Mauritius is touted as being a leader in Africa in the Information and Communication Technologies (ICT) sector as depicted by the favourable international rankings of the country. In this era of Industrial Revolution 4.0, Mauritius ranked first in Africa in the United Nations e-Government Index 2018.
As evolving technologies shape the world with the Internet of Things, blockchain, cloud computing, data analytics and artificial intelligence, Mauritius has been active in setting the pace in the African region.
In October 2018, the government of Mauritius produced the Digital Government Transformation Strategy 2018-2022 (the Strategy) which paved the way for accelerated public sector digitalisation efforts to enhance operational effectiveness and efficiency and provide better service to government institutions, citizens and businesses.
The Strategy formulated short, medium and long-term recommendations on five specific themes, namely: ICT Infrastructure including Broadcasting; E-Government and Business Facilitation; Talent Management; Cybersecurity and Cybercrime; and Innovation and Emerging Technologies.
This article focuses primarily on e-government and business facilitation.
The e-Government Strategy (the Strategy) was formulated in 2013 to re-engineer the e-government agenda and to rethink the delivery of its services and operations where citizens are given a prominent position (for example, in the design of services).
By 2018, around 75% of the Strategy had been implemented and helped to further integrate technology in support of government operations and service delivery. Policies and projects in areas of data sharing, open source, open data, e-participation, e-payment, digital signatures, document management systems, e-procurement, mobile apps among others have transformed the way the government deals with its stakeholders while improving international digital indices.
The Strategy lays emphasis on how critical it is to recycle data, to optimise, transform and create better government services, to achieve large-scale business optimisation that improves efficiency and to make e-services available to all people. We provide a summary of the most important recommendations made in the Strategy at the end of this article.
When it comes to business facilitation, various aspects of government-related services were modernised. Even the court systems benefited from this digitalisation and the e-judiciary was introduced at the level of the Commercial Court. A computerised library system was introduced at the level of the judiciary. Before the Assessment Review Committee, online filing of objections were introduced. During the period of lockdown that followed the outbreak of COVID-19, in a bid to ensure continuity, even the courts in Mauritius embraced digitalisation. By order of the Chief Justice, all courts remained closed during the lockdown period until further notice. Only urgent services were being provided via technological communication. Magistrates for District Courts could be reached via technological communication in all District Courts for urgent matters, such as requests for release on bail for freshly arrested people or those already in detention, protection orders for children and victims of domestic violence, and cancellation of arrest warrants. Those cases are still being conducted via video conferencing.
Online government services
Since a few years, an e-Procurement System and e-Work Permit System have been made operational and Building and Land Permit (BLP) applications can be made online. The use of end-to-end systems e.g e-Registrar General, e-Work Permit, e-Procurement and the use of Digital Signatures in newly implemented systems such as e-Registrar General, e-Procurement have been welcomed by all parties.
The National Budget 2020-21 introduced additional measures destined further to improve the local business environment by encouraging the use of e-services such as:
- the Corporate and Business Registration Department (CBRD) which will become the central repository for all business information and licences through a digital platform;
- the submission of all deeds for registration of property through the Mauritius e-Registry System; and
- the launch of a new Land Administration and Valuation Information Management System (LAVIMS) based on blockchain technology.
The Central Bank digital currency is part of the new products that will be introduced in line with the recommendations of the 10-Year Blueprint. A new sandbox framework will be introduced to enable development of proof of concepts and pilot exercises to test the potentials of innovative technologies. The Bank of Mauritius will also come up with new frameworks for digital banking, private banking and wealth management by banks.
Digitalisation of other sectors of the economy
The insurance sector
Another good example of a move towards digitalisation, which in the current climate is proving to be very beneficial to insurance companies, is the Financial Services Commission allowing the said entities to sell insurance online and to issue insurance policy documents in digital format.
Contracts of insurance that are made over the Internet should include a form of signature, from all parties, to authenticate the document i.e. to identify the parties to the electronic contract, along with the electronic signature of the consumer certifying that the information and details submitted are true and correct, recording the consumer’s intention to purchase the insurance product, and serving as a statement that the consumer has read and submitted information in good faith.
A lot of businesses have also managed to ensure continuity with online platforms for submission of documents and statutory filings, setting up of companies amongst others.
The banking sector
Digitalisation in the banking sector has also been a must in this modern era. Cheque truncation, internet banking, mobile banking, cross-border transfer of funds, amongst others are just a few examples of the evolution of the banking sector in Mauritius.
