Provisional Executive Act (MP) 2200-2 introduces the Brazilian Public Keys Infrastructure, which guarantees the validity of electronic documents and establishes a government controlled digital certification system.
Generally, the act establishes that electronic documents certified by ICP-Brasil are presumed to be valid in relation to their signatories. It also guarantees the validity of other electronic documents not certified by ICP-Brasil, provided that the parties involved agree to this. In such cases the presumption of authorship will not exist.
ICP-Brasil is in the implementation phase. A new management committee is establishing its policies and technical standards, and will implement and oversee its operation. The committee is composed of representatives from the government and the civil service.
Once implemented, ICP-Brasil will comprise a chain of certification entities of various levels whose certification validity depends on that of the hierarchically superior entity.
The committee is issuing various resolutions to regulate ICP-Brasil, covering security, auditing, the obtaining of certificates and other technical aspects.
Some of the general aspects of ICP-Brasil and its resolutions are outlined in New Resolutions Regulates Public Key Infrastructure and Provisional Executive Act Acknowledges Validity of Electronic Documents.
On February 14 2002 the committee issued Resolutions 10, 11 and 12.
Resolution 10/2002
The Root Certification Authority is responsible for issuing its own public and private keys, as well as those of its lower certification authorities. Resolution 10/2002 establishes the fees payable to the authority. Accordingly, the authority's issuance of a certificate is subject to an administrative contract and payment of a fee of between R$100,000 (approximately $40,000) and R$500,000 (approximately $200,000). The sum varies according to the validity period and type of certificate issued.
Resolution 11/2002
Resolution 11 alters some technical criteria of previous resolutions and creates additional responsibilities for the Root Certification Authority.
Resolution 12/2002
Resolution 12/2002 establishes the procedural rules for accreditation under ICP-Brasil, to which any certification entity wishing to be part of ICP-Brasil must adhere. The rules (which are relatively straightforward) are designed to verify whether an entity satisfies certain minimum requirements.
The procedure includes an initial petition that is submitted to the Root Certification Authority and considered within 30 days. The authority may request additional information and/or documentation within this time in order to ascertain compliance with the requirements of Resolution 6/01 (Procedures and Requirements for the Accreditation of ICP-Brasil Entities). After this preliminary analysis, an independent audit is undertaken on the applicant's systems and procedures. If the applicant is found to comply with all relevant requirements, the authority issues its final decision regarding accreditation.
For further information on this topic please contact Ricardo Barretto or José Leça at Barretto Ferreira, Kujawski, Brancher e Gonçalves – Sociedade de Advogados by telephone (+55 11 3066 5999) or by fax (+55 11 3167 4735) or by email ([email protected] or [email protected]).