UAE Federal Law No.1 of 2006 concerning electronic transactions and commerce (e-commerce law) regulates electronic signatures (e-signatures) in the UAE.
The eCommerce Law recognises 3 types of e-signatures:
1. Protected e-signatures (Article 17 of the E-Commerce Law)
This category of e-signatures is the most legally protected. Protected e-signatures are accepted as valid and have probative value unless otherwise established.
An e-signature is considered "protected" if it is possible to verify, through (1) the implementation of precise authentication procedures as required by the E-Commerce Law (such as by way of an electronic authentication certificate); or (2) as commercially acceptable and agreed upon between the parties, that at the time of its execution, the e-signature is attributable only to the person who used it, and:
- it is possible to prove the identity of that person;
- it is fully controlled by that person whether concerning its creation or usage at time of signing; and
- it is connected to the concerned electronic message by a link which provides reliable proof of the signature's validity.
2. Other e-signatures (Articles 8 and 18 of the E-Commerce Law)
e-signatures which are not considered "protected" pursuant to Article 17 of the E-Commerce Law may also be recognised as having legal force and effect, as long as reliance on the e-signature is reasonable.
Reasonableness is not presumed in such cases; the court will, in order to determine whether reliance on an e-signature is reasonable, take into account several factors, including the following:
- Nature, value and importance of the concerned transaction; and
- Whether the person relying on the e-signature:
i. took appropriate steps to determine the extent to which the e-signature is reliable.
ii. took appropriate steps to verify that the e-signature is enhanced by an electronic authentication certificate or supposed to be so.
iii. knew or should have known that the e-signature or electronic authentication certificate was violated or cancelled.
iv. has previously relied on an e-signature from the same person or any other commercial custom common in this matter.
Reliance is not considered reasonable where the e-signature is enhanced with an electronic authentication certificate and the relying party fails to verify the validity, applicability and restrictions of the certificate. In such cases, the relying party will be responsible for all risks resulting from the invalidity of the signature unless otherwise established.
3. Foreign e-signatures (Article 23 of the E-Commerce Law)
Foreign e-signatures are e-signatures having an authentication certificate issued by a foreign certification provider.
Reliance on a foreign e-signature is possible, as long as the two following conditions are fulfilled:
- the foreign certification provider has equally reliable standards as those in the UAE; and
- the requirements for the issuance of a foreign certificate are similar to those for a UAE certificate.
If the parties agree to use a specific certification service provider or type of foreign digital certificate, such agreement will be binding.
How do the UAE courts view and/or accept the use of e-signatures?
The UAE courts accept e-signatures as having legal force and effect as long as they meet the requirements of the e-commerce law. For example, in order to consider an e-signature valid, UAE courts will determine whether the e-signature is protected and/or the reasonableness of the reliance a person may have on the e-signature (further information regarding what qualifies as a protected e-signature or reasonable reliance is set out above). The UAE courts will also consider available evidence including electronic evidence. The Dubai Court of Cassation has confirmed this in various precedents.
E-signatures in connection with electronic transactions and commerce have probative force. UAE courts will not accept e-signatures with respect to the following documents, as the e-commerce law does not apply (Article 2 of Federal Law No.1 of 2006):
- Transactions and matters concerning civil status like marriage, divorce and wills.
- Title deeds of real estates.
- Bonds in circulation.
- Transactions concerning the sale and purchase of real estate, its disposition and rental for periods exceeding ten years and the registration of any other rights related to it.
- Any document required by law before a notary public.
- Any other documents or transactions to be excluded by a special legal term.
What steps, if any, does one need to adopt in order to incorporate the use of e-signatures in the UAE?
With respect to the incorporation of the use of e-signatures, we recommend adopting 'Protected Signatures' as it is the most legally protected type of e-signature under the e-commerce law. In order to do this, it is important to ensure the requirements set out under Article 17 of Federal Law No. 1 of 2006 (also included above) are fulfilled.
Steps to adopt in order to incorporate the use of e-signatures include:
- Determining a duly accredited person which issues electronic authentication certificates and any services or tasks related to it and to e-signatures as regulated under the e-commerce law. In order to be duly accredited, this person must hold a certification services provider license in the UAE;
- Engaging this person to issue an e-signature tool and electronic authentication certificates for your use; and
- Implementing all due care and diligence in your use of the e-signature tool, in line with the directions provided by the certification service provider.
It is also important to ensure, when incorporating the use of e-signatures, that such e-signatures are not used with respect to the documents excluded from application of the e-commerce law by Article 2 of Federal Law No.1 of 2006 (listed above).
Any particular concerns with using e-signatures in the UAE?
When using or relying on another person's e-signatures, it is important to ensure such e-signatures are recognised under the e-commerce law. It is also important to consider the following:
- The jurisdiction by which the agreement or document will need to be recognised and/or enforced. If another jurisdiction than the UAE is involved, it is important to consider their own laws regarding e-signatures;
- Where an e-signature is being relied on (other than pursuant to Article 17 of the E-Commerce Law), whether such reliance would be considered reasonable by the courts (factors the courts would consider are set out above); and
- Whether the type of document with respect to which the e-signature is used may be signed by way of e-signature under the e-commerce law.
The use of e-signatures also imposes additional duties on a signer, set out under Article 19 of Federal Law No.1 of 2006. There may be repercussions if these duties are not fulfilled. These duties include notifying concerned persons, without any unjustifiable delay, in the instance of finding out the signer's signature tool was or may have been exposed to safety risks based on circumstances or facts made known to him/her.
As long as the requirements set out above are fulfilled, there should be no significant risk that the UAE courts not consider the e-signatures valid.
There are also, of course, non-legal concerns that must be addressed, in particular with respect to the possible vulnerability of e-signature tools to cyber-attacks, security breaches or misuse. Misuse of an e-signature may result in significant damage to the authorised person to whom the e-signature is linked.
It is therefore extremely important, in order to protect the signer from any external or internal misuse, to implement high security measures to ensure only the authorised person to whom the e-signature is linked may access and use of the e-signature. Measures that may be undertaken include secure storage of the e-signature and authentication certificate and not sharing access to the e-signature or authentication certificate with any other person.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.