STJ reaffirms the understandings regarding the legal validity of electronic signatures

In a decision that reaffirms and consolidates the understandings on the subject, the 3rd Panel of the Superior Court of Justice (STJ) recognized the executive and evidentiary force of documents signed electronically on private platforms, waiving the obligation to use an ICP-Brazil digital certificate¹ by the signatories.

Since the publication of Provisional Measure No. 2,200-2/2, a legal framework that confers legal validity to electronically signed documents - with or without the use of an ICP-Brazil digital certificate - the issue has been the subject of doubt in the Brazilian judiciary.

In recent years, a minority understanding has been observed, which argued in favor of the mandatory use of a digital certificate and accreditation of the signature platform to ICP-Brazil.

The decision can be considered a framework for the legal security of digital transactions that take place in the Brazilian legal system. In addition to analyzing applicable legislation and current case law, he explored the technological aspects of authenticating signers and the integrity of electronic documents.

The STJ reaffirms its position, follows the majority understanding of the State Courts, and consolidates the acceptance of electronic signatures made on private digital platforms.

Access the full decision

Context of the action

The original action is a search and seizure nature, based on a Bank Credit Bill signed on the Clicksign platform. The signer was authenticated through Token via SMS² and the integrity of the document was guaranteed by the platform's cryptographic “hash” and digital certificate technologies.

The original Court considered the electronic signature made by the parties insufficient for the proposed purposes, arguing that the fact that the platform was not accredited by ICP-Brazil would impair the legal validity of the signatures in question.

The creditor party appealed to the STJ arguing that the use of an ICP-Brazil digital certificate was not mandatory and pointing out a violation of current legislation.

Foundations, Applicable Legislation, and Legislator's Intent

‍The STJ's decision was based on Provisional Measure No. 2,200-2 of 2001 and on Law No. 14,063 of 2020.

Provisional Measure No. 2,200-2/2001, the legal framework for the validity of electronically signed documents that remain in force, established two types of electronic signatures, which vary according to the method used to authenticate the signer:

‍“Art. 10. For all legal purposes, the electronic documents referred to in this Provisional Measure are considered public or private documents.

‍§ 1 The statements contained in the electronic documents produced using the certification process provided by ICP-Brazil are presumed to be true in relation to the signatories, in accordance with art. 131 of Law No. 3,071, of January 1, 1916 - Civil Code.

‍§ 2 The provisions of this Provisional Measure do not prevent the use of other means of verifying the authorship and integrity of documents in electronic form, including those using certificates not issued by ICP-Brazil, provided that they are accepted by the parties as valid or accepted by the person to whom the document is opposed.”

The legislator was expressed in stating that both types of electronic signatures have legal validity, differentiating only the presumption of veracity.

While the electronic signature authenticated by an ICP-Brazil digital certificate is presumed to be true, the one that uses other means of proof requires the agreement of the parties.

Law No. 14,063/2020, which provides for the use of electronic signatures in interactions with public entities, in acts of legal entities and in health matters, and on software licenses developed by public entities, classified electronic signatures into three types, differentiating them based on the method used to authenticate the signer.

The decision went beyond the objective analysis of the legal provisions and sought to interpret the legislator's intention regarding the legal validity of the electronically signed documents.

To this end, I brought to the Judgment the Interministerial Explanatory Memorandum of first edition of the Provisional Measure, public demonstrations by the first Chief Prosecutor of the ITI³, in addition to Opinion issued by the ITI Attorney's Office at the time of drafting Law No. 14,063/2020.

When analyzing the legal provisions and the legislator's intention, the decision under the rapporteur of Minister Nancy Andrighi concluded:

“(...) the legislator's intention was to create different levels of evidentiary force for electronic signatures, according to the technological authentication method used by the parties, and - at the same time - to confer legal validity on any type of electronic signature, taking into account private autonomy and the freedom of the forms of declaration of will between individuals”

Jurisprudential evolution in the STJ

The decision revived the history of Supreme Court judges on the subject, highlighting the Superior Court's attention to technological developments, in line with the legislator's spirit of providing legal certainty to transactions carried out through electronic means.

