bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

paywallTypes

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

SCMP Reporter

The government often boasts of Hong Kong's high e-readiness with supporting statistics such as our high internet penetration rate compared to other Asian information technology communities. 
But if Hong Kong is really e-ready, why is e-commerce so unpopular here?
There are many  reasons but a principal one is the failure of Hong Kong's IT law - the Electronic Transactions Ordinance  (ETO) - to adopt a comprehensive cross-border recognition scheme of foreign certification authorities (CAs) and the e-certs which they issue.
Under the ETO, a digital signature is only recognised if it is supported by a certificate issued by CAs recognised under the ETO.  At present, there are three recognised CAs in Hong Kong: the Postmaster General,  Tradelink Electronic Commerce   and Jetco.  E-certs issued by them, subject to compliance with specified ETO rules, are recognised here.
As many e-commerce transactions of Hong Kong's traders are by their nature conducted on a cross-border basis, it should come as no surprise that Hong Kong's local CA recognition scheme has not been well received because of its limited practical application.
When the ETO was enacted, the government aptly recognised the need to address the e-security aspects of e-commerce as a crucial factor in promoting such activities.  
The CA framework created in the ETO only deals with e-security of Hong Kong e-transactions; it fails to recognise e-certs issued by foreign CAs and fails to arrange for the reciprocal recognition of e-certs issued by locally recognised CAs.
This list gives a taste of the steps taken by our Asian competitors towards implementing mutual cross-border CA recognition schemes, demonstrating that Hong Kong is falling behind:
?

Taiwan A certificate issued by a CA organised or registered pursuant to foreign law enjoys equivalent status to that issued by a domestic CA, provided the foreign CA has obtained approval from the Ministry of Economic Affairs.
Korea The revised Electronic Signature Act 1999 provides that foreign certificates issued by foreign CAs are able to receive accreditation.
Singapore The Minister of Finance may by regulations provide that the Controller of CAs may recognise CAs outside Singapore if they satisfy the prescribed requirements for certain purposes, including the recommended reliance limit, if any, specified in a certificate issued by the CA.
Malaysia Similar provisions as those of Singapore are provided under the Digital Signature Act 1997 for the Controller of CAs to recognise foreign CAs on similar grounds.
Hong Kong It remains unclear whether certificates issued by foreign CAs are recognised in Hong Kong. 

The need to establish a comprehensive mutual recognition scheme for international CA services requires no explanation.  But it is by no means an easy task. Regulatory regimes in different jurisdictions vary. Some jurisdictions, such as Malaysia, have put in place a mandatory CA recognition scheme. 
Others, such as the United States, Canada and Hong Kong, do not impose such mandatory recognition requirements.
 Only limited and piecemeal efforts have been made by the government and certain locally recognised CAs on cross-border CA co-operation.  
Examples of these are the government's participation in the Asia-Pacific Economic Co-operation forum to enhance interoperability of international CA services, negotiation by the Postmaster General with Hong Kong's major trading partners (such as Britain, Malaysia and Singapore) to seek co-operation with their CAs and acceptance of Tradelink's digital certificates by US Customs as a valid means to authenticate the Hong Kong exporters' identities. 
What we do not see but do require with real urgency is a comprehensive strategy and implementation plan to achieve a mutual cross-border CA recognition scheme at least with our major trading partners. 
This will  help Hong Kong - a cross-border business  venue for excellence - to capitalise on the enormous business opportunities brought about by e-commerce, which is now a vital part of our daily business and personal activities.
Angus Forsyth and Yvonne Chia are Partners of the IT Practice Group, Stevenson, Wong & Co. www.sw-HongKong.com.



Urgent need for mutual cross-border certification recognition