DOCUMENT electronic and signature electronic is recognize its validity and effectiveness legal the Senate and the Chamber of representatives of the Republic East of the Uruguay, gathered at General Assembly, Decree: chapter I General provisions article 1. (Scope of application)-is recognized the admissibility, validity and effectiveness of the electronic document and electronic signature legal. Certification services shall comply with provisions of this law, its activity shall not be subject to prior authorisation and be held in a regime of free competition, without implying this to replace or modify the rules that regulate functions that make those who are legally authorized to give public faith. The provisions of this Act do not alter the pre-existing law regarding celebration, perfection, validity and effectiveness of the acts and legal business. Article 2º. ((Definitions)-for the purposes of this law: to) "Accreditation": the procedure under which the certification service provider shows the unit of electronic certification that complies with this Act and their respective regulations.
(B) "electronic certificate": electronic document signed electronically that testifies to the link between the signer or certificate holder and the electronic signature creation data.
(C) "qualified certificate": electronic certificate issued by an accredited certification service provider.
(D) "signature-creation data": the unique data, such as codes or private cryptographic keys, that the signer uses to create the electronic signature.
(E) "signature-verification data": data, such as codes or public cryptographic keys, which are used to verify the electronic signature.
(F) "signature-creation device": computer component used to implement the signature-creation data.
(G) "signature-verification device": computer component used to implement the signature-verification data.
(H) "electronic document or digital document": digital representation of acts or facts, irrespective of the support used for fixation, storage or file.
I) ' electronic date': data in electronic form used as a means to determine the moment that has been conducted a performance over other electronic data that is associated with.
(J) "electronic signature": data in electronic form attached to an electronic document or associated logical way with the same, used by the signer as a means of identification.
(K) ' advanced electronic signature': electronic signature which meets the following requirements;
1) require exclusive knowledge of the signer information, allowing unambiguous identification.
(2) be created by means that the signatory can maintain under their exclusive control;
(3) be capable of verification by third parties;
(4) be linked to an electronic document in such a way that any subsequent alterations therein is detectable; and (5) have been created using a technically reliable and secure signature-creation device and be based on a qualified certificate valid at the time of the signing.
(L) "signatory or signatory": person who uses under their exclusive control an electronic certificate or a qualified certificate for electronic signatures or advanced electronic signatures.
(M) "certification service provider": person physical or legal, public or private, national or foreign, that issuing electronic certificates or providing other services of certification in relation to electronic signatures.
(N) "accredited certification services provider": that certification service provider accredited to the unit of electronic certification.
(N) "holder of the certificate": person who uses an electronic certificate under its exclusive control. Section 3. (Principios generales).-While the enumeration is not limited to, acts and legal business conducted electronically, electronic signatures or advanced electronic signatures and the provision of certification services, shall comply with the following general principles: to) functional equivalence;
(B) technological neutrality;
(C) free competition;
(D) international support; and (E) good faith. These general principles also serve as interpretive criteria to resolve issues that may arise in the implementation of the relevant provisions. Article 4. (Legal effects of electronic documents)-electronic documents satisfy the writing requirement and will have the same value and legal effects than written documents, subject to the legally enshrined exceptions. Which voluntarily transmitiere a text which is a unfaithful document, adulterate or destroy an electronic document, shall be guilty of the offences covered by the articles 236 to 245 of the Penal Code, as appropriate. 5 article. (Legal effects of electronic signatures)-the electronic signature will have legal validity when it was admitted as valid by Parties using it or has been accepted by the person to whom the electronically signed document object. The freedom of the parties to arrange by mutual agreement the conditions that will accept electronic signatures, according to the present regulations shall be respected. It should be unknown electronic signatures by one of the parties, it corresponds to the other party prove its validity. 6 article. (Efectos legales de la firma electrónica avanzada)-advanced electronic signatures will be identical validity and effectiveness that the autograph signature contained in a public document or private document with certified signatures, always be duly authenticated by keys or other safe procedures that: to) ensure that the advanced electronic signature corresponds to the qualified certificate issued by an accredited certification service provider that it is associated with the identification of the signatory;
(B) ensure that the advanced electronic signature corresponds to the respective document and that it was not altered or it may be repudiated; and
