Are e-signatures legal, admissible, and enforceable in the local jurisdiction?
- (i) Peruvian Civil Code, approved by Legislative Decree No. 295.
- (ii) Law No. 27269, Digital Certificates and Signatures Law.
- (iii) Supreme Decree No. 052-2008-PCM, Regulation of the Digital Certificates and Signatures Law.
- (iv) Several technical regulations.
Types of Electronic Signatures:
Under the aforementioned Law and Regulation, there are three types of electronic signatures:
- a. Simple Electronic Signature (SES): It is any electronic symbol used to express the will. It is the simplest electronic signature and used without additional controls. It requires the least security with respect to guaranteeing the identity of the signatory and the integrity or authenticity of the document signed. For example, using a scanned signature without additional controls would qualify as an SES.
- b. Advanced Electronic Signature (AES): An AES is a SES that also meets the following additional requirements: (i) the signature is linked to the signatory in a unique way, (ii) allows the identification of the signatory, (iii) has been created using signature creation data that the signatory can use under its control, and (iv) is linked to the signed document in such a way that any subsequent modification thereof is detectable. It is a more secure type of SES, as long as it complies with the listed requirements.
- c. Qualified Electronic Signature (QES): The qualified electronic signature or digital signature is a type of SES issued by certain entities duly accredited by and registered with Indecopi (E-Signatures Authority).
Validity of Electronic Signatures:
Although all signature types are valid to express the will, there are certain aspects that should be considered when evaluating what type of signature to use on a specific document.
According to the Regulation, in the event of a legal dispute related to the authorship of an SES or AES, the burden of proof on authorship falls on whoever invokes it as authentic. In the case of a legal dispute related to the authorship of a QES, whoever denies its authenticity must prove that the signature is not authentic, because the QES is presumed to be authentic or to belong to the signatory.
The QES can be useful for documents that are very important to the company (e.g., high value agreements), documents that must be filed with a public entity (although most public entities accept documents with AES or even SES), that require a special formality (e.g., public deed) or when required by law.
The AES can be used for ordinary contracts or documents, but it must be ensured that the software or application used for its issuance complies with the requirements described in bullet b.
A case-by-case analysis is recommended.
Are there certain documents that cannot be e-signed?
In general, many documents may be signed in electronic form. However, some documents may require a special formality related to using handwritten signature (e.g., wills as established in family law) or the public entity that must receive the signed document as per a legal requirement has not implemented the reception of e-signed documents. In these cases, such documents cannot be e-signed.
A case-by-case analysis is recommended.
Does local regulation govern the use of digital IDs / certificates for e-signatures?
- (i) The Supreme Decree No. 029-2021-PCM, Regulation of the Digital Government Law, establishes that the digital National Identification Document (DNId, acronym in Spanish) issued by the National Registry of Identification and Civil Status (Reniec, acronym in Spanish) allows to accredit the identity of its holder, and that it can be used in digital environments, including public web sites and applications. The DNId can be used as a QES.
- (ii) The DNId works with a digital certificate issued by Reniec, which is accredited by and registered with Indecopi.
Certificates for E-Signatures:
E-Signature certificates may be granted by "certification service providers" for issuing an AES or by "accredited certification service providers" for issuing an QES. Accredited certification service providers are entities duly accredited by and registered with Indecopi.
If yes to the above, does local law provide certification bodies / trust services that users of e-signatures should be aware of?
Indecopi is the public entity in charge of managing the Official Infrastructure of E-Signature (IOFE). The IOFE is comprised of the registries of providers of services connected with QES services (for instance, digital certification, time stamps, e-signature software, etc., must be registered with the Indecopi). These providers must be accredited by and registered with Indecopi to provide their services of QES validly.
By means of the accreditation procedure, the aforementioned entities must evidence they comply with the technical regulations mentioned in question 1.
*DISCLAIMER: The information contained in this guide is for information purposes only, provided as is as of the date of publication and should not be relied upon as legal advice or to determine how the law applies to your business or organization. It is recommended that you seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. OneSpan does not accept liability for the contents of these materials or for third parties materials.
Last updated: November 2021