> Table of contents
[Introduction 2](#introduction)
[The provisions 4](#the-provisions)
1.
2.
3.
4.
5.
6.
7.
[Interpretation Rules 4](#interpretation-rules)[Scope and Application:
8](#scope-and-application)[Definitions and connected Rules
12](#definitions-and-connected-rules)[Authorisation/Licensing Procedures
14](#authorisationlicensing-procedures)[Certification by Private
Conformity Assessment Bodies
19](#certification-by-private-conformity-assessment-bodies)[Recognition
of Foreign Approvals and Certificates
28](#recognition-of-foreign-approvals-and-certificates)[Obligations of
(Economic) Actors 33](#obligations-of-economic-actors)[H: Liability of
Actors 39](#h-liability-of-actors)
[I: Risk Management 40](#i-risk-management)
[J. Public Ensurance of Compliance
41](#j.-public-ensurance-of-compliance)
[K: Enforcement Powers 48](#k-enforcement-powers)
[L: Third Party Enforcement Assistance
54](#l-third-party-enforcement-assistance)
13.
14.
15.
16.
17.
[Dispute Resolution 64](#dispute-resolution)[Data and Information
68](#data-and-information)[Emergencies 72](#emergencies)[Financial
Implementation 74](#financial-implementation)[Final Provisions /
Miscellaneous 76](#final-provisions-miscellaneous)[MODULE 1 (CIVIL /
ADMINISTRATIVE) PENALTIES 84](#module-1-civil-administrative-penalties)
# Introduction
This document contains mostly very general provisions. It is intended as
a source of inspiration for those drafting laws and other forms of
regulation in any regulatory or policy area. Readers are invited to
select provisions that they consider useful for their specific
regulatory or legislative task and to adapt them to their specific
needs. No provision should be taken without considering the need for
adaptation.
The document is not intended to be a universal generic model law.
However, in the absence of a sector-specific model law, it can be used
as a basis for drafting legislation and other forms of regulation. If
you intend to use the document in this way, you should be aware that it
contains redundancies, partly because it is derived from very different
legal traditions. For example, in some jurisdictions, interpretive rules
are placed at the beginning, while in others, at the end. To reflect
this, we have placed scope-related interpretative provisions at the
beginning and at the end whilst recognising the interest in placing all
interpretative rules in one place. Moreover, we kept redundancies as
hardly any user will use the document in its entirety. Accordingly,
certain topics appear at various places.
The document has been produced by two artificial intelligence programs
known as Large Language Models (LLMs): Claude (Anthropic) and
Perplexity. It is the result of a long series of instructions and tasks
that took the human in charge several days to complete.the document was
only marginally revised by humans. The order of the provisions, and the
provisions themselves, could be improved depending on the jurisdiction.
However, as its main purpose is to serve as a kind of quarry, the
document can already be used to make draft legislation more complete.
The basic pattern of the document has been developed using the
[Regulatory Institute’s model
laws,](https://www.howtoregulate.org/category/ri-model-laws/)
because these model laws integrate regulatory knowledge from many
jurisdictions and sectors alike. They, therefore, provide an excellent
international and cross-sectoral basis.
However, the LLM interface Perplexity[1](#_bookmark1) has, in
many cases, suggested additional very sensible rules based on
regulations that have been sifted through around the world. In doing so,
Perplexity continued the Regulatory Institute’s approach of learning
from regulators in all sectors around the world and making the knowledge
gathered available globally and across sectors. It is this approach that
has been continued by regulatory practitioners supporting the Regulatory
Institute who manually redacted the text to a modest extent. The
document is therefore the result of three rounds of international
gathering of regulatory knowledge. Feel free to suggest further
improvements.
This document is complemented by two lists that have been developed in
the same work process:
- The list of powers/obligations;
- The list of sanctions and accompanying measures.
Inadvertently, the document proves that at least some LLM can be used to
complement draft regulations and to make them more effective. If you
want to embark on the adventure of LLM- based regulatory completeness,
check or similar forms of revision, here are a few tips:
- Do not underestimate the time involved. Plan your work to avoid long
interruptions, because controlling LLMs for large tasks is also
complex and requires a lot of attention, oversight and memory on the
part of the LLM user. For example, the ‘raw’ lists of provisions used
in the three documents produced by this working process took more than
20 hours to produce without any review, and the light review took even
longer.
> 1 Strictly speaking,
> Perplexity is not an independent LLM, but an interface that builds on
> various LLMs.
- Test various LLMs. The LLMs we found to be particularly performing
might not be the most performing tomorrow. If you do not have time to
test various LLMs, seek advice from us. The most commonly known LLM
(currently ChatGPT) might not be the best performing one.
- Communicate with LLMs as you would with a person.
- Sometimes, ask if things are clear or to rephrase the task.
- Be aware that the LLM, like a person, may want to be lazy and cut
corners. It may also cheat a little here and there. Give clear
feedback on this.
- If the LLM does not ‘know’ where to look for good provisions, refer to
[www.howtoregulate.org](http://www.howtoregulate.org/) and the
laws of New Zealand, Singapore, Hong Kong, Canada and South Korea.
South American laws also contain interesting provisions. US and
European Union laws have been digested by LLMs anyway.
- Make your instructions as detailed as possible. You can also ask the
LLM to fine-tune the instructions in a first round before asking them
to complete the task.
- Break up large documents into manageable chunks.
- Be careful about cumulating different tasks in one instruction - this
often leads to unwanted results.
- Evaluate each interim result and give feedback. It is tedious, but
worth it in the end.
- Ask for a redo if you are not happy with the result.
- Be clear about your objectives and the overall goal, because sometimes
the LLM will identify useful intermediate steps that you have not seen
yourself.
- Give another scheme as an example of format or structure.
- Check whether it is useful to refer to a model law
[developed](https://www.howtoregulate.org/category/ri-model-laws/)
or
[collected](https://www.howtoregulate.org/model-laws-library/)
by the Regulatory Institute to outline the format or structure.
- For the content, indicate reference documents (e.g. existing laws or
model laws) that should be used as basis.
- If your LLM cannot digest information from the internet (like the
otherwise currently excellent LLM “Claude Sonnet 3.5”, which can also
be accessed via a professional Perplexity subscription), upload the
reference documents as pdf or txt files. For example, we have uploaded
a slightly truncated .txt file with all the model laws from the
Regulatory Institute. We can provide this file on request.
- Use the following document as a starting point or reference when
instructing LLMs. Select the parts that you are interested in.
# The provisions
## Interpretation Rules:
### Hierarchy of Goals:
1. Where there is conflict between the goals of this Act, the following
hierarchy shall apply:
1) \[Primary goal, e.g., “protection of public health and
safety”\];
2) \[Secondary goal, e.g., “environmental protection”\];
3) \[Tertiary goal, e.g., “economic development”\];
4) \[Quaternary goal, e.g., “technological innovation”\].
2. Notwithstanding subsection 1.1, where the pursuit of a higher-ranked
goal would result in disproportionate harm to a lower-ranked goal,
the Competent Authority may, after careful consideration and
justification, prioritise the lower-ranked goal in that specific
instance. The exercise of such prioritisation is subject to judicial
control.
3. In cases of conflict between goals not explicitly ranked in
subsection 1.1, the Competent Authority shall make a determination
based on the following factors:
1) The potential impact on public welfare;
2) The urgency of addressing each goal;
3) The long-term consequences of prioritising one goal over
another;
4) The reversibility of any negative consequences; and
5) The principle of proportionality.
4. The Competent Authority shall publish guidelines detailing the
application of this hierarchy, which shall be updated annually based
on practical experience and stakeholder feedback.
### Purposive Interpretation:
1. This Act shall be interpreted in a manner that best ensures the
attainment of its goals and the goals’ subgoals whilst respecting
the following values and principles:
- the principle of rule of law;
- the protection of human rights;
> \- … .
1. In case of ambiguity, the interpretation that best advances the
goals / purposes of this Act shall be preferred.
### Precautionary Principle:
1. Where there is a threat of serious or irreversible damage to
\[protected interest, e.g., “public health”, “the environment”\],
lack of full scientific certainty shall not be used as a reason for
postponing cost-effective measures to prevent such damage.
2. In applying the precautionary principle, the Competent Authority
shall:
1) Conduct a preliminary evaluation to ascertain the level of
scientific uncertainty;
2) Assess the potential consequences of inaction;
3) Evaluate the proportionality of the proposed precautionary
measures;
4) Examine the economic costs and benefits of action or inaction;
5) Maintain transparency in the decision-making process; and
6) Review the measures as new scientific data become available.
3. Precautionary measures shall be:
1) Proportional to the chosen level of protection;
2) Non-discriminatory in their application;
3) Consistent with similar measures already taken;
4) Based on an examination of the potential benefits and costs of
action or lack of action; and
5) Subject to review in the light of new scientific data.
4. The Competent Authority shall establish a scientific committee to
advise on the application of the precautionary principle in complex
cases.
### Proportionality:
1. All measures taken and interpretations chosen under this Act must be
proportionate to the objectives pursued.
2. In assessing proportionality, the following factors shall be
considered:
1) The suitability of the measure to achieve the desired objective;
2) The necessity of the measure, considering whether less
restrictive alternatives could achieve the same objective; and
3) The balance between the benefits of the measure and any adverse
effects on individual rights or interests.
3. Where a measure imposes financial burdens, the following limits of
proportionate affordability shall apply:
1) For individuals:
1) No natural person shall be required to spend more than
\[X\]% of their annual income on compliance measures, unless
their net worth exceeds \[Y\].
2) No natural person shall be required to spend on compliance
measures if such expenditure would deprive them of resources
needed for basic necessities.
2) For commercial legal persons:
1) No commercial legal person shall be required to spend more
than \[Z\] times the commercial value of the regulated
entity or activity on compliance measures.
2) No commercial legal person shall be required to take
measures that would render it economically unviable, as
determined by an independent financial audit.
4. The Competent Authority shall publish detailed guidelines on the
application of the proportionality principle, including worked
examples and case studies.
5. When assessing proportionality, the Competent Authority shall
consider the availability and feasibility of technological solutions
that may reduce the burden of compliance.
### Definitions:
1. The definitions provided in Section \[X\] of this Act shall be
construed as legal fictions for the purposes of this Act.
2. Where a term is defined in this Act, other grammatical forms of the
same word shall have corresponding meanings.
3. In this Act, unless the context otherwise requires:
1) Words in the singular include the plural and vice versa.
2) Words importing a gender include every other gender.
3) References to a person include both natural and legal persons.
4) References to writing include any mode of representing or
reproducing words in visible form, including electronic forms.
4. The Competent Authority may issue interpretative guidelines to
clarify the application of defined terms in specific contexts.
### Legal Fictions:
1. For the purposes of this Act:
1) Any action taken on or via the Internet shall be deemed to have
been taken in \[State X\] if this Act applies to that action.
2) Any effect observed on or via the Internet shall be deemed to
have occurred in \[State X\] if this Act applies to that effect.
2. In case of uncertainty regarding the place of an action or effect
relevant to this Act, it shall be rebuttably presumed that the
action, its effect, and the causal chain in between occurred in
\[State X\].
### Delegation of Power to Amend Definitions and Legal Fictions:
1. The \[relevant Minister\] may, by \[type of regulation\]:
1) Amend the definitions provided in Section \[X\] of this Act;
2) Introduce new definitions as necessary for the effective
implementation of this Act;
3) Exclude certain categories of persons or entities from the
definitions provided in Section \[X\]; and
4) Amend the legal fictions provided in Section 6.
2. In exercising the power under subsection 7.1, the \[relevant
Minister\] shall:
1) Act only for the purpose of:
1) Adapting the definitions or legal fictions to technological
or market developments;
2) Ensuring the effective implementation of this Act; and
3) Avoiding disproportionate application of this Act to certain
categories of persons or entities.
2) Consult with:
1) The Competent Authority;
2) Relevant stakeholders; and
3) The \[relevant parliamentary committee\].
3) Publish a draft of the proposed changes for public comment at
least \[X\] days before their adoption.
4) Provide a detailed justification for any changes made.
3. Any amendment made under this section shall be:
1) Laid before \[Parliament\] for a period of \[X\] days, during
which it may be annulled by a resolution of \[Parliament\];
2) Published in the \[Official Gazette\]; and
3) Accompanied by updated guidance from the Competent Authority on
its practical application.
### Transparency:
1. The Competent Authority shall maintain a consolidated version of all
definitions and legal fictions, incorporating any amendments, which
shall be freely accessible to the public.
2. The Competent Authority shall maintain and regularly update a
publicly accessible database of interpretative decisions to ensure
consistency and transparency in the application of this Act.
3. The interpretative decisions database shall include a search
function and cross-referencing system to facilitate easy access and
understanding of related interpretations.
### Special Interpretation Rules regarding Liability:
1. Legal persons shall be held liable for offences under this Act
committed for their benefit by any person who has a leading position
within the legal person, acting either individually or as part of an
organ of the legal person, based on:
1) A power of representation of the legal person;
2) An authority to make decisions on behalf of the legal person; or
3) An authority to exercise control within the legal person.
2. Legal persons shall also be held liable where the lack of
supervision or control by a person referred to in subsection 9.1 has
made possible the commission of an offence under this Act for the
benefit of the legal person by a person under its authority.
3. Liability of a legal person under subsections 9.1 and 9.2 shall not
exclude criminal proceedings against natural persons who are
perpetrators, inciters or accessories in the offences referred to in
those subsections.
4. For the purposes of this section:
1) “Benefit” includes direct financial gain, other economic
advantages, and non-economic benefits such as reputational
enhancement;
2) “Leading position” shall be determined based on the actual
authority and responsibility of the individual, regardless of
their formal title or position.
5. In determining the liability of a legal person, the court shall
consider:
1) The nature and gravity of the offence;
2) The extent of the damage caused;
3) The level of cooperation of the legal person with investigating
authorities;
4) The existence and effectiveness of compliance programs or other
preventive measures; and
5) Any prior offences committed by the legal person.
6. The Competent Authority shall issue guidelines on the interpretation
and application of corporate liability under this Act, including
examples of best practices for preventing liability.
7. The Competent Authority shall establish minimum standards for
compliance programs that, if met, may serve as mitigating factors in
determining liability under this Act.
### Burden of Proof:
1. In any proceedings for an offence under this Act, the prosecution
bears the burden of proving all elements of the offence beyond
reasonable doubt.
2. Notwithstanding subsection 10.1, where a person is charged with an
offence under this Act, the burden of proving a defense of lawful
authorisation or reasonable excuse shall lie upon the accused, to be
discharged on the balance of probabilities.
3. Where this Act creates a presumption with respect to any fact, the
court shall regard such fact as proved unless the contrary is
proved, with the burden on the party seeking to rebut the
presumption to be discharged on the balance of probabilities.
4. In civil proceedings related to this Act, the standard of proof
shall be on the balance of probabilities, unless otherwise
specified.
5. Where a party to proceedings under this Act alleges that a person
has engaged in conduct in contravention of this Act, the party bears
the burden of proving the contravention.
6. Notwithstanding subsection 10.5, where proceedings relate to a
contravention by a person in a special position of responsibility or
knowledge (such as a licensee or certified entity), the person shall
bear the burden of proving compliance with their obligations under
this Act.
7. The Competent Authority may issue guidelines on the practical
application of burden of proof rules in proceedings under this Act,
including examples and case studies.
## Scope and Application:
### Territorial Scope:
1. This Act applies to all activities, persons, and entities within the
territory of \[State X\], including:
1) Land territory;
2) Internal waters;
3) Territorial sea;
4) Airspace above these areas;
5) Exclusive economic zone; and
6) Continental shelf.
2. For the purposes of this Act, the following shall be considered part
of the territory of \[State X\]:
1) Vessels registered in \[State X\], regardless of their location;
2) Aircraft registered in \[State X\], regardless of their
location; and
3) Artificial islands, installations, and structures in the
exclusive economic zone or on the continental shelf over which
\[State X\] exercises jurisdiction.
3. This Act shall apply to activities in Antarctica where \[State X\]
exercises jurisdiction under the Antarctic Treaty System.
4. This Act applies to activities having effects on \[State X\] or
conducted by \[State X\] entities or individuals in outer space,
including on celestial bodies, in accordance with international
space law.
### Personal Scope:
1. This Act applies to:
1) All natural persons who are:
1) Citizens of \[State X\], regardless of their location;
2) Permanent residents of \[State X\];
3) Stateless and have their habitual residence in \[State X\];
4) Temporarily present in \[State X\];
2) All legal persons:
1) Incorporated or registered in \[State X\];
2) Having their principal place of business in \[State X\];
3) Controlled by natural or legal persons of \[State X\];
3) All public entities of \[State X\], including:
1) Government ministries and departments;
2) Statutory bodies;
3) State-owned enterprises;
4) Foreign natural or legal persons engaging in activities covered
by this Act within \[State X\] or having effects in \[State X\].
2. This Act applies to stateless persons who have their habitual
residence in \[State X\] or who are present in \[State X\] at the
time of the relevant activity.
3. This Act applies to the acts and omissions of persons covered by
subsection 12.1, regardless of whether such acts or omissions occur
within or outside \[State X\], if they have effects within \[State
X\] or on interests protected by this Act.
### OR
1. This Act applies to:
1) All natural persons:
1) Residing within the territory of \[State X\];
2) Engaged in activities covered by this Act within the territory
of \[State X\], regardless of their place of residence;
3) Who are citizens of \[State X\], in respect of activities
covered by this Act, regardless of their location;
2) All legal persons:
1) Incorporated or registered in \[State X\];
2) Having their principal place of business in \[State X\];
3) Engaged in activities covered by this Act within the territory
of \[State X\];
3) All public entities operating within the territory of \[State X\];
4) All actions affecting \[protected interests\] of persons within the
territory of \[State X\], regardless of the actor’s location.
### Material Scope:
1. This Act applies to all activities related to \[specific subject
matter, e.g., “environmental protection”, “financial services”,
“public health”\], including but not limited to:
1) \[List specific activities covered\];
2) Research and development in the field of \[subject matter\];
3) Manufacturing of products related to \[subject matter\];
4) Provision of services related to \[subject matter\];
5) Import, export, and transit of goods related to \[subject
matter\];
6) Marketing and advertising of products or services related to
\[subject matter\];
7) Disposal or recycling of products related to \[subject matter\];
8) All actions committed with regard to or by \[State X\] public
servants, regardless of location;
9) All actions negatively affecting \[State X\] public or private
entities;
11) All actions negatively affecting foreign public entities where
either the agents or their principals:
1) Reside in or have a place of business in \[State X\], or
2) Are citizens of or legal persons under the law of \[State X\].
1. This Act applies to both commercial and non-commercial
activities falling within its scope.
2. The Competent Authority may issue guidelines clarifying the
application of this Act to specific activities or sectors.
3. The Competent Authority shall review and update the scope of
activities covered by this Act annually to ensure it encompasses
emerging technologies and practices related to \[subject
matter\].
4. Where an activity falls under multiple regulatory frameworks,
this Act shall apply in conjunction with other relevant
legislation, with the Competent Authority coordinating with
other regulatory bodies to ensure consistent and comprehensive
oversight.
### Temporal Scope:
1. This Act applies to all activities, events, and circumstances
occurring after its entry into force.
2. With respect to continuing situations that began before the entry
into force of this Act and persist after its entry into force, this
Act applies only to that part of the situation that occurs after its
entry into force.
3. This Act does not apply retroactively, except where:
1) It expressly provides for retroactive application;
2) It is more favorable to the person concerned in matters of
\[e.g., “criminal liability”, “administrative sanctions”\].
4. The non-retroactivity principle does not preclude the consideration
of events that occurred before the entry into force of this Act for
the purposes of:
1) Interpreting provisions of this Act;
2) Determining patterns of behavior;
3) Assessing the appropriateness of sanctions or remedies.
### Application to Online Activities:
1. This Act applies to online activities and digital services where:
1) The activity originates from \[State X\];
2) The service provider is established in \[State X\];
3) The effects of the activity are felt in \[State X\].
4) The service is offered to users in \[State X\]; and
5) The service is directed at \[State X\], as evidenced by factors
such as:
1) Use of the language or currency of \[State X\];
2) Possibility of ordering goods or services from \[State X\];
and
3) Use of a top-level domain name associated with \[State X\].
2. For the purposes of this Act:
1) A service provider is deemed to be established in \[State X\] if
it has its central administration or principal place of business
in \[State X\], regardless of where its technological
infrastructure is located;
2) The mere accessibility of a digital service in \[State X\] does
not alone constitute directing activities at \[State X\].
3. In applying this Act to online activities, the Competent Authority
shall take into account:
1) The global nature of the Internet;
2) The need to promote innovation and economic growth;
3) The protection of fundamental rights, including freedom of
expression and privacy; and
4) The principle of technological neutrality.
4. The Competent Authority shall issue guidelines on the application of
this Act to specific types of online activities and digital
services.
5. This Act applies to decentralised technologies, including but not
limited to blockchain-based services and decentralised autonomous
organisations (DAOs), where:
1) The majority of nodes or validators are located in \[State X\];
2) The founders or core developers are citizens or residents of
\[State X\];
3) The effects of the technology’s operation are primarily felt in
\[State X\]; and
4) The effects of the technology’s operation felt in \[State X\]
are significant.
6. This Act applies to artificial intelligence systems and automated
decision-making processes that affect individuals or entities in
\[State X\], regardless of where the system is developed or
operated.
### Interaction with Other Laws:
1. This Act is without prejudice to:
1) \[List relevant international treaties and conventions\];
2) \[List relevant regional agreements, e.g., EU regulations for EU
member states\];
3) \[List relevant national laws\].
2. In case of conflict between this Act and:
1) International treaties ratified by \[State X\], the provisions
of the international treaties shall prevail;
2) Other national laws, the provisions of this Act shall prevail
unless the other law expressly provides otherwise \[and/or the
other law is adopted later than the respective provisions of
this Act\].
3. Nothing in this Act shall be construed as limiting or derogating
from any rights or protections provided under:
1) The Constitution of \[State X\];
2) \[List other fundamental rights instruments\].
4. The Competent Authority shall maintain and regularly update a
publicly accessible database detailing the interaction between this
Act and other relevant laws and regulations.
5. The Competent Authority may establish regulatory sandboxes to test
innovative products, services, or business models that may not fully
comply with existing regulations, provided that:
1) The sandbox participants adhere to specific consumer protection
and risk mitigation measures;
2) The duration and scope of the sandbox are clearly defined; and
3) The results of the sandbox are used to inform potential
regulatory updates.
### Extraterritorial Application:
1. This Act applies to conduct outside \[State X\] by a citizen,
permanent resident, or entity incorporated or registered in \[State
X\] if the conduct:
1) Forms part of an offence under this Act where a constituent
element occurred in \[State X\];
2) Forms part of an offence under this Act that is intended to
have, or has, a substantial effect in \[State X\]; and
3) Would constitute an offence under this Act if it occurred in
\[State X\], and the person or entity has not been prosecuted
for the conduct in another jurisdiction.
2. This Act applies to conduct outside \[State X\] by any person if the
conduct:
1) Affects the \[protected interests\] of \[State X\] or its
citizens;
2) Is directed against critical infrastructure of \[State X\]; and
3) Involves the bribery of a \[State X\] public official.
3. In exercising jurisdiction over extraterritorial conduct, the
Competent Authority shall consider:
1) The extent of the connection between the conduct and \[State
X\];
2) The impact of the conduct on \[protected interests\];
3) The principle of comity and the need to respect the sovereignty
of other states; and
4) The likelihood of effective enforcement.
