Digital Signature Regimen Legal - Full Text Of The Norm

Original Language Title: FIRMA DIGITAL REGIMEN LEGAL - Texto completo de la norma

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
image inicio sitio infoleg MInisterio de Justicia y Derechos Humanos
DIGITAL FIRM Law 25.506 General considerations. Digital certificates. Licensed certificater. Owner of a digital certificate. Institutional organization. Implementing authority. Audit system. Advisory Commission for Digital Signature Infrastructure. Responsibility. Sanctions. Complementary provisions.

Sanctioned: November 14, 2001.

Enacted: December 11, 2001.

The Senate and Chamber of Deputies of the Argentine Nation assembled in Congress, etc. sanction with force of Law:

DIGITAL FIRM LEY

CHAPTER I

General considerations

ARTICLE 1 . Object. The use of electronic signatures and digital signatures and their legal effectiveness under the conditions laid down in this Act is recognized.

ARTICLE 2 . Signature Digital. It is understood by digital signature to the result of applying to a digital document a mathematical procedure that requires information of exclusive knowledge of the signer, finding it under its absolute control. The digital signature should be subject to verification by third parties, such that such verification simultaneously allows the signatory to be identified and to detect any alteration of the digital document after signature.

The signature and verification procedures to be used for such purposes shall be those determined by the Implementation Authority in accordance with existing international technological standards.

Article 3 From the signature requirement. When the law requires a handwritten signature, that requirement is also satisfied by a digital signature. This principle applies to cases where the law establishes the obligation to sign or prescribe consequences for its absence.

ARTICLE 4 Exclusions. The provisions of this Act are not applicable:

(a) Provisions for death;

(b) To legal acts of family law;

(c) To the most personal acts in general;

(d) Acts that must be implemented under requirements or formalities incompatible with the use of the digital signature, either as a result of legal provisions or party agreement.

ARTICLE 5o Electronic signature. It is understood by electronic signature to the set of electronic data integrated, linked or logically associated to other electronic data, used by the signatory as its means of identification, which lacks any of the legal requirements to be considered digital signature. If the electronic signature is unknown, it is for those who invoke it to prove its validity.

ARTICLE 6 Digital document. It is understood by digital document to the digital representation of acts or facts, regardless of the support used for fixing, storage or file. A digital document also satisfies the writing requirement.

ARTICLE 7 Objection of authorship. It is presumed, except proof to the contrary, that any digital signature belongs to the holder of the digital certificate that allows the verification of such signature.

ARTICLE 8 Presumption of integrity. If the result of a digital signature verification procedure applied to a digital document is true, it is presumed, unless otherwise proof, that this digital document has not been modified from the time of signature.

Article 9 Validity. A digital signature is valid if it meets the following requirements:

(a) It has been created during the period of validity of the valid digital certificate of the signer;

(b) Be duly verified by the reference to the digital signature verification data indicated in that certificate according to the corresponding verification procedure;

(c) That such certificate has been issued or recognized, according to Article 16 of the present, by a licensed certificater.

ARTICLE 10. . Remind. Presumption. When a digital document is automatically sent by a programmed device and carries the digital signature of the sender, it will be presumed, unless otherwise proof, that the signed document comes from the sender.

ARTICLE 11. . Original. The electronic documents signed digitally and reproduced in digital format signed digitally from first generation originals in any other support, will also be considered original and possess, as a result, probative value as such, according to the procedures determined by the regulation.

ARTICLE 12. . Conservation. The legal requirement to maintain documents, records or data is also satisfied with the preservation of the corresponding digitally signed digital documents, according to the procedures to be determined by the regulation, provided that they are accessible for subsequent consultation and allow to accurately determine the origin, destination, date and time of their generation, shipment and/or reception.

CHAPTER II

Digital Certificates

ARTICLE 13. . Digital certificate. It is understood by digital certificate to the digitally signed document by a certificater, which links the signature verification data to its holder.

