THE LAW OF ELECTRONIC COMMERCE

Treatise I- General Regulations

Part I- Generalities

Chapter I- Domain of the Law

Article 1- This present Law provides a collection of rules and procedures which are in use for easy and safe exchange of data in electronic media and applied by employing new communication systems.

Chapter II- Definitions

Article 2-
a. Data Message: A symbol of any event, data or concept that may be produced, dispatched, received, stored or processed by electronic or light devices or by new data technologies.

b. Originator: is the origin and source of data message, who generates or dispatches the data message but shall not include a person who may act as an intermediary in respect of the data message.

c. Addressee: A person who, the originator; tries and intends to receive the data message. It may not, however, include a person who may act as an intermediary in respect of the data message.

d. Incorporation by Reference: Means the sources beyond and other than the data message to which reference may be made in the data message. Any such reference, in case it shall be made according to Article 18 of this Law, shall be considered to be a part of the data message.

e. Integrity or Integrity or Data Message: Means the full, unaltered entity of the data message. Acts resulting from operation of a system, such as the dispatch, storage or displaying the data being carried out customarily, shall not prejudice the integrity of a data message.

t. Computer System: A device or a set of inter-related, linked hardware/software devices operating through automatic processing programmes of data message.

g. Information System: A system used for generating, dispatching, receiving, storage or processing data messages.

h. Secure Information System: is the information system that

1. shall be reasonably safe and secure against misuse by hackers.
2. may be reasonably accessible and duly operable.
3. shall be reasonably structured and organized commensurate with the degree of complexity of the output.
4. shall be security friendly.

i. Secure Method: Any method used to check the validity of a data message and its origin and destination address by fixing its date and tracing any fault or alteration in the communication, text or storage of a data message at a given time. A secure method may be employed by the use of algorithms, code numbers, key words or digits, codified writing, return acknowledgement or reply methods or any other similar secure methods.

j. Electronic Signature: Any marking attached to or reasonably linked to the data message that can be used to identify a signatory of a data message.

k. Secure/Enhanced/ Advanced Electronic Signature: Any electronic signature according to the provisions of Article 10 of this Law.

l. Signatory: Any person or representative of a person who generates electronic signature.

m. Person: Includes all natural persons and legal entities or the computer systems under their control.

n. Reasonable, Reasonableness Test: Evaluation made in accordance with the condition of exchanging a data message. The conditions include the nature of such exchange of data message, skills and positions of the data message exchanging parties, the volume of exchanges made by the parties in similar cases, accessibility of the proposals made an refused by the parties, the costs of choices, proposed in exchanging data messages, and the customary methods used in these types of exchanges (communications).

o. Consumer: A person who acts for a purpose other than commerce or his professional vocation.

p. Supplier: Is a person who acts on the basis of his commercial, industrial, or vocational competence.

q. Means or Long Distance Communication: Includes any means that may be used for
the sale of goods and services without the physical, synchronous and concurrent
presence of a supplier and a consumer.

r. Distance Contract: To make offers and acceptance of the offers by a supplier and a
consumer in respect of commodities and services by means of telecommunication
devices.

s. Durable Medium: Shall be those means by which a consumer shall be personally able
to record data messages thereon such as floppy discs, compact discs, hard discs or the
electronic mail of the consumer.

t. Private Data: Means the data messages of a natural person in relation to a particular
data subject

Chapter III- Interpretation of the Law

Article 3- The international characteristics and the need for development of coordination
among the nations through the use of e-commerce as well as the need to have good
intentions must always be taken into consideration in making interpretations of this law.

Article 4- The courts of justice shall be under the obligation to issue judgments on the
basis of applicable laws in compliance with the scope provided in the various chapters of
this law in cases where there shall exist no legal provision or there shall exist ambiguous
regulations in Treatise I of this law.

Chapter IV- Validity of Private Agreements

Article 5- All changes made in generation, dispatch, receiving, recording or processing
data messages with the agreement and special contact made between the parties shall be
binding and valid.

