Electronic Signature Laws & Regulations - United Arab Emirates

Overview

There has been an increase in businesses within the United Arab Emirates (UAE) using electronic methods to execute agreements. While the UAE has had laws in place since 2006 recognizing electronic records and transactions, there used to be a general reticence against its wide use until the Covid-19 pandemic. Since then, the UAE’s federal law on electronic transactions and signatures has been updated, including by removing the restrictions on when electronic signatures could be used in certain transactions. In addition, another financial services freezone has issued its own internal regulations on the topic, and it appears that UAE courts are more willing to accept electronic evidence.

When considering the UAE legal landscape, it is always important to distinguish between the federal UAE laws in general and the financial free zones of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Markets (ADGM) as independent jurisdictions within the UAE.


Federal UAE law

UAE federal level laws and regulations governing the use of electronic signatures and digital signatures include:

  • The UAE Electronic Transactions Law (Federal Decree Law No. (46) of 2021 On Electronic Transactions and Trust Services) which is the key piece of legislation governing the use of electronic signatures for the onshore UAE.
  • The UAE Electronic Transactions Executive Regulations (Cabinet Decision No. (28) of 2023 Concerning the Executive Regulations of Federal Decree-Law No. 46/2021 on Electronic Transactions) which are the implementing regulations to the UAE Electronic Transactions Law. The Electronic Transactions Executive Regulations prescribe the procedure for license issue and renewal and impose obligations on Approved Trust Service Providers. The Electronic Transactions Executive Regulations also consider Approved Authentication Certificates and Approved Electronic Delivery Services.
  • Ministerial Resolution (Minister of Economy Resolution No. 1 of 2008 issuing the list of the Electronic Certification Services Providers), which addresses regulation of Certification Service Providers (as defined under the previous UAE Electronic Transactions Law of 2006) by the Telecommunications and Digital Government Regulatory Authority (TDRA). Although the Ministerial Resolution emanated from the predecessor 2006 Electronic Transactions Law, at the date of writing this note the Ministerial Order has not been repealed and still appears to be the basis upon which the TDRA has approved the currently listed Certification Service Providers (now referred to in the new UAE Electronic Transactions Law as Trust Service Providers).
  • Civil Evidence Law (Federal Law No. 35 of 2022 Promulgating the Law of Evidence in Civil and Commercial Transactions) which clarifies that Electronic Signatures (as defined under the UAE Electronic Transactions Law) carry the same evidential weight as handwritten signatures, provided they meet the standards prescribed in the UAE Electronic Transactions Law.

Electronic Signatures under Federal UAE law

The UAE Electronic Transactions Law distinguishes between three types of electronic signatures:

  1. An Electronic Signature is defined as a signature consisting of letters, figures, codes, sound, fingerprint or processing system of electronic form attached or logically linked to an Electronic Document, which verifies the identity of the Signatory and the acceptance of the latter of the content of the Data associated thereto.
  2. A Qualified Electronic Signature is an Electronic Signature that meets the following criteria:
    • it is completely and exclusively associated with the Signatory and under his or her control;
    • it has the characteristic of identifying the Signatory;
    • it is linked to the Data signed in such a way that any modification to that Data can be discovered;
    • it is created with technical and security techniques in accordance with the technical requirements specified by the Electronic Transactions Executive Regulations; and
    • any other conditions specified by the Electronic Transactions Executive Regulations.
  3. An Approved Electronic Signature is an Electronic Signature that meets the following criteria:
    • it is created based on an approved and valid authentication certificate in accordance with the provisions of the UAE Electronic Transactions Law;
    • it is created using an approved electronic signature tool;
    • the Data to prove the authenticity of the Approved Electronic Signature shall be identical to the Data submitted to the Relying Party;
    • the Data identifying the Signatory of the approved authentication certificate shall be properly submitted to the Relying Party, and if Personal Data concealment techniques are used, the Relying Party shall be informed of the same;
    • it is created with technical and security techniques in accordance with the requirements specified by the Electronic Transactions Executive Regulations; and
    • any other conditions specified by the Electronic Transactions Executive Regulations.

The term “Data” is defined in the UAE Electronic Transactions Law as “a set of facts, measurements, and observations in the form of numbers, letters, symbols, or special shapes that are collected in order to be used”.

The term “Relying Party” is defined in the UAE Electronic Transactions Law as “the Person who relies on Electronic Trust Services to provide his services or transactions or to perform any other action”. In the context of the UAE Electronic Transactions Law, it is the person who is relying upon the validity of an Electronic Signature or an authentication certificate that is attached to an Approved Electronic Signature.

