The legal framework for digital signatures in Colombia is one of the first legislations specific to each region. The main laws that are relevant for the activity of Viafirma in Colombia are:
Decreto 1747 de 2000
By which Law 527 of 1999 is partially regulated, regarding certification entities, certificates and digital signatures.
Ley 527 de 1999
It defines and controls access and use of data messages, e-commerce and digital signatures, as well as establishing certification authorities.
Law 527 establishes that the parties can use the electronic signature for any agreement if there is consent by both sides.
2 types of signatures are recognized:
- Digital signature “with the same validity and effects as the handwritten signature” and, according to Decreto 2364 de 2012, with mechanisms that guarantee authenticity and integrity.
- Electronic signature with significant reduction in the burden of proof.
To have the same legal validity as the handwritten signature, the digital signature must have the following features:
- It’s uniquely linked to the person who uses it.
- It is susceptible to verification.
- Under sole control of the person.
- It is linked to the information or message in such a way that, if these are changed, the signature is invalid.
- Supports all legal regulations of the National Government.
Amended by Decreto 19 de 2012, which lists the rules for abolishing or reshaping existing unnecessary regulations, procedures and formalities in the Public Administration.
Ley 527 de 1999 is based on The Model Law on Electronic Commerce (MLEC) from United Nations Commission on International Trade Law. Article 7 stipulates the principle of functional equivalence of electronic signatures, provided that the same functions are fulfilled as those attributed to handwritten signatures. The minimum conditions to be met are:
- To uniquely identify the originator of a data message
- It should indicate that the content has your approval
- It must be reliable and appropriate for the purpose for which the message was generated or communicated.
In Article 2 of Law 527 the digital signature is defined as ”a numerical value which is attached to a data message and which, using a known mathematical procedure, is linked both to both the key of the originator and to the message text”, referring to asymmetric encryption algorithms that use both public and private keys for signature creation and verification.
The decision of the Colombian Supreme Court on December 16, 2010, includes digital and electronic signatures as recognized legal categories in the 527 legislation.
Prohibition of client software certificates
Decreto 1413, in August 2017 prohibits the use of software certificates on clients, limiting the signature to token devices or centralized signature (cloud signature).
Law 527 also states that the certification entities are responsible for granting digital signatures, under the control and supervision of the Superintendency of Industry and Commerce. Decreto 1747 de 2000 defines the certification authorities.
Other applicable regulations
Law 1150 of 2007 (Public Procurement),
Law 962 of 2005 (Electronic Invoicing)
Law 964 of 2005 (Electronic Securities)
- Decreto 019 de 2012. Removal or amendment of existing unnecessary regulations, procedures and formalities in the Public Administration
- Decreto 333 de 2014 (February 19), regulating Article 160 of Decree-Law 19 of 2012.
- Decreto 1078 de 2015 (may 26) Decree 1078 of 2015 (May 26) Single Regulatory Decree of the Information and Communication Technologies Sector.
- Decreto 1413 de 2017 :
- Adding title 17 to part 2 of book 2 of Decreto Único Reglamentario del sector de Tecnologías de la Información y las Comunicaciones, (Decreto 1078 de 2015).
- To partially regulate chapter IV of title III of Law 1437 of 2011 and article 45 of Law 1753 de 2015 establishing general guidelines for the use and operation of digital citizen services.