exceeding $20,000 or imprisonment which may not exceed 2 years or both, that may, on conviction, be imposed in respect of any such offence.
Section 22
Regulation of specified security procedures and specified security procedure providers
(1)
The Minister may make regulations for the carrying out of this Part and, without affecting such general power, may make regulations for all or any of the following purposes:
(a)
the regulation, licensing or accreditation of specified security procedure providers and their authorised representatives;
(b)
safeguarding or maintaining the effectiveness and efficiency of the common security infrastructure relating to the use of secure electronic signatures and the authentication of electronic records, including the imposition of requirements to ensure interoperability between specified security procedure providers or in relation to any security procedure;
(c)
ensuring that the common security infrastructure relating to the use of secure electronic signatures and the authentication of electronic records complies with Singapore’s international obligations;
(d)
prescribing the forms and fees applicable for the purposes of this Part.
(2)
Without limiting subsection (1), the Minister may, in making regulations for the regulation, licensing or accreditation of specified security procedure providers and their authorised representatives —
(a)
prescribe the accounts to be kept by specified security procedure providers;
(b)
provide for the appointment and remuneration of an auditor, and for the costs of an audit carried out under the regulations;
(c)
provide for the establishment and regulation of any electronic system by a specified security procedure provider, whether by itself or in conjunction with other specified security procedure providers, and for the imposition and variation of requirements or conditions relating to the electronic system as the Controller may think fit;
(d)
make provisions to ensure the quality of repositories and the services they provide, including provisions for the standards, licensing or accreditation of repositories;
(e)
provide for the use of any accreditation mark in relation to the activities of specified security procedure providers and for controls over the use of the accreditation mark;
(f)
prescribe the duties and liabilities of specified security procedure providers registered, licensed or accredited under this Act in respect of their customers; and
(g)
provide for the conduct of any inquiry into the conduct of specified security procedure providers and their authorised representatives and the recovery of the costs and expenses involved in such an inquiry.
(3)
Without limiting subsection (1), the Minister may make regulations to provide for the cross‑border recognition of specified security procedure providers or specified security procedures or any processes or records related thereto, including any requirements —
(a)
relating to interoperability arrangements with the specified security procedure providers;
(b)
whether the specified security procedure providers satisfy certain requirements applicable to specified security procedure providers registered, accredited or licensed under this Act;
(c)
whether the specified security procedures, processes or records satisfy certain requirements applicable to specified security procedures, processes or records (as the case may be) under this Act;
(d)
that the processes or records have been guaranteed by a specified security procedure provider registered, accredited or licensed under this Act;
(e)
that —
(i)
the specified security procedure providers have been registered, accredited or licensed;
(ii)
the processes have been specified; or
(iii)
the records have been registered,under a particular registration, licensing or accreditation scheme (as the case may be) established outside Singapore; or
(f)
that the specified security procedure providers, specified security procedures, processes or records have been recognised under a particular bilateral or multilateral agreement with Singapore.
(4)
Regulations made under this section may provide that a contravention of a specified provision shall be an offence and may provide penalties for a fine not exceeding $50,000 or imprisonment for a term not exceeding 12 months or both.
Section 23
Controller may give directions for compliance
(1)
The Controller may, by written notice, direct any designated person, or any officer, employee or authorised representative of a designated person —
(a)
to take such measures or stop carrying on such activities as are specified in the notice if they are necessary to ensure compliance with this Part; or
(b)
to cooperate with any other designated persons or public agencies as the Controller thinks necessary in the case of a public emergency.
(2)
Any person who fails to comply with any direction specified in a notice issued under subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 12 months or to both.
(3)
If any doubt arises as to the existence of a public emergency for the purposes of subsection (1)(b), a certificate signed by the Minister delivered to the designated person is conclusive evidence of the matters stated in the certificate.
Section 24
Power to investigate
(1)
The Controller or an authorised officer may investigate the activities of any designated person, or any officer, employee or authorised representative of a designated person, in relation to their compliance with this Part.
