SECRETARY OF THE CIVIL SERVICE
Advanced Electronic Signature Act.
On the sidelines a seal with the National Shield, which reads: United Mexican States.-Presidency of the Republic.
FELIPE DE JESUS CALDERÓN HINOJOSA, President of the United Mexican States, to its inhabitants known:
That the Honorable Congress of the Union, has served to address the following
"THE GENERAL CONGRESS OF THE MEXICAN UNITED STATES, D E C R E T A:
ADVANCED ELECTRONIC SIGNATURE LAW
Single Article. The Advanced Electronic Signature Law is issued, to remain as follows:
Article 1. This Law is of public order and interest and is intended to regulate:
I. The use of the advanced electronic signature in the acts provided for in this Law and the issuance of digital certificates to natural persons;
II. Services related to advanced electronic signature, and
III. The approval of the advanced electronic signature with the advanced electronic signatures regulated by other legal systems, in the terms established in this Law.
Article 2. For the purposes of this Law:
I. Acts: communications, formalities, services, legal and administrative acts, as well as administrative procedures in which the private individuals and public servants of the agencies and entities of the Public Administration Federal, the Attorney General's Office and the administrative units of the Presidency of the Republic, use the advanced electronic signature;
II. Actions Electronic: notifications, citations, sites, requirements, requests for reports or documents and, where appropriate, final administrative decisions issued in the acts referred to in this Law that are communicated by electronic means;
III. Electronic Receipt: the message of data that is issued or generated through electronic means of communication to show the date and time of receipt of electronic documents related to the acts established by this Act;
IV. Authority Certifier: the agencies and entities of the Federal Public Administration and the providers of certification services that, in accordance with the legal provisions, have recognized this quality and have the technological infrastructure for the issuance, administration and registration of digital certificates, as well as to provide services related to them;
V. Certificate Digital: the data or record message that confirms the link between a signer and the private key;
VI. Key Private: the data that the signer generates in a secret manner and uses to create its advanced electronic signature, in order to achieve the link between that advanced electronic signature and the signer;
VII. Key Public: the data contained in a digital certificate enabling verification of the authenticity of the signatory's advanced electronic signature;
VIII. Data and identification elements: those considered as such in the General Population Law and the provisions deriving from it;
IX. Dependencies: the secretaries of state, including their deconcentrated administrative bodies and the Legal Department of the Federal Executive, as well as the administrative units of the Presidency of the Republic, in accordance with the provisions of the the Organic Law of the Federal Public Administration. The Office of the Attorney General of the Republic shall be considered as such for the purposes of the administrative acts that it carries out in terms of this Law;
X. Document Electronic: the one that is generated, consulted, modified or processed by electronic means;
XI. E-mail Address: the Internet address indicated by the public and private servers to send and receive data messages and electronic documents related to the acts referred to in this Law, through of the electronic means of communication;
XII. Entities: the decentralized public bodies, majority state participation companies and public trusts that in terms of the Organic Law of the Federal Public Administration and the Federal Law of the ParaState Entities, are considered entities of the Federal ParaState Public Administration;
XIII. Advanced Electronic Signature: the set of data and characters that allows the identification of the signer, which has been created by electronic means under its exclusive control, so that it is linked only to the same and to the data to which refers, which allows any subsequent modification to be detectable, which produces the same legal effects as the autograph signature;
XIV. Signatory: any person who uses his advanced electronic signature to subscribe electronic documents and, where applicable, data messages;
XV. Electronic Media: the technological devices that enable the transmission and reception of data messages and electronic documents;
XVI. Media Electronic: technological devices for processing, printing, deployment, preservation and, where appropriate, modification of information;
XVII. Data Message: the information generated, sent, received, archived or communicated through electronic means of communication, which may contain electronic documents;
XVIII. Page Web: the Internet site that contains information, applications and, where appropriate, links to other pages;
XIX. Certification Service Provider: the public institutions in accordance with the laws applicable to them, as well as the notaries and public corridors and the moral persons of a private character that according to the provisions of the Code of Trade is recognised as such to provide services related to the advanced electronic signature and, where appropriate, to issue digital certificates;
XX. Secretariat: the Secretariat of the Civil Service;
XXI. Services related to the Advanced Electronic Signature: the services of signed electronic documents, verification of the validity of digital certificates, verification and validation of the uniqueness of the public key, as well as consultation of revoked digital certificates, among others, which in terms of the applicable legal provisions may be provided by the certifying authority;
XXII. Electronic Procedures System: the site developed by the dependency or entity and content on its website, for the sending and receiving of documents, notifications and communications, as well as for the consultation of information related to the acts referred to in this Act;
XXIII. Subjects Obliged: public and private servants using the advanced electronic signature, in terms of the provisions of Article 3 (II) and (III) of this Law, and
XXIV. Board Electronic: the electronic means through which the electronic signatures that use the advanced electronic signature are made available in terms of this Law, the electronic actions that the dependencies and entities issue, and that generates an acknowledgment Electronic receipt. This electronic means shall be located in the system of electronic procedures of the own dependencies and entities.