(C) ensure that the advanced electronic signature has been created using means that the signatory maintains under its exclusive control, and during the term of the qualified certificate. The electronic document signed with advanced electronic signature will have identical probative value to the public document or a document with signatures certified on paper. The electronic document not authoritative with respect to his date, unless this determined through a dated electronic awarded by an accredited certification service provider. 7 article. (Use of the electronic signature in the notarial function).-authorize the use of electronic documents and electronic notary function, in accordance with the regulation that establishes the Supreme Court advanced signature. Article 8. (Use of the electronic signature or electronic signature in the organs of the State).-the State, departmental governments, the autonomous entities, the decentralized services and, in general, all the organs of the State may run or carry out acts, contracts and issue any document, within its sphere of competence, by signing them through electronic signatures or advanced electronic signatures. Except for actions for which the Constitution or the law require a solemnity that is not likely to be fulfilled through electronic document or require the personal attendance of the authority or official that must intervene in them. 9 article. (Specific arrangements for use of the electronic signature or electronic signature in public administration)-electronic certification unit can determine regulatory via the use of electronic signatures or advanced electronic signature in the bosom of the public administration and the relationships that keep individuals, for the purpose of adopting the additional conditions that may be necessary to safeguard the guarantees of each procedure. Article 10. (Regime of use of electronic signatures or advanced electronic signature in the professions of lawyer, notary and Prosecutor).-the Supreme Court of Justice issued, exclusively, the recognized certificates to be used in the exercise of the professions of lawyer, notary and Prosecutor, if it constitutes as a certification services provider accredited under the conditions established by this law. In the event that the Supreme Court was not considered as accredited certification service provider, they will have full validity and effectiveness to be used in the exercise of the professions of lawyer, notary and Attorney, recognized certificates issued by other accredited certification services provider. Chapter II national infrastructure for electronic certification article 11. (National electronic certification infrastructure).-the national electronic certification infrastructure is a set of equipment and software, cryptographic devices, policies, standards and procedures, arranged for the generation, storage and publication of recognized certificates, as well as for the publication of information and consultation of the status of force and validity of such licences. Article 12. (Unit of electronic certification).-create the unit of electronic certification as a decentralized body of the Agency for the development of government electronic management and the society of information and knowledge (AGESIC), equipped with the most extensive technical autonomy. Electronic certification unit will be headed by an Executive Council composed of three members: the Executive Director of AGESIC and two members appointed by the Executive power between people who, by their personal, professional background and knowledge in the field, ensure independence of criteria, efficiency, objectivity and impartiality in the performance of their office. These members will last four years in office, and may be reappointed. They will only stop by the expiration of its mandate and appointment of his successor or its removal ready by the Executive in cases of ineptitude, omission or offence, in accordance with the guarantees of due process. The Presidency of the unit's electronic certification will be exercised on a rotating basis for annual periods between the members of the Executive Board - with the exception of the Executive Director of the AGESIC - and will be charged with the representation of the same and the execution of the activities necessary for the implementation of its resolutions. Article 13. (Advisory Council)-the Executive Unit Council of electronic certification will work assisted by an Advisory Board which shall consist of the President of the unit's electronic certification, which it will preside over the President of the Supreme Court, the President of the Central Bank of Uruguay, the Rector of the University of the Republic, the President of the regulatory services unit of communications and the President of the National Chamber of Commerce and services of Uruguay , or who they appoint as their representatives. To be held to call for the President of the unit of electronic certification or an absolute majority of the members of the Advisory Council. It may be consulted by the Executive Council on any aspect of your competition and will mandatorily by this when exercise powers of regulation, their pronouncements without having binding. Article 14. (Competition)-electronic certification unit shall perform all actions necessary for compliance with the objectives and other provisions of this law. For this purpose shall have the following functions and powers: 1) accreditation: to) receive, process, and resolve requests for accreditation of certification-service providers.
(B) providers of certification services in the register of providers of services certification accredited, which for this purpose is created by this law, once granted accreditation register.
(C) suspend or revoke the registration of accredited certification service providers.
