MUSCAT : The decree introduces a modernised legal framework that governs electronic transactions, signatures, documents, contracts, and trust services, replacing the previous law issued under Royal Decree No. 69/2008. It underscores the growing need to regulate digital interactions and enhance cybersecurity amid rapid technological developments.

The Decree stipulates that the Minister of Transport, Communications and Information Technology shall issue the executive regulations for the attached law, and shall also issue the necessary decisions to implement its provisions. It also states that the law shall come into effect on the day following its publication, i.e., April 14, 2025.

The new law aims to strengthen trust in electronic services, define responsibilities for trust service providers and intermediaries, and improve the legal clarity surrounding digital signatures and contracts. The law contains seven chapters and 37 articles, compared to the previous law’s nine chapters and 56 articles, reflecting a streamlined and updated approach. It expands the scope of regulation to include not only electronic records and signatures, but also trust services, electronic identity systems, and the responsibilities of intermediaries.

Key Highlights of the Law:
• Electronic documents are recognised as legally valid and original if they meet criteria for clarity, integrity, and verification. They are admissible in court even if not in original form, provided they are the best available evidence.

• A simple electronic signature shall have evidential value if it meets the provisions stipulated in this law, and any interested party may prove by any means that this signature is reliable.

• The law, however, distinguishes between basic and advanced electronic signatures. While a basic signature holds evidential value, advanced certified signatures offer higher legal weight through features such as uniqueness, data integrity, and traceability.

• Contracts may be formed via electronic means, including between automated systems. These digital agreements are granted the same legal enforceability as traditional contracts, provided they comply with regulatory standards.

• Intermediaries, such as internet service providers or platforms, are not held liable for third-party content accessed through their systems—unless they knowingly allow illegal content or fail to act once aware of a violation.

• The law requires licensing for services like digital signatures, identity verification, and electronic certificate issuance. Providers must maintain confidentiality and ensure the accuracy of their data and operations.

• Violations of the law carry criminal penalties of up to five years imprisonment and fines up to RO 50,000. These apply to offenses such as unlicensed service provision, unauthorised data use, and certificate forgery. Legal entities may also be held accountable, with potential confiscation of devices used in offenses.

The law stipulates that the provisions of this law shall apply to electronic transactions, documents, signatures, and trust services. The provisions of this law shall not prejudice the independence of the Central Bank of Oman in conducting its operations and regulating the operations of licensed banks and financial institutions subject to its supervision and oversight, nor the confidentiality of information and data related to such entities, nor access to their systems.

A committee called the ‘Trust Services Management Committee’ shall be established in the field of transportation, communications and information technology. It shall consist of a chairman and a number of experienced members. The bylaws shall specify its working system, and it shall be responsible for the following:

• Approving controls and procedures related to the provision of trust services, especially trust services provided to persons with disabilities, in a manner consistent with their needs.

• Approving the controls, procedures, and standards related to electronic identity systems and electronic identity verification procedures, after coordination with the relevant authorities.

• Granting, determining, suspending, and cancelling licenses to provide trust services, and approving their assignment, as specified in the regulations.

• Accrediting the foreign trust service provider and recognizing the certificates issued by them, as specified in the regulations.

• Approving the creation of root keys for licensed entities and accrediting the root keys created by those entities.

• Approving audit reports on the activities of trust service providers.

For all the latest news from Oman and GCC, follow us on Twitter, Instagram and LinkedIn, like us on Facebook and subscribe to our YouTube page, which is updated daily.