In order to promote and ensure trust and legal certainty in electronic transactions and to promote harmonious and uniform legislation on electronic storage, communication and authentication, as well as identification of persons in IT environments, and in a context where different national legal frameworks on the matter apply, Argentina, Uruguay, Brazil and Paraguay signed the MERCOSUR Agreement on the Mutual Recognition of Digital Signature Certificate (hereinafter “Agreement”).
The Agreement, which was published in the Official Gazette on 8 August (1), is made up of 15 articles that together aim to facilitate the use of digital signatures. Thus, in its article 1, the Agreement provides the mutual recognition of digital signature certificates, provided that they have been issued by a Trust Services Provider, in order to give them the same legal and evidentiary value as that granted to handwritten signatures.
It is worth noting that the Agreement provides a definition in Article 2 -similar to the one provided by our law 25.506 (2)– of what is meant by digital signature, describing it as “data in electronic form resulting from the application of a mathematical process to a digital document, using a cryptographic element, requiring information under the exclusive control of the signatory, which is associated with an original person or entity, unequivocally identified, and issued by a Trust Services Provider accredited by each of the Parties”. Regarding the validity of digital signature certificates, the Agreement establishes that those issued in one State Party will have the same legal validity in other States, provided that the Trust Services Provider -accredited under the respective national system (3) – complies with certain requirements such as: compliance with internationally recognised standards; the existence of minimum data that allows the identification of the holder and the service provider that issued it; identification of the period of validity; and the information necessary to verify the signature, among others.
We highlight, among other obligations for States regulated in the Agreement, the obligation to ensure that service providers adapt their practices to the personal data legislation of the State in which they have obtained their accreditation.
In conclusion, we consider that this Agreement, together with the existing Agreements on this matter (4), has the potential to contribute to the promotion of harmonious international relations in Mercosur and constitutes a further step in the adoption of policies aimed at facilitating the use and adoption of digital signatures in Mercosur countries.
Gabriela Szlak and Sofía Orlinsky
*******
- This agreement was signed in the city of Bento Goncalves, Brazil, on 5 December 2019 and entered into force on 12 August 2021. In August 2023, Law 24080 “Mutual Recognition Agreement of Mercosur Digital Signature Certificates” was published in the Official Gazette.
- Article 2 of Law 25.506 on Digital Signature states: “Digital Signature. A digital signature is understood to be the result of applying a mathematical procedure to a digital document that requires information of which the signatory has exclusive knowledge and which is under his absolute control. The digital signature must be susceptible to verification by third parties, such that this verification simultaneously allows the signatory to be identified and any alteration of the digital document subsequent to its signature to be detected”.
- Through the following link, you can access to the licensed certifiers that currently exist in Argentina: https://www.argentina.gob.ar/firmadigital/acraiz/certificadoreslicenciados
- In April, this year, Argentina and Chile established the conditions for mutual recognition of “Digital Signature” (Argentina) and “Advanced Electronic Signature” (Chile) certificates; likewise, since August 2021, the “Agreement on mutual recognition of Mercosur digital signature certificates” has been in force between Uruguay and Argentina.