Legal, Regulatory, Policy and Institutional Framework
advertisement
Legal, Regulatory, Policy and Institutional Framework The aim of this component is to create the enabling environment for the working of the ICT Sector by establishing legal, regulatory and institutional frameworks and developing appropriate policies. The sub-components of this component are the following: 1. Legal Framework: This sub-component aims to provide the legal foundation for the ICT Sector. It has been identified that the Sector immediately need two laws, namely: 1.1. ICT Law The ICT Law has already been drafted. The aim of the Law (as per draft Law) is to provide for the facilitation and regulation of electronic communications and transactions; to provide for protection of consumers and personal data in the electronic environment, to set out the framework for domain name registration and regulation, the framework for content regulation, to prevent abuse of information systems; to encourage the use of egovernment services; and for related matters. The law is expected to address issues such as legal recognition of electronic /digital signature and formation of electronic contracts (affecting transactions both in public and private sector), content regulation, competition regulation, electronic evidence, data privacy intellectual property rights, encryption and security, financial and banking sector law and regulation relating to electronic transfers and settlements, taxation of transfers, customs, jurisdiction, dispute resolution civil and criminal offences, limitations of liability of internet services providers, cyber piracy and digital rights management, facilitation of e-government and cross border interoperability of e-commerce frameworks affecting trade. Since the overall purpose of the Act is to enable and facilitate electronic communications and transactions in the public interest, the Law will specifically: (a) Recognize the importance of the information-economy and information-society for the economic and social prosperity of Afghanistan; (b) Promote the understanding and, acceptance of and growth in the number of electronic transactions in Afghanistan; (c) Remove and prevent barriers to electronic communications and transactions in Afghanistan resulting from uncertainties over writing and signature requirements; (d) Promote legal certainty and confidence in the integrity and reliability of data messages and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium; (e) Promote the development of the legal and business infrastructure necessary to implement secure electronic commerce; (f) Promote technology neutrality in the application of legislation to electronic communications and transactions; (g) Promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens; (h) Ensure that electronic transactions in Afghanistan conform to the highest international standards; (i) Encourage investment and innovation in respect of electronic transactions in Afghanistan; (j) Develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions; (k) Promote the development of electronic transactions services which are responsive to the needs of users and consumers; (l) Ensure compliance with accepted international technical standards in the provision and development of electronic communications and transactions; (m) Minimise the incidence of forged data messages, intentional and unintentional alteration of data and data messages, and fraud in electronic commerce and other electronic transactions; (n) Ensure efficient use and management of the .af domain name space; (o) Ensure that, in relation to the provision of electronic transaction services, the special needs of particular communities, areas and the disabled are duly taken into account; and (p) Ensure that the national interest of Afghanistan is not compromise through the use of electronic communications. The Draft Law has been sent to the Ministry of Justice (Taqnin Department) for vetting and approval. Once approved by the Ministry of Justice, it will be submitted for the approval of the Cabinet and the Parliament. Thereafter, the Law will be submitted for signature of the President and then gazette for implementation. 1.2. Postal Law. The Postal Law has been drafted with the following objectives: To encourage investment and improvements in the postal sector; To foster effective competition and protect consumers from unfair trade practices in the postal sector; To ensure the safety and integrity of Postal Services; and To ensure that the Universal Service Obligation is adequately funded and efficiently carried out. The Law envisages establishment of a Postal Commission. The object of the Commission is to encourage the expansion and improvement of Postal Services in Afghanistan, in terms of quality, availability, and price, to the ultimate benefit of consumers, while ensuring that the Universal Service Obligation is adequately funded and efficiently carried out. The functions of the Commission are: To foster Competition and improvements in the provision of Postal Services; To protect consumers and give them redress from unfair trade practices in the supply of Postal Services; To monitor the performance of the Corporation against the Performance Agreement; To monitor the postal sector generally, and in particular, in relation to Postal Operators: levels of investment in or in relation to Postal Services; availability and standards of Postal Services; the price of Postal Services; the distribution of Postal Services; and other matters relevant to the Commission’s functions; Together with the Designated Postal Administration for Afghanistan, to represent Afghanistan internationally in respect of postal matters; To license and regulate Postal Operators and administer this Law impartially and objectively; To educate the public and Postal Operators about the functions of the Commission, the obligations of Postal Operators, and the rights of users of Postal Services; To advise the Minister on matters relating to the Commission, the Corporation, postal sector policy, and all other postal matters; and To carry out any other function conferred on it by or under this Law or any other Law. The Draft Law has been sent to the Ministry of Justice (Taqnin Department) for vetting and approval. Once approved by the Ministry of Justice, it will be submitted for the approval of the Cabinet and the Parliament. Thereafter, the Law will be submitted for signature of the President and then gazette for implementation. 