(2)
For the purposes of subsection (1), the Controller may in writing issue an order to any designated person, or any officer, employee or authorised representative of a designated person, to further an investigation under this section or to secure compliance with this Part, including an order to produce records, accounts, data and documents kept by the designated person, and to allow the Controller or an authorised officer to examine and copy any of them.
Part 5
USE OF ELECTRONIC RECORDS AND SIGNATURES BY PUBLIC AGENCIES
Section 25
Acceptance of electronic filing and issue of documents
(1)
Any public agency that, pursuant to any written law —
(a)
accepts the filing of documents, or obtains information in any form;
(b)
requires that documents be created or retained;
(c)
requires documents, records or information to be provided or retained in their original form;
(d)
issues any permit, licence or approval; or
(e)
requires payment of any fee, charge or other amount by any method and manner of payment,may, despite anything to the contrary in such written law, carry out that function by means of electronic records or in electronic form.
(2)
In any case where a public agency decides to perform any of the functions in subsection (1) by means of electronic records or in electronic form, the public agency may specify —
(a)
the manner and format in which such electronic records are to be filed, created, retained, issued or provided;
(b)
where such electronic records have to be signed, the type of electronic signature required (including, if applicable, a requirement that the sender use a particular type of secure electronic signature);
(c)
the manner and format in which such signature is to be affixed to the electronic record, and the identity of or criteria that are to be met by any specified security procedure provider used by the person filing the document;
(d)
such control processes and procedures as may be appropriate to ensure adequate integrity, security and confidentiality of electronic records or payments; and
(e)
any other required attributes for electronic records or payments that are currently specified for corresponding paper documents.
(3)
To avoid doubt, despite anything to the contrary in any written law but subject to any specification made under subsection (2), where any person is required by any written law to —
(a)
file any document with or provide information in any form to a public agency;
(b)
create or retain any document for a public agency;
(c)
use a prescribed form for an application or notification to, or other transaction with, a public agency;
(d)
provide to or retain for a public agency any document, record or information in its original form; or
(e)
hold a permit, licence or other approval from a public agency,such a requirement is satisfied by an electronic record specified by the public agency for that purpose and —
(f)
in the case of a requirement mentioned in paragraph (a), (c) or (d), transmitted or retained (as the case may be) in the manner specified by the public agency;
(g)
in the case of a requirement mentioned in paragraph (b), created or retained (as the case may be) in the manner specified by the public agency; or
(h)
in the case of a requirement mentioned in paragraph (e), issued by the public agency.
(4)
Subject to sections 9 and 10, nothing in this Act by itself compels any public agency to accept or issue any document or information in the form of electronic records or to accept any payment in electronic form.
Part 6
LIABILITY OF NETWORK SERVICE PROVIDERS
Section 26
Liability of network service providers
Amended by26/201222/202122/2021
(1)
Subject to subsection (3), a network service provider shall not be subject to any civil or criminal liability under any rule of law in respect of third‑party material in the form of electronic records to which the network service provider merely provides access if such liability is founded on —
(a)
the making, publication, dissemination or distribution of such materials or any statement made in such material; or
(b)
the infringement of any rights subsisting in or in relation to such material.
(2)
Subject to subsection (3), a network service provider shall not be subject to any liability under the Personal Data Protection Act 2012 in respect of third‑party material in the form of electronic records to which the network service provider merely provides access.
Amended by26/2012
(3)
Nothing in this section affects —
(a)
any obligation founded on contract;
(b)
the obligation of a network service provider as such under a licensing or other regulatory regime established under any written law;
(c)
any obligation imposed under any written law or by a court to remove, block or deny access to any material; or
(d)
any liability of a network service provider under the Copyright Act 2021 in respect of a rights infringement as defined by section 97 of that Act.
