Taiwan: Electronic Signature Law Drafted

On 23 December 1999, the Executive Yuan approved the long-awaited draft Electronic Signature Law. The draft will be sent to the Legislative Yuan for deliberation, to provide the ROC with the basic legal framework for digital economic activity and administrative services. The draft law comprises 13 articles, the main points of which are as follows:

It is expressly provided that an electronic signature (digital signature) has legal effect, and that the original or master copy of a previous written document may be re-made as an electronic document. "Electronic document" means text, sound, images, video images, symbols or other data made by electronic means or other means not directly accessible to human perception into a record sufficient to express its intent, and intended for processing.

The draft provides that by agreement of the parties thereto, juristic acts (including those which must be made or evidenced in writing) may be made by means of electronic documents, except where legislation or a public announcement by a government agency expressly provides otherwise. Where legislation requires an original or master document to be provided, the original maker of the document may substitute for it an electronic document which is made with his electronic signature, has a content consistent with the original or master document, and is capable of being authenticated. "Electronic signature" means data attached to an electronic document for the purpose of distinguishing and confirming the identity of the signer and the authenticity of the document.

Where legislation requires the retention of written documents, such records may be retained as electronic documents if their content can be fully expressed by electronic documents and their authenticity verified. By agreement of the parties, electronic signatures may be substituted for signatures or seals attached to such documents. Such electronic signatures are limited to those which are made using security technology, procedures and methods agreed by the parties and which are suitable for verifying the authenticity of electronic documents.

A certification authority must be a company limited by shares, and must draw up certification practice guidelines stating the operating procedures relating to its operation as a certification authority and to its provision of electronic authentication services. It may not offer such services to the public until such guidelines have been submitted to and approved by the regulatory authority and made available for public inspection on a website established by the certification authority; the same applies to changes to such guidelines.

Where a certification authority breaches the regulations, the regulatory authority may, according to the facts of the case, set a time limit for improvement or impose a fine of NT$1 million to NT$5 million, and in severe cases suspend all or part of the certification authority's operations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.