4. The Competent Authority shall issue guidelines on the exercise of
extraterritorial jurisdiction under this Act, including examples and
case studies.
5. In exercising extraterritorial jurisdiction, the Competent Authority
shall:
1) Seek cooperation with relevant foreign authorities;
2) Consider entering into bilateral or multilateral agreements to
facilitate the enforcement of this Act across borders; and
3) Respect the principles of international comity and sovereign
equality of states.
### Exemptions:
1. This Act does not apply to:
1) \[Specific exemptions, e.g., “activities of the armed forces
during times of armed conflict”\];
2) \[Other exemptions\].
2. The Government may, by \[type of regulation\], fully or partially
exempt \[specific entities or activities\] from the application of
this Act in case of \[specific circumstances, e.g., “a public health
emergency”\], provided that:
1) The exemption is necessary for \[specific purpose\];
2) The exemption is proportionate to the aim pursued;
3) The exemption is limited in time and scope to the extent
necessary to achieve its purpose;
4) The exemption does not unduly prejudice the \[protected
interests\] this Act seeks to safeguard.
3. Any exemption granted under subsection 18.2 shall be:
1) Published in the \[Official Gazette\];
2) Notified to the \[relevant parliamentary committee\] within
\[X\] days;
3) Subject to review by the \[relevant parliamentary committee\],
which may recommend its revocation or modification, and subject
to further review by the Parliament.
4. The Competent Authority shall maintain a public register of all
exemptions granted under this section, including the reasons for
granting them and their duration.
5. The Competent Authority shall conduct a biennial review of all
exemptions granted under this Act to assess their continued
necessity and impact on the Act’s objectives. The results of this
review shall be published and submitted to \[relevant parliamentary
committee\].
### Severability:
1. If any provision of this Act or its application to any person or
circumstance is held invalid, the invalidity does not affect other
provisions or applications of the Act that can be given effect
without the invalid provision or application.
2. To this end, the provisions of this Act are severable.
## Definitions and connected Rules:
### Definitions:
1. In this Act, unless the context otherwise requires:
‘Act’ means \[official title of the Act\] \[and includes any regulations
made under it\].
‘Competent Authority’ means \[name of the authority\] established under
Section \[X\] of this Act.
‘Entity’ means any legal person, including but not limited to
corporations, partnerships, associations, and organisations, whether
incorporated or unincorporated, and any other non-natural legal person.
‘License’ means an authorisation, permit, or approval issued under this
Act. ‘Minister’ means the Minister responsible for \[relevant
portfolio\].
‘Person’ includes both natural and legal persons.
‘Prescribed’ means prescribed by this Act or regulations made under this
Act. ‘Public Entity’ means:
1) Any department or ministry of the government;
2) Any body established by or under any law;
3) Any body whose funds consist wholly or mainly of moneys provided
from public funds;
4) Any board, commission, committee, or other body whether paid or
unpaid, appointed by or on behalf of the Government.
‘Public Official’ means:
1) Any person holding a legislative, executive, administrative, or
judicial office, whether appointed or elected, whether permanent or
temporary, whether paid or unpaid, irrespective of that person’s
seniority;
2) Any other person who performs a public function or provides a public
service.
### Rules connected to definitions:
1. For the purposes of this Act: *(the following are just examples)*
1) A person offers an advantage if they, or any other person acting
on their behalf, directly or indirectly gives, affords, or holds
out, or agrees, undertakes, or promises to give, afford, or hold
out, any advantage to or for the benefit of or in trust for any
other person.
2) A person solicits an advantage if they, or any other person
acting on their behalf, directly or indirectly demands, invites,
asks for, or indicates willingness to receive, any advantage,
whether for themselves or for any other person.
3) A person accepts an advantage if they, or any other person
acting on their behalf, directly or indirectly takes, receives,
or obtains, or agrees to take, receive, or obtain any advantage,
whether for themselves or for any other person.
2. In this Act, unless the context otherwise requires:
1) Words in the singular include the plural and vice versa.
2) Words importing a gender include every other gender.
3) A reference to a person includes both natural and legal persons.
4) A reference to a section by number is a reference to the section
of this Act so numbered.
5) A reference to any legislation or regulation includes any
amendment, replacement, or re- enactment of that legislation or
regulation.
6) A reference to any other document does not include any
amendment, replacement, or re- enactment thereof.
### Empowerments:
1. The Competent Authority may issue interpretative guidelines to
clarify the meaning and application of these definitions in specific
contexts.
2. The Minister may, by regulation, amend or add to these definitions
as necessary to ensure the effective implementation of this Act,
subject to the following conditions:
1) Any proposed amendment or addition must be published for public
comment at least 30 days before it is made.
2) The Minister must consider all comments received during the
public comment period.
3) Any amendment or addition must be laid before Parliament and is
subject to annulment by resolution of Parliament within 40
sitting days.
3. A consolidated list of all definitions, including any amendments or
additions, shall be maintained by the Competent Authority and made
freely accessible to the public.
## Authorisation/Licensing Procedures:
### General Provisions for Licensing:
1. No person shall engage in \[regulated activity\] without a valid
license issued under this Act.
2. The Competent Authority shall be responsible for:
1) Receiving and processing license applications;
2) Issuing, renewing, suspending, and revoking licenses; and
3) Maintaining a public register of all licenses and licensees.
3. Types of Licenses:
1) Standard License: for \[describe activities\];
2) Restricted License: for \[describe limited activities\];
3) Temporary License: valid for a period not exceeding \[X\]
months; and
4) Special License: for \[describe unique or high-risk
activities\].
4. Duration of Licenses:
1) Standard and Restricted Licenses shall be valid for \[X\] years
from the date of issue;
2) Temporary Licenses shall be valid for the period specified, not
exceeding \[X\] months;
3) Special Licenses shall be valid for the period specified by the
Competent Authority, not exceeding \[X\] years.
### License Application Process:
1. Application Requirements:
An application for a license shall be made to the Competent Authority in
the prescribed form and shall include:
1) Full name and contact details of the applicant;
2) For legal persons:
1) Certificate of incorporation or registration;
2) Details of directors, partners, or trustees;
3) Organisational structure;
4) Property structure;
3) Description of proposed activities;
4) Evidence of financial resources, material resources, personnel and
technical capacities;
5) Criminal record check for individuals or key personnel of legal
persons;
6) Proof of insurance or other financial security as required;
7) A detailed business plan outlining the proposed activities, market
analysis, and financial projections;
8) Environmental impact assessment, where applicable;
9) Social impact assessment, where applicable; and
10) Any other information or document prescribed by regulations.
2. Application Fee:
1) Each application shall be accompanied by the prescribed fee;
2) The fee shall be non-refundable, regardless of the outcome of
the application\[, unless the negative outcome of the
application is a matter of responsibility of the Competent
Authority exclusively\];
3) The Competent Authority may waive or reduce the fee in cases of
demonstrated financial hardship.
3. Processing of Applications:
1) The Competent Authority shall acknowledge receipt of an
application within \[X\] working days;
2) If the application is incomplete, the Competent Authority shall
notify the applicant within \[Y\] working days, specifying the
additional information required;
3) The Competent Authority shall process complete applications
within \[Z\] days of receipt;
4) The Competent Authority may extend the processing period by up
to \[W\] days if additional verification is required, notifying
the applicant of such extension.
4. Evaluation Criteria:
In evaluating a license application, the Competent Authority shall
consider:
1) The applicant’s suitability, including financial standing, material
resources, personnel and technical capacities;
2) The applicant’s compliance history with this Act and other relevant
laws;
3) Public interest considerations;
4) Environmental and social impact assessments, where applicable;
5) Any other factors prescribed by regulations.
5. Public Consultation:
1) For Special Licenses or licenses for high-impact activities, the
Competent Authority shall publish a notice of the application
and invite public comments within \[X\] days;
2) The Competent Authority shall consider all relevant public
comments in its decision-making process;
3) The Competent Authority shall publish a summary of the public
comments received and the summarised responses to those comments
as part of the decision-making process.
### Issuance of Licenses:
1. Decision on Application:
1) The Competent Authority shall inform the applicant of its
decision in writing;
2) If the application is approved, the license shall be issued upon
payment of the prescribed license fee;
3) If the application is rejected, the Competent Authority shall
provide reasons for the rejection.
2. License Conditions:
1) The Competent Authority may impose conditions on a license,
including:
1) Operational restrictions;
2) Reporting requirements;
3) Environmental protection measures;
4) Safety and security measures;
2) License conditions shall be clearly stated in the license
document;
3) The Competent Authority may impose additional conditions based
on the specific nature of the licensed activity, including: (i)
Community engagement requirements;
2) Periodic third-party audits; and
3) Implementation of specific technological measures to ensure
compliance.
1) The licensee shall comply with all conditions attached to the
license.
1. License Register:
1) The Competent Authority shall maintain a public register of
all licenses issued and of respective licensees;
2) The register shall include:
1) Name and contact details of the licensee;
2) Type and duration of the license;
3) Scope of licensed activities; and
4) Any restrictions or special conditions; and
3) The register shall be accessible online and updated
regularly.
### Renewal of Licenses:
1. Renewal Application:
1) A licensee may apply for renewal of a license not later than
\[X\] months before its expiry;
2) The renewal application shall be in the prescribed form and
accompanied by the prescribed fee;
3) The Competent Authority may require updated information or
documents as part of the renewal process;
4) The Competent Authority shall provide a decision on the renewal
application at least \[Y\] days before the expiry of the current
license to ensure continuity of operations, and no later than
\[X\] \[time unit name\] after the renewal application
submission.
2. Renewal Criteria:
In considering a renewal application, the Competent Authority shall take
into account:
1) The licensee’s compliance history;
2) Any changes in circumstances since the original license was issued;
3) The continued suitability of the licensee; and
4) Public interest considerations.
3. Renewal Decision:
1) The Competent Authority shall inform the licensee of its
decision on the renewal at least \[Y\] days before the expiry of
the current license, and no later than \[X\] \[time unit name\]
after the renewal application submission;
\[OR\]
1) The Competent Authority shall inform the licensee of its decision on
the renewal not later than
\[X\] \[time unit name\] after the decision is provided;
2) If renewal is granted, the Competent Authority may modify the
conditions of the license;
3) If renewal is refused, the Competent Authority shall provide
\[sound\] reasons for the refusal.
### Modification, Suspension and Revocation of Licenses:
1. Modification by Competent Authority:
1) The Competent Authority may modify a license at any time if:
1) There is a change in legislation or regulations;
2) It is necessary to prevent or mitigate environmental harm;
3) It is in the public interest;
2) The Competent Authority shall give the licensee written notice
of the proposed modification and reasons for it;
3) The licensee shall have \[X\] days to make representations
regarding the proposed modification.
2. Modification on Request of Licensee:
1) A licensee may apply for modification of license conditions;
2) The application shall be in writing, stating the reasons for the
requested modification;
3) The Competent Authority shall consider the application within
\[Y\] days and may:
1) Approve the modification;
2) Approve the modification with changes \[provided the
licensee has agreed to them\];
3) Reject the modification, providing reasons for the
rejection.
4) The Competent Authority shall publish a notice of any approved
modifications and the reasons for such modifications.
3. Grounds for Suspension or Revocation:
1) The Competent Authority may suspend or revoke a license if:
1) The licensee has breached a condition of the license;
2) The licensee has contravened a provision of this Act or
regulations;
3) The licensee is no longer fit and proper to hold the
license;
4) It is necessary to prevent harm to public health, safety, or
the environment;
5) The licensee has failed to comply with any corrective
actions imposed by the Competent Authority within the
specified timeframe;
2) The Competent Authority may suspend a license if it has
reasonable grounds to suspect that any of the conditions
referred to in point (a) have been met.
4. Mandatory Revocation:
1) The Competent Authority must revoke a license if:
1) The licensee has endangered a person;
2) The licensee has instructed staff to violate this Act;
3) The license was obtained through corruption, fraud or
misrepresentation.
2) The Competent Authority must suspend a license if it has
reasonable grounds to suspect that any of the conditions
referred to in point (a) have been met.
5. Procedure for Suspension or Revocation:
1) The Competent Authority shall give the licensee written notice
of the proposed suspension or revocation, stating:
1) The grounds for the proposed action;
2) The facts relied upon;
3) The licensee’s right to make representations;
2) The licensee shall have \[X\] days to make representations;
3) The Competent Authority shall consider any representations
before making a final decision;
4) The Competent Authority shall notify the licensee in writing of
its final decision, including reasons.
6. Effect of Suspension or Revocation:
1) A suspended license shall not be valid for the period of
suspension;
2) A revoked license shall cease to be valid from the date of
revocation;
3) The licensee shall immediately cease all activities authorised
by the license upon suspension or revocation;
4) The licensee shall return the license document to the Competent
Authority within \[Y\] days of suspension or revocation.
7. Appeal Process:
1) The licensee may appeal the suspension or revocation decision to
the \[Appeals Tribunal/Court\] within \[Z\] days of being
notified of the decision;
2) The appeal shall be heard and decided within \[W\] days to
ensure timely resolution.
### Appeals:
1. Right of Appeal:
Any person aggrieved by a decision of the Competent Authority regarding:
1) The refusal to grant or renew a license;
2) The imposition of conditions on a license;
3) The modification, suspension, or revocation of a license;
4) The imposition of fines or penalties; and
5) Any other administrative action taken under this Act;
may appeal to the \[Appeals Tribunal/Court\] within \[Z\] days of being
notified of the decision.
2. Appeal Procedure:
1) The appeal shall be in writing, stating the grounds of appeal;
2) The appellant shall serve a copy of the appeal on the Competent
Authority;
3) The Competent Authority shall, within \[W\] days, file with the
\[Appeals Tribunal/Court\] a reply and all relevant documents;
4) The \[Appeals Tribunal/Court\] may, in its discretion, allow the
introduction of new evidence.
3. Powers of \[Appeals Tribunal/Court\]:
The \[Appeals Tribunal/Court\] may:
1) Confirm, vary, or set aside the decision of the Competent Authority;
2) Refer the matter back to the Competent Authority for
reconsideration;
3) Make any other order it deems just, appropriate and complying with
law.
4. Effect of Appeal:
1) The filing of an appeal shall not automatically stay the
decision of the Competent Authority;
2) The appellant may apply to the \[Appeals Tribunal/Court\] for a
stay of the decision pending the outcome of the appeal;
3) The \[Appeals Tribunal/Court\] may grant a stay if it is
satisfied that:
1) There is a serious question to be tried;
2) The appellant would suffer irreparable harm if the stay is
not granted;
3) The balance of convenience favors granting the stay.
4) The \[Appeals Tribunal/Court\] shall publish its decisions and
the reasons for those decisions to ensure transparency and
accountability.
### 28a. Fees:
28a.1 Setting of Fees:
1) The Minister may, by regulation, prescribe fees for:
1) License applications;
2) License issuance and renewal;
3) Modification of licenses;
4) Late renewal;
5) Replacement of lost or damaged license documents;
2) Different fees may be prescribed for different types or classes of
licenses;
3) Fees shall be reviewed annually and may be adjusted to reflect
changes in administrative costs.
4) The Competent Authority shall publish an annual report detailing the
fee structure, the rationale for any changes, and how the fees are
utilised to support regulatory activities.
28a.2 Payment of Fees:
1) All fees shall be paid in the prescribed manner;
2) A license shall not be issued or renewed until the relevant fee has
been paid;
3) The Competent Authority may, in cases of demonstrated financial
hardship, allow payment of fees in installments.
4) The Competent Authority may establish criteria for granting fee
waivers or reductions in cases of demonstrated financial hardship or
for activities that provide significant public benefits.
28a.3 Refund of Fees:
1) Application fees shall not be refundable, unless the negative
outcome of the application is a matter of responsibility of the
Competent Authority exclusively;
2) License fees may be partially refunded if a license is surrendered
before its expiry, on a pro- rata basis;
3) The Competent Authority may, in exceptional circumstances, authorise
a full or partial refund of any fee paid under this Act.
### 28b. Transitional Provisions[2](#_bookmark8):
28b.1 Existing Operators:
1) Any person engaged in \[regulated activity\] at the commencement of
this Act shall apply for a license within \[X\] months of such
commencement;
2) Such person may continue to operate pending the determination of
their license application;
3) If the license application is rejected, the person shall cease
operations within \[Y\] days of being notified of the rejection,
unless an appeal is filed;
4) The Competent Authority shall provide guidance and support to
existing operators to facilitate their transition to the new
licensing regime.
28b.2 Conversion of Existing Authorisations:
1) Any authorisation, permit, or license issued under \[previous
legislation\] shall remain valid until its expiry or for \[Z\]
months after the commencement of this Act, whichever is earlier;
2) The holder of such authorisation may apply to convert it to a
license under this Act at any time before its expiry;
3) The Competent Authority shall prescribe the procedure for such
conversion;
4) The Competent Authority shall ensure that the conversion process is
transparent, efficient, and minimises disruption to existing
operations.
### 28c. Review[3](#_bookmark9):
The Competent Authority shall conduct a periodic review, at least every
\[X\] years, of the licensing requirements and procedures to ensure they
remain relevant and effective in light of technological advancements and
market changes.
## Certification by Private Conformity Assessment Bodies:
### Designation of Conformity Assessment Bodies
1. The Competent Authority may designate private entities as Conformity
Assessment Bodies (CABs) for the purposes of this Act.
2. Types of CABs:
There are the following types of CABs:
1) Type A: authorised to conduct all conformity assessment activities;
2) Type B: authorised to conduct specific conformity assessment
activities as specified in their designation;
3) Type C: authorised to conduct conformity assessment activities for
specific sectors or products.
4) Type D: authorised to conduct also remote or virtual conformity
assessment activities using digital technologies.
> 2 Redundant if the
> transitional provisions at the end of the document are used.
>
> 3 Redundant if the review
> clauses at the end of the document are used.
3. Criteria for Designation:
To be designated as a CAB, an entity must:
1) Be a legal person registered in \[State X\];
2) Have the necessary technical competence and resources to perform
conformity assessment activities;
3) Be impartial and free from any conflict of interest in relation to
its conformity assessment activities;
4) Maintain appropriate liability insurance;
5) Comply with relevant international standards, including ISO/IEC
17000 series;
6) Have a quality management system in place;
7) Employ competent personnel with relevant qualifications and
experience;
8) Meet any other criteria prescribed by regulations;
9) Demonstrate financial stability and sustainability; and
10) Have robust cybersecurity measures in place to protect sensitive
data.
4. Application for Designation:
1) An application for designation as a CAB shall be made to the
Competent Authority in the prescribed form;
2) The application shall be accompanied by:
1) Proof of legal status;
2) Detailed description of the applicant’s conformity
assessment activities;
3) Evidence of technical competence;
4) Quality manual and relevant procedures;
5) List of qualified personnel;
6) Proof of liability insurance;
7) Declaration of impartiality;
8) Any other information or document prescribed by regulations;
9) Cybersecurity policy and procedures;
10) Business continuity and disaster recovery plans.
3) The application shall be accompanied by the prescribed fee.
5. Assessment of Applications:
1) The Competent Authority shall assess each application for
designation;
2) The assessment may include:
1) Document review;
2) On-site assessment;
3) Witness audits;
4) Proficiency testing; and
5) Virtual assessment of digital capabilities and cybersecurity
measures.
3) The Competent Authority may request additional information or
clarification from the applicant;
4) The assessment shall be completed within \[X\] days of receipt
of a complete application;
5) The Competent Authority shall publish a summary of the
assessment process and criteria on its website within \[X\] days
after the assessment completion.
6. Decision on Designation:
1) The Competent Authority shall within \[X\] days after the
assessment completion inform the applicant of its decision in
writing;
2) If the application is approved, the Competent Authority shall
issue a certificate of designation specifying:
1) The name and address of the CAB;
2) The type of designation (A, B, C, or D);
3) The scope of conformity assessment activities authorised;
4) Any conditions attached to the designation;
5) The period of validity of the designation; and
6) A unique identification number for the CAB.
3) If the application is rejected, the Competent Authority shall
provide reasons for the rejection.
4) The Competent Authority shall maintain a public register of all
designated CABs, accessible on its website.
7. Validity and Renewal of Designation:
1) A designation shall be valid for \[Y\] years from the date of
issue;
2) A CAB may apply for renewal of its designation at least \[Z\]
months before its expiry;
3) The renewal process shall include a reassessment of the CAB’s
compliance with the criteria for designation;
4) The Competent Authority may renew the designation with or
without modifications, or refuse to renew it, providing reasons
for any refusal.
5) The Competent Authority shall conduct periodic unannounced
assessments of designated CABs to ensure ongoing compliance.
### Obligations of Conformity Assessment Bodies:
1. General Obligations: A designated CAB shall:
1) Conduct conformity assessment activities in accordance with this
Act, regulations, and the terms of its designation;
2) Maintain its compliance with the criteria for designation at all
times;
3) Inform the Competent Authority of any changes that may affect
its compliance with the criteria for designation;
4) Cooperate with the Competent Authority in its monitoring and
oversight activities;
5) Maintain records of all conformity assessment activities for at
least \[W\] years;
6) Submit annual reports to the Competent Authority on its
conformity assessment activities;
7) Participate in relevant proficiency testing programs as directed
by the Competent Authority;
8) Maintain the confidentiality of information obtained during
conformity assessment activities, except as required by law;
9) Implement a continuous improvement program for its conformity
assessment processes;
10) Participate in relevant industry forums and standards
development activities.
2. Specific Obligations:
1) Impartiality:
1) A CAB shall be impartial and avoid any conflict of interest
in its conformity assessment activities;
2) A CAB shall not provide consultancy services to entities it
assesses or has assessed during the last \[X\] years;
3) A CAB shall document and implement safeguards against
conflicts of interest;
4) A CAB shall rotate assessment personnel to prevent
familiarity threats.
2) Competence:
1) A CAB shall employ personnel with the necessary education,
training, technical knowledge, and experience;
2) A CAB shall maintain and implement procedures for training
and monitoring of its personnel;
3) A CAB shall ensure that its personnel are free from any
commercial, financial, or other pressures that might
influence their judgment;
4) A CAB shall implement a competency management system,
including regular evaluations and continuous professional
development.
3) Responsiveness:
1) A CAB shall be responsive to complaints and appeals;
2) A CAB shall maintain and implement a documented procedure
for handling complaints and appeals;
3) A CAB shall inform the Competent Authority of any complaints
that may indicate systemic issues;
4) A CAB shall publish anonymised summaries of complaints and
their resolutions annually.
3. Use of Subcontractors:
1) A CAB may subcontract specific tasks related to conformity
assessment, provided that:
1) The subcontractor meets the relevant requirements of this
Act;
2) The CAB informs the client and obtains their consent;
3) The CAB retains full responsibility for the subcontracted
work;
4) The CAB has procedures to assess and monitor the competence
of subcontractors.
2) The CAB shall maintain a register of its subcontractors and make
this available to the Competent Authority upon request.
3) The CAB shall conduct annual audits of its subcontractors to
ensure ongoing compliance.
### Conformity Assessment Procedures:
1. General Principles:
1) Conformity assessment procedures shall be proportionate to the
risks involved;
2) Procedures shall be based on relevant international or national
standards;
3) Procedures shall be conducted in a transparent and
non-discriminatory manner;
4) Procedures shall respect the confidentiality of proprietary
information;
5) Procedures shall be designed to minimise the burden on economic
operators.
