Legality and enforceability of electronic signatures in Singapore*

An electronic signature, or a simple electronic signature, is a record generated, communicated, received, or stored by electronic means in an information system or for transmission from one information system to another.

A secure electronic signature, or an advanced electronic signature, is an electronic signature that applies a specified or commercially reasonable security procedure to verify its validity. According to the law, a digital signature that employs an asymmetric cryptosystem and a hash function is recognized as one of the possible and most commonly used types of secure electronic signature.

1. Businesses by default are allowed to use electronic documents and electronic signatures as a valid means to conduct their transactions.
2. An offer and the acceptance of an offer may be expressed by means of electronic communications, and a contract cannot be denied validity or enforceability solely because the electronic communication was used to form that contract.
3. A person cannot question the validity of an electronic signature only based on the fact that it was made in electronic form; they need to have other arguments to substantiate that the signature is invalid.

1. Identifies the signatory.
2. Indicates the signatory’s intent to execute the document.
3. For the identification of the signatories and indication of their intents, it uses a method that is as reliable as appropriate for the purpose for which the electronic record was generated or communicated.

The electronic signature reliability is the cornerstone of its validity. The law does not establish electronic signature reliability criteria; it only provides general guidance on how to assess whether your signature is reliable: it (i) has fulfilled the necessary function OR (ii) is appropriate to fulfill the necessary function, taking into account the following factors:

• Any operational rules that are relevant to the assessment of reliability.
• The assurance of data integrity.
• The ability to prevent unauthorized access to and use of the system.
• The security of hardware and software.
• The regularity and extent of audit by an independent body.
• The existence of a declaration by a supervisory body, an accreditation body, or a voluntary scheme regarding the reliability of the method; and
• Any applicable industry standard.

1. It needs to be unique to the signatory.
2. It has to be capable of identifying the signatory.
3. It needs to be created in a manner or using a means under the sole control of the signatory; and
4. The signature must be linked to the electronic record in a way that invalidates the electronic signature if the record is changed.

The most common type of secure electronic signature is a digital signature that is based on the use of an asymmetric cryptosystem and hash function technologies. For a digital signature to be valid in Singapore, the digital signature provider needs to meet ONE of the following criteria:

• Be an accredited certification authority in Singapore.
• Be a recognized certification authority.
• Be a public agency approved by the Minister of Communications to act as a certification authority.
• Signatories need to expressly agree to use this digital signature provider, and the digital signature must be based on PKI technology.

This means that digital signature providers which are not officially accredited by the Ministry of Digital Development and Information can still provide legitimate digital signature services in Singapore as long as the signatories agree to use the services of this provider.

• To create or execute a will.
• To convey or transfer any interest in immovable property.
• To sign any contract for the sale or other disposition of immovable property, or any interest in such property.
• To create, perform, or enforce an indenture, declaration of trust, or power of attorney, except as provided under the Mental Capacity Act 2008.

Last updated: September 2024