Advanced Search

Through Which It Defines And Regulates The Access And Use Of Data Messages, Electronic Commerce And Digital Signatures, And Certification Bodies Are Established And Other Provisions

Original Language Title: Por medio de la cual se define y reglamenta el acceso y uso de los mensajes de datos, del comercio electrónico y de las firmas digitales, y se establecen las entidades de certificación y se dictan otras disposiciones

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

527 DE 1999

(August 18)

Official Journal No. 43,673 of 21 August 1999

By means of which the access and use of data messages, electronic commerce and digital signatures are defined and regulated, and certification entities are established and other provisions are dictated.

Vigency Notes Summary

COLOMBIA CONGRESS

DECRETA:

PART I.

GENERAL PART

CHAPTER I.

GENERAL PROVISIONS

ARTICLE 1o. APPLICATION SCOPE. This law shall apply to all types of information in the form of a data message, except in the following cases:

(a) In the obligations contracted by the Colombian State under international conventions or treaties;

(b) In written warnings, which are legally required to be printed on a certain type of product for the purposes of the risk involved in the placing on the market, use or consumption of such products.

Ir al inicio

ARTICLE 2o. DEFINITIONS. For the purposes of this law:

a) Data message. The information generated, sent, received, stored or communicated by electronic, optical or similar means, such as, inter alia, Electronic Data Exchange (EDI), Internet, electronic mail, telegram, telex or telefax;

b) Electronic commerce. It covers the issues raised by any commercial relationship, whether contractual or not, structured on the basis of the use of one or more data messages or any other similar means. Trade relations shall include, without limitation, the following operations: any commercial operation for the supply or exchange of goods or services; any distribution agreement; any representation or mandate operation commercial; all types of financial, stock and insurance operations; construction of works; consultancy; engineering; licensing; any agreement to grant or operate a public service; joint venture and other forms of industrial or commercial cooperation; carriage of goods or passengers by road air, sea and rail, or road;

c) Digital signature. A numeric value that adheres to a data message is understood and that, using a known mathematical procedure, linked to the initiator key and the message text allows to determine that this value has been obtained exclusively with the initiator key and that the initial message has not been modified after the transformation;

d) Certification Entity. Is that person who, authorized under this law, is entitled to issue certificates in relation to the digital signatures of the persons, to offer or to provide the services of recording and recording of the transmission and receiving data messages, as well as performing other functions related to digital signature-based communications;

e) Electronic Data Exchange (EDI). Electronic transmission of data from one computer to another, which is structured under technical standards agreed to the effect;

f) Information System. Any system used to generate, send, receive, archive or otherwise process data messages shall be understood.

Ir al inicio

ARTICLE 3o. INTERPRETATION. In the interpretation of this law, it is necessary to take into account its international origin, the need to promote the uniformity of its application and the observance of good faith.

Questions relating to matters governed by this law and which are not expressly resolved therein shall be settled in accordance with the general principles in which it is inspired.

Ir al inicio

ARTICLE 4. AMENDMENT BY AGREEMENT. Unless otherwise provided, in relations between parties that generate, send, receive, file or otherwise process messages of data, the provisions of Chapter III, Part I, may be modified by agreement.

Ir al inicio

ARTICLE 5o. LEGAL RECOGNITION OF DATA MESSAGES. No legal effects, validity or mandatory force shall be denied for any type of information for the sole reason that it is in the form of a data message.

CHAPTER II.

APPLYING LEGAL REQUIREMENTS FOR DATA MESSAGES

Ir al inicio

ARTICLE 6o. WRITTEN. When any rule requires that the information be written in writing, that requirement will be satisfied with a data message, if the information contained in it is accessible for subsequent consultation.

The provisions of this article will apply whether the requirement set out in any standard constitutes an obligation, as if the rules provide for consequences in the event that the information is not recorded in writing.

Effective Case-law
Ir al inicio

ARTICLE 7o. FIRMA. When any rule requires the presence of a firm or establishes certain consequences in the absence thereof, in relation to a data message, it shall be deemed to be satisfied if:

a) A method has been used to identify the initiator of a data message and to indicate that the content has its approval;

b) That the method be both reliable and appropriate for the purpose by which the message was generated or communicated.

The provisions of this article will apply whether the requirement set out in any standard constitutes an obligation, as if the rules simply provide for consequences in the event that a signature does not exist.

Ir al inicio

ARTICLE 8o. ORIGINAL. When any rule requires that the information be presented and preserved in its original form, that requirement will be satisfied with a data message, if:

a) There is some reliable assurance that the integrity of the information has been preserved, from the moment it was first generated in its definitive form, as a data message or in some other form;

b) If the information is to be submitted, if such information may be displayed to the person to be submitted.