ARTICLE 14. Validity requirements for digital certificates. Digital certificates to be valid must:

(a) To be issued by a licensed certificater by the licensee;

(b) Respond to internationally recognized standard formats, set by the application authority, and contain at least the data that will allow:

1. Unregisterably identify its holder and the licensed certificater that issued it, indicating its validity period and the data that allow its unique identification;

2. Be susceptible to verification regarding its state of revocation;

3. Clearly differentiate the verified information from the unverified information included in the certificate;

4. Consider the information necessary for the verification of the signature;

5. Identify the certification policy under which it was issued.

ARTICLE 15. Period of validity of the digital certificate. For the purposes of this law, the digital certificate is valid only within the period of validity, which begins at the beginning date and ends at its expiry date, having both been indicated in the digital certificate, or its revocation if revoked.

The expiration date of the digital certificate referred to in the previous paragraph may in no case be subsequent to the expiration of the certificate of the licensed certificate that issued it.

The Implementation Authority may establish greater requirements for the exact determination of the time of issuance, revocation and expiration of digital certificates.

ARTICLE 16. Recognition of foreign certificates. Digital certificates issued by foreign certificates may be recognized in the same terms and conditions as required by the law and its regulatory rules when:

(a) They meet the conditions established by this law and the corresponding regulations for certificates issued by national certificaters and a reciprocity agreement signed by the Argentine Republic and the country of origin of the foreign certificater is in force, or

(b) Such certificates are recognized by a licensed certificater in the country, which guarantees their validity and validity in accordance with this law. In order to have effects, this recognition must be validated by the application authority.

CHAPTER III

From the licensed certificater

ARTICLE 17. From the licensed certificater. It is understood as a licensed certificater to any person of ideal existence, public registration of contracts or public agency that issues certificates, provides other services in relation to the digital signature and has a license for it, granted by the licensee.

The activity of non-public licenseees shall be provided in competition. The tariff of the services provided by the licensed certificaters shall be freely established by them.

ARTICLE 18. . Certificates per profession. Entities that control the registration, in relation to the provision of professional services, may issue digital certificates in respect of this function, with equal validity and legal scope as the signatures carried out in handwritten form. To that end, they must meet the requirements to be a licensed certificater.

ARTICLE 19. Functions. The licensed certificater has the following functions:

(a) Receive a digital certificate issue request, signed digitally with the corresponding digital signature verification data of the applicant;

(b) To issue digital certificates in accordance with its certification policies and the conditions specified by the implementing authority in the regulation of this law;

(c) Unmistakably identify the digital certificates issued;

(d) Keep copies of all digital certificates issued, stating their date of issuance and expiry if applicable, and of their corresponding emission requests;

(e) Revoke the digital certificates issued by him in the following cases, among others that will be determined by the regulation:

(1) At the request of the holder of the digital certificate.

(2) If he determined that a digital certificate was issued on the basis of false information, which at the time of the issue had been subject to verification.

(3) If you determine that emission and/or verification procedures have ceased to be safe.

(4) By special conditions defined in your certification policy.

(5) By court or enforcement authority.

(f) Report publicly the status of digital certificates issued by him. Revoked digital certificates must be included in a list of revoked certificates indicating date and time of revocation. The validity and authorship of such a list of revoked certificates must be guaranteed.

ARTICLE 20. . License. In order to obtain a license, the certificater must comply with the requirements established by law and process the respective application to the licensee, which shall grant the license prior legal and technical opinion that accredits the ability to comply with its duties and obligations. These licenses are intransferable.

ARTICLE 21. Obligations. These are obligations of the licensed certificater:

(a) To inform those who request a certificate prior to their issuance and using a means of communication the precise conditions of use of the digital certificate, its characteristics and effects, the existence of a licensing system and the procedures, a form that guarantees their possible patrimonial responsibility and the effects of the revocation of their own digital certificate and the license granted by the licensee. Such information should be freely accessible in easily understandable language. The relevant part of such information shall also be available to third parties;

(b) Refrain from generating, requiring, or by any other means to gain knowledge or access under any circumstances, the digital signature creation data of the digital certificate holders issued by it;

(c) Maintain exclusive control of your own digital signature creation data and prevent disclosure;

(d) Operate using a technically reliable system according to what the application authority determines;