Amended by22/2021
Definition
“provides access”, in relation to third-party material, means the provision of the necessary technical means by which third‑party material may be accessed and includes the automatic and temporary storage of the third-party material for the purpose of providing access;
Definition
“third-party”, in relation to a network service provider, means a person over whom the provider has no effective control.
Amended by22/2021
Part 7
GENERAL
Section 27
Appointment of Controller and other officers
(1)
The Minister may appoint any person to be the Controller for the purposes of this Act.
(2)
The Controller must, subject to any general or special directions of the Minister, perform such duties as are imposed and may exercise such powers as are conferred upon the Controller by this Act or any other written law.
(3)
The Controller may, after consulting the Minister, appoint by name or office such number of Deputy Controllers, Assistant Controllers and other officers as the Controller considers necessary for the purpose of assisting the Controller in the performance of the Controller’s duties and the exercise of the Controller’s powers under this Act.
(4)
The Controller may delegate the exercise of all or any of the powers conferred or duties imposed upon the Controller by this Act (except the power of delegation conferred by this subsection) to any officer appointed under subsection (3), subject to such conditions or limitations as the Controller may specify.
(5)
In exercising any of the powers of enforcement under this Act, an authorised officer must on demand produce to the person against whom the authorised officer is acting the authority issued to the authorised officer by the Controller.
(6)
The Controller, every officer appointed under subsection (3) and every authorised officer is deemed to be a public servant for the purposes of the Penal Code 1871.
Section 28
Obligation of confidentiality
(1)
A person must not disclose any information which has been obtained by him or her in the performance of his or her duties or the exercise of his or her powers under this Act, unless such disclosure is made —
(a)
with the permission of the person from whom the information was obtained or, where the information is the confidential information of a third person, with the permission of the third person;
(b)
for the purpose of the administration or enforcement of this Act;
(c)
for the purpose of assisting any public officer or officer of any other statutory board in the investigation or prosecution of any offence under any written law; or
(d)
in compliance with the requirement of any court or any written law.
(2)
For the purposes of this section, the reference to a person disclosing any information includes the person permitting any other person to have access to any electronic record, book, register, correspondence, information, document or other material which has been obtained by the firstmentioned person in the performance of his or her duties or the exercise of his or her powers under this Act.
(3)
Any person who contravenes subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or to both.
Section 29
Access to computers and data
(1)
The Controller or an authorised officer is entitled at any time to —
(a)
have access to and inspect and check the operation of any computer system and any associated apparatus or material which he or she has reasonable cause to suspect is or has been in use in connection with any offence under this Act; and
(b)
use or caused to be used any such computer system to search any data contained in or available to such computer system.
(2)
The Controller or an authorised officer is entitled to require —
(a)
the person by whom or on whose behalf the Controller or authorised officer has reasonable cause to suspect the computer is or has been so used; or
(b)
any person having charge of, or otherwise concerned with the operation of, the computer, apparatus or material,to provide the Controller or authorised officer with such reasonable technical and other assistance as the Controller or authorised officer may require for the purposes of subsection (1).
(3)
Any person who —
(a)
obstructs the lawful exercise of the powers under subsection (1); or
(b)
fails to comply with a request under subsection (2),shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 12 months or to both.
Section 30
Production of documents, etc.
The Controller or an authorised officer has, for the purposes of the execution of this Act, power to do all or any of the following:
(a)
require the production of any identification document from any person in relation to any offence under this Act;
(b)
make such inquiry as may be necessary to ascertain whether the provisions of this Act have been complied with.
Section 31
Obstruction of Controller or authorised officer
Any person who obstructs, impedes, assaults or interferes with the Controller or any authorised officer in the performance of his or her functions under this Act shall be guilty of an offence.
Section 32
Offences by bodies corporate, etc.
(1)
Where an offence under this Act committed by a body corporate is proved —
(a)
to have been committed with the consent or connivance of an officer; or
(b)
to be attributable to any neglect on the officer’s part,the officer as well as the body corporate shall be guilty of the offence and shall be liable to be proceeded against and punished accordingly.
