E-Government Survey 2020

Digital Government in the Decade of Action for Sustainable Development

Download the publication here

The year 2020 witnessed a transformational change in global development as the United Nations Secretary-General António Guterres called on Member States and other stakeholders to “kickstart a decade of delivery and action for people and planet”, given the short time left to achieve the 2030 Agenda for Sustainable Development.By surveying and studying broad patterns of digital government around the world, the United Nations E-Government Survey assesses the digital government development of the 193 United Nations Member States in identifying their strengths, challenges and opportunities, as well as informing policies and strategies. The Survey supports countries’ efforts to provide effective, accountable and inclusive digital services to all and to bridge the digital divides in fulfilling the principle of leaving no one behind. Since its inception in 2001 by the United Nations Department of Economic and Social Affairs, the Survey has become an indispensable ranking, mapping and measuring development tool for digital ministers, policymakers and analysts delving into comparative analysis and contemporary research on e-government. The launch of this Survey is also taking place during unprecedented time of the COVID-19 pandemic. While the pandemic has reinvigorated the role of e-government, both in its conventional delivery of digital services as well as new innovative efforts in managing the crisis, it has also brought challenges and multiple forms of digital divides to the fore, especially among the poorest and the most vulnerable groups. 

Source: https://publicadministration.un.org/egovkb/en-us/Reports/UN-E-Government-Survey-2020

Foreign Minister outlines Sri Lanka’s Digital Responses to COVID -19

Pic 2Visionary political leadership of President Gotabaya Rajapaksa and the effective use of technology in a whole – of – government approach has enabled Sri Lanka to control the COVID-19 and a wide range of pandemic related issues – said Foreign Minister Dinesh Gunawardena addressing the Virtual Ministerial Conference on ‘Close the Digital Divides: the Digital Response to COVID-19’.
The Conference jointly organized by Estonia and Singapore on 1 July 2020 was attended by Ministers and representatives from over 60 countries.
Foreign Minister Gunawardena also briefed the Conference on the digital solutions introduced by Sri Lanka during the COVID-19 period, including ‘Contact Sri Lanka Portal’ set-up by the Ministry of Foreign Relations along with the Information and Communication Technology Agency (ICTA), to respond to the requests from overseas Sri Lankans. He thanked the private sector partners for their contribution during these challenging times.
Observing the increasing role of digital technology in a post- COVID-19 world, Minister Gunawardenacalled for collective action of all nations to address cyber security challenges as well as to share the best practices and technologies with resource constrained countries. Sri Lanka endorsed the “Global Declaration on the Digital Response to COVID-19”, that was adopted at the Virtual Ministerial Conference.
The Declaration is available at :


Ministry of Foreign Relations Colombo 3 July 2020 Full statement of Minister Gunawardena Could be downloaded via:


Startups and Freelancers Register Now

To all startups and freelancers out there !!!
We invite you to join us in our mission to transform Sri Lanka through technology and entrepreneurship. StartupSL will serve as the single platform for startups and freelancers to interact with Government and Regulatory Institutions for all business needs and information exchange among various stakeholders.
So, if you haven’t registered already, please visit www.startupsl.lk and get listed today to avail the benefits of being with us!
Visit website button

SLT, Mobitel, Dialog and Hutch to offer free access to Secure and fully featured video conferencing for the Government of Sri Lanka

Sri Lanka’s telecommunication giants SLT, Dialog, Mobiteland Hutch agree to whitelist the  video  conferencing  platform  introduced  for  the  public  sector  of  Sri  Lanka  by  the information and communication technology agency of Sri Lanka meet.gov.lk
To ensure the reduction of the spread of the deadly virus COVID-19 the Government of Sri   Lanka   instructed   both   the   public   and   private   sector   to   work   from   home.

To facilitate this initiative the Information and Communication technology agency of Sri Lanka introduced Meet.gov.lk. for government organizations.This open source license free video conferencing platform has been already adopted by 120  government  organizations  and  is  widely  used  to  connect  large  numbers  of participants to conduct meetings live

Visit website button

ICTA video

Work from Home (WFH) Security Considerations

The Government of Sri Lanka has issued a circular requesting all Government Departments and associated Government Agencies to work from home in order to minimize physical contact at work places in order to mitigate the impact from the Corona pandemic in the country. However, there are some important factors that needs to be taken into consideration when working from home, such as taking reasonable security measures to protect the confidentiality and integrity of data.


