Electronic Signatures in Qatar

Most articles about electronic signatures in Qatar still cite Decree-Law No. 16 of 2010 as if it were the whole story. It isn't — not since February 2025. The Communications Regulatory Authority (CRA) issued Decision No. 3 of 2025 establishing a full Trust Service Provider regime, formally classifying signatures into three tiers (simple, advanced, qualified), publishing the Qatar Trust Service Framework (QA-TSF) technical specifications that mirror the European eIDAS standards almost line-for-line, and standing up the Qatar Trusted List as the country's authoritative registry of licensed providers. The 2010 law remains the foundation; the 2025 regulation is what businesses actually need to read. This is the complete picture, mapped onto the document types you sign every week and the operational decisions that follow.

Law 16/2010

Decree-Law No. 16 of 2010 promulgating the Electronic Commerce and Transactions Law — the legal foundation for electronic signatures in Qatar. Articles 23-30 establish the framework for certification service providers; Article 28 sets the reliability conditions that an advanced electronic signature must satisfy

State of Qatar Official Gazette

Decision 3/2025

CRA President Decision No. 3 of 2025 published 24 February 2025 in the Official Gazette (4th edition). Replaced the unimplemented 2012 regulation. Established the TSP/QTSP licensing regime, three-tier signature classification, conformity assessment requirements, and the Qatar Trusted List

Communications Regulatory Authority, State of Qatar

QA-TSF

Qatar Trust Service Framework — the technical specifications mandating ETSI EN 319 401, ETSI EN 319 411-1/2, ETSI EN 319 412-1/2/3/5, CEN TS 419 261, ISO/IEC 27001:2022, CA/Browser Forum network security requirements, and SOG-IS cryptographic mechanisms. Effectively a Qatar adoption of the eIDAS technical regime

QA-TSF technical specifications, February 2024

The legal foundation: how Law 16/2010 and Decision 3/2025 fit together

Decree-Law No. 16 of 2010 is the parent statute — the act of the legislature that gives electronic signatures legal effect in Qatar. The 2025 Decision is a regulation issued by the CRA President under that law, supplying the operational machinery the statute left abstract.

Law 16/2010 establishes two things that still apply directly:

Article 28 sets out the conditions under which an electronic signature carries evidentiary weight equivalent to a wet-ink signature: the signature-creation information must be uniquely linked to the signatory, under the signatory's sole control at the moment of signing, capable of detecting any post-signing alteration to the signature, and capable of detecting any post-signing alteration to the signed data where integrity assurance was the purpose.
Articles 23-30 authorise certification service providers and outline their general obligations.

Decision No. 3 of 2025 adds the rest of the picture:

A formal three-tier signature classification (simple, advanced, qualified) lifted from the eIDAS Regulation (EU 910/2014) with eIDAS-compatible definitions
A licensing regime distinguishing Trust Service Providers (TSPs) from Qualified Trust Service Providers (QTSPs), with capital requirements, conformity assessment, and operational obligations
The Qatar Trusted List as the public registry of licensed providers
Cross-border provisions for foreign signatures and certificates meeting equivalent reliability standards
Article 39.1 of the Regulation: an electronic signature retains legal effect and admissibility as evidence even if it does not meet the requirements of advanced or qualified signatures — a non-discrimination clause directly analogous to eIDAS Article 25(1)

The combined picture: Qatar now has a structured, eIDAS-aligned framework where the tier of signature you need depends on the legal weight required for the transaction, not on the absence of options.

The three tiers, applied to Qatar document types

The headline question for any business signing documents in Qatar: which tier do I need? Decision 3/2025 follows the eIDAS taxonomy almost exactly, so the answer maps cleanly onto familiar categories.

Qatar signature tier required by document type under Law 16/2010 and Decision No. 3 of 2025. Simple Electronic Signature (SES) with strong cryptographic evidence satisfies the overwhelming majority of B2B commercial signing under Article 39.1; QES is reserved for state-facing acts and specific regulated instruments.

