Mexico: Requirements for the preservation of data messages and digitalization of documents published in the Official Gazette for public comments

In brief

On 11 May 2021, the ''Draft Modification of the Mexican Official Standard NOM-151-SCFI-2016, Requirements to be observed for the conservation of data messages and digitalization of documents, published on 30 March 2017'' (''Project'') was published in the Official Gazette of the Federation.

The Project aims to regulate and approve the rules applicable to the communication and transmission of data messages through ''certified electronic communications.'' Electronic communications, when certified, provide evidence related to the management of the delivery and receipt of data messages made between merchants (i.e., legal entities) and between merchants and public authorities. The Project is applicable to both the public and private sectors.


Contents

Key takeaways

Main conclusions

  • The Project defines and standardizes the rules for the communication and transmission of data messages. While previous rules regulated the preservation and digitalization of correspondences, it did not cover the delivery and receipt of data messages.
  • It applies to the communication, preservation and digitalization of correspondences (e.g., contracts) of merchants, which must be done by means of a certified electronic communication.
  • A certified electronic communication, a new concept introduced in the Project, provides digital and legal security in the communication of data messages sent between merchants and between merchants and authorities.
  • Merchants will have to hire the services of a certification service provider since they will have to use a certified advanced electronic signature and include a digital time stamp in each of the data message sent and received in the relevant correspondence.
  • The Ministry of Economy through the General Directorate of Commercial Regulations is tasked with the accreditation, supervision and the monitoring for compliance with the Project.
  • While the requirements are not mandatory, data messages that do not comply with the requirements of the Project will not hold any probative/evidentiary value.

Background

Specific requirements

  • The Project sets out the minimum requirements that certified electronic communications must meet. It applies to technological solutions that allow the transmission of data messages by electronic means, between the sender and receiver, and provides evidence related to the management of the delivery and receipt of messages. In particular, the Project applies to the following:
  1. Notifications, summons, subpoenas, requirements, request for reports or documents and final administrative resolutions made by means of official letters delivered by certified mail, with acknowledgment of receipt, electronic means of communication or any other means
  2. Preservation of merchant correspondence, with respect to the delivery and receipt of data messages
  3. The delivery, receipt and acknowledgement of receipt of data messages
  • The aforementioned communications must be kept complete, confidential and available from the moment they are sent until they are received, regardless of the technological solution used (i.e., software and hardware that carries out the certified electronic communication and that must be built in accordance with the data structures for sending and receiving data messages published by the Secretariat here).
  • Requirements to satisfy integrity, confidentiality and availability:
  1. The issuer is capable of electronically signing a data message with an advanced electronic signature (AES) certified by a Certification Authority recognized in Mexico.
  2. The issuer is able to encrypt the data message by means of a cryptographic algorithm or use a cryptographic protocol, compatible with industry standards, which can be consulted at www.firmadigital.gob.mx.
  3. The receiver is able to decrypt the data message using a cryptographic algorithm. The technological solution (service) used to receive the data message must be able to (i) generate the confirmation of receipt (acknowledgement); (ii) if necessary, allow the recipient to generate an acknowledgement of receipt signed with a certified AES, which also allows verification of the validity, revocation status (OCSP and/or CRL) and signature validation of the issuer of the certificate; and (iii) incorporate a digital time stamp in the data message.
  4. The receiver is able to detect any alteration to the integrity of the data message signed with certified FEA. Specifically: it must verify validity, revocation status (OCSP and/or CRL, as the case may be) and signature validation of the certificate issuer.
  5. When the applicable legal provisions so require, the parties must reliably guarantee the identity of the parties sending and receiving the data message.
  6. When the applicable legal provisions so require, the parties shall include the time at which the data message is sent and received.

The Draft will be open for public consultation until 10 July 2021. Comments may be submitted via email to the following: diana.munoz@economia.gob.mx, consultapublica@economia.gob.mx and juan.rivera@economia.gob.mx or through the Oficialía de Partes of the Secretariat of Economy, located at Calle Pachuca, number 189, Colonia Condesa, Alcaldía Cuauhtémoc, Mexico City, C.P. 06140, telephone 57 29 91 00, extensions 43219, 43235 and 13204.

For more information about the Project, please click here.


© 2021 Baker & McKenzie. Ownership: This site (Site) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms, including Baker & McKenzie LLP). Use of this site does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All information on this Site is of general comment and for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulation and practice are subject to change. The information on this Site is not offered as legal or any other advice on any particular matter, whether it be legal, procedural or otherwise. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any information provided in this Site. Baker McKenzie, the editors and the contributing authors do not guarantee the accuracy of the contents and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the contents of this Site. Attorney Advertising: This Site may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Site may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. All rights reserved. The content of the this Site is protected under international copyright conventions. Reproduction of the content of this Site without express written authorization is strictly prohibited.