The use of e-signatures has become increasingly popular due to the growth in electronic commerce and advancements in technology which propel the idea to go paperless. However, e-signatures do not seem to have been prevalent outside the arena of e-commerce.
One of the major concerns of using e-signatures in legal transactions is whether documents signed electronically are valid, enforceable and have legal effect in Malaysia. This article seeks to answer some of the common questions raised when considering the use of e-signatures.
What is an e-signature?
The Electronic Commerce Act 2006 (“ECA”) defines an “electronic signature” as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”.
Based on the foregoing, an “e-signature” can be in various forms, including but not limited to a “digital signature”, a short message service (SMS), a signature made electronically using a device such as a stylus or a scanned version of an actual signature, or as simple as a “tick” in a check-box to indicate an online acceptance of terms and conditions. Another example is an e-signature created via a software which is then used to “sign” soft copies of documents.
Is a document signed with an e-signature valid and does it have legal effect?
The ECA expressly states that any information in an electronic form shall not be denied its legal effect, validity and enforceability.
According to the ECA, the requirement to have a signature can be fulfilled by an e-signature which:
- is attached to or is logically associated with the electronic message;
- adequately identifies the person and adequately indicates the person’s approval of the information to which the signature relates; and
- is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required.
For this purpose, an e-signature is considered to be reliable if:
- the means of creating the e-signature is linked to and under the control of that person only; and
- any alteration made to the e-signature or the document after the time of signing is detectable.
When can e-signatures be used?
The ECA applies to any “commercial transaction” which is defined as “a single communication or multiple communications of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance”. Given this broad definition, e-signatures may be used, inter alia, in the following transactions:
- Commercial agreements between corporate entities which generally does not require the affixation of the company seal, including services agreements, procurement documents and sales agreements;
- Consumer agreements, including insurance policies, and e-commerce platform terms and conditions;
- Employment contracts.
What are the limitations of e-signatures?
The ECA does not apply to the following transactions:
- Power of attorney
- The creation of wills and codicils
- The creation of trusts
- Negotiable instruments (for example, cheques or promissory notes)
Although the ECA only excludes the applicability of e-signatures in respect of the foregoing 4 types of transactions, one cannot readily assume that the signature requirement in all other commercial transactions can be fulfilled by using e-signatures, in particular transactions which are subject to requirements of other written laws in Malaysia.
For example, Section 66(3) of the Companies Act 2016 (“CA”) provides that a document signed by at least 2 authorised officers of a company has the same effect as if the document is executed under the common seal of the company. As the CA does not prohibit the usage of e-signatures, presumably the authorised officers of a company may execute a document by way of e-signatures. Do note however, that if there is a legal requirement to affix a seal to a document, the ECA provides that such requirement can only be fulfilled by using a digital signature. Arguably the mismatch between the ECA and the CA creates a gap and uncertainty as to whether a document which requires the affixation of a seal can be signed using e-signatures.
The gap becomes wider when the law has not caught up with technology advancement. The National Land Code (“NLC”) requires a signature on any forms relating to land transactions to be handwritten and where an execution involves a company, it shall be effected by affixing the seal of the company. In view that the foregoing exclusions do not include land transaction documents, it is arguable that land transaction forms can be signed using e-signatures and where there is a legal requirement to affix a seal, a digital signature can be used to satisfy the legal requirement.
What is the difference between an e-signature and a digital signature?
Both terms have often been used interchangeably and it is prudent to know that they are not the same. A digital signature is an e-signature but not vice versa. This subset of e-signatures is governed by the Digital Signature Act 1997 (“DSA”).
In a nutshell, a “digital signature” is a signature generated using an asymmetric cryptosystem that is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority (“LCA”). Digital signatures are created based on a set of algorithms and a unique authentication process which are known to be tamper proof. The use of digital signatures enables one to determine the identity of the signer and verify the authenticity of documents thus offering more security and protection compared to other types of e-signatures.
Similar to the ECA, the DSA also provides legal recognition to a document signed with a digital signature provided that the signature satisfies the requirements of the DSA.
Assuming the requirements have been satisfied, the DSA further provides that only an LCA duly approved by the Malaysian Communications and Multimedia Commission (“MCMC”) can act as a trusted party administering the use of the digital signature.
The LCAs currently listed on the MCMC website are:
- Pos Digicert Sdn. Bhd.
- MSC Trustgate.Com Sdn. Bhd.
- Telekom Applied Business Sdn. Bhd.
- Raffcomm Technologies Sdn. Bhd.
This means that a certificate issued by a certification authority which is not listed in the website will not be recognised as a “digital signature” notwithstanding that it satisfies the other requirements of a digital signature in the DSA. That said, the non-recognition of a “digital signature” under the DSA for this reason does not preclude the same from being considered as an e-signature under the ECA.
While e-signatures seem to be a viable alternative to physical signatures, there are a few practical points to be mindful of as described above.
30 October 2020
Tong Lai Ling (Partner)
T: 603 – 2632 9878
E: [email protected]
Chan Pei Jie (Senior Associate)
T: 603 – 2632 9999
E: [email protected]