Page 1

40

SERIES I - NUMBER 5
The RTICLE 52
(Revocation)

Law No. 3/2017
of January 9th

Articles 4, number 2, subparagraph c ), 8 are repealed
number 2, 13, number 2, letter b ), 15, 16, 17, 18, 19, 20, 21, 22
and article 50 all of Law no. 16/2013, of 12 August, Law of
Mozambique Police and other legislation contrary to this
Law.
A RTICLE 53

If there is a need to regulate electronic transactions,
e-commerce and e-government, as well as
ensure the security of providers and users of
information and communication technologies, under the
in number 1 of article 179 of the Constitution of the Republic,
the Assembly of the Republic determines:
CHAPTER I

(Implementation)

This Law enters into force 15 days after its publication.
Approved by the Assembly of the Republic, on the 27th of July
2016.
The President of the Assembly of the Republic, Verónica Nataniel
Macamo Dlhovo .
Enacted on January 6, 2017.
Publish yourself.
The President, F ILIPE J ACINTO N Yusi .P

General Provisions

The RTICLE 1
(Object)

This Law establishes the principles, general rules
and the legal framework for electronic transactions in general,
of e-commerce and e-government in particular,
aiming to ensure the protection and use of technologies
of information and communication.
The RTICLE 2

Emblem

(Scope)

INVESTIGATE NAME
W
IO
THE
Ç
O
THE
Ç
N
R
O
IM
IÇ
IN
AL
SERV
CONSTITUTION OF THE REPUBLIC

This Law applies to natural, legal persons
public or private companies that apply information technologies and
communication, in its activities, namely, transactions.
electronic or commercial and e-government.
The RTICLE 3
(Definitions)

For the purposes of this Law, the definitions of the terms
and the acronyms appear in the attached glossary, which is part
part of it.
The RTICLE 4
(Goals)

1. The objectives of this Law are:
standard

CRIM RESEARCH NATIONAL
CONSTITUTION OF THE REPUBLIC
END
SERVICE

Streamer

CRIM RESEARCH
NATIONAL
CONSTITUTION
OF THE REPUBLIC
END
SERVICE

a) regulate and discipline activities within the
electronic transactions;
b) establish a legal order in which the trade
electronic, data messages, communications
electronics and e-government services
process with the necessary speed and security
legal;
c) establish the sanctioning regime for infractions
cybernetics guaranteeing consumer protection;
d) increase citizen confidence in the use of
electronic transactions as a means of communication,
service provision and mass consumption;
e) promote and make available technology networks and services.
information and communication technologies;
f) protect the interests of different stakeholders
sector, in particular consumers;
g) promote public and private investment in the
information and communication technologies and the Internet ;
h) promote access to the e-government service;
i) ensure the interoperability and interconnection of services
of Electronic government;
j) promote innovation and technological development.
2. The objectives referred to in the previous number are pursued
by the entities that, under the terms of the applicable legislation, have
responsibilities over each of the identified domains.

Page 2
41

JANUARY 9, 2017
CHAPTER II
Domain Name and Registration

The RTICLE 5
(Assignment and management of domain names)

CHAPTER III
Service Provider
SECTION I
primary service provider

1. It is incumbent upon the Regulatory Authority for Information Technologies
The RTICLE 10
Communication and attribution and management of domain names.
(Primary service provider)
2. The responsibility for the “.mz” domain and any
1. Are primary service providers, institutions
related subdomain belongs to the Regulatory Authority of
government agencies or delegated by the Regulatory Authority
Information and Communication Technologies.
of the Information and Communication Technologies that send,
3. The Information Technology Regulatory Authority
receive or store institutional, collective or
and Communication may delegate, with reservations, upon
individual.
rationale, the technical aspects of the registration process and
2. Primary service providers may delegate
management of the ".mz" domain to other entities, of proven
its competences to third parties, granting its attributions
and recognized technical-scientific capacity in recording and management
and competencies to intermediary service providers provided that:
of domains.
a) the activity of the delegated entity obeys the law and the rules
fixed by the delegating entity;
The RTICLE 6
b) the delegated entity provides its services on behalf of
(Registration of domain name “.mz”)
own and responds, in accordance with the law.
1. The recognized domain of Internet space protected by
A RTICLE 11
Republic of Mozambique is the “.mz” domain.
2. All natural or legal persons domiciled in
(Regulatory Authority)
Republic of Mozambique may apply, the regulatory authority
1. The Regulatory Authority is a public institution with
competent, the registration of a name in the “.mz” domain.
of legal personality, administrative autonomy and performs
3. Domain name assignment is processed in order
their functions in accordance with this Law,
chronological order of receipt.
organic statute and other applicable legislation.
The RTICLE 7
(Registration of “.mz” domain)

1. Anyone interested in registering a domain name is free
to choose the term or terms to adopt, unless the term
chosen has been booked.
2. The domain name applicant must respect,
the rules established by the Technology Regulatory Authority
of Information and Communication.
3. Assigning and maintaining a domain name
are subject to the payment of fees established by the Entity
Information and Communication Technologies Regulator.
4. The Information Technology Regulatory Authority
and Communication or to whom it delegates, it may, unofficially,
block or withdraw a “.mz” domain name under the terms
to regulate.
The RTICLE 8
(Regulatory fees)

Applicable to entities licensed under this
Law, the following regulatory fees:
a) license fee for the use of the ".mz" domain;
b) annual fee for using the “.mz” domain;
c) other fees to be fixed by the Council of Ministers.
The RTICLE 9
(Fraudulent use of domain name)

1. Fraudulent use of domain name or name
of similar domain, or another likely to create confusion
or misunderstandings, with the intention of benefiting or benefiting
to third parties, is punished under the law that regulates the right
intellectual property or copyright and other
applicable law.
2. Is responsible for misuse, whoever uses it as
domain name, name of a natural or legal person,
or a name that is protected as a property right
intellectual.

2. The National Institute of Information Technologies
and Communication (INTIC) is the Regulatory Authority in the scope
of this Law.
3. The organization and functioning of the National Institute
of Information and Communication Technologies are regulated
by the Organic Statute approved by the Council of Ministers.
A RTICLE 12
(Competences of the regulatory authority)

1. It is incumbent upon the Regulatory Authority:
a) ensure respect for and compliance with the law and the respective
regulations;
b) submit proposals for regulations and other diplomas
implementation of this Law, within the limits
of law;
c) perform the functions of regulation, supervision
and inspection;
d) ensure the implementation of the interoperability framework
e-government;
e) apply sanctions arising from non-compliance
of this Law and other applicable legislation;
f) disclose and promote the application of transactions
electronics, e-commerce and government
electronic;
g) licensing intermediary service providers;
h) issue, modify, renew, suspend or cancel
the licenses and registrations established in this Law;
i) ensure the management of the “.mz” domain;
j) ensure the implementation and functioning of the system
State electronic certification;
k) protect the consumer in the context of transactions
electronics, e-commerce and government
electronic;
l) create protection mechanisms for industry and services
national information and communication technologies;
m) issue an opinion on commercial licensing
of commercial organizations in the field of technologies
of information and communication;

