Electronic Signature Laws & Regulations - Kingdom of Saudi Arabia

In the Kingdom of Saudi Arabia (“KSA”), the legal and regulatory system is dynamic, with frequent changes in application as well as interpretation. Today, only certificate-based digital signatures (referred to as electronic signatures in the KSA) are considered legally binding.

The primary laws governing the use of electronic signatures in the KSA includes:

• the Saudi Arabia Cabinet Decision No. 80/1428 on the Approval of The Electronic Transactions Law issued by Royal Decree No. M/8 and dated 26 March 2007 as amended by Saudi Arabia Cabinet Decision No. 293/1445 issued on 24 October 2023 (Electronic Transactions Law); and
• the Saudi Arabia Administrative Decision No. 6-8-m/1445 on the Implementing Regulation of the E-Transactions Law (Implementing Regulations), issued on 13 March 2024, which provides further detail around the use of electronic signatures in the KSA.

Electronic Signatures.

The Implementing Regulations defines an Electronic Signature as “Electronic data entered, added or logically associated with an electronic transaction, used for identifying the signatory, verifying his approval of the electronic transaction and detecting any change made to the transaction after signature thereof.”

Under Article 10.1 of the Implementing Regulations, an Electronic Signature will only be binding if the following controls and conditions are adhered to:

1. The Electronic Signature is linked to a digital certificate issued by the National Information Centre ("Centre") or by the certification services provider licensed by the "Authority" (defined in the Electronic Transactions Law as the "Digital Government Authority");
2. The digital certificate associated with the Electronic Signature shall be valid at the time the Electronic Signature is performed;
3. The identity data of the holder of the Electronic Signature shall be consistent with the digital certificate;
4. If the Electronic Signature is done in conjunction with an electronic data system at the signatory, it is required that the logical and technical connection between the Electronic Signature system and the electronic data system is sound, and therefore that they are free of technical defects that may affect the validity of the Electronic Signature and its transmission;
5. Availability of the minimum technical and administrative infrastructure, as well as the relevant resources, to ensure the reliability of the Electronic Signature procedures according to the technical conditions contained in the digital certification procedures of the Centre or the certification services provider; and
6. The holder of the Electronic Signature shall adhere to all conditions contained in the digital certification procedures of the Centre or the certification services provider regarding the digital signature/stamp, in a manner that does not conflict with the relevant laws and regulations.

Under the Electronic Transactions Law, the requirement for an authorized and valid digital certificate requires that the digital certificate be issued by a Certification Service Provider authorized by the Authority or with a Digital Certificate approved by the Centre.

In the KSA, Certification Service Providers are those who “are licensed to issue digital certificates, or any other service or task related thereto or to the electronic signatures.”

Legal effect and admissibility.

The Electronic Transactions Law provides that Electronic Signatures which meet the requirements of the Electronic Transactions Law carry the same legal effect as traditional “wet” signatures and that contracts cannot be denied enforceability merely because they are concluded electronically. However, the Electronic Transactions Law provides that the law cannot be used to require any person to execute an agreement electronically without their explicit or implicit approval.

As per Article 12 of the Implementing Regulations, whoever relies on the electronic signature of another party shall verify the validity of the electronic signature by:

1. Verifying the origin of the digital certificate associated with the digital signature/stamp, and that it is issued by the Centre or the certification services provider, in accordance with the provisions of this Implementing Regulations, and verifying its validity, and that it is not cancelled or suspended;
2. Ensuring that the data attached to the digital signature/stamp matches the data of the holder of the signature/stamp, based on the digital certificate issued to him; and
3. Verifying that there are no alert or warning messages indicating the possibility of a defect in the automatic matching of the digital signature/stamp, or any other defect related to the origin or content, within the message and the signature/stamp received.

Special considerations

Transacting with public sector entities

Government entities in the KSA must provide explicit consent to conduct transactions electronically. If a government entity does provide explicit consent, the electronic transaction should follow any special conditions specified by the government authority. Based on the above, it is recommended that parties seek written confirmation from the specific government entity that an Electronic Signature will be binding prior to engaging in the electronic transaction.

Use cases that generally require a traditional signature

Under the Electronic Transactions Law, the following types of documents are generally excluded from the use of Electronic Signatures:

1. Transactions pertaining to civil status; and
2. Real estate deeds.

This is unless the competent entity responsible for these transactions issues what allows its electronic execution, under controls created by this entity in agreement with the Authority.
It should be noted, however, that KSA notarial offices use electronic systems.