2. Types of Conformity Assessment: CABs may conduct the following types
of conformity assessment, as authorised in their designation:
1) Testing;
2) Inspection;
3) Certification of products, processes, or systems;
4) Certification of persons;
5) Any other type of conformity assessment prescribed by
regulations;
6) Remote or virtual assessments using digital technologies, where
appropriate.
3. Conformity Assessment Process:
1) Application:
1) An entity seeking conformity assessment shall apply to a
designated CAB;
2) The application shall include all information necessary for
the conformity assessment;
3) The CAB shall provide an estimated timeline and cost for the
assessment.
2) Review of Application:
1) The CAB shall review the application to ensure it is
complete and within its scope of designation;
2) The CAB may request additional information if necessary;
3) The CAB shall inform the applicant of any potential conflict
of interests.
3) Assessment:
1) The CAB shall conduct the assessment according to the
relevant procedure;
2) The assessment may include document review, on-site
assessment, testing, or inspection as appropriate;
3) The CAB shall use a risk-based approach in determining the
depth and frequency of assessments.
4) Evaluation:
1) The CAB shall evaluate the results of the assessment against
the relevant requirements;
2) The evaluation shall be conducted by personnel not involved
in the assessment;
3) The CAB shall document the evaluation process and results.
5) Decision:
1) The CAB shall make a decision based on the evaluation
results;
2) The decision shall be made by a person or persons not
involved in the assessment or evaluation;
3) The CAB shall provide a detailed report supporting its
decision.
6) Attestation:
1) If the decision is positive, the CAB shall issue the
appropriate attestation (e.g., certificate, mark of
conformity);
2) The attestation shall clearly state the scope of conformity
assessed;
3) The CAB shall maintain a public database of valid
attestations.
7) Surveillance:
1) Where ongoing conformity is required, the CAB shall conduct
periodic surveillance;
2) The frequency and extent of surveillance shall be
proportionate to the risks involved;
3) The CAB shall have procedures for unannounced surveillance
activities.
4. Suspension or Withdrawal of Attestations:
1) A CAB may suspend or withdraw an attestation if:
1) The holder no longer meets the relevant requirements;
2) The holder misuses the attestation;
3) The holder fails to allow surveillance or reassessment;
4) New information indicates that the product or system no
longer conforms to requirements.
2) The CAB shall inform the holder and the Competent Authority of
any suspension or withdrawal;
3) The CAB shall provide the holder with the opportunity to take
corrective action before final withdrawal;
4) The CAB shall publish information about suspended or withdrawn
attestations on its website.
### Oversight of Conformity Assessment Bodies:
1. Monitoring and Assessment:
1) The Competent Authority shall monitor the activities of
designated CABs to ensure ongoing compliance with this Act;
2) Monitoring activities may include:
1) Periodic on-site assessments;
2) Witness audits;
3) Review of CAB reports and records;
4) Investigation of complaints; and
5) Mystery shopping or undercover assessments.
3) The Competent Authority shall conduct a full reassessment of
each CAB at least once every
\[X\] years;
4) The Competent Authority shall implement a risk-based approach to
determine the frequency and intensity of monitoring activities.
2. Reporting Requirements:
1) Each CAB shall submit an annual report to the Competent
Authority, including:
1) Summary of conformity assessment activities conducted;
2) Any changes in personnel, facilities, or procedures;
3) Results of internal audits and management reviews;
4) Information on complaints and appeals;
5) Any other information prescribed by regulations; and
6) Financial statements and key performance indicators.
2) CABs shall immediately report to the Competent Authority any
matter that may affect their compliance with the criteria for
designation.
3) The Competent Authority shall publish an annual report on the
overall performance of the CAB system.
3. Non-Compliance and Sanctions:
1) If a CAB is found to be non-compliant with this Act or the terms
of its designation, the Competent Authority may:
1) Issue a warning;
2) Require corrective action within a specified timeframe;
3) Limit the scope of the CAB’s designation;
4) Suspend the CAB’s designation;
5) Withdraw the CAB’s designation; and
6) Impose financial penalties proportionate to the severity of
the non-compliance.
2) Before imposing any sanction, the Competent Authority shall:
1) Inform the CAB of the alleged non-compliance;
2) Provide the CAB with an opportunity to respond;
3) Consider any response or corrective action taken by the CAB;
4) Ensure that the decision-making process is independent of
the investigation process.
3) The Competent Authority shall maintain a public record of any
sanctions imposed on CABs.
4) The Competent Authority shall establish an appeals process for
CABs to challenge sanctions.
### Appeals and Dispute Resolution:
1. Appeals Against CAB Decisions:
1) Any person aggrieved by a decision of a CAB may appeal to the
CAB’s internal appeals process;
2) If dissatisfied with the outcome of the internal appeal, the
person may appeal to the Competent Authority within \[Y\] days;
3) The Competent Authority shall establish an Appeals Committee to
hear such appeals;
4) The Appeals Committee may:
1) Confirm the CAB’s decision;
2) Vary the CAB’s decision;
3) Set aside the CAB’s decision and refer the matter back to
the CAB for reconsideration;
4) In exceptional cases, substitute its own decision for that
of the CAB.
5) The Appeals Committee shall publish anonymised summaries of its
decisions to promote consistency and transparency.
2. Appeals Against Competent Authority Decisions:
1) Any person aggrieved by a decision of the Competent Authority
regarding CABs may appeal to the \[Administrative
Tribunal/Court\] within \[Z\] days;
2) The \[Administrative Tribunal/Court\] may:
1) Confirm the Competent Authority’s decision;
2) Vary the Competent Authority’s decision;
3) Set aside the Competent Authority’s decision and substitute
its own decision;
4) Refer the matter back to the Competent Authority for
reconsideration.
3) The decision of the \[Administrative Tribunal/Court\] shall be
final and binding.
3. Dispute Resolution:
1) The Competent Authority shall establish mechanisms for resolving
disputes between:
1) CABs and their clients;
2) Different CABs;
3) CABs and the Competent Authority;
4) CABs and other stakeholders in the conformity assessment
system.
2) These mechanisms may include mediation, arbitration, or other
alternative dispute resolution methods;
3) The use of these mechanisms shall not prejudice any party’s
right to seek judicial review;
4) The Competent Authority shall publish guidelines on the dispute
resolution processes available.
### Recognition of Foreign Conformity Assessment Results:
1. Criteria for Recognition: The Competent Authority may recognise
conformity assessment results from foreign CABs if:
1) The foreign CAB is accredited by an accreditation body that is a
signatory to relevant international mutual recognition
arrangements;
2) The conformity assessment was conducted according to procedures
equivalent to those required under this Act;
3) The recognition is in the public interest and does not
compromise safety, health, or environmental protection;
4) There is a reciprocal arrangement with the country of the
foreign CAB, unless unilateral recognition is deemed beneficial.
2. Procedure for Recognition:
1) The Competent Authority may:
1) Enter into mutual recognition agreements with foreign
authorities;
2) Unilaterally recognise foreign conformity assessment
results; and
3) Participate in regional or international conformity
assessment schemes.
2) Before recognising foreign conformity assessment results, the
Competent Authority shall:
1) Conduct an assessment of the foreign conformity assessment
system;
2) Consult relevant stakeholders;
3) Publish a notice of its intention to recognise and consider
any public comments received;
4) Conduct a pilot phase to test the effectiveness of the
recognition arrangement.
3. Effect of Recognition:
1) Recognised foreign conformity assessment results shall be
treated as equivalent to domestic results;
2) The Competent Authority may impose conditions on the
recognition;
3) The Competent Authority shall maintain a public register of
recognised foreign CABs and mutual recognition agreements;
4) The Competent Authority shall periodically review the
effectiveness and continued relevance of recognition
arrangements.
4. Suspension or Withdrawal of Recognition:
1) The Competent Authority may suspend or withdraw recognition if:
1) The foreign CAB no longer meets the criteria for
recognition;
2) There is evidence of systemic failures in the foreign
conformity assessment system;
3) The foreign CAB has repeatedly failed to comply with the
terms of recognition.
2) Before suspending or withdrawing recognition, the Competent
Authority shall:
1) Notify the foreign CAB or authority of the intended action
and reasons;
2) Provide an opportunity for the foreign CAB to address the
issues within a specified timeframe;
3) Consider any representations made by the foreign CAB or
authority.
3) The Competent Authority shall:
1) Publish notice of any suspension or withdrawal of
recognition;
2) Update the public register of recognised foreign CABs
accordingly;
3) Notify relevant stakeholders of the change in recognition
status.
### Confidentiality, Data Protection and Access to Information:
1. Confidentiality Obligations:
1) CABs, their personnel, and any subcontractors shall maintain the
confidentiality of all information obtained or created during
conformity assessment activities, except:
1) As required by law;
2) With the written consent of the person to whom the
information relates (all such persons if multiple);
2) CABs shall inform their clients in advance of any information
the CAB may be required to disclose by law.
2. Data Protection:
1) CABs shall comply with applicable data protection laws;
2) CABs shall implement appropriate technical and organisational
measures to protect personal data;
3) CABs shall not transfer personal data to third countries without
adequate safeguards.
3. Access to Information:
1) Notwithstanding the confidentiality obligations, CABs shall
provide access to conformity assessment information to:
1) The Competent Authority for oversight purposes;
2) Courts or tribunals in the context of legal proceedings;
2) Any person accessing such information shall be bound by
equivalent confidentiality obligations.
### Liability and Insurance:
1. Liability of CABs:
1) CABs shall be liable for any damage caused by their negligence
in carrying out conformity assessment activities.
2) This liability shall extend to activities carried out by their
subcontractors.
3) CABs shall not be liable for damages resulting from:
1) Client’s failure to comply with the requirements for
certification;
2) Force majeure events;
3) Normal wear and tear of certified products.
2. Insurance Requirements:
1) CABs shall maintain professional indemnity insurance covering
their liability under this Act.
2) The minimum level of insurance coverage shall be prescribed by
regulations and shall be:
1) Proportionate to the nature and scale of the CAB’s
activities; and
2) Sufficient to cover potential claims in all jurisdictions
where the CAB operates.
3) CABs shall provide proof of insurance to the Competent Authority
annually.
4) The insurance policy shall include coverage for:
1) Professional errors and omissions;
2) Product liability related to certified products; and
3) Legal defense costs.
3. Limitation of Liability:
1) Nothing in this Act shall be construed as limiting the liability
of CABs for:
1) Fraud or willful misconduct;
2) Gross negligence resulting in death or personal injury.
2) Any contractual provision purporting to limit a CAB’s liability
in contravention of this Act shall be void.
3) CABs may include reasonable limitations of liability in their
contracts, provided such limitations:
1) Are clearly communicated to clients;
2) Do not exclude liability for core conformity assessment
activities;
3) Are consistent with applicable laws and regulations.
### Fees:
1. Setting of Fees:
1) The Minister may, by regulation, prescribe fees for:
1) Applications for designation as a CAB;
2) Renewal of designation;
3) Expansion of scope of designation;
4) Appeals to the Competent Authority.
2) Fees shall be set at a level that ensures cost recovery for the
Competent Authority’s activities related to CABs.
3) The fee structure shall be reviewed annually and may be adjusted
to reflect:
1) Changes in the cost of regulatory oversight;
2) Inflation and other economic factors; and
3) The need to maintain the financial sustainability of the
regulatory system.
2. CAB Fees:
1) CABs may set their own fees for conformity assessment
activities.
2) These fees shall be:
1) Reasonable and non-discriminatory;
2) Transparent and clearly communicated to clients; and
3) Based on objective criteria such as complexity and duration
of assessment.
3) CABs shall make their fee structure publicly available.
4) The Competent Authority may issue guidelines on fee-setting
practices to ensure fairness and consistency across the sector.
### Transitional Provisions:
1. Existing Conformity Assessment Bodies:
1) Any entity performing conformity assessment activities at the
commencement of this Act shall apply for designation as a CAB
within \[X\] months of such commencement.
2) Such entities may continue to perform conformity assessment
activities pending the determination of their application.
3) If the application is rejected, the entity shall cease
conformity assessment activities within \[Y\] days of being
notified of the rejection, unless an appeal is filed.
4) The Competent Authority may grant temporary designations to
existing CABs to ensure continuity of services during the
transition period.
2. Validity of Existing Conformity Assessment Results:
1) Conformity assessment results issued before the commencement of
this Act shall remain valid until their expiry or for \[Z\]
months after the commencement of this Act, whichever is earlier.
2) The Competent Authority may, by notice in the \[Official
Gazette\], extend the validity of such results for a specified
period if it is in the public interest to do so.
3) Holders of existing conformity assessment results may apply for
their conversion to the new system within \[W\] months of the
Act’s commencement.
3. Gradual Implementation:
1) The Competent Authority may implement the provisions of this Act
relating to CABs in phases, taking into account:
1) The readiness of different sectors;
2) The availability of resources for oversight; and
3) The need to ensure continuity of conformity assessment
services.
2) The Competent Authority shall publish a schedule for the phased
implementation, which shall not extend beyond \[W\] years from
the commencement of this Act.
3) During the implementation phase, the Competent Authority shall:
1) Provide guidance and support to CABs transitioning to the
new system;
2) Conduct regular stakeholder consultations to address
implementation challenges;
3) Report annually to the Minister on the progress of
implementation.
## Recognition of Foreign Approvals and Certificates
### General Principles:
1. Criteria for Recognition:
The Competent Authority may recognise foreign approvals and certificates
if:
1) They are issued by a competent authority or recognised body in the
issuing country;
2) The issuing country’s regulatory system provides a level of
protection equivalent to that of \[State X\];
3) The recognition is in the public interest and does not compromise
safety, health, or environmental protection;
4) There is a reciprocal arrangement with the issuing country, unless
unilateral recognition is deemed beneficial to \[State X\];
5) The foreign approval or certificate complies with relevant
international standards recognised by \[State X\];
6) The issuing authority demonstrates a consistent track record of
effective oversight and enforcement.
2. Scope of Recognition:
Recognition may be granted for:
1) Product certifications;
2) Management system certifications;
3) Personnel qualifications;
4) Test reports and inspection reports;
5) Any other approval or certificate prescribed by regulations; and
6) Conformity assessment procedures and results.
### Procedures for Recognition:
1. Bilateral Agreements:
1) The Minister may enter into bilateral agreements with other
countries for the mutual recognition of approvals and
certificates;
2) Such agreements shall specify:
1) The types of approvals and certificates covered;
2) The conditions for recognition;
3) The procedures for information exchange and cooperation
between authorities;
4) Dispute resolution mechanisms;
5) Procedures for regular review and update of the agreement;
6) Provisions for termination or suspension of the agreement.
2. Unilateral Recognition:
1) The Competent Authority may unilaterally recognise foreign
approvals and certificates if:
1) It is in the public interest to do so;
2) The conditions in Section 39.1 are met; and
3) A comprehensive risk assessment supports the recognition.
2) Before granting unilateral recognition, the Competent Authority
shall:
1) Conduct an assessment of the foreign regulatory system;
2) Consult relevant stakeholders, including industry
associations and consumer groups;
3) Publish a notice of its intention to recognise and consider
any public comments received within a 60-day period;
4) Conduct a cost-benefit analysis of the proposed recognition;
5) Seek expert opinions where necessary on technical or
specialised aspects.
3. Application for Recognition:
1) A person seeking recognition of a foreign approval or
certificate shall apply to the Competent Authority in the
prescribed form;
2) The application shall be accompanied by:
1) A copy of the foreign approval or certificate;
2) Evidence that the conditions in Section 39.1 are met;
3) Any other information or document prescribed by regulations;
4) A detailed description of the product, system, or
qualification for which recognition is sought; and
5) Information on any conditions or limitations attached to the
foreign approval or certificate.
3) The application shall be accompanied by the prescribed fee.
4. Assessment of Applications:
1) The Competent Authority shall assess each application for
recognition;
2) The assessment may include:
1) Document review;
2) Verification with the issuing authority;
3) On-site assessment of the issuing authority or body, if
necessary;
4) Consultation with relevant experts or advisory committees;
5) Comparative analysis with \[State X\]’s regulatory
requirements;
6) Evaluation of the applicant’s compliance history in other
jurisdictions.
3) The Competent Authority may request additional information or
clarification from the applicant;
4) The assessment shall be completed within \[X\] days of receipt
of a complete application, with the possibility of extension for
complex cases.
### Decision on Recognition
1. Granting of Recognition:
1) If satisfied that the conditions for recognition are met, the
Competent Authority shall grant recognition;
2) The recognition may be:
1) Full: the foreign approval or certificate is treated as
equivalent to a domestic one;
2) Partial: only certain aspects of the foreign approval or
certificate are recognised;
3) Conditional: additional requirements must be met for full or
partial recognition; or
4) Time-limited: recognition is granted for a specified period,
subject to review.
2. Refusal of Recognition:
1) If the conditions for recognition are not met, the Competent
Authority shall refuse recognition;
2) The Competent Authority shall provide detailed reasons for the
refusal (including refusal in case of partial recognition) in
writing, including:
1) Specific criteria that were not satisfied;
2) Any deficiencies in the application or supporting
documentation; and (iii) Guidance on whether a revised
application could be considered.
3. Notification and Publication:
1) The Competent Authority shall notify the applicant of its
decision in writing within \[Y\] days of making the decision;
2) If recognition is granted, the Competent Authority shall:
1) Publish a notice in the \[Official Gazette\] within \[Z\]
days;
2) Update the public register of recognised foreign approvals
and certificates within \[W\] days;
3) Notify relevant government agencies and industry bodies of
the recognition.
### Effects of Recognition:
1. Legal Effect:
1) A recognised foreign approval or certificate shall have the same
legal effect as a corresponding domestic approval or
certificate, subject to any conditions or limitations specified
in the recognition decision;
2) The holder of a recognised foreign approval or certificate shall
have the same rights and obligations as the holder of a
corresponding domestic approval or certificate, including:
1) The right to market products or services in \[State X\];
2) The obligation to comply with all relevant domestic laws and
regulations;
3) Liability for any damages or harm caused by the approved
product or service.
2. Conditions and Limitations:
1) The Competent Authority may impose conditions or limitations on
the recognition, including:
1) Time limitations;
2) Scope limitations;
3) Additional reporting requirements;
4) Periodic reassessment requirements;
5) Specific labeling or disclosure requirements for the \[State
X\] market;
6) Restrictions on certain high-risk activities or
applications.
2) Any conditions or limitations shall be:
1) Clearly stated in the recognition decision;
2) Proportionate to the risks identified;
3) Subject to review upon request by the recognition holder.
3. Compliance with Domestic Law:
1) The holder of a recognised foreign approval or certificate shall
comply with all relevant domestic laws and regulations,
including:
1) Consumer protection laws;
2) Environmental regulations;
3) Health and safety standards; and
4) Advertising and marketing regulations.
2) In case of conflict between the requirements of the foreign
approval or certificate and domestic law, domestic law shall
prevail.
3) The Competent Authority shall provide guidance on any additional
domestic requirements that must be met by holders of recognised
foreign approvals or certificates.
### Monitoring and Enforcement:
1. Ongoing Monitoring:
1) The Competent Authority shall monitor the continued validity and
reliability of recognised foreign approvals and certificates;
2) This monitoring shall include:
1) Periodic reassessment of the foreign regulatory system, at
least every \[X\] years;
2) Regular information exchange with foreign authorities;
3) Market surveillance activities in \[State X\];
4) Review of consumer complaints and incident reports;
5) Audits of a sample of recognised approval or certificate
holders;
6) Monitoring of international regulatory developments and
standards.
2. Reporting Requirements:
1) Holders of recognised foreign approvals or certificates shall
report to the Competent Authority:
1) Any changes that may affect the validity of the approval or
certificate;
2) Any adverse events or non-compliances related to the
approved or certified item;
3) Any enforcement actions taken against them in other
jurisdictions;
4) Annual compliance statements confirming continued adherence
to recognition conditions.
2) The frequency and content of reports shall be prescribed by
regulations and may vary based on the risk level of the approved
item or activity.
3) The Competent Authority shall review these reports within \[Y\]
days and take appropriate action if any issues are identified.
3. Enforcement Actions:
1) The Competent Authority may take enforcement actions against
holders of recognised foreign approvals or certificates who:
1) Fail to comply with the conditions of recognition;
2) Violate relevant domestic laws or regulations;
3) Provide false or misleading information to the Authority.
2) Enforcement actions may include:
1) Warnings;
2) Fines;
3) Suspension or revocation of recognition;
4) Mandatory corrective actions; and
5) Public notices of non-compliance.
3) The Competent Authority shall have the power to conduct
investigations and inspections to support enforcement actions.
### Suspension or Revocation of Recognition:
1. Grounds for Suspension or Revocation:
The Competent Authority may suspend or revoke recognition if:
1) The conditions for recognition are no longer met;
2) The foreign regulatory system no longer provides equivalent
protection;
3) There is evidence of systemic failures in the foreign approval or
certification system;
4) The holder of the recognition has violated the conditions of
recognition, including reporting requirements (Section 43.2), or
relevant domestic laws;
5) New scientific or technical information reveals previously unknown
risks;
6) The foreign authority fails to cooperate with \[State X\] in
information sharing or joint investigations.
2. Procedure for Suspension or Revocation:
1) The Competent Authority shall give written notice of the
proposed suspension or revocation, stating:
1) The grounds for the proposed action;
2) The facts relied upon;
3) The holder’s right to make representations;
4) The proposed duration of suspension, if applicable.
2) The holder shall have \[Y\] days to make representations;
3) The Competent Authority shall consider any representations
before making a final decision;
4) The Competent Authority shall notify the holder in writing of
its final decision, including reasons;
5) In cases of immediate risk to public health or safety, the
Authority may impose an immediate temporary suspension pending
full review.
3. Effect of Suspension or Revocation:
1) A suspended recognition shall not be valid for the period of
suspension;
2) A revoked recognition shall cease to be valid from the date of
revocation;
3) The holder shall immediately cease all activities authorised by
the recognition upon suspension or revocation;
4) The Competent Authority shall update the public register to
reflect any suspension or revocation within \[Z\] days;
5) The Authority shall issue public notices of suspension or
revocation where necessary to protect public interest.
### Appeals:
1. Right of Appeal:
Any person aggrieved by a decision of the Competent Authority regarding:
1) The refusal to grant recognition (including refusal in case of
partial recognition);
2) The imposition of conditions on recognition;
3) The suspension or revocation of recognition;
4) The imposition of enforcement actions
may appeal to the \[Appeals Tribunal/Court\] within \[Z\] days of being
notified of the decision.
2. Appeal Procedure:
1) The appeal shall be in writing, stating the grounds of appeal;
2) The appellant shall serve a copy of the appeal on the Competent
Authority;
3) The Competent Authority shall, within \[W\] days, file with the
\[Appeals Tribunal/Court\] a reply and all relevant documents;
4) The \[Appeals Tribunal/Court\] may, in its discretion, allow the
introduction of new evidence;
5) The appeal shall not suspend the effect of the decision unless
the \[Appeals Tribunal/Court\] orders otherwise.
3. Powers of \[Appeals Tribunal/Court\]:
The \[Appeals Tribunal/Court\] may:
1) Confirm, vary, or set aside the decision of the Competent Authority;
2) Refer the matter back to the Competent Authority for
reconsideration;
3) Make any other order it deems just and appropriate;
4) Award costs as it sees fit.