Jurisdiction	Law	Cross-border transfer rule	Intensity
Employment contracts	Labour Law (Law 14/2004) / Wage Protection System	SES with strong evidence sufficient. Labour Law does not mandate handwritten form for employment agreements; AES strengthens the evidentiary record without being legally required.	Moderate
NDAs and confidentiality agreements	Civil Code (Law 22/2004) / Commercial Companies Law	SES sufficient. Article 39.1 of Decision 3/2025 provides express non-discrimination — no court may refuse evidence purely on electronic form.	Moderate
Vendor and service agreements	Commercial Companies Law (Law 11/2015) / Civil Code	SES sufficient for routine B2B agreements. AES tier appropriate for high-value or contested-counterparty contracts.	Moderate
Commercial leases	Civil Code / Property Leasing Law (Law 4/2008)	SES sufficient for the contractual instrument. Registration with the Ministry of Municipality (MME) where required by Law 4/2008 follows the registry's own procedure.	Moderate
QCB-regulated financial documents	Qatar Central Bank framework / QFMA regulations	Tiered per QCB regulation and product line. Most retail and commercial banking — SES/AES sufficient. Certain capital-markets instruments and cross-border arrangements may require QES.	Restricted
Government tenders and procurement	Government Tenders Law (Law 24/2015)	Increasingly accept electronic submissions but specific tenders may require QES anchored on Smart QID via NAS, or specific signature procedures stated in the tender documentation.	Restricted
Notarial acts (POAs for government use)	Notary Public Law / Civil Code	QES typically required, anchored on a qualified certificate from a Qatar-licensed QTSP or recognised foreign QTSP. The notary's electronic signing process operates through ministry channels.	Strict
Real estate transfer / land registry	Real Estate Registration Law (Law 14/1964 as amended)	Registration with the Real Estate Registration Department follows its own procedure; QES required for any electronic submission that bypasses in-person presentation.	Strict
Family law, wills, inheritance	Family Law (Law 22/2006)	Electronic execution excluded by Article 3 of Law 16/2010. These remain wet-ink, in-person processes through the Sharia courts and notarial channels.	Strict
Negotiable instruments (cheques, bills of exchange)	Commercial Law (Law 27/2006)	Excluded from electronic execution by Article 3 of Law 16/2010. Wet-ink form required for the negotiable instrument itself.	Strict

What changed: the 2025 regulation versus the 2012 instrument it replaced

Before Decision 3/2025, Qatar had a 2012 certification service provider regulation issued under the former Supreme Council of Information and Communication Technology. It was never operationally implemented — no licensed CSPs were ever registered under it. The 2025 Decision is a clean break that replaces the dormant 2012 framework with one that aligns to international standards and is being actively rolled out.

What Decision No. 3 of 2025 added to Qatar's e-signature regime

Formal three-tier signature classification
Simple (SES), Advanced (AES), and Qualified (QES) — lifted from eIDAS Article 3 with eIDAS-compatible definitions. The 2012 instrument used a single-tier validity test; the 2025 regulation gives businesses graduated tools for graduated risks.
TSP and QTSP licensing regime
Two distinct licence tiers. TSPs (QAR 500,000 minimum capital) may provide non-qualified trust services. QTSPs (QAR 5,000,000 minimum capital, plus "qualified status" granted by CRA) may provide qualified services including the issuance of qualified certificates for electronic signatures.
The Qatar Trust Service Framework (QA-TSF) technical specifications
Mandates compliance with ETSI EN 319 401 (general policy), 319 411-1/2 (certificate issuance), 319 412-1/2/3/5 (certificate profiles), CEN TS 419 261 (trustworthy systems), ISO/IEC 27001:2022 (information security management), the CA/Browser Forum baseline, and SOG-IS cryptographic mechanisms. Effectively the eIDAS technical regime, adopted in Qatar with local amendments.
Four formal certificate policies
QA-QCP-n (qualified certificates to natural persons), QA-QCP-l (legal persons), QA-QCP-n-qscd (natural persons with a Qualified Signature Creation Device), QA-QCP-l-qscd (legal persons with a Qualified Seal Creation Device). The qualified-without-QSCD middle tier is a notable nuance — the certificate is qualified, but the signature produced is not a QES in the strict sense.
The Qatar Trusted List
A public, signed XML registry maintained by CRA, modelled on the EU Trusted Lists framework. Lists every licensed TSP and QTSP, their qualified status, and the technical anchors of their certificate chains. Hosted at cra.gov.qa under the Trust Services section.