(D) maintain information relating to the register of providers of services of certification accredited, such as high, low, penalties and revocation on the web site of the electronic certification unit.
((2) of control: to) control the quality and reliability of the services provided by the accredited certification service providers, as well as audit procedures laid down in the regulation.
(B) conducting audits to providers of accredited certification services, in accordance with the criteria established regulations to verify all aspects of the lifecycle of the recognized certificates and cryptographic keys.
(C) to determine the measures which it deems necessary to protect the confidentiality of the holders of recognized certificates.
(D) carry out inspections and require at any time to the accredited certification service providers the information necessary to guarantee the fulfillment of the function in the terms defined in this law and its regulations.
(3) of instruction: receive and evaluate claims of holders of recognized certificates relating to the provision of certification services, without prejudice to the direct responsibility of accredited certification services provider before the holder.
((4) of regulation: to) define the technical and operational standards that must comply with accredited certification service providers, as well as procedures and accreditation requirements for compliance.
(B) establish rules and industrial patterns that ensure compatibility, interconnection and interoperability, as well as the proper and safe operation of the devices creation and signature verification, controlling its application.
(5) of sanction: the unit of electronic certification may impose on the service provider's accredited certification that violated total or partially any of the obligations arising from this Act or rules that are applicable to the service provided, the sanctions that will graduate in attention to the seriousness or repetition of the infringement, which are detailed below (: A) warning.
(B) fine between 100,000 (one hundred thousand units indexed) UI and UI 4,000,000 (four million indexed units).
(C) suspension up to a year of accreditation.
(D) revocation of accreditation. The sanctions may be applied independently or jointly, according to the circumstances of the case. Resolutions that impose pecuniary sanctions according to the provisions in this law, are executive title to all its effects. Article 15. (National root certificate authority)-authority certificate root is the first chain of certification authority is the responsibility of which issue, distribute, revoke, and manage the certificates of accredited certification service providers. Nominate the Agency for the development of the Government's electronic management and the society of information and knowledge as a national root certificate authority. Chapter III accredited certification service providers article 16. (Registration of providers of services certification accredited)-created the register of providers of services which will be in charge of the unit's electronic certification accredited certification. Article 17. (Requisitos para ser Prestador de Servicios de Certificación Acreditado).-are prerequisites to be provider of services certification accredited, the following: 1) natural or legal person established in the country, financial guarantee and sufficient solvency to provide services.
(2) having qualified personnel with knowledge and experience necessary for the provision of security and management procedures appropriate in the field of advanced electronic signatures and certification services offered.
(3) use standards and appropriate tools as established by the unit of electronic certification.
(4) be domiciled in the territory of the Eastern Republic of Uruguay, meaning that it meets this requirement, when its technology infrastructure and other human and material resources are located in Uruguayan territory. Article 18. (Obligaciones de los Prestadores de Servicios de Certificación Acreditados).-all accredited certification service providers must comply with the following obligations: 1) do not generate, demand, or by any other means, take knowledge or access data from creation of advanced electronic signature of the holders of certificates recognized by the cast under any circumstances.
((2) provide to the applicant prior to issuance of the certificate recognized the following minimum information which must be transmitted for free, in writing or by electronic means: to) the obligations of the signatory, the way that you have keep the creation data signing, the procedure that has to follow to communicate the loss or possible misuse of such data and certain creation and advanced electronic signature verification devices that are compatible with the data signature and with the recognized certificate.
(B) mechanisms to ensure the reliability of the advanced electronic signature of a document over time.
(C) the method used by the provider to verify the identity of the signer or other data appearing on the qualified certificate.
(D) the precise conditions of use of the qualified certificate, its possible limits of use and the way in which the lender guarantees their liability.
(E) credentials who has obtained the certification services provider.
(F) other information contained in the certification practice statement.
The above information that is relevant for third parties affected by the recognized certificates must be available at the request of these.
(3) maintain an up-to-date register of recognized certificates that indicate the certificates issued and if they are valid or if its validity has been suspended or terminated. The completeness of the record will be protected through the use of appropriate security mechanisms.