(e) Notify the applicant of the measures he is required to adopt to create secure digital signatures and for reliable verification, and the obligations he assumes for the sole fact that he is holder of a digital certificate;

(f) Recover only those personal data of the holder of the digital certificate that are necessary for the issue, leaving the applicant free to provide additional information;

(g) To maintain the confidentiality of any information not included in the digital certificate;

(h) To make available to the applicant for a digital certificate all information concerning its processing;

(i) Maintain supporting documentation of digital certificates issued, for ten (10) years from their expiry or revocation date;

(j) Incorporate in your certification policy the effects of the revocation of your own digital certificate and/or the license granted by the application authority;

(k) To publish on the Internet or in the network of public access to the transmission or dissemination of data that replaces it in the future, permanently and uninterruptedly, the list of revoked digital certificates, the certification policies, the relevant information of the reports of the last audit that had been the subject, its manual of procedures and any information that the implementing authority may determine;

(l) To publish in the Official Gazette such data as may be determined by the implementing authority;

(m) Register any submissions made to you, as well as the procedure given to each of them;

(n) To inform in the certification policies if the digital certificates issued by it require verification of the identity of the holder;

(o) To verify, in accordance with the provisions of its procedures manual, any other information to be verified, which should be contained in the certification policies and in the digital certificates;

(p) Immediately request the licensee to revoke his certificate, or to inform him of the revocation of the certificate, when there are indications that the digital signature creation data he uses had been compromised or when the use of the procedures for the application of the digital signature verification data in it contents have ceased to be safe;

(q) Immediately inform the licensee of any changes in the data relating to your license;

(r) Allow the entry of authorized officers of the application authority, the licensor or auditors to their operating premises, to make available all necessary information and to provide the assistance of the case;

(s) Employ suitable personnel with specific knowledge, the experience necessary to provide the services offered and in particular, managerial competence, technical expertise in the field of digital signature and appropriate experience in relevant security procedures;

(t) To submit to the licensee the procedures manual, the security plan and the cessation of activities, as well as the details of the technical components to be used;

(u) To establish a legal domicile in the Argentine Republic;

(v) To have sufficient human and technological resources to operate in accordance with the requirements of this Act and its regulations;

(w) Comply with any other emerging obligation of its quality as a license holder awarded by the licensee.

ARTICLE 22. Cess from the certificater. The licensed certifier ceases in such quality:

(a) By unilateral decision communicated to the licensee;

(b) Cancellation of legal status;

(c) For cancellation of your license arranged by the licensee.

The enforcement authority shall determine the revocation procedures applicable in these cases.

ARTICLE 23. Unknowing the validity of a digital certificate. A digital certificate is not valid if used:

(a) For some purpose different from the purposes for which it was extended;

(b) For operations that exceed the authorized maximum value as appropriate;

(c) Once revoked.

CHAPTER IV

From the holder of a digital certificate

ARTICLE 24. Rights of the holder of a digital certificate. The holder of a digital certificate has the following rights:

(a) To be informed by the licensee, prior to the issuance of the digital certificate, and using a means of communication on the precise conditions of use of the digital certificate, its characteristics and effects, the existence of this licensing system and associated procedures. Such information should be given in writing in an easily understandable language. The relevant part of such information shall also be available to third parties;

(b) To have the licensed certifier use the technical elements available to provide security and confidentiality to the information provided by it, and to be informed about it;

(c) To be informed, prior to issuance of the certificate, of the price of certification services, including additional charges and payment forms;

(d) To be informed by the licensee about his home in the Argentine Republic, and about the means to which he may apply for clarification, give account of the malfunction of the system, or submit his claims;

(e) To provide the licensed certificater with the services agreed upon, and not to receive commercial advertising of any kind through the licensed certificater.

ARTICLE 25. . Obligations of the holder of the digital certificate. These are obligations of the holder of a digital certificate:

(a) Maintain exclusive control of your digital signature creation data, not sharing them, and prevent disclosure;

(b) Use a technically reliable digital signature creation device;

(c) Request the revocation of your certificate to the licensed certificate in any circumstances that may have compromised the privacy of your signature creation data;

(d) To inform the licensee without delay the change of any of the data contained in the digital certificate that would have been verified.

