Electronic signatures in Egypt are governed by Law No. 15 of 2004 — the Electronic Signature Law that made Egypt one of the earliest movers in the Middle East to give electronic signatures full legal effect. Two decades later the statute is still operative; what changed is the operational layer beneath it. ITIDA's Decree 109 of 2005 set out the implementing regulations and the licensing regime for Certification Service Providers (CSPs), the 2014 Constitution's Article 31 entrenched electronic transactions at the constitutional level, the 2020 Personal Data Protection Law (Law 151/2020) added a privacy overlay, and Egypt's Vision 2030 digital-transformation push has accelerated adoption across banking, government, and B2B contracting. This is the picture B2B operators signing in Egypt actually need.
the Electronic Signature Law of 2004 — Egypt's foundational e-signature statute. Article 14 establishes that an electronic signature carrying the technical characteristics specified in the implementing regulations has the same legal effect and evidentiary weight as a handwritten signature. The law was among the first in the MENA region to give electronic signatures full statutory recognition
Arab Republic of Egypt, Official Gazette
the Information Technology Industry Development Agency's executive regulations under Law 15/2004. Sets the licensing framework for Certification Service Providers (CSPs), the technical specifications a compliant electronic signature must meet, root-CA architecture under ITIDA's control, and the supervisory powers ITIDA exercises over licensed providers
ITIDA, Ministry of Communications and Information Technology
Egypt is the largest Arabic-speaking economy and the most populous country in MENA. The B2B contract volume — employment, tenancy, vendor, NDA, banking onboarding — that moves through Cairo, Alexandria, and the new administrative capital makes Egypt the single largest organic e-signature market in the Arab world
World Bank / CAPMAS
The legal foundation: Law 15 of 2004
The Egyptian Electronic Signature Law was issued in April 2004 and remains the operative statute. Three provisions do the heavy lifting:
Article 14 is the operative non-discrimination clause: an electronic signature that satisfies the technical conditions specified in the executive regulations has the same legal effect and evidentiary weight as a wet signature. This is the article every Egyptian commercial dispute over electronic signing turns on.
Article 15 sets the conditions an electronic signature must meet to qualify for the Article 14 evidentiary equivalence:
- Unique linkage to the signatory — the signature must be exclusively associated with the person signing
- Sole control at the moment of signing — the signatory must have exclusive control over the means used to create the signature
- Detectability of post-signing alteration — any change to the document after signing must be identifiable
These three conditions are conceptually identical to eIDAS Article 26 and Saudi M/18 Article 14. Any properly-implemented modern e-signature platform (PAdES-B-T sealing, RFC 3161 trusted timestamping, hash-chained audit trail) satisfies them.
Article 18 carves out the supervisory authority: ITIDA is designated as the regulator with power to license Certification Service Providers, audit their operations, and revoke licences. ITIDA's root CA sits at the top of the Egyptian PKI hierarchy.
ITIDA Decree 109 of 2005: the operational machinery
Where Law 15/2004 is the parent statute, ITIDA's Decree 109 of 2005 is the regulation that actually tells you what a compliant electronic signature looks like in practice. Five things matter operationally:
1. CSP licensing regime. ITIDA licenses Certification Service Providers who can issue qualified certificates to signatories. Licensed CSPs operate as subordinate CAs under ITIDA's national root. As of 2026 the active licensed CSPs include Egypt Trust, MISR Digital Innovation (MDI), Misr Information Services & Trading (MIST), and Egypt for Information Dissemination (EGID). The licensing process is technical and operational — capital requirements, audited operations, defined certificate policies, incident response plans.
2. Technical specifications for certificates. Decree 109 prescribes X.509 v3 certificates, defined certificate policies for natural persons and legal persons, key sizes (minimum RSA 2048 historically, with the market moving to higher), revocation infrastructure (CRL + OCSP), and time-stamping requirements. The technical regime is structurally similar to ETSI EN 319 411-1/2 even though Egypt has not formally adopted those ETSI standards.
3. Hierarchical PKI under ITIDA's root. Unlike the eIDAS Trusted List model where multiple equally-trusted root CAs operate independently, Egypt has a more centralised architecture: ITIDA operates the national root, and licensed CSPs issue end-entity certificates that chain to that root. This is operationally closer to the Saudi NCDC model than the EU eIDAS model.
4. Repository requirements. Licensed CSPs must publish revocation status (CRLs) and certificate policies in publicly-accessible repositories. This is what makes downstream verification possible — any party with a signed document can fetch the issuing CSP's CRL, check whether the signing certificate was revoked at the time of signing, and verify the audit chain.
5. Cross-border recognition framework. Decree 109 includes a mechanism for ITIDA to recognise foreign certificates if the issuing jurisdiction's framework provides equivalent legal effect. This is the path multinational companies use when their global signing platform issues certificates outside Egypt.
