Legal, Regulatory, Policy and Institutional Framework

The aim of this component is to create the enabling environment for the working of the ICT Sector by establishing legal, regulatory and institutional frameworks and developing appropriate policies. The sub-components of this component are the following:

1. Legal Framework:

This sub-component aims to provide the legal foundation for the ICT Sector. It has been identified that the Sector immediately need two laws, namely:

1.1. ICT Law

The ICT Law has already been drafted. The aim of the Law (as per draft Law) is to provide for the facilitation and regulation of electronic communications and transactions; to provide for protection of consumers and personal data in the electronic environment, to set out the framework for domain name registration and regulation, the framework for content regulation, to prevent abuse of information systems; to encourage the use of e-government services; and for related matters.

The law is expected to address issues such as legal recognition of electronic /digital signature and formation of electronic contracts (affecting transactions both in public and private sector), content regulation, competition regulation, electronic evidence, data privacy intellectual property rights, encryption and security, financial and banking sector law and regulation relating to electronic transfers and settlements, taxation of transfers, customs, jurisdiction, dispute resolution civil and criminal offences, limitations of liability of internet services providers, cyber piracy and digital rights management, facilitation of e-government and cross border interoperability of e-commerce frameworks affecting trade.

Since the overall purpose of the Act is to enable and facilitate electronic communications and transactions in the public interest, the Law will specifically:

(a) Recognize the importance of the information-economy and information-society for the economic and social prosperity of Afghanistan;

(b) Promote the understanding and, acceptance of and growth in the number of electronic transactions in Afghanistan;

(c) Remove and prevent barriers to electronic communications and transactions in Afghanistan resulting from uncertainties over writing and signature requirements;

(d) Promote legal certainty and confidence in the integrity and reliability of data messages and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium;

(e) Promote the development of the legal and business infrastructure necessary to implement secure electronic commerce;

(f) Promote technology neutrality in the application of legislation to electronic communications and transactions;

(g) Promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens;

(h) Ensure that electronic transactions in Afghanistan conform to the highest international standards;

(i) Encourage investment and innovation in respect of electronic transactions in Afghanistan;

(j) Develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;

(k) Promote the development of electronic transactions services which are responsive to the needs of users and consumers;

(l) Ensure compliance with accepted international technical standards in the provision and development of electronic communications and transactions;

(m) Minimise the incidence of forged data messages, intentional and unintentional alteration of data and data messages, and fraud in electronic commerce and other electronic transactions;

(n) Ensure efficient use and management of the .af domain name space;

(o) Ensure that, in relation to the provision of electronic transaction services, the special needs of particular communities, areas and the disabled are duly taken into account; and

(p) Ensure that the national interest of Afghanistan is not compromise through the use of electronic communications.

The Draft Law has been sent to the Ministry of Justice (Taqnin Department) for vetting and approval. Once approved by the Ministry of Justice, it will be submitted for the approval of the Cabinet and the Parliament. Thereafter, the Law will be submitted for signature of the President and then gazette for implementation.

1.2. Postal Law.

The Postal Law has been drafted with the following objectives:

· To encourage investment and improvements in the postal sector;

· To foster effective competition and protect consumers from unfair trade practices in the postal sector;

· To ensure the safety and integrity of Postal Services; and

· To ensure that the Universal Service Obligation is adequately funded and efficiently carried out.

The Law envisages establishment of a Postal Commission. The object of the Commission is to encourage the expansion and improvement of Postal Services in Afghanistan, in terms of quality, availability, and price, to the ultimate benefit of consumers, while ensuring that the Universal Service Obligation is adequately funded and efficiently carried out. The functions of the Commission are:

· To foster Competition and improvements in the provision of Postal Services;

· To protect consumers and give them redress from unfair trade practices in the supply of Postal Services;

· To monitor the performance of the Corporation against the Performance Agreement;

· To monitor the postal sector generally, and in particular, in relation to Postal Operators:

§ levels of investment in or in relation to Postal Services;

§ availability and standards of Postal Services;

§ the price of Postal Services;

§ the distribution of Postal Services; and

§ other matters relevant to the Commission’s functions;

§ Together with the Designated Postal Administration for Afghanistan, to represent Afghanistan internationally in respect of postal matters;

§ To license and regulate Postal Operators and administer this Law impartially and objectively;

· To educate the public and Postal Operators about the functions of the Commission, the obligations of Postal Operators, and the rights of users of Postal Services;

· To advise the Minister on matters relating to the Commission, the Corporation, postal sector policy, and all other postal matters; and

· To carry out any other function conferred on it by or under this Law or any other Law.

2. Regulatory Framework

The ICT Sector requires very strong and effective regulatory frameworks for smooth, effective and productive functioning of various parts of the Sector. The following frameworks are to be developed in the next 3 years:

2.1. Cyber Security Regulations

With the introduction of different ICT based technologies in the country, Afghanistan is moving towards embracing electronic culture in its day-to-day dealings. As these technologies are becoming popular and being widely used, it is important to put in place technological infrastructure and legal frameworks, which will safeguard the private and enterprise data flowing through these ICT based infrastructures. MCIT has already drafted ICT law which has addressed broader cyber security related issues but in order to fully implement the Law there is need for further development of regulations in more focused areas.

Privacy of data will give confidence to a) Entrepreneurs to do business in Afghanistan through e-commerce, b) Government to roll-out e-administration and e-services, and c) Public to share their personal data with both Government and enterprises through electronic service delivery channels.

MCIT will be developing these regulations in the next year after the ICT Law is enacted. A Consultant will be hired to develop draft regulation suiting the needs of Afghanistan and then complete the stakeholder consultations. The final draft will be approved by the Cabinet and thereafter; the regulations will be operationalized. No funds are earmarked for this purpose and will have to be arranged.

