Aim of the Regulations
The objective of the Law is to encourage, facilitate all types of electronic transactions, and protect the rights of customers who undertake electronic transactions. The Law has been promulgated to keep up with technological developments and to boost digital transformation, investment along with providing electronic services to the public.
Key Features
Functions of the Authority:
Pursuant to the Law, the Telecommunications Regulatory Authority and the Digital Government (the "Authority") are to carry out multiple functions – some of which are as follows:
- Regulate activities of Licensees: The Authority is responsible for issuing licenses to applicants (who apply pursuant to the Law and implementing regulations ) and wish to conduct any of the 'Trust Services' or the 'Approved Trust Services'. The Authority is also responsible for renewing, amending, suspending and cancelling of licenses. The Authority has the power to grant approvals after ensuring that an applicant meets the relevant requirements as agreed upon with governmental entities concerned with data protection and cyber security. The Authority also has broad discretionary powers and may withdraw or reject applications where the potential applicant has failed to meet the required criteria or has failed to meet any ongoing obligations once it has been granted a license.
- Procedures and Standards: The Authority shall be responsible for issuing various rules, procedures and standards relating to:
- electronic systems that use personal data to verify an individual's identity and capacity;
- mechanisms covering the creation, preservation and validity of electronic signatures, electronic stamps, electronic documents; and
- for 'trust services' and 'approved trust services' as described in the Law.
- Preparation of Documents and Complaints: The Authority is required to prepare, publish and update a 'trust list' of service providers who have been granted a license, a list of activities that comprise the 'trust services' and the factors that would be relevant to the provision of such services. Furthermore, the Authority is vested with powers to receive and adjudicate complaints from consumers and service providers alike and take the required necessary procedures and measures in relation to the same.
Electronic Documents:
The Law provides that electronic documents will be legally enforceable in the UAE and hold the same effect as physical, non-electronic, tangible versions of documents. The Law includes conditions for the retention of electronic records. Conditions for retention of electronic records are satisfied when an electronic document: (i) is retained in the same format in which it was generated received or sent; (ii) the information in such electronic document is retained in such a manner where it allows for identification of the source of the document; and (iii) keeps the information in a manner that can be issued and restored to later.
In accordance with the Law, an offer and acceptance may be expressed electronically and such contract shall not lose its validity or enforceability simply because it was made by means of electronic documentation. Therefore, for contracting purposes, the validity of a contract cannot be challenged on the sole basis that it is an electronic contract.
Acknowledgment of Receipt: An acknowledgment of receipt may be made via: (i) a message from the recipient, whether by electronic means, automated means or otherwise; or (ii) an act by the recipient which is deemed to be sufficient to inform the sender of the receipt of the electronic document. It should be borne in mind that, if the originator of an electronic document states that the receipt of the electronic document is conditional upon the originator receiving an acknowledgment; such electronic document shall not have any legal effect unless the originator receives an acknowledgment of receipt from the recipient.
Time and Place of Despatch and Receipt: Unless agreed upon by the concerned parties, the time of despatch of a document is the time it enters an information system.
Trust Services and Approved Trust Services:
The Law states that 'trust services' shall include: (i) creating electronic signatures; (ii) issuing certificates of authentications for qualified electronic signatures; (iii) creating electronic stamps; (iv) issuing certificates of authentications for qualified electronic stamps; and (v) issuing certificate of authentication for the websites.
'Approved trust services' include: (i) issuing certificates of authentication of approves electronic signatures; (ii) issuing an electronic signature tool; (iii) managing approved electronic signature tools remotely; (iv) saving data for approved electronic signatures; and (v) proving the validity of approved electronic signatures.
Futhermore, 'approved trust services' also include the provision of services for the creation of approved electronic time stamps and approved electronic delivery service.
Electronic Signatures and Stamps:
An electronic signature and an electronic stamp shall be deemed to be qualified upon meeting certain conditions including, but not limited to, such signatures and stamps: (i) being completely and exclusively related to the signatory and under his control; (ii) having the characteristics needed to identify the signatory; (iii) being linked in a manner that allows for the discovery of any modification to the data; and (iv) being created with technical and security techniques.
An approved electronic signature and an approved electronic stamp shall be considered to be valid if they meet the following: (i) they are created based on valid authentication certificates; (ii) they are created via approved electronic signature or stamp tools; (iii) the data that allows authenticity to be proven is identical to the data that has been submitted to an approved party; (iv) the data that identifies the signatory of the approved authentication certificate has been properly submitted; and (v) creation of the electronic signature and/or the electronic stamp has been done with technical and security techniques.
Penalties:
The Law states that any person who forges or participates in the forgery of an electronic document / signature / stamp / trust services shall be punished by imprisonment and/or fines of not less than AED 100,000. If such forgery or participation of forgery relates to a public authority or governmental authority the fine increases to a minimum of AED 150,000.
The Law also provides for penalties relating to the exploitation of any of the trust services, the disclosure of confidential information in violation of the Law and for deliberately submitting incorrect data to issue or cancel the authentication certificate.
Next Steps
Companies and organisations that wish to rely on the Law need to ensure that they are compliant with the conditions and requirements set out therein, especially in the current environment where physical signing due to COVID-19 restrictions is comparatively difficult.
Entities should take advantage of the innovative legislation to facilitate electronic dealings within UAE.
This Client Alert provides a very brief summary of a law. It does not constitute legal advice and should not be used as a substitute for competent legal advice from counsel.
For further details, please contact any of our lawyers below.
