*By Maurício Balassiano
The National Institute of Information Technology (ITI) launched a public consultation, open to suggestions from society until 02/12/2024.
The initiative aims to align with international practice (EU Regulation 910/2014 known as eIDAS - Electronic Identification and Trust Services) and aims to simplify and clarify the profile of the different types of ICP-Brasil certificate.
Among the modernization proposals, the main ones are the extinction of type A1 certificate (issuance and storage in software) for individuals and legal entities and the creation of Electronic Seal replacing the legal entity certificate, the latter with the purpose of guaranteeing authenticity and origin of documents, such as tax documents, declarations and certificates, maintaining certificates for the purpose of digital signature exclusively for citizens, individuals.
Electronic seals, whose proposal foresees exclusive issuance using hardware approved by INMETRO, will serve to guarantee the integrity of an electronic document, serving as proof of the issuance of the document by a specific company, functioning in a similar way to a physical stamp.
Even though the modernization proposal is in line with international standards and makes perfect sense – since a company will always be represented, according to the established powers, by one or more natural persons, demonstrating commitment or involvement with the content of the document and verifying the identity of the signatory – the current market is significantly composed of this product (more than 50% of the active base – https://numeros.iti.gov.br/), and therefore economically dependent on this type of certificate.
Reference data and Potential Impacts for the current Ecosystem:
– The A3 type product for legal entities, the one with exclusive issuance in hardware, did not reach 4% of total emissions in the last year of 2023
In practice, the electronic seal will have similar technical characteristics to this product with the difference that it does not have an individual holder designated as responsible for the digital certificate.
This low rate of product adoption by the market does not necessarily mean that there is some type of technical limitation in market applications, and may be related to the validity period of the digital certificate and price practiced by certifiers (on average 50% more expensive for a validity period 3x longer), since there is greater dynamism in information related to the representation of the legal entity (frequent changes to social contracts).
In any case, there is a point of attention to be observed by client companies regarding the ownership and access control to the new electronic seal.
– The product type A1 for legal entities represented 56%, while type A1 for individuals represented 25% of total emissions in the last year of 2023
In practice, these products will cease to exist, causing a migration of this basis to the electronic seal, in the case of legal entity holders, and other A3 type products, in the case of natural person holders. It is important to mention that this new distribution in the MIX of products, and respective validity periods, will require Certifying companies to review the table of pricing and possibly also in your partner remuneration tables.
In relation to the indices presented, this may indicate that, in addition to the previously mentioned factors related to price and validity period, there is a certificate sharing practice, which in itself would represent a risk to the legal security of companies and/or individuals, and consequently for the entire system. Therefore, I believe that the measure is positive and will increase the reliability of the entire system.
Although the technical impact appears to be low for applications, as they will only need to be prepared to validate and process the new identifier code (OID) related to the electronic seal, the operational impact may be relevant, precisely because the sharing practice works as a form of operationalization at the end of the value chain.
Furthermore, many applications, especially governmental ones, have supported the adoption of digital signatures through specific regulations that will need to be subject to review.
Finally, I see this proposal as an opportunity for Certifiers to encourage the adoption of cloud products. In addition to the most obvious benefits of the cloud product, such as remote access by the customer and use on mobile devices, there is also the possibility that in the future the charging model can be adapted to the transactional model replacing the one-time-shot-fee.
I still hope to see the digital certificate as the main digital identity of every Brazilian citizen and being adopted in all critical digital transactions, such as e-commerce, means of payment and health systems. When this day comes, we will live in a more digital, efficient and safe country.
*Mauricio Balassiano – Executive with over 20 years of experience in the Technology and Data industry
Source: Crypto ID
EN 
PT 
