On 20 September 2021, the UAE has published Federal Decree Law No. 46 of 2021 on electronic transactions and trust services (the “Electronic Transactions Law“) which repeals Federal Law No. 1 of 2006 (the “Previous Law“) and reinforces the UAE’s digital transformation strategy and commitment towards a digital economy.
The Electronic Transactions Law will come into effect on 2 January 2022, however, businesses will be given a one-year grace period for compliance. Under the Electronic Transactions Law, the Telecommunications and Digital Government Regulatory Authority (the “TDRA”) will act as the regulator and will implement the new law.
We have set out the below the changes to key provisions of the new Electronic Transactions Law:
- Electronic signatures are now assigned the same weight and treatment as handwritten signatures. An electronic document will not lose its legal validity or enforceability due to its electronic form.
- Transactions can be concluded in whole or in part by an automated medium and such contracts shall be valid, enforceable and legally effective even in the absence of personal or direct interaction by any physical person in the contracting process.
- The Electronic Transactions Law provides that a person may use any form of electronic signature or stamp for all transactions including contracts with the UAE government entities (which will involve coordination with the Federal Authority for Identity and Citizenship). This is a move from the Previous Law which had set out exclusions for the use of electronic signatures.
- The Electronic Transactions Law has now provided three types of electronic signatures (while the Previous Law did not have any distinction for the different types of electronic signatures) which include:
○ Electronic signature – Similar to the definition under the Previous Law, this is a signature consisting of letters, figures, codes, sound, fingerprint or processing system of electronic form attached or logically linked to an electronic document, which verifies the identity of the signatory and the their acceptance of the content of the data associated thereto.
○ Qualified electronic signature – this is an electronic signature that fulfils the following conditions:
i. the electronic signature is completely and exclusively associated with the signatory and under their control;
ii. it includes characteristics to identify the signatory;
iii. it is linked to the data in a manner that allows the identification of any modification to the data; and
iv. it is created with the technical and security requirements set out in the implementing regulations of the Electronic Transactions Law.
○ Approved electronic signature – this is an electronic signature that fulfils the following conditions:
i. the electronic signature and stamp are created based on an approved and valid authentication certificate in accordance with the Electronic Transactions Law;
ii. the electronic signature and stamp are created using an approved electronic signature or stamp tool;
iii. the data to prove the authenticity of the approved signature and the approved electronic stamp shall be identical to the data submitted to the approved party;
iv. the data identifying the signatory of the approved authentication certificate shall be properly submitted to the approved party; and
v. the electronic signature is created with the technical and security requirements set out in the implementing regulations of the Electronic Transactions Law.
- Trust services providers must be licensed by the TDRA to provide electronic signatures services such as the creation of an electronic signature or qualified electronic signature and the issuance of a certificate of authentication for a qualified signature, prior to offering their services to third parties. The TDRA will also create a list of trust service providers (and approved trust service providers who provide approved electronic signature services) along with the services that each provider offers. Customers will be able to identify licensed service providers by checking whether or not they hold an approved trust mark issued by the TDRA which also details the services that they are licensed to provide.
- The Electronic Transactions Law has also allowed the use of trust services outside the UAE, provided that they provide similar levels of services as those offered in the UAE, which will facilitate electronic cross-border transactions.
- The signatory may also be liable under the Electronic Transactions Law for the unauthorized use of the electronic signature or stamp, use of invalid authentication certificates or failure to report any changes to the information contained in the authentication certificate or its lack of confidentiality.
- The digital identity owner may also be held liable for the following:
i. failure to exert the necessary care to avoid the unauthorized use of the digital identity;
ii. failure to notify the relevant parties if the digital identity used in a transaction has been exposed; or
iii. failure to ensure the accuracy and completeness of the material data that they provide and which relate to the digital identity.
- The Electronic Transactions Law penalizes unlicensed trust service providers and specifically sets out penalties for breaches by the trust service providers, as well as the unauthorized disclosure of confidential information by any party.
- The Electronic Transactions Law will be supplemented with the implementing regulations which will detail the technical requirements for the different signatures introduced under the Electronic Transactions Law as well as other details on the application of the new law.
To speak to us in relation to the Electronic Transactions Law and what this development might mean for your business, or any technology related matters, please feel free to contact one of the lawyers below or your usual Baker McKenzie contact.