Article 3. They are subject to the provisions of this Law:
I. The dependencies and entities;
II. The public servants of the dependencies and entities that in the performance of the acts referred to in this Law use the advanced electronic signature, and
III. Individuals, in cases where they use the advanced electronic signature in terms of this Act.
Article 4. The provisions of this Act shall not apply to acts in which the use of advanced electronic signature by law or those in which it exists is not feasible. after the Secretariat has delivered its opinion. They shall also not apply to tax, customs and financial matters.
In the acts of trade and registrations in the Public Registry of Commerce, the use of the advanced electronic signature shall be governed in accordance with the provisions of the Commercial Code and other the rules applicable to the matter, without prejudice to the application of the provisions of this Law in that it is appropriate.
Article 5. The Secretariat, within the scope of its competence, shall be empowered to interpret the provisions of this Law for administrative purposes.
The Secretariat, the Secretariat of Economy and the Tax Administration Service will, jointly, dictate the general provisions for the proper implementation of this Law. to be published in the Official Journal of the Federation.
Article 6. In the absence of any express provision in this Law or any other provisions resulting from it, the Federal Law of Administrative Procedure shall be applied in an additional manner. Federal Civil Code and the Federal Code of Civil Procedures.
OF THE ADVANCED ELECTRONIC SIGNATURE
The use and validity of advanced electronic signature
Article 7. Advanced electronic signature may be used in electronic documents and, if applicable, in data messages.
Electronic documents and data messages with advanced electronic signatures will produce the same effects as those presented with autograph signatures and will therefore have the same evidentiary value as the applicable provisions give them.
Article 8. For the purposes of Article 7 of this Act, the advanced electronic signature must comply with the following guiding principles:
I. Equivalence Functional: It consists in that the advanced electronic signature in an electronic document or in its case, in a data message, satisfies the signature requirement in the same way as the autograph signature in the printed documents;
II. Authenticity: It consists in that the advanced electronic signature in an electronic document or, if applicable, in a message of data, allows to be certain that the same has been issued by the signatory in such a way that its content is attributable to the as well as the legal consequences of the result;
III. Integrity: It consists in that the electronic signature advanced in an electronic document or, where appropriate, in a message of data, allows to give certainty that this has remained complete and unchanged since its signature, regardless of the changes that might have suffered the media that contains it as a result of the communication, file, or presentation process;
IV. Neutrality Technological: It consists in that the technology used for the issuance of digital certificates and for the provision of the services related to the advanced electronic signature will be applied in such a way that it does not exclude, restrict or favor some Technology in particular;
V. No Repudiation: It consists in that the advanced electronic signature contained in electronic documents guarantees the authorship and integrity of the document and that such signature corresponds exclusively to the signatory, and
VI. Confidentiality: It consists in that the advanced electronic signature in an electronic document or, if applicable, in a data message, ensures that it can only be encrypted by the signer and the receiver.
Article 9. In order for the obligated subjects to use the advanced electronic signature in the acts referred to in this Law, they must have:
I. A current digital certificate, issued or approved in terms of this Act, and
II. A private key, generated under its unique control.
Of electronic documents and data messages
Article 10. The dependencies and entities in the communications and, where applicable, legal acts that they perform between them, will make use of data messages and accept the presentation of electronic documents, which shall, where required, have the advanced electronic signature of the public server empowered to do so.
Article 11. The dependencies and entities in the performance of the acts referred to in this Law shall accept the use of data messages and the presentation of documents If they offer this possibility, provided that the individuals themselves or, if applicable, through the persons authorized by them in terms of Article 19 of the Federal Law of Administrative Procedure, they manifest expressly their conformity in order for such acts to be carried out, from their inception to their conclusion, through electronic means of communication.
