Digital Signature Infrastructure Regulations are Updated

The Secretariat of Public Innovation, an agency under the purview of the President’s Chief of Staff, issued Regulation No. 946/2021 that replaced the current regulatory framework on digital signature infrastructure. 

The Regulation repealed Regulation No. 399-E/2016 of the (former) Ministry of Modernization which used to establish the procedures and technical guidelines applicable to the granting and revocation of licenses to certifying entities.

The Resolution approved a total of eight (8) Annexes:

•    Annex I: “Procedures and complementary technical guidelines of the digital signature regulatory framework for Certifying Entities.”

•    Annex II: “Requirements for the licensing of Certifying Entities to operate with digital signatures.” 

•    Annex III: “Consolidated Certification Policy.” 

•    Annex IV: “Certificate profiles and revoked certificate lists.”

•    Annex V: “Minimum terms in subscriber agreements.” 

•    Annex VI: “Minimum terms in third-party user agreements.”

•    Annex VII: “Tariffs and surety bond amounts.”

•    Annex VIII: “Minimum contents of the privacy policy”.

One of the novelties of the Regulation is that it regulates competency seals, a service that allows digital certificate holders to accredit their competencies, roles, functions and labor relations before third parties. The Regulation provides that the competencies associated with the digital certificate holders can be professional, employment related or similar.

In line with the Regulation, competency seals are conferred by a Competency Seal Authority in charge of accrediting the competencies, roles, functions and labor relations of digital certificate holders. To operate as a Competency Seal Authority, the Regulation requires an entity to have a Competency Seal Authority certificate issued by a Certifying Entity. Certifying Entities may also form a Competency Seal Authority, but to do so they must adapt their documentation.

Under this new regulation, professional associations and any entities that manage professional licenses could act as Competency Seal Authorities, identifying and validating the identity of registered professionals and granting them a competency seal that certifies the validity of their respective licenses.

Another novelty in the Regulation is the possibility of renewing a digital certificate electronically, only once, and as long as no data in the certificate is modified and the subscriber has a valid certificate and the necessary passwords to access his/her private key (PIN/OTP). In the case of certificates of legal entities or applications, the applicant must resubmit the documentation required in Annex III.