(2)
Where the affairs of a body corporate are managed by its members, subsection (1) applies in relation to the acts and defaults of a member in connection with the member’s functions of management as if the member were a director of the body corporate.
(3)
Where an offence under this Act committed by a partnership is proved —
(a)
to have been committed with the consent or connivance of a partner; or
(b)
to be attributable to any neglect on the partner’s part,the partner as well as the partnership shall be guilty of the offence and shall be liable to be proceeded against and punished accordingly.
(4)
Where an offence under this Act committed by an unincorporated association (other than a partnership) is proved —
(a)
to have been committed with the consent or connivance of an officer of the unincorporated association or a member of its governing body; or
(b)
to be attributable to any neglect on the part of such an officer or member,the officer or member as well as the unincorporated association shall be guilty of the offence and shall be liable to be proceeded against and punished accordingly.
Definition
“officer” —
(a)
in relation to a body corporate, means any director, partner, member of the committee of management, chief executive, manager, secretary or other similar officer of the body corporate and includes any person purporting to act in any such capacity; or
(b)
in relation to an unincorporated association (other than a partnership), means the president, the secretary, or any member of the committee of the unincorporated association, or any person holding a position analogous to that of president, secretary or member of such a committee and includes any person purporting to act in any such capacity;
(6)
Regulations may provide for the application of any provision of this section, with such modifications as the Minister considers appropriate, to any body corporate or unincorporated association formed or recognised under the law of a territory outside Singapore.
Section 33
General penalties
Any person guilty of an offence under this Act for which no penalty is expressly provided shall be liable on conviction to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 6 months or to both.
Section 34
Consent of Public Prosecutor
No prosecution in respect of any offence under this Act may be instituted except by or with the consent of the Public Prosecutor.
Section 35
Jurisdiction of court
Despite any provision to the contrary in the Criminal Procedure Code 2010, a District Court has jurisdiction to try any offence under this Act and has power to impose the full penalty or punishment in respect of the offence.
Section 36
Composition of offences
(1)
The Controller may compound any offence under this Act that is prescribed as a compoundable offence by collecting from the person reasonably suspected of having committed the offence a sum not exceeding the lower of the following:
(a)
one half of the amount of the maximum fine that is prescribed for the offence; (b)$5,000.
(2)
On payment of the sum of money, no further proceedings may be taken against that person in respect of the offence.
(3)
The Minister may make regulations prescribing the offences that may be compounded.
Section 37
Power to exempt
The Minister may, by order in the Gazette, exempt, subject to such terms and conditions as the Minister thinks fit, any person or class of persons from all or any of the provisions of this Act.
Section 38
Regulations
Amended by5/2021
The Minister may make regulations to prescribe anything which is required to be prescribed under this Act (except sections 16Q and 22) and generally for the carrying out of the provisions of this Act (except sections 16Q and 22).
Section 39
Transitional provisions
(1)
Subject to subsection (2), this Act applies to all acts or transactions done in relation to an electronic record, including the generation, signing or communication of an electronic record, made on or after 1 July 2010.
(2)
If, immediately before 1 July 2010 —
(a)
by virtue of section 8 of the repealed Electronic Transactions Act (Cap. 88, 1999 Revised Edition) (called in this section the repealed Act), an electronic signature was treated as having satisfied a rule of law requiring a signature, or providing certain consequences if a document is not signed;
(b)
by virtue of section 9 of the repealed Act, an electronic record was treated as having satisfied a rule of law requiring certain documents, records or information to be retained; or
(c)
by virtue of section 15 of the repealed Act, an electronic record was treated as having been despatched or received,the provisions of this Act do not affect that treatment of the electronic signature or electronic record, as the case may be.