The manifestation referred to in the preceding paragraph shall further indicate:
I. Who agree to consult the electronic board, at least on the fifteenth and last days of each month or, on the following working day if any of them are indeft; and if not, the notification shall be made on the working day which corresponds;
II. That they agree to be notified of the electronic actions that the dependency or entity that corresponds to, on the same day they consult the electronic board, and
III. That in the event that due to causes imputable to the dependency or entity they are unable to consult the electronic board or to open the electronic documents that contain the information deposited in the same, in the days indicated in section I of this article, shall be made of the knowledge of the unit itself or entity at the latest within three working days following that in which such impairment occurs, by electronic means of communication or any other another provided for in the Regulation of this Law, so that they may be notified by some other form of established in the Federal Law of Administrative Procedure.
Article 12. Required subjects must have an email address to receive, when appropriate, data messages and electronic documents in the execution of the acts provided for in this Law.
Article 13. Each dependency and entity will create and manage an electronic paperwork system that establishes access control, backups, and information retrieval, with reliable mechanisms of security, availability, integrity, authenticity, confidentiality and custody.
The Secretariat will issue the guidelines in order to comply with the provisions of this article.
Article 14. The information contained in the data messages and in the electronic documents shall be public, unless the information is classified as reserved or confidential in terms of the Federal Law on Transparency and Access to Government Public Information.
Data messages and electronic documents containing personal data shall be subject to the provisions applicable to the handling, security and protection of such data.
Article 15. Dependencies and entities, as well as obligated subjects, should keep electronic, data messages, and electronic documents with signature advanced electronic derivatives of the acts referred to in this Law, during the retention periods provided for in the applicable laws, according to the nature of the information.
By means of general provisions, the conservation of data messages and electronic documents with advanced electronic signatures will be established, for which they will be taken Among other requirements, those provided for in the Mexican Official Standard referred to in Article 49 of the Code of Commerce.
Article 16. When it is required that a printed document with autograph signature be presented or preserved in its original form, such a requirement will be satisfied if the copy is generated in an electronic document, and the following is true:
I. That migration to a digital form has been carried out or supervised by a public servant having the powers of certification of documents in terms of the applicable provisions or, where appropriate, by the individual concerned, who must state, in protest of the truth, that the electronic document is a full and unaltered copy of the printed document;
II. Where there is doubt as to the authenticity of the electronic document referred to, the unit or entity may request that the printed document be submitted to it directly or that the latter be sent by registered mail with an acknowledgement of the receipt.
If the document is to be sent via certified mail, it will be necessary to In addition, it is sent within three working days, using a data message, the guide that establishes that the document was deposited in a post office;
III. That the information contained in the electronic document is maintained in full and unchanged from the moment it was first generated in its final form and is accessible for further consultation;
IV. That the electronic document allows the format of the printed document to be preserved and reproduced accurately, and
V. Notice of the provisions of the general provisions concerning the preservation of data messages and electronic documents with advanced electronic signatures.
The provisions of this Article shall apply without prejudice to the fact that the dependencies and entities observe, in accordance with the the nature of the information contained in the printed document concerned, the retention periods provided for in the applicable legislation.
OF THE DIGITAL CERTIFICATE
Of the digital certificate structure and procedures
Article 17. The digital certificate must contain the following:
I. Serial number;
II. Certifying authority that issued it;
III. Signature algorithm;
V. Name of the holder of the digital certificate;
VI. Email address of the digital certificate holder;
VII. Single Key to the Population Register (CURP) of the digital certificate holder;
VIII. Public key, and
IX. The other requirements which, if any, are laid down in the general provisions to be issued in terms of this Act.
Article 18. To obtain a digital certificate the data subject will access the certificate authority's Web page and fill in the request format with the following data:
I. Full name of the applicant;
II. Domicile of the applicant;
III. E-mail address for receiving electronic data and documents messages;
IV. Single Key of the Population Register (CURP) of the applicant, except in the case of foreign nationals, who must provide the data of the document certifying their legal stay in the national territory, and
V. Name of the certifying authority to whom the request is addressed.
Subsequently, the person concerned must come before the corresponding Certificate Authority and submit his/her application with signature autograph, accompanied by:
(a) The document that checks the address referred to in section II;
(b) The official identification document issued by competent authority, and
c) The document proving Mexican nationality, and dealing with foreigners, the document that accredits your legal stay in national territory.
The Secretariat, the Secretariat of Economy and the Tax Administration Service will establish jointly, in terms of the applicable provisions, the procedures for the recording of data and verification of elements for the identification, issuance, renewal and revocation of digital certificates, which shall be made known through their respective Web pages.