Part II- On Data Message
(Written Documents, Original Signatures)

Article 6- In cases where according to a law a written document must be presented, a data
message shall constitute to be such written document, except in the following cases:
a. Deeds of ownership of immovable properties.
b. Sale of medicines to end users.
c. A notice, warning, caution or similar admonitions by virtue of which special
instructions shall be given for the use of a certain commodity or application of a certain
way of handling whether in the form of an act that must be carried out or instruction on
refraining from such act.

Article 7- In cases where a law requires a signature to be made, electronic signature shall
be acceptable.

Article 8- In cases where according to a law, it shall be required to maintain or submit and
present data and information in original form, such maintenance and presentation may be
made in the form of data message. Provided, however, that the following conditions shall
be met:

a. The data and information shall be accessible and it shall be possible to make reference
thereto repeatedly.

b. The data message shall be stored and maintained in the same format which was
originally made, dispatched or received or shall be kept in a format that demonstrates
the information which were generated, dispatched, or received.

c. All information denoting the origin, destination, the time of dispatch or receipt of the
message (if any) must be maintained.

d. The conditions required by any entity, organization, government body or ministry in
respect of the manner of maintenance of data messages pertinent to that entity, must be
adhered to.

Article 9- Should conditions arise that dispatch of data messages shall be substituted with
the use of paper documents as of a certain date, the paper which will be issued in this
regard shall expressly contain the termination of the use of data message.

No such substitution may prejudice the rights and obligations of the parties prior to the
substitution.

Part III - Safe and Secure Data Message

Chapter I- Secure Electronic Signature and Records

Article 10- Secure electronic signature shall have the following characteristics:
a. shall be unique to the signatory .
b. shall identify the signatory of the data message.
c. shall be issued by the signatory or according to his exclusive will.
d. shall be connected to a data message in a manner that any alteration in the data message
shall be traceable.

Article 11- Secure electronic record means a data message which has been stored
according to the conditions of a secure information system and may be accessible and
comprehended when necessary.

Chapter II- Acceptability, Validity as Proof, and Effects of
Secure Electronic Signatures and Records

Article 12- The documents and evidences to prove a claim at a court may be submitted in
the form of a data message. The validity of a data message may not be refuted by a court of
justice or by a government department on the basis of existing rules and evidence, by
referring to the format of a data message.

Article 13- In general, the proving aspect of a data message shall be determined with due
regard to the security elements that are involved such as the proper security methods
employed in respect of exchanging a data message.

Article 14- All data messages that have been generated and maintained in a secure way
shall be regarded as valid documents to which reference maybe made in judicial forums as
regards their content signature, obligations made by the parties concerned as well as their
legal representative, enforcement of the provisions thereof and other matters.

Article 15- It shall not be possible to dispute the validity of a secure data message, secure
electronic records, and a secure electronic signature. It may only be possible to claim that a
data message has been forged or try to prove that a data message has lost its validity due to
a legally acceptable reason.

Article 16- A data message that will be recorded and maintained by a third party in
compliance with the provisions of Article II above shall be construed as being valid.

Part IV - Exchanging Data Messages

Chapter I - Legal Validity of References in a Data Message,
Conclusion of Contract and the Will of the Parties

Article 17- References made in a data message shall be acceptable in the following
Instances:

a. It shall be explicitly clear that reference has been made to what subject or matter in the
data message.

b. The subject to which reference has been made shall be explicitly clear for the party to
whom reference has been addressed.

c. The data message being the subject of reference shall be acceptable to the party
concerned.

Chapter II- Attribution of a Data Message

Article 18- A data message shall be attributed to the originator in the following instances:

a. In case the data message shall be dispatched by the originator or by the person
authorized on behalf of the originator.

b. In case the data message shall" be dispatched through the information system
programmed by the originator or by the automatic operation nm by the originator.

Article 19- An addressee shall have the right to consider a data message that has been
dispatched in accordance with anyone of the following terms, as having been duly
dispatched and may act accordingly:

a. The data message has been dispatched in accordance with a procedure introduced or
agreed upon by the originator and it shall be possible to establish that the data message
has been dispatched according to the said procedure.

b. The data message received by the addressee shall be collected pursuant to an act by the
addressee enabling the addressee to gain access to the system of the originator in such
way that the data messages of the addressee shall be recognized as the data messages of
the originator.