Read More

National Certification Authority (NCA) of Sri Lanka

The Root CA of National Certification Authority is the highest level Certification Authority in Sri Lanka.

The Public Key Infrastructure (PKI) enables users to achieve transaction confidentiality, integrity authentication and non-repudiation using cryptography technology. The issue of digital certificates is to be performed by authorized third-party certificate service providers (CSPs), as per the provisions of the Electronic Transactions Act No. 19 of 2006 (as Amended).

The National Certification Authority (NCA) is the overall governance as well as the standard setting entity required for the smooth and effective functioning of Certification Service Providers (CSPs). The electronic transactions act no. 19 of 2006 grants authority for a nationally recognized body to perform the function of the NCA.

Pursuant to Gazette Extraordinary, 2147/58, dated 30th October 2019, Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) has been designated as the Certification Authority under section 18 of the above Act to perform the functions of the NCA.

Visit website button

The mobile app - "MyHealth Sri Lanka"

MyHealth Sri Lanka Mobile App Launched by the Ministry of Health, Nutrition and Indigenous Medicine together with the Information and Communication Technology Agency (ICTA) of Sri Lanka

[Colombo, Sri Lanka] – Ministry of Health, Nutrition and Indigenous Medicine together with the Information and Communication Technology Agency (ICTA) of Sri Lanka, the apex ICT institution in the country has developed an application to inform, engage and react to the deadly spread of the New Coronavirus also known as Covid-19 under the instructions of his excellency the President Gotabhaya Rajapakse. This is in the wake of a global pandemic reaching the shores of Sri Lanka and with the steadily rising number of infected citizens, the need for a robust mobile application was felt.

Representatives from both organizations including volunteers from the private sector worked tirelessly to ensure that through this app citizens will have access to a news feed that shares verified information on the current MyHealth Sri Lanka mobile app populated by data shared by medical authorities. Once downloaded through either the Google PlayStore, Huawei Appstore store and Apple app store, citizens will be prompted to record their location at the time of using the application. The application locally maps the trail of the mobile app user's locations traveled so that in an unfortunate event of the app user being infected with the virus, they can disclose the stored location history information with the authorities to protect their family and friends who they have associated with, in the last 14-days. All recorded location data are kept securely within the mobile, and will not be transmitted to any external systems without the consent of the mobile app user. If you have crossed paths with an infected individual, you have the option to self-register with the national disease surveillance system.

covid 19 4

Sri Lanka becomes the first Country in South Asia to adopt an international standard for digital transactions


Sri Lanka becomes the first Country in South Asia to adopt an international standard for digital transactions

Sri Lanka’s National Digital Certificate Authority Key Ceremony Successfully Completed
- National Certification Authority Task Force

With the rapid deployment of Digital services and expansion of e-government initiatives to deliver citizen services in the country, electronic transactions in Sri Lanka will grow substantially in the near future. This increases the probability of identity theft, financial fraud and other security breaches. Therefore, the requirement to authenticate citizens as well as organizations involved in digital transactions becomes pivotal.

To address this requirement, it is essential for a Country to establish a national framework which defines legal, administrative and technical regulations for granting, managing and enforcing the use of digital certificates to establish the identities of citizens and organizations in the digital space to minimize fraud.

The Electronic Transactions Act No, 19 of 2006, amended by Act No. 25 of 2017, provides the legal basis for a national framework, with legal recognition for Electronic Signatures, including Digital certificates. From a legal perspective Digital Certificates have ensured that there is a mechanism to reliably and securely prove the origin, receipt and integrity of information and also to identify the parties involved in a digital transaction. The use of Digital Certificates also enables users to achieve transaction confidentiality and integrity using the public key cryptosystem and the hash function. The issue of digital certificates is done by certified third-party certificate service providers (CSPs).

The National Certification Authority (NCA) is the overall governance as well as the standard setting entity required for the smooth and effective functioning of Certification Service Providers (CSPs). Chapter IV of the Electronic Transactions Act No. 19 of 2006 grants authority for a recognized body to perform the function of the NCA and to establish an NCA task force to manage and administer the Certification Authority, having regard to the qualifications and experience as well as the need to represent relevant stakeholders, with the objective of ensuring its proper administration

The NCA Task Force was first established in 2011 jointly by ICT Agency of Sri Lanka (ICTA) and Central Bank of Sri Lanka (CBSL), with ICTA’s Legal Advisor Jayantha Fernando CBSL Asst. Governor, Janakie Mampitiya as Co-Chairs. The ICTA was designated to perform NCA functions on 24th September 2013 by Gazette Extraordinary 2147/58 made under Section 18 of the Electronic Transactions Act, while NCA operational functions were performed by Sri Lanka CERT. Part of the equipment for this purpose was also procured by ICTA under the “e-Sri Lanka Development Program”.