Page 3
42

SERIES I - NUMBER 5
n) collect fees and fines;
o) propose to the Council of Ministers the updating of rates.
2. Perform other duties defined in the Organic Statute.
SECTION II
Intermediate Service Provider

The RTICLE 13
(Intermediate service provider)

1. The intermediary service provider exercises its
activities subject to the granting of a license.
2. Licensing to carry out activities of prointermediary provider of services is the responsibility of the entity
regulatory.
The RTICLE 14
(Responsibility of intermediary provider as issuer
services)

1. The intermediary service provider is responsible for
ensure access and ensure communication of information
transmitted by the users linked to it, through a
network or communication system.
2. The provision of access and transmission of information
issued by the users referred to in number 1 of this
item, include automatic, intermediate, and
passenger information transmitted in a communication network
until the end of the period defined for its transmission.
3. Without prejudice to the above, the intermediary provider
must keep all communications confidential and confidential.
of information transmitted by the users linked to it,
not being able to disclose, provide or use to the detriment of the
users.
4. The intermediate provider may, by court decision or
administrative decision, duly substantiated, provide
information communications that have criminal content
or that threaten the security of the State.
The RTICLE 15
(Responsibility of intermediary provider as recipient

for others linked to it, without prejudice to the duty of protection
and secrecy to which it is bound.
2. The provisions of the previous number do not apply to cases in
that the recipient of the service acts under the legal order of the authority
competent service provider.
3. The provisions of this article do not affect court decisions
or competent administrative authority.
A RTICLE 18
(Information monitoring)

1. The intermediary service provider is not subject
the general obligation to monitor the information you transmit or
store, nor to look for facts or indicative circumstances.
of illegal activity.
2. Without prejudice to paragraph 1, the provider
service intermediary must collaborate, in the sense of:
a) inform the competent public authorities of the activities.
illegalities detected;
b) present to the competent authorities, at their request,
information that allows the identification of recipients
services that have storage contracts;
c) obtain and maintain data that allow the identification of the
service providers who contributed to the creation
of contents integrated in services provided by you.
to third parties;
d) identify users who transmit or store
data with offensive content using the service
of communication with unidentified sender;
e) act immediately, without any further formalities,
in the event of a complaint, complaint or information of theft,
theft, loss or disappearance of electronic media
made by the user for the purpose of recovering or
prevent or its illicit use.
3. For the purposes of paragraph e ) of the previous number,
the user is obliged to inform the intermediary provider of
service about theft, robbery, loss or disappearance of media
electronic devices in your possession and use.
The RTICLE 19

services)

The intermediary service provider is responsible for ensuring
access and ensure the communication of information received,
aimed at users linked to it, through a network
or data communication system.

(User identification record)

Intermediate providers must register and identify
its users, under the terms to be regulated.
CHAPTER IV

The RTICLE 16
Electronic Data and Communications Messages
(Receiving and issuing information)

SECTION I

The intermediary service provider must:
a) maintain the integrity of the information you receive
and broadcast in its capacity as an intermediary provider;
b) refrain from using or passing on data to third parties
or information sent or intended for users
linked to it, except by court decision;
c) avoid removing or disabling access to information
stored;
d) respond for damages and losses caused to users.
ers, under the duty of secrecy and protection
of data and information thereof.

Applying legal requirements to data messages

The RTICLE 20
(Legal recognition of data messages)

Data or information message in electronic format
has the same legal effect as the data message or
information in physical format, as long as it meets the requirements
and legal formalities established for documents in format
physicist.
The RTICLE 21

The RTICLE 17
(Written message)
(Information storage)

1. The intermediary service provider is responsible for the
storage of information for or from users

Whenever the law requires that information be presented,
this can be presented in electronic format, as long as it is
immediately carried over to physical format.

Page 4
43

JANUARY 9, 2017
A RTICLE 22
(Electronic signature)

1. Whenever the law requires a signed document, it may
be presented in physical format, or in electronic format.
2. If the signature is missing from the document in electronic format,
this can be bet cumulatively obeying the following
requirements:
a) when the signature identifies the person who issued
the said document and indicate your approval for
the information contained in the electronic message;
b) when the method is reliable and suitable for the purpose
for which the message was generated or communicated,
taking into account all the circumstances
of the case, including agreement of the parties thereto.
3. Electronic signatures are subject to certification
of authenticity by the competent authority, in order to guarantee
security and certainty in transactions.
A RTICLE 23
(Original)

1. Whenever the law requires that certain information be
presented or preserved in its original form, it must contain:
a) reliable guarantee that integrity was preserved
of information from the moment of its generation in
its final form, like an email
or otherwise;
b) information accessible to the person who should be
presented, if its submission is required.
2. The provisions of number 1 of this article shall apply, if
the requirement mentioned therein is expressed in the form of a
obligation or if the law foresees consequences for the case in which
the information is not presented or preserved in its form.
original.
3. For the purposes of paragraph a ) of number 1
of this article:
a) the information that has remained is presumed to be complete
complete and unchanged, except for the addition of any
endorsement of the parties or other change that occurs
in the normal course of communication, storage
and exposure;
b) the degree of reliability required is determined in light
of the purposes for which the information was generated, so
as of all the circumstances of the case.

The RTICLE 25
(Conservation of data messages)

1. Whenever the law requires that a certain document, register
or information is kept, it must comply with the following
conditions:
a) that the information contained in the email is
accessible for later reference;
b) that the information contained in the email is
preserved in the format in which it was generated,
emitted, transmitted and received, or in a format that
can be shown to represent exactly
the information generated, emitted, transmitted and received;
c) that all the information allows to determine the origin,
the destination, date and time the messages were
sent or received.
2. The obligation to preserve documents, records or information.
provisions, provided for in paragraph 1 of this article, is not applicable
to those data that have the sole purpose of facilitating the sending
or receiving the message.
3. Anyone can use the services of a third party to
respond to the requirements mentioned in number 1 of this
article, provided that they comply with the conditions set out in the
neas a ), b ) and c ) of number 1 of this article.
SECTION II
Data message communication

A RTICLE 26
(Formation and validity of contracts)

1. Unless otherwise provided by the parties, in the formation
of a contract, the offer and its acceptance may be expressed by
electronic messages, being for all purposes valid and effective.
2. The provisions of number 1 of this article do not apply
when the law requires electronic signature of the parties and intervention
notarial or other mechanism for the validity and effectiveness of the contract.
A RTICLE 27
(Assumption of data message recognition)

In the relationship between the sender and the recipient of a
electronic message, validity or effectiveness is not denied
to a declaration of will or other declaration by the fact
the declaration has been made by an electronic message.
A RTICLE 28

The RTICLE 24
(Data message authorship)
(Admissibility and evidential strength of data messages)