Article 19. The digital certificate will be left without effects or be revoked by the certifying authority that issued it, when any of the following assumptions are updated:
I. By expiration of their validity;
II. Where it is found that the documents presented by the holder of the digital certificate to prove his/her identity are false;
III. When requested by the holder of the digital certificate to the certifying authority that issued it;
IV. By death of the holder of the digital certificate;
V. When the electronic medium containing the digital certificates is lost or used for damage;
VI. When the confidentiality, integrity, or security of the advanced electronic signature creation data is put at risk, and
VII. By decision of a judicial or administrative authority so determined.
In the cases referred to in section IV of this Article, the revocation shall proceed at the request of a legally authorised third party, who must accompany the death certificate of the holder of the digital certificate.
Article 20. The validity of the digital certificate shall be a maximum of four years, which shall start from the moment of its issuance and shall expire on the day and time indicated in the same.
Digital certificate holder rights and obligations
Article 21. The holder of a digital certificate will have the following rights:
I. To be informed by the certifying authority issuing it on:
a) The precise characteristics and conditions for the use of the digital certificate, as well as the limits of its use;
(b) The general characteristics of the procedures for the generation and issuance of the digital certificate and creating the private key, and
c) Revocation of the digital certificate;
II. That the data and information that you provide to the certifying authority are treated in a confidential manner, in terms of the applicable legal provisions, and
III. To request the modification of data and elements of the digital certificate, through the revocation of the digital certificate, when appropriate to its interests.
Article 22. The holder of a digital certificate is bound to the following:
I. Make truthful and comprehensive statements regarding the data and documents you provide for your personal identification;
II. Properly guard your signature creation data and the private key linked to them, in order to keep them secret;
III. Request the certifying authority to revoke its digital certificate in case the integrity or confidentiality of its signature creation data or its security phrase has been compromised and presumes that its private key could be misused, and
IV. Give notice to the respective certifying authority of any modification of the data it has provided for its personal identification, so that it incorporates the modifications in the corresponding records and issues a new digital certificate.
From certificate authorities
Article 23. The Secretariat, the Ministry of Economy and the Tax Administration are considered to be certifying authorities for issuing digital certificates in terms of this Act.
Article 24. Dependencies and entities, other than those mentioned in the previous article, as well as certification service providers who are interested in having the character of the certifying authority in terms of this Law, shall:
I. Having the favourable opinion of the Secretariat, and
II. Comply with the other requirements that are set out in the general provisions that are issued in the terms of this Law.
Additionally, notaries and public corridors and private moral persons must present the document issued by the Secretariat of the Economy which accredits them as certification service providers, by virtue of having complied with the requirements laid down in the Trade Code and its Rules of Procedure.
Article 25. The certificate authorities will have the following privileges and obligations:
I. Issue, manage and register digital certificates, as well as provide services related to advanced electronic signature;
II. Keep a record of the digital certificates they issue and revoke, as well as provide the services to the stakeholders;
III. Take the necessary measures to prevent the falsification, alteration or misuse of digital certificates, as well as services related to advanced electronic signatures;
IV. Revoke the advanced electronic signature certificates, when any of the assumptions provided for in Article 19 of this Law are updated in accordance with the procedures referred to in Article 18 thereof;
V. Ensure the authenticity, integrity, preservation, confidentiality and reliability of the advanced electronic signature, as well as the services related thereto;
VI. Preserve the confidentiality, integrity and security of the personal data of the holders of digital certificates in terms of the Federal Law on Transparency and Access to Government Public Information, their Regulations and other applicable provisions, and
VII. The others entrusted to them with the applicable legal provisions.
The above, without prejudice to the attributions which, in the nature of the certifying authority, correspond to the Tax administration in terms of tax and customs legislation.
Article 26. The certifying authorities that are recognized as such in accordance with Article 24 of this Law may cease to have such a character when they fail to meet the obligations laid down in the law. This law or is in any of the cases provided for in the Regulation of this Law.
When the certifying authority is a provider of certification services, the procedure for revoking the instrument that recognizes such a character will take place in accordance with the Federal Law of Administrative Procedure.
Article 27. The Secretariat, the Economy Secretariat and the Tax Administration Service may coordinate to agree and define the standards, characteristics and technological requirements of the that the certifying authorities referred to in Article 24 of this Law should be held to ensure the authenticity, integrity, preservation, confidentiality and reliability of the advanced electronic signature.