The Electronic Transactions (Amendment) Act No. 25 of 2017 further modernized Sri Lanka’s legal digital transactions framework by giving effect to Sri Lanka’s ratification of the UN Electronic Communications Convention. Further this Amendment broadened the scope of application of Electronic Signatures, provided for licensing and authorizing of CSPs while separating the NCA Task Force with the operations of NCA.

Pursuant to Gazette Extraordinary, 2147/58, dated 30th October 2019, Sri Lanka CERT was designated as the Certification Authority under section 18 of the above Act to perform the functions of the NCA.

The key ceremony, a formal function to generate the Root certificate of the NCA, was held on 14th February 2020 and was carried out by the staff of Sri Lanka CERT. This was a major milestone in the annuls of Digital transactions in Sri Lanka. The Root Certificate facilitates secure digital transactions not only within Sri Lanka but also internationally with other countries. In order to enhance the operations of NCA as well as to ensure that digital certificates issued by the Sri Lankan NCA are recognized internationally, including web browser vendors (Browser forum), the objective of the NCA is to be “WebTrust standard” certified. Thus, Sri Lanka would become the first Country in South Asia to adopt an international standard in this domain.

The simple but formal key generation ceremony was inaugurated by Mr. Jayantha Fernando, Co-Chair of National Certification Authority (NCA) Task Force. Fernando is Board Director of Sri Lanka CERT and Legal Advisor, ICTA. A detailed presentation on the operations NCA and the Key generation ceremony was given by Mr. Rohana Palliyaguru, Director-Operations of Sri Lanka CERT. This was followed by the Key Generation ceremony which was carried out step by step by the staff of Sri Lanka CERT, in the presence of WebTrust Auditors.

The ceremony was attended by the Task Force Co-Chair, R. A. A. Jayalath (Asst. Governor, Central Bank) and Task Force Members, Rohan Seneviratne (DGM, CEB), Waruna Sri Dhanapala (Additional Secretary Digital Infrastructure & Information Technology, Ministry of Defence), Channa De Silva (CEO Lanka Clear), Mrs. S.G.A.R.K.R. Seneviratne (Additional Secretary Technical, MOD) and Lal Dias (CEO, Sri Lanka CERT). In addition, a number of other dignitaries including Rohan Fernando (Chairman, SLT), Oshada Senanayake (DG, TRCSL) and Mahinda Herath, ICTA CEO attended this formal ceremony.

Seeds for the Future Programme 2019

Huawei, one of the leading global provider of Information and Communications Technology (ICT) infrastructure and smart devices, recently sponsored the fourth batch of top ICT undergraduates studying at local universities of Sri Lanka, providing them with an opportunity to study and gain work experience at Huawei’s headquarters in China, under their global CSR flagship program Seeds for the Future. A graduation ceremony to show appreciation for the students that participated in the program was held recently at the Huawei CIS, Colombo.

The 2019 batch of Sri Lankan students that participated in Huawei’s Seeds for the Future CSR program travelled to China where they spent two weeks from the 30th of November to the 14th of December. The students gained a clear understanding of how cutting edge technologies such as 5G, LTE and cloud computing work, whilst getting a hands-on experience in such technologies through most advanced laboratories.

This year, Anura Dissanayake, Secretary to Ministry of Higher Education, Technology and Innovations, Liang Yi, CEO – Huawei Sri Lanka, Yang Zuoyuan Counsellor, Economic and Commercial Office of the Embassy of China in Sri Lanka, and Officials from Ministry of Information & Communication Technology participated at the Graduation Ceremony

These students were rewarded at the graduation ceremony for the engagement that they displayed throughout this ICT and cultural education trip to China. The program agenda included studying ICT technologies, operating equipment in labs, studying Huawei's corporate culture and management experience, visiting Huawei's exhibition halls and campuses, learning about Chinese culture, and visiting local historical scenic spots.