### International Cooperation:
1. Information Exchange:
1) The Competent Authority shall establish mechanisms for
information exchange with foreign regulatory authorities on
matters related to approvals and certificates;
2) This may include information on:
1) Changes in regulatory requirements;
2) Enforcement actions;
3) Adverse events or safety concerns;
4) Emerging risks or scientific developments;
5) Best practices in regulation and oversight.
3) The Authority shall designate contact points for efficient
information exchange.
2. Participation in International Forums:
1) The Competent Authority shall participate in relevant
international forums and organisations to:
1) Promote harmonisation of regulatory requirements;
2) Facilitate mutual recognition arrangements;
3) Share best practices in regulation and oversight;
4) Contribute to the development of international standards;
and
5) Stay informed about global regulatory trends and challenges.
2) The Authority shall report annually on its international
engagement activities and their outcomes.
3. Capacity Building:
The Competent Authority may:
1) Provide or receive technical assistance to or from foreign
regulatory authorities to enhance regulatory capacity and promote
recognition of approvals and certificates;
2) Organise or participate in international training programs and
workshops;
3) Engage in staff exchange programs with foreign regulatory
authorities;
4) Collaborate on joint research projects to address common regulatory
challenges.
4. Joint Inspections and Investigations:
1) The Competent Authority may conduct joint inspections or
investigations with foreign regulatory authorities where:
1) A product or service is approved or certified in multiple
jurisdictions;
2) There are cross-border safety or compliance concerns;
3) It would enhance the efficiency and effectiveness of
regulatory oversight.
2) Procedures for joint activities shall be established through
formal agreements with foreign authorities.
## Obligations of (Economic) Actors
PLEASE SEE ALSO THE SEPARATE LIST OF EMPOWERMENTS / OBLIGATIONS. THAT
LIST CONTAINS SEVERAL HUNDRED CANDIDATE OBLIGATIONS.
### General Obligations
1. Compliance with Law:
All actors engaged in \[regulated activities\] shall:
1) Comply with all provisions of this Act and regulations made under
it;
2) Ensure that their products, services, or activities conform to all
applicable standards and requirements;
3) Maintain records demonstrating compliance for a period of \[X\]
years.
2. Risk Management:
Actors shall:
1) Implement and maintain a risk management system appropriate to the
nature and scale of their activities;
2) Regularly assess and mitigate risks associated with their products,
services, or activities;
3) Document risk assessments and mitigation measures.
3. Information Provision:
Actors shall:
1) Provide accurate and complete information to the Competent Authority
as required by this Act or upon request;
2) Not knowingly or recklessly provide false or misleading information;
3) Update the Competent Authority promptly of any significant changes
in their operations or any safety issues identified.
### Specific Obligations for Manufacturers
1. Product Safety and Conformity:
Manufacturers shall:
1) Ensure that their products are designed and manufactured in
accordance with applicable requirements;
2) Carry out the applicable conformity assessment procedure or have it
carried out;
3) Draw up the required technical documentation and keep it for \[X\]
years after the product has been placed on the market;
4) Affix the required conformity marking (e.g., CE marking) where
applicable.
2. Continued Compliance:
Manufacturers shall:
1) Ensure that procedures are in place for series production to remain
in conformity;
2) Take necessary action in case a product is not in conformity;
3) Carry out sample testing of marketed products when appropriate,
considering the risks presented by a product.
3. Traceability:
Manufacturers shall:
1) Ensure that their products bear a type, batch, or serial number or
other element allowing their identification;
2) Indicate their name, registered trade name or registered trade mark,
and the postal address at which they can be contacted on the product
or, where that is not possible, on its packaging or in a document
accompanying the product.
4. Instructions and Safety Information:
Manufacturers shall:
1) Ensure that the product is accompanied by instructions and safety
information in a language easily understood by consumers and
end-users;
2) Keep these instructions and safety information up to date.
### Specific Obligations for Importers
1. Due Diligence:
Importers shall:
1) Ensure that the appropriate conformity assessment procedures have
been carried out by the manufacturer;
2) Ensure that the manufacturer has drawn up the required technical
documentation;
3) Ensure that the product bears the required conformity marking and is
accompanied by the required documents.
2. Non-Conforming Products:
Importers shall:
1) Not place non-conforming products on the market;
2) Inform the manufacturer and the Competent Authority when they
consider or have reason to believe that a product is not in
conformity;
3) Ensure that corrective measures are taken to bring the product into
conformity, to withdraw it, or to recall it, as appropriate.
3. Storage and Transport Conditions:
Importers shall ensure that, while a product is under their
responsibility, storage or transport conditions do not jeopardise its
compliance with applicable requirements.
4. Traceability:
Importers shall:
1) Indicate their name, registered trade name or registered trade mark,
and the postal address at which they can be contacted on the product
or, where that is not possible, on its packaging or in a document
accompanying the product;
2) Keep a copy of the declaration of conformity for \[X\] years after
the product has been placed on the market and ensure that the
technical documentation can be made available to the Competent
Authority upon request.
### Specific Obligations for Distributors
1. Due Diligence:
Distributors shall:
1) Verify that the product bears the required conformity marking;
2) Verify that the product is accompanied by the required documents,
instructions, and safety information in a language easily understood
by consumers;
3) Verify that the manufacturer and importer have complied with their
obligations regarding traceability;
4) Conduct regular checks on a sample of products to ensure ongoing
compliance;
5) Maintain a register of customer complaints and product returns,
analysing this data for potential safety or quality issues.
2. Storage and Transport Conditions:
Distributors shall:
1) Ensure that, while a product is under their responsibility, storage
or transport conditions do not jeopardise its compliance with
applicable requirements;
2) Implement a documented system for monitoring and controlling
environmental conditions during storage and transport;
3) Maintain records of storage and transport conditions for each batch
or lot of products;
4) Implement a cold chain management system for products requiring
temperature control.
3. Non-Conforming Products:
Distributors shall:
1) Not make available on the market products which they consider or
have reason to believe are not in conformity with applicable
requirements;
2) Inform the manufacturer or importer and the Competent Authority when
they consider or have reason to believe that a product is not in
conformity;
3) Ensure that corrective measures are taken to bring the product into
conformity, to withdraw it, or to recall it, as appropriate;
4) Cooperate fully with the Competent Authority in any investigation or
recall action;
5) Maintain a documented procedure for handling non-conforming
products, including quarantine measures and communication protocols.
4. Product Traceability:
Distributors shall:
1) Maintain records of all products received and distributed,
including:
1) Product identification (e.g., model number, serial number);
2) Quantity received and distributed;
3) Date of receipt and distribution;
4) Name and address of the supplier and the customer (excluding end
consumers);
2) Ensure these records are readily accessible and maintained for at
least \[X\] years;
3) Implement a system to quickly identify and locate products in case
of safety issues or recalls.
5. Staff Training and Competence:
Distributors shall:
1) Ensure that all staff involved in product handling and customer
service are adequately trained on:
1) Product features and proper use;
2) Applicable regulatory requirements;
3) Procedures for handling non-conforming products and customer
complaints;
2) Maintain records of staff training and regularly assess competence;
3) Designate a qualified person responsible for regulatory compliance.
### Obligations of Service Providers
1. Quality and Safety of Services:
Service providers shall:
1) Ensure that their services meet all applicable quality and safety
standards;
2) Implement and maintain a quality management system appropriate to
the nature of their services, such as ISO 9001 or relevant
sector-specific standards;
3) Regularly assess and improve the quality and safety of their
services;
4) Conduct risk assessments for all services offered and implement
appropriate risk mitigation measures;
5) Establish key performance indicators (KPIs) for service quality and
safety, and regularly monitor and report on these KPIs.
2. Information to Customers:
Service providers shall:
1) Provide clear and accurate information about their services,
including any risks associated with the service;
2) Ensure that their advertising and marketing materials are not
misleading;
3) Provide terms and conditions of service in clear and understandable
language;
4) Clearly communicate any limitations or exclusions of the service;
5) Provide easily accessible channels for customers to request
additional information or clarification;
6) Maintain an up-to-date website with comprehensive information about
services, pricing, and policies.
3. Complaints Handling:
Service providers shall:
1) Establish and maintain an effective system for handling customer
complaints;
2) Respond to complaints in a timely and fair manner;
3) Keep records of complaints and actions taken to resolve them for
\[X\] years;
4) Analyse complaint data to identify trends and implement preventive
measures;
5) Provide multiple channels for customers to submit complaints (e.g.,
phone, email, online form);
6) Establish and communicate clear timelines for complaint resolution;
7) Implement an escalation process for complex or unresolved
complaints;
8) Provide staff training on effective complaint handling and customer
service.
4. Service Delivery and Performance:
Service providers shall:
1) Establish and communicate clear service level agreements (SLAs) to
customers;
2) Implement systems to monitor and ensure compliance with SLAs;
3) Regularly assess customer satisfaction through surveys or other
feedback mechanisms;
4) Implement a continuous improvement process based on performance data
and customer feedback;
5) Maintain adequate resources and capacity to meet service
commitments;
6) Implement contingency plans for service disruptions or emergencies.
5. Professional Competence:
Service providers shall:
1) Ensure that all staff delivering services have the necessary
qualifications, skills, and experience;
2) Implement a system for ongoing professional development and training
of staff;
3) Maintain records of staff qualifications, training, and professional
development;
4) Regularly assess staff competence and performance;
5) Adhere to relevant professional codes of conduct or ethics.
### Obligations Related to Digital Services and Platforms
1. Data Protection and Privacy:
Providers of digital services and platforms shall:
1) Comply with applicable data protection and privacy laws;
2) Implement appropriate technical and organisational measures to
ensure the security of personal data; and
3) Provide users with clear information about how their data is
collected, used, and shared.
2. Content Moderation:
Providers of digital platforms shall:
1) Implement effective systems to detect and remove illegal content;
2) Act expeditiously to remove or disable access to illegal content
upon obtaining actual knowledge of its existence; and
3) Implement transparent procedures for content moderation decisions.
3. Transparency of Algorithmic Systems:
Providers of digital services using algorithmic systems shall:
1) Provide clear information about the use of algorithmic systems that
affect users;
2) Ensure that algorithmic systems do not produce discriminatory
outcomes; and
3) Provide meaningful information about the main parameters used in
ranking systems, where applicable.
### Obligations Related to Environmental Protection:
1. Environmental Impact Assessment:
Actors whose activities may have significant environmental impacts
shall:
1) Conduct environmental impact assessments before commencing new
projects or significantly modifying existing ones;
2) Implement measures to mitigate identified environmental risks; and
3) Regularly monitor and report on their environmental performance.
2. Waste Management:
Actors shall:
1) Implement waste reduction and recycling programs;
2) Ensure proper disposal of hazardous waste in accordance with
applicable regulations; and
3) Keep records of waste generation and disposal for \[X\] years.
3. Energy Efficiency:
Actors shall:
1) Implement measures to improve energy efficiency in their operations;
2) Consider energy efficiency in the design and manufacture of
products, where applicable; and
3) Report on energy consumption and efficiency measures as required by
regulations.
### Cooperation with authorities:
1. Annual Reports:
Actors shall submit annual reports to the Competent Authority,
including:
1) Summary of activities carried out;
2) Compliance with applicable requirements;
3) Any significant changes in operations;
4) Any safety or quality issues identified and actions taken;
5) Results of any audits or assessments conducted; and
6) Any other information prescribed by regulations.
2. Incident Reporting:
Actors shall immediately report to the Competent Authority:
1) Any incident that has resulted in death, serious injury, or
significant property damage;
2) Any significant non-compliance with applicable requirements;
3) Any recall or withdrawal of products from the market; and
4) Any other incident prescribed by regulations.
3. Notification of Changes:
Actors shall notify the Competent Authority within \[X\] days of:
1) Any change in ownership or control;
2) Any significant change in management personnel;
3) Any change in production processes that may affect product safety or
quality; and
4) Any other change prescribed by regulations.
4. Inspections and Investigations:
Actors shall:
1) Cooperate fully with any inspection or investigation carried out by
the Competent Authority;
2) Provide access to premises, records, and personnel as required;
3) Provide any information requested by the Competent Authority in a
timely manner.
5. Corrective Actions:
Actors shall:
1) Implement any corrective actions required by the Competent Authority
within the specified timeframe;
2) Provide evidence of the implementation of corrective actions as
required;
3) Conduct follow-up assessments to ensure the effectiveness of
corrective actions.
### Training and Competence
1. Staff Training:
Actors shall:
1) Ensure that all staff are adequately trained to perform their duties
in compliance with this Act and applicable regulations;
2) Provide regular refresher training;
3) Keep records of all training provided for \[X\] years.
2. Competence Assessment:
Actors shall:
1) Regularly assess the competence of staff in key roles;
2) Take corrective action where competence gaps are identified;
3) Ensure that only competent personnel perform critical tasks.
### Internal Audits and Management Review
1. Internal Audits:
Actors shall:
1) Conduct regular internal audits to assess compliance with this Act
and applicable regulations;
2) Ensure that audits are conducted by competent and independent
personnel;
3) Document audit findings and corrective actions taken.
2. Management Review:
Actors shall:
1) Conduct regular management reviews of their compliance with this Act
and applicable regulations;
2) Ensure that the results of internal audits, external inspections,
and incident reports are considered in these reviews;
3) Document the outcomes of management reviews and any decisions made.
## H: Liability of Actors
### Civil Liability
1. Right to Compensation:
Any person who has suffered damage as a result of … shall have the right
to initiate legal proceedings against those responsible for that damage
in order to obtain full compensation.
2. Joint and Several Liability:
Where more than one defendant is liable for damage caused by corruption,
they shall be jointly and severally liable.
3. Vicarious Liability:
Legal persons shall be liable for damage caused by their employees or
agents acting within the scope of their employment or agency, unless the
legal person can prove that it took all reasonable precautions and
exercised due diligence to prevent the corrupt conduct.
4. Disgorgement of Profits:
In addition to compensation for damage, the court may order the
disgorgement of any profits derived from the corrupt acts.
5. Limitation Period:
Claims for compensation under this section must be brought within \[X\]
years from the date the claimant became aware, or ought reasonably to
have become aware, of the damage and the identity of the person
responsible.
### Liability of Legal Persons
1. Corporate Criminal Liability:
Legal persons shall be criminally liable for offences under Sections ...
OR infringements of
Sections … committed for their benefit by any natural person, acting
either individually or as part of an organ of the legal person, who has
a leading position within the legal person, based on:
1) A power of representation of the legal person;
2) An authority to take decisions on behalf of the legal person; or
3) An authority to exercise control within the legal person.
2. Parent Company Liability:
A parent company may be held liable for corrupt acts committed by its
subsidiaries if it is established that:
1) The parent company had knowledge of the corrupt practices and failed
to take reasonable steps to prevent them; or
2) The subsidiary was acting as an agent of the parent company when
committing the corrupt acts.
3. Liability for Failure to Supervise:
Legal persons shall be liable for failing to adequately supervise their
employees or agents, resulting in corrupt practices, if it is proven
that such failure contributed to the commission of the offence.
## I: Risk Management
### Risk Management:
1. Risk Assessment Obligation:
All regulated entities, whether private or public, shall:
1) Conduct comprehensive risk assessments at least annually to
identify, analyse, and evaluate risks related to their regulated
activities;
2) Document the methodology, process, and results of these risk
assessments;
3) Consider both internal and external risk factors, including but not
limited to:
1) Operational risks;
2) Financial risks;
3) Legal and regulatory compliance risks;
4) Environmental risks;
5) Health and safety risks;
6) Technological risks;
7) Reputational risks;
4) Review and update risk assessments:
1) Annually;
2) When there are significant changes in operations, structure, or
external environment;
3) Following any major incidents or near misses.
2. Risk Management Framework:
Regulated entities shall implement a comprehensive risk management
framework that includes:
1) A written risk management policy approved by the board of directors
or equivalent governing body;
2) Clearly defined roles and responsibilities for risk management at
all levels of the organisation;
3) Risk appetite statements and risk tolerance levels approved by
senior management;
4) Procedures for risk identification, assessment, mitigation,
monitoring, and reporting;
5) Integration of risk management considerations into decision-making
processes across the organisation;
6) Regular training for employees on risk management principles and
procedures;
7) Mechanisms for continuous improvement of the risk management
framework based on lessons learned and emerging best practices.
3. Risk Mitigation Measures:
For each identified significant risk, regulated entities shall:
1) Develop and implement appropriate risk mitigation measures;
2) Document these measures in a risk mitigation plan that includes:
1) Description of the risk and its potential impact;
2) Specific mitigation actions to be taken;
3) Timelines for implementation;
4) Responsible individuals or departments;
5) Resources required for implementation;
6) Key performance indicators to measure effectiveness;
3) Regularly review and update risk mitigation measures to ensure their
continued effectiveness;
4) Maintain an audit trail of changes made to risk mitigation measures.
4. Risk Monitoring and Reporting:
Regulated entities shall:
1) Establish key risk indicators (KRIs) for each significant risk;
2) Implement systems to monitor KRIs on an ongoing basis;
3) Conduct regular risk reviews, including:
1) Monthly reviews by operational management;
2) Quarterly reviews by senior management;
3) Annual reviews by the board of directors or equivalent governing
body;
4) Maintain a risk register that is updated at least quarterly and
includes:
1) Description of each identified risk;
2) Risk owner;
3) Inherent risk rating;
4) Existing controls;
5) Residual risk rating;
6) Mitigation actions and their status;
5) Report significant changes in risk profile or emerging risks to
senior management and the board immediately;
6) Include a comprehensive risk management section in annual reports to
stakeholders.
5. Independent Risk Assurance:
Regulated entities shall:
1) Establish an independent risk management function, reporting
directly to the board or a board- level risk committee;
2) Conduct internal audits of the risk management framework at least
annually;
3) Engage external experts to review the risk management framework at
least every three years;
4) Promptly address any deficiencies identified through independent
assurance activities.
## J. Public Ensurance of Compliance
### Tasks of the Supervising Authority
1. Regulatory Development:
The Competent Authority shall:
1) Continuously monitor the regulated sector to identify emerging risks
and regulatory gaps;
2) Develop and propose new regulations or amendments to existing
regulations as necessary to address identified issues;
3) Conduct regulatory impact assessments for all proposed regulations,
including:
1) Cost-benefit analysis;
2) Stakeholder consultation; and
3) Assessment of potential unintended consequences;
4) Publish draft regulations for public comment, allowing at least 60
days for submission of feedback;
5) Review and consider all submitted comments before finalising
regulations;
6) Provide a written response to significant comments received,
explaining the rationale for accepting or rejecting suggestions;
7) Conduct post-implementation reviews of new regulations within two
years of their effective date to assess their effectiveness and
identify any necessary adjustments; and
8) Establish a public registry of all regulatory impact assessments and
post-implementation reviews.
2. Licensing and Authorisation:
The Competent Authority shall:
1) Establish clear criteria and procedures for granting, renewing,
modifying, and revoking licenses or authorisations for regulated
activities;
2) Process applications for licenses or authorisations within \[X\]
days of receipt of a complete application;
3) Maintain a public register of all licensed or authorised entities,
including:
1) Name and contact details of the entity;
2) Type of license or authorisation held;
3) Date of issuance and expiration; and
4) Any conditions or restrictions attached to the license or
authorisation;
4) Conduct fit and proper person assessments for key personnel of
regulated entities;
5) Regularly review the licensing and authorisation framework to ensure
it remains fit for purpose; and
6) Implement a digital licensing and authorisation system to streamline
application processes and improve transparency.
3. Supervision and Monitoring:
The Competent Authority shall:
1) Develop and implement a risk-based supervision framework, allocating
supervisory resources based on the risk profile of regulated
entities;
2) Conduct regular on-site inspections of regulated entities, with
frequency determined by risk assessment but no less than once every
\[X\] years;
3) Perform ongoing off-site monitoring, including review of:
1) Regular reports submitted by regulated entities;
2) Financial statements and auditor reports;
3) Customer complaints and dispute resolution outcomes; and
4) Media reports and other public information;
4) Require regulated entities to submit annual compliance certificates
signed by the CEO and compliance officer;
5) Establish an early warning system to identify entities showing signs
of distress or non- compliance;
6) Conduct thematic reviews across the sector on emerging risks or
areas of concern; and
7) Utilise advanced data analytics tools to enhance supervision and
monitoring activities.
4. Enforcement:
The Competent Authority shall:
1) Investigate potential violations of regulations, with powers to:
1) Request and review documents and records;
2) Interview employees and other relevant individuals;
3) Conduct unannounced on-site inspections; and
4) Seize evidence where necessary and legally permitted;
2) Develop and publish an enforcement policy, outlining:
1) Types of enforcement actions available;
2) Criteria for selecting appropriate enforcement actions; and
3) Procedures for imposing and appealing enforcement actions;
3) Maintain a range of enforcement tools, including:
1) Formal warnings;
2) Directive orders to take specific actions;
3) Imposition of additional license conditions;
4) Financial penalties;
5) Suspension or revocation of licenses; and
6) Referral for criminal prosecution where appropriate;
4) Publish anonymised summaries of enforcement actions taken to promote
transparency and deterrence;
5) Establish an internal quality control process for enforcement
decisions to ensure consistency and proportionality; and
6) Implement a whistleblower protection program to encourage reporting
of regulatory violations.
5. Guidance and Education:
The Competent Authority shall:
1) Develop and publish guidance materials to assist regulated entities
in understanding and complying with regulatory requirements;
2) Establish a formal process for regulated entities to seek
clarification or rulings on the application of regulations to
specific situations;
3) Conduct regular workshops and seminars for regulated entities on
compliance topics;
4) Develop and maintain e-learning modules on key regulatory
requirements;
5) Engage with industry associations to promote best practices and
address common compliance challenges;
6) Publish a quarterly newsletter highlighting regulatory developments,
enforcement trends, and emerging risks;
7) Maintain a public FAQ section on the Authority’s website, updated
regularly based on common queries received; and
8) Create a dedicated helpline for regulated entities to provide
real-time assistance on compliance issues.
### Coordination and Alignment of Authorities’ Practices
1. Establishment of Coordination Mechanism:
1) A Regulatory Coordination Committee (RCC) is hereby established,
comprising representatives from all relevant regulatory
authorities.
2) The RCC shall:
1) Meet at least quarterly to discuss regulatory issues and
coordinate activities;
2) Establish working groups for specific cross-cutting
regulatory matters;
3) Develop and maintain a shared regulatory agenda outlining
planned regulatory activities across authorities; and
4) Report annually to the government on the state of regulatory
coordination;
3) The Competent Authority shall serve as the secretariat for the
RCC, responsible for:
1) Organising meetings and maintaining records;
2) Facilitating information exchange between members;
3) Monitoring implementation of RCC decisions; and
4) Providing administrative support for RCC activities.
2. Information Sharing Framework:
1) All regulatory authorities shall:
1) Designate information sharing officers responsible for
inter-agency communication;
2) Participate in a secure, centralised information sharing
platform established by the RCC; and
3) Develop internal procedures for classifying and sharing
information with other authorities;
2) The information sharing platform shall include:
1) A database of regulated entities accessible to all member
authorities;
2) A system for confidential exchange of supervisory concerns
and findings; and
3) A mechanism for authorities to request information from each
other;
3) Authorities shall respond to information requests from other
authorities within 15 working days, unless a valid legal
exemption applies;
4) Implement data protection measures to ensure the confidentiality
and security of shared information.
