An Overview of Electronic Signatures in the UAE

The evolution of signatures spans from ancient Roman times to the modern digital era. Although signatures have been in use since the 5th century AD, their legal significance was firmly established by the 1677 English Statute of Frauds, which required written signatures to ensure contractual enforceability and prevent fraud. In the 1980s, electronic transmission emerged, via fax, and the UNCITRAL Model Laws ^[1] (1996, 2001) recognised electronic signatures as being equal to handwritten ones. The EU's eIDAS ^[2] regulation standardised electronic transactions in 2016. In the UAE, laws from 2002 ^[3] and 2006 ^[4] first recognised the legal force of electronic signatures. These developments reflect the shift to secure, efficient digital authentication in global commerce. As per Federal Decree Law No. 46 of 2021 ‘Electronic Transactions and Trust Services,’ electronic signatures are as binding as a signature executed by hand.

What is an electronic signature?

Holding the same authenticity as a handwritten signature, an electronic signature signifies a person’s intent to be legally bound by the contents of the document they are signing. As a legally binding mechanism, electronic signatures can be used in a wide range of situations, including cross-border arrangements, to facilitate faster, smoother and more secure transactions, helping to streamline digital transactions.

In the UAE, the key law governing the use of electronic signatures is The UAE Electronic Transactions Law (Federal Decree Law No. (46) of 2021 On Electronic Transactions and Trust Services). It should be noted that the Dubai International Financial Centre also has its own Electronic Transactions Law (Law No. 2 of 2017) and the Electronic Transactions Regulations 2021 of Abu Dhabi Global Market.

Difference between electronic and digital signatures

A digital signature is always electronic, but an electronic signature is not always digital. An electronic signature refers to any digital procedure that signifies acceptance or endorsement of a contract or record. This can range from a straightforward digital scan of a handwritten signature to a more advanced verification system. Standard electronic signature solutions utilise common digital authentication techniques to confirm the identity of the signatory, for example, an email address or PIN, whereas digital signatures employ certificate-based digital identifiers which authenticate the identity of the signatory and provide evidence of signing by linking each signature to the document with encryption. Such verification is conducted via trusted certificate authorities or trust service providers. Digital signatures are unique to each signatory and, when they digitally sign a document, the signature is crafted using the signatory’s private key, which is always securely retained by the signatory. The mathematical algorithm operates similarly to a cipher, generating data that aligns with the signed document and encrypting this data. This forms the digital signature. Additionally, the signature is marked with the precise time the document was signed, ensuring that if the document is modified after signing, the digital signature is rendered invalid. This process ensures that any subsequent modification to the document invalidates the digital signature, thereby protecting the integrity of the signed record.

UAE Regulations

The UAE Electronic Transactions Law, published on 20 September 2021, affirms that electronic documents retain their legal validity and enforceability despite being in digital form, and provides a legal framework that enhances their security and reliability. The law permits consent for the use of electronic information to be inferred from an individual's conduct, while ensuring that no party is obliged to utilise electronic documents without their explicit agreement. Furthermore, contracts formed between automated systems are deemed valid even in the absence of human involvement.

The law outlines conditions for acknowledging receipt of electronic documents, such as through electronic messages, and states that existing agreements between parties take precedence over new legal provisions. Parties must maintain accurate information, conduct activities fairly, assess risks, and protect personal data according to federal laws. They are required to notify the Telecommunications and Digital Government Regulatory Authority (TDRA) and subscribers of risks, unauthorised disclosures, or breaches, and inform them about service terms, security, and trust levels. A termination plan and record-keeping are also required for service continuity.

The legal framework for electronic records and signatures includes key requirements:

• Electronic signatures must be reliable, using specific encryption standards to ensure data integrity, and created with approved devices.
• Authentication certificates must identify the issuer and signatory, include validity details, and be issued by qualified trust service providers.
• Data from electronic signatures must be securely retained for at least 15 years to prevent unauthorised use, and government authorities must preserve electronic signatures during document archiving, recreating them if changes occur.
• Compliance assessments must be conducted by approved entities, avoiding conflicts of interest, and follow TDRA specifications.

