What are certification authorities? Digital transformation is a trend that is booming in the governments of most countries and Latin America is no exception. Therefore, authentication mechanisms are gaining importance, and with it the electronic certificates and the entities in charge of issuing them.
In this article we will define and explain the importance of the Certification Authorities of the different Latin American countries.
Currently there is a boom in the demand for authentication solutions and therefore digital certificates. As an example of this we have Electronic Government in the Dominican Republic, which has digitized its processes in record time allowing several procedures with citizens to be carried out online.
One of the greatest advantages of using electronic processing is the elimination of space and time barriers, i.e., citizens can access online services and benefits from anywhere and at any time, without waiting, thus democratizing bureaucratic processes.
What are Certification Authorities
A Certification Authority (CA) is a trusted entity responsible for issuing and revoking digital certificates used for electronic signatures. The progressive implementation of e-government or e-Gov confirms the Registry Units in Latin America as a key element for the correct verification of individuals and legal entities.
A CA accredits the link between a given key and its real owner, ensuring its integrity and certifying the relationship between the two. In other words, a digital certificate is an electronic file created by a CA that associates identity data to a natural or legal person, so that electronic processing and electronic signature solutions are configured as a fundamental vehicle on the road to digitization and technological progress.
In addition, a digital certificate serves to identify the signer unequivocally, ensuring the total integrity of the signed document and giving it the same legal validity as a handwritten signature.
We will now analyze some countries in Central America and the Caribbean to learn about their particular situation:
Costa Rica
The Central Bank of Costa Rica has two CASs constituted for the issuance of digital signature certificates, one for individuals (CA SINPE – Individuals) and the other for legal entities (CA SINPE – Legal Entities).
The concept of digital certification dates back to the bill presented on February 29, 2002 (Executive Branch to the Legislative Assembly, file 14.276), and it was not until August 22, 2005 that the bill culminated in the approval of the Law of Certificates, Digital Signatures and Electronic Documents. On April 21, 2006, the regulation of the same was published (Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos).
Cuba
The Chamber of Commerce, as Registration Entity, and the computer security company SEGURMATICA, as Certification Entity. Cuba has no specific legislation in this area, as is also the case in other Central American and Caribbean countries (Haiti, Dominica, St. Kitts and Nevis).
El Salvador
El Salvador, did not have a regulation of this type until the entry into force of La Ley de la Firma Electrónica passed in 2016, which aims to regulate the electronic signature in general for its application to other areas, in addition to the creation of the Electronic Signature Unit, regulated by the Ministry of Economy (MINEC).
Honduras
The Law on Electronic Signatures 2013 regulates the matter in Honduras. Article 29 of said law talks about two different figures, on the one hand the Accreditation Authority, which is the General Directorate of Intellectual Property, and on the other hand the Certification Authorities, which are those that once accredited as such, may provide certification services to both natural and legal persons.
Subsequently, this legislation has been modified, through Executive Agreement number 41-2014, published on May 21, 2015, establishing the Regulation of Electronic Signatures.
Guatemala
Electronic signatures in Guatemala are regulated by the Law for the Recognition of Electronic Communications and Signatures (Decree 47-2008) and its Regulation (Regulation 135-2009).
In Guatemala there are two institutions authorized by the RPSC (Registry of Certification Service Providers)- to issue electronic signatures, Registro Digital Prisma S.A and Cámara de Comercio, the latter has been configured in 2016 as the second certification service provider for the issuance of advanced electronic signatures and as the first CA in the country.
Nicaragua
Article 15 of the Regulations of Law No. 729 (2011) of the Nicaraguan Electronic Signature Law (2010) designates the DGTEC (General Directorate of Technology – Ministry of Finance and Public Credit) as the Governing Entity for Electronic Signature Accreditation. The same law specifies that “the purpose of this law is to regulate the use and effects of the electronic signature in acts or contracts entered into between natural or legal persons carried out by electronic means. The certified electronic signature will have the same legal value as the handwritten signature“.
Article 12 of the Regulation specifies that Certification Service Providers, in the case of foreign entities, must also be governed by the Commercial Code of the Republic of Nicaragua.
Panama
In Panama, the law that regulates this matter is Law No. 82 of 2012. Subsequently supplemented by Executive Decree 684 of 2013 which regulates Law 51 of 2008 and Law 82 of 2012.
Article 82 of said law states that electronic and digital signatures are not the same concept, since the latter refers to an “image of the tracing of the handwritten signature, i.e., it is the result of its scanning. This type of signature is not in any case a qualified electronic signature“. This specification is important, since in some Latin American countries the terms electronic signature and digital signature are used as synonyms.
The Certification Authority of Panama is the Technological University of Panama, which is in charge of issuing certificates to individuals and legal entities.
Dominican Republic
In the Dominican Republic, CAs are governed by the Certification Policies approved by INDOTEL (Dominican Telecommunications Institute), which operates according to Law 126-02 on Electronic Commerce, Documents and Digital Signature (2002) and its Implementing Regulations approved by Decree No. 335-03. INDOTEL has certified several CAs, being AVANSI the first one in 2006.
It should be noted that the Dominican Republic has experienced a very positive evolution in its e-government policies, where authentication is essential and Certification Authorities are therefore a very necessary tool to facilitate it.