The provisions of this article will apply whether the requirement set out in any standard constitutes an obligation, as if the rules simply provide for consequences in the event that the information is not presented or preserved in its form. original.

Ir al inicio

ARTICLE 9o. INTEGRITY OF A DATA MESSAGE. For the purposes of the preceding article, the information entered in a data message shall be deemed to be complete, if it has remained complete and unaltered, except for the addition of an endorsement or any change that is inherent in the process of communication, archiving, or presentation. The degree of reliability required shall be determined in the light of the purposes for which the information was generated and of all relevant circumstances of the case.

Ir al inicio

ARTICLE 10. ADMISSIBILITY AND PROBATIVE FORCE OF THE DATA MESSAGES. The data messages shall be admissible as means of proof and their probative strength is that given in the provisions of Chapter VIII of Title XIII, Section 3, Book 2 of Code of Civil Procedure.

In any administrative or judicial action, no efficacy, validity or mandatory and probative force shall be denied to all types of information in the form of a data message, for the fact that it is a data message or because it has not been presented in its original form.

Effective Case-law
Ir al inicio

ARTICLE 11. CRITERIA FOR EVALUATING A DATA MESSAGE EVIDENTLY. For the assessment of the probative strength of the data messages referred to in this law, the rules of sound criticism and other legally recognised criteria shall be taken into account. the assessment of the evidence. Therefore, the reliability in the form in which the message has been generated, archived or communicated, the reliability in the manner in which the integrity of the information has been preserved, the way in which it is identify the initiator and any other relevant factors.

Effective Case-law
Ir al inicio

ARTICLE 12. PRESERVATION OF DATA AND DOCUMENT MESSAGES. When the law requires that certain documents, records or information be kept, that requirement shall be satisfied, provided that the following conditions are met:

1. That the information they contain is accessible for further consultation.

2. That the data message or document is retained in the format in which it was generated, sent, or received or in any format that allows to demonstrate that it accurately reproduces the information generated, sent or received, and

3. That any information that permits the determination of the origin, the destination of the message, the date and time when the message was sent or received the message or produced the document shall be preserved.

It shall not be subject to the obligation of conservation, information that is intended solely for the purpose of sending or receiving the data messages.

The merchant's books and papers may be preserved in any technical means that ensures their exact reproduction.

Effective Case-law
Ir al inicio

ARTICLE 13. PRESERVATION OF DATA MESSAGES AND FILE OF DOCUMENTS THROUGH THIRD PARTIES. Compliance with the obligation to keep documents, records or information in data messages, may be carried out directly or through third parties, provided that when the conditions set out in the previous article are met.

Effective Case-law

CHAPTER III.

COMMUNICATING DATA MESSAGES

Ir al inicio

ARTICLE 14. TRAINING AND VALIDITY OF CONTRACTS. In the formation of the contract, except as expressed by the parties, the offer and its acceptance may be expressed by means of a data message. A contract for the sole reason that one or more data messages have been used in its training shall not be denied validity or mandatory force.

Effective Case-law
Ir al inicio

ARTICLE 15. RECOGNITION OF DATA MESSAGES BY THE PARTIES. In the relations between the initiator and the recipient of a data message, no legal effects, validity or mandatory force shall be denied to a demonstration of will or other statement for the sole reason of having done so in the form of a data message.

Effective Case-law
Ir al inicio

ARTICLE 16. ATTRIBUTION OF A DATA MESSAGE. A data message is understood to be from the initiator, when it has been sent by:

1. The initiator himself.

2. By any person empowered to act on behalf of the initiator in respect of that message, or

3. By an information system programmed by the initiator or in its name to operate automatically.

Ir al inicio

ARTICLE 17. PRESUMPTION OF THE ORIGIN OF A DATA MESSAGE. A data message is presumed to have been sent by the initiator, when:

1. You have properly applied the procedure previously agreed with the initiator, to establish that the data message actually came from it, or

2. The data message received by the recipient results from the acts of a person whose relationship with the initiator, or with any representative of his, has given him access to some method used by the initiator to identify a data message such as itself.

Ir al inicio

ARTICLE 18. CONCORDANCE OF THE DATA MESSAGE SENT WITH THE RECEIVED DATA MESSAGE. Whenever a data message comes from the initiator or is understood to come from it, or whenever the recipient has the right to act according to this assumption, in the relationship between the initiator and the recipient, the latter shall be entitled to consider that the data message received corresponds to the one the initiator wanted to send, and may proceed accordingly.