What "qualified" means in Egypt
The Egyptian framework doesn't use the eIDAS Simple / Advanced / Qualified terminology, but the market reads tiers similarly. In practice three operational tiers emerge:
Basic electronic signature (SES-equivalent). A typed name, a clicked button, an OTP-verified email signature — anything that captures intent. Admissible as evidence under the general principles of Egyptian evidence law, but without the Article 14 presumption of equivalence to wet ink. Suitable for low-risk internal documents, click-through agreements, and ordinary commercial correspondence.
Advanced electronic signature (AES-equivalent). A signature satisfying Law 15/2004 Article 15's three reliability conditions — unique linkage, sole control, tamper-evident binding. In practice this means a PAdES-B-T sealed PDF with OTP-verified signer identity, RFC 3161 timestamping, and a hash-chained audit log. This is what 95% of B2B signing in Egypt should use. Article 14 evidentiary equivalence applies; courts have accepted properly-implemented AES-equivalent signatures in commercial disputes consistently since the law took effect.
Qualified electronic signature (QES-equivalent). A signature applied using a certificate issued by an ITIDA-licensed CSP, with the signing key held in a qualified signature creation device (typically a hardware token, smart card, or remote HSM). Required for: notarial acts, real-estate registration where the deed must be notarised, certain corporate filings, and specific government interactions. Required by the procurement frameworks of some state-owned enterprises and banks for high-value transactions.
For day-to-day B2B contracting — employment agreements, vendor contracts, NDAs, commercial leases, banking onboarding paperwork — the AES tier is sufficient and legally defensible. Don't over-engineer with QES where the law and the courts don't require it.
The constitutional anchor: Article 31 (2014)
Egypt's 2014 Constitution, in Article 31, commits the state to "secure information and communications technology and protect personal data" and to recognise electronic transactions and signatures as part of the state's digital-economy infrastructure. This is unusual at the constitutional level — most jurisdictions handle e-signatures purely at the statutory layer. The constitutional grounding gives Egyptian electronic signatures additional rhetorical weight in court and forecloses certain narrow attacks that have been used against electronic signatures in other Arab jurisdictions.
The data-protection overlay: Law 151 of 2020
The Egyptian Personal Data Protection Law (Law 151 of 2020) runs in parallel with Law 15/2004 and applies whenever an electronic signing workflow handles personal data — which is essentially always. Key obligations for signing platforms:
- Lawful basis for processing signer PII (typically consent or contract performance)
- Data minimisation — only collect what the signing process requires
- Cross-border transfer restrictions — transferring signer PII outside Egypt requires either adequacy, consent, or contractual safeguards
- Breach notification to the Personal Data Protection Centre within 72 hours
- Data subject rights — access, rectification, erasure (with documented retention exceptions for audit-trail integrity)
For B2B operators, the practical implication is that your signing platform's data-residency posture, its audit-log retention policy, and its breach-response process all matter for Law 151 compliance. GCC and Egypt-region hosting is the simple path; US-hosted platforms put you in a cross-border transfer compliance burden.
Banking and financial services: CBE's overlay
The Central Bank of Egypt (CBE) layers additional rules on top of Law 15/2004 for banking-sector signing. The 2020 CBE digital banking framework and the 2022 instant-payment regulations both reference electronic signatures and digital identity verification, requiring banks to use certificates from ITIDA-licensed CSPs for certain high-value transactions and to integrate with the national digital identity infrastructure (CIT — the Central Identity Toolkit) for KYC and onboarding. For a B2B operator signing with a CBE-regulated counterparty, this typically means the bank will require QES-tier signing for account-opening documentation and AES-tier signing for ongoing transactional documents.
E-invoicing: ZATCA-equivalent for Egypt
Egypt rolled out a mandatory e-invoicing regime in phases between 2020 and 2023, administered by the Egyptian Tax Authority (ETA). Every B2B invoice must now be issued through the ETA portal with a cryptographic signature from an ITIDA-licensed certificate. The e-invoicing signature is a separate object from the underlying contract signature — the contract can be signed via AES; the invoice generated under that contract must be ETA-signed. Treat these as two layers in your signing architecture.
The Tahweel and digital-identity rails
Tahweel (the national digital identity programme, run jointly by MCIT and ITIDA) is the emerging identity rail for Egyptian electronic signing — analogous to Nafath in Saudi Arabia, NAS in Qatar, or UAE Pass in the Emirates. Tahweel-anchored signing isn't yet at the volume of those GCC equivalents but is the trajectory for the next 2–3 years. For platforms building in Egypt now, the architectural decision is to accept that Tahweel integration will become a procurement requirement for government and regulated-sector buyers within the medium term.
