Online Commerce in the UAE – will Covid 19 lead to a step-change in business attitudes?

E-Commerce in the UAE

Given the restrictions recently imposed on movement of people and face-to-face meetings in the UAE, it has become more important than ever that work and business can continue as far as possible online. This is no less true in relation to legal transactions, documents and related activities. Helpfully, the relevant supporting legal ‘tools’ have been in place for some time and, as technology and business practices have changed and advanced over time, there has been increasing uptake in their use. However the current crisis and its consequences may have the effect of propelling these behavioural changes forward at a much greater rate. In that respect, UAE businesses should be taking the opportunity to urgently review their existing practices and risk management formalities to ensure that, electronically, they are fully ‘up to speed’ and that their ability to do business and compete is not being constrained by outdated attitudes and administrative requirements. 

With that in mind, what are the most relevant elements of the law that businesses need to be aware of in order to be able safely and securely to transact business electronically? 

The E-Law   

The principal legislation governing the recognition and status of electronic transactions in the UAE (outside the Federal Free Zones) is Federal Law No 1 of 2006 on Electronic Commerce and Transactions (E-Law), which was designed to support, promote and facilitate e-commerce by enabling electronic transactions to be conducted with confidence as to their legal effectiveness. 

To this end, the E-Law applies to any electronic records, documents and signatures that relate to ‘electronic transactions and commerce’ and specifically recognises that contracts may be documented and concluded electronically, and that an offer, and the acceptance of an offer, may be expressed, in whole or in part, by electronic communication, and that a contract is not invalid or unenforceable solely by reason that electronic communication was used in its formation. 

This has led to a growing variety of transactions in the UAE (mostly retail and banking) which are commonly documented and concluded electronically. These can typically be identified by the use of one or more of the following forms of electronic signature or authorisation: 

a) the use of a ‘PIN’ number;

b) the use of fingerprints and/or facial recognition (i.e. - biometric authorisation);

c) use of a contactless ‘swipe card’ or ‘electronic wallet’ authorisation;

d) adding one’s name, by way of acceptance, at the end of online text; and

e) giving an online acknowledgement or confirmation (e.g. - ‘I accept’ or ‘submit’ ). 

However, despite this, in practice the conduct of many mainstream commercial activities and transactions in the UAE remains largely non-electronic. 

Excluded Transactions and Documents 

Although the E-Law applies generally to commercial dealings, in that it allows parties to choose that their dealings and transactions be undertaken, documented, concluded, or stored electronically, there are notable exceptions. Specifically, the E-Law does not apply to the following transactions and documents (in relation to which therefore, for legal purposes the pre-existing rules continue to apply): 

a) transactions and issues relating to matters of personal status (such as marriage, divorce and inheritance);

b) deeds of title to immoveable property;

c) negotiable instruments (e.g. – cheques);

d) transactions involving the sale, purchase, lease (for a term of more than 10 years) and other dispositions of immoveable property (i.e. – land) and the registration of other rights relating to immoveable property;

e) any document legally required to be attested before a notary public (e.g. – company constitutional documents); and

f) any other documents or transactions exempted by provision of law. 

Subject to these exceptions, however, it is clear that the E-Law will apply even in circumstances where the law specifically requires that a statement, document, record, transaction or evidence must be in writing (or provides for certain consequences if it is not) or where certain documents, records or information are required for any reason to be retained, provided certain requirements are satisfied to do with ensuring that the electronic record is retained in an identifiable and authentic form. 

In this context, it is worth noting that there are actually relatively few contracts in the UAE which are required by law to be in writing (although there is a range of other documents or agreements which, in practice, also have to be in writing since they are required to be notarised and/or registered with governmental or judicial authorities in order to ensure their effectiveness and/or validity, such as powers of attorney, employment contracts, and certain sponsorship arrangements). 

Electronic signatures and authentication 

Furthermore, in relation to any contract made in writing, generally there is no substantive requirement of UAE law that such contracts need to be signed, initialed and/or stamped in order to be legally valid and binding, and so the question of whether or not such a written document amounts to a binding contract between the parties will, as with oral contracts, depend on all available relevant evidence. 

However the formality of signing and/or stamping such documents is nevertheless widespread and is legally significant because, under the UAE law of evidence, an original document is regarded as ‘best evidence’ of the underlying contract and will generally not (where disputed, and absent other evidence) be recognised as such (and therefore admitted in evidence) unless it has been signed and/or stamped by the parties. 

To address this issue the UAE law of evidence was, following the promulgation of the E-Law, amended so that: 

a) electronic signatures which satisfy the requirements of the E-law are given the same legal force and effect as ‘wet ink’ and other signatures recognised as evidence; and

b) electronic writing, communication, records and documents have the same legal force and effect as official and traditional writing and communications recognised as evidence.

In addition, and for completeness, in relation to those exceptional cases where the law specifically requires there to be a signature on a written document as a pre-condition to its validity, or provides for certain consequences where such a signature is missing, the E-Law provides that such a rule is satisfied by the application of a reliable electronic signature. 