Originally launched in Sri Lanka in 2016, together with Government of Sri Lanka, the Huawei Sri Lanka Representative Office fully sponsors 10 Sri Lankan University students to China for an ICT and culture trip once a year through the Huawei Seeds for the Future program. With a MoU signed at Huawei Headquarters with the Sri Lankan Government in 2016, Huawei contributes immensely to boost Sri Lanka to a digitally empowered nation.


Ministry of Digital Infrastructure and Information Technology


Data Protection Legislation finalized by Ministry of Digital Infrastructure and Information Technology

The Personal Data Protection Legislation, defining measures to protect personal data of individuals held by banks, telecom operators, hospitals and other personal data aggregating and processing entities, has now been finalized by the Ministry of Digital Infrastructure and Information Technology. The final draft of the Bill, prepared by the Legal Draftsman Department and the Data Protection Drafting Committee of the Ministry, will be released through the website by the Ministry of Digital Infrastructure and Information Technology this week.

The drafting of the Legislation was initiated by Hon. Ajith P. Perera, Minister of Digital Infrastructure and Information Technology on 5th February 2019. This latest version released, is based on modifications done to the previously released Data Protection Framework, published by the Ministry on 12th June 2019. However, substantial modifications were made to the said Framework, based on consultations held with key stakeholders as well as feedback received from them.

The Legislation will be implemented in stages. The entire Bill will come into operation within a period three (03) years from the date the Speaker certifies the Bill. This would provide sufficient time for Government and private sector to take adequate steps to implement this legislation. The Data Protection authority is required to be established within 18 months.

Several obligations have been imposed by this legislation on those who collect and process personal data (“Controllers” and “Processors”) and whole new set of rights have been given to citizens under this new legislation, which are known as “Rights of data subjects”.

For instance, personal data could be collected only for a specified purpose and not for any other purpose that is incompatible with the said purposes. However, processing data in public interest, scientific or historical research will not be considered incompatible. Personal Data has to be processed in a manner to ensure appropriate security, including protection against accidental loss, destruction or damage.

Data subject (individuals) will have the right to withdraw his or her consent given to Controllers and will also have the right to rectify the data without undue delay. Further, the Data Subjects have been given the right to object to processing of their data. These rights of data subject can be exercised directly by the individuals with the Controller, who are required to respond within a defined time period and is obliged to give reasons for refusing to meet the request or reasons why the Controller would refrain from further processing the said data. The individual has a right of appeal against the decision of Controller to the Data Protection Authority.

Although the original Framework had provisions for the mandatory registration of Controllers, this requirement has been removed in the latest version. Instead, the Drafting Committee has deliberated and introduced specific and comprehensive transparency and accountability obligations on Controllers. The accountability obligations would require the Controllers to implement internal controls and procedures, known as a “Data Protection management Program”, in order to demonstrate how it implements the data protections obligations imposed under the Act.

The Legislation also prohibits Controllers who process personal data from sending unsolicited messages, unless the individuals have given express consent. Provisions have also been included to deal with relationships between controllers and third parties who process personal data on their behalf.

Importantly, administrative penalties have been introduced with a ceiling instead of fines calculated on the global turnover of the controllers.

The drafting Committee had also taken into account international best practices, such as the OECD Privacy Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, EU General Data Protection Regulation and laws enacted in other jurisdictions such as United Kingdom, Singapore, Australia and Mauritius, Laws enacted in the State of California as well as the Indian Bill, when formulating the said draft Legislation.

The Ministry of Digital Infrastructure and Information Technology, in partnership with other entities, conducted two rounds of stakeholder discussions. In addition, targeted group discussions were held with other stakeholder communities, including Bank Chief Information Officers, Health Informatics Unit of the Ministry of Health and representatives of the Right to Information Commission. In addition, the proposed legal framework was reviewed by an Independent Review Panel led by Hon. K. T. Chithrasiri, former Justice of the Supreme Court of Sri Lanka and Prof. Savithri Goonesekera.

The Data Protection Drafting Committee was led by Jayantha Fernando (Chair/ Convenor), and comprised Yamuna Ranawana and Thushari Vitharana (Legal Draftsman’s Dept), Kanchana Ambahawita & Niluka Herath (Central Bank of Sri Lanka), Sunali Jayasuriya (ICTA), Sanduni Wickramasinghe (Mobitel), Trinesh Fernando and Shenuka Jayalath (Dialog PLC).

24th September 2019

Data protection Bill 2019-10-03 -Amended - FINAL - Click here