Electronic transactions in Morocco
Technology, Media & Telecoms Focus
Ghita GhaitiAssociate,Corporate Commercial
The evolution of technological means has allowed the creation of a new way of concluding contracts through electronic tools. Online contracts have increased particularly with the emergence of e-business. The online business is of course the most important part of the online contracts now.
The Moroccan legislator has therefore assimilated the importance of the formation and conclusion of electronic transactions and has integrated it into its general legislative landscape before drawing more specific contours.
Very quickly, theses first legislative steps have been followed by the development of a regulatory framework regarding the protection of these electronic transactions in order to support this growing of online transactions.
If the legal regulation of electronic contracts and signatures is included in the general law of contracts and in the specific law regarding consumer protection, there is also a specificity about "Smart Contracts" that is interesting to analyze regarding Moroccan legislation.
The conclusion process of an electronic transaction involves in the first place the recognition and establishment of the legal value of this online contract and then the certification of its conclusion by the attachment of an electronic signature.
Whereas in France, the legislator began to regulate the equivalence of written and electronic documents from 2000, Morocco paved the way for this recognition only in 2007 with the enactment of Law No. 53-05 on the electronic exchange of legal data.
This law 53-05 has integrated into the general law of contracts - the dahir forming the code of obligations and contracts (the "DOC") - an entire chapter devoted to "Contracts concluded in electronic form or transmitted by electronic means" which mainly includes provisions relating to the offer and conclusion of a contract in electronic form.
The Moroccan legislator has thereby recognized and integrated into the DOC the equivalence of documents drawn up in written form and in electronic form. When a written document is required for the validity of a legal act, it can be established and preserved in electronic form (Article 2-1 of the DOC).
A written document in electronic form has the same probative force as a written document in paper form (Article 417-1 of the DOC). The writing in electronic form is admitted as a way of proof in the same way as the writing on paper support. This has significantly contributed to changing the processes of evidence in court.
It is recognized in general law that an agreement is valid only if the parties agree on the essential elements of the obligation, as well as on all other lawful terms that the parties consider essential, that is to say the meeting of an offer and an acceptance. Regarding online operations, it is considered that the agreement is concluded by the meeting of an offer and an order.
For electronic offers, the general law of contracts specifies that:
contractual offers,
information:
on goods or services for the purpose of concluding a contract by electronic means, or
addressed during the execution of a contract;
may be communicated to individuals by electronic mail only if the latter has expressly accepted the use of this means.
As for information destined for professionals, it can be transmitted by e-mail, as long as they have provided their e-mail address.
Regarding the order / request, the online requestor/buyer must have had the opportunity to check the details and the total price of his order and to correct any errors before confirming the said order to express his acceptance.
The offeror must acknowledge to the buyer without undue delay and by electronic means the acceptance of the order addressed to him. The offeror is irrevocably bound to the order upon its receipt.
The acceptance, the confirmation, and the acknowledgement of receipt of the order are deemed to have been received when the parties to whom they are addressed can access them.
Let’s consider now another axis of reflection concerning the framework of the data used during the conclusion of a contract. To conclude a contract between two parties, it is necessary to process or even transfer personal data concerning the latter.
Thus, in order to protect the use of these necessary data, the law n° 09-08 of 2009 relating to the protection of individuals regarding the processing of personal data has regulated precisely the processing and transfer of personal data, in particular the data of customers obtained during the conclusion of online contracts.
While taking up the main features of the European law on the subject, the Moroccan legislator has imposed a notification obligation for the processing of “ordinary” personal data and an authorization obligation for the processing of sensitive personal data and the transfer of all data.
Consequently, the law 09-08 has instituted a national commission for the control of the protection of personal data in charge of implementing and ensuring compliance with the provisions of the law and the texts taken for its application.
The legislator has therefore tried to frame the use of electronic transactions in the general law but this did not seem to be sufficient for more specific cases. This is why he considered the protection of the consumer specifically.
In terms of consumer protection, it is only in 2011 that the Moroccan legislator considered consumer protection in the context of online contracts with the enactment of law No. 31-08 providing consumer protection measures relating to contracts concluded at a distance.
The consumer's right to informationBefore the conclusion of the remote contract the supplier have to inform the consumer mainly about the legal situation of the supplier, the deadlines and expenses of delivery, the existence of the right of retractation, the methods of payment/delivery or execution, the various choices offered to him and that allows him to confirm his request or to modify it according to his will.
