ICT ACT

Aug 2020 - PML

Zoubeir Aungnoo
 Intro
■ Mauritius is now poised to become a cyber island and to serve as an info-communications hub in the
region.
■ The vision of an information society dates back to the early 1990s. However, recent top level
commitment coupled with the creation of an enabling environment has given Mauritius a new impetus.
■ It is Government's declared policy to make ICT the fifth pillar of the economy alongside sugar,
textiles, financial services and tourism.
 Objectives of Ministry of ICT
■ Formulate policies and provide the legal framework for the development of ICT and its optimal use
across all sectors

■ Facilitate, through an E-Government programme, the provision of Government services electronically

anytime anywhere for the greater convenience of the public

■ Promote and facilitate the development of the ICT sector.

■ Ensure that the ICT culture permeates all levels of the society to bridge the digital divide to the extent
possible

■ Promote the development of ICT enabled services including e-business

■ Encourage the adoption of new technologies and best practices in the ICT

■ Promote capacity building in ICT .

 ICT Act 2001
■ ICT Act has repealed the Telecommunications Act 1998

■ Lays out the institutional and procedural guidelines for the regulation and democratisation of
information and communication technologies and related matters.

■ The setting up of the ICT Authority, the ICT Advisory Council, and the ICT Appeal Tribunal is
pursuant to the adoption of this Act.
 Institutional Setup
■ Paving the way towards a fully liberalised and competitive market implies the setting up of
appropriate bodies to provide for a conducive and business friendly environment.

■ The following institutions have therefore been set up:

– 1. ICT Advisory Council

– 2. ICT Authority

– 3. ICT Appeal Tribunal

– 4. National Computer Board (NCB)

■ 5. National Computer Emergency Response Team (CERT-MU)
 ICT Advisory Council
■ Set up in virtue of the provisions of the ICT Act 2001

■ Advise the Minister of Information Technology and Telecommunications on specific issues.

– Promotion of interests of consumers, purchasers and other users in respect of quality,

– variety and improvement of ICT services,

– tariff policy and

– the promotion of research and development of new ICT techniques.

 ICT Authority
■ Set up under the ICT Act 2001; Is the regulatory body for the ICT sector.

■ Carries out economic and technical monitoring of the ICT industry including:
– The promotion of fair competition
– Efficient market conduct within the industry,
– Ensures appropriate control,
– Inspection and regulation of the industry.

■ Grants licenses to operators,

■ Allocates frequencies

■ Ensures safety and quality of service in the ICT sector.

 ICT Board
■ The ICT Authority is administered and managed by the Information and Communication Technologies
Board known as the ICT Board.
 ICT Appeal Tribunal
■ Is also an emanation of the ICT Act 2001.

■ Its role is to hear and dispose of any appeal against a decision of the ICT Authority regarding disputes
on ICT-related matters.
 National Computer Board (NCB)
■ Was set up in 1988 by the National Board Act to promote the development of Information and
Communication Technologies (ICT) in Mauritius.

■ It is a parastatal body administered by a Board of Directors and operates under the aegis of the
Ministry of Information & Communication Technology.

■ The NCB is a key enabler in transforming Mauritius into a Cyber island and the regional ICT hub and
has the mission to e-power people, businesses and the public sector by developing and promoting ICT
and ICT related services in Mauritius.
 CERT – What they do
■ National Computer Emergency Response Team a division of the National Computer Board.

■ Continuously study, analyse, research and innovate - stay ahead and maintain a technological edge.

■ Encourage organisations and individuals to consult them on cyber security incidents such as virus and
malware infections on their computers.

■ Advising Internet users on how to cope with cyber threats and deal with safety issues.

■ Provide specialised services to support the growth of security management & best practices based on
international standards (e.g. ISO 27001).
 CERT – What they do
■ Education, training and creating awareness in the area of cyber security

■ Working towards increasing the number of cyber security professionals. Organise capacity building
programmes for international cybersecurity certifications.
 CERT – Services Provided
■ Incident Handling: provides incident handling to the constituency members, which includes ISPs,
academia, ICT vendors, Media, Law enforcement agencies, home users, international CERTs,
government sector and private sectors.