The recipient will not enjoy this right if he knew or would have known, acted with due diligence or applied any agreed method, that the transmission had resulted in an error in the data message received.

Ir al inicio

ARTICLE 19. DUPLICATE DATA MESSAGES. Each data message received is presumed to be a different data message, except to the extent that it duplicates another data message, and that the recipient knows, or should know, to have acted with due The new data message was a duplicate, or if any agreed method was applied.

Ir al inicio

ARTICLE 20. ACKNOWLEDGEMENT OF RECEIPT. If when sending or before sending a data message, the initiator requests or agrees with the recipient that the data message is acknowledged, but it has not been agreed between these a particular form or method to perform it. You can acknowledge receipt by:

a) All communication from the recipient, automated or not, or

b) Any act of the recipient that is sufficient to indicate to the initiator that the data message has been received.

If the initiator has requested or agreed with the recipient to acknowledge receipt of the data message, and expressly stated that the effects of the data message will be conditional upon receipt of an acknowledgement, it shall be deemed to be The data message has not been sent as long as the acknowledgement has not been received.

Ir al inicio

ARTICLE 21. PRESUMPTION OF RECEIPT OF A DATA MESSAGE. When the initiator receives acknowledgement from the recipient, the recipient is presumed to have received the data message.

That presumption does not imply that the data message corresponds to the message received. Where the acknowledgement of receipt indicates that the received data message complies with the technical requirements agreed or set out in any applicable technical standard, it shall be presumed that this is the case.

Ir al inicio

ARTICLE 22. LEGAL EFFECTS. Articles 20 and 21 only govern effects related to the acknowledgement of receipt. The legal consequences of the data message shall be governed by the rules applicable to the legal act or business contained in that data message.

Ir al inicio

ARTICLE 23. TIME FOR SENDING A DATA MESSAGE. If the initiator and recipient do not agree otherwise, the data message will be issued when you enter an information system that is not under the control of the initiator or the person you sent. the data message on behalf of this.

Ir al inicio

ARTICLE 24. TIME OF RECEIPT OF A DATA MESSAGE. If the initiator and the recipient do not agree otherwise, the time of receipt of a data message will be determined as follows:

a) If the recipient has designated an information system for the data message receipt, the receipt will take place:

1. At the time you enter the data message in the designated information system; or

2. Send the data message to a recipient's information system other than the designated information system, at the time the recipient retrieves the data message;

b) If the recipient has not designated an information system, the receipt will take place when the data message enters a recipient's information system.

The provisions of this Article shall apply even if the information system is located in place other than where the data message is received in accordance with the following Article.

Ir al inicio

ARTICLE 25. PLACE OF THE SENDING AND RECEIVING OF THE DATA MESSAGE. If the initiator and the recipient do not agree otherwise, the data message shall be issued at the place where the initiator has his or her establishment and by the recipient at the place where the recipient has his. For the purposes of this Article:

a) If the initiator or recipient has more than one establishment, its establishment shall be the one that is closest to the underlying operation or, if there is no underlying operation, its principal establishment;

(b) If the initiator or recipient has no establishment, the place of habitual residence shall be taken into account.

PART II.

E-COMMERCE IN FREIGHT TRANSPORT

Ir al inicio

ARTICLE 26. ACTS RELATING TO THE CONTRACTS FOR THE CARRIAGE OF GOODS. Without prejudice to Part I of this Act, this Chapter shall apply to any of the following acts which are related to a contract for the carriage of goods. goods, or with their compliance, without the list being taxative:

(a) I. Indication of the marks, number, quantity or weight of the goods.

II. Declaration of the nature or value of the goods.

III. Issue of a receipt for the goods.

IV. Confirmation of the completion of the shipment of the goods;

b) I. Notification to any person of the terms and conditions of the contract.

II. Communication of instructions to the transporter;

c) I. Reclamation of the delivery of the goods.

II. Authorization to proceed with the delivery of the goods.

III. Notification of the loss of the goods or of the damage they have suffered;

d) Any other notification or statement regarding the performance of the contract;

e) Promise to deliver the goods to the designated person or to a person authorized to claim that delivery;

f) Concession, acquisition, waiver, restitution, transfer or negotiation of any right to goods;

g) Acquisition or transfer of rights and obligations under the contract.

Ir al inicio

ARTICLE 27. TRANSPORT DOCUMENTS. Subject to the provisions of paragraph 3o. of this Article, in cases where the law requires that any of the acts set out in Article 26 be carried out in writing or by document issued on paper, that requirement shall be satisfied when the event is carried out by means of one or more data messages.

The foregoing paragraph shall apply, whether the requirement in the provision is expressed in the form of an obligation or whether the law merely provides for consequences in the event that the act is not carried out in writing or by a document issued in paper.