After the conclusion of the remote contract, the supplier must provide to the consumer the confirmation of the information previously mentioned, the information necessary to make a complaint or to withdraw from the contract, the information concerning the after-sales services and the conditions of cancellation if the contract has an indefinite duration or a duration exceeding one year.
The deadlines to be respected concerning the modalities of realization or not of the contract. The consumer has a period of seven (7) days to exercise his right of withdrawal (thirty (30) days if the supplier has not honored his commitment to confirm in writing the above information).
When the right of withdrawal is exercised, the supplier is obliged to reimburse the total amount paid to the consumer without delay and at the latest within fifteen (15) days of the date on which this right was exercised. After this period, the sum due shall automatically bear interest at the legal rate in force.
Unless the parties have agreed otherwise, the order must be honored within a maximum of thirty (30) days from the day on which the supplier has confirmed receipt of the consumer's order.
Even if the law 31-08 has proven its performance so far, there are some lacks that need to be reviewed following a participatory approach. If the law guarantees the right of access to information, it does not guarantee on the other hand the cancellation of the commercial transaction in case the consumer would not have access to the information. It is advisable to frame this in order to give more strength to the commercial transaction and more guarantees to the protection of the consumer in case of abusive practices.
After having evidenced the effective value of the electronic documents, it is necessary to consider the provisions of the electronic signatures to certify the conclusions.
The electronic signature allows the identification of the signatory of the document and also guarantee the integrity of the data recorded in the document.
The DOC as amended by Law 53-05 provides that when the signature is electronic, a reliable identification process must be used to guarantee its link with the act to which it is attached.
The reliability of an electronic signature process is presumed, until proven otherwise, when that process guarantees a secure electronic signature.
The regulation consider that an electronic signature is secure when it is created, the identity of the signatory is assured and the integrity of the legal act is guaranteed, in accordance with the legislation and regulations in force on the subject.
Law 43-20 relating to trust services for electronic transactions, adopted within the general framework of digital security in 2021, clearly distinguishes three types of security level for electronic signatures: simple, advanced and qualified. The type of signature to be used depends on the level of risk of the envisaged contract.
Any act on which is affixed a qualified electronic signature and whose electronic timestamp is qualified, has the same probative force as the act whose signature is legalized and of certain date.
Law 43-20 provides clear produces guideline for judges in order to instruct their judgments. The law prohibits judges from disregarding the signature solely on the basis that it is electronic and unqualified.
This law therefore framed and delimited the uses of the electronic signature.
It is important to note that, for now, Barid eSign and Eurafric Information are currently the only two electronic certification service providers licensed in Morocco. There is still a whole area to develop in this field!
As previously mentioned, Moroccan positive law has been adapted to facilitate the conclusion of electronic contract by digital means, as provided by the aforementioned law n° 53-05.
As a reminder, this law organizes the regime of contracts concluded by electronic means with the integration in the DOC of a chapter concerning contracts concluded in electronic form or transmitted by electronic means.
To go further, a new form of conclusion and execution of a certain contract completely digital appeared with the development of these technologies.
More specifically, "smart contracts" are digital contracts based on blockchain technology that allow the recording and control of the commitments of the contracting parties and the automatic execution of these commitments.
Smart contracts are subject to the usual conditions of validity of the Moroccan general contract law set out in article 2 of the DOC (an ability to oblige; a valid declaration of intention concerning the essential elements of the obligation; a certain object that can form the subject of the obligation and a lawful cause of obligation).
This method of contracting has both advantages and disadvantages.
These smart contract permit disintermediation and security of the transaction attached to the blockchain technology. Therefore, this process permits reduced costs of verification and execution.
It is necessary to be careful also of the limits of these smart contracts that are numerous.
From a technical side, smart contracts will proceed to the complete application of the stipulations of the smart contract without distinction of any specificity or take consideration of unforeseen circumstances. These contracts are not flexible and impose constraining procedures for their modification.
From a legal side, how can you guarantee a good faith execution in the absence of a trusted third party? That is why this type of contracts can only be applied in some very rare cases where there would be no need for a third-party guarantee for the execution in good faith.
To ensure and guarantee a secure treatment of the online operation and a continuity of the digital system allowing the formation and the conclusion of online contracts, the legislator has implemented a set of legislative texts in this regard.
Therefore, the protection of these electronic transactions requires the evolution of digital trust and the development of cyber security.