■ Security Alert: alerting Mauritian Internet Users in the event of a security breach.

■ Advisories: coordination of expert advice while providing remedial assistance.

■ Vulnerability Scanning & Penetration Testing: remote and local vulnerability scanning/penetration
testing for the network and devices.

■ Implementation of ISO 27001: provide assistance to parastatal organisations in the implementation

of Information Security Management System (ISMS) based on ISO 27001.

■ Assistance for Third Party Audit: provide assistance to organisations in carrying out third party
Information Security Audits.
 CERT – Incident Reporting
■ Computer security incident is any adverse event whereby some aspect of a computer system is
threatened viz. loss of confidentiality, disruption of data or system integrity, denial of service
availability.

■ By reporting them to CERT-MU the System Administrators and users will receive technical assistance
in resolving these incidents.

■ This will also help the CERT-MU to

– correlate the incidents thus reported and analyse them;
– draw inferences;
– disseminate up-to-date information and
– develop effective security guidelines to prevent occurrence of the incidents in future.
 CERT – Incident Reporting
■ For any of the violations given below, it is advisable to contact CERT-MU for technical assistance

– (i) Attempts (either failed or successful) to gain unauthorised access to a system or data therein

– (ii) Disruption or denial of service

– (iii) Unauthorised use of a system for the processing or storage of data

– (iv) Changes to system hardware, firmware, or software characteristics without owner's

knowledge, instruction, or consent

– (v) Email-related security issues, spamming, mail bombing etc.

 CERT – Vulnerability Reporting
■ Users of different systems working on various platforms and using different applications may report
any vulnerability found in these systems, platforms, applications, services and devices to CERT-MU.

■ The CERT-MU email address for reporting a vulnerability is: [email protected]

■ Report a vulnerability to CERT-MU by filling the Online Vulnerability Reporting Form :

https://eforms.govmu.org/certmu/VUL_REP.pdf
 Internet Management Committee
■ The Minister shall, after consultation with the ICT Board, appoint an Internet Management
Committee.
– The Committee consists of a Chairperson and 10 members.

■ Functions of the IMC:

– Advise the Authority on Internet and related policies.

– Provide a forum for stakeholders to discuss issues relating to the administration of Internet.

– Administer domain names in the context of the development of the information and
communication industry.

– Make recommendations to the Board on any matter relating to Internet including the
administration and management of domain names.

■ The Committee may appoint such working groups as may be necessary.

 Objects of the Authority
■ Democratise access to information through the use of ICT

■ Create a level playing field for all operators in the interest of consumers

■ License and regulate the information and communication services

■ Ensure that ICT services are reasonably accessible at affordable cost

– Supplied as efficiently and economically as practicable
– Performance standards that reasonably meet the social, educational, industrial, commercial and,
other needs of Mauritius

■ Encourage the optimum use of ICT in business, industry and the country at large
– Introduction of new technology and the investment in infrastructure and services
 Objects of the Authority
■ Promote the efficiency and international competitiveness of Mauritius in ICT sector

■ Further the advancement of technology and R&D

■ Advise the Minister on all matters relating to information and communication technologies and on
matters relating to the ICT Authority generally.
 Powers of the Authority
■ The Authority:
– commission expert evaluations, conduct studies, collect data related to the information and
communication industry.
■ Allow any person to conduct those tests

■ Require a public operator to provide information: use, area of coverage and means of access to his
service.

■ Issue directives and guidelines

– Do such acts and things, as are incidental or conducive to the attainment of its objects and the
discharge of its functions.
 Functions of the Authority
■ Implement the policy of government related to ICT

■ Provide economic and technical monitoring of the industry in accordance with recognized
international standard practices and protocols

■ promote and maintain effective competition, fair and efficient market conduct between entities
engaged in the industry
– Ensure public interest and so as to prevent any unfair or anti-competitive practices by licensees

■ Advise and assist in the formulation of national policies with respect to the regulation of the industry

■ Act internationally as the national regulatory body of Mauritius in respect of ICT matters
 Functions of the Authority
■ Exercise licensing and regulatory functions in respect of ICT services in Mauritius
– Determination of types and classes of licensees and the approval of prices, tariffs and alterations
thereto

