APAC’s digital trust regulatory landscape | Ascertia | Blog

The Asia Pacific (APAC) region is experiencing a digital boom, fuelled by a rapidly growing online population and a surge in eCommerce. The region’s digital transformation hinges on trust – trust that online transactions are secure, data is protected and identities are verified.

Electronic signatures (eSignatures) have a critical role in helping business transform paper-based processes and streamline workflows. But digital signatures, which operate at even higher levels of trust can take this transformation further by ensuring the authenticity of critical documents, agreements and contracts.

However, navigating the regulations for these technologies across APAC’s diverse economies can be arduous. This blog dives into a comparative analysis of APAC’s digital trust regulatory landscape in a few key economies.

Why are eSignatures critical for APAC economies?

The APAC region is a huge driver of global economic growth. As internet penetration and eCommerce activity soar, the need for secure and efficient ways to conduct business online becomes paramount.

Let’s investigate why electronic signatures are critical for the continued success of APAC businesses in the digital era:

• Streamlined workflows: eSignatures eliminate the need for physical for document printing, signing and mailing or sending by courier. This significantly accelerates approval processes and saves businesses time and money.
• Enhanced efficiency: eSigning platforms enable faster contract finalisation. They allow businesses to close deals faster and capitalise on opportunities.
• Improved customer experience: Electronic signatures provide a convenient, user-friendly way for customers to sign documents electronically. This leads to higher satisfaction and customer loyalty.
• Increased security: Secure eSigning solutions offer robust authentication methods, PKI encryption and tamper-evident audit trails. They ensure document integrity and reduce the risk of fraud.
• Reduced costs: By removing paper-based processes, eSignatures minimise printing, shipping and document storage costs.
• Global reach: Electronic signatures facilitate seamless collaboration with international partners, regardless of location, fostering cross-border trade and investment.
• Regulatory compliance: Many APAC economies have legal frameworks that recognise eSignatures, making them a compliant, secure alternative to traditional signing processes.

In short, eSignatures are a game-changer for APAC businesses. They propel the digital economy forward and foster a secure, efficient online environment.

APAC region key electronic signature regulations

With the growing importance of eSignatures in APAC countries, understanding the legal landscape is critical. Most economies recognise electronic signatures in some form, and most economies establish a hierarchy of legal weight between simple e-signatures with limited signer authentication and more advanced forms of cryptographic-based digital signatures.

However, the specifics of which signature type is appropriate, and when, can vary significantly and impact how organisations can deploy electronic signatures. It is also important to note that all the regulations mentioned below are still evolving, and staying updated on the latest developments is essential to ensure compliance.

This section highlights some of the key elements of eSigning regulations in various APAC economies, highlighting the types of eSignatures, their legal validity and any specific requirements for using them. By understanding these nuances, organisations can ensure their eSigning practices are compliant and secure, fostering trust in the digital world.

India

India’s Information Technology Act (2000) (IT Act) forms the legal framework for eSignatures. This act recognises two types of eSignatures:

• Electronic signature (ES): This eSignature type requires public key infrastructure (PKI) and a digital certificate issued by a licensed Certifying Authority (CA). It offers the highest level of legal validity.
• Digital signature (DS): This uses a digital signature certificate issued by a licenced authority but does not require PKI. It offers a good level of legal validity but is less secure than ES.

The Information Technology Act also prescribes specific requirements for electronic signatures, including secure creation, storage and verification mechanisms.

Singapore 

Singapore boasts a robust legal framework for eSignatures. The Electronic Transactions Act (ETA) (2010) recognises all forms of eSignatures, including scanned handwritten signatures. To be recognised, they must be reliably associated with the signatory and the document. This flexibility makes eSigning in Singapore more user-friendly. However, for enhanced legal weight, a PKI-based eSignature is recommended.

The ETA also emphasises the importance of recordkeeping and ensuring the integrity of signed documents.

Malaysia 

Malaysia’s Digital Signature Act 1997 recognises two types of electronic signatures:

• Digital signature: Like India, Malaysia’s digital signature utilises a digital signature certificate but does not require PKI.
• Biometric signature: This electronic signature uses a biometric identifier like a fingerprint or iris scan for signing.

The Digital Signature Act prioritises the functionality of the eSignature over the specific technology used. However, the act recommends using PKI-based signatures for increased security.

