Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

4. Results: Answers
How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)

Answer ... (a) Internet (e-commerce)

The E-signature and E-transactions Law sets out the legal framework for transactions carried out through electronic means. The Electronic Payment Services Regulation governs the electronic transfer of money. Electronic payment service providers must be licensed by the Central Bank of Iraq (CBI).

Every payment service provider must take steps, among other things, to:

  • provide safe services to customers;
  • take the necessary risk mitigation measures;
  • store and protect data against disclosure, destruction, misuse, loss and theft;
  • facilitate the CBI’s access to its systems for supervision purposes; and
  • maintain secrecy in banking transactions.

Electronic documents and contracts have the same probative value as paper documents and contracts, provided that, among other things:

  • they are stored with a possibility of retrieval;
  • they are kept in the same form as created, sent or received, or in any way that facilitates the verification of the accuracy of the information; and
  • the sender, receiver and date and time of sending and receipt of such electronic documents and contracts are all identifiable.

Specific legal issues associated with e-commerce in Iraq include the absence of specific data protection and cybersecurity legislation. Iraq has prepared draft laws on cybercrimes and telecommunications and information technology, but these drafts have not yet been enacted.

(b) Mobile (m-commerce)

Mobile commerce is governed by the same legislation and regulation applicable to e-commerce (see question 3.1(a)).

Mobile payment service providers are bound by the same obligations as payment service providers and must further undertake the following actions, among other things:

  • entering into contracts with mobile operators and providing copies thereof to the CBI; and
  • settling payments in Iraq in the national currency.

Specific legal issues associated with m-commerce in Iraq include the absence of specific data protection and cybersecurity legislation. Iraq has prepared draft laws on cybercrimes and telecommunications and information technology, but these drafts have not yet been enacted.

(c) Big data (mining)

There are no specific big data-related regulations in the fintech space in Iraq.

(d) Cloud computing

CBI Decision 14/611 of 2019 sets out certain criteria to be implemented by banks, financial institutions, payment service providers, exchange counters and other licensed institutions when dealing with cloud computing service providers. Upon engaging in such activities, these institutions must take into account operational risks and factors such as confidentiality, integrity, cybersecurity, regulatory compliance and data transfer. The measures to be implemented by banks, financial institutions and other licensed institutions to ensure the safety of the operations include:

  • user identity management systems;
  • identification and protection of personal data; and
  • security and protection systems that prevent hacks and attacks.

The legal issues associated with outsourcing to cloud computing service providers include cybersecurity risks and protection of personal data by cloud computing service providers. In order to mitigate such risks, banks must have the cloud computing service provider sign a non-disclosure agreement. Banks must further ensure that they have the right to audit the cloud computing service provider, to verify its ability to protect the safety and integrity of data. Banks much ensure that the cloud computing service provider returns all data upon termination of the agreement and destroys any copies thereof in its possession.

(e) Artificial intelligence

Artificial intelligence is not expressly regulated under Iraqi law.

(f) Distributed ledger technology (Blockchain, cryptocurrencies)

Blockchain and cryptocurrencies are not expressly regulated in Iraq.

For more information about this answer please contact: Lama Abou Ali from Aljad Law