In Malaysia, electronic and certificate-based digital signatures are widely used and accepted within the business sector, particularly in e-commerce. While Malaysian law distinguishes between general electronic signatures and those supported by certificates from licensed providers, both types are considered as legally admissible and enforceable as handwritten signatures, as long as they satisfy the relevant validity requirements.

Electronic Signature

The use of electronic signatures is regulated under the Electronic Commerce Act 2006 (ECA). According to the ECA, an electronic signature refers to “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature.”

For an electronic signature to be valid under the Act, it must meet the following conditions:

1. It must be linked or logically associated with the electronic message.
2. It must sufficiently identify the signer and clearly indicate the signer’s approval of the associated information.
3. It must be as reliable as appropriate given the purpose and context in which it is used.

A signature is considered “as reliable as appropriate” when:

1. The method used to create it is connected to and controlled solely by the signer.
2. Any changes made to the electronic document after signing can be detected.
3. Any modifications to the document after the signature is applied are identifiable.

Digital Signature

Digital signatures are governed by the Digital Signature Act 1997 (DSA). Under the DSA, a digital signature is defined as “a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key, and whether the message had been altered since the transformation was made.”

A digital signature is recognized under the DSA if:

1. It can be verified using the public key listed in a valid certificate issued by a licensed certification authority.

2. It was applied by the signer with the intent to sign the message.

3. The recipient has no knowledge or reason to believe that the signer has:

   1. Failed to meet their duties as a subscriber, or
   2. Does not lawfully hold the private key used to create the signature.

The DSA outlines the responsibilities of subscribers, which include exercising reasonable care to maintain control over their private key and preventing unauthorized disclosure. Licensed certification authorities must hold a valid license under the DSA and are listed in the Malaysian Register of Certification Authorities and Recognition.

Use cases that generally require a traditional signature

Although electronic and digital signatures are governed by Malaysian federal law, in some cases, state laws or industry-specific rules and guidelines may govern.

Under the ECA, the following documents cannot be signed or executed electronically:

1. Power of attorney;
2. The creation of wills and codicils;
3. The creation of trusts; and
4. Negotiable instruments.

Additionally, documents that require notarization or the affixing of a seal, may not be able to be signed electronically. However, where law requires a seal to be affixed to a document and the document is in the form of an electronic message, the document may be signed using a digital signature as defined under the DSA.