On December 8th, Morocco's House of Representatives adopted, by majority, Bill n°43.20 on trust services for electronic transactions, aimed at completing and updating the law on the electronic exchange of legal data.
The law focuses on updating and renewing the trust services, the legal framework applied to the trust services in electronic transactions and to the means and services of encryption as well as defining the competences of the National Trust Services Authority for Electronic Transactions.
By trust services, it is meant services focused on the creation of electronic signatures and seals, as well as their authentication and conservation. Digital time stamping (date and time of signature), website authentication and electronic registered delivery services. These services will be provided and managed by approved trusted providers.
In view of the variety of trust services, the law distinguishes between authorized trust service providers and non-accredited trust service providers. Therefore, the law regulates two systems:
- A system that allows service providers to provide qualified services, but is subject to strict criteria such as obtaining accreditation from the National Authority for Trust Services.
- A lenient system that is based on permission and does not require any approval and under its framework, permits anyone wishing to provide trust services that do not fall within the scope of the qualified services.
Under the law, one of the main sections is dedicated to the electronic signature. This can be “simple”, “advanced” or “qualified”. These distinctions correspond to different degrees of security. The objective is to be able to use documents created through digital processes as means of proof.
the National Trust Services Authority for Electronic Transactions is a new institution established by the law, Its missions, among others, will consist in setting up the benchmark in the field, in issuing approvals to qualified trust service providers who will be subject to its control. The list of approved service providers will be published on its official website and, annually, in the official bulletin.
The authority has the power to impose sanctions, but only administrative. Therefore, in case of a service provider who fails to comply with the rules, it will be first notified and only when they do not correct their situation within the giving notice, they risk revocation of their approval and removal from the registry of approved service providers.
The text penalizes anyone who offers qualified trust services without authorization with imprisonment (from 3 months to a year) and a fine of up to 500,000 dirhams. Concerning the illegal use of another person's electronic signature or stamp, the text imposes an imprisonment sentence of up to 5 years.