TMT 2024

Last Updated February 22, 2024

Macau, SAR China

Law and Practice

Authors



Rato, Ling, Lei & Cortés – Advogados (Lektou) is a Macau SAR-based law firm with more than 35 years’ experience of legal practice. Services regularly provided by the firm include advising on Macau law, helping international companies start their businesses in Macau, and assisting in the reorganisation of economic groups with connections to Macau. In 2016, Lektou partnered with Zhong Yin Law Firm (PRC) and Fongs (Hong Kong) to open a new office in Hengqin Island, Zhuhai, PRC – ZLF Law Firm. This was the first law office to unite firms from the two Special Administrative Regions and Mainland China. Since then, it has extended and opened an office in Shenzhen. In 2017, Lektou extended its operations to Lisbon, Portugal, through a locally based law firm, Rato & Cortés, as part of its internationalisation strategy to position itself as a legal player in the platform between the PRC and Portuguese-speaking countries.

There are currently no specific regulations in relation to the metaverse in Macau. However, two of the key legal challenges regarding the metaverse in Macau are the issues of applicable law and personality right of the avatar as virtual identity used in the metaverse.

When a private legal relationship involves more than one legal system, the applicable law can be determined in accordance with the conflict rules stipulated in the Macau Civil Code. The Macau Penal Code also contains provisions that help specify what laws apply when multiple legal systems are involved.

However, the metaverse is not bound by geographical borders, allowing users from different parts of the world to participate simultaneously in a virtual location. In this regard, the laws that govern the actions of the avatars may be questionable if Macau courts are called to interfere. Furthermore, in order to cope with the character of the avatar, legal consequences such as suspending the account of the avatar may need to be regulated.

In addition, uncertainty remains over whether an independent legal personality should be granted to avatars. According to the Macau Civil Code, personality begins when the person is fully born and alive. Thus, the idea of granting legal personality to avatars challenges the concept of legal personality stipulated in the Macau Civil Code.

The “distance contract”, one of the common figures in the digital economy, is framed by the Consumer Rights and Interests Protection Law (Law No 9/2021). In accordance with this Law, “distance contract” is defined as the contract concluded between the consumer and the commercial operator, without the simultaneous physical presence of the two, through the exclusive means of distance communication, from the negotiation to the conclusion of the contract, within the remote mode prepared by the trader for the supply of goods or provision of services.

Under the Consumer Rights and Interests Protection Law, special obligations are set out for the commercial operator, for instance, before concluding the distance contract, trade-related information, such as the commercial operator’s identification information, the characteristics of the goods or services, and the way in which consumer complaints are handled by the commercial operator, should be provided to the consumer in a timely, clear, accurate, and understandable manner. The distance contract must contain all the information required by the Consumer Rights and Interests Protection Law, and the contract cannot be altered.

However, there is lack of specific legislation on different aspects of the digital market. One of the key legal challenges is the legislation of the third-party electronic payment platform. Electronic payment is already a very commonly used payment method in Macau; however, there is currently a lack in regulations that specifically address issues like the establishment of third-party electronic payment platforms, oversight of cross-border transactions and cybersecurity in the digital market.

Laws and Regulations

The processing of personal data in the Macau Special Administrative Region (MSAR or Macau) is subject to the legal regime of the Personal Data Protection Act (Law No 8/2005, dated 22 August 2005 ‒ PDPA), which defines personal data as “any information of any kind and regardless of the respective format, pertaining to an identified or identifiable natural person”. Sensitive personal data is further defined as “data related to philosophical or political beliefs, membership of a political or trade union association, religious belief, private life and racial or ethnic origin, health and sex life, including genetic data”. With regard to cloud and edge computing, there is currently no specific regulation on this matter in Macau.

The Personal Data Protection Act (PDPA)

The processing of personal data under the PDPA is subject to key mandatory principles, such as transparency, lawful basis for processing (including the strict observance of privacy rights and of the rights, freedoms and guarantees set out by the Macau Basic Law and applicable legislation), collection limited to specified, explicit and legitimate purposes, and proportionality, and may only be carried out if the data subject has given their unequivocal consent or if the processing is necessary for the purposes set out in the law.

