Law No. 2000-83 of August 9, 2000 concerning Electronic Exchanges and E-commerce

---

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 1 LAW NO. 2000-83 OF AUGUST 9, 2000, CONCERNING ELECTRONIC EXCHANGES AND E-COMMERCE In the name of the people, The Chamber of Deputies having adopted, The President of the Republic promulgates the law whose text follows: Chapter I General Provisions Article 1 – This law sets out the general rules governing electronic exchanges and e-commerce. Electronic exchanges and e-commerce are governed by existing legislation and regulations to the extent that this law does not derogate from them. The regime for written contracts applies to electronic contracts regarding the expression of intent, their legal effect, validity, and execution, to the extent that this law does not derogate from them. Article 2 – For the purposes of this law, the following terms are defined as:

• Electronic exchanges: transactions conducted using electronic documents.
• E-commerce: commercial operations carried out through electronic exchanges.
• Electronic certificate: a secure electronic document bearing the electronic signature of its issuer, attesting to the veracity of its content upon verification.
• Electronic certification service provider: any natural or legal person that issues, delivers, manages certificates and provides other services associated with electronic signatures.
• Encryption: the use of unusual codes or signals to convert information to be transmitted into signals unintelligible to third parties, or the use of codes and signals essential for reading the information.
• Signature creation device: a unique set of personal encryption elements or a set of equipment specifically configured for creating the electronic signature.
• Signature verification device: a set of public encryption elements or equipment enabling the verification of the electronic signature.
• Electronic payment instrument: a means that enables its holder to perform remote direct payment operations through public telecommunications networks.
• Product: any material or immaterial natural, agricultural, artisanal, or industrial service or product. Article 3 The use of encryption in electronic exchanges and e-commerce through public telecommunications networks is governed by existing regulations in the field of value-added telecommunications services. Chapter II

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 2 On the Electronic Document and Electronic Signature Article 4 – The retention of an electronic document carries the same evidentiary weight as the retention of a written document. The issuer undertakes to retain the electronic document in its original form. The recipient undertakes to retain this document in the received form. The electronic document is retained on an electronic medium enabling:

• Consultation of its content throughout its validity period,
• Its retention in definitive form to ensure the integrity of its content,
• The retention of information regarding its origin and destination, as well as the date and place of its issuance or receipt. Article 5 – Any person wishing to affix their electronic signature to a document may create this signature using a reliable device, the technical characteristics of which shall be determined by an order from the minister responsible for telecommunications. Article 6 – Any person using a signature device must: Take the minimum precautions established by the order provided for in Article 5 of this law, to avoid any illegitimate use of encryption elements or personal equipment related to their signature. Notify the electronic certification service provider of any illegitimate use of their signature. Ensure the accuracy of all data declared to the electronic certification service provider and to any person they have asked to rely on their signature. Article 7 – In case of breach of the obligations provided for in Article 6, the holder of the signature is liable for any damage caused to others. Chapter III On the National Electronic Certification Agency Article 8 – A public non-administrative enterprise with legal personality and financial autonomy is established, named the National Electronic Certification Agency, and subject to commercial legislation in its relations with third parties. Its headquarters are fixed in Tunis. Article 9 – This enterprise is responsible for the following missions:
• Granting authorization to exercise the activity of electronic certification service provider throughout the territory of the Tunisian Republic.
• Monitoring compliance by the electronic certification service provider with the provisions of this law and its implementing texts.
• Determining the characteristics of the signature creation and verification devices.
• Concluding mutual recognition agreements with foreign parties.

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 3

• Issuing, delivering, and retaining electronic certificates related to public agents authorized to conduct electronic exchanges. These operations may be performed directly or through public electronic certification service providers.
• Participating in research, training, and study activities related to electronic exchanges and e-commerce. And generally, any other activity assigned to it by the supervising authority in relation to its field of intervention. The agency is subject to the supervision of the ministry responsible for the sector. Article 10 – The National Electronic Certification Agency may be allocated, by assignment, movable or immovable property of the State necessary for its operation. In case of dissolution of the enterprise, its assets revert to the State, which executes the obligations and commitments contracted, in accordance with existing legislation. Chapter IV On Electronic Certification Services Article 11 – Any natural or legal person wishing to exercise the activity of electronic certification service provider must obtain prior authorization from the Tunisian Certification Agency. The natural person or legal representative of the legal person wishing to obtain authorization must meet the following conditions:
• Be of Tunisian nationality for at least five years,
• Be domiciled on Tunisian territory,
• Enjoy civil and political rights and have no criminal record,
• Hold at least a master’s degree or an equivalent diploma,
• Not exercise another professional activity. Article 12 – The electronic certification service provider is responsible for issuing, delivering, and retaining certificates in accordance with a specification sheet approved by decree, and, if applicable, its suspension or cancellation in accordance with the provisions of this law. This specification sheet includes notably:
• The costs for studying and monitoring certificate application files,
• The timeframes for file examination,
• The material, financial, and human resources to be provided for the exercise of the activity,
• The conditions ensuring interoperability of certification systems and interconnection of certificate registers,
• The rules regarding information related to its services and certificates delivered, which must be retained by the electronic certification service provider. Article 13 – The electronic certification service provider is required to use reliable means for issuing, delivering, and retaining certificates, as well as necessary means to protect them against counterfeiting and falsification in accordance with the specification sheet provided for in Article 12. Article 14 – The electronic certification service provider must maintain an electronic certificate register available to users, accessible permanently for electronic consultation of the information contained therein. The certificate register contains, if applicable, the date of suspension or cancellation of the certificate.

