Are e-signatures legal, admissible, and enforceable in Singapore?
Summary of law governing e-signatures:
The Electronic Transaction Act (Cap. 88) (ETA), which provides for the security and use of electronic transactions to implement the United Nations Convention on the Use of Electronic Communications in International Contracts, accords legal recognition to e-signatures in Singapore. Where the rule of law requires a signature or provides for certain consequences if a document or a record is not signed, that requirement is satisfied by an e-signature if:
- a method is used to identify the person making the signature and to indicate that person’s intention in respect of the information contained in the electronic record; and
- the method used is either (a) as reliable as appropriate for the purpose for which the electronic record was generated or communicated, in light of all the circumstances, including any relevant agreement; or (b) is proven in fact to have fulfilled the functions described.
E-Signatures can be used for court filings pursuant to Order 63A Rule 9 of the Rules of Court.
Notable case law examples:
The case of M Integrated Transware Pte Ltd v. Schenker Singapore (Pte) Ltd  SGHC 58 demonstrated that the courts look to whether the method of signature used fulfils the function of a signature (i.e., demonstrates an authenticating function), rather than whether the form of signature used is one which is commonly recognized. In that case, the Singapore courts have recognized e-signatures as valid within emails. Typed names were sufficient to satisfy the signature requirement as the authenticating intention of the signatories had been clearly demonstrated.
We have not cited any cases on audit trails being relied upon as key evidence.
Are there certain documents that cannot be e-signed in Singapore?
- The creation and execution of a will;
- Negotiable instruments, documents of title, bills of exchange, promissory notes, consignment notes, bills of lading, warehouse receipts, or any transferable document or instrument that entitles the bearer or beneficiary to claim the delivery of goods or the payment of a sum of money;
- The creation, performance, or enforcement of an indenture, declaration of trust, or power of attorney with the exception of implied, constructive, and resulting trusts;
- Any contract for the sale or other disposition of immovable property or any interest in such property; and
- The conveyance of immovable property or the transfer of any interest in immovable property.
Does local regulation govern the use of digital IDs and/or certificates for e-signatures in Singapore?
The ETA regulates the use of "Secure Electronic Signature", the Singapore equivalent of the QES.
What is a secure electronic signature?
An e-signature that is made secure will constitute a Secure Electronic Signature. An e-signature is a Secure Electronic Signature and is legally binding if it can be verified (through a specified security procedure (see further elaboration below) or a commercially reasonable security procedure (see further elaboration below) agreed to by the parties involved) at the time that it was made that it is:
(a) unique to the person using it;
(b) capable of identifying such person;
(c) created in a manner or using a means under the sole control of the person using it; and
(d) linked to the electronic record to which it relates in a manner such that if the record was changed the electronic signature would be invalidated.
The ETA prescribes a presumption that a Secure Electronic Signature is authentic i.e. it is the signature of the person to whom it relates; and it has been affixed by that person with the intention of signing or approving the electronic record.
What is a specified security procedure?
A "specified security procedure" refers to digital signatures, which means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine: (a) whether the transformation was created using the private key that corresponds to the signer’s public key; and (b) whether the initial electronic record has been altered since the transformation was made.
A digital signature will be considered a Secure Electronic Signature on any portion of an electronic record if:
(a) the digital signature was created during the operational period of a valid certificate and is verified by reference to the public key listed in such certificate; and
(b) the certificate is considered trustworthy, in that is an accurate binding of a public key to a person's identity because: (i) the certificate was issued by an accredited certification authority operating in compliance with the Electronic Transactions (Certification Authority) Regulations 2010 (there is one at the moment; see question 4 below for further elaboration); (ii) the certificate was issued by a recognized certification authority (there are none at the date of the advice); (iii) the certificate was issued by a public agency acting as a certification authority (we are unaware of any at the date of the advice); or (iv) parties have expressly agreed between themselves (sender and recipient) to use digital signatures as a security procedure, and the digital signature was properly verified by reference to the sender's public key.
What is a commercially reasonable security procedure?
Whether a security procedure is commercially reasonable shall be determined having regard to the purposes of the procedure and the commercial circumstances at the time the procedure was used, including:
(a) the nature of the transaction;
(b) the sophistication of the parties;
(c) the volume of similar transactions engaged in by either or all parties;
(d) the availability of alternatives offered to but rejected by any party;
(e) the cost of alternative procedures; and
(f) the procedures in general use for similar types of transactions.
Whether there are documents that require the use of QES
The ETA does not prescribe a list of documents that require the use of a Secure Electronic Signature.
However, certain government agencies in Singapore require the use of Netrust tokens/PKI certificates. For example, the Building Construction Agency requires Qualified Persons who need to digitally sign plans and documents for regulatory approval to obtain a Netrust digital certificate. Also, the Singapore Land Authority's Electronic Lodgment System allows for electronic signing of certain instruments such as caveat and discharge of mortgage via Netrust Tokens which would be treated as Secure Electronic Signatures.
Does local law provide certification bodies / trust services that users of e-signatures should be aware of in Singapore?
The ETA does not prescribe a list of certification bodies / trust services.
However, the Info-communications Media Development Authority's website sets out a list of accredited certification authorities (the website can be accessed here). Accreditation is voluntary, and only certification authorities who meet high integrity and security standards will be accredited. There is currently only 1 certification authority that is accredited: Netrust Pte Ltd.
*DISCLAIMER: The information contained in this guide is for information purposes only, provided as is as of the date of publication and should not be relied upon as legal advice or to determine how the law applies to your business or organization. It is recommended that you seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. OneSpan does not accept liability for the contents of these materials or for third parties materials.
Last updated: November 2020