Government Gazette
REPUBLIC OF SOUTH AFRICA

Vol. 452

Cape Town

6

February

2003

No. 24356

THE PRESIDENCY No. 189 6 February 2003 It is hereby notified that the President has assented to the following Act, which is hereby published for general information:– No. 68 of 2002: Electronic Communications Security (Pty) Ltd Act, 2002.

AIDS HELPLINE: 0800-123-22 Prevention is the cure

2

No. 24356

GOVERNMENT GAZETTE,6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (PTY) LTD ACT, 2002
t

Act No. 68, 2002

(English text signed by the President.) (Assented to 30 January 2003.)

ACT
To provide for the establishment of acompanythatwillprovideelectronic communications security products and services to organs of state; and to provide for matters connected therewith.

CHAPTER 1 Definitions
context this otherwise theAct, 1. In unless indicates5 “Board” means the Board of Directors of Comsec contemplated in section 8; “Chief Executive Officer” means the Chief Executive Officer contemplated in section 13; “communication” meanscommunicationasdefinedinan Act of Parliament providing regulation the for of interception of communications; 10 “Companies Act” means the Companies Act, 1973 (Act No. 61 of 1973); “Comsec” means Electronic Communications Security (Pty) Ltd established by section 2; “critical electronic communications” means electronic communications held by organs of state which are necessary for the protection of the national securityof the 15 Republic; “critical electronic communications infrastructure” means electronic communications products or systems used to transmit and store or transmit or store critical electronic communications; “Intelligence Services” means the Intelligence Services as contemplatedin an Act 20 of Parliament providing therefor; “joint standing committee” means the Joint Standing Committee on Intelligence established by section 2 of the Intelligence Services Control Act,1994 (ActNo. 40 of 1994); “Minister” means the Minister as defined an Act of Parliament providing for the 25 in Intelligence Services; “organ of state”meansanorgan of stateasdefinedinsection239 of the Constitution; “prescribe” means prescribe by regulation; “telecommunication service provider” means a telecommunication service pro- 30 vider as defined an Act of Parliament providing for the regulation of interception in of communications; “this Act” includesthe regulations.

Establishment of Comsec
2. There is hereby established a juristic personbe to known Electronic as Communications Security (Pty) Ltd.

35

4

GOVERNMENT No. 24356 GAZETTE. ELECTRONIC COMMUNICATIONS SECURITY (PTY) LTD ACT. 2002

6 FEBRUARY 2003

Act No. 68. 2002

Principal objective of Comsec
3. The principal objective of Comsec is to ensure that critical electronic communications are protected and secure.

Incorporation of Comsec
4. ( 1 1 TheMinistermust effect theincorporation of Comsec in terms of the 5 Companies Act. ( 2 ) NotwithstandingtheCompaniesAct or anyotherlaw,theState is thesole shareholder of Comsec. ( 3 )Notwithstanding the Companies Act. the Minister or a person designated him by or her must. on behalf of the State. sign the memorandum and articles of association and 10 all other documents necessary for the incorporation of the company. ( 4 ) The Registrar of Companies must( a / register the memorandum and articles of associationassigned in terms of subsection (3 ): Ih) incorporate the company as a private cornpan)' under the name "Electronic 15 Communications Security (Pty) Ltd": and (c) issue to the company a certificate to commence business with effect from the date of the company's incorporation.

Provision of Companies Act not applicable to Comsec under certain circumstance
5. A provisionof the Companies Act does not apply Comsec where the Minister of 20 to Trade and Industr?. has issued a declaration under section 6.

Request for exemption from application of provision of Companies Act
6. i 1 ( a )The Minister may. on the recommendation of Comsec, request the Minister of Trade and Industry to declare the whole or part a provision of the Companies Act of not applicable to Comsec. (Dl The request must be fully motivated. ( 2 ) TheRegistrar of Companiesmustpublishparticularsabouttherequestand motivation contemplated in subsection ( 1 ) by notice in the Gazette, unless such publication will compromise national security. ( 3 ) The Minister of Trade and Industry may, by notice in the Gazette, after having considered the request contemplated in subsection (1) and if satisfied on reasonable grounds that the non-application of the provision of the Companies Act to Comsec will( N ) contribute to the efficient!, of Comsec and reduce its operating costs; ( h i not reduce or limittheaccountability of Comsec as a public institution or detract from the requirements of transparencv regarding its functioning and operations: and ( c / not be detrimental to the interests of the State. employees of Comsec or claims of creditors of Comsec. declare. witheffect from the date stated the notice, the whole part of a provision of in or the Companies Act not applicable to Comsec.