(4) ensure the availability of a consultation service on the validity of the recognized certificates.
(5) inform the unit of electronic certification any modification of the conditions that underpinned its accreditation during the term of its registration in the register of providers of services of accredited certification. Article 19. (Cessation of activity of an accredited certification service provider)-accredited certification service provider who will cease its activity must notify holders of recognized certificates issuing and can transfer its management, with their consent, to other provider of certification services accredited or otherwise, extinguish its validity. The aforementioned communication must be performed with a minimum advance of sixty days for the effective cessation of its activity and inform, where appropriate, on the characteristics of the lender to which transfer is proposed. Communication forcefully carried out within twenty days, holders of certificates within twenty days after receipt of the communication will have to give its consent. Outgoing lender must inform the unit of electronic certification in advance of twenty days at the effective cessation of its activity and must indicate the destination which will give to the recognized certificates, specifying if it is going to transfer and to whom, or if invalidates them. Registration of the provider of certification services in the register of providers of services of certification accredited will be cancelled ex officio by the electronic certification unit, when he ceases his activity. Electronic certification unit will take care of the information relating to the recognized certificates that have been left void by the provider of certification services, in accordance with the provisions of paragraph 3) of article 18. Article 20. (Responsibility of the accredited certification service providers)-accredited certification service providers will be responsible for damages or losses caused to any person in the exercise of its activity, when they fail to comply with the obligations that are stipulated in this law or act negligently. In any case, the accredited certification service provider shall demonstrate that he acted with due diligence. The only accredited certification services provider will be liable for damages caused by improper use of the qualified certificate when you have not stated on it, clearly recognizable form by third parties, the limit in terms of their possible use or the amount of the value of valid transactions that can be carried out using it. Liability shall be enforceable in accordance with the General rules on contractual or extra-contractual fault, as appropriate, with the specifications provided for in this article. When will the warranty which had been accredited certification service providers not be enough to satisfy the due compensation, they will respond with all its present and future assets debt. This article refers to without prejudice to provisions of the law No. 17.250, of 11 August 2000, concerning the relations of consumption. In any case the responsibility that may emanate from the certification by an accredited certification service provider non-State compromise pecuniary liability of the State. Chapter IV article 21 recognized certificates. (Contenido de los certificados reconocidos).-recognized certificates will have the following content: A) the indication that are issued as such.
(B) the unique code of the certificate.
(C) the identification of the accredited certification services provider that issued the certificate, indicating his name or company name, domiciled, your email, your tax ID number and their registry identification data.
(D) the advanced electronic signature of accredited certification service provider who issues the certificate.
(E) the identification of the signer through their names, surnames and identity document for individuals or business name and tax ID for legal persons. May dispatched in the certificate any other circumstances of the holder should be significant depending on own certificate order and whenever he gives his consent.
(F) in the case of representation, the indication of the document attesting the signatory powers to act on behalf of the natural or legal person that represents him.
(G) the verification data signature that correspond to data from signature-creation that are under the control of the signatory.
(H) the beginning and end of the period of validity of the certificate.
I) the limits of use of the certificate, if you foresee. The provision on any other information regarding the signer certificate will require your express consent. Article 22. (Verification of the identity of applicants)-the identification of the natural person seeking a qualified certificate will require your physical appearance before the managers verify it and will be credited through the document of identity, passport, or other legally accepted means. In the case of recognized certificates of legal persons, the physical appearance of the representative, who must demonstrate through notarial certificate invoked representation, legal status and its entry into force shall be required. Article 23. (Vigencia de los certificados reconocidos).-recognized certificates shall be without effect if there is any of the following circumstances: to) expiration of the period of validity of the certificate.
(B) revocation by the undersigned, by the natural or legal person represented by this or an authorized third party.
(C) loss or disablement for damages of the certificate holder.
(D) misuse by a third party.
(E) judicial or administrative resolution ordering it.
(F) death of the signatory or its represented, sudden, total or partial disability of any of them, completion of the representation or extinction of the represented legal entity.
(G) termination of its activity of the certification service provider accredited unless prior express consent of the signatory, the recognized certificates issued by that will be transferred to other accredited certification services provider.