2. Regulatory Framework The ICT Sector requires very strong and effective regulatory frameworks for smooth, effective and productive functioning of various parts of the Sector. The following frameworks are to be developed in the next 3 years: 2.1. Cyber Security Regulations With the introduction of different ICT based technologies in the country, Afghanistan is moving towards embracing electronic culture in its day-today dealings. As these technologies are becoming popular and being widely used, it is important to put in place technological infrastructure and legal frameworks, which will safeguard the private and enterprise data flowing through these ICT based infrastructures. MCIT has already drafted ICT law which has addressed broader cyber security related issues but in order to fully implement the Law there is need for further development of regulations in more focused areas. Privacy of data will give confidence to a) Entrepreneurs to do business in Afghanistan through e-commerce, b) Government to roll-out eadministration and e-services, and c) Public to share their personal data with both Government and enterprises through electronic service delivery channels. MCIT will be developing these regulations in the next year after the ICT Law is enacted. A Consultant will be hired to develop draft regulation suiting the needs of Afghanistan and then complete the stakeholder consultations. The final draft will be approved by the Cabinet and thereafter; the regulations will be operationalized. No funds are earmarked for this purpose and will have to be arranged. 2.2. Broadband Regulations As MCIT is planning to open up market for Broadband Technologies (like WiMax, 3G, LTE, etc.) and the existing laws and regulations dealing with ICT technologies are not supportive of Broadband, it is necessary to put in place Broadband Regulations. These regulations will enable deployment of broadband technologies and their application. The Ministry is recruiting a consultant for this purpose in 3rd quarter of 2011 and the draft regulations are likely to be ready by end of 2011. The draft regulations will go through the process of stakeholder consultations before submission to Cabinet for approval and thereafter operationalized. 2.3. E-Governance Regulations A growing number of regulations will be issued concerning e-government and e-administration over the coming years, be it in the form of laws, government decrees, ministerial or municipal decrees. The reason for this trend is that in public administration it is not enough to provide technical solutions (e.g. the management of e-documents and vouchers or the application of electronic signatures), it is also necessary to create the legal environment for them. In many cases the institutions introducing information technology systems for e-administration and electronic document management also need the provision of the related special legal regulations, modifications and internal rules (Rules for Organization and Operation), procedure, filing rules, data protection rules, information security rules etc. In the preparatory, but at the very latest in the planning phase, egovernmental projects require profound assessment of the scope and level of direct and indirect impacts of binding laws and bylaws that affect the implementation. Thorough analysis of the regulatory environment will reveal which bylaws and higher regulations may need modification or fresh drafting. MCIT, after the promulgation of the ICT law will carry thorough study of the required e-governance regulations and will develop them over time for the next 3-5 years. 2.4. Digital Signatures Regulations Digital signature or digital signature scheme is a type of cryptography. For messages sent through an insecure channel, a digital signature gives the receiver a guarantee that the message was sent by the intended sender. A digital signature was motivated by and is analogous to a handwritten signature. Digital Signature is an essential part of two-way trusted and reliable communications using the Internet. To use digital signatures in communications, there needs to be a digital signature infrastructure to oversee all aspects of using digital signature. Ministry of Communications and IT will establish an entity that would be responsible for digital signatures in the country. This entity together with Electronic Certification Authority will make sure that transactions and online communications are using the standard Electronic Certificates. Necessary regulations will be developed for facilitating operation of the Digital Signature entity and maintaining order in the Sector for this purpose. The objectives of the Regulation will be: Establishing the Digital Signature Infrastructure Promoting the use of online transaction and e-commerce by issuing the standard digital certificates. Supervision of digital certificates used in online transaction and ecommerce The operationalization of this regulation will involve: Understanding basic requirements and conditions for Digital Signature through interviews with Afghan entities. Study PKI (Public Key Infrastructure) related