On the recognition of digital certificates and the celebration of collaboration bases and collaboration or coordination agreements
Article 28. The Secretariat, the Secretariat of the Economy and the Tax Administration Service and other certifying authorities referred to in Article 24 may conclude collaboration, as appropriate for the provision of services related to the advanced electronic signature.
Article 29. The Federal Executive, through the Secretariat, the Ministry of Economy or the Tax Administration Service, at the request of any certifying authority, may subscribe after the other two opinions, coordination agreements for the recognition of digital certificates approved in terms of the provisions of this Law, with:
I. The Legislative and Judicial Powers, Federal;
II. The autonomous constitutional bodies, and
III. The governments of the federal entities, the municipalities and the political-administrative organs of the Federal District.
The coordination agreements to be signed must be made known to the other certifying authorities, through the Web page of the Secretariat.
Article 30. Digital certificates issued outside the Mexican Republic shall have the same validity and shall produce the same legal effects as are recognized in this Law, provided that such certificates are recognised by the certifying authorities referred to in Article 23 of the Law and are guaranteed, in the same way as they do with their own certificates, compliance with the requirements, the procedure as well as the validity and validity of the certificate.
OF RESPONSIBILITIES AND SANCTIONS
Article 31. The conduct of the public servants involving non-compliance with the provisions laid down in this Law shall give rise to the procedure and the penalties corresponding to terms of the Federal Law on Administrative Responsibilities of Public Servants.
When violations of this Law involve the possible commission of conduct sanctioned in the terms of civil, criminal or any other nature, the agencies and entities shall make knowledge of the competent authorities.
First. This Law shall enter into force on the one hundred and twenty working days following that of its publication in the Official Journal of the Federation.
Second. All legal and administrative provisions that object to the provisions of this Law will be repealed.
Third. The Federal Executive shall issue the Regulation of this Law within one hundred and eighty working days following the date of the entry into force of the Law.
Fourth. Digital certificates issued prior to the entry into force of this Act by certification service providers which, in accordance with applicable legal provisions, have recognized the quality of certifying authority, as well as the Secretariat, the Secretariat of Economy and the Tax Administration Service, will retain their validity and scope, in accordance with the legal provisions under which were issued.
The Secretariat, the Secretariat of the Economy and the Tax Administration shall recognize, for the purposes of this Law, the digital certificates referred to in the preceding paragraph, provided that they comply with at least the requirements set out in Article 17 (V), (VII) and (VIII) of this Law.
The bases or agreements of collaboration that the Secretariat, the Secretariat of Economy and the Service of Tax Administration have concluded before the entry into force of this Law, with the Dependencies and Entities, as well as with the autonomous constitutional bodies for the purposes of the recognition of digital certificates, will be able to maintain the validity foreseen in the same until the totality of the existing digital certificates are approved in terms of this Law.
Fifth. The general provisions referred to in the second paragraph of Article 5 of this Law shall be issued within a maximum of ninety working days from the entry into force of this Law. this order.
Sixth. For the purposes of the first paragraph of Article 4 of this Law, the agencies and entities shall submit to the Secretariat no later than the date of entry into force of this Law, its implementation programme for the use of the advanced electronic signature, in which the various acts in which the use of the advanced electronic signature is or is not feasible, in order to enable the Secretariat to issue, where appropriate, the opinion determining the required graduality for the respective dependency or entity is able to implement the use of the advanced electronic signature in the acts that are responsible for it. The Secretariat may provide the support requested by the agencies and entities for the implementation of the program.
Dealing with the procedures for access to information from the Dependencies and Entities the Federal Institute for Access to Public Information and Data Protection will determine if it results in feasible to incorporate the use of the advanced electronic signature in the terms of this Law.
Mexico, D. F., on November 24, 2011.-Sen. José González Morfin, President.-Dip. Emilio Chuayffet Chemor, President.-Sen. Arturo Herviz Reyes, Secretary.-Dip. Heron Escobar Garcia, Secretary.-Rubicas."
In compliance with the provisions of Article 89 (I) of the Political Constitution of the United Mexican States, and for its due publication and observance, I request this Decree in the Residence of the Federal Executive Branch, in Mexico City, Federal District, on January 6, two thousand twelve.- Felipe de Jesús Calderón Hinojosa.-Rubrias.-The Secretary of the Interior, Alejandro Alfonso Poire Romero.-Heading.