The Financial Action Task Force (FATF) has been considering fintech and regulation technology (Regtech) in an attempt to support innovation in financial services, while addressing the regulatory and supervisory challenges posed by emerging technologies. The FATF has agreed to initiate a project on investigative best practices related to virtual currencies/crypto-assets to assist law enforcement in the light of the growing risks.
Moreover, the recent outbreak of COVID-19 has led the Central Bank to urge the population to resort to digital transactions carried out on their Internet Banking and Mobile Banking platforms and for contactless card payment to be effected during the lockdown period. One of the largest commercial banks in Mauritius, the Mauritius Commercial Bank, has created the “e-shop” platform to assist its customers with online shopping. However, with e-banking, the risk of AML/CFT is at its peak. Mauritius has to review its legislative framework applicable to fintech-driven financial services as well as the companies offering them.
Mauritius Telecom, the major provider of voice, mobile, Internet and data communication services in Mauritius, has created a platform to assist businesses which do not have an online presence, whereby people can do their online shopping and choose from various vendors. Digitalisation by Mauritius Telecom has been characterised recently by the implementation of my.t money, whereby people could use their phone to pay with a tap, scan to pay, transfer money to someone else’s phone, share bills and pay utility bills just with the magic of a click. The same regulation which applies to similar services within the banking sector applies to my.t money which is regulated by the Bank of Mauritius.
The ICT sector’s legal framework
The legal framework of the ICT sector is a concrete foundation for digitalisation in Mauritius. The framework consists of several legislations, namely the Information and Communication Technologies Act (2001), Electronic Transaction Act (2000), Computer Misuse and Cybercrime Act (2003), Data Protection Act (2017), National Computer Board Act (1988) and the Postal Services Act (2002).
The Postal Services Act 2002
The postal service in Mauritius has seen significant changes since its setting up in 1772. Keeping up with the trend, the postal service also embraced modernisation and digitalisation, and introduced the e-Commerce and Online Payment Services, e-Track & Trace (EMS, Parcels, Registered Mails), e-Telegram, Digital Signature Certificates and e-Ticketing.
The Postal Services Act enacted in 2002 has not been updated to cater for the digital instruments developed by the postal services. Nevertheless, the postal service is regulated by the Information & Communication Technologies Authority, as well as the Data Protection Act 2017 and the Electronic Transaction Act 2000, which are discussed below. This allows trust and security within the postal services. However, for legal certainty, it is recommended going forward that the Postal Services Act itself be amended to include provisions in line with its evolution.
National Computer Board Act 1988
The National Computer Board Act 1988 has set up the National Computer Board (NCB) in order to promote the development of ICT in Mauritius. The NCB, which falls under the aegis of the Ministry of Technology, Communication and Innovation, is a parastatal body administered by a board of directors.
The objects of the NCB as provided by the Act are as follows:
- to nurture the development and evolution of information technology, information systems and computer-related services in Mauritius;
- to advise government on the formulation of national policies in respect of the promotion, development and control of information technology and its applications; and
- to support the framing of suitable national education, training and research plans in the field of information technology in order to build the required know-how for consolidating the information technology industry in Mauritius.
Faced with the challenges brought about by globalisation and the threats it poses to the economy, the NCB has recently redefined its strategies with the clear object of turning Mauritius into an ICT hub. Its aim is to work with the government in making the ICT sector a key pillar of the economy.
As part of its mission, the NCB has organised numerous training programmes and events. It has held annual Infotech conferences to promote the development of the ICT sector. The Innovtech conference held in 2019 focused on innovation in the ICT sector. The NCB also helped in democratising access to ICTs by operating two cyber caravans which provided basic ICT trainings to various segments of the community. From July 2017 to date, 14,590 persons (including children, students, the unemployed) have been initiated on coding.
Computer Misuse and Cybercrime Act 2003
The increasing reliance on cyberspace brings new opportunities and new threats simultaneously. Cyber criminals are becoming more sophisticated and continue to develop malicious software and devise improved methods to attack computer systems and networks.
Investing in an effective legal framework to prevent cybercrime is of utmost importance in this day and age. The Computer Misuse and Cybercrime Act, enacted in 2003, illegalises certain acts committed through computer systems and advises on the manner of proceeding regarding the investigations into those acts. It is worth pointing out that, on 15 November 2013, Mauritius became the first African country to accede to the Budapest Convention on Cybercrime (the Convention).
Further to its accession, Mauritius amended and strengthened its laws to comply with the Convention. To ensure ongoing compliance with the Convention, Mauritius has to ensure that its existing laws are constantly revised.