3. Harmonisation of Regulatory Approaches:
1) The RCC shall establish working groups to develop:
1) Common risk assessment methodologies;
2) Standardised enforcement guidelines; and
3) Unified data reporting formats for regulated entities;
2) Each authority shall:
1) Adopt the harmonised approaches developed by the RCC, unless
there are compelling reasons not to do so; and
2) Publicly disclose and justify any deviations from the
harmonised approaches;
3) The RCC shall conduct an annual review of regulatory divergences
and develop action plans to address them;
4) Authorities shall collaborate on joint training programs to
ensure consistent application of harmonised approaches.
4. Joint Supervisory Activities:
1) Authorities shall:
1) Conduct joint inspections of entities subject to multiple
regulatory regimes;
2) Coordinate the timing of routine supervisory activities to
minimise burden on regulated entities; and
3) Share inspection reports with other relevant authorities
within 30 days of completion;
2) The RCC shall maintain a calendar of planned supervisory
activities across all authorities to facilitate coordination;
3) For entities subject to multiple regulatory regimes, authorities
shall designate a lead supervisor to coordinate interactions and
avoid duplication;
4) Establish protocols for joint investigations and enforcement
actions to ensure effective collaboration.
5. Regulatory Impact Assessment:
1) All authorities shall:
1) Conduct regulatory impact assessments (RIAs) for significant
new regulations or changes to existing regulations;
2) Include in RIAs an assessment of impact on areas regulated
by other authorities; and
3) Submit draft RIAs to the RCC for review and comment before
finalisation;
2) The RCC shall:
1) Develop common standards and methodologies for conducting
RIAs;
2) Provide training to authority staff on RIA best practices;
3) Conduct periodic quality assessments of RIAs across
authorities;
3) Authorities shall publish RIAs and their outcomes to ensure
transparency and stakeholder engagement.
6. Dispute Resolution Mechanism:
1) The RCC shall establish a formal mechanism for resolving
disputes between authorities, including:
1) Procedures for authorities to raise concerns about
regulatory overlap or inconsistency;
2) A mediation process led by an independent panel of experts;
and
3) Binding arbitration for unresolved disputes, with decisions
made by a majority vote of RCC members not party to the
dispute;
2) Authorities shall exhaust this dispute resolution mechanism
before seeking judicial intervention in inter-agency conflicts;
3) The RCC shall publish annual reports on the nature and outcomes
of disputes resolved through this mechanism.
### Intra-state Cooperation of Authorities:
1. Mandatory Cooperation Framework:
1) All public authorities shall have a legal duty to cooperate with
each other in matters related to their regulatory and
enforcement activities;
2) This duty shall include:
1) Responding to requests for information within 20 working
days;
2) Providing expert assistance when requested; and
3) Participating in joint investigations or enforcement actions
when appropriate;
3) Authorities may only refuse cooperation on grounds of:
1) Legal prohibitions on information sharing;
2) National security concerns; and
3) Ongoing criminal investigations that could be compromised;
4) Any refusal to cooperate must be justified in writing to the
requesting authority and reported to the RCC;
5) Establish a centralised tracking system for cooperation requests
and responses to ensure accountability.
2. Joint Operations:
1) Authorities may establish joint operation teams for complex
cases involving multiple regulatory domains;
2) Joint operation teams shall:
1) Operate under terms of reference agreed by all participating
authorities;
2) Have a designated lead authority responsible for overall
coordination;
3) Develop joint investigation or action plans; and
4) Share all relevant information among team members;
3) Participating authorities shall make available necessary
resources, including staff and equipment, to support joint
operations;
4) The outcomes of joint operations shall be reported to the RCC
and used to inform future cooperation initiatives;
5) Implement joint training exercises to improve coordination and
effectiveness of joint operations.
3. Resource Sharing:
1) Authorities shall establish mechanisms for sharing specialised
resources, including:
1) Technical experts;
2) Laboratory facilities;
3) Data analysis capabilities; and
4) Training programs;
2) The RCC shall maintain a central database of sharable resources
across all authorities;
3) Authorities shall develop standard protocols for:
1) Requesting resource support from other authorities;
2) Determining priority in case of competing resource needs;
and
3) Cost allocation for shared resources;
4) Implement a resource-sharing agreement to formalise the terms
and conditions of shared resource use.
4. Coordinated Policy Development:
1) Authorities shall:
1) Notify the RCC of any planned significant policy or
regulatory changes;
2) Invite input from other relevant authorities during policy
development processes; and
3) Consider the wider regulatory landscape when developing new
policies or regulations;
2) The RCC shall:
1) Maintain a forward-looking regulatory calendar;
2) Identify opportunities for joint policy development on
cross-cutting issues; and
3) Facilitate policy coordination workshops involving multiple
authorities;
3) Where multiple authorities regulate the same sector or issue,
they shall establish permanent working groups to ensure ongoing
policy alignment;
4) Authorities shall publish joint policy statements to provide
clarity and guidance to regulated entities.
5. Data and Intelligence Sharing:
1) Authorities shall:
1) Participate in a central data and intelligence sharing
platform;
2) Contribute relevant data and intelligence to the platform on
an ongoing basis; and
3) Establish internal procedures for determining what
information can be shared;
2) The central platform shall include:
1) A secure messaging system for real-time information
exchange;
2) Analytical tools for identifying patterns and trends across
datasets; and
3) An alert system for flagging urgent regulatory or
enforcement issues;
3) Authorities shall conduct joint analysis projects on
cross-cutting regulatory issues at least annually;
4) Implement data governance policies to ensure the integrity and
confidentiality of shared data.
6. Mutual Capacity Building:
1) Authorities shall:
1) Open relevant internal training programs to staff from other
authorities;
2) Participate in an inter-authority staff exchange program;
and
3) Contribute to a shared e-learning platform on common
regulatory skills;
2) The RCC shall:
1) Coordinate an annual inter-authority training needs
assessment;
2) Develop and deliver cross-cutting training programs; and
3) Facilitate mentoring relationships between authorities with
complementary strengths;
3) Authorities shall publish annual reports on capacity-building
activities and their outcomes.
### International Cooperation of Authorities:
1. International Engagement Strategy:
1) The Competent Authority shall develop and maintain an
international engagement strategy that:
1) Identifies priority countries and international
organisations for cooperation;
2) Sets objectives for international engagement activities; and
3) Outlines resource allocation for international cooperation
initiatives;
2) The strategy shall be:
1) Reviewed and updated annually;
2) Approved by the governing body of the Competent Authority;
and
3) Made publicly available on the Authority’s website;
3) Implement a monitoring and evaluation framework to assess the
effectiveness of international engagement activities.
2. Participation in International Forums:
1) The Competent Authority shall actively participate in relevant
international regulatory forums, including:
1) Global standard-setting bodies in its field of regulation;
2) Regional regulatory networks; and
3) International organisations promoting regulatory
cooperation;
2) Participation shall include:
1) Attending meetings and contributing to discussions;
2) Serving on working groups and committees;
3) Providing input on draft international standards or
guidelines; and
4) Sharing national experiences and best practices;
3) The Authority shall report annually on its international forum
activities and their outcomes;
4) Establish a dedicated team to manage international relations and
coordination.
3. Bilateral and Multilateral Cooperation Agreements:
1) The Competent Authority may enter into cooperation agreements
with foreign counterparts, which may cover:
1) Information sharing;
2) Joint investigations or inspections;
3) Mutual recognition of regulatory decisions; and
4) Staff exchanges and joint training initiatives;
2) All cooperation agreements shall:
1) Be in writing and signed by authorised representatives;
2) Specify the scope and purpose of cooperation;
3) Include safeguards for confidential information; and
4) Be reviewed at least every five years;
3) The Authority shall maintain a public register of all active
cooperation agreements;
4) Develop a template for cooperation agreements to ensure
consistency and comprehensiveness.
4. Cross-border Information Sharing:
1) The Competent Authority may share information with foreign
counterparts:
1) Upon request, subject to an assessment of the request’s
legitimacy;
2) Spontaneously, where it believes the information would
assist the foreign authority;
2) Information sharing shall be subject to the following
conditions:
1) The information is necessary for the recipient authority’s
regulatory functions;
2) The recipient authority provides appropriate confidentiality
assurances;
3) The sharing does not violate national laws or jeopardise
ongoing investigations;
3) The Authority shall maintain records of all information shared
internationally, including:
1) The nature of the information;
2) The recipient authority;
3) The date of sharing; and
4) The legal basis for sharing;
4) Implement a secure information sharing system to facilitate
cross-border exchanges.
5. Joint Cross-border Investigations:
1) The Competent Authority may conduct joint investigations with
foreign counterparts where:
1) The matter under investigation has a significant
cross-border element;
2) Joint action would enhance the effectiveness of the
investigation;
2) Joint investigations shall be governed by written agreements
specifying:
1) The scope and objectives of the investigation;
2) The applicable legal framework;
3) The roles and responsibilities of each participating
authority;
4) Procedures for information sharing and use of investigative
powers; and
5) Protocols for public communications about the investigation;
3) The Authority shall report to the government on the outcomes of
all joint investigations;
4) Establish a joint investigation fund to support cross-border
investigative activities.
6. Mutual Recognition Arrangements:
1) The Competent Authority may enter into mutual recognition
arrangements with foreign counterparts regarding:
1) Regulatory licenses or authorisations;
2) Professional qualifications;
3) Conformity assessment procedures; and
4) Regulatory decisions or enforcement actions;
2) Before entering into a mutual recognition arrangement, the
Authority shall:
1) Conduct a detailed assessment of the foreign regulatory
regime;
2) Consult with relevant domestic stakeholders; and
3) Obtain approval from the government;
3) All mutual recognition arrangements shall include mechanisms
for:
1) Ongoing monitoring of regulatory equivalence;
2) Addressing any emerging divergences; and
3) Terminating the arrangement if necessary;
4) Publish mutual recognition arrangements and their assessments to
ensure transparency.
7. Capacity Building and Technical Assistance:
1) The Competent Authority may provide capacity building and
technical assistance to foreign counterparts, including:
1) Hosting study visits;
2) Providing training programs;
3) Seconding staff to assist with specific projects; and
4) Sharing regulatory tools and methodologies;
2) The Authority shall develop an annual capacity building plan,
identifying:
1) Priority countries or regions for assistance;
2) Key areas for knowledge transfer; and
3) Resources allocated for these activities;
3) All capacity building activities shall be evaluated for
effectiveness and reported in the Authority’s annual report;
4) Establish partnerships with international organisations to
enhance capacity-building efforts.
## K: Enforcement Powers
PLEASE SEE ALSO THE SEPARATE LIST OF EMPOWERMENTS / OBLIGATIONS. THAT
LIST CONTAINS SEVERAL HUNDRED CANDIDATE EMPOWERMENTS.
### Enforcement Powers and Procedures
1. Investigative Powers:
1) Authorised officers of the Competent Authority shall have the
power to:
1) Enter and inspect any premises where regulated activities
are carried out;
2) Examine and copy any relevant documents or records;
3) Take samples of any substances or materials for analysis;
4) Seize and retain any evidence of violations;
5) Interview employees and other relevant persons; and
6) Require the production of information in electronic form.
2) These powers may be exercised:
1) At any reasonable time for routine inspections;
2) At any time if there is reasonable suspicion of a serious
violation.
3) Entry into residential premises shall require a warrant issued
by a court.
2. Compliance Notices:
1) Where a violation is identified, the Competent Authority may
issue a compliance notice requiring the regulated entity to:
1) Cease the non-compliant activity immediately;
2) Take specified corrective actions within a set timeframe;
3) Submit a compliance plan for approval.
2) The notice shall:
1) Clearly state the nature of the violation;
2) Specify the relevant provisions of the Act or regulations;
3) Exhaustingly specify the corrective actions to be taken by
the regulated entity; and
4) Outline the consequences of non-compliance with the notice.
3) The regulated entity may appeal the notice to the Regulatory
Appeals Tribunal within \[X\] days.
3. Administrative Penalties \[and Side-measures\]:
1) The Competent Authority may impose administrative penalties for
violations, including:
1) Monetary fines up to \[X\]% of annual turnover \[of the
responsible legal entity or of the group of legal entities
to which the responsible legal entity belongs\];
2) Suspension or restriction of licenses or authorisations;
3) Mandatory corrective advertising;
4) Disgorgement of profits derived from the violation;
5) Debarment from participation in public procurement for a
period not exceeding \[Z\] years;
6) Mandatory implementation of or changes to compliance
programs; and
7) Appointment of independent compliance monitors.
2) In determining the appropriate penalty, the Authority shall
consider:
1) The nature and severity of the violation, including guilt
and its type;
2) Any history of previous violations;
3) The degree of cooperation during the investigation;
4) Any mitigating actions taken by the entity;
5) The amount of the undue advantage obtained or losses
avoided;
6) The level of cooperation with the Competent Authority;
7) Any previous violations by the entity; and
8) The potential impact of the sanction on employees and
stakeholders.
3) Before imposing a penalty, the Authority shall:
1) Provide written notice of the intended penalty;
2) Allow the entity \[X\]days to make representations; and
3) Consider any representations made before making a final
decision.
4) Any person aggrieved by an administrative penalty imposed under
this section may appeal to the \[Administrative Tribunal/Court\]
within \[X\] days of being notified of the penalty.
4. Enforceable Undertakings:
1) As an alternative to other enforcement actions, the Competent
Authority may accept enforceable undertakings from regulated
entities.
2) Such undertakings shall:
1) Be in writing and signed by the entity;
2) Specify actions the entity will take or refrain from;
3) Include timeframes for compliance; and
4) Be published on the Authority’s and entity’s websites.
3) Breach of an enforceable undertaking may result in:
1) Court-ordered compliance;
2) Additional penalties imposed by the court or the Competent
Authority;
3) Consideration as an aggravating factor in future enforcement
actions.
5. Search and Seizure:
1) The Competent Authority may apply to a court for a search
warrant where:
1) There are reasonable grounds to suspect a serious violation;
2) Evidence of the violation is likely to be found on specific
premises;
3) The occupier is likely to refuse entry or conceal evidence.
2) A warrant shall authorise designated officers to:
1) Enter and search the specified premises;
2) Seize relevant documents, records, or other evidence; and
3) Use reasonable force if necessary to execute the warrant.
3) Seized items shall be:
1) Inventoried and a receipt provided to the occupier;
2) Securely stored to maintain the chain of custody;
3) Returned when no longer needed, unless forfeited by court
order.
6. Injunctions:
1) The Competent Authority may apply to the High Court for
injunctions to:
1) Prevent an apprehended violation of the Act;
2) Require a person to take specific actions to comply with the
Act;
3) Freeze assets derived from illegal activities.
2) In urgent cases, the Authority may seek ex parte interim
injunctions.
3) Breach of an injunction shall be treated as contempt of court.
7. Publication of Enforcement Actions:
1) The Competent Authority shall maintain a public register of
enforcement actions, including:
1) The name of the entity or individual subject to the action;
2) The nature of the violation;
3) The enforcement measure taken; and
4) The date of the action.
2) This register shall be:
1) Published on the Authority’s website;
2) Updated within 7 days of any new action;
3) Maintained for at least \[X\] years.
8. Cooperation with other Agencies:
1) The Competent Authority shall establish bilateral or
multilateral protocols for cooperation with:
1) Police and prosecutorial authorities for criminal matters;
2) Tax authorities for financial investigations;
3) Environmental agencies for related violations;
4) Foreign regulators for cross-border enforcement.
2) These protocols shall cover:
1) Information sharing procedures;
2) Joint investigation processes;
3) Delineation of jurisdictional responsibilities;
4) Other joint actions if necessary.
### Sanctions and Penalties
PLEASE READ ALSO THE SEPARATE LIST OF SANCTIONS, SOON TO BE PUBLISHED
HERE. THAT LIST CONTAINS SEVERAL DOZEN CANDIDATE SANCTIONS.
PLEASE READ ALSO THE SEPARATE MODULE (CIVIL) PENALTIES DISPLAYED AT THE
BOTTOM OF THIS TEXT.
1. Criminal Offences:
1) The following shall constitute criminal offences under this Act:
1) Knowingly providing false or misleading information to the
Competent Authority;
2) Willfully obstructing an authorised officer in the exercise
of their duties;
3) Operating without a required license or authorisation;
4) Deliberate violation of safety or environmental standards
causing serious harm;
5) Repeated and willful violations of the Act or regulations.
2) Penalties for criminal offences shall include:
1) For individuals: Imprisonment for up to \[X\] years and/or
fines up to \[Y\] amount;
2) For corporations: Fines up to \[Z\]% of annual global
turnover.
3) The court may also order:
1) Forfeiture of assets derived from the offence;
2) Disqualification of directors from holding corporate
offices;
3) Publication of the conviction at the offender’s expense.
2. Civil Penalties:
1) The Competent Authority may impose civil penalties for
violations that do not constitute criminal offences, including:
1) Breach of license conditions;
2) Failure to comply with reporting requirements;
3) Minor safety or environmental violations.
2) Civil penalties shall be:
1) Proportionate to the nature and impact of the violation;
2) Up to \[X\]% of the entity’s annual turnover for the
relevant product or service;
3) Payable within \[X\] days of the final determination, unless
appealed.
3) Factors to be considered in determining the penalty amount
include:
1) The gravity and duration of the violation;
2) The degree of culpability of the violator;
3) Any history of prior violations;
4) Any financial gain derived from the violation;
5) The violator’s ability to pay; and
6) The annual turn-over of the responsible legal entity or of
the group of legal entities to which the responsible legal
entity belongs\].
3. Administrative Sanctions \[and Side-measures\]:
1) In addition to or instead of civil penalties, the Competent
Authority may impose administrative sanctions, including:
1) Formal warnings;
2) Mandatory corrective action orders;
3) Temporary suspension of licenses or authorisations;
4) Revocation of licenses or authorisations; and
5) Disqualification from public procurement processes.
2) Before imposing administrative sanctions, the Authority shall:
1) Provide written notice of the intended sanction;
2) Allow the entity \[X\]days to respond or remedy the
violation;
3) Consider any representations made before making a final
decision.
4. Penalty and Sanction Calculation Guidelines:
1) \[Except for criminal offences,\] The Competent Authority shall
publish guidelines on sanction and penalty calculations,
including:
1) Base amounts for different types of violations;
2) Aggravating and mitigating factors;
3) Methods for calculating economic benefit from violations;
4) Procedures for ability-to-pay assessments; and
5) Methods for calculating the annual turn-over of the
responsible legal entity or of the group of legal entities
to which the responsible legal entity belongs\].
2) These guidelines shall be:
1) Subject to public consultation before adoption;
2) Reviewed and updated at least every \[X\] years;
3) Applied consistently across similar cases.
5. Settlement Procedures:
1) \[Except for criminal penalties,\] The Competent Authority may
establish procedures for the settlement of cases, allowing
entities to:
1) Admit to violations and accept a reduced penalty;
2) Agree to specific compliance measures;
3) Avoid formal enforcement proceedings.
2) Settlement agreements shall:
1) Be in writing and signed by both parties;
2) Specify the violations admitted and penalties accepted;
3) Include a compliance plan with clear deadlines;
4) Be made public, subject to redaction of confidential
information.
6. Continuing \[Civil\] Penalties:
1) For ongoing violations, the Competent Authority may impose
continuing \[civil\] penalties of:
1) Up to \[X\] amount per day for individuals;
2) Up to \[Y\] amount per day for corporations.
2) These penalties shall accrue until:
1) The violation is remedied;
2) The maximum penalty limit is reached;
3) The Authority orders otherwise.
7. Liability of Directors and Officers:
1) Directors and senior officers of corporations may be held
personally liable for offences if it is proven that:
1) The offence was committed with their consent or connivance;
or
2) The offence was attributable to their neglect.
2) Penalties for personal liability may include:
1) Fines up to \[X\] amount;
2) Disqualification from holding director or officer positions
for up to \[Y\] years;
3) In severe cases, imprisonment for up to \[Z\] years.
8. Appeals:
1) Any person aggrieved by a penalty or sanction imposed under this
section may appeal to the Regulatory Appeals Tribunal within
\[X\] days.
2) The appeal shall specify:
1) The grounds for challenging the penalty or sanction;
2) Any evidence supporting the appeal;
3) The relief sought.
3) The Tribunal shall have the power to:
1) Affirm, modify, or set aside the penalty or sanction;
2) Remit the matter to the Competent Authority for
reconsideration;
3) Substitute its own decision for that of the Authority.
### Rating and Labelling of (Economic) Actors
1. Establishment of Rating System:
1) The Competent Authority shall develop and implement a rating
system for regulated entities that:
1) Provides a clear, objective measure of compliance and
performance;
2) Covers all key aspects of regulatory requirements;
3) Is tailored to different sectors or types of regulated
entities as appropriate.
2) The rating system shall include:
1) A numerical score (e.g., 0-100);
2) A corresponding letter grade (e.g., A+, A, B, C, D, F);
3) Specific ratings for key performance areas (e.g., safety,
financial stability, environmental compliance).
2. Rating Criteria:
1) Ratings shall be based on objective criteria including:
1) Compliance with regulatory requirements;
2) Results of inspections and audits;
3) Complaint history and resolution;
4) Proactive risk management practices; and
5) Transparency and cooperation with the Authority.
2) The weighting of criteria shall be:
1) Clearly defined and publicly disclosed;
2) Reviewed annually for continued relevance;
3) Subject to public consultation before any significant
changes.
3. Rating Process:
1) The Competent Authority shall:
1) Conduct ratings at least \[X-annually\] for each regulated
entity;
2) Base ratings on data collected through regular supervisory
activities;
3) Allow regulated entities to submit additional relevant
information;
4) Use a panel of at least three staff members to determine
final ratings; and
5) Document the justification for each rating decision.
2) Before finalising a rating, the Authority shall:
1) Provide the regulated entity with a draft rating and
supporting analysis;
2) Allow \[X\] days for the entity to respond with any
objections or additional information;
3) Consider any responses received before making a final
determination.
4. Publication of Ratings:
1) The Competent Authority shall:
1) Maintain a public register of ratings on its website;
2) Update the register within \[X\] working days of any rating
change; and
3) Provide historical rating data for at least the past X
years.
2) The public register shall include:
1) The current rating and date of last assessment;
2) A brief summary of the basis for the rating;
3) Any specific areas of concern or commendation; and
4) Links to more detailed reports where available.
5. Labelling Requirements:
1) Regulated entities shall be required to display their current
rating:
1) Prominently at all physical premises accessible to the
public;
2) On their website homepage;
3) In all promotional materials and advertisements;
4) On product packaging, manuals or other documents
accompanying the product, where applicable.
2) The display format shall be standardised and include:
1) The numerical score and letter grade;
2) The date of the last assessment; and
3) A QR code linking to the entity’s entry in the public
register.
6. Appeals Process:
1) Regulated entities may appeal their rating within \[X\] days of
notification by:
1) Submitting a written appeal to the Competent Authority;
2) Providing evidence to support their case for a different
rating.
2) The Competent Authority shall:
1) Establish an independent appeals panel to review cases;
2) Allow the appellant to make oral representations if desired;
and
3) Make a final decision within \[X\] days of receiving the
appeal.
3) The rating under appeal shall remain in force until the appeal
is decided.
7. Incentives and Consequences:
1) The Competent Authority may provide incentives for high-rated
entities, such as:
1) Reduced frequency of routine inspections;
2) Priority processing of license renewals or other
applications; and
3) Public recognition through awards or certifications.
2) For low-rated entities, the Authority may impose:
1) More frequent inspections or audits;
2) Mandatory improvement plans with specific timelines;
3) Additional reporting requirements;
4) Restrictions on certain high-risk activities.
