Given the noticeable tendency towards relying on electronic transactions in our daily lives, starting from the smallest transactions to larger ones, we find it very relevant to shed light on some provisions of the Electronic Transactions Law that are affective to take them into account. Especially that the Electronic Transactions Law was issued by Royal Decree No. (M/18) dated 08/03/1428 AH (the “Law”), which means that its provisions have been in force for years and are applicable to daily electronic transactions, no matter how small.
Before we go through the details of the provisions of the Law, we must first look at the definition of the Law for an electronic transaction, which is any exchange, communication, contracting or any other procedure performed or executed entirely or in part by electronic means. Provided that each law has a purpose that relies behind its issuance, the Electronic Transactions Law aims at several objectives, the most important of which are:
- Establishing a legal and regulatory framework for electronic transactions.
- Enhancing confidence in electronic transactions and safety for their use.
- Facilitating the use of these transactions and eliminating obstacles to their use.
- Preventing misuse and fraud.
One of the most important elements of electronic transactions is the electronic signature, where the Law clarified in this regard that “If a hand-written signature is required for any document or contract or similar, such requirement shall be deemed satisfied by an electronic signature generated in accordance with this Law. The electronic signature shall be equal to hand-written signature, and it shall have the same legal effects.” The electronic signature conditions include:
1- It shall be associated with a certified and valid digital certificate.
2-The integrity of the signatory’s identification information, and its compatibility with the digital certificate.
3-The absence of technical deficiencies and availability of the minimal technical and administrative structure related to signature procedures.
4-The signatory’s compliance with all the requirements of the digital certification procedures.
5-The availability of the following substantive elements as minimum:
- A) Digital certificate issuer.
- B) Signature type, its scope, and its serial number.
- C) Date and duration of signature.
- D) The type of encryption algorithm used and the public encryption key.
- E) The scope of use of the signature and the limits of its statutory liability, as well as the requirements for the protection of the confidentiality of information.
- F) The signatory’s identification information, including his name and full address.
Since the digital certificate is one of the e-signature conditions, we would like to point out that the National Center for Digital Certification (the “Certification Center”) is responsible for the supervision of digital certification functions and management of its infrastructure; certifying certificates issued by foreign entities outside the Kingdom; issuing digital certificates related to certification service providers; publishing and updating the list of licensed certification service providers; coordination with the Communications and Information Technology Commission (the “Commission“) in relation to licensing entities who want to provide digital certification services; providing technical support to the Commission in relation to its supervision of licensed certification service providers; and notifying the Commission of any violations relating to the licenses of certification services providers.
The digital certificate is an electronic document granted by the Certification Center certifying that the person named therein is the true owner of the public key appearing in it, and the private key associated with it. To clarify, there are two types of keys, public and private, accompanying each electronic certificate, one of which is used for encryption or electronic signature, and the other for decryption or verification of the electronic signature. The types of digital certificate include:
- Identity proof certificate
- E-signature certificate
- Data encryption certificate
There are also services provided by the Digital Government Authority to government entities, including those related to the following government certification certificates:
- Secure Email Certificate: enhances safety and trust in email.
- Name Certificate: enhances safety and trust in electronic transactions that rely basically on the name of the person.
- Secure Website Certificate: provides secure and encrypted connection between a browser and the website.
- Hardware Certification: specific for storage hardware or servers and has authentication and encryption features.
Binding Force of Electronic Transactions
The Law states that electronic transactions, records and signatures shall have binding force, and their validity or enforceability shall neither be denied nor prevented by reason of being made in whole or in part in electronic form, as long as it is consistence with the Law, the binding force and enforceability of electronic transactions are linked to its details’ availability for review, it is worth noting that offer and acceptance of an electronic transaction may be expressed through an electronic transaction, an electronic transaction or signature is acceptable as a proof of evidence, it may as well be acceptable as a presumption of evidence.