The four Qatar certificate policies (QA-QCP)

QA-TSF Annex IV defines exactly four certificate policies for qualified-certificate issuance. Knowing which one applies to a given signature changes the legal weight materially.

Alternative

Qualified certificate, no QSCD (QA-QCP-n / QA-QCP-l)

Issued by a QTSP after high-assurance identity verification (IDV-1). Produces an advanced electronic signature backed by a qualified certificate — strong evidentiary weight, but not a QES in the strict eIDAS sense because no Qualified Signature Creation Device was used.

Subject identified at the "high level of confidence" standard via Authority-listed eID tools, cross-certification with an existing qualified certificate, or a CAB-assessed bespoke procedure
Certificate carries Qatar QcStatement (QcType 1 for signatures, QcType 2 for seals)
Suitable for high-value commercial signing where QSCD friction is disproportionate
Cheaper, faster, more flexible than QSCD-backed flows — but you cannot call the output a QES

Recommended

Qualified certificate + QSCD (QA-QCP-n-qscd / QA-QCP-l-qscd)

The full eIDAS-equivalent QES path. Qualified certificate plus a hardware QSCD (Smart QID chip, hardware token, or a remote-signing QSCD operated by the QTSP). Produces a true Qatar Qualified Electronic Signature.

Required for transactions where the law explicitly demands QES — certain notarial acts, government procurement, regulated financial instruments
The QSCD enforces "sole control" cryptographically rather than procedurally
Smart Qatar ID is the locally-available QSCD for natural persons; the QSCD chip + PIN unlocks the qualified signing key
For organisational seals, a hardware QSCD operated by the QTSP or the subscribing organisation

The middle tier (qualified cert without QSCD) is the nuance most legal blogs miss. It is materially different from a non-qualified advanced signature: the subscriber's identity has been verified to the same high-confidence standard a QTSP applies for QES, the certificate carries the same Qatar QcStatement, and the signature carries strong evidentiary weight. It just isn't legally a QES — important for documents where the law explicitly says "qualified electronic signature" (those need the -qscd variant) but a useful instrument for everything else.

NAS and the Smart Qatar ID — the consumer signing rail

Independent of the TSP licensing regime, Qatar already has an operational national digital signing layer: the National Authentication Service (NAS), operated under the Ministry of Communications and Information Technology (MCIT), anchored on the Smart Qatar ID card chip. NAS is what powers digital signing for investors using Qatar Single Window for company formation, mergers, and government filings.

How NAS sits relative to Decision 3/2025:

NAS is end-user infrastructure, not platform infrastructure. A natural person with a Smart QID can sign documents through NAS-integrated services using their card chip plus PIN. This is conceptually a QES — the QSCD is the chip, the qualified certificate is the one provisioned on the QID at issuance.
NAS is not currently a TSP under Decision 3/2025's licensing taxonomy. It is a national authentication service operated by the state; the certificates it provisions on Smart QIDs are issued under the national PKI run by MCIT and recognised by Qatari courts and government bodies under Law 16/2010 directly.
NAS likely maps to QA-TSF IDV-1 option (a). The QA-TSF identity verification clause for qualified certificate issuance lists Authority-listed electronic identification tools as one of the three approved methods. NAS is the obvious candidate for that list once CRA publishes the approved-eID-tools registry.
Non-Smart QID holders cannot sign through NAS remotely. They must visit a Single Window premise or a Qatari embassy abroad to complete signing in person. This is a meaningful UX gap for some signer populations and a constraint to plan around.

For B2B platforms targeting Qatar, NAS is the cleanest path to QES-tier signing for Qatari nationals and Smart QID holders. For non-QID signers (foreign counterparties, certain residents), QES requires a QTSP integration — and as of 2026 that means a foreign QTSP under cross-border recognition until Qatar-licensed QTSPs emerge.

