Zoho Sign: Your key to mastering 
e-signature compliance 
in Saudi Arabia

A deep dive into e-signature legality in Saudi Arabia

Sign Up for free Request Demo

The ABCs of e-signatures: A quick review

Electronic signatures, or e-signatures, are digital versions of your signature that indicate your consent to an online contract. They provide a hassle-free way to sign documents remotely, eliminating the need for physical paperwork and enabling more streamlined transactions.

E-signatures are legally binding for a variety of purposes and can either be typed, drawn on the screen of an electronic device, or uploaded from your desktop. This modern alternative to wet signatures has been adopted across the world, as it empowers individuals and businesses to sign documents online in a legal, secure, and efficient way.

Driving Saudi Arabia's digital economy with e-signatures

The Kingdom of Saudi Arabia, driven by its ambitious Vision 2030 for a thriving economy, has embraced electronic signatures as a transformative tool in digitising business operations. They facilitate seamless collaboration across geographic boundaries, expand business opportunities, save time, and lower costs. With e-signatures, each transaction is secure, authentic, and tamper-proof. This enhanced protection cultivates a trustworthy business environment where clients can share and sign critical documents with confidence.

With the adoption of Zoho Sign, Saudi Arabia is poised to usher in a new era of streamlined efficiency and economic growth. The digital signature solution empowers Saudi businesses by ticking all the right boxes, such as:

  • Speedier signing processes
  • Improved productivity
  • Signer authentication
  • Security
  • Remote access
  • Improved user experience
  • Cost-effectiveness

E-signatures in action: Where are they used?

In Saudi Arabia, e-signatures are extensively used across various sectors, including:

  • HR
  • Finance
  • Legal
  • Technology
  • Retail and ecommerce
  • Education
  • Healthcare and life sciences
  • Government services
  • Transport
  • Telecommunications

E-signatures and the law

As a vast majority of Saudi businesses recognise the convenience and flexibility of electronic signatures, it is critical to understand the legal framework governing e-signatures in the country. Zoho Sign facilitates legally binding transactions by adhering to Saudi Arabia's e-signature laws.

The applicable laws include:

  • Electronic Transactions Law (Royal Decree No. M/18 March 27, 2007) ("ETL")
  • The implementing regulations of the electronic transactions system (No. 1/1429 issued on March 18, 2008). ("Implementing Regulations")

Enforceability of electronic signatures

The Electronic Transactions Law states that any electronic transactions, records, or signatures are fully valid and enforceable and may not be questioned or contested on the ground that they were wholly or partially conducted by electronic means. This recognition is conditional, requiring that any electronic transactions, records, or signatures strictly adhere to the ETL.

The ETL grants electronic signatures the same legal validity of handwritten signatures. Therefore, a requirement for a handwritten signature in a document or contract is deemed to be satisfied by an e-signature.

Types of e-signatures recognised

The ETL defines an "Electronic Signature" as "Electronic data included in, attached to, or logically associated with an electronic transaction and used to verify the identity and approval of the person signing it and to detect any change to said transaction after signature."

Note: This is the only type of e-signature recognised under the laws of Saudi Arabia.

Essential criteria for an e-signature

The following are the requirements for a valid Electronic Signature as laid out by the Implementing Regulations:

  • The signature must be associated with a digital certificate issued by an authorised Certification Authority (CA) approved by the Communications and Information Technology Commission (CITC), now renamed Communications, Space, and Technology Commission (CST), or the National Center for Digital Certification, now taken over by Saudi Data and Artificial Intelligence Authority.
  • The digital certificate used must be valid at the time the signature was affixed to the electronic data.
  • The Electronic Signature must preserve the signer's identity data and must be consistent with the digital certificate.
  • Where the signature is created using an electronic data system, the link between the electronic signature system and the electronic data system must be kept free from any technical issues that could potentially compromise the validity of the electronic signature.
  • The signer and their digital certificate must comply with the digital certification procedures specified by the Authority.

Limitations on the use of e-signatures

According to the ETL, electronic signatures are barred from use in the following scenarios, unless the responsible authorities for the specific use-case stipulate otherwise:

  • Transactions related to personal status
  • Issuance of legal documents pertaining to real property

Standards for the evidentiary validity of electronic signatures

The ETL determines the evidentiary validity of an Electronic Signature based on whether it satisfies the requirements outlined in Article 8 of the ETL. Article 8 states that "An electronic record shall be deemed an original in its own right when technical means and conditions are observed to ensure the integrity of information included therein from the time said record is created in its final form as an electronic record, and allow for required information to be provided upon request. The Regulations shall set forth such technical means and conditions." The specifics of these technical means and conditions are laid out in the regulations below:

  • Electronic transactions or Signatures are admissible as evidence in the court if the electronic record to which the Electronic Signature is affixed satisfies the requirements under Article 8.
  • Electronic transactions or Signatures can be used as presumptive evidence in the court even if the electronic record to which the Electronic Signature is affixed does not satisfy the requirements under Article 8.
  • Typically, Electronic transactions, records, or Signatures are considered to be reliable evidence unless proven otherwise.