Article 20- Provisions of Article 19 above shall not cover the instances where the data
message has not been issued by the originator or has been issued erroneously.

Article 21- Every data message shall be a separate, independent data message, except the
cases where it shall be apparent that a data message is a copy of an earlier data message.

Chapter III - Acknowledgement of Receipt

Article 22- Should at any time prior to or at the time of dispatch of a data message, the
originator requires or agrees with the addressee to acknowledge receipt of the data message,
and the form or mode of acknowledgement shall not be agreed upon, then any type of
automatic connection, correspondence, or any other appropriate measure on the part of the
addressee that will reasonably assure the originator from receipt of the data message by the
addressee, shall be construed as acknowledgement of the data message.

Article 23- If an originator shall explicitly provide that any 1egal effect of a data message
shall be subject to acknowledgement of receipt of data messages, then all data messages
shall be considered as not having been dispatched, except those whose receipts will be
acknowledged.

Article 24- The connotation and understanding in respect of receipt of a data message by
the addressee shall not include and cover the contents of the data message.

Article 25- Where in the acknowledgement of receipt, it shall be provided that the data
message has been received in compliance with the requirements, standards, or the
procedure agreed to by and between the parties, then it shall be deemed that those
requirements have' been complied with.

Chapter IV- The Time and Place of Dispatch and
Receipt of a Data Message

Article 26- A data message shall be deemed as having been dispatched when it enters the
information system beyond the control of the originator or his representative.

Article 27- The time of receipt of a data message shall be fixed as follows:

a. If the information system of the addressee for receiving the data messages has already
been designated, a data message shall be deemed as having been received:

1. When the data message enters a designated information system, or

2. When a data message shall enter an information system belonging to the addressee
that is different from the system exclusively designated for this purpose, but it shall
be retrieved.

b. If the addressee has not designated an information system for receiving data messages,
the receipt shall be deemed as having been received when it enters the information
system of the addressee.

Article 28- The provisions of Article 27 above shall apply regardless of the place of
installation of the information system.

Article 29- If the place of installation of the information system shall be different from the
place where the data message shall be received, action will be taken as follows when
appropriate:

a. The Place of business or trade of the originator shall be deemed as the place of dispatch
of the data message. Likewise, the place of business or trade of the addressee shall be
deemed as the place of receiving the data message except the cases otherwise agreed
upon by the parties.

b. If the originator shall have more than one place of business and trade, the place having
the nearest distance to the transaction, shall be deemed as the place of business or trade.
Otherwise, the principal place of the company shall be deemed as the place of business
or trade.

c. If the originator or the addressee shall not have any place of business or trade, their
place of domicile shall be taken into account.

Article 30- The legal effects of attribution, acknowledgement, and the time and place of
dispatch and receipt of data message described in Chapters n to IV , Part IV of this Law as
well as the contents of a data message shall be governed by general rules and regulations.

Treatise II - Bureaus for Certification of Service Providers

Article 31- The bureaus for certification of service providers are the firms which shall be
established in Iran to supply services in respect of issuing electronic signature. The services
of these firms shall include the production, issuance, storage, dispatch, confirmation,
cancellation and making up to date the certificates of electronic signatures.

Article 32- The regulations on the operation, setting up, and functions of the above firms
shall be drawn up by the Management and Planning Organization, the Ministries of
Commerce, Communications and Information Technology, Economy and Finance and
Justice and shall be submitted to the Council of Ministers for approval.

Treatise III - On Various Rules

Part I- Exclusive Protections Within the Framework of
Electronic Exchange of Communications

Article 33- Suppliers of goods and services must provide consumers with the Information
they require to buy tile goods or accept conditions of sale at a proper time prior to
conclusion of the contract. The minimum required information shall be as follows:

a. Technical specifications and applied particulars of the goods or services.
b. The identity of the supplier, and the trade name under which the supplier is carrying out
business and supplier's address.
c. Electronic mail address, telephone number or any other means by which the customer
may communicate with the seller in case of need.
d. All costs to be borne by the customer for the purchase of goods (including the prices of
goods or services, applicable taxes, freight charges and contact costs).
e. The period of validity of the offer made.
f. The conditions and process of contract including the manner and mode of payment,
handing over, execution, termination, reference, and after sales services.

a. The address of the place of business or trade of the supplier for lodging any prospective
complaints.
b. Information pertaining to warranty and after sales logistics.
c. The conditions and procedures for termination of the transaction according to Articles
37 and 38 of this law.
d. Conditions for termination in the contract concluded for the supply of services.

