Malawi’s the Electronic Transactions and Cyber Security Act provides a secure legal framework that recognizes the legal value of electronic transactions and electronic documents. The Act recognizes electronic signatures, digital signatures, and digital signature certificates.
Section 8 of the Electronic Transactions and Cyber Security Act provides that where a law requires a document to be signed, an electronic form of the document shall satisfy the requirement if an electronic signature is used. Set requirements must be fulfilled for an electronic signature to be authentic and valid in Malawi. The requirements include:
- the means of creating the electronic signature should be linked to the signatory and not any other person.
- the means of creating the electronic signature, was at the time of signing, under the control of the signatory and not any other person and was done without duress and undue influence; and
- any alteration made to the electronic signature after signing is detectable.
The provisions of the Act do not exclude, restrict, or affect the legality of any method of creating an electronic signature that satisfies the requirements of the Act; meets the requirements of other statutory provisions, or is provided for under a contract.
The Act also recognizes digital signatures and digital certificates. Section 12 (1) of the Act provides that unless otherwise prescribed by law, a person may decide to use a digital signature, digital signature certificate or any other mode of authentication, of his choice. Section 10 of the Act provides that a person may sign an electronic record by affixing a personal digital signature or using any other recognized, secure, and verifiable mode of signing agreed by parties or recognized by a particular industry to be safe, reliable, and acceptable.
As such, Malawi law recognizes the validity and enforceability of e-signatures and digital signatures in transactions and documents. The law provides a legal framework that allows for documents such as contracts to be in electronic form and to sign by way of electronic signatures or digital signatures.
A person who relies on a digital signature shall bear the legal consequences of failure to:
- take reasonable steps to verify the authenticity of the digital signature; or
- take reasonable steps where a digital signature is supported by a certificate, to verify the validity of the certificate; or observe any limitation with respect to the certificate.
Digital Signature Certification Authorities
Section 12 (2) of the Act provides that MACRA may, by notice published in the Gazette, approve digital signatures, certification authorities offering digital certificates, or authentication of a foreign information security service provider, for use by the public. Macra (the Authority) shall ensure that digital certificates comply with international best practices and standards. Under section 49 of the Act, a person who relies on a digital signature shall be deemed to have relied on a valid certificate containing the public key by which the digital signature may be verified.
The law goes on to say that a certification authority shall be liable for damages incurred by any person who reasonably relied on a digital issued by the certification authority if:
- All or part of the information contained in the digital certificate on the date of issuance was incorrect.
- All or part of the data required for the digital certificate to be regarded as qualified were incomplete.
- The digital certificate has been issued without checking that the signatory is duly entitled to receive such digital certificate.
- The certification certificate has not registered the revocation of the digital certificate or has not made this information available to third parties or both.
A certification authority shall not be responsible for damage caused using a digital certificate that exceeds fixed limits on the use or the value of transactions for which the digital certificate has been used if this condition has been made available to the users prior to the use of the certificate
Notwithstanding the legal framework, MACRA is yet to start the accreditation of certification authorities.
Malawi has no laws that prohibit the digital or electronic signing of any specific type of contract. The provisions of the Electronic Transactions and Cyber Security Act are of general application and can apply to any type of contract or document. The Act also provides as follows:
- Where a law requires a signature, statement, or document to be notarized, acknowledged, verified, or made under oath, that requirement shall be satisfied if the electronic signature of the person authorized to perform those acts is affixed to an electronic record.
- Where a law requires or permits a person to provide a certified copy of a document and the document exists in paper or in another physical form, that requirement shall be satisfied if an electronic copy of the document is certified to be a true copy by using an electronic signature of the certifying person.
- A requirement in any written law for multiple copies of a document to be submitted to a single recipient at the same time shall be satisfied by the submission of a single electronic record of such document that is capable of being reproduced by the recipient.
- Where a corporate seal is required to be affixed to a document, the requirement shall be satisfied if the electronic signature of the corporate body is affixed to the electronic record in accordance with the provisions relating to the use of the corporate seal.
- Although the law has developed such that it does not prohibit the digital/electronic signing of any deeds of types of contracts, a person who relies on a digital signature must verify its authenticity and that of the certificate that supports the digital signature.