Overview
Electronic and certificate-based digital signatures are common in Malaysia and are well accepted in the business community, especially for e-commerce. Malaysian law makes a distinction between electronic signatures and digital signatures backed by certificates from trusted service providers but regards both as being just as admissible and enforceable as a “wet signature”, provided they meet the legal requirements for validity.
Electronic Signatures
Electronic signatures are governed by the Electronic Commerce Act 2006. The ECA defines an electronic signature as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”.
To be recognized under the ECA, an electronic signature must:
- be attached to or logically associated with the electronic message;
- adequately identify the signer and adequately indicate the signer’s approval of the information to which the signature relates; and
- be as reliable as is appropriate for the purpose and circumstances in which it is required.
- An electronic signature is “as reliable as is appropriate” if:
- the means of creating the electronic signature is linked to and under the control of only the signer;
- any alteration made to the electronic document after the time of signing is detectable; and
- any alteration made to that document after the time of signing is detectable.
- An electronic signature is “as reliable as is appropriate” if:
Digital signatures are regulated by the Digital Signature Act (DSA) 1997. The DSA defines digital signatures as “a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key, and whether the message had been altered since the transformation was made.”
A digital signature will be recognized under the DSA where:
- that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
- that digital signature was affixed by the signer with the intention of signing the message; and
- the recipient has no knowledge or notice that the signer:
- has breached a duty as a subscriber; or
- does not rightfully hold the private key used to affix the digital signature.
- has breached a duty as a subscriber; or
The subscriber’s duties are discussed in the DSA and include for example, that the subscriber assumes to the exercise reasonable care to retain control of its private key and to prevent the disclosure of the private key to any person not authorized to create the subscriber’s digital signature. All licensed certification authorities must hold a valid license issued under the DSA and can be found on the Malaysian List of Certification Authorities and Recognition.
Special considerations
Transacting with public sector entities
The Electronic Government Activities Act 2007 (EGAA), which complements the ECA, applies similar rules to the public sector. It provides for legal recognition of electronic messages in dealings between the Government and the public, and the use of electronic messages to fulfill legal requirements.
The EGAA provides that it is not mandatory for a person to use, provide or accept any electronic message in dealings with the Government unless the person consents to the using, providing, or accepting of the electronic message. The requirements for electronic signatures under the EGAA mirror the requirements under the ECA.
Under the Prescription of Electronic Signature Order 2010 issued pursuant to the EGAA, the use of a pin number as an electronic signature fulfills the requirement of affixing a seal in an electronic message.
There are certain requirements to use digital signatures under the Government procurement regime. All individuals, companies or corporate bodies intending to participate in Government procurement are required to undergo a registration process. Registration is carried out through the ePerolehan (“eProcurement” in English) system, which requires the use of digital signatures, as highlighted on the excerpts from the circulars and guidelines issued by the Treasury:
- Under the Guidelines on Malaysian Ministry of Finance Account Registration for Procurement of Supplies and Services including Consulting Firms, companies that have registered will be issued a digital certificate to transact with the Federal Government through the ePerolehan system. A digital certificate will be issued to the contractor (who is under basic account) free of charge for the first three years.
- Under the Manual on Quotation & Tender/eBidding, after the relevant documents are uploaded by the successful bidders to the ePerolehan system, the successful bidder must insert their pin number and the answers to the security questions of their digital certificate to secure the enforceability of the contract.
- Under the Treasury Circular on Government Procurement via Electronic System, it is prescribed that certain officers from the Government agencies must use a digital signature in certain transactions, such as approving the bidding contract, revoking the existing contract, and approving the application for extension of contract. The officers from the Government agencies would have to apply for a USB token through the website portal of Government Public Key Infrastructure (GPKI) to execute any transactions in the ePerolehan system.
Use cases that generally require a traditional signature
Although electronic and digital signatures are governed by Malaysian federal law, in some cases, state laws or industry-specific rules and guidelines may govern.
Under the ECA, the following documents cannot be signed or executed electronically:
- Power of attorney;
- The creation of wills and codicils;
- The creation of trusts; and
- Negotiable instruments.
Additionally, documents that require notarization or the affixing of a seal, may not be able to be signed electronically. However, where law requires a seal to be affixed to a document and the document is in the form of an electronic message, the document may be signed using a digital signature as defined under the DSA.
Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.