Article 35- The information and the confirmation of the information notified to the
consumer must be made in a durable media, in an explicit manner, at a proper time and by
means of appropriate communication within a fixed period on the basis of good intention
and will required in transactions including the necessity to observe the special needs of
disabled individuals and children.

Article 36- In case of contacting by voice, the identity of the supplier and his intention in
contacting the consumer must be -explicitly expressed at the outset of every conversation.

Article 37- In every long distance transaction (distance contract), the consumer must have
at least seven working days for dispensing with and withdrawing from his acceptance
without the obligation to suffer any penalty or obligation to provide any proof or evidence.
The consumer shall only be liable for the costs of returning the goods.

Article 38- The right of withdrawal shall commence in the following manner:

a. In case of goods sold out, the period of 7days shall commence on the date of delivery of
goods to the consumer. Such period shall start on the date of signature of the agreement
in case of sale of services.

b. In any case, the date of commencement of the right of withdrawal by the consumer,
shall be after submission of the information that the supplier is obliged to supply
according to Articles 33 and 34 of this law.

c. Upon employment and invoking the right of withdrawal, the supplier shall be under the
obligation to return the whole of the money he received to the consumer without
claiming any sums of money.

d. Withdrawal by the consumer shall not apply in respect of goods and services under
certain special conditions. Such instances shall be according to a Regulation to be
approved according to Article 79 of this law.

Article 39- If a supplier, in the course of a transaction, shall not be able to fulfill his
obligation due to lack of stock or due to inability to carry out the services, the supplier must
immediately return the money to the addressee, except in the case of sale of general cargo
as well as the obligations that may be fulfilled after some time, if the addressee sha11 be
agreeable to allow such time. In case it shall become known that the supplier, right from the
outset, was aware that the obligations could not be fulfilled, he shall be condemned to
maximum punishment provided in this law, in addition to the obligation to return the price
he collected.

Article 40- The supplier may deliver to the consumer the goods or services promised to be
delivered, provided that such delivery shall be notified prior to or during the course of
concluding the transaction.

Article 41- Should a supplier dispatch to the addressee some goods or services other than
those being subject of the transaction, such goods or services shall be returned at supplier's
cost. The dispatched goods or services may be offered by the supplier to the addressee as a
separate transaction and the addressee may accept the offer as such.

Article 42- The protections set forth in this present chapter shall not apply to the following
instances:

a. Fiscal services the list of which shall be fixed according to a Regulation to be drawn up
according to Article 79 of this Law.

b. Transactions involving sale of immovable property or ownership rights of immovable
property except leasing.

c. Direct purchase of goods and services from slot machines.

d. Transactions carried out by means of public telephones.

e. Transactions pertaining to auctions.

Article 43- The supplier may not construe any silence on the part of the consumer as the
consent and satisfaction of the consumer.

Article 44- In case of controversies or doubts, judicial authorities shall investigate the case.

Article 45- Enforcement of the rights of consumers under this law may not be prejudiced
by other laws providing a weaker protection.

Article 46- It shall not be possible to resort to contractual provisions which may be
contrary to the provisions of this chapter. Similarly, inequitable provisions made to the
detriment of the consumer shall not have any effect.

Article 47- In long distance transactions (distal1ce contracts), any portion of a deal which
shall be carried out under a method other than the use of the means of telecommunication,
shall not be subject to the provisions of this Jaw.

Article 48- All legal and civil organizations for protection of the rights of consumers may
proceed to institute claims in the capacity of 'complaining party. The procedures in this
regard shall be drawn up through a Regulation which shall be proposed by the Ministry of
Commerce for approval to the Council of Ministers.

Article 49- Consumers rights in respect of the use of electronic payment machines shall be
according to the laws and regulations approved or to be approved by the legal authorities
concerned.