When any right is granted to a given person and to no other person, or is acquired any obligation, and the law requires that, in order for that act to take effect, the right or obligation must be transferred to that person by the sending or use of a paper issued on paper, this requirement will be satisfied if the right or obligation is transferred through the use of one or more data messages, provided that a reliable method is used to ensure the uniqueness of that message or those data messages.

For the purposes of the third subparagraph, the level of reliability required shall be determined in the light of the purposes for which the right or obligation was transferred and of all circumstances of the case, including any relevant agreement.

When one or more data messages are used to perform any of the acts listed in points (f) and (g) of Article 26, no paper issued on paper to carry out any of the acts shall be valid. of such acts, unless the use of data messages has been terminated to replace it with the use of documents issued on paper. Any paper supporting paper issued in such circumstances shall contain a statement to that effect. The replacement of data messages with documents issued on paper shall not affect the rights or obligations of the parties.

Where a legal rule is compulsorily applied to a contract for the carriage of goods which is entered, or which has been recorded in a paper issued on paper, that rule shall not cease to apply, to that contract of carriage of goods which have been recorded in one or more data messages on the grounds that the contract consists of that message or those data messages instead of being recorded in documents issued on paper.

Effective Case-law

PART III.

DIGITAL SIGNATURES, CERTIFICATES, AND CERTIFICATION ENTITIES

CHAPTER I.

DIGITAL SIGNATURES

Ir al inicio

ARTICLE 28. LEGAL ATTRIBUTES OF A DIGITAL SIGNATURE. When a digital signature has been set in a data message, the subscriber of that data is presumed to have the intention of crediting that data message and of being linked to the content of the data.

PARAGRAFO. The use of a digital signature shall have the same force and effect as the use of a handwritten signature, if that signature incorporates the following attributes:

1. It is unique to the person who uses it.

2. It can be verified.

3. It is under the sole control of the person who uses it.

4. It is linked to the information or message, so that if these are changed, the digital signature is invalidated.

5. It conforms to the regulations adopted by the National Government.

Effective Case-law

CHAPTER II.

CERTIFICATION ENTITIES

Ir al inicio

ARTICLE 29. CHARACTERISTICS AND REQUIREMENTS OF CERTIFICATION ENTITIES. 160 of Decree 19 of 2012. The new text is as follows: > It may be certification entities, legal persons, both public and private, of national or foreign origin and chambers of commerce, which comply with the requirements and are accredited by the National Accreditation Body in accordance with the regulations issued by the National Government. The National Accreditation Body of Colombia shall suspend or withdraw the accreditation at any time, when it is established that the respective certification body is not complying with the regulations issued by the National Government, based on the following conditions:

Effective Case-law

a. Having sufficient financial and economic capacity to provide the services authorised as a certification body;

b. Having the capacity and technical elements necessary for the generation of digital signatures, the issuance of certificates on the authenticity of the same and the preservation of data messages in the terms established in this law;

c. Legal representatives and administrators may not be persons who have been sentenced to a custodial sentence, except for political or cultural offences, or who have been suspended in the exercise of their profession for serious misconduct against Ethics or have been excluded from it. This inability shall be in force for the same period as the criminal or administrative law indicates for the purpose.

Vigency Notes
Effective Case-law
Previous Legislation
Ir al inicio

ARTICLE 30. ACTIVITIES OF THE CERTIFICATION ENTITIES. 161 of Decree 19 of 2012. The new text is as follows: > Certification entities accredited by the National Accreditation Body of Colombia to provide their services in the country, may perform, among others, the following activities:

Effective Case-law

1. Issue certificates in relation to electronic or digital signatures of natural or legal persons.

2. To issue certificates on the verification of the alteration between the sending and receiving of the data message and of transferable electronic documents.

3. To issue certificates in relation to the person possessing a right or obligation in respect of the documents listed in the literals (f) and (g) of Article 26 of Law 527 of 1999.

4. To provide or facilitate the generation services of the creation data of certified digital signatures.

5. To provide or facilitate logging and logging services in the generation, transmission and reception of data messages.

6. Provide or facilitate the creation of electronic signature data generation services.

7. Offer the services of registration, custody and annotation of transferable electronic documents.

8. Provide data message retention and archiving services and transferable electronic documents.

9. Any other activity related to the creation, use or use of digital and electronic signatures.

Vigency Notes
Effective Case-law
Previous Legislation
Ir al inicio

ARTICLE 31. REMUNERATION FOR THE PROVISION OF SERVICES. The remuneration for the services of the certification bodies shall be freely established by them.

