The use of electronic signatures is regulated by the Kenya Information and Communication Act, 1998 (“KICA”). KICA, under section 83P, recognizes the legality of ‘electronic signatures’ as well as ‘advanced electronic signatures.’
An advanced electronic signature as that which is: uniquely linked to the signatory; capable of identifying the signatory; created using means that the signatory can maintain under his sole control; and linked to the data to which it relates in such a manner that any subsequent change to the data is detectable. On the other hand, an electronic signature is data in electronic form affixed to or logically associated with other electronic data which may be used to identify the signatory in relation to the data message and to indicate the
signatory’s approval of the information contained in the data message.
KICA recognises the validity and legality of using ‘advance electronic signatures’ in the
following provisions:
Section 83O: Where any law requires a signature of a person, that requirement is met in relation to an electronic message if an advanced electronic signature is used that is as reliable as was appropriate for the purpose for which the electronic
message was generated or communicated, in light of all the circumstances, including any relevant agreement…. Such advanced electronic signature must be:
generated through a signature-creation device; the signature creation data are, within the context in which they are used, linked to the signatory and to no other person; the signature creation data were, at the time of signing, under the control
of the signatory and of no other person; and any alteration to the electronic signature made after the time of signing is detectable; and where the purpose of the legal requirement for a signature is to provide assurance as to the integrity of the
information to which it relates, any alteration made to that information after the time of signing, is detectable.
Section 83P: Where any law provides that information or any other matter shall be authenticated by affixing a signature or that any document shall be signed or bear the signature of any person, then, notwithstanding anything contained in that law,
such requirement shall be deemed to have been satisfied if such information is authenticated by means of an advanced electronic signature affixed in such manner as may be prescribed by the Minister.
The Business Laws Amendment Act, 2020 (the “BLAA”) enacted in March 2020 amend several Acts of Parliament to bring into effect the use of electronic signatures and
advanced electronic signatures as provided under KICA. BLAA has gone a long way into bringing into effect the use of electronic signatures and advanced electronic signatures contemplated under Section 83P of KICA. The
amendments made have aided in clarifying that electronic signatures and advanced electronic signatures can be used to execute documents prepared under the various Acts.
It is noteworthy that an ‘electronic signature’may be simply created by a person on their computer (like as a picture format that is copy-pastable). However, only advanced electronic signatures are permitted to substitute physical (‘ink on paper’) signing of a documents which the law (whatever applicable law) require a signature. The same goes for contracts between parties which the Law of Contract regulates.
It is our understanding and advice that advance electronic signatures require authentication/verification by a third party , who would verify that the electronic signature belongs to the signatory and meets the other criteria of advanced electronic signatures.
KICA has provisions for licensing by the Communications Authority of such third parties, Certification Service Providers (e-CSPs) who would issue certificates to validate the signatures (KICA defines ‘certificates’ as a record which is issued by a certification service provider for the purpose of supporting a digital signature which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair; identifies the certification service provider issuing it; names or identifies the person to whom it is issued; contains the public key of the person to whom it is issued; and is signed by a responsible officer of the certification service provider
issuing it). From our enquiries with the Communications Authority, we are informed that Kenya only has one licensed eCSP to date.