Australia 

Australia’s Electronic Transactions Act (1999) (ETA) recognises any method that identifies a signatory and their intention to be bound by the document. This includes scanned handwritten signatures, digital signatures with certificates and other reliable, secure methodologies.

The ETA emphasises the importance of reliable systems for creating and storing eSignatures. Additionally, specific industries like healthcare may have their own regulations governing electronic signatures.

China

China’s legal framework for electronic signatures is multi-faceted. The Electronic Signature Law (2014) establishes a tiered eSignature system:

• Low-level eSignature: This offers the least legal weight. It can include scanned handwritten signatures or basic authentication methods.
• Medium-level eSignature: Uses a digital signature issued by a licenced Certification Service Provider (CSP).
• High-level eSignature: The most secure eSignature. It utilises a PKI-based digital signature with a certificate issued by a trusted CSP.

The choice of eSignature type depends on the specific transaction and the required level of legal validity.

Vietnam

Vietnam’s recent Law on Electronic Transactions No. 20/2023/QH15 introduced a new classification for e-signatures based on the level of security they provide:

• Level 1 eSignature: The most basic level, like handwritten signatures or one-time PINs (OTPs). This type of eSignature offers the least legal weight.
• Level 2 eSignature: Employs stronger authentication methods like digital certificates or biometrics. It provides a moderate level of legal weight.
• Level 3 eSignature: the most secure electronic signature in Vietnam. It utilises a qualified digital certificate issued by a licenced CA in accordance with Vietnamese regulations. This eSignature type offers the highest legal equivalence to a handwritten signature.

This revised framework provides clearer distinctions between different eSignature types and their validity.

Japan

Japan’s Electronic Signature and Certification Business Act (2000) (ESCBA) establishes a framework for digital signatures and certification services. It recognises two types of digital signatures:

• Designated digital signature (Shikibetsu Shin’yo Gogyosho): Japan's most secure and legally recognised eSignature. It requires a digital certificate issued by a licenced CA designated by the Japanese government. Designated digital signatures offer the highest legal equivalence to a handwritten signature and are considered tamper-proof under the ESCBA.
• Ordinary digital signature (Ippan Gogyosho): This type of eSignature does not require a certificate issued by a government-designated CA. While legally recognised, ordinary digital signatures may not carry the same weight as designated digital signatures in court. Their legal validity depends on the specific circumstances and the level of security employed during signature creation.

The ESCBA places strict requirements on CAs responsible for issuing certificates for designated digital signatures. These CAs must undergo a rigorous approval process and adhere to strict security standards to ensure the trustworthiness of their certificates.

It is important to note that while the ESCBA recognises other electronic authentication methods (for example, scanned handwritten signatures with additional security measures), they are not classified as “true digital signatures”. They may have limitations in legal enforceability. For maximum legal weight and security, digital signatures are Japan's preferred choice.

Ensure security and compliance in APAC with Ascertia

The APAC digital landscape is brimming with potential. Electronic signatures are a key driver of this growth. However, navigating APAC’s digital trust regulatory landscape is complex.

Ascertia offers a comprehensive suite of digital trust products and services tailored to APAC organisations' specific needs and regulatory requirements. Our solutions comply with each country's latest regulations, ensuring your eSigning practices are secure and legally sound.

Here is how we help empower your success in APAC’s regulatory landscape:

• Compliance expertise: Our experts stay current on evolving APAC eSignature and digital trust regulations.
• Standards support: SigningHub supports the global Cloud Signature Consortium standard for remote digital signing, which allows any compliant remote signing service to be made available to SigningHub customers.
• Seamless integrations: Our eSigning solutions integrate effortlessly with your existing workflows and systems. This minimises disruption, maximises efficiency and ensures your business can get documents signed anywhere, anytime, from any device.
• Global operations: We operate across APAC and beyond, providing you with a single, reliable partner for all your eSignature requirements regardless of your region of operation.
• Enhanced security: Our solutions prioritise robust security features to protect your sensitive data and ensure the integrity of your signed documents.
• Scalability: We’ve designed our solutions to scale with your business, accommodating your growing eSignature needs.

Partnering with Ascertia gives you a competitive edge in the APAC digital marketplace. We empower you to streamline workflows, boost customer satisfaction and operate with confidence in the APAC’s complex digital trust regulatory landscape.

Contact our team today and unlock the full potential of eSignatures for your business.