Schedule 1
Matters excluded by section 4
FIRST SCHEDULESection 4Matters excluded by section 4First column Second columnProvision Matter1.Part 2 The creation or execution of a will2.Part 2 The creation, performance or enforcement of an indenture, declaration of trust or power of attorney, with the exception of implied, constructive and resulting trusts3.Part 2 Any contract for the sale or other disposition of immovable property, or any interest in such property4.Part 2 The conveyance of immovable property or the transfer of any interest in immovable property.[5/2021]
Schedule 2
Specified security procedures
SECOND SCHEDULESections 2(1), 20(2) and 21(1)Specified security procedures
1. Digital signatures, as defined in the Third Schedule.
Schedule 3
Digital signatures
THIRD SCHEDULESections 20(2) and 21(2) and (3), paragraph 1 of the Second Schedule and paragraph 1 of the Fourth ScheduleDigital signaturesPart 1GeneralInterpretation1.—
(1)
In this Schedule, unless the context otherwise requires —“accredited certification authority” means a certification authority accredited by the Controller pursuant to any regulations made under section 22;“asymmetric cryptosystem” means a system capable of generating a secure key pair, consisting of a private key for creating a digital signature, and a public key to verify the digital signature;“certificate” means a record issued for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;“certification authority” means a person who issues a certificate;“certification practice statement” means a statement issued by a certification authority to specify the practices that the certification authority employs in issuing certificates;“correspond”, in relation to a private key or public key, means to belong to the same key pair;“digital signature” means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine —
(a)
whether the transformation was created using the private key that corresponds to the signer’s public key; and
(b)
whether the initial electronic record has been altered since the transformation was made;“hash function” means an algorithm mapping or translating one sequence of bits into another, generally smaller, set (the hash result) such that —
(a)
a record yields the same hash result every time the algorithm is executed using the same record as input;
(b)
it is computationally infeasible that a record can be derived or reconstituted from the hash result produced by the algorithm; and
(c)
it is computationally infeasible that 2 records can be found that produce the same hash result using the algorithm;“key pair”, in an asymmetric cryptosystem, means a private key and its mathematically related public key, having the property that the public key can verify a digital signature that the private key creates;“operational period”, in relation to a certificate, means a period beginning on the date and time the certificate is issued by a certification authority (or on a later date and time if stated in the certificate), and ending on the date and time the certificate expires (as stated in the certificate) or is earlier revoked or suspended;“private key” means the key of a key pair used to create a digital signature;“public key” means the key of a key pair used to verify a digital signature;“recognised certificate” means a certificate recognised pursuant to regulations made under section 22(3);“recognised certification authority” means a certification authority recognised pursuant to regulations made under section 22(3);“repository” means a system for storing and retrieving certificates or other information relevant to certificates;“revoke”, in relation to a certificate, means to permanently end the operational period of the certificate from a specified time;“subscriber” means a person who is the subject named or identified in a certificate issued to the person and who holds a private key that corresponds to a public key listed in that certificate;“suspend”, in relation to a certificate, means to temporarily suspend the operational period of the certificate from a specified time;“trustworthy system” means computer hardware, software and procedures that —
(a)
are reasonably secure from intrusion and misuse;
(b)
provide a reasonable level of availability, reliability and correct operation;
(c)
are reasonably suited to performing their intended functions; and
(d)
adhere to generally accepted security procedures;“valid certificate” means a certificate that a certification authority has issued and which the subscriber listed in it has accepted;“verify a digital signature”, in relation to a given digital signature, record and public key, means to determine accurately that —
(a)
the digital signature was created using the private key corresponding to the public key listed in the certificate; and
(b)
the record has not been altered since its digital signature was created.(2) In the application of this Act to certificates issued by the Controller and digital signatures verified by reference to those certificates, the Controller is deemed to be an accredited certification authority.Secure electronic record with digital signature
2. The portion of an electronic record that is signed with a digital signature is to be treated as a secure electronic record if the digital signature is a secure electronic signature by virtue of paragraph 3.Digital signature treated as secure electronic signature
