Electronic Signature Laws & Regulations - Malaysia
Electronic and certificate-based digital signatures are common in Malaysia and are well accepted in the business community, especially for e-commerce. Malaysian law makes a distinction between electronic and digital signatures backed by certificates from trusted service providers but regards both as being just as admissible and enforceable as a “wet signature”, provided they meet the legal requirements for validity.
Electronic signatures are governed by the Electronic Commerce Act 2006. The ECA defines an electronic signature as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”.
In order to be recognized under the ECA, an electronic signature must:
- be attached to or logically associated with the electronic message;
- adequately identify the signer and adequately indicate the signer’s approval of the information to which the signature relates; and
- be as reliable as is appropriate for the purpose and circumstances in which it is required.
- An electronic signature is “as reliable as is appropriate” if:
- the means of creating the electronic signature is linked to and under the control of only the signer;
- any alteration made to the electronic document after the time of signing is detectable; And
- any alteration made to that document after the time of signing is detectable.
- An electronic signature is “as reliable as is appropriate” if:
Digital signatures are regulated by the Digital Signature Act (DSA) 1997. The DSA defines digital signatures as “a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key, and whether the message had been altered since the transformation was made.”
A digital signature will be recognized under the DSA where:
- that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
- that digital signature was affixed by the signer with the intention of signing the message; and
- the recipient has no knowledge or notice that the signer has breached a duty as a subscriber; or does not rightfully hold the private key used to affix the digital signature.
All licensed certification authorities must hold a valid license issued under the DSA and can be found on the Malaysian List of Certification Authorities and Recognition.
In Malaysia, the ECA and the DSA do not expressly discuss the storage of electronic signature data within Malaysia. However, there may be industry-specific requirements to have such data stored within the country. In addition, if the electronic signature data contains personal information, it will fall under the requirements of the Malaysia’s Personal Data Protection Act (PDPA).
Transacting with public sector entities
The Electronic Government Activities Act 2007 (EGAA), which complements the ECA, applies similar rules to the public sector. It provides for legal recognition of electronic messages in dealings between the Government and the public, and the use of electronic messages to fulfill legal requirements.
The EGAA provides that it is not mandatory for a person to use, provide or accept any electronic message in dealings with the Government unless the person consents to the using, providing or accepting of the electronic message. The requirements for electronic signatures under the EGAA mirror the requirements under the ECA.
Under the Prescription of Electronic Signature Order 2010 issued pursuant to the EGAA, the use of a pin number as an electronic signature fulfills the requirement of affixing a seal in an electronic message.
There are certain requirements to use digital signatures under the Government procurement regime. All individuals, companies or corporate bodies intending to participate in Government procurement are required to undergo a registration process. Registration is carried out through the ePerolehan (“eProcurement” in English) system, which requires the use of digital signatures, as highlighted on the excerpts from the circulars and guidelines issued by the Treasury:
- Under the Guidelines on Registration for Basic Account and Company for Supplies and Services Procurement, any contractor who wishes to enter into a transaction with the Government shall apply for a digital certificate in order to access the ePerolehan system. The digital certificate will be certified by the authority in accordance to the DSA.
- Under the Manual on Quotation & Tender/eBidding, after the relevant documents are uploaded by the successful bidders to the ePerolehan system, the successful bidder must insert their pin number and the answers to the security questions of their digital certificate to secure the enforceability of the contract.
- Under the Treasury Circular on Government Procurement via Electronic System, it is prescribed that certain officers from the Government agencies must use a digital signature in certain transactions, such as approving the bidding contract, revoking the existing contract and approving the application for extension of contract. The officers from the Government agencies would have to apply for a USB token through the website portal of Government Public Key Infrastructure (GPKI) to execute any transactions in the ePerolehan system.
Use cases that generally require a traditional signature
Although electronic and digital signatures are governed by Malaysian federal law, in some cases, state laws or industry-specific rules and guidelines may govern.
Under the ECA, the following documents cannot be signed or executed electronically:
- Power of attorney
- The creation of wills and codicils
- The creation of trusts
d. Negotiable instruments
Additionally, documents that require notarization or the affixing of a seal, may not be able to be signed electronically. However, where law requires a seal to be affixed to a document and the document is in the form of an electronic message, the document may be signed using a digital signature as defined under the DSA.
Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.