Regulation 2011 Online

Electronic Signatures Act



Data Governance

Definitions of Data:

not defined

Main Focus of Document:

Makes provision for electronic signatures amd to regulate the use of electronic signatures

Target Beneficiaries or Sectors:


Key Elements:

  1. Compliance with a requirement for a signature. (1) Where the law requires a signature of a person, that requirement is met in relation to a data message if an electronic signature is used which is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in light of all the circumstances, including any relevant agreement. (3) An electronic signature is considered to be reliable for the purpose of satisfying the requirement referred to in subsection (1) if— (a) the signature creation data are, within the context in which they are used, linked to the signatory and to no other person; (b) the signature creation data were, at the time of signing, under the control of the signatory and of no other person; (c) any alteration to the electronic signature, made after the time of signing, is detectable; and (d) where a purpose of legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable.

  2. Secure digital signatures When a portion of an electronic record is signed with a digital signature the digital signature shall be treated as a secure electronic signature in respect of that portion of the record, if— (a) the digital signature was created during the operational period of a valid certificate and is verified by reference to a public key listed in the certificate; and (b) the certificate is considered trustworthy, in that it is an accurate binding of a public key to a person’s identity because— (i) the certificate was issued by a certification service provider operating in compliance with regulations made under this Act; (ii) the certificate was issued by a certification service provider outside Uganda recognised for the purpose by the controller pursuant to regulations made under this Act; (iii) the certificate was issued by a department or ministry of the Government, an organ of state of statutory corporation approved by the minister to act as a certification service provider on such conditions as the regulations may specify; or (iv) the parties have expressly agreed between themselves to use digital signatures as a security procedure and the digital signature was properly verified by reference to the sender’s public key.

  3. Satisfaction of signature requirements (1) Where a rule of law requires a signature or provides for certain consequences in the absence of a signature, that rule shall be satisfied by a digital signature where—that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification service provider; that digital signature was affixed by the signer with the intention of signing the message; and the recipient has no knowledge or notice that the signer— (i) has breached a duty as a subscriber; or (ii) does not rightfully hold the private key used to affix the digital signature. (2) Notwithstanding any written law to the contrary— (a) a document signed with a digital signature in accordance with this Act shall be as legally binding as a document signed with a handwritten signature, an affixed thumbprint or any other mark; and (b) a digital signature created in accordance with this Act shall be taken to be a legally binding signature.

  4. Digitally signed document deemed to be original document A copy of a digitally signed message shall be as valid, enforceable and effective as the original of the message unless it is evident that the signer designated an instance of the digitally signed message to be a unique original, in which case only that instance constitutes the valid, enforceable and effective message.

Data Digital signature Electronic signature

Policy/regulation mirrored: