Review of e-commerce legislation harmonization in the Association of Southeast Asian Nations (ASEAN) [UNCTAD/DTL/STICT/2013/1]


[ Galexia Dots ]

In Brief


Brunei Darussalam has the Electronic Transactions Act 2004 (revised in 2008) and the Computer Misuse Act (revised in 2007). The government is currently developing draft data protection legislation, with a focus on the protection of personal information collected in commercial transactions.

Although Brunei Darussalam has high levels of Internet use, the full potential of e-commerce has not yet been realized. The country is pursuing a number of key e-government applications and is also taking a strong interest in cloud computing.

Electronic transactions law

Brunei Darussalam’s Electronic Transactions Act 2004 (revised and updated in 2008) is intended to facilitate e-commerce by eliminating barriers resulting from the legal uncertainties over writing and signature requirements as well as promoting public confidence in the integrity and reliability of electronic records and e-commerce generally. The Act embodies the main principles of the UNCITRAL Model Law on Electronic Commerce (1996) such as functional equivalence.[2]2

The Act is intended to act as comprehensive electronic transaction legislation, regulating:

  • Electronic contracts;
  • Liability of network service providers;
  • Retention of records by electronic means;
  • Electronic signatures;
  • Duties of certification authorities and subscribers;
  • Government use of electronic records.

Brunei Darussalam is currently considering further revisions to the law, as they are looking to make the legislation more technology neutral, especially in relation to authentication. They are considering removing all references to PKI in the legislation, although in practice this has not been a significant barrier to e-commerce as one of the main technology specific clauses in the Act is not in force. During the ASEAN/UNCTAD workshop in 2012 (Cebu), Brunei Darussalam reported that challenges are faced in developing a strong e-commerce business sector in Brunei Darussalam. In particular, there is a need to improve coordination across multiple ministries and agencies – as many sectors and areas of responsibility are impacted by e-commerce. Currently efforts are being made to identify business and government champions to provide leadership and guidance relating to e-commerce.

At this stage there is no overall strategic blueprint for updating laws, providing training, or undertaking public awareness initiatives, although these are all recognized as important steps in Brunei Darussalam. To date efforts have been made on a case by case basis and this may not always be as effective.

Brunei Darussalam is also interested in updating laws in several complementary areas, such as electronic court evidence, and the regulation of electronic payments. Courts have experienced difficulties in dealing with computer records as evidence because these are perceived as vulnerable to deliberate alteration. An example of the challenge faced in this area is where current legislation requires proof that the computer producing the evidence to be relied upon is functioning properly at the time the record is created before such evidence is admissible – this test can be very difficult to apply in practice.

Consumer protection

Brunei Darussalam recently introduced the Consumer Protection (Fair Trading) Order 2011 (CPFTO) which came into force on 1 January 2012. Claims made by consumers under the CPFTO may be dealt with by the Small Claims Tribunal which was also set up to accommodate speedy resolution of claims up to the value of B$10,000. Other than the CPFTO, product warranties as well as limitations on manufacturer’s liability are contained in the Sale of Goods Act 1999 and the Unfair Contract Terms Act 1999. The protections offered in these Acts can be applied generally to electronic transactions in the same way they apply to paper-based transactions.

Privacy and data protection

Brunei Darussalam has taken a very strong interest in the development of privacy legislation. A National Data Protection Policy has been drafted and is currently being reviewed by relevant stakeholders and this may in turn form the basis for the drafting of legislation.

The concept of privacy is challenging in Brunei Darussalam. There is no omnibus legislation providing protection for privacy. Such legislation is found in industry specific laws such as the Banking Act and the Tabung Amanah Pekerja Act. The introduction of data protection on the premise of privacy protection therefore has its challenges. However, the Government has been studying models in Malaysia and Singapore, and will be monitoring carefully the implementation of similar laws in those jurisdictions.

Online content regulation

Online content regulation in Brunei Darussalam is provided by a combination of a class licence scheme for relevant providers and the Internet Code of Practice. The model for online content regulation is based on the Singapore regime.

The Code of Practice came into effect in 2005 and requires all Internet Service Providers (ISPs) and Internet Content Providers (ICPs) licensed under the Broadcasting (Class Licence) Notification 2001 to use their best efforts to ensure that nothing is made available on the Internet which is against the public interest or national harmony or which offends good taste or decency. Internet Access Service Providers (IASPs) and ICPs are automatically licensed under the Notification.

Matters prohibited under the Code to be published on the Internet include:

If an ISP or ICP is informed by the Broadcasting Authority that material is contrary to the Code of Practice or against the public interest, public order or national harmony, they are required to remove or prohibit the broadcast of such material. There are also a number of general laws which limit the presentation of online material. These include the Censorship of Films and Public Entertainments Act 1963, the Undesirable Publications Act 1982, the Penal Code 1952 and the Sedition Act 1983. Brunei Darussalam has one of the broadest content-regulation schemes in the region, covering a wider

range of prohibited material than other jurisdictions. However, in practice the regulation has been implemented in a light touch manner.

Cybercrime and cybersecurity

Brunei Darussalam’s Computer Misuse Order 2000 (revised and updated in 2007) is closely modelled on the 1993 Singapore Act of the same name. The provisions in the Brunei Act centre on prosecuting those who access or modify information in a computer without authorization. The computer offences contained in the Act are:

  • Unauthorized access to computer material (section 3);
  • Access with intent to commit or facilitate the commission of an offence (section 4);
  • Unauthorized modification of computer material (section 5);
  • Unauthorized use or interception of a computer service (section 6);
  • Unauthorized obstruction of use of a computer (section 7);
  • Unauthorized disclosure of an access code or password (section 8);
  • Abetting or attempting to commit any of the above offences (section 10).

Penalties under the Order can include prison sentences and heavy fines. Other legislation of general application, for example the Penal Code, can also be applied to digital crime. Brunei Darussalam’s legislation is broadly consistent with the Council of Europe Convention on Cybercrime, although the country has not signed the Convention itself. A Council of Europe analysis of Brunei Darussalam’s laws noted that it does not address the issues of misuse of devices to commit offences (article 6(1)(i) of the Convention). However, it does include provisions on misuse of passwords (article 6(1) (ii) of the Convention).[2]3

Online dispute resolution and domain-name regulation

Regulation of domain names in Brunei Darussalam is managed through a provision in the Authority for Info-Communications Technology Brunei Darussalam Order 2001 which provides that the Authority for Info-Communications Technology Industry of Brunei Darussalam (AITI) has the power to authorize or regulate the registration, administration and management of domain names in the country.

In September 2012 the AITI released a public consultation paper on a proposed Domain Name Management Framework of .bn domains.[2]4 Consultations were still ongoing at the time of preparing this Review.

The consultation paper proposes that Brunei Darussalam will adopt a dispute-resolution policy named Brunei Darussalam Domain-name Dispute-resolution Policy (BDRP) that is modelled after the Uniform Domain-name Dispute-resolution Policy (UDRP) developed by the World Intellectual Property Organization (WIPO).

[22] The Act is also partly based on the Singapore Electronic Transactions Act, although it does not include provisions that are equivalent to the recent amendments to the Singapore legislation.

[23] Council of Europe, Cybercrime legislation – Brunei country profile, 2008,

[24] AITI, Domain-name Management Framework – Consultation, 2012,