The legality overview
Malaysian law recognizes eSignatures within two types: electronic and digital signatures. The electronic signatures are governed under the ECA [Section 6], which acknowledges their legal effect, validity, and enforceability.
On the other hand, digital signature is the form of a more secured signature, backed by trusted certificates & regulated under the DSA [Section 62(2)]. It deems the digital signature is legally equivalent to handwritten signatures & thumbprints. Although both types can be considered enforceable as โwet signaturesโ as long as they meet the required legal standards.
Types of eSignature used
Electronic signatures
Electronic signatures in Malaysia are governed by the 2006 ECA. It is defined as โany letter, character, number, sound, or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature.โ
To be legally recognized under the ECA [Section 9], an electronic signature must:
- Be attached to or logically associated with the electronic message
- Adequately identify the signer and indicate their approval of the information to which the signature relates, and
- Be as reliable as is appropriate for the purpose and circumstances in which it is used.
An electronic signature is deemed โas reliable as is appropriateโ if:
- The means of creating the signature is uniquely linked to and under the sole control of the signer,
- Any alteration to the electronic signature after signing is detectable, and
- Any alteration to the signed document after signing is detectable.
These requirements ensure the integrity, authenticity, and non-repudiation of electronic signatures, making them legally binding and enforceable when the outlined conditions are met.
Digital signatures
Digital signatures in Malaysia are regulated under the Digital Signature Act 1997 (DSA). A digital signature is defined as โa transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signerโs public key can accurately determine:
- Whether the transformation was created using the private key that corresponds to the signerโs public key; and
- Whether the message has been altered since the transformation was made.
To fulfill the legal requirements under the DSA [Section 2], a digital signature must:
- Be verified by referencing the public key listed in a valid digital certificate issued by a licensed certification authority;
- Be affixed by the signer with the intention of signing the message;
- The recipient must have no knowledge or notice that the signer has breached a duty as a subscriber or does not rightfully hold the private key used to affix the digital signature.
As required by the DSA, the signers must obtain a valid license to issue digital certificates. These certifications under DSA ensure that digital signatures are secured and legally binding under Malaysian law, equivalent to handwritten signatures.
Permitted usages in Malaysia
Under the 2006 ECA, electronic signatures (including digital signatures) are not mandatory yet legally valid for most electronic commercial transactions, including those involving federal and state governments. Section 6 of the ECA ensures that electronic messages cannot be denied legal effect or enforceability if they are accessible and meet the criteria for electronic signatures.
However, certain documents are explicitly prohibited from being signed electronically under the ECA, including:
- Powers of attorney
- Wills and codicils
- Trusts
- Negotiable instruments
Additionally, documents requiring notarization or attestation, such as real property instruments and instruments of transfer, generally cannot be signed electronically unless allowed by specific legal provisions.
In the public sector, the Electronic Government Activities Act 2007 (EGAA) extends the recognition of electronic signatures for interactions with government entities. For Malaysia’s government procurement via the ePerolehan system, digital signatures are mandatory and must be backed by digital certificates issued under the Government Public Key Infrastructure (GPKI).
While digital signatures can fulfill the legal requirement of affixing a seal to electronic documents under the 1997 DSA, the use of electronic signatures is still limited in scenarios.
Disclaimer
This information is for general guidance only and not legal advice. For specific legal questions & advices, please consult to the legal authorities of the respective country. Laws on electronic signatures may change and vary based on context. While efforts are made to ensure accuracy, this material is provided “as-is” and Mekari Sign cannot guarantee these legality to be current & fully correct.