Electronic Signature Legality in Mexico: Insights from One of Mexico’s Largest Banks
En español | We regularly host webcasts on topics such as e-signature, digital signature, and secure business process digitization. If you missed our recent webcast hosted in Spanish, La Legalidad De La Firma Electrónica Y Casos De Éxito, here is the 5-minute summary. The full presentation is available on-demand.
The COVID-19 pandemic has significantly altered the way companies do business. With the global shift to remote work, digital solutions like electronic signatures have become the new normal across numerous industries.
Still, many people are confused about the legality of e-signatures around the world. To explore Mexico’s regulatory framework around e-signature, we spoke with Mario Alberto Gloria, Chief Legal Officer for one of the biggest banks in Mexico, and his colleague Isaac Flores, Director of Business Process Architecture & AI Technologies.
Flores is responsible for innovation-oriented strategies and for optimizing and transforming business processes. Through his work, they became the first bank in the country to have a functional Advanced Electronic Signature. After adopting OneSpan’s Advanced Electronic Signature for the first time in September 2020, the bank transformed their account opening process to enable remote agreement signing during customer onboarding. Flores explains:
“The reality is that the use of this technology is an important factor in transforming onboarding, and it allows us to carry out a completely digital operation at a distance, ensuring (with the aid of the elements we’ve discussed here today) the legality of contracts signed with an electronic signature.”
According to Flores, there have been substantial benefits to the client experience with the addition of electronic signature.
“I think one of the benefits is that you can do it from home, or from anywhere really, and that’s a benefit for the end user. Second, you can use it any time, as it is completely electronic, you can access it from your computer, and this facilitates the act of signing [...] with the ease of not having to go to a branch.”
In Mexico today, the legal adoption of electronic signatures has provided financial institutions and other companies with an easier and more efficient way to do business with clients and partners, especially as they adapt to the COVID-19 pandemic. The banking industry, in particular, is using e-signatures to transform its agreement processes and provide an additional layer of reliability, security, and enhanced customer experience to every signed electronic form and document.
The Role of Consent in Electronic Signatures
As the Chief Legal Officer for one of the biggest banks in Mexico, Mario Gloria is currently leading a team that is managing and executing a major digital transformation within the bank. When discussing the legal validity of e-signature, he says it’s important to consider its legal weight and the role of consent. He states:
“In order to enter into contracts, agreements, or legal acts, it is necessary that the contracting parties consent to the terms and conditions of the contract or document. They must officially demonstrate that they are agreeing to bind themselves to fulfill the contents of the given document.”
Within this context, what exactly is consent?
For Mr. Gloria, consent is what brings an agreement into existence. In Mexico, the Federal Civil Code states that consent can either be expressed or implied. Consent is considered expressed when it is stated verbally or in writing. Expressed consent carries a greater weight than implied, and electronic consent in the form of an e-signature qualifies as expressed consent.
Traditionally, consent is expressed by a physical signature. Although the signature is a commonly accepted legal process, the regulatory framework does not currently exist in Mexico on what elements need to be included as part of a signature. There is only jurisprudence that calls for distinguishing marks or characters. Gloria explains:
“Handwritten characters have the primary purpose of identifying the person who is signing. The second purpose of the signature is to link the signature to the contents of a document. That is to say, I identify myself, and consequently, I consent in writing to abide by the contents of this document,”
This creates a distinct problem for the ink and handwritten signature:
“In terms of the ink signature, there is no reliable method of authentication. The person in question can either say, ‘I didn't sign that,’ or ‘I did sign, but that isn't the document I consented to.’”
Legal eSignature Developments in Mexico
As societal behaviors evolve, the law follows suit. In 2000, a new chapter on electronic commerce was incorporated into the Mexican Commercial Code that provided a model for consent through electronic means. The civil code, Mexican state codes, the federal code of civil procedures, and federal law of consumer protection all adopted this regulatory framework, which was supported by an international model. As Mr. Gloria explained on the webcast:
“There is a model law internationally which was promulgated by the United Nations Commission regarding electronic commerce, electronic signatures, and international commerce, which already recognizes the use of the electronic signature, the use of data messages, and the use of electronic means. Mexico adopted (the guidelines) of this commission and decided to adapt these concepts and incorporate them into its legislation.”
This established an important principle: functional equivalency. The objective of this principle is for e-signing to have the same validity and scope as the physical signature while improving it through a digital format.
Among the laws that were adapted in 2000 was the law of the Advanced Electronic Signature, which is part of the Federal Labor Law itself, and the Banking Law. Due to these laws, almost all Mexicans interact with their bank through electronic means today.
How Are Electronic Signatures Validated by Law?
In terms of e-commerce and Mexico’s commerce code, two important concepts are regulated: data messaging and electronic signatures. For the commercial code to be applied, judges and citizens must also respect the principles that make the use of electronic signatures possible:
- The principle of technological neutrality
- The Independent Will principle
- International compatibility
- The principle of functional equivalency
This means that, for the last 20 years in Mexico, an electronic signature has made a document as valid as a physical signature. But which of the two signatures holds more validity?