The Computer Emergency Response Team of Mauritius (CERT-MU) is a division of the NCB operating under the aegis of the Ministry of Technology, Communication and Innovation. As per its Information Security Policy Statement: “the role of the CERT-MU is to coordinate cybersecurity response activities, promote cybersecurity at national level and monitor Internet threats and take appropriate remedial measures.”
It assists members of the public and entities in applying the right measures to minimise the risks of information security incidents and responding to such incidents as and when they occur. In a bid to increase the security posture at national level, CERT-MU is responsible for increasing the readiness with regards to, as well as managing the disruptions caused by, cyber threats. It also aims at securing the Mauritian cyberspace by establishing a front line of defence against cybercrime. The resilience to cyber-attacks is constantly being enhanced in order to have the right defence against the full spectrum of threats.
Unfortunately, in such times of uncertainty, where people should support each other to fight against the pandemic and its devastating effects worldwide, cyber threat actors are taking advantage of people’s amplified levels of concern and fear around COVID-19, and spreading fake news and swindling people out of their money or private data. CERT-MU is endeavouring to protect Mauritius and its people against cyber threats by alerting the people on fake news, viruses and providing security alerts on how to stay safe and work securely from home.
The CERT has published security alerts on protection measures, as well as ways to work securely from home. For instance, there is an inherent need for organisations to enforce their cybersecurity in order to deliver essential business operations in these times where the cyber front is rife with COVID-19 related threats and remote access is the go-to technology for communication. In such cases, the security alert helps organisations and employees in preparing and adopting a heightened state of cybersecurity to enhance their postures and stay cybersafe while telecommuting.
Another security alert helps in identifying phishing campaigns. The vast amount of news coverage surrounding the COVID-19 virus has created a new danger – phishing attacks looking to exploit public fears from this pandemic. In this perilous situation, it is vital to have a good “cyber hygiene” and for companies to regularly educate, train and test employees on phishing risks. This security alert will help you to identify phishing campaigns and discusses best practices.
The Information and Communication Technologies Act 2001
The Information and Communication Technologies Authority (ICTA), established under the Information and Communication Technologies Act 2001, has for objectives to make access to information available to everyone, ensure that all operators enjoy a fair and equal chance in the industry which would benefit consumers in general, license and regulate the information and communication services and ensure that those services, including telecommunication services, are reasonably accessible and affordable.
The ICTA encourages the optimal use of information and communication technologies in all areas, promoting the competitiveness of Mauritius and furthering the advancement of technology.
By virtue of the Act, the Authority has the power, inter alia, to issue licences and to make such determinations, issue such directives and guidelines and do such acts and things as are incidental or conducive to the attainment of its objects and the discharge of its functions.
The Electronic Transaction Act 2000 (ETA)
Digital and electronic signatures
The ETA was enacted to, inter alia, facilitate electronic communications by means of reliable electronic records as well as facilitate e-commerce and the promotion of the development of the required legal and business structure to implement safe e-commerce.
It has brought about important changes which have greatly facilitated electronic transactions. One of the main features of the Act is that it has made electronic and digital signatures valid and enforceable and has amended the Mauritian Civil Code by adding articles 1316-1 to 1316-5 accordingly.
Under the ETA, electronic records and legal documents executed using electronic signatures are legally valid and enforceable without any declaration of intent between the originator and the addressee. This has proved to be extremely useful during the lockdown that followed the COVID-19 pandemic.
The Mauritian Public Key Infrastructure (PKI) became operational when the first Certification Authority (CA) came into operation in May 2012. The CA issues digital certificates to Mauritian end-users who use these certificates to secure their online transactions in a comprehensive manner.
Another salient feature of the ETA is to enable electronic filing of documents with government agencies and statutory corporations and to promote efficient delivery of government services by means of reliable electronic records.
The ETA also aims at minimising the incidence of forged electronic records, the intentional and unintentional alteration of records, and fraud in e-commerce and other electronic transactions. It helps to establish uniformity of rules, regulations and standards regarding the authentication and other electronic transactions, promote public confidence in the integrity and reliability of electronic records and e-commerce, and foster the growth of e-commerce through usage of electronic signatures to provide authenticity and integrity to correspondence in any electronic medium.
To this end, the ETA clarified the rights and obligations of users by its provisions with the sole aim to facilitate e-commerce and the promotion of the development of the legal and business infrastructure necessary to implement secure e-commerce.