The Macau Personal Data Protection Bureau (PDPB) must be notified in writing within eight days of the start of any processing of personal data under the PDPA (either wholly or partly executed by automatic means), without prejudice to the cases where prior authorisation must be sought.

Whenever data is retrieved directly from the data subject, the person responsible for processing the data, or their representative, must provide the data subject with the information set out in the PDPA (eg, the identity of the controller and their representative, the purpose of the processing, and other ancillary information), and the documents used to retrieve the personal data must contain such information. Also, in the case of data collection in open networks, the data subject must be informed that their personal data may circulate in the network without security, at the risk of being seen and used by unauthorised third parties.

The Personal Data Protection Bureau (PDPB)

From 1 February 2024, the former Office for Personal Data Protection was replaced by the Personal Data Protection Bureau, pursuant to Administrative Regulation No 42/2023.

Directly under the Chief Executive of the Special Administrative Region of Macau, the PDPB is vested with the same powers and took over the functions and operations of the former OPDP.

In the case of cloud computing, the data is likely to be stored in servers abroad – in the case of the transfer of personal data to a destination outside Macau, the PDPA determines that such transfer can only take place if the provisions of said law are respected and if the legal system of the destination ensures an adequate level of protection. Analysis is made on a case-by-case basis by the PDPB.

The transfer to a legal system which does not ensure an adequate level of protection can be made by notification to the PDPB if the data subject has given their unequivocal consent for the transfer or if the transfer is necessary for the purposes set out in the law. It should be noted, however, that regarding sensitive data as well as credit and solvency, the need for authorisation by the PDPB overrides the simple notification procedure, and the transfer cannot take place without such previous authorisation being obtained.

Regarding specific industries such as banking and finance, the Macau Financial System Legal Regime (Law No 13/2023 ‒ RJSF) stipulates that the members of the governing bodies of credit institutions, their senior management officers, their workers, auditors, experts, agents and other persons who provide services to them, whether on a permanent or accidental basis, may not reveal or use, for their own or someone else’s benefit, information or knowledge that has come to them from the exercise of their functions, and includes in the information subject to secrecy the names and other data relating to customers, deposit accounts and their movements, investment of funds and other banking transactions. Such duty of secrecy shall survive even after the functions referred to above have ended.

There is currently no specific legislation on artificial intelligence (AI) in the MSAR. However, the challenges presented by the processing of large amounts of data which include traditional enterprise/company data, machine-generated/sensor data and social data, may concern, on the one hand, the type of data being transferred and generally processed in several networks and, on the other, the need to ensure that these networks are secure and compliant with personal data protection and cybersecurity legislation.

Compliance With the PDPA

One of the biggest challenges for entrepreneurs is compliance with the PDPA with regard to the processing of personal data under its mandatory principles, such as transparency, lawful basis for processing (including the strict observance of privacy rights and of the rights, freedoms and guarantees set out by the Macau Basic Law and applicable legislation), collection limited to specific purposes, and proportionality, and the need to obtain the unequivocal consent of the data subject for the processing (or, alternatively, the need for processing for the purposes set out in the PDPA).

As AI tools necessarily include the processing of large data sets which are often unorganised and may come from several jurisdictions with different personal data protection requirements, such challenge will force large corporations to have dedicated structures (such as chief data officers and ancillary teams or departments) to ensure that, in the processing of data, there is differentiation between general data and personal data, and that such processing is done in accordance with applicable legislation and the security measures provided therein.

Macau Cybersecurity Law

In relation to the Macau Cybersecurity Law (Law No 13/2019, dated 24 June 2019), which seeks to bolster the protection of computer systems regarding cybercrimes and cybersecurity threats against public and private operators of critical infrastructures (as defined in the law), the dedicated structures referred to in the previous paragraph will also need to comply with the general responsibilities and cybersecurity duties provided therein (namely, organisational duties; procedural, preventive and reactive duties; self-evaluation duties; and co-operation duties).

