Please click here to download the full article in PDF.
COVID-19- THE USE AND RECOGNITION OF E-SIGNATURE IN MALAYSIA – A DOUBLE-EDGE SWORD? Following the outbreak of COVID-19, the Malaysian government had on 18 March 2020 implemented the Prevention and Control of Infectious Disease (Measures within the Infected Local Area) Regulations 2020 restricting the movement of people from one place to another unless otherwise permitted (Movement Control Order “MCO”). The MCO was relaxed on 4 May 2020[1] where persons may be allowed to travel for work purposes or other special reasons with prior written permission from the police (Conditional Movement Control Order “CMCO”) that will remain in effect till 9 June 2020[2].

This article explores the use and recognition of E-Signatures in Malaysia.


Introduction The limitation on movement presents difficulties for corporations and business entities in the execution of documents and contracts, prompting these entities to resort to electronic dealings in an attempt to ensure business efficacy and continuity of commercial transactions. Amongst others, the usage of electronic signatures, also known as e-signatures emerges as the new norm post-MCO and during CMCO as a viable alternative to the traditional wet-ink signature that has long been the practice in commercial transactions. 

Types of E-Signatures There are two types of electronic signatures legally recognised in Malaysia and they are as follows:- 
i. Digital signature governed under the Digital Signature Act 1997 (“DSA”); and
ii. Electronic signature regulated under the Electronic Commerce Act 2006 (“ECA”).

The term “digital signature” and “electronic signature” are not to be used interchangeably as it refers to entirely different concepts and are governed by differing statutes.

A. Digital Signature

A digital signature under the DSA is limited to mean “a transformation of a message using an asymmetric cryptosystem”
[3] that is verified by reference to the public key listed in a valid certificate issued by a license certification authority. In other words, a digital signature is based on cryptography which is legally recognised if it is created in accordance with the DSA comprising inter-alia of the following:-
i. verification by reference to the public key listed in a valid certificate issued by a licensed certification authority[4];
ii. affixed by the signer with the intention of signing the message; and
iii. the recipient has no knowledge or notice that the signer has breached a duty as subscriber OR does not rightfullt hold the private key used to affix the digital signature.

A digital signature bears no physical resemblance to wet-ink signatures as it is created and verified using crytography that concerns itself with transforming messages into seemingly unintelligible form and back to its original form thereafter[6] .However, a digital signature would be as legally binding as a document signed with the traditional wet-ink signatures, an affixed thumb print or any other mark [7] There are instances where digital signatures have been  used as an electronic signature in commercial transactions, and in such instances the provisions of the DSA as a whole shall continue to apply in respect of the said digital signatures pursuant to section 9(3) of the ECA.  

B. Electronic Signature

An electronic signature under the ECA is defined broadly to include “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”
[8]As a general rule, where any law requires a signature of a person on a document, it will be deemed fulfilled by an electronic signature if it: 
i. is attached to or is logically associated with the electronic message;
ii. adequately identifies the person and adequately indicates the person’s approval of the information to which the signature relates; and
iii. is as reliable as is appropriate given the purpose for which, and the circumstances in which the signature is required.

The requirement of reliability of the electronic signature is fulfilled if the creation is linked to or under the control of the person only and any alteration to the electronic signature and the document concerned after time of signing is detectable.[10]

In the Federal Court case of Yam Kong Seng & Anor v Yee Weng Kai [2014] 6 CLJ 285, Suriyadi Halim Omar FCJ delivering the judgment of the court held that the legal requirement for an electronic signature pursuant to section 9 of the ECA is fulfilled in the form of a short messaging service (SMS) where the sender is adequately identified i.e. the registered owner of the telephone number from which the SMS was sent. The judiciary further held that signatures need not be written and sufficient if there is any mark which identifies the act of the party or some distinguishing feature peculiar to the person. This case had interpreted broadly section 5 of the ECA that an electronic signature of any letter, character, number, sound or other symbol or any combination created in an electronic form include SMS where the owner of the number is identified thereby paving the possibility of a wider recognition of electronic signatures in various forms.

Non-Applicability of E-Signatures Unlike digital signatures, where the DSA is silent as to what specific types of transaction it is applicable to, electronic signatures on the other hand are applicable to any commercial transactions so long as the requirements under the ECA are fulfilled. However, it must be noted that there are four types of transactions or documents which are explicitly excluded from the application of electronic signatures under section 2 of the ECA, namely:- 
i. Powers of Attorney;
ii. The creation of wills and codicils;
iii. The creation of trusts; and
iv. Negotiable instruments (such as bills of exchange and cheques).

It must also be noted that under section 16 of the ECA service of documents such as notices of default, notices of demand, notices to show cause, notices of repossession, any notices required to be served prior to commencing a legal proceeding and any originating process, pleading, affidavit or other documents required to be served pursuant to a legal proceeding cannot be effected by service or delivery through electronic means.

