- August 9, 2017
- Posted by: secretariat
- Category: ICTAU Updates
Hon. Frank K. Tumwebaze, MP
Minister of ICT & National Guidance
ICT House
Plot 10/12, Parliamentary Avenue
P.O Box 7817, Kampala – Uganda
August 09th, 2017
Dear Sir,
RE: Concerns from the Information & Communications Technology Association Uganda on the National Information Technology Authority, Uganda (Certification of Providers of Information Technology Products and Services) Regulations, 2016
We thank you for the continued efforts in coordinating, promoting and monitoring Information Technology developments in Uganda in the context of National Social and Economic development. Your efforts to enhance efficiency and effectiveness of service delivery to the citizens of Uganda through ICT innovations and service delivery are greatly appreciated by ICTAU.
In November 2016, the government of Uganda passed an act “The National Information Technology Authority, Uganda (Certification of Providers of Information Technology Products and Services) Regulations, 2016”.
NITA as the chief architects of this act and as the authority mandated by government to implement this ACT, we, the members of the ICTAU do hereby formally present our concerns with this ACT.
It is our overall concern that the act blatantly ignored grave concerns which the industry expressed both publicly and privately. In its current form, the ACT does not protect local companies, in fact, it makes it harder for local companies to compete for tenders or even thrive in the local market. If the overall mission of the government is to improve ICT industries and grow job-creating companies, this ACT does the opposite. It puts a stranglehold of regulation on young and emerging companies, struggling to grow and compete against well-funded international players in the space. Instead of it being an incentive to bid, it is a barrier to industry growth.
We formally request earnest dialog with the NITA and the ministry to address our concerns before any further negative impact to the industry. The current regulations, as written, are unnecessarily cumbersome, opaque, and complicated for reasons we would like explained:
- Under Schedule 2, sub-regulation 2a allows COMTEL to operate here and thus a conflict of interest.
I. What was the selection criteria through which COMTEL won the bid?
- How was it arrived and agreed on to hand them certification rights in competitive business with those it will be certifying.
- The ACT doesn’t clarify if there’s a fixed period of time after which this bid expires and new bidding process initiated?
- The ACT doesn’t clarify the eligibility criteria for a company to bid.
II. The ACT does not stipulate any objectives and thus hard to measure its effectiveness in the long run. Of what value add is the ACT to the industry in Uganda? For instance building the ICT Industry in Uganda and eliminate briefcase companies and promote startups.
III. The ACT in Schedule 2 Part I defines the criteria a person providing information technology products and services shall fulfill, this criteria though is so stringent for startups. There’s need for a criteria for startups to be drafted else the ACT frustrates new entrants and the growth of existing innovators in the industry which limits the overall growth of the industry.
IV. The enacted regulations don’t provide any protection or benefits to local companies over the foreign competitor companies.
- Schedule 2 part II sub regulation 1 classifies who the providers of information technology products and services are, it however doesn’t highlight whether internationally renowned companies like Microsoft, IBM, Apple etc. are required to be certified by NITA-U?
- Should agents/vendors/ manufacturers be certified too?
V. What happens when the company changes hands, ownership, management, way of doing business etc.?
- Does the certificate expire, or does the company re-apply for a new certificate or is the certificate transferable?
VI. If an application for certification has been denied, why would it take 30 days for one to receive response from NITA-U regarding the reasons for denial?
VII. It assumed by the time the application is rejected the reasons for rejection are readily available so why 30 days to provide feedback?
Application fees?
- Is it refundable or non-refundable? And if refundable which fee is refundable?
- The one to NITA-U or COMTEL or both?
VIII. We understand that around 190 companies have already been certified by NITA-U.
- Are there any international standards or industry best practice being used as a basis and can the authority share more details with ICTAU on theses? (It’s been proven that evidence-based policies are good in order to avoid mistakes of the past).
IX. There is need to look into details of the requirements/guidelines for certification to cater for all IT stakeholders. We need guidelines that are community driven not to destroy innovation but to also eliminate fraudsters and “briefcase companies”.
ICTAU Propositions:
During the draft and passing of the ACT, there was no formalized consultation with active stakeholders in the industry. At an event at Hive Colab in October 2016, the minister of ICT stated that “If the act is not favorable to the ICT industry, I will not push it” referring to this same ACT and here we are the ACT enacted. It’s on this basis that we propose NITA and the ministry to put the following propositions into consideration.
i. COMTEL should cease to be the certifying body UNLESS they reclassify and stop providing IT products and services as part of their business. Or NITA-U should build internal capacity and do the certification itself.
- If we borrow a leaf from other government authorities and ministries, allowing a third-party private sector player to collect fees breaks with other government norms for usage and collection of fees. For instance:
-Applying and paying for your passport isn’t handled by a third-party, it is handled by Ministry
-URA collects all taxes due, not a third-party
-As an example, fees due from traffic violations are paid to police, not a third-party private sector company
ii. The process of assigning COMTEL as the certification company did not go through an open-bidding process.
-Who certified COMTEL, as qualified to certify companies it competes against? We suggest that certification only be carried out by a nonparticipating agent, preferably an association to which all certified agencies belong to. E.g. all tax
iii. As secondary control measure, ICTAU membership should be mandatory for foreign players to be registered and for application of certain government tenders by both local and international companies. ICTAU membership in itself will signify one has the minimum requirements to run as a business as this is part of the objectives and goals of ICTAU. ICTAU membership certifies that applicants have, at a minimum:
- Registered with URA having received a proper TIN, and receive tax in good standing letter from URA.
- Received a trading license from KCCA and paid appropriate fees.
- Registered with URSB.
iv. The application fee paid by companies seeking certification isn’t in anyway going back into the industry to improve it.
- Fees should be collected by nonpartisan, non-commercial entity.
- Fees should be reserved for investment back into the ICT industry as a whole to:
-Support and invest in both government and private sector hubs.
-Invest in domestic ICT curriculum at university level to increase number of skilled next-generation knowledge economy workers.
-Promote migration of all government entities to the use of e-government for service delivery where applicable.
-Setup and implement a program where certain contracts and works are ring fenced for local contractors with terms set to support their growth.
We look forward to having formal consultative and knowledge sharing meeting(s) in this regard to forge ways on having an ACT geared at a knowledge-based, globally competitive Uganda where social transformation and economic development is supported through Information Technology enabled service.
Signed,
ICTAU Membership
cc. Executive Director NITAU
cc. Board Members ICTAU