The list of operators of critical infrastructures is defined by Dispatch of the Chief Executive. Currently, under Dispatch 121/2023, there are 139 such operators, 76 of which belong to the financial sector. As previously indicated, there is currently no specific legislation regarding AI. Although the PDPA includes the right of the data subject not to be exposed to individual automated decisions, no further stipulations regulate the issue of automated decision-making. In this regard, and without prejudice to the principles and provisos of the law regarding personal data processing, it is incumbent on the local legislature to update the law so as to ensure that AI-driven decision-making is compatible with core legal principles such as transparency, accountability, legality, and protection of fundamental rights.

Restrictions on a Project’s Scope

With regard to the internet of things (IoT) projects and the data circulating therein, the main piece of legislation which would restrict the scope of a project in such an area would be the PDPA and its stipulations regarding personal data. The processing of personal data through any such device would necessarily have to comply with the applicable stipulations of the law:

  • it must be performed in a transparent manner and in strict observance of privacy rights and of the rights, freedoms and guarantees enshrined in the Macau Basic Law and in applicable legislation; and
  • it may only be carried out if the data subject has given their unequivocal consent, or if the processing is necessary for the purposes set out in the law.

Personal v Sensitive Data

As previously indicated (and without prejudice to the cases where prior authorisation must be sought), the processing of personal data is generally subject to notification to the PDPB, which must be made in writing and within eight days of the start of processing. The processing of sensitive data, on the other hand, is generally forbidden, and can only take place if guarantees of non-discrimination and sufficient security measures (which include the general implementation by the data controller of appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction; accidental loss; unauthorised alteration, dissemination or access; as well as special safety procedures set out in the law) are provided, and in the cases indicated in the law, where the data subject’s explicit consent has been obtained. It is also dependent on prior authorisation by the PDPB.

The IoT may also involve the transfer of personal data abroad; in this regard, the PDPA stipulates that the transfer of personal data to a destination outside Macau can only take place if the provisions of the PDPA are respected and if the destination’s legal system ensures an adequate level of protection. Said analysis is made on a case-by-case basis by the PDPB. However, the transfer to a legal system which does not ensure an adequate level of protection can be made by notification to the PDPB if the data subject has given their unequivocal consent for the transfer or if the transfer is necessary for the purposes set out in the law.

Broadcasting in the MSAR is framed by Law No 8/89/M, of 4 September 1989, which establishes the legal regime for radio and television broadcasting, with the purposes set out therein. Television broadcasting is defined as a public service and is exercised under a concession contract, whereas the activity of sound broadcasting is subject to the licensing regime, the exercise of which depends on the attribution of a licence. Both awards are normally preceded by a public tender.

Radio Broadcasting Concessions

In accordance with Law No 8/89/M, the broadcast of sound/radio is subject to the granting of a licence to operate in the radio-electric public domain spectrum of the MSAR. Sound broadcast radios may be held in the following bands:

  • hectometric waves (medium), modulated amplitude ‒ band between 526.5 kHz and 1606.5 kHz; and
  • metric waves (very short), modulated frequency ‒ band between 87 MHz and 108 MHz.

In accordance with Law No 8/89/M, the chief executive may also allocate other frequency bands of the broadcasting service which are already available or which, as a consequence of technological development, have been added to the International Frequency Allocation Plan. It appears that, to date, no such other frequencies have been included in regulation.

Regarding the administrative procedures related to radio communication services, Decree-Law No 48/86/M, of 3 November 1986, establishes the rules by which said administrative procedures shall be governed, in particular with regard to:

  • the concession, installation and operation of radio communications networks or stations;
  • radio operators;
  • the approval of radio communications equipment; and
  • the commercialisation of radio communications equipment.