Chapter II- On the Rules of Marketing

Article 50- Suppliers in advertising their goods and services may not resort to acts or
omissions misleading and deceiving an addressee as regards the quality or the quantity of
goods.

Article 51- Suppliers who advertise their goods or services must not put the health of
individuals in jeopardy and danger.

Article 52- A supplier must carry out advertisement in such way that the consumer shall
comprehend the information regarding the goods and services precisely and explicitly.

Article 53- In advertising, the name of the person or firm in whose favour the
advertisement will be carried out must be known in an explicit manner.

Article 54- Suppliers may not misuse the particular feature of electronic transactions to
hi4e the facts regarding their identity or place of business.

Article 55- Suppliers shall take measures that consumers shall be able to decide to receive
advertisements at their p9sta1 address or through their e-mails.

Article 56- Suppliers shall act in a professional way in conducting their advertisements.
The criteria on advertising shall be included in the Regulation mentioned in Article 79 of
this law.

Article 57- Advertisement and marketing for children and young adults below legal age
shall be according to the Regulation mentioned in Article 79 of this Law.

Chapter III- Protection of Personal Data Messages (Data Protection)

Article 58- It shall be illegal to store, process or distribute personal data messages
describing ethnic or racial roots, ideological or religious viewpoints, personal
characteristics as well as health, mental or sexual status of individuals without their explicit
consent under any pretext.

Article 59- In case of obtaining the consent of the individual concerned, the content of the
data message must be in line with the approvals of the Islamic Consultative Assembly.

Any storage, processing and distribution of personal data messages pertaining to electronic
communications must be made in compliance with the following conditions:

a. The purpose thereof must be known and explicitly described.

b. he data message must be collected only proportionate with the objectives described to
the person being subject of the data message and according to the needs and must only
be used for the purposes determined in the above manner.

c. The data message must be correct and up to date.

d. The person being subject of the data message must be given access to the computer files
containing the personal data message of that person and must be able to delete or amend
and correct the faulty or incorrect date messages.

e. A person being the subject of a data message shall be given the chance to request total
deletion of his computer file in respect of personal data messages in compliance with
the applicable criteria.

Article 60- Storage, processing and distribution of medical and hygiene records shall be
subject to the Regulation mentioned in Article 79 below.

Article 61- Other matters relating to access to data messages including the exceptions,
disclosure to third parties, making objections to, security processes, the authorities
responsible for vigilance and control of the process of personal data messages, have been
described in Treatise 4 of this Law and the pertinent Regulation.

Part IV - Protection of Data Message in the Process of
Electronic Communications

Chapter I - Author's Rights/Copyright
in the Process of Electronic Communications

Article 62- The rights of publication, performance and distribution of the works protected
under the Law of Protection of the Rights of Authors, Composers and Artists approved on
November 23, 1969 and the Law on Translation and Publication of Books, Periodicals, and
Vocal Works approved on December 16, 1973 and the Law on Protection of the Rights of
Creators of Computer Soft-wares approved on December 24, 2000, in the form of data
message are reserved exclusively for the authors. All works and writings in the form of data
message, including data, information, soft-wares, computer programmes, computer tools
and methods, data sites, as well as protection of intellectual property rights in the process of
electronic communications including patents rights, design rights, copyright, rights
associated with copyright, protection of data sites, c protection of integrated circuits and
chips, and protection of trade secrets shall be subject to the laws mentioned in this present
Article and the Law on Registration of Trademark and Patents ratified on June 21, 1931
and the Executive By-laws of the above law ratified on July 4, 1958. provided, however,
that the provisions of the above two laws sh8ll be in line with ratifications made by the
Islamic Consultative Assembly.

Note 1- The rights related to literary arid artistic property (previously known as the
neighbouring rights of literary and artistic rights) shall include the material and intellectual
rights of performing artists producers of audio and video discs and recording studios and
distributors who fall under the provisions of the Law approved on November 23, 1969 and
December 16, 1973.

Note 2- An integrated circuit is an electronic component with a special drawing and logic.
It is of high performance and efficiency and may be substituted with a great number of
conventional electronic components. The drawings, placement and logic of the said circuits
are covered by legal protection according to the Law on Registration of Trademarks and
Patents ratified on June 21, 1931 and the Executive By-Laws of the said law ratified on
July 4, 1958.