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 4 The certificate register must be protected against any unauthorized modification. Article 15 – Electronic certification service providers and their agents must keep confidential the information entrusted to them in the course of their activities, except for those whose publication or communication has been authorized in writing or electronically by the certificate holder or in cases provided for by existing legislation. Article 16 – Upon request for a certificate, the electronic certification service provider collects personal information directly from the concerned person or, with their written or electronic consent, from third parties. It is prohibited for the electronic certification service provider to collect information not necessary for issuing the certificate. It is prohibited for the electronic certification service provider to use, outside the framework of certification activities, the information collected to issue the certificate without obtaining the written or electronic consent of the concerned person. Article 17 – The electronic certification service provider issues certificates conforming to security and reliability requirements. Technical data regarding the certificate and its reliability shall be determined by an order from the Ministry responsible for telecommunications. This certificate includes notably:

• The identity of the certificate holder,
• The identity of the issuing person and their electronic signature,
• The verification elements for the certificate holder’s signature,
• The validity period of the certificate,
• The domains of use for the certificate. Article 18 – The electronic certification service provider guarantees:
• The accuracy of the certified information contained in the certificate at the date of issuance,
• The link between the certificate holder and their specific signature verification device,
• The exclusive possession by the certificate holder of a signature creation device conforming to the provisions of the order provided for in Article 5 and complementary with the signature verification device identified in the certificate at the date of issuance. When the certificate is issued to a legal person, the electronic certification service provider must verify beforehand the identity and representation authority of the natural person presenting themselves. Article 19 – The electronic certification service provider immediately suspends the certificate upon the holder’s request or when it appears that:
• The certificate was issued based on erroneous or falsified information,
• The signature creation device has been compromised,
• The certificate has been subject to fraudulent use,
• The information contained in the certificate has changed. The electronic certification service provider immediately notifies the certificate holder of the suspension and its reason.

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 5 Suspension is lifted immediately when the accuracy of the information contained in the certificate and its legitimate use are demonstrated. The decision to suspend the certificate by the service provider is enforceable against the certificate holder and third parties from the date of its publication in the electronic register provided for in Article 14. Article 20 – The electronic certification service provider immediately cancels the certificate in the following cases:

• Upon request of the certificate holder,
• When informed of the death of a natural person or dissolution of a legal person holding the certificate, Following suspension, if in-depth examinations demonstrate that the information is erroneous or falsified, non-compliant with reality, or that the signature creation device has been compromised or the certificate used fraudulently. The decision to cancel the certificate by the service provider is enforceable against the certificate holder and third parties from the date of its publication in the electronic register provided for in Article 14. Article 21 – The certificate holder is solely responsible for the confidentiality and integrity of the signature creation device they use, and any use of this device is deemed to be their act. The certificate holder must notify the electronic certification service provider of any modification to the information contained in the certificate. The certificate holder suspended or cancelled can no longer use the personal encryption elements of the signature subject to this certificate and cannot have these elements certified anew by another electronic certification service provider. Article 22 – The electronic certification service provider is liable for any damage suffered by any person who, in good faith, relies on the guarantees provided for in Article 18. The electronic certification service provider is liable for damage suffered by any person due to the failure to suspend or cancel a certificate in accordance with Articles 19 and 20. The electronic certification service provider is not liable for damages resulting from the non-compliance with certificate usage conditions or the creation of the electronic signature by the certificate holder. Article 23 – Certificates issued by an electronic certification service provider established in a foreign country have the same value as those issued by a provider established in Tunisia, if this organization is recognized within the framework of a mutual recognition agreement concluded by the National Electronic Certification Agency. Article 24 – The electronic certification service provider wishing to terminate its activity must notify the National Electronic Certification Agency at least 3 months before the cessation date. The electronic certification service provider may transfer all or part of its activities to another provider under the following conditions:
• Notify existing certificate holders of their intention to transfer certificates to another provider at least one month before the envisaged transfer,

