Digital or electronic signatures (e-signatures) are a common part of daily commercial life today. Signatures, as understood in the common adage as signatures delivered by hand, have been use for centuries, with the Black’s Law Dictionary defining a “signature” as:
“(1) a person’s name or mark written by that person or at the person’s direction, or (2) any name, mark, or writing used with the intention of authenticating a document”.[1]
The digitization of everyday life, especially in the last three decades, has increased the use of instantaneous means of communication such as email, while the more recent Covid-19 pandemic has effectively created a space for digital or e-signatures as formal placements of names or marks intentioned to authenticate documents.
The legislation governing electronic signatures in Pakistan is the Electronic Transactions Ordinance (ETO) 2002.[2] This enactment was formulated in line with the Model Law on Electronic Signatures 2001[3] issued by the United Nations Commission on International Trade Law (UNCITRAL) in order to digitise the conduct of business in Pakistan and harmonise Pakistan’s legal regime with the rest of the world. The ETO also made Pakistan one of the first countries in the region, other than China, to recognise digital or e-signatures.
The Framework Under ETO
The default position under the ETO is that e-signatures in Pakistan are considered legally valid and recognised for legal effects and purposes. This includes the admissibility of e-signatures in courts as well as business undertakings. This means that, at a basic level and as a principle, the ETO provides legal cover to the electronic forms of signature by holding that their admissibility and recognition shall be presumed (unless rebutted).
As far as the relevant definitions under Pakistani law are concerned, the ETO distinguishes between “electronic signature” and “advanced electronic signature”. Section 2(1)(n) of the ETO has defined “electronic signature” in the following words:
“…electronic signature” means any letters, numbers, symbols, images, characters or any combination thereof in electronic form, applied to, incorporated in or associated with an electronic document, with the intention of authenticating or approving the same, in order to establish authenticity or integrity, or both…”
On the other hand, “advanced electronic signature” has been defined in Section 2(e) of the ETO in the following words:
“…advanced electronic signature” means an electronic signature which is either—
-
unique to the person signing it, capable of identifying such person, created in a manner or using a means under the sole control of the person using it, and attached to the electronic document to which it relates in a manner that any subsequent change in the electronic document is detectable; or
-
provided by an accredited certification service provider and accredited by the Certification Council as being capable of establishing authenticity and integrity of an electronic document…”
This means that in Pakistan, there is an operative distinction between “electronic signature” and “advanced electronic signature”, with the latter enjoying a higher degree of acceptability and credibility. We shall discuss the specifics below.
Please note some other key phrases used in the ETO, including the following:
- “electronic document” includes documents, records, information, communications or transactions in electronic form.
- “accreditation certificate” means a certificate granted by the Certification Council to a Certification Service Provider.
- “Certification Council” means the Electronic Certification Accreditation Council established under Section 18.
- “Accredited Certification Service Provider” means a Certification Service Provider accredited under this Ordinance to issue certificates for the use of its cryptography services.[4]
Since the very object of signatures is to lend authenticity and credibility, the act of placing signatures on documents relies on trust and reliability. Digital or e-signatures are susceptible to abuse and misuse and, in an environment of instantaneous communication, the risks associated with such abuse or misuse can snowball. For such reasons, it was felt that the process required a certification body to authenticate and certify digital or e-signatures and provide a framework and guidelines for certifying authorities across the country to lend credibility and certainty to the process. This led to the formation of the Electronic Certification and Accreditation Council (ECAC).
The Electronic Certification and Accreditation Council (ECAC)
The ECAC was established by the Government of Pakistan under Section 18 of the ETO. It is an autonomous body which operates under the Ministry of Information Technology and Telecommunication (MoITT). ECAC, as a regulatory body, has enforcement powers to regulate electronic transactions in the public and private sectors.
The ECAC is also empowered under the ETO to regulate the working of accredited Certifying Service Providers (CSPs) and Certifying Authorities (CAs). Under the Accredited Certification Service Provider’s Audit Regulations 2008[5] and the Certification Service Providers’ Accreditation Regulations 2008,[6] the ECAC can audit and regulate CAs and CSPs respectively. The CAs issue digital signature certificates for the electronic authentication of users. As approved by the ECAC, there are several accredited CSPs in Pakistan.
It should be noted that under Section 21(2)(d) of the ETO, the ECAC also maintains a repository of digital certificates, containing all the certificates issued by accredited CAs in the country. A digital signature certificate authenticates the identity of the signature and the individual electronically. This, in effect, makes the ECAC the root certifying authority in Pakistan for digital or e-signatures. The ECAC also ensures a high level of security for online transactions by safeguarding the privacy of the information exchanged using a digital certificate.
