Government Regulates Data Messages and Electronic Signatures

New Law
Data Messages
Electronic Signatures
Office of Superintendency of Electronic Certification Services
Certification Service Providers
Electronic Certificates

New Law

The government has enacted the new Law on Data Messages and Electronic Signatures through Decree-Law 1204 (Official Gazette 37148, February 28 2001).

This law represents a major development in Venezuelan legislation in that it creates a legal framework for electronic data messages. Prior to the law, domestic legislation did not expressly acknowledge electronic use, so parties to an electronic transaction were uncertain as to the legality of their data agreement. In litigation the lack of regulation provided the ground for contesting whether an electronic transaction had been sufficiently proved by the parties, or if electronic use was valid for a given type of transaction.

The new law covers five main categories:

• 'data messages', defined as any intelligible information in electronic or similar format that can be stored or exchanged by any means;

• 'electronic signatures', defined as information created or used by a signatory that is associated with a data message;

• 'certification service providers', defined as persons engaged in the issuance of electronic certificates and certain other activities;

• 'electronic certificates', defined as data messages issued by certification service providers that confer certainty and validity to electronic signatures; and

• creation of the Office of the Superintendency of Electronic Certification Services;

'Accreditation' is defined as the title issued by the Superintendency of Electronic Certification Services to certification service providers, empowering the latter to issue electronic certificates.

Data Messages

Data messages now have the same evidentiary value as traditional written documents. The use of data messages as evidence in court is subject to the rules that apply to written documents under the Code of Civil Procedure. Thus, parties to an electronic contract are entitled to use data messages to prove their claims in court. Obviously, the same requirements that are applicable to written documents now apply to data messages. For example, when the original signature of the parties is required for a specific type of contract or transaction, that requirement will be legally satisfied by an electronic signature.

Printed data messages now have the same evidentiary value as photocopied documents. Data messages are subject to constitutional and legal protection concerning the privacy of communication and access to personal information. An important provision regarding the formation of contracts is that the relevant parties may agree to offer and acceptance being carried out by means of data messages.

Electronic Signatures

The law provides that an electronic signature, which links a signatory with a data message, shall have the same evidentiary value as a handwritten signature. To comply with this requirement a certification service provider must certify the signature. An electronic signature may form an integral part of a data message, or be unequivocally associated with it, and it may be sent with, or separate from, the data message.

Office of Superintendency of Electronic Certification Services

A superintendency has been created as an autonomous service, hierarchically dependent on the Ministry of Science and Technology. Its purpose will be to accredit, supervise and control the certification service providers.

The superintendency has the power to:

• issue and renew the accreditation to certification service providers;

• revoke the accreditations when the providers breach their obligations;

• create and maintain the providers' official registry;

• supervise compliance of the providers with their obligations;

• collect relevant services fees and contributions, such as contributions for the issuance, renewal and revocation of providers' accreditations; and

• act as mediator in case of conflicts between providers and users, at the request of the parties involved.

Certification Service Providers

Certification service providers must be accredited by the superintendency in order to carry out the services that are stipulated in the law. Providers must comply with a number of requirements, including:

• having the financial capability required to provide certification services;

• having the technical capability and elements required to issue electronic certificates; and

• having an efficient and free system for accessing information, stating the principles for the rendering of the services, the electronic certificates that have been issued and suspended or revoked, and applicable restrictions.

Certification service providers are not required to use specific technology for the electronic signatures and certificates.

Where the certification service providers are legal entities, they must be incorporated according to the laws of the country of original incorporation. The providers may be either individuals or legal entities (private or government owned). There are no restrictions on foreign capital. Also, the law appears to permit non-Venezuelan companies to become accredited providers. This matter is expected to be clarified, perhaps in future regulations. In any event, for various legal and practical reasons, a foreign provider must always consider either incorporating a local subsidiary or registering a branch in Venezuela, and provide the certification services through the chosen entity, after it is accredited as a provider.

An accredited provider must provide the superintendency with a performance bond that (i) is issued by a Venezuelan bank or insurance company, and (ii) covers all contractual and non-contractual damages of signatories and third parties that may be attributed to the provider's negligence or willful misconduct.

The services to be provided include:

• the issuance, revocation and suspension of electronic certificates;

• the creation of electronic signatures and chronological records for them;

• the recording and conservation of data messages; and

• the issuance of guarantees for electronic certificates issued by foreign providers.

Another important provision is that the fees to be charged to providers will be subject to market demands. Thus, providers will be entitled to charge the fees they deem appropriate, in competition with other providers and without government price controls.

Electronic Certificates

An electronic certificate issued by accredited certification service providers will guarantee the authorship of the electronic signature it certifies, as well as the integrity of the data message. The provider will not have the ranking of a notary public or any other public officer, which is why a data message with an electronic signature that complies with the law will have the same legal value as an executed, private, written document.

The law provides that foreign electronic certificates will have legal value as long as an accredited provider guarantees them. This must be clarified in future regulations, because if a foreign company is allowed to become an accredited provider (as appears to be the case under the law's current wording), then the issue is whether the electronic certificate is issued by a non-accredited certification agent (either foreign or national).

The final chapter of the law provides that the government will create a certification service provider that will be subject to the law. Also, the tax and customs authorities must implement measures that (i) allow for them to use the mechanisms stipulated in the law and (ii) allow taxpayers to comply with their tax obligations using those mechanisms. These provisions confirm the government's aim of promoting and using new technologies.

For further information on this topic please contact Luis Miguel Vicentini at Baker & McKenzie by telephone (+58 212 276 5111) or by fax (+58 212 264 1532) or by e-mail ([email protected]).