The Digital Economy is transforming the way businesses, governments and societies interact and operate. Tremendous revolution in world of communication has led to change in means of business transactions what we call E-commerce or Electronic Data. With the development of E-commerce over the globe, legislations have been made throughout the world to regulate the E-commerce. The convenience and flexibility of the services and products available on the Internet have meant that all aspects of our lives are now increasingly being digitized. However, there is also an increasing concern about the privacy and security of the individuals and organizations, alike. To this end, electronic certificates, are commonly used to ensure higher levels and assurances of electronic identities and content integrity of electronic transactions. In fact, the use of electronic certificates to enhance security and privacy has now gained global acceptance in both the public and private sectors.
Like other countries in the world, Pakistani, legislature has also formulated Electronic Transaction Ordinance (ETO) 2002 to put a legal frame work in order to regulate the electronic transactions and to recognize all means of electronic data and electronic signatures in term of their validity or invalidity. The objective was the establishment of legal obligations on one side and the recognition of electronic records on the other side.
Electronic Certification and Accreditation Council (ECAC), established by Federal Government of Pakistan under Section-18 of Electronic Transaction Ordinance, 2002 (ETO), is an autonomous body and operates under Ministry of Information Technology & Telecom (MoIT), Government of Pakistan. ECAC being fully functional regulatory body has enforcement powers to regulate electronic transactions in public and private sectors. ECAC is mandated to grant accreditation to approved crypto apparatus and accreditation to any Certificate Service Providers who intends to work as an Accredited Service Provider. The Council have started regulating PKI Certification Authority service providers in Pakistan under ETO and regulations framed thereunder. The mandate and domain assigned to ECAC is recognized in all primary and secondary legislation and is respected by all regulatory authorities. All companies / individuals/ firms etc engaged in the business of electronic services, are required to get themselves accredited with ECAC in their own business interest. The Certificate of Accreditation shall make electronic transactions more secure, more reliable and worldwide acceptable.
I, on behalf of the council, expect that the role and the exclusive mandate granted to ECAC will be respected by all stakeholders. By addressing the increasing concern about the privacy and security of the individuals as well as organizations, ECAC endeavors for keeping the nation abreast with the ever-changing trends of E-commerce while protecting the interest of related stakeholders. ECAC is committed to achieving ‘Digital Pakistan’ — a vision of Govt. of Pakistan.
Following are some of the key services of ECAC.
To grant and renew accreditation certificates to certification service providers, their cryptography services and security procedures.
To monitor and ensure compliance by accredited certification service providers with the terms of their accreditation and revoke or suspend accreditation in the manner and on the grounds as may be specified in regulations.
To establish and manage the repository.
To monitor compliance of accredited certification service providers with the provisions of the ETO.
To carry out research and studies in relation to cryptography services and to obtain public opinion in connection therewith.
To recognize or accredit foreign certification service providers.
To encourage uniformity of standards and practices.
To give advice to any person in relation to any matter covered under ETO.
To make recommendations to an appropriate authority in relation to the matters covered under ETO.