To adapt to current digital constraints and evolutions, it is necessary to set up a reassuring legal environment so people could feel legally protected during online transactions.
The use of electronic certification is correlated with this digital trust. This digital trust allows to increase the efficiency of public and private online services and give a new impulse to the development of the economic activity and the digital transformation in Morocco.
Since 2004, Morocco has built up a legal arsenal in this regard that provides a legal framework for digital trust. In 2004, the law no. 07-03 started by completing the penal code concerning the offences related to the automated data processing systems.
Afterward, the digital trust was supported by law n°2-00 relating to copyright and neighboring rights as amended in 2006 and which provides for the fight against computer piracy including "cracking" and digital counterfeiting. After that, law 53-05, as previously mentioned, has supplemented this legal set by providing a legal framework for contracts concluded in electronic form or transmitted by electronic means.
In 2009, online data has been more secured with the law n° 09-08 relating to the protection of individuals with regard to the processing of personal data.
Finally, the law 43-20 of 2021 - the latest enforcement to date - has completed this by putting in place:
The consistency of the trust services, as follows:
Creation of electronic signatures, electronic stamps, electronic time stamping, or electronic registered mail services;
Creation of certificates related to electronic signatures, electronic stamps, electronic time stamps or website authentication;
Authentication of electronic signatures & stamps;
Conservation of electronic signatures and stamps and the related certificates;
The regime applicable to trust services for electronic transactions and cryptology, as well as the conditions of approval and the obligations of the providers of these services;
The obligations of the holder of the electronic certificate;
The powers of the national authority of trust services for electronic transactions;
The provisions relating to the investigation and recording of offences and the applicable penalties;
We can affirm, that with this law, the legislator has actually completed an important part of regulation of the digital trust that was lacking.
If digital trust is important to develop this area, it is necessary to be accompanied by the development of cyber security.
Before 2020, Morocco had a set of disparate texts that allowed the protection of informatics systems globally:
Indeed, in 2001, Morocco has signed, at first, the convention on cyber-attacks adopted in Budapest then it continued at the national level with the law no. 07-03 related to the attacks on the automated data processing systems.
In 2012, Morocco has put in place a national cybersecurity strategy and a national directive on the security of information systems.
Between 2016 and 2018, a decree and an order of the Head of Government have mainly set the protection system for sensitive information systems (SIS) of vital infrastructures and the criteria for approval of SIS audit providers of vital infrastructures and the procedures for conducting the audit.
The last text promulgated in this matter is the law 05.20 on cybersecurity came into force on July 30, 2020. It aims to strengthen the protection and resilience of critical infrastructure (information systems of state administrations, local authorities, public institutions and companies) while also setting a variety of obligations for digital "operators" (operators of public telecommunication networks, internet service providers, cybersecurity and digital service providers, internet platform publishers and any other legal entity under public law).
In this regard, the law 05.20 defines the technical and organizational requirements in terms of cybersecurity to be implemented for critical infrastructures such as data protection (classification of data to be implemented), risk management, business continuity (implementation and maintenance in operational conditions of a business continuity plan), regular auditing of information systems by providers of information systems security audit, qualified service providers etc.
On the supplier side of an online transaction this law provides for obligations of reporting (notification of incidents likely to affect the security of customer information systems), assistance (technical assistance) and prevention (organization of training cycles and exercises for the benefit of staff).
This same law has implemented the Strategic Commission of Cybersecurity whose mission is to set the major orientations of the State in cybersecurity and the National Authority of Cybersecurity which aims to exercise the orientations set by the commission mentioned above.
Therefore, Morocco tries to keep a certain legislative pace in order to follow the current digital evolution. Is it so with the arrival of the 5G frequency which should bring big changes.
Indeed, according to Hmad CHAFIAI, Managing Director of INGECYS TELECOM (a telecom engineering company in Morocco), 5G will bring a radical change both in the speeds offered and in the scope of applications and the degree of sharing of network resources that will redefine business models on a large scale. It represents a huge economical, technological, social and security challenge for operators, companies and government also.
Therefore, 5G cannot be based solely on the regulatory models known today. The new technical characteristics 5G‘s can either be stimulated by legislative developments or, conversely, the great potential of this new technology may be limited by regulation. Indeed, the legislator is working hard to define a regulatory framework that will allow them to take advantage of the innovation train promised by this new technology.
We just have to wait and see how Morocco will welcome this new technological advance!
For further information, please contact Ghita Ghaiti.
Published in May 2023