Advance Access Articles - Volume 19 : 2022


Advance article 1:

Acknowledging the ever-increasing significance of the Kingdom of Saudi Arabia in the global e-commerce market, this article critically examines the e-signature regime of the 2007 Saudi Electronic Transactions Law and its implementing regulation. In doing so, it considers the evolution of the European regime on e-signatures, from Directive 1999/93/EC to Regulation (EU) No 910/2014 (the eIDAS Regulation). The article primarily concludes that the Saudi legislature’s approach to e-signatures has been overly restrictive and calls for different, permissive and careful consideration.

Index words: Electronic signature, e-commerce, e-transactions, Saudi Arabia, European Union, eIDAS Regulation, comparative analysis.


Advance article 2:

The Post Office Horizon scandal in the United Kingdom, possibly the most extensive miscarriage of justice in English legal history, was caused by a number of interrelated factors. These include: the legal presumption that computers are reliable; the unwillingness and failure of judges to order appropriate and necessary disclosure of documents by the Post Office, where required to ensure fairness at trial; the unethical conduct by the board and management of the Post Office; failure by government – the Post Office’s owner, and questionable litigation strategies adopted by the Post Office’s lawyers.

Index words: Post Office; Horizon IT system; disclosure; discovery; electronic evidence; ethics; politics.


Advance article 3:

Mark King - Electronic Execution of Documents Interim Report: a critical analysis

An Industry Working Group set up by a public appointments competition has recently produced Electronic Execution of Documents Interim Report via the Ministry of Justice. The Law Commission dealt with this issue in 2019 in Electronic execution of documents (Law Com No 386, HC2624) and it was suggested that uncertainties may have influenced the degree of confidence of users. The aim of this article is to provide a critical analysis of the Interim Report and its uncritical acceptance of the suggestion.

Index words: Ministry of Justice; England & Wales; electronic execution; electronic documents; electronic signatures; recommendations. 


Advance article 4:

James Christie - The Post Office IT scandal – why IT audit is essential for effective corporate governance

The Post Office Horizon scandal is possibly the most serious corporate failure in the United Kingdom in living memory, and possibly for more than a century. This is because of its disastrous consequences for hundreds (perhaps thousands) of individuals who were wrongly prosecuted by the Post Office and who lost their livelihoods, and often their homes, on the basis of incomplete and misleading evidence from its Horizon computerized accounting system. That corporate failure has given rise to the most extensive miscarriage of justice in English legal history, with an unprecedented number of wrongful convictions now in the process of being reversed.

The Post Office Horizon scandal had many features and causes, but a significant contributory failure was that of corporate governance. There were many warning signs over the years, which should have been acted upon by Post Office Internal Audit and in particular, by specialist IT auditors. The evidence is clear that the Post Office failed to live up to its commitment to corporate governance, and that this failure was neither detected nor acted upon by the government, if civil servants and ministers were aware of the failure, until too late. An effective IT audit function would have contributed significantly to a prevention of the scandal.

Index words: Post Office, Horizon, Fujitsu, IT audit, internal audit, corporate governance, Three Lines of Defence, Institute of Internal Auditors, IIA, AICPA, IAASB, SSAE 16, SSAE 18, ISAE 3402, SAS 70, ISAE 3000, SOC-1, SOC-2, SOC-3, Trust Services Criteria, processing integrity, Justice for Subpostmasters Alliance, Ernst & Young


Advance article 5:

Peter Bernard Ladkin and Martyn Thomas - Assigning IACS cybersecurity responsibility conformant with the UK Network and Information Systems Regulations 2018

Industrial plants constituting a society’s critical infrastructure, for example electricity-generation and water-supply, contain industrial automation and control systems (IACS). IACS nowadays increasingly contain many digital-electronic components whose behaviour is software-controlled. Amongst engineered artifacts, software and thus software-controlled systems are particularly susceptible to functional weakness (‘bugs’ and ‘vulnerabilities’). Such weakness can be exploited by nefarious parties (‘hackers’) to disrupt the critical operation of the plant; a phenomenon called cyber-insecurity whose contrary, cybersecurity, refers to the resistance of the plant to such exploitation. The UK Network and Information Systems Regulations 2018 SI 2018 No. 506 (NIS Regulations) address the cybersecurity of systems within the critical infrastructure, establishing response and reporting requirements for cybersecurity incidents. In January 2022, Her Majesty’s Government issued a call for comments on enhancing the NIS Regulations, following a 2020 review. We derive here detailed organisational reporting and response requirements based on a computer-scientific understanding of the engineering issues, in an environment which includes a central vulnerability-reporting organisation (ICS-CERT, now part of US CISA (CISA, no date), or cyber security incident response team (CSIRT)) as required under the NIS Regulations. 

Index words: IACS, ICS, cybersecurity, responsibility, safety, software, vulnerabilities, organisational responsibility, duties, mandate.