35

30

35

40

Functions
7. ( 1 ) The functions of Comsec are to( a ) protectandsecure critical electroniccommunicationsagainstunauthorised 45 access or technical. electronic or any other related threats; ( b ) provide. with the concurrence of the National Intelligence Agency defined in section 1 of theIntelligenceServicesAct. 1994 (Act No. 38 of 1994), verification services for electronic communications security systems, products and services dsed by organs of state; ( c ) provide and co-ordinate research and development with regard to electronic 50 communications security systems, products, services and any other related services; ( d ) perform any other function not inconsistent with this Act that is necessary for the effective functioning of Comsec. " ( 2 ) For purposes of the functions contemplated in subsection ( l ) , Comsec must55

6

No. 24356

GOVERNMENT GAZETTE, 6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (PTY) LTD ACT, 2002
5,

Act No. 68,2002

install or. maintain secure electronic communications systems or products and do research in this regard; (b) provide secure electronic communications services, systems and products; ( c ) providecryptographicservices; (d) train andsupportusers of theelectroniccommunicationssystems,products and related services; and ( e ) provideconsultancyservices on thesecurityandprotection of electronic communications services, systems and products. (3) Subject to applicable labour law, Comsec may, with the approval the Minister of acting with the concurrence the Minister responsiblefor an entity or establishment of of the State which performs duties similar to those referredto in subsection ( 2 ) , integrate such an entity or establishment into Comsec. (4) Comsec may cooperate with any organisation in the Republic or elsewhere to achieve its objectives. ( 5 ) Comsec, the members of its Board and its employees must, in the performance of -their functionsin terms of this Act, comply with the policies and regulations relating to security of communications made in terms of the National Strategic Intelligence Act, 1994 (Act No. 39 of 1994). (6) Thehead of a telecommunication service provider must. the request of Comsec at and at Comsec’s expense, render such assistance asmay be necessary for the execution of the functions of Comsec contemplated in this section. ( 7 ) Comsec is exempted from the licensing requirements contemplated in( a ) the Broadcasting Act, 1999 (Act No. 4 of 1999); and ( b ) the Telecommunications Act, 1996 (Act No. 103 of 1996).
( a ) develop, design, procure, invent,

5

10

15

20

CHAPTER 2 GOVERNANCE OF COMSEC Board of Directors

25

8. ( 1 ) Comsec must be managed and controlled in accordance with this Act by a Board of Directors appointed by the Minister after consultation with Cabinet. ( 2 ) The business and operational plans of Comsec must be approved by the Board 30 with the concurrence of the Minister. (3) The Board represents Comsec.
Composition of Board 9. ( 1 ) The Board is made up of not more than nine members of whom( achairperson; non-executive ) one is the 35 (bi not more than four are executive directors, one of whom must be designated by the Minister as the Chief Executive Officer: and ( c i the rest are additional non-executive members, consisting of persons approved by the Minister on the basis of relevant expertise. ( 2 ) A majority of the members of the Board forms a quorum at any meeting of the 40 Board. (3) On an equality of votes in any meeting of the Board, the chairperson has a casting vote in addition to a deliberative vote. Terms of office of members of Board 10. (1 ) A non-executive member of the Board45 ( a ] holds office for a period of three years which the Minister may extend for further periods of three years each such shorter periods as the Minister may or determine; ( b ) serves on the terms and conditions determined the Minister and specified by in the letter of appointment and member; of the 50 (c) mayresign by givingthreemonths’writtennoticetotheMinisteror as stipulated in the letter of appointment. (2) An executive member of the Boardf a ) holds office for a period determined the by Minister in the letter of appointment; 55

8

No. 24356

GOVERNMENT GAZETTE,6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (I") LTD ACT, 2002

Act No. 68,2002

(b) mayresign by givingthreemonths'writtennotice to theMinisteroras stipulated in the letter of appointment. (3) The names of the Board members may be kept confidential.