Article 63- A temporary act of publication, performance and distribution of a work which-
shall be an integral part of the technical process of a data message in networks shall not be
subject to the above provisions.

Chapter II - Protection of Trade Secrets

Article 64- In order to protect legitimate competition in the process of electronic
communications, any illegal acquisition of trade and economic secrets of firms and
institutes for one's own use or for disclosure to others by means of electronic devices shall
be a crime and perpetrators shall be condemned to the punishments prescribed in this law.

Article 65- Electronic trade secrets are those data messages that comprise data,
information, formulae, equations, patterns, soft-wares and programmes, tools methods,
techniques and processes, unpublished writings, methods of conducting business or
transaction, tactics, drawings, plans, fiscal information, customers lists, business plans and
the like which shall be of economic value independently and is not available to the public
and reasonable efforts have been made for their protection.

Chapter III - Protection of Trademarks and Trade Names

Article 66- In order to protect the rights of consumers and to induce legitimate competition
in electronic communications it shall be prohibited to use trademarks in the form of domain
name or any online description of trademarks that shall cause receipt or mistake in respect
of genuine goods and services. The perpetrators shall be condemned to the punishments
prescribed in this law.

Treatise IV - Crimes and Punishments

Part I - Fraud by Means of Computer

Article 67- Anyone who, in the process of electronic communications, shall resort to the
misuse or unauthorized use of data messages and shall deceive others by computer
programmes and systems and means of telecommunication through such acts as entry into,
deletion, or stopping a data message, or intervenes in the operation of computer plans,
programmes and systems or shall cause illusion of automatic processing and paying
systems thereby acquiring for one's self or for others properties, sums of money or fiscal
privileges thus stealing property of others shall be considered a criminal and shall be
condemned, in addition to returning the stolen property to rightful owner(s), to
imprisonment from one to three years and payment of cash penalty in the same value of
stolen property.

Note- Commencing the perpetration of the above act shall also be a crime and the
perpetrator shall be condemned to the minimum punishment prescribed above for having
started the above act.

Part II- Forgery by Means or Computer

Article 68- Anyone who, in the process of electronic communications, by entering into,
alteration, deletion or stopping a data message and intervention in the processing of a data
message and computer system or by using the applied systems of codification of producing
signature, such as using personalized keys, without taking authorization from the signing
party or by producing a signature without registration in the electronic records or by using
signatures that do not correspond with the signatures of the actual holders, shall obtain or
fabricate certificates thereby forging data messages of fiscal or positive value and shal1
submit same to administrative, judicial, fisca1 and other authorities as valid data messages,
shall be considered to be a forger and shall be punished by imprisonment from one to three
years and condemned to payment of a cash penalty of fifty million rials.

Note- Commencing the perpetration of the above act shall also be a crime and the
perpetrators shall be condemned to the minimum punishment prescribed in this Article.

Part III - Violation or Exclusive Rights in the Process
or Electronic Communications

Chapter I -Violation or the Rights or Consumers
and the Rules or Advertising

Article 69- A supplier infringing provisions of Articles 33, 34, 35, 36 and 37 of this law
shall be condemned to cash penalty from ten million to fifty million rials.

Note- A supplier infringing Article 37 shall be condemned o maximum penalty.

Article 70- A supplier infringing Articles 39, 50, 51, 52, 53, 54 and 55 of this law shall be
condemned to cash penalty from twenty million to one hundred million rials.

Note 1- A supplier infringing Article 51 shall be condemned to maximum penalty provided
in this Article.

Note 2- A supplier infringing Article 55 shall be condemned to the minimum penalty
provided in this Article.

Chapter II - Violating Protection of Personal Data Messages/Protection of Data

Article 71- Anyone who, in the process of electronic communications, shall violate the
provisions of Articles 58 and 59 of this law shall be considered as being guilty and shall be
condemned to imprisonment from one to three years.

Article 72 – In cases Where the crimes in respect of data messages shall be perpetrated by
the offices in charge of issuing electronic certificates and other institutions in charge, the
perpetrator shall be condemn to the maximum punishment set forth in Article 71 above.

