Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

UAE sets new rules for digital signatures and trust services

Providers of electronic transactions and trust services in the UAE will be subject to heightened requirements and obligations as the country’s new trust service provider licencing regime comes into force.

Trust service providers that are involved in the creation, validation and retention of electronic documents, signatures and seals will have to apply for an appropriate licence and comply with new measures and requirements. The changes are part of the UAE’s newly published executive regulations on the Federal Electronic Transactions and Trust Services Law, which became effective in January 2022.

The law  regulates the validity of electronic documents and digital signatures, so there is enhanced legal certainty for electronic transactions and better protection for the users of such trust services. The executive regulations, enforceable from 29 June 2023, provide details on the process and requirements for the licensing of different types of trust service providers and outline the scope and obligations of the different trust service providers and trust services.

Technology law expert Martin Hayward of Pinsent Masons in Dubai said the regulations are largely focused on the requirements for any “licensee” who will be providing the various types of trust services in the UAE.

“The executive regulations are important reading for service providers coming into the UAE looking to offer trust services and for UAE entities looking to extend their services into trust services,” said Hayward.

There are four main types of trust services under the regulatory regime: electronic signatures, electronic seals, electronic time stamps and electronic registered delivery services. There are also three types of electronic signatures – qualified, approved and certified – with each offering an increasing level of security.

Trust services providers are categorised into two main groups: ‘qualified’ providers and ‘approved’ providers. Approved providers will have to comply with additional measures and obligations to provide approved services that have higher security levels.

According to Hayward, the executive regulations also include notable data protection provisions. For example, all licensed providers are obliged to “take all necessary technical and organisational measures to comply with federal legislation related to the protection of data or personal data”. Approved providers are subject to further obligations, such as “using reliable and secure systems to store, process and protect data” and “taking all necessary measures to combat fraud, data theft and illegal use”.

“The timing of the new law and executive regulations is right as digital transformation moves us more and more to digital contracting and the use of digital signature and authentication technology,” said Hayward.

The regulations allow the regulator to create a ‘UAE Trust List’ on its website, with the aim of attempting to make the licencing regime more transparent and providing easy access to information on service providers’ credibility. The list will provide important information about each licensed provider, its licence status and the type of trust services it is permitted to provide.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.