Remuneration of members of Board

11. Amember of the Board, except the executive directors and any appointed member 5 who holds a post or office in the Public Service or any institution, organisation body or established by or under any other law and funded wholly partly by the State, may be or remunerated on a daily basis at a rate determined by the Minister with the concurrence of the Minister of Finance.
Removal
10

m

~

12. The Minister may in the prescribed manner remove any member of the Board from office on the grounds of misconduct, incompetence or incapacity or failure to obtain the necessary security clearance.
CHAPTER 3 CHIEF EXECUTIVE OFFICER Functions of the Chief Executive Officer
15

13. The Chief Executive Officer is responsible for the administration and the general managementandcontrol of theday-to-dayfunctioning of Comsec,subjecttothe directions and instructions issued by the Board.
Employment of personnel
20

may

case

the

14. (1) The Chief Executive Officer must appoint the employees Comsec, subject of to such remuneration, allowances and service benefits as the Board may determine. ( 2 ) In filling posts,theevaluation of personsmustbebasedontraining,skills, competence. knowledge and the need to redress the imbalances of the past, so as to achieve a staff complement broadly representative of the South African population, 25 according to race, gender and disability. (3) The Minister or any other Minister may, at the request of Comsec, second an employee to ComsecinaccordancewithanAct of Parliamentprovidingforthe Intelligence Services or section 15(3) of the Public Service Act, 1994 (Proclamation No. 103 of 1994), as 30 (4) For as long as an employee is seconded to Comsec, Comsec must reimburse the relevant department for the remuneration and allowances by such departmentto the paid employee, and for any other expenditure arising from the secondment of that employee.

Employment of employees of Security Services

15. (1) Any employee involved in an electronic communications security function in the security services contemplated in Chapter 11 of the Constitution, or in any establishment or entity contemplated section 7(3), may be madean employmentoffer in by Comsec. ( 2 ) ( a ) The remuneration,benefits and privileges offered by Comsec may not be less than those payable to the employee by the previous employer immediately prior to his or her transfer. (b) Prior to the transfer of an employee, an agreement must have been reached betweentheemployer,ComsecandtheMinister,andwiththeconcurrence of the Minister of Finance, where applicable(i) astowhetheraccruedleaveandsickleaveshouldbewholly or partially carried over to Comsec; (ii) as to whether the monetary value such benefits should be payablewholly or of partially to the employee prior to transfer; and (iii) as to which portion of the costs of the transferred benefits is to be carried by Comsec. which by portionemployer and the

35

40

45

50

I

-

10

No. 24356

GOVERNMENT GAZEITE, 6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (F'TY) LTD ACT, 2002
r,

Act No. 68,2002

(3) The agreement contemplated in subsection (2)(b):must also deal with any other existing contractual obligation between the employer and the employee. (4) An offer contemplated in subsection (1) may only be made to employees who are in the service of the respective employers when the offeris made. (5) An employee who accepts the offer Contemplated in subsection (1) is not entitled 5 to any ,voluntary severance package. (6) An officer who is a member of Government Employees Pension Fund and who is employed by Comsec may( a ) choose to become a dormant member of suchFund,andfromthedate of exercising such choice the officer must, despite the provisions of any other 10 law, be regarded to be a dormant member of the Fund; ( 6 ) choose to remain a member of the Fund, in which case Comsec is responsible for the employer's contribution to the Fund; (ci requesttobecomeamember of anyotherregisteredpension fund, and withdraw from the Government Employees Pension Fund in accordance with 15 theGovernmentEmployeesPensionLaw,1996(Proclamation No. 21 of 1996).
I

CHAPTER 4 SECURITY MATTERS Security clearance 16. No person may be appointed as a member of the Board or as an employee of Comsec without a security clearance certificate issued by the National Intelligence Agency in accordance with the National Strategic Intelligence Act, 1994 (Act 39 of No. 1994). CHAPTER 5 SERVICE DELIVERY Analysis of electronic communications security needs, and business agreement 17. (1) The head of an organ of state must ensure that the organ state under his or of her administration procures and accesses electronic communications products with the and verification 30 of Comsec. ( 2 ) The head of anorgan of state must, at the request of the Board and in the prescribed manner, submit to the Board an analysis of the electronic communications security needs of the organ of state under his or her administration. (3) The Board must make its request six months after Comsec's incorporationl and second thereafter in every (4) Expenditure on theprocurement or accessing of electroniccommunications products by an organ of state which has not complied with a request contemplated in subsection ( 2 ) must be regarded as unauthorised expenditure for the purposes of the Public Finance Management Act, 1999 (Act No. 1 of 1999). (5) The Board must. after having considered an analysis contemplated in subsection 40 ( 2 ) and if satisfied that Comsec should attendto the electronic communications security needs,enterintoabusinessagreementwiththerelevantorgan of stateforthe provisioning of the necessary services. (6) Comsec may enter into business agreements to regulate its relationship with organs of state. CHAPTER 6 FINANCIAL MATTERS Funding of Comsec
25

I

20

approval

year.