Ir al inicio

ARTICLE 32. CERTIFICATION ENTITIES ' DUTIES. Certification entities shall have, inter alia, the following duties:

a) Issue certificates as requested or agreed with the subscriber;

b) Implement security systems to ensure the issuance and creation of digital signatures, the preservation and archiving of certificates and documents in data message support;

c) Ensure the protection, confidentiality and due use of the information provided by the subscriber;

d) Ensure the permanent provision of the certification entity service;

e) Atender timely requests and claims made by subscribers;

f) Making notices and publications in accordance with the provisions of the law;

g) Provide the information required by competent or judicial administrative entities in relation to digital signatures and certificates issued and in general on any data message that is in their custody and administration;

h) 162 of Decree 19 of 2012. The new text is as follows: > Allow and facilitate the conduct of the audits by the National Accreditation Body of Colombia. It is the responsibility of the certification body to pay the costs of the accreditation and the of the surveillance audits, in accordance with the fees of the National Accreditation Body of Colombia.

Vigency Notes
Effective Case-law
Previous Legislation

i) Develop regulations that define relationships with the subscriber and the form of service delivery;

j) Take a record of the certificates.

Effective Case-law

Ir al inicio

ARTICLE 33. UNILATERAL TERMINATION. Except agreement between the parties, the certification body may terminate the agreement of engagement with the subscriber giving a notice of no less than ninety (90) days. Upon completion of this term, the certification body shall revoke the certificates that are pending expiration.

Also, the subscriber may terminate the binding agreement with the certification entity by giving a notice of no less than thirty (30) days.

Effective Case-law
Ir al inicio

ARTICLE 34. CESSATION OF ACTIVITIES BY CERTIFICATION ENTITIES. 163 of Decree 19 of 2012. The new text is as follows: > Certification entities accredited by the ONAC may cease in the exercise of activities, as long as they guarantee the continuity of the service to those who have already hired it, directly or through from third parties, with no additional costs for services already canceled.

Vigency Notes
Effective Case-law
Previous Legislation

CHAPTER III.

CERTIFICATES

Ir al inicio

ARTICLE 35. CERTIFICATE CONTENT. A certificate issued by an authorized certification entity, in addition to being digitally signed by it, must contain at least the following:

1. Name, address and address of the subscriber.

2. Identification of the subscriber named in the certificate.

3. The name, address, and place where the certification entity performs activities.

4. The user's public key.

5. The methodology for verifying the digital signature of the subscriber imposed on the data message.

6. The serial number of the certificate.

7. Date of issue and expiry of the certificate.

Effective Case-law
Ir al inicio

ARTICLE 36. ACCEPTANCE OF A CERTIFICATE. Except agreement between the parties, it is understood that a subscriber has accepted a certificate when the certification entity, at the request of the latter or a person on behalf of it, has saved it in a repository.

Effective Case-law
Ir al inicio

ARTICLE 37. REVOCATION OF CERTIFICATES. The subscriber of a certified digital signature, may request the certification body to issue a certificate, the revocation of the certificate. In any event, you will be required to request revocation at the following events:

1. By loss of private key.

2. The private key has been exposed or is in danger of being misused.

If the subscriber does not request the revocation of the certificate at the event of filing the above situations, it will be liable for the losses or damages incurred by third parties in good faith free of guilt that relied on the content of the certificate.

A certification entity will revoke a certificate issued for the following reasons:

1. At the request of the subscriber or a third party in its name and representation.

2. By death of the subscriber.

3. By settlement of the subscriber in the case of legal persons.

4. By the confirmation that some information or fact contained in the certificate is false.

5. The private key of the certification body or its security system has been compromised in a material way that affects the reliability of the certificate.

6. For the cessation of activities of the certification entity, and

7. By court order or competent administrative entity.

Effective Case-law
Ir al inicio

ARTICLE 38. RECORD KEEPING TERM. Certificate records issued by a certification body must be preserved by the term required by law to regulate the particular act or legal business.

Effective Case-law

CHAPTER IV.

DIGITAL SIGNATURE SUBSCRIBERS

Ir al inicio

ARTICLE 39. SUBSCRIBER DUTIES. They are the duties of subscribers:

1. Receive the digital signature by the certification body or generate it, using a method authorized by it.

2. Provide the information required by the certification entity.

3. Maintain control of the digital signature.

4. Request the revocation of the certificates in a timely manner.

Effective Case-law
Ir al inicio

ARTICLE 40. SUBSCRIBER LIABILITY. Subscribers shall be liable for the falsehood, error or omission in the information provided to the certification body and for the failure to perform their duties as a subscriber.

Effective Case-law
Ir al inicio

Next