Electronic signatures, simplified
In the wake of digital transformation, sending electronic documents online has become a common practice. Often, these documents require signatures to solidify agreements. This is achieved with the help of electronic signatures. They provide an efficient way to sign documents online, reducing paperwork and enabling more streamlined transactions.
In addition to easing the process, e-signatures also help protect your documents with their enhanced security and authentication techniques. They outweigh handwritten signatures in various aspects, with security being the most significant. As a result, e-signatures are gaining popularity with businesses worldwide.
How can e-signatures fuel Malaysia's economic growth?
With the goals of Malaysia Digital, an initiative that aims to propel the country forward within the regional digital economy by 2030, the impact of e-signatures is larger than ever. E-signatures streamline document workflows and reduce administrative burdens, allowing businesses to focus on core activities. They enable remote operations, which opens up new avenues for business expansion across geographical boundaries. Zoho Sign, a digital signature solution, offers impeccable document management and authentication, and provides a reliable framework for conducting business in the digital age.
With the adoption of Zoho Sign, Malaysia is positioned to bring about streamlined efficiency and economic growth. The digital signature solution empowers Malaysian businesses by ticking all the right boxes, such as:
- Speedier signing processes
- Improved productivity
- Signer authentication
- Security
- Remote access
- Improved user experience
- Cost-effectiveness
Where are e-signatures used?
In Malaysia, e-signatures are widely used across various sectors, including:
- HR
- Finance
- Legal
- Technology
- Retail and ecommerce
- Education
- Healthcare and life sciences
- Government services
- Transport
- Telecommunications
E-signatures in Malaysia
With the growing adoption of e-signatures in Malaysia, it is crucial to understand the legal landscape surrounding them. The relevant legislations include:
- Electronic Commerce Act of 2006 ("ECA")
- Digital Signature Act 1997 ("DSA")
- Digital Signature Regulations 1998 ("DSR")
Legal admissibility of electronic signatures
The legal requirement for a signature on a digital document can be met by using an electronic signature. In Malaysia, both Electronic Signatures and Digital Signatures are recognised as legal ways to sign an electronic document, offering a convenient and secure alternative to wet signatures.
Electronic Signature is defined as "any letter, character, number, sound, or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature."
The Electronic Commerce Act of 2006 (ECA) officially validates the use of Electronic Signatures. This makes them acceptable in all forms of commercial transactions, including those carried out by both federal and state governments.
Key requirements for enforceable e-signatures
The following are the requirements for a valid Electronic Signature as laid out in the law:
- The Electronic Signature must be attached to or logically associated with the document.
- It must clearly identify the signer and indicate their approval of the document to which the signature is affixed.
- It must be reliable and appropriate for its designated use.
- Conditions to ensure the Signature's reliability and appropriateness:
Witness signature
If the law requires a witness to sign a particular document, such requirement can be fulfilled by using Electronic Signatures on an electronic document.
Where can you not use e-signatures?
Electronic signatures are forbidden from use in the following scenarios:
- Power of attorney
- The creation of wills and codicils
- The creation of trusts
- Negotiable instruments
- Transactions related to land or properties (in cases where attestation and seal is required)
Digital signatures
If a certain law mandates the use of a seal on a document, this requirement can be fulfilled by a digital signature, as per the Digital Signature Act of 1997 (DSA). This applies unless the law recognises other forms of electronic signatures to satisfy this requirement. A document signed using a Digital Signature carries the same legal weight as one signed with a handwritten signature, thumb impression, or any other unique identifying mark.
Requirements of a digital signature
Under the DSA:
- The Digital Signature must be verifiable using the public key included in the certificate issued by a licensed Certification Authority (CA). The Malaysian Communications and Multimedia Commission, serving as the root CA, provides a list of licensed CAs.
- The Signature must be affixed by the signer with the intention of signing the document.
- The Recipient is unaware or has no indication that the signer has violated any subscriber duty or that the signer does not rightfully possess a private key.
Under the DS Regulations 1998
To generate a key pair, or to create, use, or verify a Digital Signature, it is mandatory to use an approved digital signature scheme. The criteria for such a scheme are as follows:
- It must use a secure public-key algorithm for key pair generation and a secure public-key algorithm in combination with a hash function for the creation of the Digital Signature.