45

18. (1) Funding and capital to start operating Comsec must be obtained from funds between agreedof Minister toFinance. Minister the the and 50 (2) The funds of Comsec consist of-

12

No. 24356

GOVERNMENT GAZETTE, FEBRUARY 2003 6 ELECTRONIC COMMUNICATIONS SECURITY (F'TY) LTD ACT, 2002

Act No. 68,2002

organs

with

as part of,the Voteof theIntelligence Services in terms the Security Services Specld,Account Act, of 1969 (Act No. 81 of 1969); ( b ) monies received for services provided as stipulated the business agreements in into entered of state; 5 ( e ) funds, finances and grants contemplated in subsection (7); (d) donations and bequests contemplated in subsection (8). (3) The rates used for determining the cost of service must be reasonably market related and periodically approved by the Minister of Finance. (4) Comsec mustperformitsfunctions in an efficientandcost-effectivemanner.10 (5) The Boardmustprepareastrategicplanwhich it mustuse asa basis for recommending to the Minister how excess fundsmay be retained and used the Board. by (6) Payment for services provided by Comsec to an organ of state must be made in accordance with the business agreement between the parties. ( 7 ) The Minister may. after a request from Comsec, request special funding or any 15 otherspecialfinancialarrangement,includinggovernmentgrants, for theeffective functioning of Comsec from the Minister of Finance. . (8) Comsec may. with the approval of the Minister, accept donations and bequests, subject to the Public Finance Management Act, 1999 (Act No. 1 of 1999). (9) The books and records of accounts and financial statements of Comsec must be 20 auditedannually by theAuditor-Generalin accordance withtheSecurityServices Special Account Act, 1969 (Act No. 81 of 1969). (10) TheChief Executive Officer must, at the end of each financial year, submit the report of the Auditor-General and the annual report compiled in accordance with the Public Finance Management Act, 1999 (Act No. 1 of 1999), to the Minister and the joint 25 standing committee forconsideration. ( 1 1 ) Comsec may acquireshares in any other company registeredin the Republic in terms of the Companies Act.

( a ) monies receivedfromParliament

e '

CHAPTER 7

GENERAL
Intellectual property

30

19. ( I ) Notwithstanding the provisions of any other law, all intellectual property rights in any product, service, item, method or any other thing any nature relating to of secure communications technologyorsystemsdeveloped,designedorinventedas contemplated in section 7(2) by Comsec or its employees, vest in Comsec. 35 (2) The Board must direct how the product, service, item, method or any other thing of any naturecontemplated in subsection (1) istobeutilised by Comsec in the achievement of its objective.

Exemption from application of this Act
20. ( 1 ) The Minister may, at the request of an organ of state, exempt such organ of 40 state from the application of this Act if the exemption will not compromise national security. (2) The request contemplated in subsection (1) must be fully motivated.

Critical electronic communications infrastructure

21. (1) Comsec must for its own account provide protection to critical electronic 45 communications infrastructure, such ascomputer systems programmes of organs of and state. (2) Comsec must coordinate research and development regarding any security risk that may arise in relation to critical electronic communications infrastructure. (3) The Minister may, on recommendation the of Comsec, identify critical 50 communications infrastructure and requestComsec to provide the necessary protection.

14

No. 24356

GOVERNMENT GAZETTE, 6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (F'TY) LID ACT, 2002

Act No. 68,2002

Regulations

22. ( 1 ) The Ministermay, after consultation with the 7joint standing committee, make regulations regarding( a ) functions consistent with this Act to be performed by Comsec; (b) the conditions for the appointment of directors the Board; to 5 (c) security requirements regard with to electronic communications of the different organs of state; (4 conditions of employment and any other benefits employees of Comsec, on of the advice of the Board; ( e ) relations labour employees of the of Comsec; 10 cf, transitional arrangements consistent with this Act regardthe with to implementation of this Act; and (g) any other matter that the Minister may consider necessary to prescribe in order to achieve the objectsof this Act, (3) A regulation made under this Act may provide that any person who contravenes a 15 provision thereof, or failsto comply therewith, is guilty of an offence and on conviction liable to a fine or to imprisonment for a period not exceedingfive years.
Offences and penalties
23. (1) Any person is guilty of an offence if he or she( a ) interferes or tampers with any electronic communications system or product 20 of an organ of state; ( h ) contravenes section 17(1) or ( 2 ) ; (c) not being a director or employee Comsec, by word, conduct or demeanour of pretends that he or she is a directoror employee of Comsec; (dl being a director or employee of Comsec, omits to carry out his or her duty or 25 performs an act in conflict with his or her duty. ( 2 ) Any person convicted of an offence in terms of this Act is liable, in the case of contravention of( a ) subsection (I)(a),to a fine or to imprisonment for a period not exceeding 10 years; and 30 ( h ) subsection (l)(b). (c) or (d), to a fine or to imprisonment for a period not exceeding one year.