Since only electronic signatures that satisfy the requirements of the E-Law will meet these evidential requirements, it is therefore essential that commercial parties can be confident that whatever manner of electronic execution is agreed between them will be recognised as such under the E-Law. So what are these requirements?   

Creating an electronic signature 

Some of the electronic signatures currently used in the UAE are referred to above. Their variety rests on the wide definition given to the term ‘electronic signature’ under the E-Law, namely: 

‘any letters, numbers, symbols, voice or processing system in electronic form applied to, incorporated in, or logically associated with, a data message with the intention of authenticating or approving the same.’ 

The E-Law also recognises and permits an electronic signature to be created using a uniquely configured ‘signature creation device’ that can generate an electronic signature attributable to a specific person. This includes systems or devices which generate or capture unique information such as codes, algorithms, letters, numbers, private keys, personal identification numbers or personal attributes.

In this respect, to enhance the security of the electronic signature generated by a signature creation device, the signatory may also seek an ‘electronic attestation certificate’ issued by an accredited independent ‘certification services provider’ in accordance with the requirements of the E-Law, in order to verify the authenticity of the electronic signature and the identity of the person or entity holding the signature creation device used to create the relevant electronic signature. This is important in relation to the issue of whether there has been reasonable reliance on an electronic signature, as outlined below. 

Authenticity and risk 

So an electronic signature can take many forms, which are largely unrestricted – which makes sense given the pace of technological change in this area. What is important, however, is that whatever the form used and however it is created, the electronic signature is that of the originator and has been applied with the intention of communicating authorisation or approval of the data message (and, in the case of a contract, being bound by it). 

The latter question (whether or not an electronic signature has been applied with the relevant intention etc.) is a matter of fact and will usually be readily apparent from the circumstances and the communications leading up to it. However the genuineness of the electronic signature itself (i.e. – that it belongs to originator) is a more difficult matter to demonstrate.

In addressing the question of the authenticity and reliability of the electronic signature, the E-Law starts from the basic premises that, in the absence of actual proof that the electronic signature is genuine, the risk of forgery (i.e. – fraud) is to be borne by the party who receives and relies on electronic signature unless such reliance is ‘reasonable’. What would amount to ‘reasonable reliance’ is, therefore, a very important question. 

The first point to bear in mind here is that reliance on a ‘secure electronic signature’ is deemed reasonable in the absence of proof to the contrary (i.e. – it is presumed to be reliable). This makes it the safest form of electronic signature.

In order to achieve ‘secure’ status, an electronic signature must, at the time of signing, have been verified in accordance with a ‘secure authentication procedure’ as being: (i) limited to the person using it; (ii) capable of verifying the identity of that person; (iii) under that person’s full control; and (iv) linked to the electronic record to which it relates in a manner which provides reliable assurance as to the integrity of the signature such that if the record was changed the electronic signature would be invalidated. A typical modern ‘biometric’ signature is a good example of a secure electronic signature.  

If an electronic signature is not, however, a secure electronic signature, then in determining whether or not it was reasonable in the circumstances for the recipient to rely on it, regard is to be had (as appropriate) to: 

a) the nature of the underlying transaction that the electronic signature was intended to support;

b) the value or importance of the underlying transaction, if this is known to the party relying on the electronic signature;

c) whether the party relying on the electronic signature or the electronic attestation certificate had taken appropriate steps to determine its reliability;

d) whether the party relying on the electronic signature had taken appropriate steps to ascertain whether the electronic signature was supported or was reasonably expected to have been supported by an electronic attestation certificate;

e) whether the party relying on the electronic signature or the electronic attestation certificate knew or ought to have known that it had been compromised or revoked;

f) any agreement or course of dealing between the originating party and the relying party in respect of the electronic signature or the electronic attestation certificate, or any trade usage or practice which may be applicable; and

g) any other relevant factor.

Because of the substantial burden placed on the relying party to demonstrate ‘reasonable reliance’, and in particular the increase in that burden in relation to more significant, important or valuable transactions, it is easy to see why there might be reluctance to accept the validity of an electronic signature that is not a secure electronic signature – at least in relation to more significant commercial transactions. This reluctance might well be reinforced by the nature of the UAE’s fragmented judicial system, under which there is no ‘judicial precedent’ to guide the interpretation and application of the ‘reasonable reliance’ criteria, and a perceived lack of decision-taking consistency.

Summary 

Despite the E-Law having been in force for many years, the ready availability of secure electronic signatures and the support of the law for this transactional medium, and although the retail and online sales and banking sectors have largely embraced the new digital legal world in relation to many domestic and personal transactions, it appears that for large swaths of mainstream commercial activities in the UAE there is still a preference to undertake deals on the basis of old-fashioned physical documentation with manual signatures, stamps and execution. Whilst this is no doubt in part due to some key transactions and activities remaining excluded from the scope of the E-Law, nevertheless there seems to be a reluctance on the part of some UAE businesses to adapt to the new world of electronic commerce. It remains to be seen, however, whether the physical and other constraints imposed on business activities as part of the Coronavirus epidemic will prompt a ‘step-change’ in business attitudes in this respect.