1. An electronic message comes from the sender when
has been sent by the sender himself.
2. In the relationship between the sender and the recipient, a
electronic message is considered to come from the sender
a) based on the fact that it is a message
electronics;
if it was sent:
b) for the simple reason that they were not presented
a) by a person authorized to act on behalf of the sender
in its original form;
with regard to that e-mail;
c) whenever such messages are the best proof that
b) by an information system programmed by, or in
can expect from the person who presents them.
sender name, to operate automatically.
3. In the relations between the sender and the recipient, it is assumed that
2. All information presented in the form of a message
if the e-mail belongs to the sender
electronics has evidential force.
under any of the following conditions:
3. In evaluating the evidential strength of a message
electronics, its reliability is measured:
a) if the recipient has correctly applied a
procedure previously accepted by the sender to
a) by the way it was generated, stored, issued,
in order to verify that the e-mail comes from
transmitted and received;
from the sender;
b) by the way in which the integrity of the information was preserved.
b) if the email received by the recipient
application;
is the result of acts of a person whose relationships
c) by the sender's identification and any other factor
relevant.
with the sender or any agent of the sender
1. Data messages are evidence in court and cannot
be refused under the following circumstances:

Page 5
44

SERIES I - NUMBER 5
have given you access to the method used.
by the sender to identify the e-mail
as being yours.
4. The provisions of the previous number do not apply:

a) from the moment the recipient receives
the author's notification indicating that the message
data does not belong to you if you have a period
of defined time to act on these terms;
b) at any time the recipient knew or should
have known, if you had been careful or used a
agreed procedure, that the data message
it wasn't the author's.
5. Whenever an electronic message comes from the
try or consider yourself coming from the sender, or whenever
the recipient is entitled to act on that presumption, the
recipient may, in its relations with the sender, consider
that the email received corresponds to the one that
the sender intended to send, and to act accordingly.
6. The recipient does not enjoy this right when he knows or
should know, and have acted with due diligence or employee
the agreed procedure, that the transmission caused an error
in the received e-mail.
7. The recipient can consider each e-mail
received as distinct and to act accordingly, except to the extent
that she duplicates another email and the recipient
know or should know, and had acted with due diligence
or using the agreed procedure for the duplicate message.
A RTICLE 29
(Domicile of the parties)

1. The domicile of the parties must be indicated in the act of registration
with the regulatory authority.
2. In case of existence of several domiciles, the party must
indicate what you consider the main or habitual domicile.
3. In the absence of indication of the main or usual address,
under the terms of number 2, it is considered as the main domicile
or usual, the place of commercial activity or the place that has
closer relationship with the contract or transaction, having in
consideration of known or contemplated circumstances, before
or at the time of completion of the contract or transaction.
4. In case a natural person does not have a location
where it carries out its commercial activity, reference must be made.
her usual residence.
5. Not considered domicile of commercial activity
the place where:
a) the equipment and supporting technology are located
to an information system used by a person
regarding the formation of a contract; or
b) the parties can access the information system.
6. The fact that a person uses a domain name
or email address linked to a specific country does not
creates the presumption that your home is located
in that country.
A RTICLE 30
(Information requirements)

The provisions of this Law do not affect the applicable legislation
which requires the parties to disclose their identity, address
physical and/or electronic or other information, nor does it exempt from
liability anyone of the legal consequences
resulting from the provision of inaccurate, incomplete statements
or false.

The RTICLE 31
(Notice of receipt)

1. Unless otherwise agreed by the parties, in the contract that
does not involve consumers, or if the services are delivered
electronically and without delay, the recipient must acknowledge the
receiving data messages sent to you within
of a defined period.
2. Whenever the author of the message disagrees with
the recipient in the way the acknowledgment of receipt must be made,
this can be done through electronic communication.
by the recipient, in an automated or other way.
3. When the acknowledgment of receipt is not received by the author
within the specified or agreed period, or when not
there is an express deadline, the author may notify the recipient
declaring that receipt has not been acknowledged, specifying a
defined period for it to be received.
4. When the acknowledgment of receipt is not received within the
period specified in the previous number, after notification to the
recipient, should consider the electronic record.
5. Whenever the author of the message receives the notice of
reception means that the electronic record has been received by the
recipient, not implying that the content of the electronic record
matches the contents of the received record.
6. When the acknowledgment of receipt states that the record
related electronics complied with the technical requirements,
agreed or stipulated by applicable standards, it is assumed that
the requirements have been met.
7.Except for sending or receiving messages
electronics, this article is not intended to govern the
legal consequences that may result from both the
message and notice of receipt.
The RTICLE 32
(Time, place of emission and reception of data messages)

1. Unless otherwise agreed, between the sender and the sender.
the sending of an electronic message occurs when
this enters an information system outside the control of the
sender or the person who sent the email on
sender's name.
2. Unless otherwise agreed, enter the sender
and the recipient, the moment of receiving a message
electronics is determined:
a) if the recipient has designated an information system.
for the purpose of receiving messages
electronics, the same occurs:
i. the moment the email enters
in the designated information system;
ii. if the email is sent to a
recipient information system that does not
be the designated information system, in the
moment when the email is
retrieved by the recipient.
b) if the recipient has not designated a system
of information, the receipt occurs when the menelectronic sage enters the information system
of the recipient.
3. The provisions of the previous number apply, even if
the information system is located in a different place from where
the e-mail is deemed to have been received in accordance with
number 4 of this article.
4. An electronic message is considered to be sent on site
where the sender and recipient have their establishment,
unless otherwise agreed between the parties.

Page 6
45

JANUARY 9, 2017
5. If the sender or recipient has more than one
establishment, your establishment is considered to be that
which holds the closest relationship to the underlying transaction or,
if there is no underlying transaction, its establishment
main.
6. If the sender or recipient does not have an establishment,
your usual place of residence will be taken into account.
CHAPTER V
Electronic Commerce
SECTION I
Contracts

The RTICLE 33
(Formation and execution of the contract)

The RTICLE 37
(Error in electronic communications)

1. Whenever a natural person, on its behalf or in
representation of another, making an input error in a
electronic communication exchanged through a system of
automated messaging from another party, and the messaging system
automated does not provide the person with the opportunity to correct the
error, you have the right to withdraw the part of the electronic communication
in which the introductory error was made, if the natural person
or your represented:
a) notify the other party of the error within 24 hours,
after having become aware of it, indicating
who made a mistake in electronic communication;
b) has not used or received any benefits or
material value of the goods and/or services, eventually,
received and/or provided by the other party.