■ Establish, for public operators, performance standards and linkage standards

– To cater for international and local telephone services,
– and monitor compliance with both of those standards;

■ Report, (to the Minister)

– the performance of public operators,
– the quality of consumer service and consumer satisfaction

■ Ensure the fulfilment by public operators of their obligations

■ Regulate the security of data

 Functions of the Authority
■ Take steps to regulate or curtail the harmful and illegal content on the Internet and other information
and communication services (content filtering)

■ Ensure the safety and quality of ICT services including telecommunication service
– Determine technical standards for telecommunication network,
– The connection of customer equipment to telecommunication networks

■ Handle complaints from consumers in Mauritius and, where necessary, refer them to the appropriate
authorities.

■ Allocate frequencies and manage, review, and, where appropriate, reorganise the frequency spectrum.

■ Determine the numbering system to be used for every ICT services.

■ Monitor every access or interconnection agreement and assist in the resolution of any dispute relating
thereto
 Functions of the Authority
■ Monitor the use of information and communication services on any ship or aircraft

■ Control the importation of any equipment capable of being used to intercept a message

■ Regulate the conduct of examinations for, and the issue of, certificates of competency to persons
wishing to operate any apparatus used for purposes of information and communication services
including telecommunication

■ Authorise or regulate the registration, administration and management of domain names for
Mauritius

■ Controller of Certification Authorities

 Functions of the Authority
■ Allocate and regulate the use of any frequency to any licensed broadcaster in the case of analogue
broadcasting and to the Multiplex Operator in the case of digital broadcasting.

■ Provide annual reports to the Ministry

 Licensing
■ You need a license to operate an ICT service (inc Telco. )
– Application has to be made to the Authority

■ Upon receipt of application, Authority:

– Give public notice of the application in 2 daily newspapers and invite any interested person who
wishes to object to the application to do so in writing within 14 days.

– Require the applicant to furnish any additional information that it considers relevant;

– Inspect any installation, apparatus or premises relating to the application

 Licensing
■ The Authority considers the following before issuing (transfer/renew/vary terms) license:
– Any objections made
– The public interest and any likelihood of unfair practice
– Any element of national security
– Technical and electromagnetic compatibility of the application with any other licensed service
– Any agreement between Mauritius or the Authority with any other State, or any national or
international organization relating to information and communication technologies including
telecommunication.

■ The Authority has to notify the applicant within a period of 30 days from the date of receipt of the
application.
 Licensing
■ When the Authority issue (transfer/renew/vary terms) a license:
– Impose T&C that it thinks fit
– Give written notice of its decision + reasons to any persons who objects

– Applicant need to pay prescribed fee

■ If the Authority refuses to issue (transfer/renew/vary terms):

– Gives written notice of its decision + reasons to the applicant
– and to any person who has raised an objection pursuant to subsection
 Licensing
■ The license:
– The name and business address of the licensee;
– The installation, apparatus and premises to which it relates;
– The network or service to be provided by the licensee;
– Any T&C imposed

■ The Authority has the right to vary the T&C or revoke a license:
– If the Act has been contravened and T&C breached
– The Authority need to provide written notice stating:
■ The reasons for which it proposes to do so
■ The time (not less than 14 days) for written objection

– If the matter is urgent the Authority may immediately suspend a license

 Special Powers
■ An authorised officer (by the Authority) may:
– Require a licensee to produce his licence;
– At all reasonable times inspect any installation, apparatus or premises relating to a licence.

■ An authorised officer (by a Magistrate granting him a warrant) may:

– (a) enter any premises named in the warrant and search those premises or any person found
therein;
– (b) inspect, remove and take copies of any document found considers relevant;
– (c) inspect and remove any installation or apparatus found therein which he has (b) which he
reason to suspect is operating in contravention of this Act.
 Special Powers
■ When a public operator contravenes this Act
– the Authority may require the operator to remedy the default within a delay specified by it.

