Provisional Executive Act Acknowledges Validity of Electronic Documents

Background
ICP Composition
ICP Responsibilities
Comment

Background

On June 29 2001, upon the enactment of Provisional Executive Act 2,200 (MP 2200/01), re-enacted on June 28 2001 (MP 2200/01), electronic documents gained legal validity. Through the act the government instituted the Brazilian Public Key Infrastructure (ICP) in order to (i) guarantee the authenticity, integrity and legal validity of electronic documents, supporting applications and authorized applications that use digital certificates, and (ii) ensure the security of electronic transactions.

ICP Composition

The ICP will be composed of a management committee (for which regulation is in process) and a structure of certification authorities formed by the National Information Technology Institute of the Science and Technology Ministry, appointed to perform the activities of the Root Certification Authority, and certification and registration authorities. The latter are licensed by the management committee and may be public agencies and entities or private legal entities.

The management committee is associated to the presidential Cabinet and will comprise 12 members, five from relevant sectors to be designated by the president to represent society and seven representing the following agencies and ministries:

• the presidential Cabinet;

• the Institutional Security Cabinet of the president;

• the Ministry of Justice;

• the Finance Ministry;

• the Development, Industry and Foreign Trade Ministry;

• the Planning, Budget and Management Ministry; and

• the Science and Technology Ministry.

ICP Responsibilities

The authorities that make up the ICP chiefly have the following responsibilities.

Management committee
The responsibilities of the management committee are to:

• establish the certification policy and licensing rules of the certification and registration authorities, and other supporting service providers of the ICP at all levels of the certification structure;

• establish policy and operational rules, and approve and supervise the Root Certification Authority;

• authorize the issuance of certificates by the respective authority (the issuance of certificates to the end user is prohibited);

• evaluate and adjust external ICP policies; and

• negotiate and approve bilateral certification and crossed certification agreements, and other forms of bilateral cooperation.

National Information Technology Institute (Root Certification Authority)
The responsibilities of the institute are to:

• issue, distribute, revoke and manage certification authorities' certificates at a level subsequent to its own;

• manage the list of issued, cancelled and expired certificates; and

• supervise the certification and registration authorities.

Certification authorities
The responsibilities of the certification authorities are to issue, expedite, distribute, revoke and manage certificates.

Registration authorities
The registration authorities are operationally associated to a given certification authority and are responsible for:

• identifying and registering users;

• forwarding certification requests to the certification authority; and

• maintaining records of their operations.

Comment

The act represents progress in the government's measures to regulate electronic commerce, although it does not regulate this completely, nor does it take into consideration the various legal situations arising from electronic transactions. In addition to acknowledging the authenticity of electronic documents, the act addresses the necessary base structure for legally regulating the cyber-environment.

In line with the new act, various bills are proceeding through the National Congress regarding electronic invoices and digital signatures. These bills (in particular Bills 1,483/99, 1,483/99 and 672/99), in addition to regulating digital certification and certification entities, address issues such as:

• the responsibilities of access providers;

• the privacy of information and data supplied during electronic contracts; and

• consumer defence and protection within the scope of electronic commerce.

For further information on this topic please contact Ricardo Barretto or Camilla Coelho Pardini at Barretto Ferreira, Kujawski, Brancher e Gonçalves – Sociedade de Advogados by telephone (+55 11 3066 5999) or by fax (+55 11 3167 4735) or by e-mail ([email protected] or [email protected]).