## L: Third Party Enforcement Assistance
### Third Party Legal Action Supporting Enforcement:
1. Standing to Bring Actions:
1) The following parties shall have standing to bring legal actions
to enforce provisions of this Act:
1) Individuals directly affected by violations of the Act;
2) Consumer protection organisations registered with the
Competent Authority;
3) Environmental organisations registered with the Competent
Authority;
4) Trade associations representing regulated entities; and
5) Local authorities within whose jurisdiction a violation has
occurred and/or had an impact.
2) To be eligible for registration, organisations must:
1) Be legally constituted non-profit entities;
2) Have been in operation for at least \[X\] years;
3) Demonstrate expertise in the relevant regulatory area; and
4) Have internal governance procedures to ensure
accountability.
2. Types of Legal Actions:
1) Eligible parties may bring the following types of legal actions:
1) Applications for injunctive relief to prevent or stop
violations;
2) Actions for declaratory judgments on the interpretation of
the Act;
3) Public interest litigation to address systemic
non-compliance;
4) Actions to compel the Competent Authority to perform its
statutory duties.
2) Class actions may be brought where:
1) There are multiple affected parties with similar claims;
2) Individual actions would be impractical or inefficient;
3) The representative party can fairly represent the interests
of the class.
3. Pre-Action Requirements:
1) Before initiating legal action, the potential plaintiff must:
1) Serve a notice of intent to sue on the alleged violator and
the Competent Authority;
2) Allow \[X\] days for the alleged violator to remedy the
violation or for the Competent Authority to commence
enforcement action; and
3) Participate in mandatory mediation if requested by the
alleged violator.
2) The notice of intent must include:
1) The specific provisions of the Act alleged to have been
violated;
2) The facts supporting the allegation; and
3) The relief sought by the potential plaintiff.
4. Court Procedures:
1) Actions under this section shall be heard by specialised
regulatory chambers of the \[appropriate court\].
2) The court may:
1) Appoint independent experts to assist in technical matters;
2) Allow amicus curiae briefs from interested parties;
3) Order the production of relevant documents from any party;
4) Conduct site visits or inspections if necessary.
3) The burden of proof shall be on the plaintiff, but once a prima
facie case is established, the burden shifts to the defendant to
show compliance.
5. Remedies:
1) The court may grant the following remedies:
1) Injunctions to prevent or stop violations;
2) Declaratory judgments on rights and obligations under the
Act;
3) Orders for specific performance of statutory duties;
4) Compensation for harm caused by violations;
5) Punitive damages in cases of willful or reckless violations.
2) In determining remedies, the court shall consider:
1) The nature and extent of the violation;
2) Any harm caused to public interests;
3) Any economic benefits derived from the violation; and
4) The compliance history of the violator.
6. Costs and Funding:
1) The court may order the unsuccessful party to pay the reasonable
costs of the successful party.
2) Where the action has served a significant public interest, the
court may order that:
1) Each party bears its own costs, regardless of the outcome;
2) The Competent Authority contributes to the plaintiff’s
costs.
3) The government shall establish a Public Interest Litigation Fund
to:
1) Provide financial support for eligible cases;
2) Cover adverse costs orders in unsuccessful but meritorious
cases.
7. Protection Against Retaliatory Action:
1) It shall be unlawful for any person to retaliate against an
individual or organisation for:
1) Bringing an action under this section;
2) Assisting in such an action;
3) Providing information to support such an action.
2) Any person subject to retaliatory action may bring a separate
action for:
1) Reinstatement to their position, if applicable;
2) Compensation for any losses suffered;
3) Punitive damages against the retaliating party.
### Alert Portals:
1. Establishment of Alert Portal:
1) The Competent Authority shall establish and maintain a
centralised online Alert Portal for:
1) Reporting potential violations of this Act;
2) Submitting complaints about regulated entities; and
3) Raising concerns about emerging risks in the regulated
sector.
2) The Alert Portal shall:
1) Be accessible 24/7 via the Authority’s website and a mobile
application;
2) Allow for anonymous submissions;
3) Support uploads of documents, images, and other evidence;
4) Provide automated acknowledgment of received alerts,
including a unique reference number assigned to the latter.
2. Categories of Alerts:
1) The Alert Portal shall allow for categorisation of submissions,
including:
1) Whistleblower reports from employees of regulated entities;
2) Consumer complaints about products or services;
3) Reports of environmental incidents or hazards;
4) Concerns about financial misconduct or fraud;
5) Alerts about potential public health risks;
6) Reports of non-compliance with regulatory requirements.
2) The system shall use intelligent categorisation to route alerts
to appropriate departments.
3. Processing of Alerts:
1) The Competent Authority shall:
1) Acknowledge receipt of all alerts within \[X\] hours;
2) Conduct an initial assessment of each alert within \[X\] 5
working days;
3) Decide on further action within \[X working days.
2) For each alert, the Authority shall:
1) Assign a unique reference number for tracking;
2) Record all actions taken in response to the alert; and
3) Regularly update the status visible to the submitter.
3) Where an alert warrants investigation, the Authority shall:
1) Assign an investigator within \[X\] working days;
2) Develop an investigation plan with timelines; and
3) Regularly review progress of the investigation.
4. Confidentiality and Data Protection:
1) The Alert Portal shall incorporate robust security measures,
including:
1) End-to-end encryption of all communications;
2) Secure storage of all submitted information; and
3) Access controls limiting staff access to alerts on a
need-to-know basis.
2) The identity of anonymous submitters shall be protected by:
1) Technical measures preventing tracking or identification;
and
2) Legal prohibitions on attempting to identify anonymous
submitters.
3) Personal data collected through the Alert Portal shall be:
1) Used only for the purposes of processing and investigating
alerts;
2) Retained only for as long as necessary for these purposes;
and
3) Deleted or anonymised once no longer needed.
5. Feedback and Follow-up:
1) The Authority shall:
1) Provide updates on the status of the alert at least monthly;
2) Inform the submitter of the outcome of any investigation;
and
3) Seek additional information from the submitter if needed.
2) The Authority shall publish anonymised statistics on alerts
received and actions taken, including:
1) Number of alerts by category;
2) Average response and resolution times; and
3) Outcomes of investigations prompted by alerts.
6. Integration with Other Systems:
1) The Alert Portal shall be integrated with:
1) The Authority’s case management system;
2) Relevant databases of regulated entities and licenses; and
3) Systems of other authorities where appropriate.
2) The Portal shall include an API allowing:
1) Regulated entities to submit required reports directly;
2) Authorised third-party apps to submit alerts on behalf of
users.
7. Continuous Improvement:
1) The Competent Authority shall:
1) Conduct an annual review of the Alert Portal’s
effectiveness;
2) Seek feedback from users through periodic surveys; and
3) Benchmark the system against international best practices.
2) Based on these assessments, the Authority shall:
1) Implement improvements to the Portal’s functionality;
2) Enhance internal processes for handling alerts; and
3) Provide additional training to staff managing the Portal.
### Whistleblowing Mechanisms
1. Establishment of Whistleblowing Channels:
1) The Competent Authority shall establish and maintain secure
channels for receiving whistleblower reports, including:
1) A dedicated online portal;
2) A toll-free telephone hotline;
3) A secure postal address for written submissions; and
4) In-person reporting facilities at the Authority’s offices.
2) These channels shall:
1) Be accessible 24/7;
2) Allow for anonymous reporting;
3) Use encryption and other security measures to protect the
confidentiality of reports and reporter identities.
3) The Competent Authority shall:
1) Establish an independent Office of the Whistleblower to
oversee and coordinate whistleblowing mechanisms across all
sectors;
2) Ensure the Office has sufficient resources and authority to
investigate complaints, enforce protections, and recommend
improvements to the whistleblowing framework;
3) Require the Office to report annually to Parliament on the
state of whistleblowing in the country.
2. Scope of Reportable Matters:
1) Whistleblowers may report on:
1) Violations of this Act or related regulations;
2) Criminal offences related to regulated activities;
3) Actions that pose a risk to public health, safety, or the
environment;
4) Gross mismanagement or waste of public funds;
5) Abuse of authority by regulatory officials.
2) Reports must be:
1) Made in good faith;
2) Based on reasonable grounds; and
3) Related to matters within the Authority’s jurisdiction.
3) Protected disclosures shall include:
1) Information about past, present, or likely future
wrongdoing;
2) Reasonable beliefs about wrongdoing, even if later proven
incorrect;
3) Disclosures made anonymously, if later identified; and
4) Disclosures that may be covered by legal privilege.
3. Whistleblower Protections:
1) Whistleblowers shall be protected from:
1) Termination of employment;
2) Demotion or other adverse employment actions;
3) Harassment or discrimination;
4) Civil or criminal liability related to the disclosure; and
5) Liability for breach of confidentiality agreements.
2) These protections apply to:
1) Employees and former employees of regulated entities;
2) Contractors and suppliers of regulated entities, their
employees and former employees;
3) Individuals applying for employment, internship or similar
engagements with regulated entities or with their
contractors and suppliers; and
4) Current and former volunteers and interns of regulated
entities or of their contractors and suppliers.
3) Protection shall not be afforded to persons who:
1) Knowingly make false reports;
2) Seek personal gain through their report;
3) \[Participate in the reported wrongdoing\].
4) The burden of proof in retaliation cases shall be on the
employer to demonstrate that any adverse action was not
motivated by the whistleblower’s disclosure.
5) Whistleblower rights cannot be waived or limited by any
agreement, policy, form, or condition of employment, including
pre-dispute arbitration agreements.
4. Handling of Whistleblower Reports:
1) The Competent Authority shall:
1) Acknowledge receipt of reports within \[X\] working days;
2) Conduct an initial assessment within \[X\] working days; and
3) Decide on further action within \[X\] days of receipt.
2) Where a report warrants investigation, the Authority shall:
1) Assign an investigator within \[X\] working days;
2) Complete the investigation within \[X\] days, unless
extended for good cause;
3) Inform the whistleblower of the outcome, to the extent
legally permissible.
3) The Authority shall maintain confidentiality throughout the
process, revealing the whistleblower’s identity only:
1) With the explicit consent of the whistleblower;
2) When required by court order.
4) The Competent Authority shall establish a secure case management
system to:
1) Track and monitor all whistleblower reports from receipt to
resolution;
2) Generate analytics on reporting trends and outcomes;
3) Identify potential systemic issues across multiple reports.
5. Internal Whistleblowing Mechanisms:
1) Regulated entities with more than \[X\] employees shall:
1) Establish internal whistleblowing mechanisms;
2) Designate a senior officer responsible for managing these
mechanisms; and
3) Inform all employees about the available reporting channels.
2) Internal mechanisms must:
1) Allow for anonymous reporting;
2) Ensure confidentiality of reports;
3) Provide for independent investigation of reports; and
4) Include safeguards against retaliation.
3) Regulated entities shall report annually to the Competent
Authority on:
1) The number and types of internal whistleblower reports
received;
2) Actions taken in response to reports;
3) Measures taken to protect whistleblowers.
4) Regulated entities shall:
1) Designate a senior-level whistleblowing champion responsible
for promoting and overseeing the internal whistleblowing
system;
2) Ensure multiple reporting channels, including to an
independent third party;
3) Implement a triage system to assess and prioritise reports
based on severity and urgency;
4) Establish clear timelines for acknowledging, investigating,
and resolving reports.
6. Rewards for Whistleblowers:
1) The Competent Authority may provide monetary rewards to
whistleblowers whose reports:
1) Lead to successful enforcement action;
2) Result in the recovery of funds or prevention of losses
exceeding \[amount\].
2) Rewards shall be:
1) Between \[10\]% and \[30\]% of funds recovered or losses
prevented;
2) Capped at \[maximum amount\] per case;
3) Paid from a dedicated Whistleblower Reward Fund.
3) Decisions on rewards shall be made by an independent committee
and based on:
1) The significance of the information provided;
2) The degree of assistance provided by the whistleblower;
3) The Authority’s programmatic interest in deterring
violations.
4) The Competent Authority shall:
1) Establish a dedicated Whistleblower Reward Fund, funded by a
percentage of recovered funds or penalties;
2) Establish the independent committee on rewards and maintain
its activity;
3) Publish anonymised case studies of successful whistleblowing
cases and rewards granted;
4) Ensure reward determinations are made by an independent
panel to avoid conflicts of interest.
7. Education and Awareness:
1) The Competent Authority shall:
1) Conduct regular public awareness campaigns about
whistleblowing;
2) Provide training to regulated entities on establishing
effective internal mechanisms; and
3) Publish guidance materials on whistleblower rights and
procedures.
2) Regulated entities shall:
1) Include whistleblowing procedures in employee onboarding;
2) Conduct annual refresher training for all employees; and
3) Display information about whistleblowing rights prominently
in the workplace.
3) The Competent Authority shall:
1) Develop sector-specific whistleblowing guidelines and best
practices;
2) Establish a certification program for organisational
whistleblowing systems;
3) Conduct an annual national whistleblowing awareness week.
8. Transparency and Reporting:
1) The Competent Authority shall publish an annual report on
whistleblowing, including:
1) Number and types of reports received;
2) Outcomes of investigations;
3) Enforcement actions taken;
4) Rewards granted; and
5) Emerging trends and systemic issues identified.
2) Regulated entities with more than \[100\] employees \[and/or
more than \[X\] annual income from the regulated activity\]
shall include a whistleblowing section in their annual reports,
detailing:
1) The structure and effectiveness of their internal
whistleblowing system;
2) Number and types of reports received;
3) General outcomes of investigations; and
4) Measures taken to protect whistleblowers and prevent
retaliation.
### Whistleblower and Witness Protection
1. Establishment of Protection Program:
1) The Competent Authority shall establish a Whistleblower and
Witness Protection Program to:
1) Ensure the safety and well-being of whistleblowers and
witnesses;
2) Facilitate their cooperation in investigations and
proceedings;
3) Protect them from retaliation or intimidation.
2) The Program shall be administered by a dedicated Protection Unit
within the Authority, which shall:
1) Assess protection needs on a case-by-case basis;
2) Implement appropriate protection measures; and
3) Coordinate with law enforcement agencies as necessary.
3) The Protection Unit shall:
1) Develop and implement a risk assessment framework to
determine appropriate protection measures;
2) Establish secure communication channels with protected
persons;
3) Conduct regular security audits of protection measures; and
4) Provide ongoing psychological support and counseling to
protected persons.
2. Eligibility for Protection:
1) The following individuals shall be eligible for protection:
1) Whistleblowers who have made protected disclosures under
Section 69;
2) Witnesses in investigations or proceedings related to
regulatory violations;
3) Immediate family members of whistleblowers or witnesses; and
4) Individuals who have assisted whistleblowers or witnesses.
2) To be eligible, the individual must:
1) Face a credible threat of harm or retaliation;
2) Agree to cooperate fully with any investigation or
proceeding;
3) Consent to any reasonable conditions imposed by the
Protection Unit.
3) Protection shall extend to:
1) Persons who provide material support to whistleblowers or
witnesses;
2) Journalists who report on whistleblower disclosures or
witness testimonies; and
3) Family members of protected persons up to the second degree
of consanguinity or affinity\[, whilst no degree limit
applies where physical protection is evidently necessary\].
3. Types of Protection Measures:
1) The Protection Unit may implement the following measures:
1) Physical protection, including armed escort and secure
housing;
2) Relocation of the protected person and their family;
3) Change of identity, including provision of new
documentation;
4) Financial assistance for living expenses and lost income;
5) Psychological support and counseling;
6) Job transfer or assistance in finding new employment;
7) Monitoring of the protected person’s workplace for signs of
retaliation; and
8) Legal assistance in civil, criminal, or administrative
proceedings.
2) In determining appropriate measures, the Unit shall consider:
1) The nature and severity of the threat;
2) The importance of the person’s testimony or information;
3) The person’s personal circumstances and preferences; and
4) The cost and practicality of different protection options.
3) The Protection Unit shall:
1) Develop a network of safe dwellings for temporary relocation
of protected persons;
2) Establish agreements with employers to facilitate job
transfers or paid leave for protected persons; and
3) Provide digital security training and tools to protect
against online threats and surveillance.
4. Confidentiality:
1) The Protection Unit shall maintain strict confidentiality
regarding:
1) The identity of protected persons;
2) The nature and extent of protection measures;
3) The location of protected persons; and
4) The fact of protection as such.
2) All staff involved in the Protection Program shall:
1) Sign non-disclosure agreements;
2) Undergo background checks and security clearance; and
3) Receive training on information security protocols.
3) Breach of confidentiality by staff shall be grounds for:
1) Immediate dismissal from the Protection Program;
2) Criminal prosecution under applicable laws.
4) The Protection Unit shall implement a secure information
management system with:
1) End-to-end encryption for all communications;
2) Strict access controls based on need-to-know principles; and
3) Audit trails for all access to protected information.
5. Duration and Termination of Protection:
1) Protection measures shall remain in effect:
1) For the duration of the investigation or proceeding;
2) For a reasonable period thereafter, based on ongoing risk
assessment;
3) Until the protected person voluntarily withdraws from the
Program.
2) The Protection Unit may terminate protection if the protected
person:
1) Knowingly provides false or misleading information;
2) Fails to comply with reasonable conditions of the Program;
3) Engages in criminal activity while under protection;
4) Waives protection in writing.
3) Before termination, the Unit shall:
1) Provide written notice to the protected person;
2) Allow 14 days for the person to respond or appeal; and
3) Conduct a final risk assessment.
4) The Protection Unit shall:
1) Conduct periodic risk assessments to determine the ongoing
need for protection;
2) Develop individualised exit strategies for protected
persons; and
3) Provide post-protection support services for a period of
\[X\] months after formal protection ends.
5) When there are grounds for protection termination and if there
are minors among the protected persons, the protection shall
continue to the extent needed for minors protection.
6. Cooperation with Law Enforcement:
1) The Protection Unit shall establish formal cooperation
agreements with:
1) National and local police forces;
2) The public prosecutor’s office;
3) Relevant security agencies.
2) These agreements shall cover:
1) Procedures for requesting law enforcement assistance;
2) Information sharing protocols;
3) Joint risk assessment methodologies; and
4) Training and capacity building initiatives.
3) The Protection Unit shall:
1) Conduct joint training exercises with law enforcement
agencies on witness protection;
2) Establish secure protocols for sharing information about
protected persons with law enforcement when necessary; and
3) Develop memoranda of understanding with key law enforcement
agencies to clarify roles and responsibilities.
7. International Cooperation:
1) The Competent Authority may enter into agreements with foreign
counterparts to:
1) Relocate protected persons internationally when necessary;
2) Share best practices in whistleblower and witness
protection;
3) Provide mutual assistance in protection cases.
2) Such agreements shall include provisions for:
1) Cost sharing arrangements;
2) Procedures for transferring protected persons; and
3) Ongoing monitoring and support of relocated persons.
3) The Competent Authority shall:
1) Participate in international networks and forums on
whistleblower and witness protection;
2) Contribute to the development of international standards and
best practices; and
3) Establish a rapid response mechanism for urgent
international relocations.
8. Remedies for Retaliation:
1) Protected persons who suffer retaliation shall be entitled to:
1) Reinstatement to their former position, if applicable;
2) Compensation for lost wages and benefits;
3) Damages for pain and suffering;
4) Punitive damages against the retaliating party.
2) The Competent Authority shall:
1) Provide legal assistance to pursue these remedies;
2) Establish an expedited process for hearing retaliation
complaints; and
3) Have the power to issue interim relief orders pending final
determination.
3) The Competent Authority shall:
1) Establish a specialised tribunal or court division to hear
whistleblower retaliation cases;
2) Provide free legal representation to whistleblowers in
retaliation proceedings; and
3) Implement a system of administrative fines for employers
found to have retaliated against whistleblowers.
9. Reporting and Oversight:
1) The Protection Unit shall submit annual reports to the
Parliament, including:
1) The number of persons protected;
2) Types of protection measures implemented;
3) Outcomes of cases involving protected persons; and
4) Costs associated with the Protection Program.
2) An independent oversight committee shall:
1) Review the operations of the Protection Program annually;
2) Assess the effectiveness of protection measures;
3) Recommend improvements to the Program; and
4) Investigate any complaints about the Program’s operation.
3) The independent oversight committee shall:
1) Have the power to conduct unannounced inspections of the
Protection Unit;
2) Review all cases where protection was denied or terminated;
and
3) Publish an annual public report on the effectiveness of the
Protection Program, with recommendations for improvement.
10. Education and Awareness:
1) The Competent Authority shall:
and
1) Conduct public awareness campaigns about whistleblower and witness
protection;
2) Provide training to law enforcement and judicial officers on working
with protected persons;
3) Develop educational materials for potential whistleblowers and
witnesses.
1) All regulated entities shall:
1) Include information about whistleblower and witness
protection in their compliance programs; and
2) Train employees on their rights and obligations regarding
protected disclosures and testimony.
2) The Protection Unit shall:
1) Develop a comprehensive online resource center on
whistleblower and witness protection;
2) Conduct regular media briefings on the importance of
whistleblower and witness protection (without disclosing
sensitive information); and
3) Engage with academic institutions to promote research on
effective whistleblower and witness protection strategies.
## Dispute Resolution
### Appeals
1. Establishment of Appeals Mechanism:
1) An independent Regulatory Appeals Tribunal (the Tribunal) is
hereby established to hear appeals against decisions of the
Competent Authority.
2) The Tribunal shall consist of:
1) A Chairperson, who shall be a qualified judge or lawyer;
2) At least four other members with expertise in relevant
fields;
3) Additional ad hoc members appointed for specific cases as
needed; and
4) A secretariat to provide administrative support.
3) Members shall be appointed by \[relevant appointing authority\]
for terms of \[X\] years, \[renewable once\].
4) Members may only be removed for misconduct or incapacity,
following an independent inquiry.
2. Jurisdiction of the Tribunal:
The Tribunal shall have jurisdiction to hear appeals against:
1) Licensing decisions, including refusals, suspensions, or
revocations;
2) Enforcement actions and penalties imposed by the Competent
Authority;
3) Decisions on data protection matters under Section 74; and
4) Any other decisions specified in regulations as appealable.
3. Right to Appeal:
1) Any person aggrieved by a decision of the Competent Authority
may appeal to the \[Regulatory Appeals Tribunal\] within \[30\]
days of the decision.
2) Appealable decisions include, but are not limited to:
1) Refusal, suspension, or revocation of licenses or
authorisations;
2) Imposition of administrative, civil, financial and other
penalties, side-measures;
3) Orders to cease operations or recall products; and
4) Decisions on whistleblower protection or rewards.
3) The appeal shall not suspend the effect of the decision unless
the Tribunal orders otherwise.
4. Powers of the Tribunal:
1) The Tribunal may:
1) Affirm, vary, or set aside the decision of the Competent
Authority;
2) Remit the matter to the Authority for reconsideration;
3) Substitute its own decision for that of the Authority;
4) Issue interim orders to preserve the status quo or prevent
irreparable harm.
2) The Tribunal shall have the same powers as a civil court in
respect of:
1) Summoning and enforcing attendance of witnesses;
2) Requiring the discovery and production of documents;
3) Receiving evidence on affidavits; and
4) Issuing commissions for the examination of witnesses or
documents.
5. Appeal Procedures:
1) An appeal must be filed within \[30\] days of the decision being
appealed, unless the Tribunal grants an extension for good
cause.
2) Appeals shall be filed in writing and include:
1) The grounds for appeal;
2) Any supporting evidence;
3) The relief sought.