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 6

• Specify the identity of the electronic certification service provider to whom the certificates will be transferred,
• Inform certificate holders of their right to refuse the envisaged transfer, as well as the timeframes and procedures for refusal. Certificates are cancelled if, by the end of this period, their holders express their refusal in writing or electronically. In case of death, bankruptcy, dissolution, or liquidation of the electronic certification service provider, heirs, guardians, or liquidators are subject to the provisions of the second paragraph of this article within a period not exceeding three months. In all cases of cessation of activity, remaining personal data held by the provider must be destroyed in the presence of a representative of the National Electronic Certification Agency. Chapter V On E-commerce Transactions Article 25 – Before concluding the contract, the seller is required during e-commerce transactions to provide the consumer with clear and comprehensible information as follows:
• The identity, address, and telephone number of the seller or service provider,
• A complete description of the different execution steps of the transaction,
• The nature, characteristics, and price of the product,
• Delivery costs, product insurance rates, and applicable taxes,
• The duration of the offer at fixed prices,
• Commercial warranty and after-sales service conditions,
• Payment methods and procedures, and, if applicable, proposed credit terms,
• Delivery modalities and timeframes, contract execution, and consequences of non-performance.
• The right of withdrawal and its timeframe,
• The order confirmation method,
• The product return, exchange, or refund method,
• The cost of using telecommunications means when calculated on a basis other than prevailing tariffs,
• Contract termination conditions for contracts concluded for an indefinite period or a duration exceeding one year,
• The minimum contract duration for contracts providing long-term or periodic supply of a product or service. These information must be provided electronically and made available to the consumer for consultation at all stages of the transaction. Article 26 – It is prohibited for the seller to deliver a product not ordered by the consumer when accompanied by a payment request. In case of delivery of an unrequested product, the consumer cannot be asked to pay its price or delivery cost. Article 27 – Before concluding the contract, the seller must allow the consumer to definitively recapitulate all their choices, confirm or modify the order at their discretion, and consult the electronic certificate related to their signature. Article 28 –

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 7 Unless otherwise agreed by the parties, the contract is concluded at the seller’s address and on the date of acceptance of the order by the latter via an electronic document signed and addressed to the consumer. Article 29 – The seller must provide the consumer, upon request and within 10 days following contract conclusion, a written or electronic document containing all data related to the sales transaction. Article 30 – Subject to the provisions of Article 25, the consumer may withdraw within a period of 10 working days:

• From the date of receipt by the consumer, for goods,
• From the date of contract conclusion, for services. The notification of withdrawal is made by any means provided in advance in the contract. In this case, the seller must refund the amount paid to the consumer within 10 working days from the date of return of goods or renunciation of service. The consumer bears the return shipping costs for goods. Article 31 – Notwithstanding compensation of damage to the consumer’s benefit, the latter may return the product as-is if it does not conform to the order or if the seller has not respected delivery timeframes, within a period of 10 working days from the date of delivery. In this case, the seller must refund the paid amount and related expenses to the consumer within 10 working days from the date of product return. Article 32 – Subject to the provisions of Article 30 and except for apparent or hidden defects, the consumer cannot withdraw in the following cases:
• When the consumer requests service delivery before the withdrawal period expires and the seller provides it,
• If the consumer receives products made to custom specifications or products that cannot be reshipped or are liable to deteriorate or expire due to validity deadlines,
• When the consumer breaks seals on audio/video recordings or delivered/downloaded computer software,
• The purchase of newspapers and magazines. Article 33 – When the purchase operation is entirely or partially covered by credit granted to the consumer by the seller or a third party based on a contract concluded between the seller and the third party, the consumer’s withdrawal results in the termination, without penalty, of the credit contract. Article 34 – Except in cases of misuse, the seller bears, in trial sales, the risks to which the product is exposed until the completion of the product’s trial period. Any liability-exempting clause contrary to the provisions of this article is considered null and void. Article 35 – In case of unavailability of the ordered product or service, the seller must notify the consumer within a maximum period of 24 hours before the delivery date stipulated in the contract and refund the full amount paid to its holder.

Law No. 2000-83 of August 9, 2000, concerning Electronic Exchanges and E-commerce 8 Unless force majeure applies, the contract is terminated if the seller breaches its commitments and the consumer recovers paid sums without prejudice to damages. Article 36 – The seller must prove the existence of prior information, confirmation of information, respect for timeframes, and consumer consent. Any contrary agreement is considered null and void. Article 37 – Payment operations related to electronic exchanges and e-commerce are subject to existing legislation and regulations. The holder of an electronic payment instrument is obliged to notify the issuer of the loss or theft of this instrument or instruments enabling its use, as well as any related fraudulent use. The issuer of an electronic payment instrument must establish appropriate means for this notification in the contract concluded with its holder. Notwithstanding fraud cases, the holder of an electronic payment instrument:

• Assumes, up to its notification to the issuer, the consequences of loss or theft of the payment instrument or its fraudulent use by a third party,
• Is discharged from all liability regarding the use of the electronic payment instrument after notification.