Updated in March 2024
The law that regulates electronic signatures in the Dominican Republic is Law 126-02 on Electronic Commerce, Documents and Digital Signatures, of August 14, 2002, and its Implementing Regulations (Law on Electronic Commerce, Documents and Digital Signatures).
As a result of this law, a series of complementary rules were enacted to regulate specific aspects related to the matter, such as data protection and the constitution of certification entities, among others.
We highlight here the definition of some basic concepts included in this law:
- Electronic Signature. “Set of integrated electronic data, linked or logically associated to other electronic data, which by agreement between the parties is used as a means of identification between the sender and the recipient of a data message or a digital document and which lacks any of the legal requirements to be considered a digital signature”.
- Digital Signature. “Numerical value that is attached to a data message and that, using a known mathematical procedure, linked to the initiator’s key and the message text, makes it possible to determine that this value has been obtained exclusively with the initiator’s key and the message text, and that the initial message has not been modified after the transmission has taken place”. This last characteristic is known as “document integrity” and is only achieved if the document has been signed with a digital signature certificate (we explain this concept below).
- Secure Digital Signature. Adds to the concept of Digital Signature that the digital signature certificate has been issued by a Trusted Service Provider (authorization that, after passing a series of audits and processes, is granted by the regulatory body, in this case, Indotel) and it is also necessary that it has been created by means of a qualified signature device.
- Digital Certificate. “Digital document issued and digitally signed by a certification entity, which univocally identifies a subscriber during the period of validity of the certificate, and which constitutes proof that said subscriber is the source or originator of the content of a digital document or data message that incorporates its associated certificate”.
This law establishes an equivalence between the Digital Signature and the handwritten signature as long as it complies with all the requirements established by article 31, that is to say:
- It is unique to the person using it;
- Is under the exclusive control of the person using it;
- Is linked to the information, digital document or message, in such a way that if these are changed, the digital signature is invalidated; and
- Conforms to the regulations adopted by the Executive Branch.
Update of the legislative framework: Res. 071-19.
Until 2019, Law 126-02 was the conceptual skeleton of the digital signature in the Dominican Republic. However, in that same year, Indotel, the regulatory body in the matter, issued Resolution 071-19, which sought to “modernize” the existing law (almost 20 years old) to adapt it to the new technological reality and align it with the European Union’s eIDAS Regulation.
Following the terminological exposition, in Resolution 071-19, the conceptual basis is respected, but the terminology changes, counting now with:
- Electronic Signature, to which the surname “Simple” (FES) is usually added.
- Advanced Electronic Signature (AES)
- Qualified Electronic Signature (FAC); which is the one that now stands as equivalent to the traditional handwritten signature.
The following diagram is a visual support to better understand the terminological and conceptual differences between both normative texts:
Since Res.071-19, all digital certificates issued in the country must have the characteristic of being “Qualified”. However, this does not mean that this is enough for the signatures made by these certificates to be qualified, since for the signature to be qualified, in addition to the certificate being qualified, it must have been born and stored in a qualified device. In our model, this qualified device is a server with special cryptographic characteristics, usually called HSM (acronym for Hardware Security Module).
Just by way of mention, the new regulations also had an impact on the names of some certificate profiles, such as the old “Legal Entity” certificate, which is now called “Electronic Seal” and in which the data of the natural person who holds the legal representation of the company no longer appears.
In practical terms…
On a practical level, this regulation comes to say that in the Dominican Republic, electronically signed documents are valid, either by means of simple electronic signature (for example, one-time keys or OTPs, or checks of acceptance of conditions or any signature evidences that the signatory may use), or by means of signatures made with digital certificates. The latter may result in an advanced electronic signature (usually, with certificates downloaded locally by the subscriber himself in devices that he has under his own custody, such as his phone, computer, tablet or server), or a qualified electronic signature (i.e., the digital certificate is born and stored in a qualified signature device and issued by an entity authorized by Indotel).
However, not every electronic signature is valid in the Dominican Republic, whether it is made with or without a digital certificate, since in addition to complying with the technical requirements demanded in the mentioned regulation, there is another factor to take into account, such as having the Authorization of Indotel to operate in the sector, which implies:
- To be Certification Authority to be able to issue digital certificates.
- Being an Electronic Signature Provider to distribute signature software.
Let’s talk about each of these points:
Certification Authority – CA (issuance of digital certificates)
As a regulatory body, it is the Dominican Institute of Telecommunications (INDOTEL), which has the competence to authorize the provision of certification services for digital signatures, authorizing Certification Entities.
AVANSI was the first Certification Entity, which was constituted in the Dominican Republic. It happened on September 28, 2006 through Resolution No. 166-06, as reflected in the corresponding Certification. |
As Certification Entity (or Qualified Trust Service Provider, as it would be called according to the new regulations), Avansi is authorized to provide the following services related to the digital signature in the Dominican Republic:
- Services of issuance, administration, registration and preservation of digital certificates.
- Registration Unit Services, which are basically responsible, among other things, for managing the entire life cycle of certificate applications, which includes verifying the identity of subscribers, as well as the veracity of the data and documents provided during the application process of digital certificates.
- Issuance of time stamps.
Electronic Signature Provider – PFE (authorized software distribution)
Honoring eIDAS, the source of inspiration for the most recent Dominican regulations, the current regulatory framework introduces a new figure within the operators in the electronic signature sector, namely the Electronic Signature Providers (ESP).
ESPs are companies or individuals who, without being certification entities or, according to the new regulations, “Trusted Service Providers”, and therefore, without being authorized to issue digital certificates, can distribute software that allows to manage signature processes digitally, provided that such software complies with the provisions of the regulations to provide that service.
In this sense, Avansi is an Electronic Signature Provider authorized by Indotel to distribute its signature process management tools, according to the corresponding Indotel Certification.
Viafirma, your electronic signature solution
If you are looking for a document signature solution in Dominican Republic, Viafirma has the solution that adapts to your needs.
Contact us and we will inform you about our products and electronic signature solutions.