The Qatar Trusted List in 2026 — operational reality

CRA has built the Qatar Trusted List infrastructure: the public web page at cra.gov.qa/en/Services/Trust-Services/Qatar-Trusted-List, a signed XML endpoint referenced as qtsl.xml, and a published signatory certificate (tlsigner1.crt) that any third party can use to verify the list's authenticity. The technical specifications mandate the eIDAS Trusted List format.

As of mid-2026, the list is empty. No QTSP has yet completed the licensing process. This is consistent with the timeline: the Decision came into force in February 2025 with a one-year grace period for compliance (expiring February 2026), and a realistic QTSP application — capital deposit, conformity assessment by a CRA-approved Conformity Assessment Body, ISO 27001:2022 certification, ETSI EN 319 401 audit, business continuity and termination plans — takes 9-18 months end-to-end.

The practical implication: there is no domestic Qatar QTSP to partner with today. Three options remain available for B2B platforms that need QES-tier signing in Qatar:

Step 1

Foreign QTSP under cross-border recognition

Decision 3/2025 contains cross-border provisions for foreign signatures and certificates meeting equivalent reliability standards. EU eIDAS QTSPs are the obvious fit — their QcStatements, certificate profiles, and conformity assessment regime are the standards QA-TSF adopted. Whether a specific Qatari court will give a specific foreign QES the full force of a domestic QES is a legal question that should be confirmed in counsel; the technical equivalence is clear.

Step 2

NAS + Smart QID for Smart-QID-holding signers

Where the signer is a Qatari national or resident with a Smart QID, NAS-anchored signing produces a signature recognised under Law 16/2010 directly. This is the cleanest path for Qatar-internal flows.

Step 3

Wait and SES-with-strong-evidence in the interim

Decision 3/2025 Article 39.1 explicitly provides that signatures not meeting AES/QES requirements still carry legal effect. For B2B commercial signing where the receiving counterparty does not demand QES, SES with strong cryptographic anchoring (PAdES-B-T, RFC 3161 timestamping from a publicly-trusted TSA, hash-chained audit trail) is sufficient today and remains so when Qatar QTSPs eventually land on the Trusted List.

What's legally valid for SahlSign-tier signing today

Putting the pieces together for the question every B2B operator actually has — what can I do today that holds up in a Qatar court?

For commercial agreements — NDAs, employment contracts, vendor contracts, leases, service agreements, supply contracts, software licences — a Simple Electronic Signature with strong cryptographic evidence (PAdES-B-T seal from a publicly trusted certificate authority, RFC 3161 timestamp from an EUTL-listed Time Stamp Authority, SHA-256 document hash, hash-chained audit log) is sufficient under Decision 3/2025 Article 39.1 and Law 16/2010. No QTSP partnership is required. QES becomes necessary only for the narrow set of transactions where the receiving authority — a court, a registrar, a regulator — explicitly demands it.

— The practical guidance for Qatar B2B teams in 2026

The reliability conditions of Law 16/2010 Article 28 — unique linkage, sole control, tamper detection — are technical requirements that a properly-implemented signing platform meets through standard cryptographic mechanisms. SahlSign meets them today through OTP-anchored signer authentication (sole control), PAdES-B-T cryptographic sealing (tamper detection), the publicly-trusted certificate chain (unique linkage to the issuing platform), and the hash-chained audit log (tamper detection across the whole envelope). The Article 28 bar is technology-neutral; it does not require a QTSP.

What changes when you reach for QES is who controls the cryptographic key. In SES with strong evidence, SahlSign as the platform applies the cryptographic seal on behalf of the verified signer. In QES, the qualified certificate is bound to the signer themselves, and the QSCD enforces sole control cryptographically. The legal weight is higher, the operational friction is higher, the use cases are narrower. The right tier is the lowest one that satisfies the receiving authority — not the highest one available.

Qatar versus the broader GCC

Qatar's 2025 framework is structurally close to the UAE's Federal Decree-Law 46/2021 and Oman's Royal Decree 39/2025 — all three are recent eIDAS-aligned modernisations. The differences matter for multi-country GCC operations.

Qatar's e-signature framework compared with adjacent GCC jurisdictions. eIDAS-alignment is now the regional norm; the operational gaps between countries are mostly in identity infrastructure maturity, not in the underlying legal framework.

