Electronic Signature Laws & Regulations - Kingdom of Saudi Arabia

Overview

In the Kingdom of Saudi Arabia (KSA), the legal and regulatory system is dynamic, with frequent changes in application as well as interpretation. Today, only certificate-based digital signatures (referred to as electronic signatures in the KSA) are considered legally binding.

The primary law governing the use of electronic signatures in the KSA is the Saudi Arabia Cabinet Decision No. 80/1428 on the Approval of The Electronic Transactions Law issued by Royal Decree No. M/8 and dated 26 March 2007 (Electronic Transactions Law) which applies to e-commerce service providers who offer goods/services to customers based in the KSA.

The Saudi Arabia Implementing Regulation No. 1/1429 (Implementing Regulations), issued on 18 March 2008, provides further detail around the use of electronic signatures in the KSA. The Implementing Regulations define an Electronic Signature as “Electronic data entered, added or logically associated with an electronic transaction, used for identifying the signatory, verifying his approval of the electronic transaction and detecting any change made to the transaction after signature thereof.”  

The Electronic Transactions Law provides that Electronic Signatures which meet the requirements of the Electronic Transactions Law carry the same legal effect as traditional “wet” signatures and that contracts cannot be denied enforceability merely because they are concluded electronically. However, the Electronic Transactions Law provides that the law cannot be used to require any person to execute an agreement electronically without their explicit or implicit approval.

Under Article 10 of the Implementing Regulations, an Electronic Signature will only be binding if:

  1. It is accompanied by an authorized and valid digital certificate;
  2. The signer’s identity data is maintained and corresponds to the digital certificate;
  3. The integrity of the electronic signature system/service and connection to the electronic data system is secured, maintained and free of any technical defects that might affect the validity of the signature;
  4. The signature procedures and confidentiality of the data are managed in accordance with the technical conditions stipulated in the digital certification procedures issued by the National Centre for Digital Certification (Centre); and
  5. The signer has complied with all conditions stipulated in the digital certification procedures issued by the Centre.

Under the Electronic Transactions Law, the requirement for an authorized and valid digital certificate requires that the digital certificate be issued by a Certification Service Provider authorized by the Communications and Information Technology Commission or with a Digital Certificate approved by the Centre.

In the KSA, Certification Service Providers are those who “are licensed to issue digital certificates, or any other service or task related thereto or to the electronic signatures.” The KSA list of licensed certification service providers is available at https://ncdc.gov.sa/?page_id=1899 (in Arabic).

As per Article 12 of the Implementing Regulations, whoever relies on the electronic signature of another party shall verify the validity of the electronic signature by:

  1. Verifying that the sender’s digital certificate was issued by an authorized and valid Certification Service Provider;
  2. Ensuring that the data accompanying the electronic signature (i.e. the name and address) are consistent with the digital certificate; and
  3. Ensuring that there are no warning notices regarding potential defects in or related to the Electronic Signature or the signed document.


Special Considerations

In the KSA, there are several items that require specific consideration.

Transacting with public sector entities

Government entities in the KSA must provide explicit consent to conduct transactions electronically. If a government entity does provide explicit consent, the electronic transaction should follow any special conditions specified by the government authority. Based on the above, it is recommended that parties seek written confirmation from the specific government entity that an Electronic Signature will be binding prior to engaging in the electronic transaction.

Use cases that generally require a traditional signature

Under the Electronic Transactions Law, the following types of documents are generally excluded from the use of Electronic Signatures:

  1. Transactions pertaining to civil status
  2. Real estate deeds

It should be noted, however, that KSA notarial offices use electronic systems.

Note:

Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.

Adobe logo

Sign in to your account