3) Appeals shall be served on the Competent Authority and any other
affected parties.
4) The Competent Authority shall file a response within \[21\] days
of receiving the appeal.
5) The Tribunal may:
1) Hold oral hearings if deemed necessary;
2) Request additional information from either party;
3) Appoint independent experts to advise on technical matters.
6) The Tribunal shall issue a reasoned decision within \[90\] days
of the hearing or final submissions.
5. Interim Relief:
1) The Tribunal may grant interim relief pending the final
determination of an appeal, including:
1) Stay of the Competent Authority’s decision;
2) Temporary continuation of a suspended license;
3) Any other measure necessary to preserve the status quo or
prevent irreparable harm.
2) In deciding on interim relief, the Tribunal shall consider:
1) The likelihood of success on the merits of the appeal;
2) The balance of convenience between the parties;
3) Any public interest considerations.
5. Class Actions:
1) Where multiple persons are affected by the same decision or
action of the Competent Authority, they may bring a class
action before the Regulatory Appeals Tribunal.
2) To certify a class action, the Tribunal must be satisfied
that:
1) There are common issues of fact or law;
2) A class action is the most efficient means of resolving
the disputes; and
3) The representative plaintiff can fairly represent the
interests of the class.
3) The Tribunal shall establish procedures for:
1) Notifying potential class members;
2) Opting in or out of the class; and
3) Distributing any damages or other remedies awarded.
6. Judicial Review:
1) Decisions of the Regulatory Appeals Tribunal may be subject
to judicial review by the High Court on grounds of:
1) Lack of jurisdiction;
2) Error of law;
3) Procedural impropriety;
4) Irrationality or unreasonableness.
2) Applications for judicial review must be filed within \[60\]
days of the Tribunal’s decision.
3) The High Court may:
1) Quash the decision and remit it to the Tribunal for
reconsideration;
2) Prohibit the Tribunal from proceeding in breach of
natural justice;
3) Compel the Tribunal to perform its statutory duties;
4) Affirm or vary the decision of the Tribunal;
> \(iv\) In exceptional cases, substitute its own decision for that of
> the Tribunal.
7. Costs and Accessibility:
1) The Tribunal may make orders as to costs, considering:
1) The outcome of the appeal;
2) The conduct of the parties;
3) The financial resources of the parties;
4) The public interest nature of the case.
2) To ensure accessibility:
1) Filing fees for appeals shall be set at a reasonable level;
2) The Tribunal may waive fees in cases of financial hardship;
3) Parties may represent themselves or be represented by any
person of their choice, not necessarily a lawyer.
3) Where an appeal raises important points of principle, the
Tribunal may order that each party bear its own costs regardless
of the outcome.
8. Enforcement of Decisions:
1) Decisions of the Tribunal shall be enforceable as if they were
orders of the High Court.
2) Non-compliance with a Tribunal decision may result in:
1) Contempt proceedings;
2) Additional penalties imposed by the Competent Authority;
3) Publication of the non-compliance on the Authority’s
website.
9. Annual Report:
1) The Tribunal shall publish an annual report including:
1) Statistics on appeals received, disposed, and pending;
2) Summaries of significant decisions; and
3) Any recommendations for improving the regulatory framework.
2) This report shall be:
1) Submitted to Parliament;
2) Made publicly available on the Tribunal’s website;
3) Used to inform ongoing improvements to the regulatory
system.
### Alternative Dispute Resolution:
1) The Competent Authority shall establish an Alternative Dispute
Resolution (ADR) mechanism for resolving disputes between:
1) Regulated entities and the Authority;
2) Different regulated entities;
3) Regulated entities and consumers.
2) This ADR mechanism may include:
1) Mediation by neutral third parties;
2) Expert determination for technical disputes;
3) Early neutral evaluation to encourage settlements.
3) Participation in ADR shall be:
1) Voluntary, unless made mandatory by specific regulations;
2) Without prejudice to the right of appeal to the Tribunal;
3) Confidential, with any admissions or proposals made during ADR
not admissible in subsequent proceedings.
4) Agreements reached through mediation shall be binding on the parties
and enforceable in court.
### Interpretation and Conflict Resolution
1. General Rules of Interpretation:
1) This Act shall be interpreted in a manner that:
1) Promotes its purposes and principles as set out in Section
1;
2) Ensures consistency with international best practices in
regulation; and
3) Upholds the rights and protections granted to individuals
and entities.
2) Where any provision of this Act is ambiguous, the interpretation
that best serves the public interest shall be preferred.
2. Definitions:
1) Unless the context otherwise requires, terms used in this Act
shall have the meanings assigned to them in Section \[X\]
(Definitions).
2) The Competent Authority may issue interpretative guidelines to
clarify the meaning of terms not explicitly defined in the Act.
3. Conflict with Other Laws:
1) In case of conflict between this Act and any other law:
1) The provisions of this Act shall prevail to the extent of
the inconsistency, unless the other law explicitly states
otherwise;
2) Both laws shall be interpreted, where possible, to give
effect to both, with this Act taking precedence in matters
specific to its regulatory domain.
2) Nothing in this Act shall be construed as:
1) Limiting any rights or protections granted under the
Constitution;
2) Superseding international treaties or agreements to which
\[Country\] is a party, unless explicitly stated.
4. Internal Consistency:
1) The various parts, sections, and provisions of this Act shall be
interpreted as a coherent whole.
2) Where apparent contradictions exist within the Act:
1) More specific provisions shall prevail over general ones;
2) Later provisions in sequence shall prevail over earlier
ones, unless clearly intended otherwise.
5. Use of Explanatory Materials:
1) In interpreting this Act, reference may be made to:
1) Explanatory memoranda or notes accompanying the Act when it
was introduced in Parliament;
2) Reports of parliamentary committees that considered the Act;
and
3) Relevant international standards or guidelines referenced in
the Act.
2) These materials shall be used to:
1) Resolve ambiguities in the text of the Act;
2) Confirm or determine the meaning when the text is unclear;
and
3) Identify the mischief the Act was intended to remedy.
6. Technological Neutrality:
1) The provisions of this Act shall be interpreted and applied in a
technologically neutral manner, to the extent possible.
2) References to specific technologies shall be construed to
include:
1) Equivalent technologies that may emerge in the future; and
2) Technological processes that achieve the same regulatory
objectives.
7. Purposive Interpretation:
1) In case of ambiguity, the provisions of this Act shall be
interpreted in a manner that:
1) Best achieves the regulatory objectives stated in the Act;
2) Promotes innovation and development in the regulated
sectors; and
3) Protects the rights and interests of consumers and the
public.
8. Resolution of Conflicts between Regulatory Objectives:
1) Where conflicts arise between different regulatory objectives of
this Act, the Competent Authority and the courts shall:
1) Seek to balance the competing objectives in a manner that
best serves the overall public interest;
2) Provide a reasoned explanation for its chosen approach in
resolving the conflict;
3) Consult with affected stakeholders before making a final
determination.
9. Interpretation in Light of International Obligations:
1) This Act shall be interpreted, where possible, in a manner
consistent with \[Country\]’s international obligations,
including:
1) Bilateral and multilateral trade agreements;
2) International conventions on regulatory cooperation;
3) Global standards and best practices in the relevant
regulatory fields.
10. Competent Authority’s Power to Issue Interpretative Statements:
1) The Competent Authority may issue formal interpretative
statements to:
1) Clarify ambiguities in the Act or its implementing
regulations;
2) Provide guidance on the application of the Act to novel
situations;
3) Ensure consistent interpretation across different regulated
entities.
2) Such interpretative statements shall:
1) Be published on the Authority’s website; and
2) Be binding on the Authority until formally revised or
revoked;
3) Be considered by courts as persuasive, though not binding,
authority in interpreting the Act.
## Data and Information
### Data Protection and Privacy
1. Scope of Data Protection:
1) This section applies to all personal data collected, processed,
or stored by:
1) The Competent Authority;
2) Regulated entities in the course of their activities
regulated by this Act; and
3) Third parties acting on behalf of the Authority or regulated
entities.
2) Personal data includes any information relating to an identified
or identifiable natural person, including but not limited to:
1) Names, identification numbers, and contact details;
2) Financial and transaction data;
3) Biometric and health data; and
4) Location data and online identifiers.
2. Data Protection Principles:
1) All entities handling personal data shall adhere to the
following principles:
1) Lawfulness, fairness, and transparency in data processing;
2) Purpose limitation: data collected for specified, explicit,
and legitimate purposes;
3) Data minimisation: adequate, relevant, and limited to what
is necessary;
4) Accuracy: kept up to date, with inaccurate data erased or
rectified;
5) Storage limitation: kept in identifiable form only as long
as necessary; and
6) Integrity and confidentiality: processed securely to protect
against unauthorised access or loss.
2) The Competent Authority shall issue detailed guidelines on the
application of these principles.
3. Legal Basis for Processing:
1) Personal data may only be processed if at least one of the
following applies:
1) The data subject has given a respective consent for specific
purposes;
2) Processing is necessary for the performance of a contract;
3) Processing is necessary for compliance with a legal
obligation;
4) Processing is necessary to protect vital interests of the
data subject or another person;
5) Processing is necessary for the performance of a task
carried out in the public interest;
6) Processing is necessary for legitimate interests pursued by
the controller or a third party, except where overridden by
the interests or rights of the data subject.
2) For sensitive personal data, additional safeguards and explicit
consent shall be required.
4. Rights of Data Subjects:
1) Data subjects shall have the following rights:
1) Right to be informed about the collection and use of their
personal data;
2) Right of access to their personal data;
3) Right to rectification of inaccurate data;
4) Right to erasure (‘right to be forgotten’) in certain
circumstances;
5) Right to restrict processing;
6) Right to data portability;
7) Right to object to processing; and
8) Rights related to automated decision making and profiling.
2) The Competent Authority and regulated entities shall establish
procedures for data subjects to exercise these rights.
5. Data Protection Impact Assessments:
1) The Competent Authority and regulated entities shall conduct
data protection impact assessments for high-risk processing
activities, including:
1) Systematic and extensive profiling with significant effects;
2) Large scale processing of sensitive data;
3) Large scale, systematic monitoring of publicly accessible
areas.
2) These assessments shall include:
1) A systematic description of the processing operations;
2) An assessment of the necessity and proportionality of the
processing;
3) An assessment of risks to the rights and freedoms of data
subjects;
4) Measures envisaged to address the risks.
6. Data Breach Notification:
1) In the event of a personal data breach, the controller shall:
1) Notify the Competent Authority within 72 hours of becoming
aware of the breach;
2) Notify affected data subjects without undue delay if the
breach is likely to result in high risk to their rights and
freedoms.
2) The notification shall include:
1) The nature of the breach and categories of data affected;
2) The likely consequences of the breach;
3) Measures taken or proposed to address the breach; and
4) Contact details for further information.
7. Data Protection Officers:
1) The Competent Authority and regulated entities shall designate a
Data Protection Officer if they:
1) Are a public authority or body;
2) Carry out large scale systematic monitoring of individuals;
3) Carry out large scale processing of sensitive personal data.
2) The Data Protection Officer shall:
1) Inform and advise on data protection obligations;
2) Monitor compliance with data protection laws and policies;
3) Provide advice on data protection impact assessments;
4) Cooperate with the supervisory authority; and
5) Act as a contact point for data subjects and the supervisory
authority.
8. International Data Transfers:
1) Transfers of personal data to third countries or international
organisations may only take place if:
1) The recipient ensures an adequate level of protection;
2) Appropriate safeguards are in place, such as binding
corporate rules or standard contractual clauses;
3) Specific derogations apply, such as explicit consent or
necessity for the performance of a contract.
2) The Competent Authority shall maintain a list of countries and
organisations providing adequate protection.
9. Enforcement and Penalties:
1) The Competent Authority shall have the power to:
1) Issue warnings and reprimands;
2) Impose temporary or permanent bans on data processing;
3) Order the rectification, restriction, or erasure of data;
and
4) Impose administrative fines.
2) Administrative fines for serious infringements may be up to the
higher of:
1) \[X\]% of annual global turnover; or
2) \[Y\] amount.
### Transparency and Reporting Requirements
1. Public Register of Regulated Entities:
1) The Competent Authority shall maintain a public register of all
regulated entities, including:
1) Name and contact details of the entity;
2) Types of activities authorised;
3) Date of authorisation and its expiry;
4) Any conditions or restrictions on the authorisation; and
5) Enforcement actions taken against the entity.
2) This register shall be:
1) Freely accessible on the Authority’s website;
2) Updated within \[5\] working days of any changes; and
3) Searchable by various criteria including entity name,
activity type, and location.
2. Disclosure of Regulatory Decisions:
1) The Competent Authority shall publish:
1) All significant regulatory decisions, including the
rationale;
2) Guidelines and interpretations of regulatory requirements;
3) Enforcement actions and penalties imposed; and
4) Aggregate data on complaints received and their resolution.
2) Publications shall:
1) Redact confidential business information and personal data;
2) Be made within \[30\] days of the decision or action;
3) Be available on the Authority’s website for at least \[5\]
years.
3. Annual Reporting by Regulated Entities:
1) All regulated entities shall submit annual reports to the
Competent Authority, including:
1) Financial statements audited by an independent auditor;
2) Compliance statement signed by the CEO or equivalent;
3) Details of any significant changes in operations or
ownership;
4) Summary of complaints received and their resolution;
5) Report on environmental and social impact, where applicable;
and
6) Any other information required under this Act.
2) These reports shall be:
1) Submitted within \[4\] months of the end of the financial
year;
2) In a standardised format prescribed by the Authority; and
3) Accompanied by any supporting documents required by
regulations.
4. Disclosure of Ownership and Control:
1) Regulated entities shall disclose:
1) Their property structure and ultimate beneficial owners;
2) Any persons with significant control over the entity; and
3) Group structure and related entities, if part of a corporate
group.
2) This information shall be:
1) Updated within \[30\] days of any changes;
2) Verified annually as part of the compliance statement; and
3) Made available to the public, subject to protection of
personal information.
5. Incident Reporting:
1) Regulated entities shall report to the Competent Authority:
1) Any significant operational incidents within \[24\] hours;
2) Data breaches in the meaning of Section 74.6; and
3) Any events that may have a material impact on their ability
to meet regulatory obligations.
2) The report shall include:
1) Nature and cause of the incident;
2) Impact on customers or operations;
3) Measures taken to mitigate the impact; and
4) Steps to prevent recurrence.
6. Public Consultations:
1) The Competent Authority shall conduct public consultations on:
1) Proposed new regulations or significant changes to existing
ones;
2) Strategic plans and priority setting; and
3) Any other matters of significant public interest.
2) Consultation processes shall:
1) Allow at least \[60\] days for public input;
2) Publish all submissions received, unless confidentiality is
requested;
3) Provide a summary of submissions received, and a response to
significant issues raised in the consultation.
7. Performance Reporting by the Competent Authority:
1) The Competent Authority shall publish an annual report
including:
1) Overview of regulatory activities and achievements;
2) Financial statements and budget utilisation;
3) Performance against key indicators;
4) Significant challenges and plans to address them; and
5) Strategic priorities for the coming year.
2) This report shall be:
1) Submitted to Parliament within \[6\] months of the end of
the financial year;
2) Made publicly available on the Authority’s website; and
3) Presented at an annual public meeting where stakeholders can
ask questions.
8. Information Accessibility:
1) All public disclosures and reports shall be:
1) In plain language, avoiding technical jargon where possible;
2) Available in the official language(s) of the country;
3) Accessible to persons with disabilities; and
4) Machine-readable where appropriate to facilitate data
analysis.
2) The Competent Authority shall maintain a public information
office to:
1) Respond to information requests from the public;
2) Assist in interpreting published information; and
3) Facilitate access to historical records.
## Emergencies
### Emergency Procedures
1. Definition of Emergency:
1) For the purposes of this Act, an emergency is defined as:
1) A situation that poses an immediate risk to health, life,
property, or the environment;
2) An event that requires urgent intervention to prevent
worsening of the situation;
3) A circumstance that threatens the integrity or continuity of
critical regulated services.
2) The Competent Authority may declare an emergency when:
1) Normal regulatory procedures are insufficient to address the
situation;
2) Immediate action is required to protect public interest;
3) The scale or nature of the event exceeds the routine
capacity of regulated entities.
2. Emergency Powers:
1) During a declared emergency, the Competent Authority may:
1) Issue binding directives to regulated entities without
normal consultation periods;
2) Temporarily suspend or modify certain regulatory
requirements;
3) Require immediate reporting and information sharing from
regulated entities;
4) Reallocate resources or mandate cooperation between
entities;
5) Assume direct control of critical functions if necessary.
2) These powers shall be:
1) Proportionate to the nature and scale of the emergency;
2) Limited in duration to the period of the emergency; and
3) Subject to ongoing review and justification.
3. Emergency Response Procedures:
1) The Competent Authority shall maintain an Emergency Response
Plan, which includes:
1) Clear chain of command and decision-making processes;
2) Protocols for rapid assessment of emergencies;
3) Procedures for activating emergency powers;
4) Communication strategies for stakeholders and the public;
and
5) Coordination mechanisms with other relevant agencies.
2) This plan shall be:
1) Reviewed and updated annually;
2) Tested through regular simulation exercises; and
3) Made publicly available, subject to necessary security
redactions.
4. Obligations of Regulated Entities:
1) All regulated entities shall:
1) Develop and maintain their own emergency response plans;
2) Conduct regular emergency drills and staff training;
3) Establish clear internal and external communication
protocols for emergencies; and
4) Maintain emergency reserves or backup systems as required by
regulations.
2) During a declared emergency, regulated entities must:
1) Implement their emergency response plans immediately;
2) Comply with all directives issued by the Competent
Authority;
3) Provide real-time updates to the Authority on their
situation and actions.
5. Emergency Funding:
1) An Emergency Response Fund shall be established to:
1) Provide immediate financial resources during emergencies;
2) Cover costs of emergency measures taken by the Competent
Authority; and
3) Offer temporary financial support to critical regulated
entities if necessary.
2) This fund shall be:
1) Maintained at a minimum balance of \[X\] amount;
2) Replenished through a levy on regulated entities;
3) Subject to strict accounting and auditing procedures.
6. Information Sharing and Coordination:
1) During an emergency, the Competent Authority shall:
1) Establish an Emergency Coordination Center;
2) Liaise with other relevant government agencies and emergency
services;
3) Provide regular public updates through multiple channels;
and
4) Operate a 24/7 hotline for emergency-related inquiries.
2) Regulated entities shall:
1) Designate emergency contact persons available 24/7;
2) Participate in joint emergency response teams if required;
and
3) Share relevant data and resources to address the emergency.
7. Post-Emergency Review:
1) Within \[30\] days of the end of an emergency, the Competent
Authority shall:
1) Conduct a comprehensive review of the emergency response;
2) Identify lessons learned and areas for improvement; and
3) Update emergency procedures based on the review findings.
2) This review shall:
1) Include input from regulated entities and other
stakeholders;
2) Be submitted to the relevant parliamentary committee;
3) Be made publicly available, subject to necessary redactions.
8. Liability and Indemnity:
1) Actions taken in good faith under emergency powers shall not be
grounds for liability against:
1) The Competent Authority or its staff;
2) Regulated entities complying with emergency directives;
3) Individuals acting under the authority of the Competent
Authority.
2) However, this protection does not extend to:
1) Willful misconduct or gross negligence;
2) Actions taken outside the scope of emergency powers;
3) Failure to comply with emergency directives.
## Financial Implementation
### Financial Provisions
1. Funding Sources:
1) The Competent Authority shall be funded through:
1) Fees charged for licenses, authorisations, and other
services;
2) Levies on regulated entities based on their annual turnover
or other appropriate metrics;
3) Fines and penalties collected from enforcement actions;
4) Appropriations from the national budget as approved by
Parliament; and
5) Grants or donations from international organisations or
development partners.
2) The Authority shall strive to achieve financial self-sufficiency
through fees and levies, reducing reliance on government
appropriations over time.
2. Budget Preparation and Approval:
1) The Competent Authority shall prepare an annual budget that
includes:
1) Projected revenues from all sources;
2) Planned expenditures for operations, capital investments,
and special projects; and
3) Any proposed changes to fee structures or levy rates.
2) The draft budget shall be:
1) Approved by the Board of the Authority;
2) Submitted to the relevant Minister at least three months
before the start of the financial year;
3) Presented to the parliamentary committee responsible for
oversight of the Authority.
3) Once approved, the budget shall be published on the Authority’s
website.
3. Financial Management and Controls:
1) The Competent Authority shall:
1) Maintain proper books of accounts and records;
2) Prepare financial statements in accordance with
International Financial Reporting Standards;
3) Implement robust internal control systems; and
4) Establish an internal audit function reporting directly to
the Board.
2) The Authority shall appoint an external auditor who shall:
1) Be a registered public auditor;
2) Be appointed for a term of three years, renewable once; and
3) Conduct annual audits of the Authority’s financial
statements.
4. Investment of Funds:
1) The Competent Authority may invest any surplus funds not
immediately required, subject to:
1) An investment policy approved by the Board;
2) Restrictions on high-risk or speculative investments;
3) Regular reporting on investment performance.
2) Investment income shall be:
1) Used to support the Authority’s regulatory activities;
2) Reported separately in financial statements; and
3) Considered when setting fees and levies to avoid
over-collection.
5. Financial Reporting:
1) Within three months after the end of each financial year, the
Competent Authority shall prepare:
1) Annual financial statements;
2) A report on its operations and performance; and
3) A report on the use of funds collected through fees, levies,
and fines.
2) These reports shall be:
1) Submitted to the Minister and Parliament;
2) Published on the Authority’s website;
3) Made available to the public upon request.
6. Special Funds:
1) The Competent Authority may establish special purpose funds,
including:
1) An Innovation Fund to support research and development in
the regulated sectors;
2) A Consumer Protection Fund to compensate consumers for
losses due to regulatory failures;
and
3) An Emergency Response Fund as outlined in Section 76.5.
2) Each special fund shall have:
1) Clear objectives and criteria for use;
2) Separate accounting and reporting;
3) Oversight by a dedicated committee of the Board.
7. Procurement:
1) The Competent Authority shall establish procurement procedures
that ensure:
1) Transparency and fair competition;
2) Value for money in all purchases;
3) Promotion of local content where possible without
compromising quality.
2) For major contracts above \[threshold amount\], the Authority
shall:
1) Use open competitive bidding;
2) Publish tender notices widely;
3) Disclose contract awards on its website.
8. Asset Management:
1) The Competent Authority shall:
1) Maintain a comprehensive asset register;
2) Conduct regular physical verifications of assets;
3) Implement an asset maintenance and replacement plan; and
4) Dispose of assets in a transparent manner, maximising
returns.
2) The Authority shall not dispose of any major asset without Board
approval and notification to the Minister.
9. Financial Accountability:
1) The Competent Authority shall be subject to:
1) Annual performance audits by the National Audit Office;
2) Periodic value-for-money audits;
3) Scrutiny by relevant parliamentary committees.
2) The Authority shall respond to all audit findings and
recommendations within 60 days, detailing corrective actions to
be taken.
10. Financial Regulations:
1) The Board shall issue detailed financial regulations covering:
1) Financial planning and budgeting processes;
2) Revenue collection and management;
3) Expenditure controls and authorisation levels;
4) Asset and liability management; and
5) Financial reporting requirements.
2) These regulations shall be:
1) Reviewed and updated at least every three years;
2) Made available to all staff;
3) Published on the Authority’s website for transparency.