The Data Protection Act 2017 (DPA)
Mauritius understands the implications of digitalisation with regards to data protection. To cater for these implications, the government, through the Data Protection Act of 2017, has imposed comprehensive sets of provision to better protect both the public and the private sector. Data protection combines elements of human rights and consumer protection and is considered a fundamental right. Data protection regulation is also seen as an enabling law, which facilitates the development of new technologies and innovations. Inadequate protection can cause negative market effects by reducing consumer confidence, and overly rigorous protection can unduly restrict businesses, causing adverse economic effects. The Mauritian data protection and privacy law seeks as much as possible to balance these different concerns and interests, ideally in a way that does not unnecessarily hamper the scope for technological development. Mauritius data protection and privacy legislation has been brought up to par with international best practices, including the European Union’s General Data Protection Regulation (GDPR).
The way forward
In general, Mauritius has taken significant initiatives in joining the trend for digitalisation. Concrete plans have been proposed by the government to harness the real potential of digital technologies. However, the country still has a long way to go to become fully digitalised. More importantly, making a secured system of work within this so-called digitalised world is of upmost importance without disregarding the global trend to reduce licensing hurdles and to adopt technological neutrality which allows for greater competition.
Many countries are shifting from service-specific to converged licensing regimes, thus relieving investors from licensing rules which are too restrictive and cumbersome. In Mauritius, the convergence of the different regulatory bodies (ICT, broadcasting, posts) into a single regulatory entity is a declared government policy. Measures are being taken to provide the appropriate legal framework. In Mauritius, several sectors have different regulatory institutions, but the government is aiming at converting the several institutions into a single regulatory entity which would provide for a standard, transparent regulatory system.
Appendix: Recommendations of the Strategy
- Digital-by-Default Services: Provision of services via the digital channel by default while at the same time assisting users with limited digital skills in using digital services via support desks.
- Once-Only Principle: Capture data only once from citizens and stakeholders and re-use the data (e.g. copy of IDs, proof of address, birth/marriage/death certificate) as it will already be available within the government database.
- End-to-End Services: Converting existing services into transactional services which are paperless, end-to-end and do not necessitate physical travel or office hopping, through cross-agency collaboration, interoperability and data sharing between systems.
- Co-creation of Services: Engagement and working closely with citizens and other stakeholders in the formulation and design of services.
- Open Data-by-Default: Establishment of mechanisms to ensure regular release of non-personal and non-sensitive data of public interest in an open and anonymised format by Ministries/Departments and engagement of public for co-creation of open data-driven apps.
- Agile Principle: Embracing an iterative way of implementing services through harvesting user feedback and improving services until fully operational.
- Digital Skills: Review national digital skills programme to cater for digital natives and digital immigrants. Enablement of public officials and service owners with digital skills and capabilities to use technologies and support digital service delivery. Foster digital knowledge in high-ranking executives to guide the digital transformation through executive trainings. Constant and tailored capacity building programmes and industry exposure on technology and business domains to ICT staff supporting the digital ecosystem.
- Data-Driven Culture: Integrate use of data for informed decision-making, policy formulation, monitoring and continuously improving quality of services. Calculating achievement and benefits of government services using key performance indicators and publication of public service usage figures.
- E-Business Strategies: Formulation of e-Business strategies at Ministries/Departments level for streamlining and simplification of their business processes and modes of operation with a blueprint to address key elements of digital transformation.
- E-Participation: Provision of digital platforms for integrating citizens and other stakeholders’ views in government decision-making processes. Engagement with public and distribution of information by Ministries/Departments on social media channels.
- E-Procurement-by-Default: Implementation of “e-procurement-by-default” principle and provision of training and support to both public bodies and suppliers.
- E-Governance: Governance structures such as High-level Digital Government Task Force, Minister-led Committees and Project Steering Committees to look into whole of government, organisational-level and project-level digital transformation.
- Digital Inclusiveness: Provision of online services, which are easy to use for people with varying abilities. Establishment of mobile-friendly services that are the favoured channel of most citizens. Undertaking uptake of government services through awareness campaigns using digital marketing channels.
- The UN E-Government Survey report looks at how e-government can facilitate integrated policies and services across the three dimensions of sustainable development, and is produced every two years by the UN Department of Economic and Social Affairs. It is the only global report that assesses the e-government development status of the 193 UN member states. It serves as a tool for countries to learn from each other, identify areas of strength and challenges in e-government and shape their policies and strategies in this area. It is also aimed at facilitating discussions of intergovernmental bodies, including the United Nations General Assembly and the Economic and Social Council, on issues related to e-government and development and to the critical role of ICT in development.