laws, systems and technologies. Gather detail requirements for Digital Signature Establishing law/policy for Digital Signature usage Develop procedures for the implementation of Digital Signature in the country 2.5. E-Government Interoperability (Software) Framework E-GIF (E-Government Interoperability Framework) has been already prepared by MCIT with funding from the World Bank. The framework contains technical policies, guidelines and standards for achieving interoperability between the technical systems in the government. The developed framework contains in excess of 100 technical standards. The framework also provides guidelines for implementation and compliance. EGRC (E-Governance resource Centre) will take lead in the implementation of the developed e-GIF. Among others, the implementation will include the following major activities. a) Host the e-government website developed under the e-GIF project after updating and expanding the contents. b) Design and drafting of the technical standards for comments within the framework of e-GIF. It will involve releasing the Request for Comments (RFC) versions of various standards and after due deliberations submit the same to the National ICT council for final discussions. c) Develop the e-Government Controlled vocabulary in Dari, Pashto and English as per the guidelines given in the e-GIF. d) Expand the localization work initiated by MCIT to include development of ICT terminology in Dari and Pashto and Optical Character Recognition engine for Pashto and Dari. e) Develop the e-Government Metadata standards (e-GMS) for Afghanistan as per the guidelines given in the e-GIF. f) Develop the final versions of the technical standards and policies and implementation procedures for adoption by the various agencies of the government. This will include the data standards for spatial information management and other applications areas, data exchange, information security and other areas of information management as given in the e-GIF. g) Assist in the development and deployment of a repository of XML schemas to facilitate systemic data exchange within the government enterprise as per the guidelines given in e-GIF and in line with the policy of the government to follow Service Oriented Architecture. 2.6. Information Technology Audits Empowered by ICT Law, EGRC (E-Governance Resource Centre) will undertake IT and e-Governance audit role to ensure that various departments and agencies of the government are complying with the approved e-GIF, IT/e-Gov standards and policies with regard to information management, systems, data bases and applications. EGRC will lay down the procedure for IT and e-Gov audit. All the departments and agencies of the government would be required to follow the approved IT and e-Gov procedures. EGRC will assist Ministry of Commerce and Industries and Ministry of Finance to certify products and services of the vendors supplying IT products and services to the government as e-GIF complaint. Most departments of the government are already in possession of IT systems, databases and applications. These legacy systems may need to be modified and altered to make them e-GIF, e-Gov policies and standards compliant. The EGRC will provide services to evaluate and assess the degree of compliance of the existing systems, databases and applications to these polices and standards and advice how full compliance could be achieved. At the request of the government agencies and departments, EGRC will undertake various activities for Quality assurance of the IT systems, and services that might have been procured or that may be in the process of procurement and deployment. The major activities of EGRC with regard to e-GIF and e-Gov policies compliance and quality assurance would be as follows: Develop e-GIF Compliance and IT Audit Policies and Guidelines. EGRC will design and develop the e-GIF compliance and IT Audit policies and procedures based on the study of the international best practices and assessment of the situation prevailing in Afghanistan. Guidelines will be prepared for IT systems designers in the government departments, Software developers and vendors and suppliers to the government with regard to e-GIF compliance. These guidelines should be comprehensive and should cover the complete development life cycle of a system, product or a software application. The Audit report will be published in public domain by MCIT. Develop e-GIF Compliance and IT Audit skills and know how. EGRC will undertake training activities and other training events including provision of online training materials and self-study guides for the benefit of technical officials and concerned managers in the various government departments and agencies on how e-GIF compliance can be ensured and tested. Assessment of Legacy Systems. EGRC will, at the request of the various departments and agencies, undertake assessment of the existing IT systems and applications as to the extent of their e-GIF compliance and advice as to what could be done to achieve full compliance. Stock Taking of IT systems. Once the ICT law is promulgated, MCIT through this project will develop regulations for the process of stock taking of the ICT products and systems in the government agencies. Which will happen twice every fiscal year, the activity will include but not limited to list of problems, proposed solution, deadline for the responsible party to rectify the problem, grading, analysis of hardware, software, personnel and ICT security. 