CHAPTER V

Institutional organization

ARTICLE 26. . Digital Signature Infrastructure. Digital certificates regulated by this law must be issued or recognized, as provided for in article 16, by a licensed certificater.

ARTICLE 27. . Audit system. The application authority, with the contest of the Advisory Commission for Digital Signature Infrastructure, will design an audit system to assess the reliability and quality of the systems used, the integrity, confidentiality and availability of the data, as well as compliance with the specifications of the procedures manual and the safety and contingency plans approved by the licensor.

ARTICLE 28. . Advisory Commission for Digital Signature Infrastructure. Trust in the jurisdictional sphere of the Implementation Authority, the Advisory Commission for Digital Signature Infrastructure.

CHAPTER VI

Implementation authority

ARTICLE 29. . Implementing Authority. The authority to implement this law shall be the Chief of Staff of Ministers.

ARTICLE 30. Functions. The implementing authority has the following functions:

(a) Dictate the regulatory and enforcement regulations;

(b) Establish, upon recommendation of the Advisory Commission for Digital Firm Infrastructure, the technological and operational standards of Digital Signature Infrastructure;

(c) Determine the effects of the revocation of certificates of licensed certificaters or the licensee;

(d) Instrumentate national and international agreements to grant legal validity to digital signatures created on the basis of certificates issued by certificaters from other countries;

(e) Determine the audit guidelines, including the type opinions to be issued as a conclusion to the revisions;

(f) Update the monetary values provided for in the sanctions regime of this Act;

(g) Determine licensing levels;

(h) To grant or revoke licenses to licensed certificaters and supervise their activity, in accordance with the requirements established by the regulation;

(i) Procurate compliance with the legal and regulatory standards regarding the activity of licensed certificaters;

(j) Mobilize digital signature creation and verification devices, consistent with regulations and procedures;

(k) Implement the sanctions provided for in this Act.

ARTICLE 31. Obligations. As a digital certificate holder, the application authority has the same obligations as the certificate holders and the licensed certificate holders. In particular and in particular should:

(a) Refrain from generating, demanding, or by any other means to gain knowledge or access, under any circumstances, the data used to generate the digital signature of the licensed certificaters;

(b) Maintain exclusive control of the data used to generate your own digital signature and prevent disclosure;

(c) Revoke your own certificate against the commitment to the privacy of digital signature creation data;

(d) To publish on the Internet or in the network of public access to the transmission or dissemination of data that replaces it in the future, permanently and uninterruptedly, addresses, telephone numbers and Internet addresses of both licensed and their own certificates;

(e) Supervising the implementation of the cessation plan of activities of licensed certificaters discontinuing their functions.

ARTICLE 32. Tariffing. The application authority may charge a licensing fee to cover its operating costs and that of the audits conducted by itself or by third parties contracted for that purpose.

CHAPTER VII

From the audit system

ARTICLE 33. Subjects to hearing. The licensee and the licensed certificaters must be audited periodically, according to the audit system that designs and approves the application authority.

The implementing authority may implement the audit system on its own or by third parties authorized for that purpose. The audits should at least assess the reliability and quality of the systems used, the integrity, confidentiality and availability of the data, as well as compliance with the specifications of the procedures manual and security plans and, of contingency approved by the licensee.

ARTICLE 34. . Enabling requirements. Third parties may be able to perform audits by national or provincial scientific and/or technological universities and agencies, the Professional Colleges and Councils that demonstrate professional experience in accordance with the subject.

CHAPTER VIII

From the Advisory Commission for Digital Signature Infrastructure

ARTICLE 35. Integration and operation. The Advisory Commission for Digital Signature Infrastructure will be multidisciplinaryly integrated by a maximum of 7 (seven) professionals of careers related to the activity of recognized trajectory and experience, from National State Agencies, National and Provincial Universities, Chambers, Colleges or other representative entities of professionals.

Members shall be appointed by the Executive for a period of five (5) renewable years for the sole time.