Jurisdiction	Law	Cross-border transfer rule	Intensity
Qatar	Law 16/2010 + Decision 3/2025 + QA-TSF	Three-tier (SES/AES/QES). TSP/QTSP licensing live. Trusted List infrastructure built but empty as of 2026. NAS + Smart QID for end-user QES.	Moderate
UAE	Federal Decree-Law 46/2021	Three-tier framework, formal trust-service catalogue. UAE Pass as de facto QES identity anchor with 5M+ active users. DIFC and ADGM run separate common-law frameworks for their respective jurisdictions.	Moderate
Saudi Arabia	Royal Decree M/18 of 2007 + sector-specific (SAMA, NCA, NCDC)	Pre-eIDAS framework, more centralised. NCDC operates the national PKI root. Commercial CSPs like Saudi Post / SPL eSign offer signing-as-a-service. Nafath for identity anchoring.	Moderate
Oman	Royal Decree 39/2025	2025 modernisation replacing the 2008 statute. Three-tier classification formalised. Identity infrastructure rollout in progress.	Moderate
Bahrain	Legislative Decree 54 of 2018	Three-tier classification, TRA-supervised certification service providers. Bahrain ID as the national identity anchor.	Moderate
Kuwait	Law 20 of 2014	Pre-eIDAS framework, CITRA-supervised certification authorities. PACI Civil ID as the identity anchor.	Moderate

Five things to verify before deploying e-signing in Qatar

Qatar Decision 3/2025 deployment checklist

Confirm the document type does not legally require QES
The majority of commercial agreements sit under Article 39.1 with SES-tier signing fully sufficient. QES is required for specific notarial acts, certain government tenders that name it in the tender documentation, and a narrow set of regulated financial instruments. When in doubt, the receiving authority's requirements govern.
Verify the signing platform meets Article 28 reliability conditions
Unique linkage to the signatory (cryptographic identity binding via verified email or phone OTP), sole control at the moment of signing (OTP-gated submit with server-side enforcement), tamper-evident binding to the signed data (PAdES-B-T or equivalent), and detectable post-signing alteration (SHA-256 document hash plus hash-chained audit log).
Confirm the cryptographic anchors are from publicly-trusted authorities
The PAdES seal should derive from a certificate authority on a recognised trust list (EUTL is the strongest available standard until the Qatar Trusted List populates). The RFC 3161 timestamp should come from a trusted, ideally EUTL-listed TSA. These are the technical anchors that translate to evidentiary weight in court.
Render bilingual completion certificates in EN and AR
Qatari counterparties sign in Arabic; cross-border signers in English. The Certificate of Completion should cite Law 16/2010 Articles and Decision 3/2025 Article 39.1, list the satisfied reliability conditions, and render correctly in both RTL Arabic and LTR English. This is what counterparties and courts read first.
Plan for the QES upgrade path
Even if today's documents are SES, build the integration architecture to accept a QES upgrade later — either through NAS for Smart-QID-holding signers, or through a foreign QTSP under cross-border recognition (or a future Qatar-licensed QTSP). The PAdES container is the same; only the signing call changes.

How SahlSign maps to the Qatar framework

SahlSign issues Simple Electronic Signatures with strong cryptographic evidence — the tier explicitly recognised under Decision 3/2025 Article 39.1 and meeting the Law 16/2010 Article 28 reliability conditions for commercial signing. Specifically:

Cryptographic sealing: PAdES-B-T (ETSI EN 319 142) embedded into every signed PDF, anchored on a publicly-trusted certificate authority
Trusted timestamping: RFC 3161 timestamps from an EUTL-listed Time Stamp Authority
Audit integrity: SHA-256 hash-chained event log — any post-signing modification breaks the chain and is detectable by any third party
Signer authentication: OTP-anchored identity verification with server-side sole-control enforcement
Bilingual completion certificates: Citing Law 16/2010 and Decision 3/2025 Article 39.1, rendered in true Arabic RTL and English LTR
In-region data residency: Signer PII and signed documents hosted in the GCC region for organisations with data-localisation requirements

The architecture is structurally compatible with a QES upgrade — when Qatar-licensed QTSPs emerge or when integration with NAS becomes available for B2B platforms, the PAdES container accepts an external qualified signature without changes to the application layer.