– If the public operator fails to comply:

■ Revoke or vary the terms of the licence;
■ Suspend the licence for a period not exceeding 30 days; or
■ Reduce the period, not exceeding one year, for which the licence was originally granted
 Obligations of licensees
■ Every licensee shall –

– (a) comply with every term and condition attached to his licence;

– (b) maintain an installation, apparatus or premises relating to his licence in such condition as to
enable him to provide a safe, adequate and efficient service;

– (c ) provide access thereto to an authorised officer;

– (d) furnish to the Authority such reports, accounts and other information relating to his
operations as the Authority relay require;

– (e) comply with any written direction given to him by the Authority in relation to the exercise of
his rights and obligations under a licence.
 ICT Advisory Council - Functions
■ Advise the Minister on any matter relating to:

– The promotion of the interests of consumers, purchasers and other users in respect of –

■ (i) the quality and variety of information and communication services including telecommunication
services provided;

■ (ii) the information and communication equipment including telecommunication equipment and
facilities supplied;

■ (iii) the effect of the tariff Policy adopted by the Authority;

– Promotion of R&D and use of new ICT techniques (inc telco)

– Improvement of ICT services (inc telco)

 ICT Appeal Tribunal
■ Consists of:

– (a) a Chairperson and a Deputy Chairperson, who shall be barristers of not less than 10 years
standing, appointed by the Public Service Commission; and

– (b) such other members, not exceeding 4 in number, as may be appointed by the Minister after
consultation with the Prime Minister.
 ICT Appeal Tribunal - Jurisdiction
■ Hear and dispose of any appeal against a decision of the Authority regarding ICT.

■ Any appeal has to be made within a period of 21 days (*) from the date of notification of the decision
and it shall be in such form and be accompanied by such fee as may be prescribed.
– After parties have been heard
– The Tribunal can confirm, vary or set aside the decision appealed against.
– Send a copy of decision to parties and the Authority

■ The Tribunal shall endeavour to dispose of the appeal within 6 months from the date the appeal was
lodged

■ Any party can appeal the decision to the Supreme Court (within 21 days of the decision of the
Tribunal)
 Offences
■ Any form of emission, radiation, induction or other electromagnetic effect, harms the functioning of
an ICT service

■ Intent to defraud or to prevent the sending or delivery of a message

■ Steals, secretes or destroys a message

■ Wilfully or negligently omits or delays the transmission or delivery of a message

■ Forges a message or transmits or otherwise makes use of a message knowing that it has been forged

■ Knowingly sends, transmits or causes to be transmitted a false or fraudulent message

 Offences
■ Use an ICT service (inc telco)
– (i) for the transmission or reception of a message which is grossly offensive, or of an indecent,
obscene or menacing character; or

– (ii) for the purpose of causing annoyance, inconvenience or needless anxiety to any person;

– (iii) for the transmission of a message which is of a nature likely to endanger or compromise
State defence, public safety or public order.

■ Dishonestly obtains or makes use of an ICT service with intent to avoid payment of any applicable fee
or charge
 Offences
■ By means of an apparatus or device connected to an installation maintained or operated by a licensee -
– (i) defrauds the licensee of any fee or charge properly payable for the use of a service;

– (ii) causes the licensee to provide a service to some other person without payment by such other
person of the appropriate fee or charge; or

– (iii) fraudulently installs or causes to be installed an access to a telecommunication line;

■ Wilfully damages, interferes with, removes or destroys an information and communication installation
or service including telecommunication installation or service maintained or operated by a licensee
 Offences
■ Establishes, maintains or operates a network or service without a licence or in breach of the terms or
conditions of a licence.

■ Without the prior approval of the Authority, imports any equipment capable of intercepting a message

■ Discloses confidential info (*)

 Penalties
■ Any person who commits an offence under the ICT Act, shall, on conviction, be liable to a fine not
exceeding 1,000,000 rupees and to imprisonment for a term not exceeding 5 years.

■ Additionally:
– the forfeiture of any installation or apparatus used in connection with the offence;

– Cancellation of the licence held by the person convicted;

– That the person convicted shall not be issued with a licence for such period as the Court thinks
fit;

– That a service provided to a person convicted of an offence under this Act shall be suspended for
such period as the Court thinks fit.