1. Who negotiates with others to conclude a contract
2. The provisions of this article shall not affect the application
must, both in the preparatory acts as well as in the celebration
of any other legal provision that provides for the
of this, proceed according to the rules of good faith, under penalty of responding
consequences of an error in the declaration and that it is not
expressly provided for.
for the damages that it may wrongfully cause to the other party.
2. Unless otherwise agreed between the parties, the seller shall
deliver the good or provide the service within 30 days from the day
following the one on which the buyer transmitted it.
3. When the seller does not deliver the goods or does not comply
with the service within 30 days or within the agreed period,
the buyer may terminate the contract in writing with a notice
7 days prior, upon reimbursement of payments by the
contract within 30 days of such notification.
4. In case of breach of contract by the seller,
due to unavailability of the ordered good or service,
must inform the buyer of the fact and refund the amount.
who have paid, within a maximum period of 30 days from the date
knowledge of that unavailability.
The RTICLE 34
(Validity of the contractual proposal)

The contractual proposal made through one or more
electronic communications, which is not addressed to a
or more specific people, but which is accessible to users
of information systems, which includes proposals that use
interactive application, for ordering through the
said systems, is considered valid, unless the intention of the
bidder is to be bound in the event of acceptance of the proposal.
The RTICLE 35
(Use of automated messaging systems
for the formation of contracts)

A contract formed through the interaction of a system
automated messaging and a person or through interaction
of automated messaging systems, produces the effects of
data messages under this Law, even if
no person has verified or intervened in each one.
of individual actions performed by automated systems
messages or in the resulting contract.
The RTICLE 36
(Negotiation of contract terms)

Without prejudice to the provisions of this Law, the parties may
negotiate the terms of the contract through the exchange of communication
electronics that provide information containing
contractual terms objectively.

Sub-Section I
Goods transport contracts

The RTICLE 38
(Actions related to contracts for the transport of goods)

Without prejudice to the other requirements provided for in this Law
and specific legislation, acts relating to a
contract of transport of goods, or with its fulfillment,
must be taken into account:
a) indication of brand, number, quantity or weight
of the merchandise;
b) declaration of the nature or value of the goods;
c) issuance of merchandise receipt;
d) confirmation of the loading of the goods;
e) notification of the terms and conditions of the contract;
f) providing instructions to the carrier;
g) claim of delivery of the goods;
h) authorization to deliver the goods;
i) notification of damage or loss of goods;
j) provision of any other information relating to the
contract fulfillment;
k) promise to deliver the goods to the person
nominee or the person authorized to claim delivery;
l) concession, acquisition, withdrawal, restitution, transfer
or negotiation of rights to the commodity;
m) acquisition or transfer of rights and obligations
derivatives of the contract.
A RTICLE 39
(Transport documents)

1. Subject to the provisions of number 3 of the present
article, when the law requires that any of the listed acts
in article 35 it is done in writing or by means of a document
printed, the requirement is considered satisfied if the act has been
consummated by means of one or more electronic messages.
2. Number 1 applies when the required requirement is
expressed in the form of an obligation in writing or by means of
of a printed document.
3. When granting any right to a particular person
and to no other, or when it acquires any obligation,
and the law requires that, for the act to take effect, the right or
the obligation to transfer to that person is through
sending or using a printed document, this requirement
is satisfied if the right or obligation is transferred by the use of

Page 7
46

SERIES I - NUMBER 5

one or more electronic messages, whenever used
a reliable method to ensure the uniqueness of said
electronic messages.
4. For the purposes of the previous number, the degree of reliability
required is determined by the purposes for which the rights or
obligations were transferred, and taking into account all
the circumstances of the case.
5.When one or more electronic messages are used.
to carry out any of the acts listed in subparagraphs l )
and m ) of article 38, no printed document is valid.
used to effect any acts except when the use of
electronic messages is interrupted and replaced by use
of printed documents.
6. All documents printed and issued under the circumstances
described in the previous number of this article, it must contain a
statement on said replacement.
7. The replacement of electronic messages by documents
printed material does not affect the rights and obligations of the parties.
involved.
8. Compulsively applicable legal norms
to contracts for the transport of goods that consist of a
printed document, extend to electronic messages.
Sub-Section II
electronic advertising and marketing

The RTICLE 40
( Electronic advertising and marketing )

1. Without prejudice to the provisions of the following numbers, the
the rules of the Advertising Code.
2. Advertising and e- marketing should be
identifiable with regard to commercial activity in
representation from which advertising or marketing is conducted.
3. The use of automated calling systems without
human intervention, namely automatic machines,
fax or e-mail machines for the purposes of
direct marketing, can only take place with prior consent.
of subscribers.
4. With the exception of the circumstances referred to in paragraph
next, the person should not broadcast or promote
the transmission of unsolicited communications for the purpose
of marketing directly via e-mail, unless
the recipient of the email notify in advance
the sender and obtain their consent during the period that
such communications are sent or at its instigation.
5. Anyone can send or promote the sending of mail
electronic for direct marketing purposes , when:
a) you have obtained the contact details of the recipient of the
referred email during the sale or
negotiations for the sale of a product or service
to the receiver;
b) direct marketing respect the products or services
similar to those of the said person;
c) at the time the data was initially collected,
has been offered to the recipient by way of refusal,
for the use of your contact details to
effects of that direct marketing , and it does not have
refused to use it;
d) the recipient has not refused the use of your data in
any subsequent communication.

7. It is prohibited to send data messages for the purposes of
direct marketing with disguise or concealment of the identity of the
sender in the representation of the communication made, or without
a valid address to which the recipient can send an order
termination of the communication in question.
8. No agreement can be considered concluded when
a person does not respond to an unsolicited communication.
9. Anyone who communicates by message
data for direct marketing purposes, please consult
regularly and respect the negative option registers through
from which the person who does not wish to receive the commercial communication
concerned can register.
SECTION II
Electronic Payment Instrument Security

The RTICLE 41
(Use of electronic payment instrument)

1. Without prejudice to special legislation, the Bank of Mozambique
must issue standards that establish security guarantees of
all payments made by any other holder who
use an electronic payment instrument.
2. The entity that intends to issue a payment instrument
electronic must request authorization from the Bank of Mozambique
under applicable law.
3. In addition to the norms issued by the Bank of Mozambique,
data processing for credit institutions or
finance companies must comply with
applicable tax legislation.
4. Data processing for credit institutions
and financial companies is governed by specific rules issued
by the Bank of Mozambique.
The RTICLE 42
(Responsibility of issuers)

Issuers of electronic payment instruments must
ensure that appropriate measures are taken to enable
to the bearer:
a) request the cancellation of the transaction and/or instrument
payment when use has occurred.
fraudulent use of your payment instrument
electronic;
b) be refunded the amounts paid, except when
the holder has acted with gross negligence in the event.
tuality of fraudulent use.
CHAPTER VI
Consumer Protection

The RTICLE 43
(Consumer defense)

Without prejudice to the provisions of general defense legislation
consumer protection, the provisions apply to consumer protection.
sections of the following articles.
The RTICLE 44
(Obligation to inform the consumer)