Practical workflow: what compliant AES signing in Egypt looks like
For a Cairo-based business signing a vendor contract with an Alexandria-based supplier, the legally-defensible AES workflow is:
- Identify signers via verified email + OTP (SMS or email) at signing time — satisfies Article 15's "unique linkage to the signatory"
- Bind each signature to the specific document hash — satisfies "sole control at the moment of signing"
- Apply a PAdES-B-T cryptographic seal to the final PDF — satisfies "detectability of post-signing alteration"
- Attach an RFC 3161 timestamp from a trusted timestamping authority — supports the audit chain's temporal claims
- Append a hash-chained audit log of every signing event — gives any later disputant the means to verify the chain independently
- Issue a Certificate of Completion in Arabic and English citing Law 15/2004 Article 14 — the document your counterparty's legal team will look for first
This is the workflow SahlSign produces by default for Egyptian signers. The Certificate of Completion is bilingual (Arabic + English), cites Law 15/2004 explicitly, and the audit log is independently verifiable.
Checklist for B2B operators signing in Egypt
- Confirm Law 15/2004 Article 15 reliability conditions are satisfied
Unique signatory linkage, sole control at signing, tamper-evident binding (PAdES-B-T or equivalent), detectable post-signing alteration. Same conceptual conditions as eIDAS Article 26.
- Verify Law 151/2020 data-protection posture
Lawful basis documented, data-minimisation enforced, breach-notification process in place, cross-border transfer constraints met. Egypt-region or GCC-region hosting is the simplest compliance posture.
- Plan for ETA e-invoicing if invoices are in scope
The e-invoicing signature is a separate object from the underlying contract signature. Contracts: AES via Law 15/2004. Invoices: ETA portal with an ITIDA-licensed certificate.
- Confirm CBE bank counterparty signing requirements
Banks may require QES-tier signing with an ITIDA-licensed certificate for account opening and certain high-value transactions. AES is sufficient for routine commercial documents the bank receives but doesn't originate.
- Plan for Tahweel integration in the medium term
Tahweel is the trajectory for Egyptian government and regulated-sector identity. Architect today's flows so a Tahweel handshake can be added at the identity-verification step without rebuilding the signing path.
Frequently asked questions
Is electronic signature legal in Egypt?
+
What is ITIDA and what does it do for e-signatures?
+
Who are the licensed CSPs in Egypt?
+
Do I need a qualified electronic signature (QES) for B2B contracts in Egypt?
+
Can I sign documents in Arabic in Egypt?
+
How does Law 151/2020 (PDPL) affect e-signing in Egypt?
+
of Law 15/2004 is the statutory bedrock for Egyptian electronic signing. An electronic signature meeting Article 15's reliability conditions — unique signatory linkage, sole control at signing, tamper-evident binding — has the same legal effect and evidentiary weight as a handwritten signature. For B2B commercial documents in Egypt, an OTP-verified Advanced Electronic Signature with a PAdES-B-T seal and a hash-chained audit log satisfies the statute. QES via an ITIDA-licensed CSP is required only for notarial acts, real-estate registration, and certain regulated transactions. Build to Article 15's three conditions and you are inside the law.
Egyptian Electronic Signature Law, Law No. 15 of 2004
Related reading
- Electronic Signatures in Saudi Arabia (KSA) — the largest GCC market and a likely counterparty for Egyptian operations expanding into the Gulf; structurally similar centralised-PKI model.
- Electronic Signatures in Qatar — Qatar's CRA Decision 3/2025 is the most recent eIDAS-aligned framework in the region; useful comparison for Egyptian businesses with Qatari counterparties.
- UAE Electronic Transactions Law (Federal Decree-Law 46/2021) — UAE Pass-anchored signing flows that many Egyptian businesses with Dubai or Abu Dhabi operations will encounter.
- PDPL and PDPPL Compliance in E-Signing — the regional data-protection landscape; Egypt's Law 151/2020 fits into the broader MENA PDPL family covered here.
- Why Regional Hosting Matters for Sensitive Documents — the data-residency dimension that runs alongside Egyptian PDPL compliance.
Sources
- Law No. 15 of 2004 — Electronic Signature Law — Information Technology Industry Development Agency
- ITIDA Decree 109 of 2005 — Executive Regulations — ITIDA
- Constitution of the Arab Republic of Egypt, 2014 — Article 31 — Constitute Project
- Law No. 151 of 2020 — Personal Data Protection Law — Personal Data Protection Centre
- Information Technology Industry Development Agency (ITIDA) — Egyptian regulator for the IT industry
- Ministry of Communications and Information Technology (MCIT) — Arab Republic of Egypt
- Central Bank of Egypt (CBE) — banking supervisor and digital-payments regulator
- Egyptian Tax Authority — e-invoicing portal — ETA e-invoicing infrastructure
- Personal Data Protection Centre (PDPC) — the supervisory authority under Law 151/2020
- UNCITRAL Model Law on Electronic Signatures (2001) — the international model Egypt's framework substantively aligns with