The granting of permits for the activity of radio broadcasting under Law No 8/89/M is preceded by a public tender, except when ponderous and duly justified reasons advise a direct award. The radio broadcasting activity can be carried out by any legal person that has its headquarters in Macau and offers guarantees of suitability, technical qualification and financial capacity. The Government Information Bureau (Gabinete de Comunicação Social) is the competent entity that organises the processes related to the granting of permits, and an application for a permit must be accompanied by the following elements:

  • justification note of the request;
  • demonstration of the economic and financial viability of the project;
  • detailed description of the activity to be carried out, with emphasis on the broadcasting time and the schedule map;
  • design of the facilities, including equipment, antennas and studios; and
  • statutes of the applicant.

The permit is valid for five years and can be renewed, for equal periods of time, at the request of the respective holder. The attribution and transmission of permits, as well as the respective alterations, renewals or substitutions, in case of loss or unusability, are subject to the payment of fees, determined in the General Table of Fees and Fines Applicable to Radio Services approved by Administrative Regulation No 16/2010, dated 12 July 2010, lastly amended by Administrative Regulation No 40/2022.

Television Broadcasting Concessions

As with radio broadcasting, the granting of television broadcasting concessions under Law No 8/89/M is also preceded by a competitive bidding process, except when weighted and duly justified reasons advise direct concession. Television broadcasting activity can be granted to any legal person that is incorporated in corporate form and has its headquarters in Macau, for the purpose of exercising the activity to be granted, and offers guarantees of suitability, technical qualification and financial capacity.

The television broadcasting concession contract may authorise the concessionaires to carry out other complementary activities related to the main activity, by themselves or in association with other entities. These activities are those indicated by law, and in exceptional cases, concessionaires may be legal persons of public law or public utility.

Television broadcasting concessions must have a fixed term, to be determined according to the business plan to be developed and the time necessary for the amortisation of the capital invested by the concessionaires, and sub-concession is not allowed. Concessionaires are obliged to fulfil the duties indicated in the law, namely, they are obliged to make the necessary investments to guarantee full coverage, in good technical conditions, of the areas of Macau that are defined in the concession contract, which must establish the amount of investment to be made, the plan and the overall timetable for its implementation.

For the concession, a fee is due, to be determined in the respective contract, without prejudice to any initial grace period established in the contract. Concession contracts may also establish forms of remuneration other than payment in cash, namely, the use of issuance time by grantor.

Furthermore, the licensing regime for satellite television broadcasting activity is regulated by Decree-Law No 3/98/M, dated 19 January 1998, with regard to:

  • installation and operation of satellite television broadcasting telecommunications systems; and
  • provision of satellite television broadcasting telecommunications services.

A licence for the installation and operation of the system or for the provision of telecommunications services for satellite television broadcasting may be requested by telecommunications companies with headquarters and a place of effective management in Macau, and which demonstrate technical suitability and adequate economic and financial capacity. The licence is requested through the Macau Post Office, which is the competent entity to organise and instruct the licensing process and analyse the request, and it is assigned by order of the chief executive, who sets out, on a case-by-case basis, the terms and conditions for exercising the activity.

The holder of a licence to exercise the activity of satellite television broadcasting is required to pay the following fees to the Macau Post Office:

  • installation and operation of the system ‒ from MOP100,000–1 million, depending on the complexity and purpose of the system;
  • provision of the service ‒ MOP100,000 for each broadcast programme; and
  • an annual operating fee, corresponding to 3% of the respective gross operating revenues from licensed systems or services and subsidiary activities.

Online Video Channels

Online video channels such as YouTube would fall under the scope of Administrative Regulation No 24/2002, of 4 November 2002, which subjects the provision of internet services to prior licensing; however, as previously indicated, the use of such technologies through internet connection by existing duly licensed telecommunications entities should not require any further licensing, without prejudice to the applicable telecoms rules.

Requirements

The telecommunications sector in Macau is framed by Law No 14/2001, of 20 August 2001 (the “Telecommunications Act”), which defines the basis of the telecommunications policy of the MSAR, as well as the general framework for the establishment, management and operation of telecommunications networks and the provision of telecommunications services. The provisions of said law do not, however, apply to television and sound broadcasting services, terrestrial or satellite, which are subject to specific legislation. Telecommunications under the law is defined as the transmission, emission or reception of symbols, signs, writing, images, sounds or information of any nature by wire, radio, electricity or other electromagnetic systems. The law further determines that the establishment, management and operation of telecommunications networks and the provision of telecommunications services are in the public interest, and can only be pursued by public or private entities duly authorised to that effect under the terms of the applicable regulations.