6. Any message-based commercial communication
1. Contracts relating to electronic commerce concluded
data must be provided, free of charge, to said receiver.
between commercial companies and consumers must provide
with:
enough, accurate, clear and easily accessible information to allow
a) the option to unsubscribe from the mailing list
the identification of the contracting parties, namely:
the data subject via e-mail;
a) the name of the company under which the company's activity
b) the details of the identity of the source from which he obtained the information.
consumer's personal information.
commercial is developed;

Page 8
47

JANUARY 9, 2017
b) the main physical address for the exercise of the activity,
web page address, mail address
email, phone number or otherwise
of contact;
c) if one of the contracting parties is an entity
legal, your registration number, the names of your
representatives and the place of registration;
d) an address for registration purposes and any registration
relevant government or license numbers;
e) association with any self-regulatory bodies of
accreditation to which the business belongs or subscribes
and the contact details of said agency;
f) any code of conduct subscribed to by the company
commercial and how it can be accessed
electronically by the consumer.
2. Contracts relating to electronic commerce concluded
with consumers must provide enough information,
accurate and easily accessible, describing the goods or services
offered, to allow consumers to make a decision.
informed before carrying out the transaction, allowing you to maintain a
proper recording of information.
3. Electronic contracts must provide information
sufficient as to the terms, conditions and costs associated with
transaction to enable consumers to make decisions
informed before performing the transaction.
4. Whenever deemed necessary, the information referred to in
previous number, must include:

The RTICLE 45
(Consumer's right to free resolution)

1. If the contract is not entered into under the terms of this
chapter, the consumer can cancel the transaction within a
period of 14 working days after receipt of goods or services.
2. If the transaction is canceled under the aforementioned terms
in the previous number:
a) the consumer must return the goods supplied or, when
if applicable, terminate the use of the services provided;
b) the commercial entrepreneur must reimburse all
payments made by the consumer, except the amount
on the direct cost of returning the goods.
3. The commercial entrepreneur must supply the consumer
a secure payment mechanism and information about
of the level of security that the referred mechanism provides,
as stipulated in this Law.
4. The commercial entrepreneur is responsible for any
damage suffered by the consumer due to lack of compliance
of the provisions of this article.
The RTICLE 46
(Cooling period and restrictions on entitlement
of free cancellation)

1. The consumer has the right to cancel the transaction
electronic or any contract related thereto, without
obligation to provide reasons, bearing only the cost
return of goods, by providing:

a) goods within a period of seven days after receipt
a) the total price of the goods or services, transport costs,
of goods;
taxes, fees and others;
b) services within a period of seven days after the date
b) the terms, conditions and methods of payment;
conclusion of the agreement.
c) any terms of contract, guarantees that are
2. If payment for goods or services has been made
applicable to the transaction and how they are accessed,
before exercising the right referred to in the previous number by the
stored or reproduced electronically by the
consumer, he has the right of return, within the maximum period.
consumers;
30 days from the date of cancellation.
d) the time when the goods are shipped or delivered
3. This article does not apply to an electronic transaction:
or where the services are provided;
a) for financial services, including but not
e) the form and period that consumers can access and
limitation, investment services, operations of
keep a complete record of the transaction;
insurance and reinsurance, services and banking operations
f) the return, exchange, refund and claim policy;
relating to insurance transactions;
g) any alternative dispute resolution instrument
b) for services that started with the consent
in which the commercial entrepreneur is a subscriber and the form
of the consumer before the end of the seven-day period
referred to in this article;
how the wording of that code can be accessed
c) when the price for the supply of goods or services
electronically by the consumer;
is dependent on the fluctuation in the financial market that
h) security procedures and privacy policy
cannot be controlled by the commercial entrepreneur;
regarding payment and personal information;
d) for the supply of goods made from
i) the minimum duration of the contract for the supply
according to customer specifications or
of goods or provision of periodic performance services
manifestly personalized or that, by its
or continued.
nature, cannot be returned or are
5. The information must be clear, accurate and easily accessible, being
likely to deteriorate or perish
provided in order to inform consumers about:
quickly.
a) the minimum duration of the contract for the supply
of goods or provision of periodic performance services
or continued;
b) the adequate opportunity for review, correction
of any errors and refusal to complete the transaction,
before celebrating it;
c) the full and clear text of the terms and conditions
relevant to the transaction in order to allow
consumers have access to information and maintain
an adequate record of it;
d) an acknowledgment of receipt without delay, as specified
in article 31 of this Law.

4. The provisions of this article shall not be interpreted.
to the detriment of consumer rights and other laws.
CHAPTER VII
Electronic Government

The RTICLE 47
(Competent authority)

1. It is incumbent upon the Council of Ministers to define policies,
strategies and coordination of government implementation
electronic.

Page 9
48

SERIES I - NUMBER 5

2. The Council of Ministers designates the competent authority
for the provision of e-government services.

The RTICLE 50
(Reuse of Government data and information)

The RTICLE 48
(Basic principles)

1. The service and service provision processes,
electronically, including via the Internet, at AdmiPublic administration have the same validity as the processes of
service and provision of services handled manually,
in accordance with this Law.
2. The bodies and agents of the Public Administration may practice
administrative acts based on processes constituted through
of the application of information and communication technologies having
taking into account that:
a) Public Administration users can choose
get the service or information using documents
physical or electronic means, whenever the two
forms coexist;
b) the Public administration must share and reuse the data
basics of citizens, businesses and land,
using primary sources of collection and safeguarding
of data.
3. For Public Administration matters, the exchange is mandatory.
of messages through email addresses with the ending
"gov.mz" in all State entities, including managers,
at all levels and state officials and agents.
4. The Council of Ministers regulates the implementation
the mandatory use of an e-mail with termination
“gov.mz” in the exchange of messages between State entities.
5. For the purposes of paragraph 3 of this article, the authority
competent authority indicated in paragraph 2 of article 47 of this
Law must create an electronic communication platform
from the Government to all State entities.
6. The platform referred to in number 5 of this article is not
restricts the exchange of messages via e-mail.
encompass instant messages, short text messages (SMS)
and multimedia messages (MMS).
The RTICLE 49
(Provision and access to information and public services)

1. The Public Administration must provide your data in
reusable formats to ensure interoperability
and data sharing between Government and
Public administration.
2. The technical and semantic interoperability of data from the
Government, produced through the information systems of the
Government and Public Administration institutions, is treated
in specific regulation.
3. The competent authority for the provision of services
of e-government should organize capacity building actions,
awareness and debate on the implementation of mechanisms
use of open government data, gradually
and without prejudice to other data privacy legislation.
The RTICLE 51
(Coordination mechanisms)

The Government and Public Administration entities are
required to submit all development projects or
acquisition of information systems, applications, database
and information and communication technology equipment
for knowledge and approval of the competent authority for
the provision of Electronic Government services in the Republic
of Mozambique.
The RTICLE 52
(Acceptance of file and electronic issuance of documents)

Any public entity that, according to the law
applicable, accept the document file, or require that
documents are created or retained, issue any act,
authorization, license or approval, provide a form of
payment, can, as long as it complies with the regulations.
needed:
a) to accept the file, create or retain referred documents
in the form of a data message;
b) issue authorization, license or approval in form
of data message;
c) make or receive payments electronically
or by electronic means.

