Electronic Signatures in the Kenyan Legal Context

Technology has brought a lot of developments in our country in the recent years. You can now undertake bank transactions in the comfort of your home through your mobile phone. You can send any sums of money back and forth as needed, pay your bills and pay for your groceries at the till through MPesa. You can even withdraw money from your bank account through your phone.

And now we also have eGovernment. Government services are also going digital, allowing you to carry out and receive several government services online through https://accounts.ecitizen.go.ke while in the comfort of your home and pay for these services using mobile money.

In the commercial context, more and more people are preferring to do online shopping with the advent of local sites such as Jumia and Kilimall and foreign sites such as Amazon and Ebay. You can order whatever you want online, pay for it using mobile money, electronic card or cash on delivery and have it delivered to your doorstep. You never have to leave your house to look for it.

Inevitably, the question arises for businesses, as the world becomes a little oyster with everybody being able to reach everybody else and transactions being carried out across borders and countries all the time, “Can we also enter into binding contracts online where everything including signing of the document can be done electronically?”

The Kenya Information and Communications Act is quite instructive in addressing this issue. Part VIA of the Act deals with Electronic Transactions and Cyber Security and addresses some of the very questions businesses may have when trying to decide on the viability of electronic contracts.

For instance, the first question likely to be asked is, “Will such a contract be recognized by our Courts and our law?” The answer to this is in the affirmative.

Section 83G of the Kenya Information and Communications Act, provides that any matter that is required to be “in writing” is also satisfied if the matter is made available in an electronic form and remains accessible so as to be usable for a subsequent reference.

Notably, such a document must remain retrievable or accessible in the system for future reference. Various legislation provide for different durations for retention of documents. For instance, the Income Tax Act and the Value Added Tax Act provide for 5 – 7 years record retention for tax purposes while the Companies Act and other Acts provide for 7 – 10 years record retention for legal purposes.

In addition, section 83H of the Kenya Information and Communications Act, provides that for electronic documents to satisfy the requirement for valid retention of documents the record must be retained in the format in which it was originally generated, sent or received and it must contain details which will facilitate identification of the original destination, date and time of dispatch or receipt of such an electronic record.

Accordingly, it is important to ensure the integrity of the system that you are using for purposes of signing documents. For instance, Adobe Acrobat Reader permits a user to sign PDF documents and as you are affixing the signature on the document, it informs you that once you sign and save that document, you will not be able to make any further changes to that document as signed. We use this example purely for illustrative purposes and not as an endorsement of Adobe Reader.

You must look for such security features in a program to be utilized for signing documents. Similarly, the program must have time-stamping abilities to record things such as the time of generation of the document, time of delivery to the recipient, time when the signature was affixed in addition to the format and content of the document signed.

Under Section 83 I of the Kenya Information and Communications Act, the criteria for assessing integrity is whether the information has remained complete and unaltered. This is apart from the addition of any endorsement and any change which arises in the normal course of communication, storage and display. Consequently, integrity of the system is critical.

The second question that is likely to arise is, “Is such a contract valid?”

The answer to that is also in the affirmative.

Section 106F of the Evidence Act provides various presumptions by the Court specifically, that the Court shall presume that every electronic agreement containing the electronic signatures of the parties, was concluded by the digital signature of the parties.

It therefore follows that the general rule with regard to electronic agreements and electronic signatures is that they are valid, which status is recognised by Courts of law.

Section 83 J of the Kenya Information and Communications Act, also recognises electronic contracts. It says, “In the context of contract formation, unless otherwise agreed by the parties, an offer and acceptance of an offer may be expressed by means of electronic messages [;] thus where an electronic message is used in the formation of a contract, the contract shall not be denied validity or enforceability solely on the ground that an electronic message was used for the purpose.”

However it qualifies this broad statement by providing that this section shall not apply where another law specifically provides for a different method for the formation of a valid contract.

So, for instance, the Law of Contract Act of Kenya in section 3 provides that no suit can be based upon a contract for the disposition of an interest in land unless that contract (1) is in writing (2) is signed by all the parties thereto and (3) the signature of each person signing has been attested by a witness who is present when the contract was signed by such party. The Land Act carries similar provisions. And so does the Law of Succession Act in respect to wills. This makes it difficult for such contracts to be executed electronically in as much as electronic signatures have now (in the year 2020) been recognized in some of those legislations.

Accordingly when contracting electronically, it will be important to confirm the requirements of the relevant law affecting the interest that is being contracted upon, so as to be sure how the contract needs to be executed to be valid.

The third question likely to arise, now that we have ascertained that such an electronic contract would be recognized by law/Courts and would be valid, is, “Are there any specific requirements as to how you must sign it?”

Again, the answer is yes, but this is where it gets complicated. It is not as simple as scanning your signature into your computer then pasting it in the document where your signature is required.

Section 83 O of the Kenya Information and Communications Act, provides that an advanced electronic signature is to be used. The Act defines an advanced electronic signature as a signature which:

(1) is uniquely linked to the signatory;
(2) is capable of identifying the signatory;
(3) is created using means that the signatory can maintain under his sole control; and
(4) is linked to the data to which it relates in such a manner that any subsequent change to the data is detectable.

Further, Section 83 O (3) of the Kenya Information and Communications Act, provides that such an advanced electronic signature will only be reliable if:

(1) it is generated through a signature-creation device;
(2) the signature creation data are, within the context in which they are used, linked to the signatory and to no other person;
(3) the signature creation data were, at the time of signing, under the control of the signatory and of no other person;
(4) any alteration to the electronic signature made after the time of signing is detectable; and
(5) where the purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing, is detectable.

With regard to the Court’s requirements for proving electronic signatures, Section 106C of the Evidence Act is instructive that, except in the case of a secure signature (which is an advanced electronic signature as described above), if the electronic signature of any subscriber is alleged to have been affixed to an electronic record, the fact that that signature is the electronic signature of the subscriber, must be proved.

Section 106D of the Evidence Act outlines the form of proof that is to be provided to verify an electronic signature. The Court may direct:

“(a) that person or the certification service provider to produce the electronic signature certificate; or
(b) any other person to apply the procedure listed on the electronic signature certificate and verify the electronic signature purported to have been affixed by that person.”

Thus, to summarize, you would need to use a secure signature, that is, a signature that can only be used by, linked to you or that is unique to you. This would need to be created by a signature creation device, that is, a software or hardware that has been configured to generate an electronic signature, and whose integrity and confidentiality is assured. Further, the electronic signature should be capable of being validated or authenticated by an electronic certification service registered or recognized by the Communications Authority of Kenya. The intention is to make such electronic signatures as foolproof (except where fraud or forgery is alleged) as handwritten signatures on a physical document.

The final question, in our assessment, is, “Are there any signature creation devices or licensed Certification Service Providers recognized in Kenya by the Communications Authority of Kenya?”

The Communications Authority of Kenya is currently (in the year 2021) in discussions with various global leading certification service providers with respect to registration and licensing. While certain bodies have already been registered, we anticipate that as the uptake increases, a list of those bodies authorized to provide electronic signatures and certification services will be published soon by the Authority to guide the marketplace as to where to obtain these services.