Cabinet Resolution No. (28) of 2023, published on 14 April 2023, specifies conditions for Qualified Electronic Time Stamps under the Executive Regulations of Federal Decree-Law No. (46) of 2021 on Electronic Transactions and Trust Services (the QETS Executive Regulations). Only Qualified Trust Service Providers can offer these time stamps, and they must comply with the Decree-Law and TDRA resolutions. Providers must establish policies and practices that meet TDRA's technical specifications for content and structure, ensuring service delivery aligns with their practice statement and policy. If third parties are involved, providers must clearly define responsibilities and ensure compliance with controls. TDRA resolutions outline technological standards for Qualified Service Providers, including criteria for service policy, practice statements, and listing in the UAE Trust List. These conditions ensure Qualified Electronic Time Stamps are securely linked to data, preventing alterations and maintaining integrity.

Trust service providers (TSPs)

Trust Service Providers, such as Adobe, DocuSign and eMudhra, play a crucial role in ensuring the security and reliability of e-signatures. They are responsible for issuing digital certificates, managing electronic signature creation devices, and preserving the integrity of e-signatures. TSPs must obtain a licence from the TDRA, who are responsible for verifying that the applicant meets all rules and requirement. The TDRA have the right to suspend or cancel the licence granted to TSPs in the event of non-compliance. In the UAE, the Trusted List acts as a central repository for licensed TSPs and the services they offer, ensuring transparency and accountability. Each service offered by a TSP is linked to a unique digital identifier, ensuring clear identification and traceability.

Legality and admissibility

Providers of digital signature solutions currently adhere to a specific protocol known as PKI (Public Key Infrastructure). PKI requires that the provider uses a mathematical formula to generate two lengthy numbers, referred to as keys. One key is public, and the other is private.

The UAE Electronic Transactions Law ensures that electronic documents, signatures, seals, and transactions are admissible as evidence in legal proceedings, regardless of their electronic form and processing through Trust Services and Qualified Trust Services. An official electronic document, when printed as a hard copy identical to the original, is considered conclusive evidence, and deems the signature as authentic as a manual signature. Similarly, a Qualified Electronic Seal from a legal entity serves as proof of the validity and integrity of the linked original information. A qualified date and time are verified through a Qualified Electronic Time Stamp when associated with accurate data. The Qualified Electronic Delivery Service is recognised as valid and legally effective if it adheres to the stipulated conditions. Additionally, Reliable Electronic Signatures and Seals are considered valid and legally effective if they meet the specified requirements. Trust Services and Qualified Trust Services must comply with the conditions outlined in the Decree Law and its Executive Regulations.

The future of electronic signatures

The UAE has seen a significant rise in the adoption of digital signatures, with a reported 216% increase in their usage since 2023. The future of electronic signatures is expected to involve further integration with technologies such as AI, as well as collaboration capabilities and blockchain. The UAE is actively fostering a future where digital signatures are not just legally accepted but also deeply integrated into the fabric of its digital economy, ensuring secure and efficient transactions across all sectors.

^[1] United Nations Commission on International Trade Law (UNCITRAL) 1996, UNCITRAL Model Law on Electronic Commerce with Guide to Enactment 1996, United Nations, New York; United Nations Commission on International Trade Law (UNCITRAL) 2001, UNCITRAL Model Law on Electronic Signatures with Guide to Enactment 2001, United Nations, New York

^[2] European Union 2014, Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS), Official Journal of the European Union, L 257, 28 August, pp. 73–114

^[3] Dubai Law No. 2 of 2002 on Electronic Transactions and E Commerce

^[4] UAE Federal Law No. 1 of 2006 on Electronic Commerce and Transactions