The electronic signature in Colombia

The legal framework for digital signatures in Colombia is one of the first legislations specific to each region. The main laws that are relevant for the activity of Viafirma in Colombia are:

Decreto 1747 de 2000

By which Law 527 of 1999 is partially regulated, regarding certification entities, certificates and digital signatures.

Ley 527 de 1999

It defines and controls access and use of data messages, e-commerce and digital signatures, as well as establishing certification authorities.

Law 527 establishes that the parties can use the electronic signature for any agreement if there is consent by both sides.

2 types of signatures are recognized:

  1. Digital signature “with the same validity and effects as the handwritten signature” and, according to Decreto 2364 de 2012, with mechanisms that guarantee authenticity and integrity.
  2. Electronic signature with significant reduction in the burden of proof.

To have the same legal validity as the handwritten signature, the digital signature must have the following features:

Amended by Decreto 19 de 2012, which lists the rules for abolishing or reshaping existing unnecessary regulations, procedures and formalities in the Public Administration.

Ley 527 de 1999 is based on The Model Law on Electronic Commerce (MLEC) from United Nations Commission on International Trade Law. Article 7 stipulates the principle of functional equivalence of electronic signatures, provided that the same functions are fulfilled as those attributed to handwritten signatures. The minimum conditions to be met are:

In Article 2 of Law 527 the digital signature is defined as ”a numerical value which is attached to a data message and which, using a known mathematical procedure, is linked both to both the key of the originator and to the message text”, referring to asymmetric encryption algorithms that use both public and private keys for signature creation and verification.

The decision of the Colombian Supreme Court on December 16, 2010, includes digital and electronic signatures as recognized legal categories in the 527 legislation.

Prohibition of client software certificates

Decreto 1413, in August 2017 prohibits the use of software certificates on clients, limiting the signature to token devices or centralized signature (cloud signature).

Certification Authorities

Law 527 also states that the certification entities are responsible for granting digital signatures, under the control and supervision of the Superintendency of Industry and Commerce. Decreto 1747 de 2000 defines the certification authorities.

Other applicable regulations

Law 1150 of 2007 (Public Procurement),

Law 962 of 2005 (Electronic Invoicing)

Law 964 of 2005 (Electronic Securities)