LogoRegulatory Alerts
2014-12-10

Law No. 2014-025 on Electronic Signature

The Presidency of the Republic of Madagascar enacted Law No. 2014-025 to establish legal equivalence and security for electronic signatures relative to handwritten ones. The legislation defines key terms, mandates the equal treatment of all signature techniques regardless of form, and presumes reliability when specific integrity and control conditions are met. It further outlines signatory obligations, empowers accredited certification service providers to validate signatures, and grants foreign electronic certificates and signatures full legal effect in Madagascar provided they offer substantially equivalent reliability.

Banky Foiben'i Madagasikara logo

Madagascar

Banky Foiben'i Madagasikara

Click to view thumbnail

REPUBLIC OF MADAGASCAR Love - Homeland - Progress ————— PRESIDENCY OF THE REPUBLIC ————— LAW NO. 2014-025 On Electronic Signature.

EXPLANATORY MEMORANDUM Since the advent of writing, signatures have served to identify the corresponding author of a letter or document. With the intensification of electronic exchanges, electronic signatures are rapidly developing. To meet national and international expectations, Madagascar must establish legislation that establishes the equivalence between electronic signatures and handwritten signatures on one hand; and provides sufficient security for electronic signatures on the other. These are the objectives of this text. In this same vein, a Steering Committee for the Development of E-Commerce, under the auspices of the Ministry of Commerce and bringing together various ministerial departments and key entities, was established by Decree No. 2012-827 of September 18, 2012. This Committee created three Sub-Committees, one of which, named "e-commerce," having examined the law on electronic transactions, also studied electronic signatures. An electronic signature is a mechanism that guarantees the integrity of an electronic document and authenticates its author, by analogy with the handwritten signature on a paper document. It differs from a handwritten signature in that it is not visual, but corresponds to a sequence of numbers. It may take several forms, which can be classified into six categories: those based on the user's or recipient's knowledge (e.g., passwords, digital signatures within a public key infrastructure; personal identification numbers), those based on the user's physical characteristics (e.g., biometrics), those based on the possession of an object by the user (e.g., codes or other information stored on a magnetic card), scanned handwritten signatures, signatures using a digital pen, and clicking an "OK" or "I accept" box. However, this law does not enumerate them because information technology is constantly evolving. Regarding its reliability, it is presumed reliable unless proven otherwise once it meets the conditions required by this law, and is assessed considering the importance of the subject matter and the associated risk. Thus, the issuance of an electronic certificate is not mandatory but remains a voluntary process. Accordingly, this law makes no mention of the requirement for such a certificate. However, in the context of applying this text, the establishment of the accreditation body and certification service providers will be defined by a decree. This law comprises nine (9) articles:

  • Article 1 enumerates the definitions of key terms used to facilitate understanding of the text.
  • Article 2 defines the scope of application and specifies that this law does not replace any legal rules aimed at protecting consumers.
  • Article 3 highlights the international character that electronic signatures may assume.
  • Article 4 establishes the equal treatment of signature techniques.
  • Article 5 asserts the possibility of a conventional derogation from this law.
  • Article 6 sets out the requirements for electronic signatures and their reliability conditions.
  • Article 7 establishes obligations regarding the signatory.
  • Article 8 concerns certification service providers, and for the application of this law, a decree issued by the Council of Government sets out the procedures for the creation, operation, and accreditation of the accreditation body and certification service providers in accordance with the context and recognized international standards.
  • Article 9 establishes the recognition of foreign electronic certificates and signatures. By establishing the general principles of electronic signatures and being an autonomous law, this Electronic Signature Law will constitute the fundamental text governing the field of electronic signatures. Such is the framework of this law.

PRESIDENCY OF THE REPUBLIC ————— LAW NO. 2014-025 On Electronic Signature

The National Assembly adopted on November 5, 2014, THE PRESIDENT OF THE REPUBLIC, Having regard to the Constitution, Having regard to Decision No. 29-HCC/D3 of December 3, 2014 by the High Constitutional Court, ENACTS THE LAW FOLLOWS:

Article 1. Definitions For the purposes of this law: a) The term "certificate" refers to a data message or other record confirming the link between a signatory and data related to signature creation; b) The term "data message" refers to information created, sent, received, or stored by electronic, optical, digital technology means, or analogous means, including Electronic Data Interchange (EDI), electronic mail, Short Message Service (SMS), Multimedia Message Service (MMS), any other digital or electronic message, telegraph, telex, and facsimile; c) The term "relying party" refers to a person who may act based on an electronic certificate or signature; d) The term "certification service provider" refers to a person who issues certificates and may provide other services related to electronic signatures; e) The term "signatory" refers to a person who holds data related to signature creation and acts either on their own behalf or on behalf of the person they represent; f) The term "electronic signature" refers to electronic data contained in a data message or attached to or logically associated with that message, which can be used to identify the signatory within the data message and indicates their approval of the information contained therein.

