Preface       List of Services       Iran e-Commerce Report       Contact Us      

Preface

Based on article 80 and article 86 of e-Commerce law -adopted in 2003- and resolution adopted by Cabinet of Ministers at a meeting dated 8/26/2009 and according to the joint proposal of the former Ministry of Commerce and the former department of management development and Human Resources of the president, The Statute of Iran Center for e-Commerce Development (ICeCD) was approved.

Accordingly, the establishment, implementation and development of e-commerce in the country, using national and international instruments and standards, in accordance with Iranian and Islamic culture and supporting the activities of e-commerce, and promoting the level of application of information and communication technology in economics and commerce, have been assigned to ICeCD.

Currently, ICeCD is responsible for implementation and development of five national systems, including Public e-Procurement System, Comprehensive e-commerce system, eTrust Seal (eNAMAD), Root Certification Authority (GRCA) and General Governmental Intermediate Certification Authority (GICA).

Islamic Republic of IRAN Public Key Infrastructure

The I.R.IRAN Public Key Infrastructure (IRPKI) was established in 2007 in accordance with the Electronic Commerce Law of the Islamic Republic of IRAN (approved on January 7, 2004) and Executive Regulation of Article 32 of this law (approved on October 22, 2007). Accordingly, PKI in IRAN has a hierarchical structure with four main entities as shown below:

blog post

As shown in the diagram above, the IRPKI contains two hierarchical models: G2 and G3. G2 structure is compatible with SHA1 hash function, and can be used in hardware and software that support this hash function. G3 structure is compatible with SHA256 hash function and is used for higher level of security.

The main entities of IRPKI are described below:

I.R.IRAN Digital Certificate Policy Council:

I.R.IRAN Digital Certificate Policy Council, hereinafter 'the Council", is the Policy Authority of the PKI in IRAN. This is an inter-organizational council established to protect the integration and prevent the breakdown of solutions and standards in IRPKI. The Council main responsibilities are policy-making in IRPKI domain, approbation and updating Certificate Policy (CP) of the I.R.IRAN Governmental Root Certification Authority (CA), and approving the conformity of Certificate Practice Statements (CPSs) with the CP for all the intermediate CAs.

ICeCD is in charge of the Council secretariat.

I.R.IRAN Governmental Root Certification Authority:

I.R.IRAN Governmental Root CA, hereinafter "IR.GRCA", is the Trust Point in IRPKI and works under supervision of the Council. According to Paragraph (a) of Article 4 from Executive Regulation of Article 32 of E-commerce Law, this CA has obtained the license to create, sign, issue and revoke the digital certificate of intermediate CAs. IR.GRCA is responsible for monitoring of digital certificates issuance and management with the purpose of security development in the information exchange area, authentication in cyberspace at national and international levels and ultimately confidence in the use of electronic services

It is in charge of all aspects of issuance and management of Intermediate CAs certificate, including monitoring registration processes, authentication, issuing and revocation of certificates and re-key processes.

Intermediate Certification Authorities:

Certification authorities obtained their license and certificates from the IR.GRCA are named Intermediate Certification Authorities. These CAs have the authority to issue and revoke the digital certificates of subscribers. In order to obtain their digital certificates, intermediate CAs must draft their Certificate Practice Statements (CPS) in accordance with the IR.GRCA's CP and submit it in order to be approved by the Council.

General Governmental Intermediate CA hereinafter "GICA" is a unique intermediate CA presenting digital certificate services for all different functions to applicants in general form.

Governmental Intermediate CAs are established by the executive organizations of the I.R.IRAN and can provide digital certificate services for applicants for governmental usage and application in their responsibilities and services domain.

Private Intermediate CAs are established by the private organizations of the I.R.IRAN and are permitted to present digital certificate services to private customers for non-governmental usage and application.

External Intermediate CAs are Private Intermediate CAs signed a contract with a specific governmental executive organization. These Intermediate CAs can only present digital certificate services for G2B and G2C functions in the domain of the related governmental executive organization.