In order to trust and rely on the Electronic Signature, the Relying Party should:

  • determine the security level of the Electronic Signature according to the nature, value or importance of the transaction intended to be enhanced by the Electronic Signature;
  • take the necessary measures to verify the identity of the Signatory and the validity of the authentication certificate;
  • take the necessary measures to verify that the Electronic Signature is in accordance with the requirements;
  • take into account the extent of its knowledge or presumed knowledge that the Electronic Signature or Electronic authentication certificate has been violated or cancelled; and
  • take into account the previous agreement or deal between the Signatory and the Relying Party that relied on the Electronic Signature, Electronic Stamp, or authentication certificate.

The Signatory is the person who creates the Electronic Signature. The Signatory shall be liable for the consequences of his or her failure if they do not:

  • exert the necessary care to avoid unauthorised use of the Electronic Signature creation Data;
  • notify the concerned Trust Service Provider if it was found that the Electronic Signature creation Data that were used to create their signature have been exposed, in a way that raises doubts about their security or authenticity;
  • ensure the accuracy and completeness of the material Data the Signatory provides related to the authentication certificate throughout its validity period, in cases where the use of such certificate is required;
  • report any changes to the information contained in the authentication certificate or its lack of confidentiality; or
  • use valid authentication certificates.

Legality and Admissibility
There are four key principles of the UAE Electronic Transactions Law:

  1. nothing in the UAE Electronic Transactions Law requires a person to use or accept electronic dealings, including Electronic Signatures, but consent to this may be inferred from the person’s acts;
  2. any form of Electronic Signature may be used, unless a law specifically requires a particular type of Electronic Signature;
  3. government entities should generally accept Electronic Signatures; and
  4. a Relying Party shall be liable for the consequences of its failure to take the necessary measures to ensure the validity and enforceability of an authentication certificate associated with an Approved Electronic Signature.

In addition, the UAE Electronic Transactions Law confirms that an Electronic Signature cannot be precluded as evidence simply because it is in electronic form. However, an Approved Electronic Signature is considered equal in its authenticity to a handwritten signature and has the same legal effect if it meets the conditions of the UAE Electronic Transactions Law and the Electronic Transactions Executive Regulations.

Trust Service Providers
There are Trust Service Providers and Approved Trust Service Providers. Each must be licensed by the TDRA. Trust Service Providers may provide Trust Services. Whereas Approved Trust Service Providers may provide Approved Trust Services as well as Trust Services, the Approved Trust Service Providers is granted the capacity to provide in its license from the TDRA.

Note as of January 2024, the so called “reconciliation period” referred to under article 50 of the UAE Electronic Transactions Law expired. This means that existing Certificate Service Providers Licenses and Cross Certification Service Providers Notifications that were issued under the 2006 UAE Electronic Transactions Law are no longer valid. There are new application procedures for Trust Service Providers to obtain a license under the new UAE Electronic Transactions Law.

The UAE Electronic Transactions Law states that approved trust services provided by trust service providers outside of the United Arab Emirates shall be recognised if they are similar to the level of services provided by Approved Trust Providers under the UAE Electronic Transactions Law and the decisions issued by the TDRA.

Special considerations

Use cases that generally require a traditional signature

The UAE Electronic Transactions Law no longer lists transactions that cannot use Electronic Signatures.

Dubai International Financial Centre (DIFC)

As an independent jurisdiction within the UAE, the DIFC is governed by the DIFC Electronic Transactions Law No. 2 of 2017 (DIFC Electronic Transactions Law) which is the primary legislation governing electronic signatures. The DIFC Electronic Transactions Law was designed to:

  • facilitate electronic transactions in DIFC and eliminate barriers to electronic transactions resulting from uncertainties over writing and signature requirements;
  • promote the development of the legal and business infrastructure necessary to implement secure electronic transactions in DIFC;
  • and help establish uniformity of rules, regulations and standards in DIFC regarding the authentication and integrity of electronic records.

The DIFC Electronic Transactions Law defines an Electronic Signature as an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.

Additionally, the DIFC Electronic Transactions Law requires that an Electronic Signature be attributable to the person signing, which requires that it be shown that it was the act of the person. The act of the person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or Electronic Signature was attributable. The effect of an Electronic Signature attributed to a person is determined from the context and surrounding circumstances at the time of its creation, execution, or adoption, including the parties’ agreement, if any, and otherwise as provided by law.

In the DIFC, an Electronic Signature is deemed to identify the relevant person and to indicate that person’s intention in respect of the Information contained in the Electronic Record provided that the Electronic Signature is:

  • as reliable as appropriate for the purpose for which the document or record was generated or communicated, in the light of all the circumstances, including any relevant agreement; or
  • proven in fact to have fulfilled the functions described above, by itself or together with further evidence.

The DIFC Electronic Transactions Law confirms that if any law requires a document to be signed, an Electronic Signature will satisfy the requirement. The law also states that nothing shall prevent the admission of an Electronic Signature in evidence on the grounds that the signature is in electronic format.

