You are affected by the south African ECT Act of 2002 if you are a South African company sending  or receiving orders or proposals online or via email; if you send out an email newsletter; or if you are concerned about your personal information on the internet, hackers or cyber-crime

The South African ECT Act of 2002

The Electronic Communications and Transactions Act, 2002 affects your company’s communication with your customers via email and the internet, or your relationship with suppliers.

You are affected by this Act if you send or receive orders or proposals via email; you send out an email newsletter; or you are concerned about your personal information on the internet, hackers or cyber-crime.

Who else is affected?

  • You buy goods from South African companies off the internet;
  • You conduct commercial or non-commercial transactions off your company website;
  • You have, or make use of an electronic (IT) procurement or sales system between you and your clients, or between you and your suppliers

Disclaimer: Please note that I am not a qualified lawyer or legal advisor although I have spent considerable time researching the Act during its many iterations. Please see the full disclaimer at the base of this article.

My objective is to increase awareness with marketing personnel about the contents of this Act, since it may directly impact on you in unexpected ways.

I have tried to summarise the relevant Chapters as I understand them. Where I have made personal comments, I have included them in [square brackets] and put them in italics. However, if you feel that this Act might impact on electronic transactions and communications in your company, I recommend that you download the full copy from


The overall objective of the Act is to enable and facilitate electronic transactions by creating legal certainty around transactions and communications conducted electronically.

The Act seeks to address the following policy imperatives:

  • bridging the digital divide by developing a national e-strategy for South Africa;
  • ensuring legal recognition and functional equivalence between electronic and paper-based transactions;
  • promoting public confidence and trust in electronic transactions; and
  • providing supervision of certain service providers

CHAPTER II: Maximising benefits and Policy Framework 

The Act requires the development of a national e-strategy plan by the Minister, in consultation with members of Cabinet. This could offer exciting opportunities for companies or individuals with practical ideas on creating and implementing e-commerce initiatives for SMME’s and previously disadvantaged groups!]

CHAPTER III: Facilitating Electronic Transactions

Part 1 provides for the legal recognition of data messages and records. Electronic data will, subject to certain conditions, be permitted to be retained for statutory record retention purposes, will be regarded as being ‘‘in writing’’, and as a true copy of an ‘‘original’’ record, and provision is made for securing proper evidentiary weight of electronic evidence.

Part 2 deals with the rights and obligations that follow from the communication of data messages. The Act also provides for the validity of sending notices and other expressions of intent through data messages.

CHAPTER VII: Consumer Protection

This section will probably be of the greatest interest to marketing personnel.

On its internet website, vendors must provide consumers with a minimum set of information, including the price of the product or service, contact details and the right to withdraw from an electronic transaction before its completion. Please note that the bill defines an electronic transaction as:

‘‘transaction’’ means a transaction of either a commercial or non-commercial nature, and includes the provision of information and e-government services;

[The Act does NOT state specifically at what point this “provision of information” or an advertisement or “offer to sell” (which is all that most websites include) becomes an official “electronic transaction”. However, based on what I have read in the Act, it seems that an agreement must be concluded over the internet (or other electronic means such as email) between the seller and the buyer i.e. an “offer to sell” as well as an” offer to purchase” including mutually agreed conditions of sale. Therefore in my opinion, this Chapter only refers to “true” e-commerce websites, where purchases may be made online.]

This Chapter does refer to an automated transactions (Section 20), where an agreement may be formed where an electronic agent [e.g. an automated IT procurement system] performs an action required by law for agreement formation.

Under Section 43. you will find the types of information that must be provided on the e-commerce website, which include:

(a) the vendor’s full name and legal status; its physical address and telephone number; physical address, web site address and e-mail address; etc.

(b) membership of any self-regulatory or accreditation bodies to which that supplier belongs or subscribes and the contact details of that body;

(c) any code of conduct to which that supplier subscribes and how that code of conduct may be accessed electronically by the consumer;

(d) in the case of a legal person, its registration number, the names of its office bearers and its place of registration;

(e) a sufficient description of the main characteristics of the goods or services offered by that supplier to enable a consumer to make an informed decision on the proposed electronic transaction; including the full price of the goods or services, including transport costs, taxes and any other fees or costs;

(f) the manner of payment; and any terms of agreement, including any guarantees, that will apply to the transaction and how those terms may be accessed, stored and reproduced electronically by consumers;

(g) the time within which the goods will be dispatched or delivered or within which the services will be rendered;

(h) the manner and period within which consumers can access and maintain a full record of the transaction;

(i) the return, exchange and refund policy of that supplier;

(j) the security procedures and privacy policy of that supplier in respect of payment, payment information and personal information;

Consumers are also entitled, under certain circumstances, to a ‘‘cooling-off’’ period within which they may cancel certain types of transactions concluded electronically without incurring any penalty. Exclusion includes financial and investment services, books and magazines, food and beverages, custom-built goods and some tourist or leisure services.