2.7. Electronic Certification Regulations The electronic Certification regulations will cover both the Digital signatures as well as regulation of cryptographers. Electronic Certification Authority will give licenses to cryptographers, which will create need for developing regulations to regulate the cryptography algorithms, cryptographers and licensed private certification authorities. This regulation will ensure that the cryptology used for securing data communication over ICT platforms, are secured and unreachable. A Consultant will be hired for this purpose and these regulations are likely to be ready by the next year. 2.8. Quality of Service Regulations MCIT and ATRA (Afghanistan Telecom Regulation Authority) have issued service licenses in the areas of both voice and data. The Telecom Law has limited clauses about quality of service in these areas and, therefore, there is need for separate regulations to streamline and manage quality of services delivered under the issued licenses. MCIT is starting to roll out mobile applications across government agencies, which will utilize the already installed telecom infrastructure. These applications are a completely new domain and will require regulations on QOS and related tariffs. The World Bank will assist in this regard. A Consultant will be hired for this purpose this year. Once the draft regulations are ready, the Project Implementation Coordination Unit (PICU) will start Public consultations and finalize regulations based on feedback. MoJ and then Cabinet will approve the Final draft. 3. Policy Framework 3.1. Broadband Policy The World Bank is supporting this component through its project to develop broadband market in Afghanistan. It will support MCIT and ATRA as they develop and implement a national broadband strategy and program including specific initiatives. MCIT and ATRA aim to increase the percentage of Afghans who use Internet from the current 5 percent to 50 percent by 2015. It will also support the required reforms of the licensing regime, spectrum management, and universal service policy. In addition to advisory support for the above, this component will also enable twinning between ATRA and other regulatory agencies in support of capacity building and knowledge sharing on specific regulatory issues. World Bank funded OFC Backbone Expansion Project has planned to provide Technical Assistance to ATRA and MCIT to evolve Regulatory and ICT Policies and Regulations which will allow Open/universal Access at level playing fields to all the interested Operators/ISPs/Public Sector Users and other Private Companies as operating in this Country. All the interested users should make including the OFC Backbone Network the Communications Infrastructure, accessible by eliminating the possibilities of becoming monopolistic user of any available infrastructure. These goals of Universal and Open Access can be achieved by implementing the following steps:1. Provide technical assistance to MCIT and ATRA to update the ICT sector policy, creating an enabling environment for improved broadband Internet access and adoption in Afghanistan and strengthening the quality of mobile telephone services. Technical assistance activities will include capacity building through collaborative working between ministry and agency staff and external experts. 2. Focus on capacity building and technical assistance on topics such as quality of service, tariff regulation, Internet policy development, and radio spectrum management. When the Government restarts the process of privatizing Afghan Telecom, this policy dialogue will also support that process. 3. The Project will include technical assistance to MCIT focused on updating its ICT sector policy with a focus on enabling increased access to and adoption of ICT services and specifically, broadband Internet services. The Ministry first developed a sector policy in 2003 and updated it in the context of the Afghanistan National Development Strategy in 2005. In 2010, MCIT began revising its strategy in response to recent discussions on national priority programs, Globally, the focus for ICT sector strategies is now shifting to developing policy and strategy to support increased access to and adoption of broadband services. As Afghanistan creates the critical backbone networks and secures international Internet connectivity, and as the number of Internet users grows, the time is right for a review of the sector policy to reflect market and technological developments. The technical assistance will support MCIT in developing a policy that spurs the both supply- and demand-sides to accelerate expansion of broadband networks and their adoption. This will include identifying actions to spur greater private sector participation in the supply of broadband services and to identify potential opportunities for Afghanistan from the evolution in wireless broadband technologies. The developed plan will also focus on facilitating demand for broadband and Internet services through links with sectors such as agriculture, education, health, and rural development. The policy update will also include links with the planned e-Government Strategic Master plan that MCIT is currently developing and IT sector development policy. 3.2. Revision of ICT Policy MCIT developed ICT Policy in 2004. The Policy laid down roadmap for the development of the sector and introduced ICT. In the last 7 years, the sector has developed so well that there is a need for revising the previous ICT policy. The revised policy should address the new opportunities and challenges based on the lessons learnt in the past half-decade. The revised Policy will also incorporate ICT as enabler in both social and economic sectors of the country i.e. e-government, e-health, e-commerce, etc. It will also address challenges on the areas of development of local ICT literate human resources, ICT enabled curriculum both for primary and higher education, promotion of entrepreneurship and local private sector. A Consultant will be hired through the World Bank this year and the revisions are likely by end of the year.
