UAE issues new Federal Electronic Transactions and Trust Services Law

The UAE’s has issued a new electronic transactions law, Federal Decree by Law No. 46 of 2021 on Electronic Transactions and Trust Services (“Law”).  It introduces legal concepts into UAE law that are similar to the European eIDAS Regulation to promote legal certainty in electronic interactions.

The Law repeals the existing Federal Law No. 1 of 2006 concerning e-transactions and e-commerce (“Old Law”) as of 2 January 2022. However, there is a 12-month grace period which allows those subject to the Law to ensure that they are compliant.

The Telecommunications and Digital Government Regulatory Authority (“TDRA”)  is the competent authority who will be the regulator for the Law  – but the Federal Authority for Identity and Citizenship will issue controls  in relation to  trust services that are provided to the government sector  and any trust services that depend on the information or services of the Federal Authority for Identity and Citizenship (e.g. Emirates ID).

The Law provides a new means for regulating Electronic Identification Systems and Trust Services.

Electronic Identification or eID?  Electronic identification allows businesses and consumers to identify and authenticate who they are.

Under the Law, the TDRA is to issue the rules, procedures and standards related to the electronic identification systems, verification procedures and digital ID, after coordination with concerned bodies.

What are Trust Services? These are electronic services which aim to improve the confidence of citizens and businesses in the security and certainty of electronic transactions.

The Law sets out a regulatory framework for the following four main types of trust services.

• Electronic signatures: the expression in electronic format of a person’s agreement to the content of a document or set of data.
• Electronic seals: an electronic equivalent of a stamp that is applied to a document to confirm its origin and integrity.
• Electronic time stamps: evidences that a document existed at a point in time;
• Electronic registered delivery services: provides proof of sending and receiving of data.

Other Key Provisions

No exemptions The Old Law expressly excluded certain kinds of transactions (e.g. property transactions, or negotiable instruments).  The Law has no exclusions. The Law expressly provides that a person may use any form of electronic signature or electronic stamp unless the legislation provides otherwise.

Who needs a license under the law? The Law requires all providers of “trust services” to obtain a license from the TDRA. It is not yet clear exactly what the breadth of this licensing requirement is, as it could capture the offering of any electronic signature mechanism.

Certified Trust Services have stronger legal effects and a stricter assessment under the Law.  No person may provide the certified trust services unless it has obtained a licence from TDRA according to the provisions of the Law and its Executive Regulations.

Types of e-signatures The Law appears to provide for the three following types of e-signatures, with increasing levels of security:

• Basic electronic signatures
• Approved electronic signatures (AES)
• Certified Electronic Signatures (CES).  Due to the secure manner in which it is created, the CES holds special status under the law, as having the functional equivalence of a handwritten signature.

The Executive Regulations are to designate further requirements for the creation of AES and CES.

UAE Trust List The TDRA will create and publish a UAE Trust List which will list the licensees under the Law and their trust services. The Executive Regulations shall designate the regulations and conditions for inclusion in the UAE Trust List.

Trust mark.  The TDRA is to provide for a trust mark that can be used by certified trust service providers to indicate that they provide certified trust services that meet the requirements of the Law.

General provisions relating to electronic transactions

The law regulates the validity of electronic documents consistent with the Old Law.

Applying Trust Services in your business

Even though there is a 12-month grace period and implementing executive regulations need to be issued, businesses need to consider how to adopt appropriate trust services to make their electronic transactions more secure and reliable under the Law.