The Telecommunications Act also stipulates the objectives of such policy, which include:

  • to gradually liberalise the installation of public telecommunications networks and the provision of public-use telecommunications services;
  • to ensure access to telecommunications by the whole population, at reasonable tariffs and prices, in a non-discriminatory manner and at a level of quality and efficiency that meets their needs, and also their economic and social activities;
  • to ensure the existence and availability of the universal telecommunications service;
  • to ensure equality and transparency of conditions of competition by promoting the diversification of services in order to increase supply and achieve quality standards compatible with the requirements of users; and
  • to ensure the interoperability of public telecommunications networks, as well as the portability of the customer’s number, among others.

It is incumbent upon the government to oversee and supervise telecommunications and the activities of telecommunications operators, without prejudice to the specific competencies of the Macau Post Office.

Licensing of Telecommunications Services

On the licensing of telecommunications services, Administrative Regulation No 32/2000, of 11 September 2000, defines the legal regime for provisional licensing of the activities of public network operators and the provision of telecommunications services for public land mobile use, up to a maximum of three licences, operating in certain frequency bands, and with the adoption of the concepts established by the International Telecommunication Union (ITU). The operation of public telecommunications networks and the provision of telecommunications services for public land mobile use are further defined by the Administrative Regulation No 7/2002, of 15 April 2002, which establishes that said activities are subject to licensing.

The allocation of licences is subject to a public tender, which can be limited with prior qualification, under the terms of the specific regulation of each tender, to be approved by executive order. The bidding regulation defines the terms of the respective procedure, including any prior qualification, as well as the information set out in the law (which includes the amount and method of providing the provisional bond to guarantee the link assumed with the submission of applications and the obligations inherent to the tender, as well as the final bond). The licensed entities are further subject to the payment of:

  • fees for issuing and renewing the licence; and
  • annual operating fees, corresponding to a percentage of gross operating revenue from services provided under licensed activities, to be determined by order of the chief executive, to be published in the Official Bulletin.

The fees related to the use of the radio spectrum, on the other hand, are set out in Administrative Regulation No 8/2006, dated 12 June 2006.

Voice-Over-IP and Instant Messaging

On specific technologies such as voice-over-IP and instant messaging, the applicable legislation would be the Administrative Regulation No 24/2002, of 4 November 2002, which subjects the provision of internet services to prior licensing, to be requested from the chief executive by filing an application with the Macau Post Office, signed by a person with the power to bind the applicant, and whose respective signature and the quality thereof must be certified by a notary. The application must contain the following documents:

  • proof that the applicant is a commercial company duly incorporated in the MSAR, whose scope of business includes the provision of internet services;
  • proof that the applicant has the necessary technical capacity and experience adequate to fulfil the obligations and further specifications of the licence the applicant proposes to obtain, having, namely, a body of qualified personnel for the development of the activity;
  • proof that the applicant has adequate financial and economic capacity;
  • proof that the applicant has up-to-date and adequate accounting of the analysis required for the project they wish to develop;
  • a detailed proposal relating to the operation of the services, presented as a technical plan to be developed, that must contain, namely, the configuration of the technological systems to be used, with reference to access methods and the necessary equipment, as well as planning of the development of the systems and services;
  • an economical and financial plan that includes the price system to be adopted;
  • the applicant’s organisational structure, including the identities and CVs of its main responsible personnel, as well as, where possible, financial statements and audit reports in relation to the accounts of the three prior fiscal years; and
  • any other elements that the applicant deems relevant for a decision on its request.

The licence shall specify the applicable fees and their respective payment period. Namely, the provider is subject to licence issuance and renewal rates of MOP2,000, and to an annual operating fee of MOP1,000 from the year after the licence is issued, to be paid during the month of January each year. These fees do not exempt the service provider from the payment of other fees and taxes that are legally owed.