3. When any portion of an electronic record is signed with a digital signature, the digital signature is to be treated as a secure electronic signature with respect to such portion of the record, if —
(a)
the digital signature was created during the operational period of a valid certificate and is verified by reference to the public key listed in such certificate; and
(b)
the certificate is considered trustworthy, in that it is an accurate binding of a public key to a person’s identity because —
(i)
the certificate was issued by an accredited certification authority operating in compliance with the regulations made under section 22;
(ii)
the certificate was issued by a recognised certification authority;
(iii)
the certificate was issued by a public agency approved by the Minister to act as a certification authority on such conditions as the Minister may by regulations impose or specify; or
(iv)
the parties have expressly agreed between themselves (sender and recipient) to use digital signatures as a security procedure, and the digital signature was properly verified by reference to the sender’s public key.Presumptions regarding certificates
4. It is presumed, unless evidence to the contrary is adduced, that the information (except for information identified as subscriber information which has not been verified) listed in a certificate issued by an accredited certification authority or a recognised certification authority, or in a recognised certificate, is correct if the certificate was accepted by the subscriber.Unreliable digital signatures
5. Unless otherwise provided by law or contract, a person relying on a digitally signed electronic record assumes the risk that the digital signature is invalid as a signature or an authentication of the signed electronic record, if reliance on the digital signature is not reasonable under the circumstances having regard to the following factors:
(a)
facts which the person relying on the digitally signed electronic record knows or has notice of, including all facts listed in the certificate or incorporated in it by reference;
(b)
the value or importance of the digitally signed electronic record, if known;
(c)
the course of dealing between the person relying on the digitally signed electronic record and the subscriber and any available indicia of reliability or unreliability apart from the digital signature;
(d)
any usage of trade, particularly trade conducted by trustworthy systems or other electronic means.Reliance on certificates foreseeable
6. It is foreseeable that persons relying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified.Prerequisites to publication of certificate
7. No person may publish a certificate or otherwise make it available to a person known by that person to be in a position to rely on the certificate or on a digital signature that is verifiable with reference to a public key listed in the certificate, if that person knows that —
(a)
the certification authority listed in the certificate has not issued it;
(b)
the subscriber listed in the certificate has not accepted it; or
(c)
the certificate has been suspended or revoked, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.Publication for fraudulent or unlawful purpose
8. Any person who knowingly creates, publishes or otherwise makes available a certificate for any fraudulent or unlawful purpose shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 2 years or to both.False or unauthorised request
9. Any person who knowingly misrepresents to a certification authority the person’s identity or authorisation for the purpose of requesting for a certificate or for suspension or revocation of a certificate shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 6 months or to both.Recommended reliance limit10.—
(1)
An accredited certification authority or a recognised certification authority must, in issuing a certificate to a subscriber, specify a recommended reliance limit in the certificate.(2) The accredited certification authority or recognised certification authority may specify different reliance limits in different certificates as it considers fit.Liability limits for accredited certification authorities
11. Unless an accredited certification authority or a recognised certification authority waives the application of this paragraph, an accredited certification authority or a recognised certification authority shall not be liable —
(a)
for any loss caused by reliance on a false or forged digital signature of a subscriber, if, with respect to the false or forged digital signature, the accredited certification authority or recognised certification authority complied with the requirements of this Act; or
(b)
in excess of the amount specified in the certificate as its recommended reliance limit for either —
(i)
a loss caused by reliance on a misrepresentation in the certificate of any fact that the accredited certification authority or recognised certification authority is required to confirm; or
(ii)
failure to comply with paragraphs 14 and 15 in issuing the certificate.Part 2Duties of Certification AuthorityTrustworthy system
12. A certification authority must utilise trustworthy systems in performing its services.Disclosure13.—