It will meet at least quarterly. It shall be issued promptly at the request of the implementing authority and its recommendations and dissents shall be included in the records of the Commission.

It will consult regularly through public hearings with business cameras, users and consumer associations and keep the implementing authority regularly informed of the results of such consultations.

ARTICLE 36. Functions. The Commission should make recommendations on its own initiative or at the request of the implementing authority on the following:

(a) Technological standards;

(b) Registration system for all information concerning the issuance of digital certificates;

(c) Minimum information requirements to be provided to potential digital certificate holders of the terms of certification policies;

(d) Methodology and requirements for the physical protection of information;

(e) Others required by the enforcement authority.

CHAPTER IX

Responsibility

ARTICLE 37. Convention of parties. The relationship between the licensed certificater issuing a digital certificate and the certificate holder is governed by the contract between them, without prejudice to the provisions of this law, and other legislation in force.

ARTICLE 38. Liability of third-party licenseees.

The certificater who issues a digital certificate or recognizes it in the terms of article 16 of this law is responsible for the damages that it causes, for the failure to comply with the provisions of this law, for the errors or omissions that present the digital certificates that it issues, for not revoking them, in legal time and form when appropriate and for the consequences imputable to the non-observance of the required certification procedures. The service provider will be responsible for demonstrating that he acted with due diligence.

ARTICLE 39. . Limitations of responsibility. Licensed certificaters are not responsible in the following cases:

(a) For cases that are tax excluded under the conditions of issuance and use of their certificates and which are not expressly provided for in the law;

(b) For damages resulting from the unauthorized use of a digital certificate, if the corresponding conditions for issuance and use of its certificates contain the restrictions on its use;

(c) For any inaccuracies in the certificate resulting from the information provided by the holder that, in accordance with the rules and the respective procedures manuals, should be subject to verification, provided that the certifier may prove that he has taken all reasonable measures.

CHAPTER X

Sanctions

ARTICLE 40. Procedure. The summary instruction and the application of sanctions for violation of the provisions of this law shall be carried out by the licensee. The Administrative Procedures Act 19.549 and its regulations are applicable.

ARTICLE 41. . Sanctions. Failure to comply with the obligations set out in this Act for licensed certificaters will result in the following sanctions:

(a) Appreciation;

(b) Weight fine ten thousand ($ 10,000) to five hundred thousand pesos ($ 500,000);

(c) License expiration.

Your gradation according to recidivism and/or opportunity will be established by regulation.

The payment of the penalty applied by the licensor shall not relieve the licensee of any claims for damages caused to third parties and/or property owned by them, as a result of the performance of the contract they hold and/or for the breach of the obligations assumed under the same and/or the provision of the service.

ARTICLE 42. Appreciation. Appraisal may be applied in the following cases:

(a) Issue of certificates without the full data required, when your omission does not invalidate the certificate;

(b) Do not provide the data required by the licensee in exercise of its functions;

(c) Any other violation of this law that does not have a higher penalty.

ARTICLE 43. . Fine. A fine may be applied in the following cases:

(a) Failure to comply with the obligations under article 21;

(b) If the issuance of certificates is carried out without completing the compromised certification policies and causes harm to users, signatories or third parties, or the safety of certification services is seriously affected;

(c) Failure to register the certificates issued;

(d) Failure to revoke a certificate in a timely manner or time when appropriate;

(e) Any impediment or obstruction to the conduct of inspections or audits by the implementing authority and the licensing entity;

(f) Failure to comply with the rules issued by the enforcement authority;

(g) Relapse into the commission of infractions that resulted in the punishment of notice.

ARTICLE 44. . Caduced. The expiration penalty of the license may be applied if:

(a) Do not take the proper safety precautions in certification services;

(b) Expedition of false certificates;

(c) Unauthorised transfer or fraud in the ownership of the licence;

(d) Reoffence in the commission of offences resulting in the penalty of fines;

(e) Owner ' s bankruptcy.

The expiration penalty disqualifies the sanctioned holder and the members of the governing bodies for the term of 10 years to be licensed.