It should be noted, however, that the use of such technologies through internet connection by existing, duly licensed telecommunications entities should not require any further licensing, without prejudice to the applicable telecoms rules.

RFID Tags

Regarding RFID tags, the Decree-Law No 18/83/M subjects the possession of radio equipment that can transmit, receive or transmit/receive, as well as the establishment or use of a radio station or network, to prior government authorisation. However, exceptions to this rule are reduced radio equipment power and short range, included in categories set out in Chief Executive Dispatch No 198/2014, dated 14 July 2014, as well as the receivers of the radio and television broadcasting service. Therefore, RFID tags in the 13.553–13.567 MHz and 920–925 MHz frequency bands, with a maximum equivalent isotropically radiated power (PIRE) of 1 W, are exempt from prior government authorisation.

Legal Framework Features

There are currently no specific stipulations on IT service agreements in Macau, without prejudice to the general stipulations regarding data in general (regulated and protected under the general civil and commercial regime, as indicated here) and the stipulations on personal data protection (set out in the PDPA).

In accordance with the Cybersecurity Law, which established the general structure of the cybersecurity system of the MSAR (as indicated in 5. Internet of Things), public and private operators of critical infrastructures defined in the law are subject to the general responsibilities and cybersecurity duties (organisational duties; procedural, preventive and reactive duties; self-evaluation duties; and co-operation duties) set out therein.

The organisational duties of private operators of critical infrastructures, within the scope of their organisation, are to:

  • create cybersecurity management units capable of implementing the respective internal protection measures;
  • provide cybersecurity management units with the appropriate human, financial, material and patrimonial means;
  • designate the main person responsible for cybersecurity and the respective substitute, from among individuals with the proper suitability and professional experience, and with habitual residence in the MSAR;
  • make sure that the principal responsible for cybersecurity and their replacement are permanently reachable by the Cybersecurity Incident Alert and Response Centre (CARIC); and
  • establish complaints and denunciation mechanisms related to cybersecurity.

The duties of private operators of critical infrastructures, in terms of procedures and prevention and response to cybersecurity incidents, are to:

  • establish a cybersecurity management regime and respective internal operating procedures;
  • adopt, in accordance with the cybersecurity management regime and applicable technical standards, internal measures for protection, monitoring, alert and response to cybersecurity incidents;
  • inform CARIC of the occurrence of cybersecurity incidents and inform the respective supervisory entity of the fact, as well as immediately initiate actions to respond to serious incidents; and
  • monitor and record the health of the network.

The duties of private operators of critical infrastructures, regarding self-assessment and reporting, are to:

  • assess, by themselves or through specialised entities, the security and risks existing in their networks and systems; and
  • submit an annual cybersecurity report to the respective supervisory entity, mentioning, inter alia, any recorded incidents, the results of the assessment referred to in the previous bullet point and the improvement measures taken.

The duties of private operators of critical infrastructures, as well as their administrators, managers or representatives, with regard to collaboration with CARIC and supervisory entities, are to:

  • allow the representatives of those services to enter their premises, provide them with access to their networks and provide them with the information they request, to the extent necessary to verify compliance with the procedural, preventive and reactive duties referred to above; and
  • provide the support and collaboration necessary to ensure the good management of cybersecurity.

Therefore, any IT service agreement entered into with a local organisation defined as a private operator of critical infrastructures under the Cybersecurity Law must encompass (and comply with) the duties and responsibilities set out above.

Furthermore, and should the IT service agreement touch upon personal data, it is likely that the local entity shall be either the data controller (understood as the natural or legal person, the public entity, the service or any other body that, individually or together with others, determines the purposes and means of processing of personal data under the PDPA) or a subcontractor/processor (classified in the PDPA as the natural or legal person, the public entity, the service or any other body that processes personal data on behalf of the controller). Processing of personal data is defined by the PDPA as “any operation or set of operations performed upon personal data, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction”.

