Understanding the validity of digital and electronic signatures in Colombia

The technological transformations in companies occurs due to the elimination of paper and physical archives in day to day transactions, which generates the need to look for alternatives for the subscription of documents that are processed under the traditional handwritten signature. In Colombia, electronic and digital signatures have failed to become a mass phenomenon despite the law recognizing its validity since 1999[1], situation that has become a challenge for development in digital migration processes.

To begin an implementation process of digital or electronic signatures, it is essential to fully understand their own characteristics, with the goal of establishing which one is more appropriate for the desired objectives. Digital signatures are exclusively numeric values that go along with the electronic documents and are created based on a public and private key that recognize the identity of the signatory, for which certificates granted by entities accredited by the ONAC (National Accreditation Entity).

On the other hand, electronic signatures are more flexible mechanisms that can consist of codes, passwords, cryptographic keys, biometric data, or any other that allows identifying the signatory in a trustworthy and appropriate manner[2]. It is viable for these mechanisms to be defined by those interested, according to their needs, as long as the method chosen ensures that the creation data for the signature exclusively correspond to the subscriber, and that it is possible to detect any alteration in the electronic document that occurs subsequent to its subscription.

For example, the Taxes and Customs National Direction in Colombia (DIAN), in 2016 implemented an electronic signature sistem for taxpayers, which contains two elements: an alphanumeric password defined by the user and a numeric code sent to the signatory’s email[3]. The entity defined, on its own, what the best suited mechanism was for its activities, and based on that, created its own technological model, complying with the security and integrity parameters required and allowing in this way for processes executed by citizens to be developed virtually and with the same validity as handwritten signatures.

In any case, it can be said that even though the adaptability of electronic signatures adds value that can result in its preference in relation to digital signatures, it is essential to consider that the selection of one or the other depends on the special circumstances for which they will be used, being possible that both coexist in one single corporate model.

Digital signature can have a predominant application in relation to third parties who are not clients or close providers of the company, as it does not require reaching agreements about the electronic mechanisms to be used and it has the support of the digital certification entities.

In terms of the cost associated to obtain these certified signatures, its implementation is centered on the management positions and those who have frequent communication with administrative entities. This last element is of vital importance since in Colombia, certain authorities like the Financial Superintendence[4], require that virtual communications sent and subscribed by fiscal auditors or accountants of the overseen companies, include the digital signature mechanism supported by the credited entities.

After defining who the persons are that should have a digital signature, it is ideal to evaluate the use of policies, as it would be inefficient to limit their application exclusively to communications with state entities (as it occurs in many cases), ignoring their usefulness in digital communications with other businessmen in the sector, contractual documents, among others.

On the other hand, the versatility of electronic signatures allows them to be adapted to relationships with clients, users, or collaborators, since attending particular situations, any means can be selected that allows identifying the signatory. Consequently, biometric data could be used, such as digital fingerprints, to subscribe documents and contract obligations, as is already done by the Centralized Securities Deposit (DECEVAL) with the signature of its dematerialized promissory notes using the digital fingerprint.

The first step for the implementation of electronic signatures is to define which is the ideal means, according to the company’s conditions and the users that subscribe the data messages, with the possibility of employing diverse mechanisms segmented by sectors, as for example for providers and clients, providing a token to the first and consolidating a password mechanism for the second.

Another important aspect in this process is the inclusion of technological mechanisms that allow detecting any modification of the documents that occurs after their subscription, since, on the contrary, the integrity of the data message may be doubted and its obligation undermined. There are technological providers that integrate all these measures, but the specifications offered must be assessed, as well as their adaptability to the corporate model in which they will be used, and the security standards: options such as Adobe Sign can be evaluated, taking advantage of their inter-operability with programs that are known and frequently used, like the popular “pdf” reader Adobe Acrobat Reader.

It is essential that the technological transformation processes and policies of “zero paper” take full advantage of digital and electronic signatures, which have the same validity as handwritten ones when they are used in compliance of the guidelines imparted by the applicable norms.  Although it is true that their configuration breaks with the conventional idea of granting consent with the inclusion of a proprietary graphic symbol, the benefits in terms of security and ease should be enough to motivate their inclusion in corporate models throughout all sectors.

Natalia Tovar
Attorney – MY BRAND

  • [1]Law 527 from 1999 published on August 21st of 1999 for access and use of data messages, electronic commerce, and digital signatures.
  • [2]Decree 2364 from 2012, article 1, numeral 3.
  • [3]The use of electronic signature before the DIAN was regulated through Resolution 000070 from November 3rd of 2016
  • [4]External circular 024 from 2015