1. Information to the public about activities and services
of Government and Public Administration at central levels,
A RTICLE 53
provincial, district and local, available via the Internet , should
(Specific requirements)
be available through the government portal, the portals
In cases where a public entity performs functions
from the provincial governments, from the portals of the district governments,
referred to in article 51 of this Law, it must specify,
as well as through other portals and internet pages
Government and Public Administration institutions.
through publication in the Boletim da República :
2. Without prejudice to the necessary adaptations,
a) how the data message should be archived,
the provision of e-government services should focus
created, retained or issued;
directly to identified target groups, including the citizen,
b) the signed data message, the type of signature
businesses and other government entities, in accordance with
electronics required;
the function or subject.
c) how the electronic signature must be attached or
3. The competent authority for the provision of services
embedded or otherwise associated with the message
of e-government must implement accessible services
of data;
by a single access point and across multiple devices
d) the identity or criteria that must be achieved by
available in the country.
any authentication service provider used
4. The competent authority for the provision of services
by the person who archives the data message, or who
of e-government should promote dematerialization and
said authentication service provider should
deterritorialization of processes related to the provision of services
to be the preferred authentication service provider;
public and information for the citizen.
e) the appropriate control processes and procedures
5. The available Government information that is kept in the
to ensure integrity, security and confidentiality
portals and pages of Internet of any Government institution
appropriate data messages or payments;
and the Public Administration must be provided in a way that
f) any other requirements for data messages
there is protection of privacy, in accordance with the legislation
or payments.
applicable.

Page 10
49

JANUARY 9, 2017
CHAPTER VIII
Digital Certification and Encryption System
SECTION I
digital certification security

The RTICLE 54
(Implementation of the digital certification system)

1. The Information Technology Regulatory Authority
and Communication must establish the technical foundations
and methodologies of digital certification system based
in public key cryptography, and should propose to the Government
the terms of creation and implementation of the Certification System
Digital of Mozambique.
2. The fundamentals to be established must guarantee
the authenticity, integrity and legal validity of documents in
electronic format, supporting applications and applications
enabled using digital certificates, as well as
secure electronic transactions.
The RTICLE 55
(Structure of the Digital Certification System of Mozambique)

1. Mozambique's Digital Certification System structuresif as follows:
a) Management Committee;
b) State Root Certifying Authority;
c) Certification Authorities;
d) Registration Authorities linked to the Authorities
Certifiers.
2. The composition, functioning, competences, obligations,
responsibilities, technologies and other aspects of the System of
Digital Certifications are established under terms to be regulated.

5. An encryption service or encryption product
is considered to be supplied in the Republic of Mozambique,
When:
a) issued by Mozambican entities;
b) sent to a person who is present
in the Republic of Mozambique, when that person
make use of the service or product;
c) sent to a person using the service or product
for the purposes of a business conducted in the Republic
from Mozambique or from Mozambican entities.
6. The provision, transfer to and from a foreign country, or
import of cryptographic services, with a purpose that
is not limited to verifying and ensuring data integrity and
involving in particular confidentiality services, is
subject to prior authorization, under the terms and conditions to be
regulated.
The RTICLE 58
(Restrictions on disclosure of information)

1. The information contained in the declaration referred to in number 2
of article 57 and any information provided to the Government, in the
scope of the prior authorization referred to in number 6 of the same
article, should not be disclosed, except to civil servants.
responsible for custody or authorization.
2. The provisions of the previous number do not apply, when
the information is disseminated:
a) to a competent authority investigating a
criminal offense or for the purposes of any
criminal proceedings under the law;
b) the entities responsible for national security
resulting from an official request;
c) for the purposes of any related civil proceedings
with the provision of services or products in which
the crypto provider is a party.

The RTICLE 56
SECTION III
(Access to digital certification services)

Access to the State's digital certification services must
be limited to individuals and legal entities recognized by the
laws in force in the Republic of Mozambique, including treaties,
international protocols and under terms and conditions
membership requirements established by law.

Certification and certificate service provider accreditation
qualified

The RTICLE 59
(Accreditation of certification service providers)

1. Any certification service provider that wants to
issuing qualified certificates is subject to accreditation.
SECTION II
issued by the competent services.
2. Accreditation can be granted to a service provider
Cryptography
certification, which cumulatively meet the following
The RTICLE 57
requirements:
a) demonstrate necessary security for the provision
(Use and provision of encryption services)
certification services;
1. The use of encryption services is free.
b) ensure the operation of a fast, secure directory
2. The provision, transfer to and from a foreign country
and immediate revocation services;
or importing cryptographic services whose purpose is limited
c) ensure that the date and time a certificate is issued
the verification and guarantee of the integrity of electronic data are
or revoked can be accurately determined;
subject to prior declaration to the competent authorities.
d) verify by appropriate means in accordance with
3. The declaration referred to in the previous number must indicate between
the relevant legislation, identity, and, if so,
other data, the following information:
applicable, any special attributes of the person
to whom the qualified certificate is issued;
a) the name and address of the encryption provider;
e) hire personnel who have knowledge, experience
b) the description of the type of encryption service or product
and qualifications required for the services provided;
of encryption to be provided;
f) use reliable systems and products that are protected
c) other data that may be prescribed to identify
against modifications and ensuring technical safety
and properly locate the encryption provider
process coding;
or your products or services.
g) take action against certificate forgery
4. The provider and, if applicable, the person responsible for the
in cases where the certification service provider
transfer, must make available to the competent authorities,
generate subscription creation data, ensure
upon request, the technical characteristics of the product and the code
confidentiality during the generation process
of the font that is used.
said data;

Page 11
50

SERIES I - NUMBER 5
h) has sufficient financial resources to operate
in accordance with the established requirements
in this Law, in particular with regard to
the assumption of liability for damages;
i) electronically register all relevant information
concerning a qualified certificate for a period
of appropriate time, with the aim of providing
certification evidence for procedural purposes
cool;
j) not store or copy signature creation data
of the person to whom the certification service provider
provides key management services;
k) before entering into a contractual relationship inform the person
about the terms and conditions regarding the use of the
certificate including limitations on its use;
l) use reliable systems to store the certificates of
a verifiable form, so that:
i) only authorized people can access to do
introductions and amendments;
ii) the information can be verified with regard to
authenticity;
iii) the certificates are publicly available
for access only in cases where consent
the certificate holder has been obtained;
iv) any technical changes that compromise
the security requirements are apparent to
the operator.
The RTICLE 60
(Qualified certificate)

Any qualified certificate issued by a provider
of certification services according to number 2,
of article 57 must contain:
a) an indication that the certificate issued is of quality;
b) the identification of the certification service provider
and of the State in which it is established;
c) the signatory's name or a pseudonym that must be
identified as such;
d) provision of a signatory-specific attribute
to be included depending on the purpose for which it is
want the certificate;
e) the data for signature verification that match
to subscription creation data under control
of the signatory;
f) an indication of the beginning and end of the validity period
of the certificate;
g) the identity code of the certificate;
h) the advanced electronic signature of the service provider
of certification that issues it;
i) the limitations of the scope of use of the certificate;
j) limitations on the value of transactions for which
the certificate can be used.

