This is part four of a six part series, to read the previous insights please view the series navigation at the bottom of this page.
The Approved Trust Mark is a logo or symbol that shows the Trust Service Provider has been approved by the Authority to offer trusted Electronic Trust Services. Article 26 of the Decree-Law outlines the guidelines for the accredited trust service provider when using the trust mark. They must:
- Clearly mention the Approved Trust Services they are licensed to provide.
- Include an electronic link on their public website that leads to the Emirati Trust Services list published by the authority.
- Additionally, Article 35 of the executive regulations further clarifies the rules for using the approved trust mark:
(i) The Authority will define, publish, and manage the standards related to the form, content, and presentation of the approved trust mark for the approved trust services.
(ii)The approved trust service provider may use the approved trust mark under the following conditions, and it must be evident in the UAE Trust List for the approved trust service provider:
a. The provider must have the necessary approval capacity and licenses as per the Decree-Law, this decision, decisions issued by the Authority, and the requirements of relevant entities.
b. The reference to the approved trust services, approval capacity, and active license of the approved trust service provider must be clear and accurate, without any misleading information.
c. An electronic link to the approved trust mark must be provided, showing the approval capacity, license status, and the list of approved trust services in the UAE Trust List, in compliance with the requirements and decisions set forth by the Authority.
Regarding the Acceptance of Electronic Transactions and Trust Services, Article 28 of the Decree Law states the following:
- This Decree-Law does not force anyone to use or accept Electronic Transactions, but a person's consent can be inferred from their actions indicating such consent.
- Unless otherwise stated by existing legislation, a person can use any form of Electronic Signature or Electronic Stamp.
- The Digital Identity issued based on the requirements of the Electronic Identification System, approved by the Authority in coordination with the Federal Authority for Identity and Citizenship, will be used as a means of accessing services and Electronic Transactions provided by Government Entities.
- When using the Digital Identity to access government e-services, individuals must comply with identity proof and personal attendance requirements when the Digital Identity meets the necessary level of confidence and security as outlined in this Decree-Law.
- Government Entities must accept the use of Electronic Signatures, Electronic Stamps, Digital Identity of individuals, or Electronic Documents in the Electronic services they provide or delegate to other Government Entities. This acceptance will be in line with the form, standards, and levels of confidence and security set by the Authority.
- Government Entities, within their specified competencies according to existing legislation, may carry out Electronic Transactions that have the same legal effect in the following matters:
(i)Accepting the deposit, submission, creation, or preservation of documents in Electronic record form.
(ii) Issuing any document, permission, license, decision, or approval in Electronic record form.
(iii) Collecting fees or processing other funds in Electronic form.
(iv) Submitting bids, receiving, and awarding tenders related to government procurement through Electronic means.
- If a Government Entity decides to conduct any of the activities mentioned in Clause (6) of this Article, it may specify the following:
(i) The method or form of creating, depositing, keeping, submitting, or issuing Electronic Documents.
(ii) Rules, conditions, and procedures for offering bids, receiving and awarding tenders, and completing government procurement through Electronic means.
(iii) The form of Electronic Signature and Stamp required, along with the level of security needed.
(iv) The way and form in which the signature or stamp is applied to the Electronic Document, along with the technical standards required from the Trust Services provider responsible for saving and storing the document.
(v) Operations, rules, and control procedures related to the safety, security, and confidentiality of Electronic Documents, payments, or fees.
(vi) Terms and conditions for sending paper documents if required for Electronic Documents related to payments and fees.
- Government Entities must archive Electronic Documents with a qualified or Approved Electronic Signature, or with a qualified or Approved Electronic Stamp, following the rules specified in the Implementing Regulation of this Decree-Law (as mentioned in Article 19-20 of the cabinet decision).
Regarding the Liability of the Parties, Article 29 of the decree law outlines the liability of the Approved Party as follows:
- The Approved Party is responsible for the consequences of its failure to take necessary measures to ensure the validity and enforceability of the authentication certificate and adhering to any restrictions related to it.
- The Approved Party is responsible for the consequences of its failure to take necessary measures to ensure the validity and enforceability of the Digital Identity when it is used.
- To trust and rely on the Electronic Signature or Electronic Stamp, the Approved Party must consider the following:
(i) Determining the security level of the Electronic Signature or Electronic Stamp based on the nature, value, or importance of the intended transaction.
(ii) Verifying the identity of the Signatory and the validity of the authentication certificate.
(iii) Confirming that the Electronic Signature or Electronic Stamp used meets the required standards.
(iv) Being aware or reasonably assuming if the Electronic Signature, Electronic Stamp, or Electronic authentication certificate has been compromised or cancelled.
(v) Considering any previous agreements or deals between the Signatory and the Approved Party that relied on the Electronic Signature, Electronic Stamp, or authentication certificate.
- If reliance on the Electronic Signature or the Electronic Stamp does not meet the criteria stated in Clause (3) of this Article, the party that relied on them will bear the risk of the signature or seal being invalid and will be responsible for any damages caused to the owner of the Electronic Signature or Electronic Stamp or any other affected parties.
Article 30 of the decree law outlines the Liability of the Signatory as follows:
- Taking necessary precautions to prevent unauthorized use of the Electronic Signature or Electronic Stamp creation Data.
- Informing the relevant Licensee if there is a suspicion that the Electronic Signature or Electronic Stamp creation Data used to create the signature or stamp might have been compromised or are not secure.
- Ensuring that the information provided regarding the authentication certificate is accurate and complete throughout its validity period, in cases where the use of such certificate is required.
- Reporting any changes to the information contained in the authentication certificate or any breaches of its confidentiality.
- Using valid authentication certificates.
As is customary, the United Arab Emirates places a strong emphasis on offering services that are accessible and convenient for individuals with disabilities. Article 32 of the Decree Law outlines that Trust Services and Approved Trust Services should be accessible to individuals with physical disabilities whenever feasible. This should be done in line with procedures and methods that accommodate their specific needs and the nature of their unique circumstances.
To be continued on Monday 16nd October, stay tuned.