Digital Signatures usage in Singapore

[Thai Dang]

Hello,

Does anyone know about the practices regarding the usage of "digital signatures" by a Singapore company?

In the US / UK / Europe, "digital signatures" are widely accepted for use within the company such as Board resolutions, agreements between the company and its partners/employees/shareholders, for invoices/receipts issued by the company, etc. etc. and sometimes even when filing with the government as well. Through the use of "digital signature" services such as Adobe EchoSign, DocuSign, HelloSign, SignNow, Signable.co.uk, etc.

But how about Singapore, cuz it seems to me that "digital signatures" are not widely used and acceped here?

And what would be the "digital signatures" service providers that would be acceptable by the regulations here in Singapore.... so that those digital signatures can have the same legal validity just like paper-and-pen signatures?

Thank you very much!!!

[Ruben Potter]

Dear Thai,

Thank you for raising this question on our OpenFrog™ Community.

Under the Electronic Transactions Act (Chapter 88, Singapore Statutes) (the "Act"), there are provisions made for the usage and governance of digital signatures.

Section 8 of the Act specifically provides for methods to be used in identifying the person signing, indicating the intention of the person signing, and that the said method must either be as reliable "as for the purpose for which the electronic record was generated".

Adobe EchoSign® is an electronic signature solution, but does not constitute a Digital Signature. It may be compliant with the ESIGN Act of 2000 (15 U.S. Code Chapter 96), but is not considered a "Secure Electronic Signature" under Section 18 of the Act, unless it has been issued by a third party Certification Authority ("CA"). A CA acts as a form of commissioner or notary public witnessing the validity of your digital signature. An example of a public CA would be Netrust Pte Ltd.

In order for your contracts or document to be binding, your digital signature needs to be either:

• issued by a CA in Singapore;
  
• issued by a CA (or its equivalent) outside of Singapore that is recognized by the Controller of CAs in Singapore; or
  
• parties to the agreement must consent to the usage of a prescribed electronic signing mandate or mechanism.

Using dispute resolution as an example, just as it is in the autonomy of parties to decide between litigation and arbitration, parties may also decide between using a physical or electronic signing mandate. In cases where contracts require each party's signature to be witnessed by a notary public in their respective countries, then it may not be appropriate for these documents to be signed electronically.

With Regards,

Ruben Potter

Disclaimer: The above content, including links to third-party websites and/or articles (the "Content"), are intended to act as a sharing among the OpenFrog™ Community, and is provided for your information and interest only. The Content does not constitute and is not to be regarded as legal advice. We attempt to ensure that the Content is current but we do not guarantee its currency. Readers should seek legal or other professional advice before acting or relying on the Content. Please seek specific advice tailored to your circumstances.

[Thai Dang]

Hi Ruben,

Thank you very much for the information.

Do you know where we can find the list of "CA"s that are approved/recognised by the Singapore government?

And for the parties of the agreement to "consent to the usage of a prescribed electronic signing mandate or mechanism", does it mean that it can simply be a clause in the agreement itself that "both parties consent to the usage of digital signatures as provided the CA in accordance ot the Act"? Or such "consent" needs to be on a separate agreement signed by "paper-and-pen signatures" (and then digital signatures can be used from the 2nd time onward)

And where both parties are consent to such digital signatures mechanism, but only one party signs by "digital signatures", and then print it and send it to the other party who still signs by paper-and-pen signatures (because that other party does not yet buy the CA solution yet, or does not find it cost-efficient to do so just for one-tim signing). Will that still be OK and legally acceptable? 

Anyway, thank you very much for your advices. I nevertheless still think that in order for Singapore to vie with other global financial centres like US and UK, it should adopt a more "progressive" mindset in terms of signing documents like those countries.....

Best regards,

--
You received this message because you are subscribed to the Google Groups "OpenFrog" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openfrog+u...@googlegroups.com.
To post to this group, send email to open...@googlegroups.com.
Visit this group at http://groups.google.com/group/openfrog.
For more options, visit https://groups.google.com/d/optout.

[Thai Dang]

Just a further thought.

For a contract/agreement signed between Singapore-based parties, is it possible to state that US/UK/Europe laws shall be the governing law (instead of Singapore law) so that we can use "electronic signatures" solutions such as Adobe EchoSign so that such electronic signatures become legally valid and binding?

I read on http://singaporelegaladvice.com/what-is-the-governing-law-of-a-contract/ and seems like it's okay to do so (i.e. both parties can agree to apply the law of another country even though the contract is signed in Singapore).....

[Sebastiaan Deckers]

On Sun, Oct 19, 2014 at 4:51 PM, Thai Dang <dvqua...@gmail.com> wrote:

Do you know where we can find the list of "CA"s that are approved/recognised by the Singapore government?

Looks like there is only one CA accredited by the Controller (i.e. IDA).

http://www.ida.gov.sg/Policies-and-Regulations/Acts-and-Regulations/Electronic-Transactions-Act-and-Regulations/Controller-of-Certification-Authorities/Accredited-CAs-in-Singapore

Some WTFs:

- There is only 1 accredited CA in Singapore

- Its certificate is valid for 2 decades

- You download the crt file from a third party, non-HTTPS website

- The cert is not signed by any other (Root) CA

Regarding the original question: I've used services like Echosign/Hellosign/etc and they worked fine. Ruben rightfully points out that these are not digital signatures in the cryptographic sense, but that doesn't mean it's not useful. AFAIK any form of agreement is be binding: paper signature, digital crypto signature, handshake, verbal agreement, written letter, email, etc. Whether you can prove a verbal agreement (or an Echosign) in case of dispute is another matter.

[Meng WONG]

Chiming in late on this – the distinction between electronic vs digital signature is elaborated at http://helpx.adobe.com/acrobat/kb/certificate-signatures.html

Unsurprisingly, Adobe Acrobat is suited to digital signatures …