Advertising by Google
PKI Brazil - Law
«Digital ID in Brazil.
«Laws in Brazil.
The PKI Brazil was legally created by Provisional Measure 2.200, last issued on August 24th 2001.
Below, full text of the MP.
Original text is in black.
Provisional Measure 2.200-2, August 24th 2001.
Institutes the Brazilian Infrastructure of Public Keys - ICP-Brasil, changes the National Institute of Information Technology into an autarchy and adopts other measures.
The President of the Republic, in use of the enpowerments seth forth by Article 62 of the Constitution, enacts the following Provisional Measure, with force of law:
Art. 1. It is henceforth created the Brazilian Public Key Infrastructure - PKI Brasil (ICP-Brasil), to guarantee authenticity, integrity and juridical validity of documents in electronic media, of supporting applications and habilitated applications which utilize digital certificates, as well as the implementation of secure electronic transactions.
Art. 2. The ICP-Brasil, whose organization shall be defined in by-rules, shall be composed by a policy gestor authority and by the chain of certifying authorities composed by the Root Certifying Authority - AC Raiz, by the Certifying Authorities - AC and by the Register Authorities - AR.
Art. 3. The function of the policy gestor authority shall be exercized by the Gestor Committee of ICP-Brasil, subordinated to the Civil House (Chief of Staff) of the President of the Republic and composed by five representatives of civil society, members of interested sectors, appointed by the President of the Republic, and one representative fromeach of the following bodies, appointed by their principals:
I - Ministry of Justice;
II - Ministry of Finances;
III - Ministry of Development, Industry and Foreign Trade;
IV - Ministry of Planning, Budget and Administration;
V- Ministry of Science and Technology;
VI - Civil House of the Presidency of Republic;
VII - Office of Institutional Security of the Presidency of Republic.
§ 1º The coordination of the Gestor Committee of the ICP-Brasil shall be exercizes by the representative of the Civil House of the Presidency of Republic.
§ 2º The representatives of civil society shall be assigned for a period of two years, the reconduction being permitted.
§ 3º The participation in the Gestor Committee of the ICP-Brasil is of relevant public interest and shall not be paid for.
§ 4º The Gestor Committee of the ICP-Brasil shall have an Executive-Office, as prescribe in by-laws.
Art. 4. The following are competences of the Gestor Committee of ICP-Brasil:
I - to adopt necessary measures to create the ICP-Brasil;
II - to establish the policies, the criteria and the technical rules for the habilitation of the ACs, ARs and other support services of the ICP-Brasil, in all levels of the certification chain;
III - to establish the policy of certification and the operational rules of AC Raiz;
IV - to homologate and audit the AC Raiz and respective service providers;
V - to establish guidelines and technical norms for implementation of polices of certificates and operational rules of ACs and ARs and define levels in the certification chain.
VI - to approve certificate policies, certification practices and operational rules, habilitate and authorize the operations of ACs and ARs, as well as authorize the AC Raiz to issue the respective certificate;
VII - to identify and evaluate the policies of external PKIs, negotiate and approve agreements of bi-lateral certification, crossed certification, rules of inter-operability and other means of international cooperation, certificate, as needed, their compatibility with the PKI-Brasil, respected the provisions of international treaties, agreements or acts; and
VIII - to update, adjust and revise procedures and practices established for PKI-Brasil, overlook their compatibility and promote the technological updating of the system and its conformity with security policies.
Sole paragraph. The Gestor Committee may delegate assignments to AC Raiz.
Art. 5. The AC Raiz, highest authority of the certification chain, executive of the Certification Policies and technical and operational rules approved by the Gestor Committee of PKI-Brasil, is competent to issue, distribute, revoke and manage the certificates of the AC one level below, manage the list of issued, revoked and expired certificates, and execute auditing activites of the AC and the AR and the service providers, in conformity with the technical guidelines and rules established by the Gestor Committee of the PKI-Brasil, and exercize other attributions assigned by the gestor authority.
Sole paragraph. The AC Raiz is forbidden from issuing certificates to the final users.
Art. 6. The ACs, entities authorized to issue digital certificates linking pairs of criptographic keys to the respective holders, are competent to issue, distribute, revoke and manage the certificates, as well as making available to users the lists of revoked certificates and other information regarding the recording of operations.
Sole paragraph. The pair of criptographic keys shall be generated always by the very holders and the private key shall be of their exclusive control, use and knowledge.
Art. 7. The ARs, entities operationally subordinated to ACs, are competent to identify the users in their presence, request certifications to the ACs and keep records of their operations.
Art. 8. Observed the criteria to be established by the Gestor Committee of the PKI-Brasil, both public bodies and private persons may be habilitated as AC and AR.
Art. 9. The ACs are forbidden from certifying any level other than the one immediately below, except in cases of side certification or crossed certification, previously approved by the Gestor Committee of PKI-Brasil.
Art. 10. The electronic documents mentioned by this Provisional measure shall be considered, for all legal purposes, public or private documents.
§ 1º The statements appearing in electronic documents produced with utilization of certification processes overlooked by PKI-Brasil are presumed thruthful in regards to the signers, as provided by art. 131 of Law 3.071, January 1st 1916 - Civil Code.
§ 2º The provisions of this Provisional Measure shall not preclude the utilization of other means probatory of authorship and integrity of electronic documents, including means which utilize certificates not issued by PKI-Brasil, as long as the means are admitted as valid by the parties or accepted as valid by the person to whom the document is opposed.
Art. 11. The utilization of electronic documents for tax purposes shall observe, additionally, the provisions of art. 100 of Law 5.172, October 25st 1966 - National Tax Code.
Art. 12. The Instituto Nacional de Tecnologia de Informação - National Institute of Information Technology, with seat in the Federal District, has status of autarchy, subordinated to the Ministry of Science and Technology.
Art. 13. ITI shall be the Root Certyfing Authority of the Brazilian Public Key Infrastructure.
Art. 14. In the exercize of the respective assignments, ITI shall conduct auditing activities, applying penalties, as prescribed by law.
Art. 15. The basic structure of the ITI shall comprise a President, a Director of Information Technology, a Director of Public Keys Infrastructure and a General Attorney.
Sole paragraph. The Directors of ITI may be established in the city of Campinas, State of Sao Paulo.
Art. 16. To pursue their objectives, ITI shall be allowed to, as prescribed in law, contract third party services.
§ 1º The Director-President of ITI may request, for office in the Directorship of Public Key Infrastructure, for term not longer than one year, civil servants or militaries, and employees of entities of Federal Public Administration, for any necessary duty.
§ 2º The persons requested as per this article shall have assured all rights and benefits of their original offices.
Art. 17. The Executive Power is authorized to transfer to ITI:
I - the technical assets, the rights and duties of the Instituto Nacional de Tecnologia da Informação; and
II - remove or reorganize the budget of the budgetary law of 2001 to adjust to the new legal frame.
Art. 18. While the General Attorney is not created, the ITI shall be represented in Court by the General Advocate of the Union.
Art. 19. All acts practiced under Provisional Measure 2.200-1 are co-validated.
Art. 20. This Provisional Measure shall be valid since the date of publication.
Brasília, August 24th 2001.
Fernando Henrique Cardoso.
Back to Top