The countries of Central America and the Caribbean have been passing different laws within the framework of the world of electronic commerce, digital signatures and Certification Authorities (CAs). Before talking about their joint evolution, let’s take a short tour through some Central American and Caribbean countries to learn about their particular situation:
Costa Rica
The Central Bank of Costa Rica has two CASs constituted for the issuance of digital signature certificates, one for individuals (CA SINPE – Individuals) and the other for legal entities (CA SINPE – Legal Entities).
The concept of digital certification dates back to the bill presented on February 29, 2002 (Executive Branch to the Legislative Assembly, file 14.276), and it was not until August 22, 2005 that the bill culminated in the approval of the Law of Certificates, Digital Signatures and Electronic Documents. On April 21, 2006, the regulation of the same was published (Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos).
Cuba
The Chamber of Commerce, as Registration Entity, and the computer security company SEGURMATICA, as Certification Entity. Cuba has no specific legislation in this area, as is also the case in other Central American and Caribbean countries (Haiti, Dominica, St. Kitts and Nevis).
El Salvador
El Salvador, did not have a regulation of this type until the entry into force of Electronic Signature Law passed in 2016, which aims to regulate the electronic signature in general for its application to other areas, in addition to the creation of the Electronic Signature Unit, regulated by the Ministry of Economy (MINEC).
Honduras
The Law on Electronic Signatures 2013 regulates the matter in Honduras. Article 29 of said law talks about two different figures, on the one hand the Accreditation Authority, which is the General Directorate of Intellectual Property, and on the other hand the Certification Authorities, which are those that once accredited as such, may provide certification services to both natural and legal persons.
Subsequently, this legislation has been modified, through Executive Agreement number 41-2014, published on May 21, 2015, establishing the Regulation of Electronic Signatures.
Guatemala
Electronic signatures in Guatemala are regulated by the Law for the Recognition of Electronic Communications and Signatures (Decree 47-2008) and its Regulation (Regulation 135-2009).
In Guatemala there are two institutions authorized by the RPSC (Registry of Certification Service Providers)- to issue electronic signatures, Registro Digital Prisma S.A and Cámara de Comercio, the latter has been configured in 2016 as the second certification service provider for the issuance of advanced electronic signatures and as the first CA in the country.
Nicaragua
Article 15 of the Regulations of Law No. 729 (2011) of the Nicaraguan Electronic Signature Law (2010) designates the DGTEC (General Directorate of Technology – Ministry of Finance and Public Credit) as the Governing Entity for Electronic Signature Accreditation. The same law specifies that “the purpose of this law is to regulate the use and effects of the electronic signature in acts or contracts entered into between natural or legal persons carried out by electronic means. The certified electronic signature will have the same legal value as the handwritten signature“.
Article 12 of the Regulation specifies that Certification Service Providers, in the case of foreign entities, must also be governed by the Commercial Code of the Republic of Nicaragua.
Panama
In Panama, the law that regulates this matter is Law No. 82 of 2012. Subsequently supplemented by Executive Decree 684 of 2013 which regulates Law 51 of 2008 and Law 82 of 2012.
Article 82 of said law states that electronic and digital signatures are not the same concept, since the latter refers to an “image of the tracing of the handwritten signature, i.e., it is the result of its scanning. This type of signature is not in any case a qualified electronic signature”. This specification is important, since in some Latin American countries the terms electronic signature and digital signature are used as synonyms.
The Certification Authority of Panama is the Technological University of Panama, which is in charge of issuing certificates to individuals and legal entities.
Dominican Republic
In the Dominican Republic, CAs are governed by the Certification Policies approved by INDOTEL (Dominican Telecommunications Institute), which operates according to Law 126-02 on Electronic Commerce, Documents and Digital Signature (2002) and its Implementing Regulations approved by Decree No. 335-03. INDOTEL has certified several CAs, being AVANSI the first one in 2006.
It should be noted that the Dominican Republic has experienced a very positive evolution in its e-government policies, where authentication is essential and Certification Authorities are therefore a very necessary tool to facilitate it.
Summary Table Certification Authority Central America and the Caribbean by country
Below is a summary table of the status of the Certification Authorities in the different countries of Central America and the Caribbean:
These improvements have often had joint objectives, for example in the Ibero-American Charter of Electronic Government (2007) one of the objectives is “to formalize and institutionalize authorities responsible for the development and consolidation of Electronic Government in Ibero-American governments“, for which the functions of the Certification Authorities were established.
As shown in the previous lines, Certification Authorities in Central America and the Caribbean entered the world of Certification Services Provision at the beginning of the XXI century, making several amendments to their laws and/or regulations to make improvements (excluding countries that do not yet have legislation in this area).
Continuing with these joint objectives, it is worth noting the Study on the prospects for harmonization of cyber-legislation in Central America and the Caribbean (United Nations Conference, 2010), which highlights a disparate level of harmonization in both regulatory strategies and laws; However, there are signs of progress towards regulatory harmonization thanks to the signing and adoption of various initiatives, such as the Central American Free Trade Agreement (CAFTA-RD) or the Central American Uniform Tariff Code (CAUCA) and its Regulations (RECAUCA), which have allowed for a review of regulations and legislation.
Thus, it should be noted that although there are still 6 countries that have yet to legislate and regulate matters related to authentication by electronic certificates and electronic signature solutions and three others that, although they have legislation, do not yet have CA’s, in general the Central American and Caribbean Authorities have their sights set on the systematic standardization of such processes, This is being implemented – albeit unevenly so far – as laws and regulations are implemented in each country, all of them with the aim of adapting to the global transfers and commitments of the information and knowledge society.
We will be back next week.