Authentic proof of protected electronic signature

Electronic transactions are distinguished by the fact that they do not resort to paper documents, but rather rely on electronic messages that consist of calculated information, and since the State of Kuwait is one of the pioneering countries in adopting modern systems to develop aspects of economic and commercial activity in it, and as it is preparing to be a global financial center, so it is not permissible to neglect The legal effect of the electronic signature in terms of its validity and the possibility of working with it, where the protected electronic signature within the scope of civil, commercial and administrative transactions with the authority of a written signature when taking into account in its creation and completion the technical controls stipulated in the Kuwaiti Electronic Transactions Law.

The concept of electronic signature

Data that take the form of letters, numbers, symbols, signs, or others, and are placed in an electronic, digital, optical or any other way on an electronic document, and have a character that allows the identification of the signatory person and distinguishes him from others.

Authentic proof of electronic signature protected in the Kuwaiti Electronic Transactions Law

The Executive Regulations of the Kuwaiti Electronic Transactions Law regulates the conditions for authoritative proof of a protected electronic signature as follows:

First: Technical controls for a protected electronic signature

1- The signature must be linked to an electronic certification certificate issued by a licensed certification service provider. The protected electronic signature must, as a minimum, have the following technical elements:

A- The authority issuing the electronic certification certificate, so that the certificate contains all the information indicating the certification services provider, and its electronic signature according to standard x.509v3

b- The type of signature, its serial number, and the scope of its work

C- The date of signing according to the concept of a time stamp, and the period of its validity

D- The type of encryption algorithm used with the public key in accordance with the electronic certificate policy and the electronic authentication procedures of the certification service provider

E- The scope of use of the signature and the limits of its statutory responsibility, as well as the conditions for protecting the confidentiality of information and identity data of the signer, which includes his full name and address.

2- The attestation certificate associated with the signature shall be valid at the time the signature is made.

3- Maintaining the integrity of the site’s identity data, and its compatibility with the electronic certification certificate.

4- If the signature is made jointly with an electronic data system at the signer, it is required that the logical and technical link between the electronic signature system and the electronic data system be sound, and that they are free of technical defects that affect the validity of the signing and sending it.

5- Availability of the minimum technical and administrative structure, and related resources by which control of the signing procedures is achieved, and the confidentiality of data according to the technical conditions contained in the electronic certification procedures of the certification services provider.

6- The signer’s commitment to all the conditions mentioned in the electronic certification procedures of the certification service provider with regard to the electronic signature procedure, in a manner that does not conflict with the rules and regulations issued by the competent authority.

Second: The necessary precautions to avoid the illegal use of the protected electronic signature

In the case of making an electronic signature, the necessary precautions must be taken to avoid any illegal use of the signature creation data and personal equipment related to its signature. These precautions must also include the following:

  1. Preserve the electronic certification certificate and electronic signature documents issued by the provider of certification services that have a confidential nature, and not allow unauthorized persons to view them.
  2. Apply appropriate, safe and non-tamper-proof solutions and technologies, in accordance with the provisions for practicing electronic certification services issued by the competent authority.
  3. The signatory may seek the assistance of specialized technical bodies for review and audit in a way that supports the quality and confidentiality of the signing process, without prejudice to any controls, statutory or contractual conditions between the parties to the transaction.
  4. The owner of the electronic signature must inform the certification service provider as soon as he becomes aware of the existence of an illegal use of his signature, provided that the data related to the illegal use is documented.

Third: Procedures for Verifying a Protected Electronic Signature

Whoever relies on the electronic signature of another party must take the necessary care to verify the authenticity of the signature, using the electronic signature verification data, according to the following procedures:

  1. Verify the origin of the message’s sender’s certificate, and that it is issued by a licensed authentication service provider in accordance with the provisions of these regulations, and verify its validity and validity.
  2. Ensure that the data attached to the electronic signature is identical to the data of the signatory, based on the certificate issued to him.
  3. Not appearing within the incoming message and signature, alerting or warning messages stating that the signature does not match or any other defect related to the origin or content.

Conditions that must be met for the electronic signature to be considered protected and approved

An electronic signature is considered protected and approved if the following are met:

  1. If the signature creation tool used is limited to the signer only
  2. If the signature creation tool at the time of signing is under the control of the signer only
  3. If it is possible to detect any change to the electronic signature that occurs after the time of signature
  4. If it is possible to detect any change in the information associated with the signature that occurs after the time of the signature
  5. If it cannot be copied from the electronic support in which it was created

If you are looking for a Kuwaiti law firm that specializes in providing legal services to the securities, capital and stock market activities, you can count on us at Taqneen, Law Firm and Legal Consultations.

To book an appointment or request legal advice about the duties of securities companies in the optimal implementation of clients’ orders, we are pleased to receive your inquiries at (