Article 73- If crimes relating to personal data messages shall occur due to negligence and
carelessness on the part of the offices issuing electronic certificates, the perpetrator shall be
condemned to imprisonment from three months to one year and payment of a cash penalty
of fifty million rials.

Part IV-Violation of Protection of Data Messages
in the Process of Electronic Communications

Chapter I - Violation of Copyright

Article 74- Anyone who in the process of electronic communications, through publication,
performance and distribution (supply and publishing), violates the rights of authors
provided in the Law on Protection of the Rights of Authors, Composers and Artists
approved on November 23, 1969 and the Law on Translation and Publication of Books,
Periodicals and Vocal (Audio) Works approved on December 16, 1973 and the Law on
Protection of the Rights of Creators of Computer Soft-wares approved on December 24,
2000 (provided that the said provisions shall be in line with the ratifications of the Islamic
Consultative Assembly), shall be condemned to imprisonment from three months to one
year and payment of a cash penalty of fifty million rials.

Chapter II - Violation of Trade Secrets

Article 75- Those violating the provisions of Article 4 of this law as well as anyone who, in
the process of electronic communications, shall violate the provisions of employment
agreements in respect of refraining from disclosure of vocational secrets and gains access to
unauthorized trade secrets for his own benefit or discloses same to third parties for the
purpose of competition, profiteering or inflicting loss and damage to trading, industrial,
economic and services firms, shall be condemned to imprisonment from six months to two
and a half years and payment of a cash penalty of fifty million rials.

Chapter III - Violation of Trademarks

Article 76- Violators of Article 66 of this law shall be condemned to imprisonment from
one to three years and payment of cash penalty from twenty million up to one hundred
million rials.

Chapter IV - Others

Article 77- Other crimes, the procedure, regulations on the competence of criminal courts
as well as the judicial methods of international cooperation in relation to electronic
communications are those laid down by Law.

Treatise V-Compensation of Losses

Article 78- In cases where in the process of electronic communications, certain losses or
damages will be inflicted on the persons as a result of defective or weak systems of private
and government institutes (except losses resulting from physical interruption of
communication), the said institutes shall be liable to make good the losses, unless such
losses will be a result of the acts of individuals in which case those individuals will be held
liable to make good the losses.

Treatise VI- Miscellaneous

Article 79- The Ministry of Commerce shall be in charge of identifying the fields related to
electronic commerce and require the pertinent institutions to draw up the relevant laws and
regulations after proposals in this regard shall be given by the Ministry of Commerce and
confirmed by the High Council of Infotech.
The above said by-laws and regulation shall be enforceable after ratification by the Council of Ministers.
The other by-laws and regulations mentioned in this law shall be drawn up in the following manner.

a. The by – laws pertaining to Articles 38 and 42 of this law shall be drawn up on the basis of a proposal to be made by the Ministers of Commerce, Economy and Finance, Management and Planning Organization, the Central Bank of IRI and approved by the Council of Ministers.
b. The by-laws pertaining to Articles 56 and 57 of this law shall be proposed by the Ministries of Commerce, Islamic Culture and Guidance and Management and Planning Organization and approved by the Council of Ministers.
c. The by-law pertaining to Article 60 of this law shall be proposed by the Ministry of Hygiene, Medical Treatment and Education as well as the Management and Planning Organization and approved by the Council of Ministers.

Article 80- In order to protect the activities relating to electronic commerce, the Ministry of Commerce shall be under the obligation to set up a center at the said Ministry by congregating the entities concerned. The articles of association and the by-laws of this Center shall the proposed by the Ministry of Commerce and the Management and Planning Organization, Jointly, to the Council of Minister, for approval.

Article 81- The originators, addressees, filing agents, consumers and all those having data
messages at their disposal, shall be under the obligation to keep and provide back up for the
data messages in order that in case of destruction of one copy, the other copy will remain
immune and intact.

The above law comprising 81 Articles and 7 Notes was approved in the course of the open
session of the Islamic Consultative Assembly on Wednesday, January 6, 2004 and
confirmed by the Guardians Council on January 14, 2004.

Speaker, Islamic Consultative Assembly - M. Karroubi