It is interesting to note that, more than ten years ago, the STJ was already in favor of easing the formal requirement for handwritten signatures, arguing for the possibility of attesting the authorship of the expression of will using elements alternative to the traditional analog signature,4.

Already in the middle of 2018, the STJ decided in favor of easing the requirement for the signature of two witnesses as a requirement for the enforceability of electronically signed securities¹.

More recently, in decisions handed down in the years 2022 and 20236/8, the STJ has consolidated its understanding of the enforceable and evidentiary force of these contracts, regardless of the use of an ICP-Brazil digital certificate by the parties, since “the technological advance observed in the present 'digital era' has made it necessary to provide the same hygiene and security in the identification of documents in electronic format, prepared with the aid of computers”.

When analyzing the history and jurisprudential evolution in the STJ, the decision concluded:

“Therefore, the recognition of the legal validity and probative force of documents and signatures issued electronically, when combined with the use of technological tools that make it possible to reliably infer (or audit) the authorship and authenticity of the firm or document, is, in the evolution of the precedents of this Superior Court, in clear harmony with the spirit of the legislator.”

Elements of authenticity of the signatories and integrity of the signed document

The rapporteur also deepened the examination by highlighting two essential aspects of electronic signatures: the authenticity of the signers and the integrity of the signed document.

Authentication methods are the technologies offered by platforms to authenticate signers. The classification of the type of electronic signature varies depending on the choice of these methods.

While the simple electronic signature uses unique authentication factors, such as a password or code, the advanced electronic signature has multiple factors to authenticate the signer, which vary according to the technologies offered by the platforms, such as temporary codes (tokens) sent via cell phone or e-mail, facial biometries, selfie capture and geolocation.

The integrity requirement, on the other hand, concerns the factors used by the platforms to ensure that the signatures and the content of the signed document were not tampered with during and after the authentication processes.

Although the legislation does not establish a single way to guarantee the integrity of the signed document, the STJ's decision highlighted the factor most used by platforms: the cryptographic function Hash.

This is because, by assigning a unique and unique hash code to the signed document, it is possible to detect any change made to the content of the document after its signature.

It is interesting to note that the efficiency of the technology Hash has already been analyzed by the STJ in previous decisions ¹. At times, the use of the cryptographic function has been recognized Hash as an element capable of guaranteeing the integrity of digital evidence.

When analyzing the entire context, the decision concluded:

“(...) the “hash” functions are sensitive to changes and efficient in detecting any modification of the original content of electronic documents or signatures. This property is fundamental to guarantee integrity in electronic signatures, both in the advanced and in the qualified modality.”

Refutation of the veracity of the electronic signature

Another central element in the discussions about the validity of electronically signed documents, the duty of challenging the party against whom the document was produced, was also addressed by the STJ decision.

This is because the First Instance Court, ex officio, refuted the veracity of the signatures in question. For the STJ, such a measure violates the provisions of Provisional Measure No. 2,200-2/2001 and may represent unequal treatment on the part of the court, since it is exclusively up to the parties to challenge documents produced against them.

The Code of Civil Procedure is expressed in this sense, when it provides on the subject in articles 139 and 141. Let's see:

‍“Article 139. The judge shall direct the proceedings in accordance with the provisions of this Code, and shall be responsible for:

I - ensure equal treatment for the parties;”

‍“Art. 411. The document is considered authentic when:

(...)

III - there is no challenge from the party against whom the document was produced.”