Furthermore, the ECAC has been mandated, under Section 24 of the ETO to grant accreditation to approved crypto[7] apparatus and any CSPs intending to work as accredited CSPs.
It should be noted that the mandate and domain assigned to ECAC are to be recognized in all primary and secondary legislation and respected by all regulatory authorities. The ECAC is also a major institution in the Government of Pakistan’s apparatus when it comes to ensuring compliance with the recommendations in the Guidance on Digital Identity issued by the Financial Action Task Force (FATF) in March 2020.[8]
The general position is such that e-signatures are legally valid and acceptable and can be relied upon to take on the role of conventional signatures. However, the ETO has also placed certain limitations and established certain thresholds.
Thresholds for Electronic Signatures
Certain thresholds for reliance on electronic signatures have been established under the ETO, including the following:
- As under Section 7 of ETO, the requirement under any law for the affixation of signatures shall be deemed satisfied where electronic signatures or advanced electronic signature have been applied.
- As per Section 8 of ETO, an electronic signature may be proved in any manner, in order to verify that the electronic document is of the person that has executed it with the intention and for the purpose of verifying its authenticity or integrity or both.
- According to Section 2 of the ETO, if an electronic document is alleged to be signed or to have been generated wholly or in part by any person through the use of an information system, and where such allegation is denied, the application of a security procedure to the signature or the electronic document must be proved, in order to satisfy the evidential requirements under the Qanun-e-Shahadat Order (QSO) 1984.[9]
Thresholds for Advanced Electronic Signatures
Thresholds for reliance on advanced electronic signatures have also been established under the ETO, including the following:
- As under Section 7 of the ETO, where electronic signatures or advanced electronic signature have been applied, the requirement under any law for the affixation of signatures shall be deemed satisfied.
- As per the ETO, in any proceedings involving an advanced electronic signature, a presumption exists (unless evidence to the contrary is presented) entailing that:
- the electronic document affixed with an advanced electronic signature, as is the subject-matter of or identified in a valid accreditation certificate, is authentic and has integrity; or
- the advanced electronic signature is the signature of the person to whom it correlates, the advanced electronic signature has been affixed by that person with the intention of signing or approving the electronic document and the electronic document has not been altered since that point in time.
Documents Which Cannot be E-Signed in Pakistan
It should be noted that there are several limitations on the acceptability and validity of digital or e-signatures in Pakistan. Digital or e-signatures are not valid for the following documents in Pakistan:
- power of attorney;
- trusts;
- wills or any form of testamentary disposition; and
- contracts for sale or conveyance of immovable property or any interest in such property.
Conclusion
As a result of the ETO, there is widespread use and acceptability of digital or e-signatures across Pakistan. However, care needs to be taken to appreciate the difference between electronic signatures and advanced electronic signatures and the thresholds that have to be achieved for the same to be considered as valid electronic signatures or advanced electronic signatures. Moreover, in case of any concerns relating to the validity of digital or e-signatures, the authentication and certification process under the ECAC must be availed.
[1] Black’s Law Dictionary, (7th edition, 1999), 1387.
[2] Electronic Transactions Ordinance 2002.
Accessible at < ETO-after approval of Cabinet as on 23 (ecac.gov.pk) >
[3] United Nations Commission on International Trade Law, Model Law on Electronic Signatures with Guide to Enactment 2001, United Nations Publication Sales No. E.02.V.8, ISBN 92-1-133653-8.
Accessible at < 01-89959-p1.dg.qxd (un.org) >
[4] Please note that “cryptography services”, for the purposes of the ETO are defined under Section 2(k) of ETO, which provides that the term “cryptography services” means services in relation to the transformation of contents of an electronic document from its original form to one that cannot be understood or decoded by any unauthorized person.
[5] Accredited Certification Service Provider’s Audit Regulations 2008.
Accessible at < ECAC-Service-Provider-Audit-Regulations-2008.pdf >
[6] Certification Service Providers’ Accreditation Regulations 2008.
Accessible at < The-Certification-Service-Providers-Accreditation-Regulations-2008-updated.pdf (ecac.gov.pk) >
[7] Ibid.
[8] Financial Action Task Force (2020), Guidance on Digital Identity, FATF, Paris.
Accessible at < Guidance on Digital ID (fatf-gafi.org) >
[9] Please see Article 78-A of Qanun-e-Shahadat Order, 1984 (Presidential Order No.10 of 1984).
Accessible at < Microsoft Word – Qanun-e-Shahadat.doc (punjabpolice.gov.pk) >
The views expressed in this article are those of the author and do not necessarily represent the views of CourtingTheLaw.com or any other organization with which he might be associated.