ARTICLE 45. . Recurribility. The penalties applied may be appealed to the Federal Courts with jurisdiction in the Administrative Disputes relating to the entity ' s home, after the relevant administrative route has been exhausted.

The interposition of the resources provided for in this chapter will have a return effect.

ARTICLE 46. . Jurisdiction. In conflicts between individuals and licensed certificaters, the Federal Civil and Commercial Justice is competent. In the conflicts in which a licensed public certification body is a party, the Federal Administrative Justice is competent.

CHAPTER XI

Complementary provisions

ARTICLE 47. . Use by the National State. The national State shall use the technologies and forecasts of this law in its domestic sphere and in relation to those administered in accordance with the conditions established by each of its powers.

ARTICLE 48. . Implementation. The national State, within the jurisdictions and entities covered by article 8 of Act No. 24,156, will promote the massive use of the digital signature in such a way as to enable the processing of the files by simultaneous channels, automatic searches of the information and monitoring and control by the interested party, propending on the progressive de-papelization.

Within a maximum period of 5 (five) years from the entry into force of this Act, digital signature technology shall be applied to all laws, decrees, administrative decisions, resolutions and judgements emanating from jurisdictions and entities covered by Article 8 of Law 24.156.

ARTICLE 49. . Regulation. The Executive Power shall regulate this law within a period not exceeding 180 (sixty) days of its publication in the Official Gazette of the Nation.

ARTICLE 50. . Invitation. Invite provincial jurisdictions to issue relevant legal instruments to accede to this law.

ARTICLE 51. Equalization for the purposes of criminal law. Incorporate the following text as article 78 (bis) of the Criminal Code:

The terms signature and subscription include the digital signature, the creation of a digital signature or digital signature. The terms document, private instrument and certificate include the digitally signed document.

ARTICLE 52. . Authorization to the executive branch. Authorize the Executive Branch to update the contents of the Annex to this Law by means of Article 99, paragraph 2, of the National Constitution in order to avoid obsolescence.

ARTICLE 53. Contact the Executive.

IN THE SESSION OF THE ARGENTINE CONGRESS, IN GOOD AIRES, TO CATORCE DIAS DEL MES DE NOVIEMBRE DEL YEAR DOS MIL UNO.

_

PASCUAL RAFAEL. . EDUARDO MENEM. . Guillermo Aramburu. . Juan C. OyarzĂșn.

Annex

Information: knowledge acquired about something or someone.

Verification procedure: process used to determine the validity of a digital signature. Such a process should at least consider:

(a) That the digital signature has been created during the period of validity of the digital certificate of the signer;

(b) That the digital signature has been created using the digital signature creation data for the digital signature verification data indicated in the certificate of the signatory;

(c) verification of the authenticity and validity of the certificates involved.

Digital signature creation data: unique data, such as private cryptographic codes or keys, which the signer uses to create his digital signature.

Digital signature verification data: unique data, such as public cryptographic codes or keys, which are used to verify the digital signature, the integrity of the digital document and the identity of the signer.

Digital Signature Device: Technically reliable hardware or software device that allows you to sign digitally.

Digital Signature Verification Device: Technically reliable hardware or software device that allows you to verify the integrity of the digital document and the identity of the signatory.

Certification policies: rules establishing the criteria for issuing and using digital certificates.

Technically reliable: quality of all computer equipment, software, communication and security protocols and related administrative procedures that meet the following requirements:

1. To safeguard against the possibility of intrusion and/or unauthorized use;

2. Ensure availability, reliability, confidentiality and proper functioning;

3. Be fit for the performance of your specific functions;

4. To comply with the appropriate security standards, in line with international standards in the field;

5. Comply with the technical and audit standards established by the Implementation Authority.

Private cryptographic key: In an asymmetric cryptosystem is the one used to sign digitally.

Public cryptographic key: In an asymmetric cryptosystem is the one used to verify a digital signature.

Integrity: Condition that allows to verify that information has not been altered by unknown or unauthorized means.

Asymmetrical cryptosystem: Algoritmo that uses a couple of keys, a private key to digitally sign and its corresponding public key to verify that digital signature.