Points to Ponder on the Use of E-Signatures The adoption of e-signatures may be desirable to reduce turnaround time and ensure business efficacy. The prospect of adopting e-signatures becomes more attractive as social distancing becomes the new norm moving forward as it would ensure human contact during the execution of documents are kept to a minimal. However, there is a need to weigh the convenience of using e-signatures against the legal risks of such e-signatures being challenged. The legal and practical considerations that need to be taken into account are as follows: –
 (a) Use not Mandatory

Pursuant to section 9 of ECA, electronic signatures need to be signed on a document in the form of an electronic message. However, section 3 of the ECA provides that the use, provision or acceptance of an electronic message for commercial transaction is not mandatory and is subject to the consent of parties which may be inferred from conduct. [12]  This means that the validity of electronic signatures may be challenged if a party to the transaction disputes giving consent to the use of electronic message. Consent must be reached in clear terms by parties for the use, provision and acceptance of commercial transactions by electronic means.
 (b) Absence of Technology Neutrality
Confusion can also arise in respect of the usage and effect of digital signatures and electronic signatures as both are treated differently under Malaysian law. An electronic signature created using a normal signing tool would satisfy the requirement of signature [13]  and/or witnessing[14] in respect of paper-based documents provided that the threshold tests under the ECA are fulfilled. However, where any law requires a seal to be affixed, a digital signature created based on cryptography under the DSA is required instead. Awareness on the differences between these 2 methods of electronic signatures and its utilisation for different commercial transactions remains a relevant consideration for parties. Parties should avoid the risk of a contract being challenged on the ground that the incorrect method of e-signature was utilised.
(c) Recognition of Foreign Digital Signatures and Electronic Signatures
Unlike Thailand and Vietnam, Malaysia did not adopt ECA and DSA specifically based on or influenced by the UNCITRAL Model Law on Electronic Signatures 2001 (“MLES”)[15]. As such, there is no blanket acceptance or recognition of foreign digital signatures and electronic signatures issued/created outside Malaysia on the principle of substantive equivalence that disregards the place of origin [16]. A digital signature which has been recognised by foreign certification authorities will not have the same effect and validity in Malaysia unless the digital signature satisfies all the requirements under section 62 of the DSA and that the foreign certification authority is recognised under section 19 of the DSA. [17]  To date, no foreign certification authorities have received recognition in Malaysia.[18]

The Malaysian position on the recognition of foreign electronic signatures which have been issued and/or created outside Malaysia is also uncertain as there are no specific provisions dealing with this issue under the ECA. In the recent High Court case of SS Precast Sdn Bhd v Serba Dinamik Group Bhd & Ors [2020] MLJU 400, the learned judge Datuk Wong Kian Kheong in allowing the use of an unaffirmed affidavit with counsel’s undertaking to refile the affirmed affidavit after MCO had taken judicial notice of the fact that the affirmation before a Commissioner for Oaths could not be carried out due to the MCO. It therefore follows that affirmations before a Commissioner for Oaths is still subject to the traditional requirement of wet-ink signatures/mark and could not be resorted to e-signatures, possibly in view of the provisions in the ECA and/or the Electronic Government Activities Act 2007 (“EGA”). 

(d) Government Dealings

Dealings between the government and the public and the legal recognition of electronic messages and electronic signatures are regulated specifically under the EGA. Similar to ECA, the requirement for a signature on an electronic message can be fulfilled using electronic signatures however the use of electronic messages in dealings with the government is subject to consent.[19]

Section 19 of the EGA further stipulates that documents filed or submitted in the form of electronic message is recognised if:-
(i) it is accessible and intelligible to be usable for subsequent reference; and
(ii) submitted in accordance to such specified form.

The issuance of any license, permit, approval, authorisation or similar document under any law is also fulfilled in the form of an electronic message provided it is accessible and intelligible to be usable for subsequent reference under section 21 of the EGA.
Whilst the usage of e-signatures and electronic messages in dealings between the public and the government would allow for efficacy and expediency in many transactions, the use of the traditional wet-ink signatures cannot be discounted altogether and may still be required for certain transactions.

Conclusion As there are statutory provisions in Malaysia that regulate and explicitly recognises e-signatures, corporations and relevant entities must take steps to understand and be aware of the requirements in law that must be fulfilled before e-signatures are recognised under the provisions of the ECA and/or DSA to ensure that the validity of documentation executed in this manner are not disputed or questioned later on. Corporations are thus advised to seek legal advice and have adequate legal representation who are well-versed in this area of law in these transactions to ensure its rights are protected.

For more information, kindly contact the undersigned.
Idza Hajar Ahmad Idzam 
Heather Yee

Disclaimer: The contents do not constitute legal advice, are not intended to be a substitute for legal advice and should not be relied upon as such

Zul Rafique & Partners
22 May 2020

Please email your details at [email protected] if you would like to subscribe to our Knowledge Centre

[1] Prevention and Control of Infectious Disease (Measures within the Infected Local Area) (No. 5) Regulations 2020 made on 3 May 2020 
[2] Prevention and Control of Infectious Disease (Measures within the Infected Local Area) (No. 6) Regulations 2020 made on 12 May 2020 read together with Prevention and Control of Infectious Disease Measures within the Infected Local Area) (No. 6) (Amendment) Regulations 2020 made on 22 May 2020.
[3] Section 2 of DSA.
[4] There are currently four licensed certification authorities in Malaysia. Further reference could be made to the Malaysian Communication and Multimedia Commission (“MCMC”) portal accessible via this link.
[5] Section 62 of DSA.
[6] UNCITRAL Model Law on Electronic Signatures with Guide to Enactment 2001 at paragraph 36.
[7] Section 62(2) of DSA.
[8] Section 5 of ECA.
[9] Section 9 of ECA.
[10] Section 9(2) of ECA.
[11] Schedule to Section 2 of ECA.
[12] Section 3 of ECA.
[13] Section 9 of ECA.
[14] Section 11 of ECA.
[15] The list of states which adopted domestic legislation based on or influenced by the UNCITRAL Model Law on Electronic Signatures 2001 can be found via this link.
[16] See Article 12 of the MLES.
[17] See regulation 71 of the Digital Signature Regulations 1998 on the criteria for recognition of foreign certification authorities.
[18] List of Recognised Foreign Certification Authorities can be found via MCMC Portal. Click here.
[19] Sections 3 and 13 of EGA.