Modern life is highly intertwined with the internet and digitalization. The internet has become the main platform for social, economic and political interactions and transactions. Accordingly, Ethiopia, like many other countries around the globe, has embraced ICTs and ICT based services as key enablers for social and economic development, including in the banking and financial sectors. Even though cash remains the dominant medium of exchange, almost all banks in the country have already introduced electronic banking systems such as core banking, internet and mobile banking and Automated Teller Machine (ATM) services. The Ethiopian Commodity Exchange is also publishing trading prices for key commodities countrywide through mobile phone messaging and internet based services. Moreover, a significant amount of business transactions is being concluded through electronic means. However, the increasing reliance on technology has not been matched with corresponding developments in the legal and regulatory framework that is necessary to safeguard the technology. The adoption of Electronic Signature Proclamation 1072/2010 reflects a realization of the need for bridging the said gap. There is a clear understanding that it is difficult, if not impossible, to adequately regulate electronic transactions with the usual legal and regulatory mechanisms. Among the obvious risks is the fact that electronic documents and related data can easily be corrupted, stolen, destroyed or fall in the wrong hands. The new law seeks to regulate electronic transactions and provide legal recognition to electronic documents and signatures. In doing so, it aims to resolve the biggest problems linked to electronic transactions; namely, lack of confidence on such transactions and their enforceability before a court of law. The law provides for digital signature, an electronic signature that uses asymmetric cryptosystem (an encryption system that uses public and private keys to encrypt and decrypt data in order to enhance communication security). It also establishes a regulatory framework for the administration of Public Key Infrastructure (PKI), a secured platform used for the creation of digital signatures.
Significance of the law
The law addresses the need for a comprehensive legislation that provides the same level of recognition to electronic message as paper based documents. There exist specific laws that recognize and regulate certain types of electronic transactions. The Ethiopia Commodity Exchange Proclamation No. 550/1999, for example, recognizes commodity transactions made through electronic means. It also legalizes electronic signature used to authorize fund transfers for the purpose. The National Payment System Proclamation No.718/2011 similarly recognizes electronic communications and electronic signature in all matters related to national payment systems. Further, the Telecom Fraud Proclamation No. 761/2012 and Computer Crime Proclamation No. 958/2016 stipulate that evidence in the form of electronic message is admissible before a court of law. However, there was no law that provided recognition to all electronic transactions and electronic signatures.
The purposes of the electronic signature law are, therefore, to:
- Fill in the gap created by existing laws regarding the enforceability of electronic documents and electronic signatures;
- Afford legal recognition to electronic signatures and the technologies that promote trust in electronic communication by allowing for the verification of the identity of parties, authentication of messages and ensuring non-repudiation; and
- Create a legal environment that is conducive for electronic transactions.
Key aspects of the recognition of electronic messages and electronic signature under the law
The law stipulates that no electronic message or signature shall be denied legal effect, validity or admissibility as evidence in any legal proceeding solely on the ground that it is in electronic form. The law further states that where any law provides that information shall be in writing, such requirement shall be deemed to have been satisfied if such is rendered or made available in an electronic form and accessible so as to be usable for subsequent reference. When it comes to signature, the law additionally provides that electronic signatures will have equal standing with hand written signatures only if the electronic signature is in the form of reliable electronic signature. The law doesn’t define reliable electronic signature but suggests that it may be subject to different interpretations depending on the “purpose for which the data message was generated or communicated”. However, the law stipulates that the use of a digital signature supported by a valid certificate shall always be deemed to be a reliable electronic signature. A digital signature is defined as a special form of electronic signature that uses asymmetric cryptosystem and meets the following requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using a private key that the signatory can maintain under his sole control; and
- it is linked to the electronic message to which it relates in such a manner that any subsequent change of the electronic message or the signature is detectable;
The law also provides that, in any civil proceedings, an electronic message signed with a reliable electronic signature enjoys the same legal presumption afforded to hand written signature.
Regulatory organs for digital signatures
The law grants the Information Network Security Agency to act as the Root Certificate Authority, which shall have the following powers and functions:
- to license Certification Authorities which issue of digital signature certificate and monitor their conduct and operations;
- to ensure the trustworthiness and the overall security of the crypto system; and
- to issue policies, working procedures and standards that Certification Authorities shall follow.
The law also designates Certification Authorities and defines their role and responsibilities. These Authorities are entities established as businesses with a view to providing digital signatures for any interested persons called subscribers and safeguarding the digital signatures of the subscribers. The Certificate Authority may also provide encryption services provided they satisfy the requirements set by the Root Certificate Authority.
In conclusion, the enactment of the Electronic Signature Law constitutes an important development in that it affords legal recognition to electronic documents and electronic signatures and promotes trust in electronic communication by providing for the verification of the identity of participating parties and authentication of messages. In doing so, it creates a conducive legal and regulatory environment for electronic commerce and, potentially, electronic government in the country.