A Local Entity as Data Controller

Should the local entity be the data controller, then it is bound by the obligations set out in the PDPA as indicated above, inter alia, with regard to the need to obtain the unequivocal consent of the data subject and to provide all the necessary information, as well as to ensure that the subcontractor implements the appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular, where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Such measures must ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected, having regard to the state of the art and the cost of implementation.

A Subcontractor as Data Processor

Where processing of data is carried out on behalf of the data controller (eg, by a local entity), the data controller must choose a subcontractor providing sufficient guarantees in respect of the technical security measures and organisational measures governing the processing of the data, and must further ensure compliance with those measures. The processing by a subcontractor must be governed by a contract or legal act, binding the subcontractor to the data controller and stipulating in particular that the subcontractor shall act only on instructions from the data controller, and that the obligations set out in the PDPA regarding data security measures shall also be incumbent on the subcontractor. For the purposes of keeping proof, the parties to the contract or the legal act relating to data protection and the requirements relating to the data security measures must be in writing in a document with legally recognised probative value.

The Electronic Documents and Signatures Law (Law No 5/2005) establishes the legal framework for electronic documents and signatures, in which “electronic document” is defined as the result of electronic data processing for the purpose of reproducing or representing a person, thing, or fact.

In terms of the “electronic signatures”, three types of electronic signatures are distinguished in the Electronic Documents and Signatures Law.

  • “Electronic signature” ‒ simply a set of data in electronic form that, linked or logically associated with an electronic document, can be used as a method to make its authorship known.
  • “Advanced electronic signature” ‒ electronic signature that is unequivocally linked to the signatory and can be used to verify the signatory’s identity, is created using means that are solely under the signatory’s control, and is so linked to the document to which it is affixed that any changes made after it has been applied are detectable.
  • “Qualified electronic signature” ‒ advanced electronic signature based on a qualified certificate, the signature is created through secure signature creation device, and can effectively prevent the signature from being fraudulently used in accordance with internationally recognised standards. Affixing a qualified electronic signature is legally equivalent to an autograph signature.

A qualified certificate should be issued by an accredited certification entity. If the certification entities based abroad or the certificates issued by the former are recognised in Macau by virtue of an instrument of international law or regional agreement, or if the certificates satisfy the other requirements specified by the Electronic Documents and Signatures Law, these certificates are equivalent to the qualified certificates issued by the certification entity established in Macau. The information related to these certificates should be disclosed by the means deemed appropriate by the accredited authority of Macau, as well as made available to the interested parties.

Last but not least, the use of electronic signatures may not be feasible when the laws, regulations or conventions regarding the mandatory use of paper or other special forms of submitting, composing, transmitting, or storing documents, in particular with respect to:

  • notarial and registration acts;
  • procedural acts;
  • acts concerning personal legal relationships;
  • acts relating to tender procedures; and
  • situations in which the physical presence of the signatory or in-person signature recognition is required.
Rato, Ling, Lei & Cortés – Advogados e Notários (Lektou)

Avenida da Amizade, 555
Landmark Office Tower
23rd Floor
Macau SAR

+853 2856 2322

+853 2858 0991

mail@lektou.com www.lektou.com
Author Business Card

Law and Practice

Authors



Rato, Ling, Lei & Cortés – Advogados (Lektou) is a Macau SAR-based law firm with more than 35 years’ experience of legal practice. Services regularly provided by the firm include advising on Macau law, helping international companies start their businesses in Macau, and assisting in the reorganisation of economic groups with connections to Macau. In 2016, Lektou partnered with Zhong Yin Law Firm (PRC) and Fongs (Hong Kong) to open a new office in Hengqin Island, Zhuhai, PRC – ZLF Law Firm. This was the first law office to unite firms from the two Special Administrative Regions and Mainland China. Since then, it has extended and opened an office in Shenzhen. In 2017, Lektou extended its operations to Lisbon, Portugal, through a locally based law firm, Rato & Cortés, as part of its internationalisation strategy to position itself as a legal player in the platform between the PRC and Portuguese-speaking countries.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.