## Final Provisions / Miscellaneous
### Review of Act
1. Review of initial Implementation:
1) The Minister shall:
1) Review the implementation of this Act after one year from
its commencement;
2) Present a report to Parliament on the progress of
implementation;
3) Make recommendations for any necessary amendments or
additional measures.
2) This review shall be made public and shall inform any subsequent
amendments to the Act or its regulations.
2. Periodic Review:
1) The Minister shall initiate a comprehensive review of this Act:
1) Within five years of its coming into force;
2) Subsequently, at intervals not exceeding seven years.
2) The review shall assess:
1) The effectiveness of the Act in achieving its objectives;
2) Any unintended consequences or adverse effects;
3) The need for amendments to address emerging issues or
challenges;
4) The Act’s alignment with international best practices and
obligations.
3. Review Committee:
1) The Minister shall appoint a Review Committee comprising:
1) An independent chairperson with legal expertise;
2) Representatives from relevant government departments;
3) Experts from academia and industry;
4) Representatives from civil society organisations.
2) The Committee shall:
1) Determine its own procedures;
2) Have the power to commission research and seek expert
advice;
3) Consult widely with stakeholders and the public; and
4) Submit a report to the Minister within 12 months of its
appointment.
4. Consultation Process:
1) The Review Committee shall conduct public consultations,
including:
1) Publishing a discussion paper outlining key issues;
2) Inviting written submissions from interested parties;
3) Holding public hearings in major cities;
4) Engaging with specific stakeholder groups through targeted
consultations.
2) All submissions and transcripts of hearings shall be made
publicly available, subject to confidentiality considerations.
5. Content of Review:
1) The review shall consider the following, but will not be limited
them:
1) The scope and coverage of regulated activities;
2) The powers and resources of the Competent Authority;
3) The effectiveness of enforcement mechanisms;
4) The adequacy of penalties and sanctions;
5) The impact on innovation and competitiveness;
6) The interaction with other relevant legislation;
7) International regulatory developments and their
implications.
6. Review Report:
1) The Review Committee’s report shall include:
1) A summary of the consultation process and key findings;
2) An assessment of the Act’s performance against its
objectives;
3) Recommendations for amendments or reforms;
4) A regulatory impact assessment of proposed changes; and
5) Minority views, if any, from Committee members.
2) The Minister shall:
1) Table the report in Parliament within 30 days of receiving
it;
2) Publish the report on the Ministry’s website; and
3) Provide a formal response to the report within six months.
7. Implementation of Recommendations:
1) Within 12 months of the report’s publication, the Minister
shall:
1) Develop an action plan for implementing accepted
recommendations;
2) Introduce any necessary amending legislation to Parliament;
and
3) Direct the Competent Authority to make any required changes
to regulations or procedures.
2) The Minister shall report annually to Parliament on the progress
of implementing the review’s recommendations until all accepted
recommendations have been addressed.
8. Interim Reviews:
1) Notwithstanding the periodic review, the Minister may initiate
targeted reviews of specific aspects of the Act at any time if:
1) Significant issues are identified through the Act’s
operation;
2) Rapid technological or market changes necessitate regulatory
adaptation;
3) International obligations require amendments to the Act.
2) Such interim reviews shall follow a similar process of
stakeholder consultation and public reporting as the
comprehensive review.
### Amendment of Act
1. Initiation of Amendments:
1) Amendments to this Act may be initiated by:
1) The Minister, based on recommendations from the periodic
review or other policy considerations;
2) The Competent Authority, in response to operational
challenges or emerging risks;
3) Members of Parliament, through private member’s bills;
4) Public petition, if supported by at least \[X\] signatures.
2) All proposed amendments shall be accompanied by:
1) A statement of objectives and reasons for the amendment;
2) A regulatory impact assessment; and
3) A report on stakeholder consultations conducted.
2. Consultation Process:
1) Before introducing any amendment bill to Parliament, the
Minister shall:
1) Publish the proposed amendments for public comment for at
least 60 days;
2) Hold public hearings in at least three major cities;
3) Consult with the Competent Authority and other relevant
government agencies;
4) Seek input from industry associations and consumer groups.
2) The Minister shall publish a report summarising:
1) All feedback received during the consultation;
2) How this feedback has been addressed in the final amendment
bill;
3) Reasons for not incorporating significant suggestions.
3. Parliamentary Procedure:
1) Amendment bills shall be introduced in Parliament and:
1) Referred to the relevant standing committee for detailed
examination;
2) Subject to at least two rounds of debate in both houses of
Parliament;
3) Passed by a simple majority, unless the amendment affects
fundamental rights or federal structure, in which case a
two-thirds majority is required.
2) The standing committee shall:
1) Invite expert testimony on the proposed amendments;
2) Consider written submissions from stakeholders;
3) Publish a report with its recommendations within 90 days.
4. Types of Amendments:
1) Substantive amendments that significantly alter the scope,
principles, or enforcement mechanisms of the Act shall:
1) Be introduced as separate amendment bills;
2) Be subject to the full consultation and parliamentary
process.
2) Minor or technical amendments may be:
1) Bundled into omnibus amendment bills;
2) Subject to an expedited process, if there is cross-party
consensus.
5. Emergency Amendments:
1) In cases of urgent public interest, the Minister may introduce
emergency amendments that:
1) Come into force immediately upon presidential assent;
2) Remain in force for no more than 180 days unless ratified by
Parliament.
2) Emergency amendments shall:
1) Be limited to addressing the specific urgent issue;
2) Be presented to Parliament within 30 days of coming into
force;
3) Be subject to ex-post stakeholder consultation and impact
assessment.
6. Consequential Amendments:
1) Where amendments to this Act necessitate changes to other
legislation, the amendment bill shall:
1) Include a schedule of all consequential amendments required;
and
2) Provide for transitional arrangements where necessary.
2) The Minister shall coordinate with other relevant ministries to
ensure consistency across affected legislation.
7. Post-Amendment Review:
1) The Competent Authority shall:
1) Review the implementation of significant amendments after 12
months;
2) Report to Parliament on the effectiveness of the amendments;
3) Recommend any further adjustments needed.
2) This review shall assess:
1) Whether the amendments have achieved their intended
objectives;
2) Any unintended consequences or implementation challenges;
3) The level of compliance and enforcement effectiveness.
### Entry into Force
1. Effective Date:
1) This Act shall come into force:
1) On \[specific date\]; or
2) 90 days after its publication in the Official Gazette,
whichever is later.
2) Different provisions of the Act may come into force on different
dates, as specified by the Minister through notifications in the
Official Gazette.
2. Preparatory Actions:
1) Upon enactment but before the effective date, the Minister may:
1) Appoint key personnel for the Competent Authority;
2) Allocate budgets and resources for implementation;
3) Draft necessary regulations and guidelines;
4) Establish required institutional structures.
2) These preparatory actions shall not create any rights or
obligations until the Act comes into force.
3. Public Notification:
1) The Minister shall ensure wide public awareness of the Act’s
entry into force through:
1) Public notices in national and regional newspapers;
2) Announcements on national television and radio;
3) A dedicated website providing information on the Act;
4) Direct communication to regulated entities and industry
associations.
2) Such notifications shall include:
1) The effective date(s) of various provisions;
2) Key obligations for different stakeholders; and
3) Contact information for queries and clarifications.
4. Implementing Regulations:
1) The Minister shall ensure that all essential implementing
regulations are:
1) Drafted and published for public comment at least 60 days
before the Act’s effective date;
and
2) Finalised and published at least 30 days before the effective date.
2) Where regulations are not ready by the effective date:
1) The relevant provisions of the Act shall remain inoperative;
2) The Minister shall report to Parliament explaining the delay and
providing a timeline for completion.
5. Review of Entry into Force:
1) The Competent Authority shall:
1) Monitor the implementation of the Act in its initial phase;
2) Report to the Minister within 6 months on any issues or
challenges encountered; and
3) Recommend any necessary adjustments to the implementation
timeline or approach.
2) The Minister shall present this report to Parliament and publish
it on the Ministry’s website.
### Transitional Provisions
1. Continuation of Existing Institutions:
1) The \[existing regulatory body\] shall continue to function
until the Competent Authority established under this Act is
fully operational.
2) All assets, liabilities, and staff of the existing body shall be
transferred to the new Authority on a date specified by the
Minister.
3) The transfer process shall be overseen by a Transition Committee
appointed by the Minister, which shall:
1) Conduct an audit of assets and liabilities;
2) Develop a staff transfer and integration plan; and
3) Ensure continuity of ongoing regulatory functions during the
transition.
2. Validity of Existing Regulations:
1) All regulations, orders, and guidelines issued under previous
legislation shall:
1) Remain in force to the extent they are consistent with this
Act;
2) Be deemed to have been issued under this Act; and
3) Be reviewed and updated within 18 months to ensure full
alignment with this Act.
2) Where inconsistencies exist, the provisions of this Act shall
prevail.
3. Licensing and Authorisation:
1) Existing licenses and authorisations shall:
1) Remain valid until their original expiry date;
2) Be subject to renewal under the provisions of this Act.
2) Holders of existing licenses shall:
1) Register with the Competent Authority within 90 days of the
Act’s effective date; and
2) Submit a compliance plan outlining how they will meet any
new requirements within 180 days.
3) The Competent Authority may grant temporary waivers, not
exceeding 12 months, for specific new requirements where
immediate compliance would cause undue hardship.
4. Pending Applications and Proceedings:
1) Applications for licenses or authorisations pending on the
effective date shall:
1) Be transferred to the Competent Authority for processing;
2) Be evaluated under the criteria of this Act;
3) Require additional information from applicants if necessary
to meet new criteria.
2) Ongoing investigations, enforcement actions, or legal
proceedings shall:
1) Continue under the previous legislation until concluded;
2) Be conducted by the Competent Authority, which shall assume
the role of the previous regulatory body.
5. Adaptation Period for New Requirements:
1) For new obligations introduced by this Act, regulated entities
shall have:
1) 6 months to comply with administrative and reporting
requirements.
2) 12 months to comply with new operational or technical
standards.
3) 24 months to comply with significant structural or systemic
changes.
2) The Competent Authority may grant extensions on a case-by-case
basis where justified by exceptional circumstances.
6. Grandfathering Provisions:
1) Certain existing facilities or practices may be exempted from
specific new requirements if:
1) They were lawfully established under previous legislation;
2) Immediate compliance would require unreasonable or
impractical modifications;
3) They do not pose an immediate risk to public safety or the
environment.
2) Such exemptions shall:
1) Be explicitly granted by the Competent Authority;
2) Be subject to periodic review, at least every 3 years; and
3) Include conditions for gradual adaptation to new standards
where feasible.
7. Transitional Funding:
1) The government shall provide additional funding to the Competent
Authority for:
1) Costs associated with the institutional transition;
2) Development of new systems and processes required by the
Act; and
3) Training and capacity building for staff and regulated
entities.
2) This transitional funding shall be:
1) Allocated for a period of 3 years;
2) Subject to annual review and adjustment based on
demonstrated needs;
3) Reported on separately in the Authority’s annual financial
statements.
8. Review of Transitional Arrangements:
1) The Minister shall appoint an independent expert to:
1) Review the implementation of transitional provisions after
18 months;
2) Assess any ongoing transitional challenges or unintended
consequences; and
3) Recommend any necessary adjustments to transitional
arrangements.
2) This review report shall be:
1) Submitted to Parliament;
2) Published on the Ministry’s website; and
3) Used to inform any necessary amendments to the Act or
regulations.
9. Transfer of Assets and Liabilities:
1) All assets, rights, and liabilities of the \[Previous Regulatory
Body\] shall be transferred to the Competent Authority
established under this Act.
2) A detailed inventory of transferred assets and liabilities shall
be prepared within 90 days of this Act coming into force.
10. Transfer of Personnel:
1) Staff employed by the \[Previous Regulatory Body\] shall:
1) Be transferred to the Competent Authority on terms not less
favorable than those they previously enjoyed;
2) Have their previous service counted as service with the
Competent Authority for purposes of pensions and other
benefits.
2) The Competent Authority may require transferred staff to undergo
additional training or qualification processes to meet new
regulatory standards.
11. Transitional Governance:
1) Until the Board of the Competent Authority is fully constituted
under this Act:
1) The existing board or governing body of the \[Previous
Regulatory Body\] shall continue to function.
2) The Minister may appoint an interim Chief Executive to
manage the transition.
2) The transitional governance arrangements shall not exceed 6
months from the date this Act comes into force.
12. Adaptation Period for New Requirements:
1) For new obligations introduced by this Act, regulated entities
shall have:
1) 6 months to comply with administrative and reporting
requirements;
2) 12 months to comply with new operational or technical
standards;
3) 24 months to comply with significant structural or systemic
changes.
2) The Competent Authority may grant extensions on a case-by-case
basis where justified by exceptional circumstances.
13. Transitional Regulations:
1) The Minister may make transitional regulations to:
1) Address any matters not sufficiently provided for in these
transitional provisions;
2) Resolve any difficulties arising in the transition to the
new regulatory regime;
3) Ensure the effective implementation of this Act during the
transitional period.
2) Such transitional regulations shall:
1) Be made within 12 months of this Act coming into force;
2) Be laid before Parliament within 14 days of being made;
3) Cease to have effect after 24 months unless confirmed by
Parliament.
14. Review of Transitional Arrangements:
1) The Minister shall appoint an independent expert to:
1) Review the implementation of transitional provisions after
18 months;
2) Assess any ongoing transitional challenges or unintended
consequences;
3) Recommend any necessary adjustments to transitional
arrangements or to the Act itself.
2) This review report shall be:
1) Submitted to Parliament;
2) Published on the Ministry’s website;
3) Used to inform any necessary amendments to the Act or
regulations.
15. Savings Clause:
1) Nothing in this Act shall be taken to invalidate:
1) Any action lawfully taken under the repealed \[Previous
Act\];
2) Any rights or liabilities accrued under the repealed Act;
3) Any legal proceedings commenced before the repeal of the
previous Act.
2) References in any other law or document to the repealed
\[Previous Act\] or the \[Previous Regulatory Body\] shall be
construed as references to this Act or the Competent Authority,
respectively, unless the context requires otherwise.
### Repeals and Consequential Amendments:
1. Repeal of Previous Legislation:
1) The \[Previous Act\] is hereby repealed in its entirety.
2) Any subsidiary legislation made under the repealed Act is also
repealed, except as provided for in the transitional provisions
of this Act.
2. Consequential Amendments:
1) The \[Related Act 1\] is amended as follows:
1) In Section X, replace “Previous Regulatory Body” with
“Competent Authority”;
2) Delete Section Y in its entirety;
3) In Section Z, insert the following new subsection: \[text of
new subsection\].
2) The \[Related Act 2\] is amended as follows:
1) In Section A, replace the definition of "regulated entity"
with the following: \[new definition\];
2) Amend Section B by adding the following paragraph: \[text of
new paragraph\].
3. References in Other Legislation:
1) Any reference in any other Act or subsidiary legislation to the
repealed \[Previous Act\] shall be construed as a reference to
this Act.
2) Any reference to the \[Previous Regulatory Body\] in any other
Act or subsidiary legislation shall be construed as a reference
to the Competent Authority established under this Act.
4. Preservation of Certain Regulations:
1) Notwithstanding the repeal of the \[Previous Act\], the
following regulations made under that Act shall continue in
force as if made under this Act:
1) \[Title of Regulation 1\];
2) \[Title of Regulation 2\];
3) \[Title of Regulation 3\].
2) These preserved regulations shall be reviewed and, if necessary,
amended within 12 months to ensure consistency with this Act.
5. Amendment of Schedules:
1) The Minister may, by order published in the Gazette, amend any
Schedule to this Act.
2) An order made under this section shall:
1) Be laid before Parliament within 14 days of publication;
2) Come into effect 30 days after being laid before Parliament,
unless Parliament resolves otherwise.
6. Power to Make Consequential and Transitional Regulations:
1) The Minister may make regulations:
1) To amend any enactment consequential to the coming into
force of this Act;
2) To provide for any transitional or saving provisions in
addition to, or in substitution for, the provisions in this
Part.
2) The power to make regulations under this section expires two
years after the commencement of this Act.
### Short Title and Commencement
1. Short Title:
This Act may be cited as the \[Title of Act\] Act, \[Year\].
2. Commencement:
1) This Act shall come into force on such date as the Minister may,
by notice in the Gazette, appoint.
2) Different provisions of this Act may be brought into force on
different dates.
3. Phased Implementation:
1) The Minister may, by order, provide for the phased
implementation of this Act, specifying:
1) Which provisions come into force at which times;
2) To which categories of regulated entities different
provisions apply and from when.
2) Any order for phased implementation shall:
1) Be laid before Parliament;
2) Be published on the Ministry’s website;
3) Provide clear timelines for full implementation of all
provisions.
4. Pre-commencement Actions:
1) The Minister may, before the commencement of any provision of
this Act:
1) Appoint persons to positions created by this Act;
2) Make regulations or issue guidelines necessary for the
implementation of this Act;
3) Take any other preparatory actions necessary for the smooth
commencement of this Act.
2) Any action taken under this subsection shall not take effect
until the relevant provision of the Act comes into force.
# MODULE 1 (CIVIL / ADMINISTRATIVE) PENALTIES
The provisions of this module may be used to supplement the provisions
of section 65 for both civil and administrative sanctions. The entire
module may also be inserted as a separate chapter after
Chapter K / Section 66. In some jurisdictions, the term “administrative
penalties” or “administrative sanctions” is more appropriate than “civil
penalties”. As always, adaptation to local traditions is required.
See also the extensive List of Sanctions and Accompanying Measures which
is soon to be published here.
### Generalities
1. Purpose of Civil Penalties:
1) Civil penalties serve to:
1) Deter non-compliance with regulatory requirements;
2) Provide a proportionate response to violations that do not
warrant criminal prosecution;
3) Promote swift resolution of regulatory breaches;
4) Recover economic benefits gained from non-compliance;
5) Compensate for harm caused to public interests.
2. Principles Guiding Civil Penalties:
1) Proportionality: Penalties should be commensurate with the
nature and severity of the violation;
2) Consistency: Similar violations should attract similar
penalties, subject to relevant circumstances;
3) Transparency: The basis for calculating penalties should be
clear and publicly available;
4) Fairness: Regulated entities should have the opportunity to
present their case before penalties are imposed;
5) Effectiveness: Penalties should be set at levels that ensure
deterrence and promote compliance;
6) Responsiveness: The penalty regime should be adaptable to
changing market conditions and emerging risks.
### Types of Civil Penalties
1. Monetary Penalties:
1) Fixed penalties for specific violations;
2) Variable penalties based on:
1) A percentage of the violator’s annual turnover;
2) The economic benefit derived from the violation;
3) The duration of the violation;
3) Per-day penalties for continuing violations;
4) Multipliers for repeat offenders.
2. Non-Monetary Penalties:
1) Mandatory corrective action orders;
2) Public naming and shaming;
3) Suspension or restriction of licenses or authorisations;
4) Mandatory participation in compliance training programs;
5) Implementation of enhanced compliance monitoring systems;
6) Disgorgement of profits derived from violations;
7) Exclusion from public procurement processes for a specified
period.
### Calculation of Monetary Penalties
1. Base Amount:
1) The Competent Authority shall establish a schedule of base
amounts for different types of violations, considering:
1) The nature of the violation;
2) The potential harm to public interests;
3) The regulated sector and typical entity size.
2. Adjustments:
1) The base amount may be adjusted based on:
1) The violator’s culpability (negligence, recklessness, or
intentional action);
2) History of previous violations;
3) Financial capacity of the violator;
4) The annual turn-over of the responsible legal entity or of
the group of legal entities to which the responsible legal
entity belongs\].
5) Cooperation with authorities during investigation;
6) Self-reporting of violations;
7) Remedial actions taken.
3. Economic Benefit:
1) The penalty shall include an amount equivalent to any economic
benefit derived from the violation, including:
1) Costs avoided by non-compliance;
2) Profits gained through illegal activities; and
3) Competitive advantage obtained over compliant entities.
4. Maximum Penalties:
1) For individuals: Up to \[X\] amount or \[Y\]% of annual income,
whichever is higher.
2) For legal entities: Up to \[Z\]% of annual global turnover of
the responsible legal entity or of the group of legal entities
to which the responsible legal entity belongs or \[W\] times the
benefit derived from the violation, whichever is higher.
### Procedures for Imposing Civil Penalties
1. Notice of Violation:
1) The Competent Authority shall issue a notice of violation
specifying:
1) The nature of the violation;
2) The evidence supporting the allegation;
3) The proposed penalty amount and calculation method; and
4) The right to make representations.
2. Representations:
1) The alleged violator shall have \[X\] days to submit written
representations;
2) Representations may include:
1) Challenges to the factual basis of the allegation;
2) Mitigating circumstances;
3) Evidence of compliance efforts;
4) Financial information relevant to penalty calculation.
3. Determination:
1) The Competent Authority shall consider all representations
before making a final determination.
2) The final determination shall be communicated in writing,
including:
1) The facts found;
2) The legal basis for the penalty;
3) The final penalty amount and calculation; and
4) Payment terms and appeal rights.
4. Settlement Procedures:
1) The Competent Authority may establish procedures for the
settlement of cases, allowing entities to:
1) Admit to violations and accept a reduced penalty;
2) Agree to specific compliance measures;
3) Avoid formal enforcement proceedings.
2) Settlement agreements shall:
1) Be in writing and signed by both parties;
2) Specify the violations admitted and penalties accepted;
3) Include a compliance plan with clear deadlines;
4) Be made public, subject to redaction of confidential
information.
### Enforcement and Collection
1. Payment Terms:
1) Penalties shall be payable within \[X\] days of the final
determination;
2) The Competent Authority may allow payment in installments for
penalties exceeding \[Y\] amount.
2. Late Payment:
1) Interest shall accrue on unpaid penalties at \[Z\]% per annum;
2) Additional administrative charges may be imposed for late
payment.
3. Enforcement Measures:
1) The Competent Authority may:
1) Register the penalty as a judgment debt;
2) Seize assets to satisfy the penalty;
3) Suspend or revoke licenses until payment is made;
4) Publish the names of entities with unpaid penalties.
### Appeals
1. Right of Appeal:
1) Any person aggrieved by a civil penalty may appeal to the
\[Regulatory Appeals Tribunal\] within \[X\] days of the final
determination.
2. Grounds for Appeal:
1) Appeals may be made on grounds of:
1) Error of law;
2) Error of fact;
3) Procedural impropriety;
4) Unreasonableness of the penalty amount.
3. Effect of Appeal:
1) The filing of an appeal shall not automatically stay the
obligation to pay the penalty;
2) The appellant may apply to the Tribunal for a stay of payment
pending the appeal outcome.
4. Powers of the Tribunal:
1) The Tribunal may:
1) Affirm, vary, or set aside the penalty;
2) Remit the matter to the Competent Authority for
reconsideration;
3) Substitute its own decision for that of the Authority.
### Transparency and Reporting
1. Public Register:
1) The Competent Authority shall maintain a public register of
civil penalties imposed, including:
1) The name of the violator;
2) The nature of the violation;
3) The penalty amount;
4) The date of imposition; and
5) The status of payment or appeal.
2. Annual Report:
1) The Competent Authority shall publish an annual report on civil
penalties, including:
1) Statistics on penalties imposed and collected;
2) Analysis of trends in compliance and enforcement;
3) Information on the use of settlement procedures; and
4) Recommendations for improving the civil penalty regime.