Legal presumptions when you e-sign

  • The Electronic Signature affixed to an electronic record is the signature of the person identified in the respective digital certificate.
  • The Electronic Signature affixed to an electronic record belongs to the person identified in the respective digital certificate.
  • The electronic record has not been altered since the Electronic Signature was affixed.

Recognition of foreign digital certificates

The Authority has the power to recognise digital certificates issued by the certification service providers outside Saudi Arabia, provided that these foreign entities meet the conditions outlined in Article 21 of the Implementing Regulations. The Authority will publish a list of such foreign entities approved.

Obligations of a dependent individual

According to the ETL, any person who relies on an Electronic Signature of another person must exercise due diligence in verifying the authenticity of the Electronic Signature.

The Implementing Regulations lists the following obligations of a relying person:

  • Verify that the digital certificate used by the other person is valid and is issued by a licensed certification service provider.
  • Ensure that the data included in the signature matches the information in their digital certificate.
  • Ensure that there are no warning notifications related to defects in the origin or content of the electronic data.

If any of these elements are not satisfied, the Electronic Signature will be considered invalid.

Achieve legal compliance using Zoho Sign

Zoho Sign offers seamless e-signing that complies with Saudi Arabia's e-signature regulations, making it a reliable solution for businesses of all sizes.

Here's how we make sure your agreements are legally sound:

  • Identification:

    Zoho Sign employs strong authentication techniques, such as OTP authentication and PKI-based signing, for verifying the identity of the signer.

  • Detectable alterations:

    Zoho Sign ensures any alterations to the electronic signature or the document to which the signature is affixed are detectable through an elaborate audit trail of occurrence of all activities during the signing process. This audit trail comprises critical information such as the identity of the signatory, the timestamp of the signature, and changes made to the document.

  • Certificates issued by recognised Certification Authorities:

    Zoho Sign integrates seamlessly with emdha, an authorised Certification Authority (CA) licensed by CST (Communications, Space and Technology Commission), regulated by DGA (Digital Government Authority), and certified by WebTrust for Certification Authorities. emdha eSign CA, under the Saudi National Root CA, issues digital certificates that ensure e-signatures are legally valid for secure exchange of information and transactions between government agencies, citizens, and residents.

  • Validity of digital certificates:

    Zoho Sign, through its integration with emdha, verifies that digital certificates are valid at the time the signature is affixed. emdha, as a licensed Certification Authority, confirms that all issued digital certificates are effective and recognised by CST.

  • Preservation of the signer's identity data:

    Zoho Sign's integration with emdha means that each signer's identity is verified and accurately linked to a secure digital certificate issued by emdha.

  • Secure and reliable connection:

    Zoho Sign employs robust encryption protocols, such as the military grade AES-256 encryption at rest and the TLS/SSL protocol in transit, to ensure that the data transmission between the signing platform and the data being signed is secure. This prevents exposure of documents and data from data breaches.

  • Compliance with digital certification procedures:

    Zoho Sign complies with the regulatory requirements and guidelines issued by emdha and other relevant authorities in Saudi Arabia. The platform's integration with emdha ensures that all digital certification procedures are strictly followed.

  • Trusted document timestamping:

    Zoho Sign has partnered with timestamping authorities GlobalSign and Seiko to provide digital timestamps in Saudi Arabia. This helps validate the authenticity of an e-signature, and it aids in verifying that the signed document existed in the given form at the time of signing and remains unaltered. This strengthens the reliability of signatures and makes them tamper-proof.

    GlobalSign Seiko

Key takeaway

With e-signatures gaining more traction in Saudi Arabia, businesses have a secure and efficient way to close deals and manage agreements. Zoho Sign is fully compliant with Saudi Arabia's e-signature regulations, ensuring the legal validity of your documents within the Kingdom. Our platform's simple interface, enhanced security features, and intensive audit trails make it a valuable tool for businesses aiming to simplify their legal processes and thrive in the digital age. Escape the paperwork maze and step into a future of streamlined agreements with Zoho Sign. Get started today!

Resources

Disclaimer

The information provided in this document is for general informational purposes only and shall not be construed as legal, regulatory, or any other form of professional advice. Zoho Sign disclaims any liability for any error in the information provided herein. We recommend that you consult your legal counsel for any questions that you may have in this regard.