IR.GRCA is responsible for auditing all the intermediate CAs periodically and present the Council with the audit reports. Currently, alongside with the GICA, 6 other intermediate CAs consist of 3 governmental and 3 private intermediate CAs operate in the IRPKI.

The Health Governmental Intermediate CA, MoP Governmental Intermediate CA and ICMGCA Governmental Intermediate CA are the 3 active governmental intermediate CAs.

Active private intermediate CAs are Pars Sign Private Intermediate CA , Raahbar Trust Private Intermediate CA and Smart Trust Private Intermediate CA presenting digital certificate services in different domains for non-governmental functions.

Registration Authorities:

Registration authorities (RAs) are responsible for identification and checking the accuracy of received information from digital certificate applicants. In fact, registration authorities are responsible for preparing issuance request, revocation and updating certificate and also re-key request by checking applicant's identity. Each registration authority must be approved by an intermediate CA, and there must be a contract or agreement between these two, so that the registration authority undertakes to present services according to the CPS of the intermediate CA.

Registration Authority must accommodate its operations with the CPS of related CA.

Iran Commercial Cyber Security Office

Iran Commercial Cyber Security Office called "AFTAT" was established in order to ensure the possibility of interaction and reliability of interoperations between components and actors of Iran's public key infrastructure, and also to use maximum of capabilities to produce reliable products related to PKI in order to comply with National standards which are harmonized with international standards and ultimately setting up several laboratories (such as NIST or CC Laboratories) to test and evaluate every hardware and software which are used in PKI according to PKI standards.

Iran eTrust Seal (eNAMAD)

E-Trust Seal is a symbol of trust; when an e-Commerce website displays the seal, one might ensure that the website has been accredited by a government body and can be trusted thereby improving customer trust in cyber space.

eNAMAD could be a one to five star seal granted to eligible e-Commerce websites. E-Trust seal issuance for Iranian e-Commerce websites has been started since 2010 and more than 20,000 websites are registered since then.

Mission statement of eNAMAD project is as follows:

Considering priorities and national needs, consistent with international experiences and standards and relying on technical knowledge and local expertise, the mission of eNAMAD is organizing, ranking and validation of e-Commerce websites activities, protecting consumer rights in cyberspace for trust building and making the necessary infrastructure for electronic market development.

Iran Public e-Procurement System

IRAN public e-Procurement solution called "SETAD", is a user-friendly, Internet-based procurement system that allows an integrated approach to electronic procurement which enhances administrative functions related to government organizations (such as ministries, agencies and companies) as well as bidders and suppliers who have completed the registration & approval processes. In this system it is necessary for the suppliers to specify the specifications & prices of their products.

We believe that SETAD provides transparency and efficiency in the procurement cycle and has a considerable impact on saving time and money.

Iran Comprehensive Trade System

Iran Comprehensive Trade System creates an integrated system for merchants in foreign and domestic trades. Employing this system directs trade exchanges to legal gates and diminishes the smuggling phenomenon.

This system is multi-faceted for import and export processes: it's a B2B for traders, banks, and insurance bodies. It's also a G2G and G2B project since comprehensively a governmental body is involved. Ultimately it's a window among government and all trade parties and related organizations. This system contains two sub-systems and three side systems as follow:

         - Domestic trade sub-system: managing all affairs related to transferring ownership, location and stocking for target products

         - Forging trade sub-system: observing, following up and preventing generation of duplicate data related to all activities including banking, insurance, transportation, licenses, and customs.

         - Track and trace system: managing track and trace identification and answering related inquire.

         - Commodity identification system: Recording product identification data and related certification

         - Warehouse systems: managing entrance and exit of products from maintenance centers for target products


List of Services

No.