Gloria says that they are both valid:
“They are both valid, but the evidence effect will be different to the judge. The physical signature, as opposed to the electronic signature, does not legally bind a judge in terms of what to take into account when determining its validity. For the electronic signature, what it tells the judge is, what are the factors that must be considered so that the electronic signature is sufficient in probatory terms, so it has to be accepted and cannot be rejected. This evidence strength has to do with the reliability of the method used to generate the electronic signature.”
If at some point one of the parties needs to present an e-contract as evidence in court, the judge must validate three important aspects:
- The e-signature is attributable to the individual who signed it.
- All interested parties can access the e-record.
- Integrity: that it is secured against tampering.
According to Mr. Gloria:
“An electronic signature has two purposes: one, to identify, and two, to link. So, the electronic signature has an additional benefit that the traditional signature doesn't have, and that additional benefit is the attributability, the integrity and the reliability of the method used to authenticate to the signatory, in contrast to the physical signature, which does not have reliability in terms of the method.”
In other words, an electronic document carries more weight. This does not mean one is more valid or legal than the other. However, with an e-signature, there is the ability to verify that it is trustworthy and secure. Gloria continues:
“Article 89 of the Commerce Code provides us with two important elements. What constitutes a data message? And what constitutes an electronic signature? A data message is the information that is generated, that is sent, that is received, that is saved, through electronic means. All the information that is contained in an electronic medium is a data message.”
Then, what exactly is an electronic signature? Gloria provides a broad definition:
“An electronic signature is the data in electronic format, assigned to a data message, or associated with it, which are used to identify the signatory, just like with a physical signature, and also to link the signatory with the contents. The signatory approves the information contained in a data message.”
This is a legal definition directly from Article 89 of the Commerce Code. Therefore, a judge can’t refuse to accept an electronic signature, solely because it is digital and not in ink.
In the Mexican Commerce Code and Civil Code, there are certain contracts that the law requires to be in writing. Both codes state that these contracts will still have the same legal effect if they are formatted digitally (as a data message). However, it must comply with the same three requisites that are determined by the judge:
- Integrity: That the signature has not been altered
- Attributable: That the signature can be tied to the signatory
- Accessibility: That the electronic record is accessible for all intervening parties, including a judge
The judge will consider all three elements to determine if a data message can substitute a written record.
The Advanced Electronic Signature
There is a type of electronic signature that Mexican law recognizes as having a higher level of security: the Advanced Electronic Signature. (Note: In Mexico, what is referred to as the “Advanced Electronic Signature” is more commonly known internationally as the “Qualified Electronic Signature” or QES.)
Basic (also known as Simple Electronic Signatures) and Advanced Electronic Signatures are both reliable in the eyes of the law, but the Advanced Electronic Signature contains four requirements. As Mr. Gloria explains:
“The first is that the data of the signature creation correspond strictly to the signatory. In accordance with Article 89 of our Commerce Code, the data of the creation of the signature are the passcodes and passwords. If they correspond to the person, we have a checkmark.
Next requirement. This data of the creation of the signature, the passwords and passcodes for these effects, are under the exclusive control of the signatory. A common example would be the Advanced Electronic Signature for SAT (Tax Administration Service in Mexico).
And the last two have to do with conservation and integrity, which I mentioned before. Alterations can be detected in two senses. First, the electronic signature itself can be altered, or second, the content of the data message can be altered.”
If all four requisites are fulfilled, the electronic signature is considered advanced. However, the Commerce Code also requires a reliable structure. Gloria provides a definition:
“A reliable structure means that an authorized third-party certifies that operation. So it becomes advanced if it complies with the four aforementioned requisites and when a third party, who is a Certification Service Provider (CSP) authorized by the Minister for Economic Affairs, stamps the signature, adds his or her own signature, and gives a timestamp as well.”
CSPs are governed by the Commercial Code and its implementing regulations (Articles 100 to 113). In addition to providing issuance and certification of e-signature services, they are authorized to provide other services, including “Certificate of Conservation Service” (Servicios de Constancia de Conservación). Certificates of Conservation are issued under Mexican Official Standard (NOM-151-SCFI-2016, published on March 30, 2017). This certificate allows a court to trust that a document has not been modified since the moment in which the certificate was electronically stamped in the electronic document.
How Does an Electronic Signature Comply with NOM 151?
We know that an electronic signature is only valid if it is accessible and maintains integrity. But how can this be guaranteed? The Commerce Code itself establishes an obligation that all documents must be kept for 10 years. However, in Mexico, the document must comply with NOM 151 to be properly preserved.
The NOM is used to regulate two key aspects. First is the conservation of the physical document converted into the digital form. Second is the conservation of the data message or the digitization of the physical document. Mr. Gloria explains:
“I want to reinforce this, because it’s very important, and that is a legal issue, regarding proof. The probative element is not the document and it’s not the stamping of the electronic signature. It is the data message per se, regardless of where it is contained. It can be contained on a USB stick, on a diskette, but it is the information itself that is contained there. And of course, it can have a graphic representation. It needs to comply with NOM 151 to that effect.”
Under the Mexican Commercial Code, electronic signatures should be considered valid and will produce legal effects as long as the electronic signature creation method chosen by the parties is found to be appropriate for the purpose for which the data message was generated or communicated.
Watch this presentation for more information, and to hear the full 60-minute webcast.
This article is for informational purposes only and does not constitute legal advice. It is recommended that independent professional advice is sought from your side. OneSpan does not accept liability for the contents of these materials.