Electronic signatures and digital signatures are often used interchangeably to refer to tools for signing digital documents. Traditionally, signing involved physical documents or objects, such as paper signatures or fingerprints, to indicate that the signer had read, understood, and agreed to the document’s content. Today, technology allows for digital signing by affixing a name, mark, or drawing to a softcopy document, known as an electronic signature or digital signature. Although both terms serve similar purposes, they differ significantly in terms of framework, security, and admissibility.
Electronic Signature
In Malaysia, electronic signatures are governed by the Electronic Commerce Act (ECA). The ECA defines an electronic signature as any letter, character, number, sound, or any other symbol, or any combination thereof, created in an electronic form and adopted by a person as a signature. Essentially, any individual affixing their “name” to a PDF would be considered an electronic signature. The main purpose of the ECA is to recognize electronic messages in commercial transactions.
For an electronic signature to be admissible, it must fulfill the following requirements under the ECA:
- Attachment or Association: The electronic signature must be attached to or logically associated with the electronic message.
- Identification and Approval: The electronic signature must adequately identify the person and indicate their approval of the information to which the signature relates.
- Reliability: The electronic signature must be as reliable as is appropriate, given the purpose and circumstances in which the signature is required.
An electronic signature is considered reliable if:
- The means of creating the electronic signature is linked to and under the control of that person only.
- Any alteration made to the electronic signature after signing is detectable.
- Any alteration made to the document after signing is detectable.
If these requirements in Section 9 of the ECA are satisfied, the electronic signature meets legal standards. However, Section 10 of the ECA specifies that certain documents requiring a seal, such as Powers of Attorney, Wills, Trust documents, and Negotiable instruments (like Bank Cheques), are not admissible with an electronic signature unless affixed by a digital signature under the Digital Signature Act 1997.
Digital Signature
A digital signature provides a higher level of security compared to an electronic signature. While electronic signatures can be easily faked (e.g., person A signing as person B through impersonation), digital signatures offer enhanced profiling of the signer’s identity.
The Digital Signature Act (DSA) 1997 defines a digital signature as the transformation (created using the private key corresponding to the signer’s public key) of a message using an asymmetric cryptosystem. This allows a person with the initial message and the signer’s public key to determine if the message has been altered since the transformation.
For a digital signature to be legally binding under Section 62 of the DSA, it must meet the following criteria:
- Verified by reference to the public key listed in a valid certificate issued by a licensed certification authority.
- Affixed by the signer with the intent of signing the message.
- The recipient has no knowledge or notice that the signer has breached a duty as a subscriber or does not rightfully hold the private key used to affix the digital signature.
In Malaysia, recognized digital signature options certified by licensed certification authorities include:
- Pos Digicert
- MSC Trustgate
- Telekom Applied Business
- Rafcomm Tech
Documents signed with digital signatures from these certified authorities have legal binding effects. However, digital signatures from foreign platforms do not hold the same legal validity due to the lack of appropriate certification by Malaysian authorities.
Summary In summary, Malaysian law differentiates between electronic signatures and digital signatures. When a seal is required on a document, Section 10 of the ECA mandates that a digital signature is the minimum requirement. Parties should carefully consider the balance between the convenience of electronic signatures and the legal risks associated with potential challenges to their validity. For documents traditionally requiring a seal, using digital signatures or physical signatures might be more prudent to ensure compliance with statutory requirements and legal security.
Edwin is a corporate and technology lawyer. He is also the founder and deputy managing partner of Lee & Poh Partnership (LPP Law). Edwin has advised a range of companies from technology startups to multinational corporations on a range of matters. In 2020, Edwin was named as a Malaysian Rising Star by Asian Legal Business, a finalist for the Young Lawyer of the Year at the ALB Malaysia Law Awards as well as a lawyer in the annual ALB publication of Asia 40 under 40.
View his full profile here.