The RTICLE 62
(Responsibility of Certification Service Providers)

The certification service provider is responsible
for the legal consequences of non-compliance with the requirements
established in article 59 of this Law for damages caused
to any person, public or private, who has based
reasonably in a certificate.
CHAPTER IX
Protection of Personal Electronic Data

A RTICLE 63
(Data Processor Obligations)

1. Any electronic collection, processing or disclosure
of personal data by a data controller must be accurate,
complete and updated, without prejudice to its confidentiality.
2. The purposes for which personal data is collected
and the identity of the data processor must be specified.
before its collection, and its subsequent use limited to the purposes
indicated.
3. When personal data has not been collected
of its holder, the data processor must, when
undertake to register personal data or before
need for disclosure to third parties, present to the holder of the
data reason for which personal data were collected and,
as well as the identity of the data processor to date in
that such data is released for the first time.
4. The provisions of the previous number do not apply to cases
of data processing in which the provision of information
the holder is impossible to involve a disproportionate effort,
its registration or disclosure is permitted by law and also in the
data recording cases for statistical, historical purposes
or scientific.
5. The data processor must protect personal data
against risks, losses, unauthorized access, destruction,
use, modification or disclosure.
6. Without prejudice to the provisions of special legislation, all
the person has the right to:
a) obtain from a data controller, or confirmation
about whether or not the data controller has data to its
respect or knowledge about the controller
of your data;
b) be communicated about your data within a
reasonable period for a fee;
c) obtain in case of refusal of the request made under the terms
of sub-paragraphs a ) and b ), the proper reasoning;
d) oppose data that concern you and if you accept
tation, be able to remove, rectify, complete or change.
7. This article applies without prejudice to:

a) of the provisions of article 40 of this Law;
b) specific legislation on data protection
A RTICLE 61
electronics.
(Recognition of certification service providers
8. The provisions of this article do not apply to processing,
accredited and foreign qualified certificates)
collection or electronic disclosure of personal data for the purpose
1. It is incumbent upon the Council of Ministers to recognize accreditation of journalism, artistic expression, literary or when decided
foreign or grant similar recognition to any
by the authorities responsible for safeguarding safety.
foreign certification service provider or to certificates
public and national defense.
foreign qualified provided, provided they comply with
the requirements established in this Law.
The RTICLE 64
2. To facilitate cross-border certification services
(Data protection)
and the legal recognition of advanced electronic signatures
originating in other countries, the Council of Ministers should
Access to files, files and records is not allowed
promote the negotiation of bilateral and multilateral agreements with
computers or databases for knowledge of data
other countries.
personal data relating to third parties, nor the transfer of data

Page 12
51

JANUARY 9, 2017
from one to another computer file belonging to
different services or institutions, except in the established cases
by legal diploma or by court decision.
The RTICLE 65
(Data processor responsibility)

1. The data processor must designate an individual
or individuals responsible for compliance with the principles
of this chapter.
2. The data processor must make available to
any person, specific information about their policies
and practices related to the management of personal information,
including:
a) the name or title and address of the policy officer

e) the misuse of devices, when committed
intentionally and without permission, and causing the
lose someone else's property through any
introduction, alteration, deletion or deletion of
data and any interference with the operation of
a computer system or computer network;
f) domain name violation, misuse of a
domain name; a person's name, singular
or collective, or a name that is protected as a
intellectual property right, or substantially
similar to another that is likely to create
confusion, in order to benefit from it;
g) breach of security of the payment instrument
electronic, production, acquisition, transfer,

a) the name or title and address of the policy officer
and practices relating to the management of personal information
and to whom should complaints or questions be addressed;
b) how to obtain access to personal information
retained by the data processor;
c) the description of the type of personal information held by the
organization, including a general report of its
use.

storage or offer to make available
equipment, computer programs or any
data designed or specially adapted by
in order to violate the security system related to
an electronic payment instrument;
h) breach of the issuer's liability, the supply
to the public of an electronic payment instrument
without authorization from the Bank of Mozambique;
i) breach of commercial electronic communications
3. The data processor is responsible for the information
unsolicited, sending commercial communications
personal information in your possession or custody, including information you have.
unsolicited to a person who has informed
transferred to third parties for processing.
to the sender that said communications are
4. This article applies without prejudice to the provisions of
undesirable;
article 40 of this law and specific legislation on protection
j) the refusal or obstruction of the investigation, the refusal to
of electronic data.
collaborate or obstruct the investigation of the authorities
5. The provisions of this article do not apply to the process.
competent;
processing, collection or electronic disclosure of personal data
k) the breach of the accreditation obligation, the provision
for the purposes of journalism, artistic or literary expression or when
of certification services, and delivery of certificates
decided by the competent authorities to safeguard the
qualified, without accreditation by the competent services;
public security and national defense.
l) breach of Cryptography, breach of duty
CHAPTER X
of declaration in the use and provision of services
of cryptography provided for in this Law;
Inspection and Misdemeanors
m) breach of the duty to protect data, breach
The RTICLE 66
of the foreseen data processor obligations
in this Law.
(Applicable law)
Without prejudice to the application of a more serious penalty in the scope
of criminal law, the offenses provided for in this chapter
are punishable under the following articles.

The RTICLE 68
(Sanctions)

Without prejudice to the application of the most serious penalty within the scope
of criminal law the offenses provided for in this article
are punishable:

A RTICLE 67
(Contraventions)

The following are contraventions to this Law:
a) illegal access to all or part of a communication system.
computer or computer network through violation
of security measures, with the intention of obtaining
data or other dishonest intent;
b) illegal interception, that which is carried out by means
technical, private data transmissions or
within a computer system or network of
computers, including electromagnetic emissions
from a computer system or computer network
that contains such data;
c) interference with data, consisting of damage,
elimination, deterioration, alteration or suppression
improper and intentional data;
d) intentional interference with information systems,
affecting the functioning of a system of
computer or computer network through the
introduction, transmission, damage, elimination,
deterioration, alteration or deletion of data;

a) violation of the provisions of sub-paragraphs a ); b ); c ); d ); and and )
of article 67 is punishable by a fine of 40 salaries
minimum wages up to a maximum of 90 minimum wages
of the civil service;
b) the violation of subparagraph g ) and h ) of article 67 is punishable by
the fine of 90 minimum wages up to the maximum value of
160 civil service minimum wages;
c) violation of subparagraph f ); i ); j ); k ), l ); m ) of article 67
is punishable by a fine of 30 minimum wages up to
to the maximum value of 90 minimum wages for the function
public, if another more serious penalty does not apply,
terms of criminal law.
The RTICLE 69
(Instruction and decision of infringement proceedings)

1. It is incumbent upon the regulatory body to process and decide
of the proceeding of contraventions provided for in this Law.
2. The procedural regime of contraventions is regulated
by the Council of Ministers.