Article 2. Scope of Application This law applies when electronic signatures are used independently of the context. It does not replace any legal rules aimed at protecting consumers.

Article 3. Interpretation

  1. For the interpretation of this law, its international origin and the need to promote uniformity in its application and respect for good faith are taken into account;
  2. Questions concerning matters governed by this law that are not expressly regulated by it are resolved according to the general principles from which it is inspired.

Article 4. Equal Treatment of Signature Techniques No provision of this law is applied in a manner that excludes, restricts, or deprives of legal effect any method of creating an electronic signature satisfying the requirements set forth in Article 6 of this law.

Article 5. Conventional Derogation It is possible to derogate from this law or modify its effects by agreement, unless such agreement is invalid or without effect under the applicable law.

Article 6. Fulfillment of the Signature Requirement

  1. When the law requires a signature by a certain person, this requirement is satisfied in the case of a data message if an electronic signature is used whose reliability is deemed sufficient with regard to the purpose for which the data message was created or communicated, taking into account all circumstances, including any agreement on the matter.
  2. The status of the person authorized to affix a signature capable of engaging the liability of a legal entity is defined in accordance with the law governing it, unless a special power is conferred by a contrary provision provided for this purpose.
  3. An electronic signature is presumed reliable if it meets all the conditions set forth below: a) the data related to signature creation are, in the context in which they are used, exclusively linked to the signatory; b) the data related to signature creation were, at the time of signing, under the exclusive control of the signatory; c) any alteration to the signature is detectable; and d) where the legal requirement of a signature aims to guarantee the integrity of the information to which it relates, any alteration to that information after the time of signing is detectable.
  4. Paragraph 3 of this article does not restrict the possibility for any person: a) to establish in any other manner, for the purpose of satisfying the requirement referred to in paragraph 1, the reliability of the electronic signature; nor b) to provide evidence of the unreliability of the electronic signature; c) to decide no longer to consider an electronic signature, subject to prior notice to its counterparty, and notwithstanding that said signature has been certified or not.

Article 7. Obligations of the Signatory

  1. When data related to signature creation can be used to create a signature with legal effects, each signatory: a) takes reasonable measures to avoid any unauthorized use of its data related to signature creation; b) without unjustified delay, uses the provided means or otherwise makes reasonable efforts to notify any person who may reasonably be considered to rely on the electronic signature or provides services aimed at supporting the electronic signature if: i. it knows that the data related to signature creation have been compromised; or ii. it considers, given the circumstances known to it, that there is a significant risk that the data related to signature creation have been compromised; c) takes, when a certificate is used to support the electronic signature, reasonable measures to ensure that all essential declarations it makes regarding the certificate during its entire life cycle or to be included in the certificate are accurate and complete.
  2. A signatory assumes the legal consequences of any failure to meet the requirements set forth in paragraph 1 of this article.

Article 8. On Certification Service Providers Any certification service provider authorized by the accreditation body may determine which electronic signatures satisfy the provisions of Article 6 of this law. To this end, a decree issued by the Council of Government sets out the procedures for the creation, operation, and accreditation of the accreditation body and certification service providers in accordance with the context and recognized international standards.

Article 9. Recognition of Foreign Electronic Certificates and Signatures

  1. To determine whether, or to what extent, a certificate or electronic signature legally produces its effects, no account is taken of: a) the place where the certificate is issued or the electronic signature is created or used; or b) the place where the issuer or signatory has its establishment.
  2. A certificate issued in another country has the same legal effects as a certificate issued in Madagascar, provided that it offers a substantially equivalent level of reliability.
  3. An electronic signature created or used in another country has the same legal effects as an electronic signature created or used in Madagascar, provided that it offers a substantially equivalent level of reliability.
  4. To determine whether certificates or electronic signatures offer a substantially equivalent level of reliability for the purposes of paragraphs 2 or 3 of this article, recognized international standards and all other relevant factors are taken into account.
  5. When, notwithstanding paragraphs 2, 3, and 4 of this article, the parties agree, regarding their relations, to use certain types of agreement deemed sufficient for international recognition purposes, unless it is valid or without effect under the applicable law.

Article 10. This law shall be published in the Official Journal of the Republic. It shall be executed as a law of the State. Promulgated in Antananarivo on December 10, 2014 RAJAONARIMAMPIANINA Hery Martial

Share