In this sense, the following were included in the summary of the decision:

‍“The refutation of the veracity of the electronic signature and of the documents on which they were electronically placed - whether in the aspect of their integrity or in the aspect of their authorship - must be made by the person to whom the rule of art. 10, paragraph 2, of the MPV 20200/2001 was expressly addressed, who is the “person to whom the document is opposed”, who is the same person who admits the document as valid (i.e., the recipient). This is, in fact, the rule of art. 411, I, of the CPC, when creating the presumption of authenticity of a private document when the party against whom it was produced ceases to challenge it.

‍The person to whom the legislator refers is one of the parties to the procedural relationship (in the case of the enforcement of a credit instrument, the issuer, the endorser, or the endorser), which - by definition - excludes the person from the judge, under penalty of incurring the unequal treatment, vetoed by the rule of art. 139, I, of the CPC.”

Repercussion and conclusions

The case had repercussions in the legal environment. Several vehicles highlighted the relevance and importance of the decision, such as Crumbs, Legal Consultant and Veja Magazine.

The STJ reinforces the legal security of digital operations by reaffirming its understandings regarding the applicable legislation, the legislator's intentions, the principle of private autonomy, and the autonomy of the parties.

What we see is a consolidation of the theme. The electronic signatures and technologies used by the platforms are instruments capable of assigning to the signed document the authenticity of the signers and the integrity of their information, regardless of the use of an ICP-Brazil digital certificate.

—————————————————————

¹ The Brazilian Public Key Infrastructure (ICP-Brazil) is a hierarchical chain of trust that enables the issuance of digital certificates for the virtual identification of citizens. Source: https://www.gov.br/iti/pt-br/assuntos/icp-brasil

² The Token via SMS is a technology provided by the Clicksign platform, which consists of authenticating a signer using a temporary code sent to their telephone number.

³ National Institute of Information Technology (ITI) is a Federal Authority, created through Provisional Measure No. 2,200-2/2001, linked to the Ministry of Management and Innovation in Public Services, with the purpose of being the Root Certification Authority of ICP-Brazil. Source: https://www.gov.br/iti/pt-br/acesso-a-informacao/institucional/o-iti

4 ReSP 1.192.678/PR, Third Class, DJe of 26/11/2012. Available in: https://processo.stj.jus.br/SCON/GetInteiroTeorDoAcordao?num_registro=201000836020&dt_publicacao=26/11/2012

¹ ReSP 1,495,920/DF, Third Class, DJe of 07/06/2018. Available in: https://www.stj.jus.br/websecstj/cgi/revista/REJ.cgi/ATC?seq=78697795&tipo=5&nreg=20140295%203009&SeqCgrmaSessao=&CodOrgaoJgdr=&dt=20180607&formato=PDF&salvar=false.

6 AgInt at ReSP 1,978,859/DF, Third Class, DJe from 25/05/2022. Available in: https://processo.stj.jus.br/SCON/GetInteiroTeorDoAcordao?num_registro=202104020587 &

7² Agint at AReSP 1.917.838/RJ, Fourth Class, DJe on 09/09/2022. Available in: https://www.stj.jus.br/websecstj/cgi/revista/REJ.cgi/ITA?seq=2206417&tipo=0&nreg=202102009079&SeqCgrmaSessao=&CodOrgaoJgdr=&dt=20220909&formato=PDF&salvar=false

408 AgInt at AresP 2,001,392/SP, Third Class, DJe from 27/04/2023. Available in: https://processo.stj.jus.br/SCON/GetInteiroTeorDoAcordao?num_registro=202103256751 &

* Garg HC 828.054/RN, Fifth Panel, DJe of 29/04/2024. Available in: https://scon.stj.jus.br/SCON/GetInteiroTeorDoAcordao?num_registro=202301896150&dt_publicacao=29/04/2024

¹ Garg at RHC 143.169/RJ, Fifth Panel, DJe on 02/03/2023. Available in: https://processo.stj.jus.br/SCON/GetInteiroTeorDoAcordao?num_registro=202100573956&dt_publicacao=02/03/2023

—————————————————————

‍

Gustavo Reis is a Senior Lawyer at Clicksign.