Page 13
52

SERIES I - NUMBER 5
A RTICLE 70

iii. your connection to the document allows detecting all
and any supervening changes to its contents.

(jurisdictional control)

1. Sanctions resulting from misdemeanors may be subject to
of direct appeal to the Judicial Court of the respective area
of jurisdiction and, wishing to be the object of a claim prior to the
Minister who oversees the Information Technologies area.
2. The remaining decisions are appealed to the Court
Administrative under the Litigation Process Law
Administrative.
The RTICLE 71
(Destination of income and fines)

The destination of revenues and fines charged under this Law
is defined in its own regulation.
The RTICLE 72
(Inspection Services)

The Information Technology Regulatory Authority is responsible
and Communication, within the scope of this Law, carry out the inspection
electronic transactions, under terms to be regulated.
The RTICLE 73
(Obligations)

The owner of a domain name must comply with the provisions
in this Law and its regulations within 180 days after its
implementation.
CHAPTER XI
Final and Transitional Provisions

The RTICLE 74
(Regulation)

Without prejudice to the powers conferred on certain
entities, it is incumbent upon the Council of Ministers to regulate
this Law, within 90 days from the date of entry
into force.
The RTICLE 75
(Implementation)

This Law enters into force 90 days after its publication.
Approved by the Assembly of the Republic, at the 24th
of November 2016.
The President of the Assembly of the Republic, Verónica Nataniel
Macamo Dlhovo .

Ç

Digital certification center – this is where it is produced
the Digital Certificate, which is an electronic document that
contains, the name, a unique public number (public key)
in addition to other data, in order to guarantee and certify that the person
certified is in fact the self, that is, who we are for people
and for Information Systems.
Digital certification - is the technology that provides mechanisms
capable of guaranteeing authenticity, confidentiality.
and integrity to the information and documents used in transelectronic withdrawals.
Certificate - data structure electronically signed by
a certification service provider and that binds the holder to the
signature validation data that confirms your identity.
Qualified certificate - certificate that complies with the
requirements established and issued by service providers of
accredited certification, under the terms provided for in this Law.
Public-Key - serves to validate a subscription made
documents and electronic transactions.
Source code - set of programming lines obeying
to a specific software development language, which
as a whole they make up the computer program.
Electronic commerce - economic activity under
which a person offers or guarantees through a means
the provision of goods and/or services.
Electronic communication - any communication that
the parties carry out by means of data message via
electronics.
Consumer - anyone to whom goods are supplied,
provided services or transferred any rights, intended
to non-professional use, or tariff, per person exercising, with
professional character, an economic activity aimed at
obtaining benefits.
E - mail - is the method that allows composing,
send and receive messages through electronic systems
communication about specific communication protocols.
Cryptography - is the discipline that encompasses principles, means
and methods for transforming data in order to hide
the content of your information, establish its authenticity,
prevent its undetected modification, prevent its rejection, and/
/or prevent their unauthorized use.
D

Enacted on January 6, 2017.
Publish yourself.
The President of the Republic, F ILIPE J ACINTO N YUSI .

Glossary
THE

Electronic signature - is the result of processing
electronic data capable of becoming the object of law.
individual and exclusive and to be used to make known the
authorship of an electronic document.
Advanced electronic signature - electronic signature
that simultaneously:

Electronic signature creation data - unique data such
as codes or encrypted private keys, which are used
by the signatory to create an electronic signature.
Personal data: any information relating to a person
ATTACHMENT
singular that can be identified directly or indirectly
by referring to an identification number or a
or more factors specific to it.
Electronic document - logical dataset
stored on media readable by
electronic processing equipment.
Domain ".mz" - is the space on the Internet whose management
it is the responsibility of Mozambique.

i. is able to uniquely identify the signatory;
ii. is created using means that the signatory can maintain
under its sole control;

AND

Commercial entrepreneur - any natural or legal person
which, on its behalf, by itself or through third parties, exercise
a commercial activity.

Page 14
53

JANUARY 9, 2017
Email address - identification of a device
computer suitable for receiving and filing documents
electronics.
G

Electronic government - use of information technologies
and communication, mainly the Internet, by the government to
provide information and services to the citizen.
I

Internet - is an international computer network
interconnected that enables access and exchange of information in
Any place in the world.
Access electronic payment instrument
remote – device or electronic record that allows the
holder have access to the funds contained in your account in a
institution, where payment is allowed to be made to a
receiver, and which usually requires an identification code
and/or any other form of proof of identity.
Electronic payment instrument – device
or electronic registration that allows the bearer to carry out
namely transfer of funds or payment to a
final beneficiary.
M

Electronic means - are all the technological means used
to obtain data in analog or digital format, your
processing, storage, transmission as well as its
presentation.
Data message - information generated, sent, received
or stored by electronic, optical or similar means,
non-limitingly, electronic data exchange (IDE),
text, voice, image or a combination of one or more.
N

Domain name - for the purposes of this law it is always the
domain “.mz” or any hierarchically Internet domain
bottom.
P

Carrier - person who, under a contract entered into
between this and an issuer, have an electronic instrument of
payment.
Data processor - any public or private person,
singular or collective, requiring, collecting, processing or storing
electronically personal information from or about a
data subject.
Certification Service Provider - Issuer
certificates, and that it can provide other related services.
with electronic signatures.

Primary service provider - government entity
or delegated by a governmental entity that sends, receives or
stores institutional, collective or
individual.
Intermediate service provider - anyone who,
on behalf of another person, send, receive or store
data messages. They are those who provide access to the
network or that provide services from it (access providers,
content providers, application providers and providers
hosting).
Encryption service - any service that is provided
to a sender or recipient of the data message or
to anyone who stores a data message, and who
is designed to facilitate the use of coding techniques.
in order to guarantee:
i. that said data or data messages may be
accessed or can be placed in legible form
only by certain people;
ii. that the authenticity or integrity of such data
or data message is able to be verified;
iii. the authenticity of the data or data message;
iv. that the source of the data or data message can
be correctly identified.
Automated messaging system - communication program
computer or other electronic or automated means used
to initiate or respond to data messages in their entirety or
partly without review or intervention by a person
singular each time the action initiated or responded to is generated
by the system.
Information system - system for production, shipping,
reception, storage or other processing
of data messages.
T

Holder - natural or legal person identified in a
certified as the holder of a breeding device
of subscription.
Electronic transaction - any communication or activity
between two parties conducted by electronic means.
U

User – anyone who uses electronic means.
V

Domain name violation - speculative and abusive use
domain name, hoarding practice
and use of the domain name in order to disrupt business
from third parties or in order to attract other users by generating
in them error or confusion about their ownership.