Although there is no express provision within the DIFC Electronic Transactions Law for the use of certificate-based digital certificates, an entity registered in the DIFC may choose to use a certificate-based digital signature to add an increased layer of protection to its Electronic Signatures and demonstrate that it had met the attribution requirements under the DIFC Electronic Transactions Law.

DIFC Special considerations

DIFC Use cases that generally require a traditional signature

Article 8 of the DIFC Electronic Transactions Law states that the law will not apply to any provisions in any other DIFC law requiring writing or traditional signatures in any of the following matters:

  • Creation, performance or enforcement of a power of attorney
  • Creation, performance or enforcement of a declaration of trust (with the exception of implied, constructive and resulting trusts) and any provision in the Trust Law 2005 requiring Information to be written or in writing
  • Creation and execution of wills, codicils or testamentary trusts
  • Creation, execution and use of affidavits or affirmations as evidence in court proceedings pursuant to rule 29 of the Rules of the Dubai International Financial Centre Courts 2014
  • Sale, purchase, lease (for a term of more than 10 years) and other disposition of immovable property and the registration of other rights relating to immovable property

Abu Dhabi Global Market (ADGM)

As an independent jurisdiction within the UAE, the ADGM has issued its own regulations concerning electronic transactions and signatures in the ADGM, the ADGM Electronic Transactions Regulations 2021 (ADGM Electronic Transactions Regulations).

The ADGM Electronic Transactions Regulations define an Electronic Signature as an electronic sound, symbol or process attached to or logically associated with an Electronic Record, which may be used to identify the signatory and to indicate the signatory’s approval of the Information contained in the Electronic Record.

The ADGM Electronic Transactions Regulations do not contain the concept of Trusted Service, Approved Electronic Signature or other forms of certification of electronic signatures, such as is found in the UAE Electronic Transactions Law.

The ADGM Electronic Transactions Regulations recognizes that where any Enactment requires the signature of a person, or provides for certain consequences if a document or a record is not signed, that requirement is satisfied if an Electronic Signature is used, unless the Enactment expressly prohibits the use of an Electronic Signature.

Section 131 of the ADGM Electronic Transactions Regulations states that an Electronic Signature is valid provided that the type of Electronic Signature used is, either:

  • reliable and appropriate for the purpose for which the Electronic Record was generated or communicated, in light of all the circumstances, including any relevant agreement between the parties; or
  • proven to have fulfilled the functions described in the paragraph above, by itself or together with further evidence.

The ADGM Electronic Transactions Regulations states that an Electronic Signature is reliable for the purposes of satisfying the requirement if:

  • the signature creation data are, within the context in which they are used, linked to the signatory and to no other person;
  • the signature creation data were, at the time of signing, under the control of the signatory and of no other person;
  • any alteration to the Electronic Signature, made after the time of signing, is detectable; and
  • where a purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable.

However, this does not limit the ability of any person to:

  • establish in any other way, for the purpose of satisfying the requirements referred to in section 131a, the reliability of an Electronic Signature; or
  • adduce evidence of the non-reliability of an Electronic Signature.

Any Electronic Signature which complies with the above will have the same legal effect as a handwritten signature.

In any proceedings before the Court2, evidence of a signature includes an Electronic Signature.

 

1 Enactment is defined in the ADGM Data Protection Regulations to have the meaning of “enactment” or “subordinate legislation” in the ADGM’s Interpretation Regulation 2015.  “Enactment” in that regulation is defined to mean (i) any ADGM regulations, and (ii) any Act (as defined in the Application of English Law Regulations 2015) applied and having legal force in, and forming part of the law of, the Abu Dhabi Global Market pursuant to the Schedule to the Application of English Law Regulations 2015. “Subordinate legislation” in that regulation is defined to mean any rules, orders, by-laws, notifications or similar measures made by or on behalf of the Board or the Registrar pursuant to or under the ADGM Founding Law or an enactment and having legislative effect.

2 “Court” is defined in the ADGM Electronic Transactions Regulation as any of the courts established pursuant to Article 13 of the ADGM Founding Law

ADGM Special considerations

ADGM use cases that generally require a traditional signature

Article 25 of the ADGM Electronic Transactions Regulation do not apply to any Enactment or any applicable law requiring writing or traditional signatures in any of the following matters:

  • the creation, performance or enforcement of a power of attorney;
  • the creation and execution of wills, codicils or testamentary trusts;
  • transactions involving the sale, purchase, lease (for a term of more than 10 years) and other disposition of immovable property and the registration of other rights relating to immovable property; or
  • any document to be notarised before a notary public.
Note:

Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.

Get help faster and easier

New user?