Limitation of liability 24. The Minister, Comsec or any of its employees is not liable for anything done in good faith in terms of furthering the objectives of this Act, unless that act constituted 35 gross negligence. Savings and liabilities 25. ( 1 ) All assets, liabilities. rights duties, and including funds,resourcesand administrative records,of an entity or establishment the State which ceases exist by of to virtue ofan integrationcontemplatedinsection7(3)vestuponsuchintegration in 40 Comsec, and must be regarded to have been acquired or incurred by Comsec of in terms this Act. ( 2 ) The registrar of deeds must, upon productionto him or her of a certificateby the Minister that immovable property describedin the certificate vests in Comsec by virtue or on any relevant 45 of subsection ( I ) , make the necessary entries and endorsements in register, title deed or other document in his or her office, so as to give effect to that subsection. (3) No duty, office fee or any other charge is payable in respect of any entry or endorsement made in terms of subsection (2). (4) Disciplinary proceedings instituted prior to the commencementthis Act and not 50 of yet completed when this Act took effect, must be concluded in terms of the law under which the proceedings were instituted.

16

No. 24356

GOVERNMENT GAZETTE, 6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (F'TY) LTD ACT, 2002
T

Act No. 68,2002

Amendment of laws

26. The laws mentioned in the first columnof Schedule 1 are hereby amended to the extent set out in the third column of that Schedule.
Short title and commencement
t

2002, and comes into operationon a date determinedby the President by proclamation in the Gazette.

27.This Act is called the Electronic Communications Security (Pty) Ltd Act,

5

18

No. 24356

GOVERNMENT GAZETTE, 6 FEBRUARY 2003
ELECTRONIC COMMUNICATIONS SECURITY (PTY) LTD ACT, 2002

Act No. 68,2002

SCHEDULE 1
(Section 26)
LAWS AMENDED and-vear of Act ict No. 81 of 1969
(0.

7

?

ihort title iecurity Services Special iccount Act, 1969

3xtent of repeal or amendment 1. The amendment of section 2 by he substitution for paragraph ( a ) )f the following paragraph: “(a) the performance of the ’unction and the duty of the Na.ional Intelligence Agency and he South African Secret Service 1s referred to in the National Strategic Intelligence Act, 1994,

md” . 2. The substitution for section 5 3f the following section:

“Investment of balances
5. Moneys standing to the :redit of the account which are not required for immediate use or as a reasonable working balance, may be invested in such manner as may be determined by the President [Executive Deputy President] or Minister responsible for the National Intelligence Agency, [or] the South African Secret Serviceor Comsec with the concurrence of the Minister of Finance.”. 1. The amendment of section 1 b) the substitution for the definition of “security matter” of the following definition: ‘security matter’ includes any matter which is dealt with by Comsec as defined in section 1 of the Electronic Communications Security (Pty) Ltd Act, 2002, or the Agency or the Service as defined in section l of the Intelligence Services Act, 1994, or which relates to the functions of Comsec or that Agencyor Service or to the relationship existin! between any person and Comsec - that Agency or Service.”. or
“

k t No. 83 of 1982

Protection of Information Act. 1982

Act No. 66 of 1995

Labour Relations Act, 1995

1. The amendment of section 2 b the deletion in paragraph (b)of the word “and”, and by the addi. tion of the following paragraph: “ ( d ) Comsec.”.

20

No. 24356

GOVERNMENT GAZETTE, 6 FEBRUARY 2003 ELECTRONIC COMMUNICATIONS SECURITY (PN) ACT, 2002 LTD

Act No. 68,2002

Vo. and year of Act

ict No. 75 of 1997

ihort title 3asic Conditionsof Employment k t , 1997

c

Extent of repeal or amendment I. The amendment of the definition of “public service” in section 1 by the deletion in paragraph (b)of the word “and”, and by the addition of the following paragraph: “ ( d ) Comsec.”.
2. The amendment of subsection [l)(a)in section 3 by the deletion 3f the second “and”, and by the addition of the following paragraph: “(cj the directors and staff of Comsec.”.

4ct No. 55 of 1998

3mployment Equity Act, 1998

1. The amendment of the definition of “public service” in section 1 by the deletion in paragraph (b)of the word “and”, and by the addition of the following paragraph: “ ( d ) Comsec.”.

2. The amendment of section 4 by the substitution for subsection (3) of the following subsection: “(3) This Act does not apply to members of the National Defence Force, the National Intelligence Agency or the South African Se- cret Service or to the directors and staff of Comsec.” .