- The Digital Signature must adhere to the Fourth Schedule of Regulation 81.
- The Digital Signature must not be modified to include a subliminal channel (which, in cryptography, is used for secret communications).
- The key pair that is used for the encryption and decryption of messages must not be used for creating and verifying a Digital Signature.
Deemed status of the document with digital signatures
An electronic document is deemed to be a written document if that document is digitally signed and verifiable by a public key in a certificate duly issued by a CA and that certificate was valid at the time of signing.
A copy of a document signed with a digital signature holds the same validity, enforceability, and effectiveness as the original, unless the signer specifically intended for the former document to be determined as the unique original.
Presumptions arising out of the use of digital signatures
1. Where the Digital Signature is authenticated using the public key from a valid certificate issued by a licensed CA, it confirms the following:
- The Digital Signature belongs to the subscriber mentioned in the certificate.
- The Digital Signature was affixed by the signatory with the intention to sign the document.
- The Recipient is unaware or has no indication that the signer has violated any subscriber duty or that the signer does not rightfully possess a private key.
2. The Digital Signature was generated before the timestamp was added.
Recognition of foreign CAs
The DSA recognises CAs who are authorised by government entities outside Malaysia, provided they adhere to the conditions put forth by the law.
Document timestamping
The term "timestamping" refers to the process of appending or attaching a digitally signed notation to a message, digital signature, or certificate. This notation should indicate the date, time, and identity of the person who attached it.
Recognition of a timestamp service
- A date/timestamp may be attached to an electronic document or digital signature if it is required by any written law or if a timestamp is significant to the use of a digitally signed document.
- The date/timestamp on a document or signature denotes the time at which the document was executed or the signature was added.
- The date/timestamp is admissible as evidence in the court without the need for additional proof.
Zoho Sign has partnered with a CA, GlobalSign, to provide digital timestamps in Malaysia. This helps validate the authenticity of an e-signature, and it aids in verifying that the signed document existed in the given form at the time of signing and remains unaltered. This strengthens the reliability of signatures and makes them tamper-proof.
How can Zoho Sign be of service?
Zoho Sign offers streamlined e-signing, equipping businesses to thrive in a dynamic environment.
Identification and reliability:
Zoho Sign employs strong authentication techniques, such as OTP authentication and PKI-based signing, to ensure that the e-signature is logically associated with the document.
Intention of the signatory:
This can be collectively projected by the contents of the electronic documents (e.g., terms in an agreement), audit trail, and completion certificate.
Consent to do business electronically:
Before signing a document, the e-signature laws require the parties involved to agree to do business electronically. Zoho Sign requires signers to accept this clause before proceeding to sign: "I confirm that I have read and understood the 'Electronic Record and Signature Disclosure' and consent to use electronic records and signatures.”
Enhanced security:
Zoho Sign employs robust encryption protocols, such as the military grade AES-256 encryption at rest and the TLS/SSL protocol in transit, to ensure that the data transmission between the signing platform and the data being signed is secure. This prevents exposure of documents and data from data breaches.
Detectable alterations:
Zoho Sign ensures any alterations to the electronic signature or the document to which the signature is affixed are detectable through an elaborate audit trail of occurrence of all activities during the signing process. This audit trail comprises critical information, such as the identity of the signatory, the timestamp of the signature, and changes made to the document.
Key takeaway
As we stand at the threshold of a new digital era, the role of electronic signatures is instrumental for businesses aiming to simplify their legal processes and flourish in the digital sphere. Zoho Sign enables you to sign and send agreements with ease, optimising business workflows, resulting in improved accuracy and greater visibility. Malaysia's adoption of e-signatures sets the stage for accelerated growth, efficiency gains, and enhanced business opportunities in the digital economy.
Resources
Disclaimer
The information provided in this document is for general informational purposes only and shall not be construed as legal, regulatory, or any other form of professional advice. Zoho Sign disclaims any liability for any error in the information provided herein. We recommend that you consult your legal counsel for any questions that you may have in this regard.