The supplier must utilise a payment system that is sufficiently secure and the supplier is liable for any damage suffered by a consumer due to a failure by the supplier to comply.

Consumers also have the right not to be bound to unsolicited communications (spam) offering goods or services.

Under Section 45. (1) Any person who sends unsolicited commercial communications to consumers, must provide the consumer:

(a) with the option to cancel his or her subscription to the mailing list of that person; and

(b) with the identifying particulars of the source from which that person obtained the consumer’s personal information, on request of the consumer.

Any person who fails to comply with or contravenes subsection (1), or who sends unsolicited commercial communications to a person who has advised the sender that such communications are unwelcome is guilty of an offence.

CHAPTER VIII: Personal information and Privacy Protection

This Chapter establishes a voluntary regime for protection of personal information. It is envisaged that consumers will prefer to deal with only those data collectors that have subscribed to the recorded data protection principles. Subscription to these principles is voluntary due to the fact that the South African Law Commission is currently developing specific data protection or privacy legislation which is expected to be enacted within 24 months.

CHAPTER X: Domain name authority and Administration

A section 21 company was established to manage the domain name space of the Republic. The Minister is empowered to formulate national policy on the .za domain name space. (

CHAPTER XII: Cyber Inspections

Chapter XII of the Act seeks to provide for the Department of Communications to appoint cyber inspectors. The cyber inspectors may monitor Internet web sites in the public domain and are granted powers of search and seizure of “information systems”, subject to obtaining a warrant

The Act’s definition of ‘‘information system’’ means a system for generating, sending, receiving, storing, displaying or otherwise processing data messages and includes the Internet;

Under Section 82. (1) A cyber inspector may, in the performance of his or her functions, at any reasonable time, without prior notice and on the authority of a warrant issued in terms of section 83(1), enter any premises or access an information system that has a bearing on an investigation

[Amongst other things] He is authorised to:

(a) search those premises or that information system;

(b) search any person on those premises if there are reasonable grounds for believing that the person has personal possession of an article, document or record that has a bearing on the investigation;

(c) take extracts from, or make copies of any book, document or record that is on or in the premises or in the information system and that has a bearing on the investigation;

(d) demand the production of and inspect relevant licences and registration certificates as provided for in any law;

(e) inspect any facilities on the premises which are linked or associated with the information system and which have a bearing on the investigation;

A person who refuses to co-operate or hinders a person conducting a lawful search and seizure in terms of this section is guilty of an offence.


Chapter XIII of the Act seeks to make the first statutory provisions on cyber crime in South African jurisprudence. The Act seeks to introduce statutory criminal offences relating to information systems and includes—
(a) unauthorised access to data;
(b) interception of or interference with data;
(c) computer-related extortion;
(d) fraud; and
(e) forgery.

Under Section 86. (1) companies and individual should note that subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence. [you don’t have to do anything with it, just look!]

A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence. [Therefore, if you are given the password to a restricted “pay” website, and you use it, you are breaking the law! ]

I hope you found this information informative and useful. Please feel free to download the Government Gazette copy of the Act from my website, or to contact me should you require any assistance in upgrading your website or email newsletter to meet the requirements.


Because of the legal nature of the information in this newsletter, I have needed to make a more formal – and lengthier – disclaimer than I usually would use.

InTouch24-7 makes no representations or warranties, statements or guarantees whether express, implied in law or residual, as to the accuracy, completeness and/or reliability of any information, data and/or content contained in this newsletter and shall not be bound in any manner by any information. No information contained in this email, or on my website shall be construed as advice and same are offered for information purposes only and the information contained is provided to you on an “as is” basis. InTouch24-7 shall not be liable for any indirect, contingent or consequential loss (including but not limited to loss of business, loss of data and/or loss of profits) incurred or sustained by you or any third party howsoever arising in respect of your use of and/or reliance of on any information offered in this newsletter, or on the InterComm website. You accordingly assume total responsibility and risk for your use of and reliance on the website and any information accessed via the website.

Copyright and all intellectual property rights in all information made available on this website are owned by InTouch24-7 and are protected by both South African and international intellectual property laws. Accordingly, any unauthorised copying, reproduction, retransmission, distribution, dissemination, sale, publication, broadcast or other circulation or exploitation of such material as aforesaid or any component thereof will constitute an infringement of such copyright and other intellectual property rights. However, you may distribute this newsletter – together with this disclaimer – provided that the source is acknowledged.

Share on facebook
Share on google
Share on twitter
Share on linkedin

There's more to explore...