(1)
A certification authority must disclose —
(a)
its certificate that contains the public key corresponding to the private key used by that certification authority to digitally sign another certificate (called in this paragraph a certification authority certificate);
(b)
any relevant certification practice statement;
(c)
notice of the suspension or revocation of its certification authority certificate; and
(d)
any other fact that materially and adversely affects either the reliability of a certificate that the authority has issued or the authority’s ability to perform its services.(2) In the event of an occurrence that materially and adversely affects a certification authority’s trustworthy system or its certification authority certificate, the certification authority must —
(a)
use reasonable efforts to notify any person who is known to be or foreseeably will be affected by that occurrence; or
(b)
act in accordance with procedures governing such an occurrence specified in its certification practice statement.Issuance of certificate14.—
(1)
A certification authority may issue a certificate to a prospective subscriber only after the certification authority —
(a)
has received a request for issuance from the prospective subscriber; and
(b)
has —
(i)
if it has a certification practice statement, complied with all of the practices and procedures set forth in such certification practice statement, including procedures regarding identification of the prospective subscriber; or
(ii)
in the absence of a certification practice statement, complied with the conditions in sub‑paragraph (2).(2) In the absence of a certification practice statement, the certification authority must confirm by itself or through its authorised agent that —
(a)
the prospective subscriber is the person to be listed in the certificate to be issued;
(b)
if the prospective subscriber is acting through one or more agents, the subscriber authorised the agent to have custody of the subscriber’s private key and to request issuance of a certificate listing the corresponding public key;
(c)
the information in the certificate to be issued is accurate;
(d)
the prospective subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate;
(e)
the prospective subscriber holds a private key capable of creating a digital signature; and
(f)
the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the prospective subscriber.Representations upon issuance of certificate15.—
(1)
By issuing a certificate, a certification authority represents to any person who reasonably relies on the certificate or a digital signature verifiable by the public key listed in the certificate that the certification authority has issued the certificate in accordance with any applicable certification practice statement incorporated by reference in the certificate, or of which the relying person has notice.(2) In the absence of such certification practice statement, the certification authority represents that it has confirmed that —
(a)
the certification authority has complied with all applicable requirements of this Act in issuing the certificate, and if the certification authority has published the certificate or otherwise made it available to such relying person, that the subscriber listed in the certificate has accepted it;
(b)
the subscriber identified in the certificate holds the private key corresponding to the public key listed in the certificate;
(c)
the subscriber’s public key and private key constitute a functioning key pair;
(d)
all information in the certificate is accurate, unless the certification authority has stated in the certificate or incorporated by reference in the certificate a statement that the accuracy of specified information is not confirmed; and
(e)
the certification authority has no knowledge of any material fact which if it had been included in the certificate would adversely affect the reliability of the representations in sub‑paragraphs (a) to (d).(3) Where there is an applicable certification practice statement which has been incorporated by reference in the certificate, or of which the relying person has notice, sub‑paragraph (2) applies to the extent that the representations are not inconsistent with the certification practice statement.Suspension of certificate
16. Unless the certification authority and the subscriber agree otherwise, the certification authority that issued a certificate must suspend the certificate as soon as possible after receiving a request by a person whom the certification authority reasonably believes to be —
(a)
the subscriber listed in the certificate;
(b)
a person duly authorised to act for that subscriber; or
(c)
a person acting on behalf of that subscriber, who is unavailable.Revocation of certificate
17. A certification authority must revoke a certificate that it issued —
(a)
after receiving a request for revocation by the subscriber listed in the certificate; and confirming that the person requesting the revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation;
(b)
after receiving a certified copy of the subscriber’s death certificate, or upon confirming by other evidence that the subscriber is dead; or
(c)