Decision 3/2025

is the operative instrument for electronic signature regulation in Qatar today. Law 16/2010 remains the statutory foundation; Decision 3/2025 supplies the operational regime — three-tier classification, TSP/QTSP licensing, the QA-TSF technical specifications, and the Qatar Trusted List. Article 39.1 of the Regulation provides express legal effect for simple electronic signatures, which makes SES with strong cryptographic evidence the right default for commercial signing in Qatar. QES becomes necessary only for the narrow set of transactions where the receiving authority explicitly demands it.

CRA President Decision No. 3 of 2025, Official Gazette 4th edition, State of Qatar

Frequently asked questions

Is electronic signature legal in Qatar?

Yes. Decree-Law No. 16 of 2010 (the Electronic Commerce and Transactions Law) gives electronic signatures the same legal weight as wet-ink signatures when the conditions in Article 28 are met. CRA Decision No. 3 of 2025 added a formal three-tier classification (simple, advanced, qualified) aligned to the eIDAS framework. Article 39.1 of the 2025 Regulation also provides a non-discrimination clause: a signature cannot be denied evidentiary value purely because it is electronic.

What changed under CRA Decision No. 3 of 2025?

The Communications Regulatory Authority issued Decision No. 3 of 2025 in February 2025, establishing Qatar's first operational Trust Service Provider regime. It introduced three formal signature tiers (SES, AES, QES), a Qatar Trusted List of licensed providers, conformity assessment requirements, and cross-border recognition provisions. It replaced a 2012 regulation that was never operationally implemented.

What are the three signature tiers in Qatar?

Simple Electronic Signature (SES) — any electronic mark with reasonable evidence of intent. Advanced Electronic Signature (AES) — uniquely linked to the signer, capable of detecting tampering, created under the signer's sole control. Qualified Electronic Signature (QES) — an AES created using a qualified certificate from a licensed Qatar Trust Service Provider, typically anchored on the Smart Qatar ID via NAS. Most B2B commercial documents only require SES with strong evidence.

Can I use DocuSign or Adobe Sign in Qatar?

Yes — they are legally usable for most B2B documents in Qatar under Article 39.1's non-discrimination clause. However, neither is currently listed on the Qatar Trusted List, neither offers Arabic-first interfaces, and both store signing data outside the GCC. For QES-tier signatures or government-facing acts, you would need a provider on the Qatar Trusted List.

Which documents in Qatar still require wet-ink signatures?

Article 3 of Decree-Law 16/2010 excludes specific instruments from electronic execution: family law matters (marriage, divorce, custody), wills and inheritance, and negotiable instruments (cheques, bills of exchange). Real estate transfers and notarial acts typically require QES or in-person presentation. Everything else — employment contracts, NDAs, vendor agreements, tenancy contracts, commercial leases — can be signed electronically.

Do I need to use a Qatar Trusted List provider for ordinary contracts?

No. The Qatar Trusted List is mandatory only for QES-tier signatures (notarial acts, certain government submissions). For SES and AES — which covers the vast majority of B2B signing — any provider that meets Article 28's reliability conditions is legally sufficient. SahlSign produces PAdES-B-T sealed documents with RFC 3161 timestamps from a EUTL-listed TSA, satisfying both the SES and AES evidentiary bars.

Sources

Decree-Law No. 16 of 2010 promulgating the Electronic Commerce and Transactions Law — Almeezan, the Qatar Legal Portal
CRA President Decision No. 3 of 2025 — Communications Regulatory Authority, State of Qatar
QA-TSF Technical Specifications on the General Requirements — February 2024
QA-TSF Technical Specifications on the Issuance of Certificates for Electronic Signatures or Electronic Seals — February 2024
Qatar Trusted List — CRA, the public registry of licensed providers
National Authentication Service (NAS) — MCIT, Qatar Single Window
ETSI EN 319 401, 319 411-1/2, 319 412-1/2/3/5 — European Telecommunications Standards Institute
EU Regulation 910/2014 (eIDAS) — the framework Qatar's QA-TSF substantively mirrors
UNCITRAL Model Law on Electronic Signatures (2001)