Title

Introduction

Website

1

Issuance of digital signature certificate

View

https://www.gica.ir/Portal/index?91

2

Issuing organizational seal certificate (legal entities)

View

https://www.gica.ir/Portal/index?91

3

SSL certificate issuance

View

https://www.gica.ir/Portal/index?91

4

Issuing secure email certificate

View

https://www.gica.ir/Portal/index?91

5

Code signing certificate issuance

View

https://www.gica.ir/Portal/index?91

6

Providing Confirmation Timestamp

View

http://www.gica.ir/tsa

7

Issuing permit for activity of subsidiary intermediate certificate authorities (CA)

View

http://en.rca.gov.ir

8

Issuing permit for activity of intermediate certificate authorities (CA)

View

http://en.rca.gov.ir

9

Issuing permit for activity of electronic certificate registration offices

View

https://www.gica.ir/Portal/index?91

10

Issuing Electronic Trust Symbol (ENAMAD) certificate

View

http://www.enamad.ir

11

Investigating violations and monitoring of online businesses

View

http://www.enamad.ir

12

Online businesses ranking

View

http://www.enamad.ir

13

Identification and authentication of customers of online businesses

View

http://www.enamad.ir

14

Issuing authentication certificate for the public key infrastructure (PKI) algorithm

View

http://en.rca.gov.ir

15

Issuing authentication certificate for encryption modules of public key infrastructure (PKI)

View

http://en.rca.gov.ir

16

Issuing authentication certificate for digital certificate issuance and management systems

View

http://en.rca.gov.ir

17

Issuing authentication certificate for public key infrastructure (PKI) software

View

http://en.rca.gov.ir

18

Managing public electronic tenders

View

http://www.setadiran.ir

19

Management of public electronic small and medium transactions

View

http://www.setadiran.ir

20

Managing public electronic tenders

View

http://www.setadiran.ir

21

Consultation and education in the field of ecommerce

View

http://en.rca.gov.ir

22

Replies to inquiries of digital certificate status

View

https://www.gica.ir/portal/index?76

23

Inspection and monitoring of the intermediate certificate authorities (CA)

View

whttp://en.rca.gov.ir

24

Inspection and monitoring of the digital certificate registration offices

View

https://www.gica.ir/Portal/index?91

25

Awarding ecommerce prize

View

26

Addressing ecommerce complaint

View

http://www.enamad.ir



Iran e-Commerce Report (Mar-Sep 2020)

Abstract

The following document is the annual report of Iran's e-commerce in 2021. In this report, e-commerce indicators have been measured, monitored, and discussed in three categories: "e-commerce infrastructure", "e-commerce market size", and Methodology and Demography of e-commerce". The data needed to measure e-commerce infrastructure and performance indicators have been collected from recourses such as World Bank reports, Statistics Center of Iran, the Central Bank of the Islamic Republic of Iran, and the Ministry of Communications and Information Technology. The data needed to measure the Demography of e-commerce has been collected from a questionnaire completed by a number of online businesses. The main results of the e-commerce report of Iran in 20 Mar 2020 - 20 Mar 2021 are as follows:

E-Commerce Infrastructure:
- Internet penetration rate has reached 127.2%, which has increased by 13% compared to the previous year.
- Smart phone penetration rate has reached 166%, which has increased by 6% compared to the previous year.
- More than 1317000 electronic signature certificates have been issued in the country's public key infrastructure, which has increased by 124% compared to the previous year.

E-Commerce Market Size:
- The nominal volume of e-commerce transactions was 1,237 thousand billion Toman, which has increased by 13% compared to the previous year.
- The average amount of each online purchase is 343 thousand Toman.
- The total number of e-commerce transactions was about 3.6 billion, which has increased by 14% compared to the previous year.
- The total number of G2G/G2B was more than 345 thousand, which has increased by 2% compared to the previous year.

E-Commerce Methods and Demography:
- Number of eNamad trust seals issued to ecommerce units was more than 35000, which has increased by 5% compared to the previous year.
- Issuing Gray enamad for small online businesses has been started in Azar 1400 and more than 3800 gray enamad had been issued until end of 1400.
- 80 % of e-commerce units with e-Namad license, use social networks in addition to website.
- About 94% of ecommerce units, use personal investors for deployment.
- About 60% of ecommerce units, use <> for delivery of goods.
- 60% of ecommerce units with e-Namad license owners, are between 30 and 40 years old.
- 78% of ecommerce units owners, who have received e-Namad license, have natural character type.

Iran e-Commerce Annual Report (Mar 2021-Mar 2022)

Also, for downloading 'Iran e-Commerce Annual Report (2020)', click here