Get Started

OneSpan Blog

The Importance of NOM 151 for Electronic Signatures

E-Signature - Compliance
Camilo Méndez,
3D illustration of circuit board or electronic and digital hardware

Note: some of the links to other pages are only available in Spanish; if you click on a link and the page appears in Spanish, that page does not exist in English.

Digitization, also called digital transformation, has led Mexico and many other countries to legislate regarding digital documents and electronic signatures. This is how the Official Mexican Standard on NOM-151-SCFI-2016 came to be published in the official gazette of the federation. This standard is better known as NOM 151, and it includes "requirements that must be met for the storage of data messages and digitization of documents."

In general, this standard helps to assess whether electronic documents that include an electronic signature have been altered or not after being e-signed. In order to do that, certain third parties duly authorized by the Ministry of Economy (known as Certification Service Providers or PSCs) participate within the e-signature process, by issuing a Conservation Certificate. Courts or regulators examining a specific transaction later in time, who find that a Conservation Certificate has been issued in connection with a specific signed electronic document, should conclude such an electronic document has not lost integrity after its execution.

What is a NOM and why was NOM 151 created?

The NOMs are mandatory technical regulations, which are issued by different relevant agencies. Its name is made up of the letters for Official Mexican Standard (NOM, based on the Spanish acronym), the numerical code of the standard, the initials of the agency that issues it, and the year in which it was issued. In the case of NOM 151, it was issued by the Secretary of Commerce and Industrial Development, which is why it bears the acronym SCFI (based on the Spanish acronym) in its official name (NOM-151-SCFI-2016).

In 2002, NOM 151 was issued as NOM-151-SCFI-2002. It was created from the need for a procedure under which printed documents could be digitized and kept without losing the value they have as originals. Since its 2016 update, published in 2017, electronic signatures are also covered.

Article 89 of the Commercial Code defines a "data message" as "information generated, sent, received or filed by electronic or optical means, or by means of any other technology". The same article defines "digitization" as "migration of printed documents to data messages, in accordance with the provisions of the official Mexican standard on digitization and the preservation of data messages."
These definitions are important to understand the significance of NOM 151 because it gives a definition of any electronic document as a "data message". Setting requirements for the preservation of these data messages and the digitization of documents was crucial.

Until a few years ago, businesses worked without the need for the digitization of documents, signatures and contracts. Travel and travel expenses, in-person meetings and negotiations were the norm. Although it is still handled like this in some cases, digitization has opened up different ways of doing business and it is important to legislate so that they work properly. Many of the usual trips and meetings had the sole purpose of signing a document and the fact that is no longer necessary is already a reality, thanks to the regulations that now make electronic signatures official and legal.

Handwritten signatures are still a common way of signing written documents or agreements, as they serve as a visual representation of the agreement between the parties involved. However, capturing that agreement by means of an electronic device is also valid, if both parties agree. Documents that are agreed to remotely can be signed by means of an electronic signature, backed by an individual digital certificate issued by a Certification Service Provider (CSP) authorized to do so.

In Mexico there are at least 3 entities recognized by law as Certification Authorities, or by CSPs authorized by Certification Authorities, including:

  • The Tax Administration System (SAT, based on the Spanish acronym), known as e.firma
  • Certification Services Providers accredited by the Ministry of Economy and duly published in the Official Gazette of the Federation
  • Judicial Branch of the Federation (OJF, based on the Spanish acronym) through its certificate known as FIREL

NOM 151 guarantees compliance with commercial laws, in terms of technical standards that should be met by companies to ensure that an original electronic document has been stored and preserved appropriately. It also ensures a digitization standard under which a signed hardcopy document (which is an "original" in the offline world) could be digitized at a later date without losing is value as an original. It applies to any company or organization that uses electronic documents or digital signatures.

In terms of the digitization of documents, NOM 151 mentions the proper way to digitize a document with physical support. The following should be taken into account:

  • Clarity in terms of the migration process from the physical document to a digital file.
  • Document format: It must be possible to view it using some current software.
  • Quality: The necessary quality is specified for graphic, audio and video representations.
  • The new data message must be faithful to its physical document, respecting the original geometry or aspect in terms of size and proportion. This means that the format of the digitized version must be as close as possible to its original.

The elements that must be used to comply with this regulation are also defined by NOM 151. In addition to various electronic means, some of these elements include the data message preservation records and a digital time stamp.

The main function of the Certification Services Provider is to issue electronic certificates that guarantee the identity of the signer, however, it is not the only one. They are also the ones who can issue proof of conservation of data messages and digital time stamps. These two elements are essential for companies to prove that the electronic document was stored under a reliable method, and hence, that such document should have full evidentiary weight in court.

The proof of preservation - regardless of whether it is a physical person or entity who signed the document - serves to prove or to demonstrate before an authority (or a third party) that the document has been preserved in its entirety and without changes since the moment it was created. The Compliance with NOM 151 can be guaranteed under these conditions.

The time stamp proves the existence of the content at a certain date and time. It also demonstrates the integrity of the document since that particular date and time and contains information about the time of its creation. It is issued by a CSP. Both the time stamp and the proof of conservation are unique for each document. Any alteration to the document will be reflected in these elements. The documents (including the digital aspects and physical support) cannot be checked while the record of conservation and the time stamp are being created.

Therefore, data message conservation records and time stamps are the main legal and technical mechanisms to demonstrate that a document:

  • Is real: It is a proof of the existence of the data message. By having a proof of conservation and a time stamp, it is guaranteed that the document or agreement exists and is valid before the law.
  • Is considered complete: These two elements ensure that the document is the same as the one signed or agreed to. In the digital world there are many mechanisms and tools to edit or modify a document, so the fact that it was not modified must be demonstrable.
  • Is authentic: The document is the original and has not been tampered with, it is in the same condition in which it was created, without any modifications.

Benefits of legislation for digitization and electronic signatures

The requirements set forth in NOM 151 are many, however, the benefits are also significant. Technology opened the door to a new era in all aspects of business, including agreements.

Thanks to NOM 151, documents can be signed remotely safely, saving time, costs and paper but there are also other benefits such as:

  • The identity of the remote signer is guaranteed. It is not just the validity of the document itself, but the certainty that the signer is who they say they are.
  • It has legal validity. NOM 151 contributes to the legal validity of documents signed with an electronic signature. The data message conservation record can be used in a legal dispute; it is always there to demonstrate that it is the original document and that no modifications have been made.
  • The certificate of conservation and the time stamp guarantee the inalterability, integrity, and authenticity of the document. It does not leave room for doubt.
  • Guidelines for digitization are established, and this guarantees the quality of the documents with physical support.

All these benefits and more can be obtained with the OneSpan Sign electronic signature service. There is a strong and healthy legal framework to validate and certify electronic signatures in Mexico and different countries. It is a great way to ensure the authenticity and integrity of signed documents and agreements.

Camilo Méndez
Camilo Méndez

Camilo Méndez is a digital entrepreneur and technology enthusiast with more than 20 years of experience in business consulting and technology projects for large companies in Latin America. Today he is the Vice President of Sales for Latin America at OneSpan. Camilo holds an MBA from the University of California at Berkeley and a Masters in Information Systems Management from Carnegie Mellon University.

Go To Top
Share