upon presentation of documents effecting a dissolution of the subscriber, or upon confirming by other evidence that the subscriber has been dissolved or has ceased to exist.Revocation without subscriber’s consent18.—
(1)
A certification authority must revoke a certificate, regardless of whether the subscriber listed in the certificate consents, if the certification authority confirms that —
(a)
a material fact represented in the certificate is false;
(b)
a requirement for issuance of the certificate was not satisfied;
(c)
the certification authority’s private key or trustworthy system was compromised in a manner materially affecting the certificate’s reliability;
(d)
an individual subscriber is dead; or
(e)
a subscriber has been dissolved, wound up or otherwise ceased to exist.(2) Upon effecting such a revocation, other than under sub‑paragraph (1)(d) or (e), the certification authority must immediately notify the subscriber listed in the revoked certificate.Notice of suspension19.—
(1)
Immediately upon suspension of a certificate by a certification authority, the certification authority must publish a signed notice of the suspension in the repository specified in the certificate for publication of notice of suspension.(2) Where one or more repositories are specified, the certification authority must publish signed notices of the suspension in all such repositories.Notice of revocation20.—
(1)
Immediately upon revocation of a certificate by a certification authority, the certification authority must publish a signed notice of the revocation in the repository specified in the certificate for publication of notice of revocation.(2) Where one or more repositories are specified, the certification authority must publish signed notices of the revocation in all such repositories.Part 3Duties of SubscribersGenerating key pair21.—
(1)
If the subscriber generates the key pair whose public key is to be listed in a certificate issued by a certification authority and accepted by the subscriber, the subscriber must generate that key pair using a trustworthy system.(2) This paragraph does not apply to a subscriber who generates the key pair using a system approved by the certification authority.Obtaining certificate
22. All material representations made by the subscriber to a certification authority for purposes of obtaining a certificate, including all information known to the subscriber and represented in the certificate, must be accurate and complete to the best of the subscriber’s knowledge and belief, regardless of whether such representations are confirmed by the certification authority.Acceptance of certificate23.—
(1)
A subscriber is deemed to have accepted a certificate if the subscriber —
(a)
publishes or authorises the publication of the certificate —
(i)
to one or more persons; or
(ii)
in a repository; or
(b)
otherwise demonstrates approval of the certificate while knowing or having notice of its contents.(2) By accepting a certificate issued by himself, herself or a certification authority, the subscriber listed in the certificate certifies to all who reasonably rely on the information contained in the certificate that —
(a)
the subscriber rightfully holds the private key corresponding to the public key listed in the certificate;
(b)
all representations made by the subscriber to the certification authority and material to the information listed in the certificate are true; and
(c)
all information in the certificate that is within the knowledge of the subscriber is true.Control of private key24.—
(1)
By accepting a certificate issued by a certification authority, the subscriber identified in the certificate assumes a duty to exercise reasonable care to retain control of the private key corresponding to the public key listed in such certificate and prevent its disclosure to a person not authorised to create the subscriber’s digital signature.(2) Such duty continues during the operational period of the certificate and during any period of suspension of the certificate.Initiating suspension or revocation of certificate
25. A subscriber who has accepted a certificate must as soon as possible request the issuing certification authority to suspend or revoke the certificate if the private key corresponding to the public key listed in the certificate has been compromised.
Schedule 4
Designated persons
FOURTH SCHEDULESections 20 and 21(4)Designated persons
1. Certification authorities, as defined in paragraph 1 of the Third Schedule.
Common questions
- What is Electronic Transactions Act 2010?
- Electronic Transactions Act 2010 is Singapore Act, cited as Act ETA 2010, currently marked in force and first recorded in 2010.
- Is Electronic Transactions Act 2010 still in force?
- Yes — Electronic Transactions Act 2010 is currently in force.
- When did Electronic Transactions Act 2010 take effect?
- Electronic Transactions Act 2010 was first recorded in 2010.
- How many sections does Electronic Transactions Act 2010 have?
- Electronic Transactions Act 2010 contains 58 sections.
- What amends Electronic Transactions Act 2010?
- Electronic Transactions Act 2010 has been amended by Act 5 of 2021, Act 22 of 2021, and Act 26 of 2012.
- Where can I read the official version of Electronic Transactions Act 2010?
- The official text of Electronic Transactions Act 2010 is published at sso.agc.gov.sg.