(H) serious inaccuracies in the data provided by the signer to obtain the qualified certificate. The loss of effectiveness of the recognized certificates, in the case of expiry of its period of validity and cessation of activity of the accredited certification service provider, will take place when these circumstances occur. In other cases, the extinction of the efficacy of a qualified certificate will take effect from the date in which the accredited certification service provider has certain knowledge of any facts determinants of it and thus make it consist in its updated register of recognized certificates. In any of the above assumptions the accredited certification services provider will publish the extinction of effectiveness of the qualified certificate and be liable for the possible damages caused to the signatory or a third party in good faith by the delay in the publication. It will be proof that third parties were aware of disabling conditions of the qualified certificate accredited certification services provider. The accredited certification services provider may temporarily suspend the effectiveness of recognized certificates issued if so requested by the signatory or their constituents or order it a judicial or administrative authority. The suspension will take effect in the manner provided for in the two preceding subparagraphs. Article 24. (Equivalence of certificates)-recognized certificates may be issued by entities not established in the national territory and shall be equivalent to those granted by accredited certification service providers, when an international agreement ratified by the Eastern Republic of Uruguay and is effective. Chapter V signatory or signatory article 25. ((Derechos deel firmante o signatario).-signatory or signatory has the following rights: A) to be informed by the accredited certification service provider, prior to the issuance of the qualified certificate, as provided in paragraph 2) of article 18.
(B) the accredited certification service provider use the available technical elements to provide security and confidentiality to the information provided by him and to be informed about it.
C) to which the accredited certification services provider informed on his home in the Eastern Republic of Uruguay and the means that can go to request clarification, give an account of the malfunctioning of the system or present their claims. Article 26. (Obligaciones deel firmante o signatario).-obligations of the signatory or signatory: to) provide accurate and complete declarations at the time of providing your identity data or other circumstances subject to certification.
(B) maintain exclusive control of its advanced electronic signature creation data, not share them and prevent its disclosure.
(C) use a technically advanced reliable electronic signature creation device.
(D) request the revocation of its certificate recognized the certification service provider accredited to any circumstance which may have compromised the privacy of its signature creation data.
(E) inform without delay the certification service provider accredited change of any of the information contained in the qualified certificate which had been the subject of verification. Article 27. (Responsibility of the representatives or administrators of legal persons)-for the case in which the qualified certificate holder is a legal person shall be liable for their representatives or administrators in accordance with this Act and the General rules on the subject. Chapter VI provisions article 28 end. (Derogations).-repeal articles 129 and 130 of the law # 16.002, of 25 November 1988; 697 of the law No. 16.736 of 5 January 1996; 25 of the law Nº 17.243, of 29 June 2000; 329 and 330 of the law Nº 18.172, on August 31, 2007; and other rules that oppose this law. Article 29. (Transfer of the register of providers of services of certification).-sets within ninety days to carry out the transfer of the register of providers of services of certification, in charge of the regulatory unit of communications services, to the registration of providers of services of accredited certification created by this law on electronic certification unit. Article 30. (Regulatory).-the Executive branch must regulate this law within 180 days of enactment. Hall of sessions of the Senate, in Montevideo, September 15, 2009. ALBERTO COURIEL, President.
Hugo Rodriguez Filippini, Secretary. MINISTRY OF EDUCATION AND CULTURE MINISTRY OF THE INTERIOR, MINISTRY OF FOREIGN AFFAIRS MINISTRY OF ECONOMY AND FINANCE MINISTRY OF NATIONAL DEFENSE.
Ministry of transport and works Public Ministry of industry, energy and mining Ministry of work and safety SOCIAL Ministry of health Public Ministry of livestock, agriculture and fishing Ministry of tourism and Sport Ministry of housing, ORDENAMIENTO TERRITORIAL and environmental Ministry of development SOCIAL Montevideo, September 21, 2009. Met, acknowledge receipt, communicate, publish, and inserted into the national registry of laws and decrees, the law that recognized the admissibility, validity and efficiency of the electronic document and electronic signature legal. RODOLFO NIN NOVOA.
MARIA JULIA MUNOZ.