2.2. Broadband Regulations

As MCIT is planning to open up market for Broadband Technologies (like WiMax, 3G, LTE, etc.) and the existing laws and regulations dealing with ICT technologies are not supportive of Broadband, it is necessary to put in place Broadband Regulations. These regulations will enable deployment of broadband technologies and their application.

The Ministry is recruiting a consultant for this purpose in 3rd quarter of 2011 and the draft regulations are likely to be ready by end of 2011. The draft regulations will go through the process of stakeholder consultations before submission to Cabinet for approval and thereafter operationalized.

2.3. E-Governance Regulations

A growing number of regulations will be issued concerning e-government and e-administration over the coming years, be it in the form of laws, government decrees, ministerial or municipal decrees. The reason for this trend is that in public administration it is not enough to provide technical solutions (e.g. the management of e-documents and vouchers or the application of electronic signatures), it is also necessary to create the legal environment for them. In many cases the institutions introducing information technology systems for e-administration and electronic document management also need the provision of the related special legal regulations, modifications and internal rules (Rules for Organization and Operation), procedure, filing rules, data protection rules, information security rules etc.

In the preparatory, but at the very latest in the planning phase, e-governmental projects require profound assessment of the scope and level of direct and indirect impacts of binding laws and bylaws that affect the implementation. Thorough analysis of the regulatory environment will reveal which bylaws and higher regulations may need modification or fresh drafting.

MCIT, after the promulgation of the ICT law will carry thorough study of the required e-governance regulations and will develop them over time for the next 3-5 years.

2.4. Digital Signatures Regulations

Digital signature or digital signature scheme is a type of cryptography. For messages sent through an insecure channel, a digital signature gives the receiver a guarantee that the message was sent by the intended sender. A digital signature was motivated by and is analogous to a handwritten signature.

Digital Signature is an essential part of two-way trusted and reliable communications using the Internet. To use digital signatures in communications, there needs to be a digital signature infrastructure to oversee all aspects of using digital signature. Ministry of Communications and IT will establish an entity that would be responsible for digital signatures in the country. This entity together with Electronic Certification Authority will make sure that transactions and online communications are using the standard Electronic Certificates. Necessary regulations will be developed for facilitating operation of the Digital Signature entity and maintaining order in the Sector for this purpose. The objectives of the Regulation will be:

· Establishing the Digital Signature Infrastructure

· Promoting the use of online transaction and e-commerce by issuing the standard digital certificates.

· Supervision of digital certificates used in online transaction and e-commerce

The operationalization of this regulation will involve:

· Understanding basic requirements and conditions for Digital Signature through interviews with Afghan entities.

· Study PKI (Public Key Infrastructure) related laws, systems and technologies.

· Gather detail requirements for Digital Signature

· Establishing law/policy for Digital Signature usage

· Develop procedures for the implementation of Digital Signature in the country

2.5. E-Government Interoperability (Software) Framework

E-GIF (E-Government Interoperability Framework) has been already prepared by MCIT with funding from the World Bank. The framework contains technical policies, guidelines and standards for achieving interoperability between the technical systems in the government. The developed framework contains in excess of 100 technical standards. The framework also provides guidelines for implementation and compliance. EGRC (E-Governance resource Centre) will take lead in the implementation of the developed e-GIF. Among others, the implementation will include the following major activities.

a) Host the e-government website developed under the e-GIF project after updating and expanding the contents.

b) Design and drafting of the technical standards for comments within the framework of e-GIF. It will involve releasing the Request for Comments (RFC) versions of various standards and after due deliberations submit the same to the National ICT council for final discussions.

c) Develop the e-Government Controlled vocabulary in Dari, Pashto and English as per the guidelines given in the e-GIF.

d) Expand the localization work initiated by MCIT to include development of ICT terminology in Dari and Pashto and Optical Character Recognition engine for Pashto and Dari.

e) Develop the e-Government Metadata standards (e-GMS) for Afghanistan as per the guidelines given in the e-GIF.

f) Develop the final versions of the technical standards and policies and implementation procedures for adoption by the various agencies of the government. This will include the data standards for spatial information management and other applications areas, data exchange, information security and other areas of information management as given in the e-GIF.

g) Assist in the development and deployment of a repository of XML schemas to facilitate systemic data exchange within the government enterprise as per the guidelines given in e-GIF and in line with the policy of the government to follow Service Oriented Architecture.

2.6. Information Technology Audits

Empowered by ICT Law, EGRC (E-Governance Resource Centre) will undertake IT and e-Governance audit role to ensure that various departments and agencies of the government are complying with the approved e-GIF, IT/e-Gov standards and policies with regard to information management, systems, data bases and applications. EGRC will lay down the procedure for IT and e-Gov audit. All the departments and agencies of the government would be required to follow the approved IT and e-Gov procedures. EGRC will assist Ministry of Commerce and Industries and Ministry of Finance to certify products and services of the vendors supplying IT products and services to the government as e-GIF complaint.

Most departments of the government are already in possession of IT systems, databases and applications. These legacy systems may need to be modified and altered to make them e-GIF, e-Gov policies and standards compliant. The EGRC will provide services to evaluate and assess the degree of compliance of the existing systems, databases and applications to these polices and standards and advice how full compliance could be achieved.

At the request of the government agencies and departments, EGRC will undertake various activities for Quality assurance of the IT systems, and services that might have been procured or that may be in the process of procurement and deployment. The major activities of EGRC with regard to e-GIF and e-Gov policies compliance and quality assurance would be as follows: