In a business environment where speed and efficiency are indispensable, electronic signatures have ceased to be a technological innovation and become a fully recognized legal tool. Today, it is essential to ensure security, agility and legal validity in everyday operations.

Despite its increasingly frequent use, doubts remain about its proper implementation. This is relevant, since the legal framework recognizes the principle of functional equivalence, according to which an electronic document can fulfill the same functions as a physical one: allowing the authentication of the signer, ensuring the integrity of the content and being reproducible as a means of proof before the courts.
Under this criterion, a data message—information generated, sent or archived electronically— has the same legal value as an autographically signed paper document, provided that its accessibility is guaranteed for subsequent consultation. Understanding these scopes can make the difference between having a fully enforceable agreement or facing a legally vulnerable dispute.

I. What is an electronic signature?

An electronic signature is a set of data in electronic form that is incorporated or associated with a data message to identify the signer and show their approval of the content. It has the same legal effects as a handwritten signature and can be used as evidence in a trial.
The Commercial Code defines a data message as information generated, sent, received or archived by electronic, optical or any other technology.

II. Applicable legal framework in Mexico

The electronic signature in Mexico is regulated through various regulatory bodies that establish the criteria for its validity, evidentiary effectiveness and conservation mechanisms, including:

• Commercial Code
• Advanced Electronic Signature Act
• NOM-151-SCFI-2016
• Federal Civil Code
• Federal Tax Code

These provisions determine the technical and legal requirements for their use.

III. Simple Electronic Signature vs. Advanced Electronic Signature

The regulatory framework mainly distinguishes two categories:

1. Simple Electronic Signature
It includes any electronic identification mechanism that links the signer to a data message, without necessarily meeting the technical standards required for advanced signing.
Examples:

• Name at the end of an email
• Digitized signature as a graphic file
• PIN or PIN
• Biometrics used for identification (fingerprint, retina)
• Codes sent by SMS or mail, approval boxes, or digital traces
• Its validity depends on the principle of autonomy of the will and on the possibility of demonstrating the relationship between the user and the legal act. Its evidentiary force is lower in the face of a challenge.

2. Advanced Electronic Signature
It provides a higher level of security, allowing the identity of the signer to be verified with a high degree of certainty and to guarantee the integrity, authenticity and non-repudiation of the document. It has full legal validity in administrative and fiscal acts and in various government procedures.
It is mainly regulated by the Advanced Electronic Signature Act and Article 97 of the Commercial Code, which require the use of a digital certificate issued by an authorized provider.

IV. The Role of Certification Authorities

For the advanced electronic signature system to work properly, trusted third parties known as Certification Service Providers are involved. These entities are responsible for validating that a public key actually corresponds to a specific person.

Through this process, providers issue digital certificates that prove the identity of the signer and attest to the validity of the signing process. These certificates make it possible to reliably link the signer to the data message, providing technical and legal certainty regarding the authenticity of the electronic document.

The intervention of these third parties is a central element in ensuring the security, integrity and non-repudiation of documents signed electronically under the advanced electronic signature scheme.

V. When to use the Simple Electronic Signature?

It is suitable when:

• The legal consequences of the act are limited.
• There is a low risk of challenge or controversy.
• The process is carried out in a trusted environment (employees, returning customers, registered users).
• The economic value or the obligations generated are reduced.

I SAW. When to use the Advanced Electronic Signature?

It is recommended when:

• The act may lead to litigation or has enforceable effects.
• Relevant obligations or obligations of high economic value are generated.
• Its use is expressly required by law.
• There is no prior relationship of trust between the parties.

VII. The importance of NOM-151-SCFI-2016

The NOM-151 establishes the technical requirements for the preservation, integrity and digitization of data messages. It regulates digital sealing, safeguarding methods and the conditions that ensure that electronic documents remain authentic, intact and accessible over time.
Compliance is crucial for data messages to have evidentiary value equivalent to that of a traditional document.

VIII. Best practices for companies

To ensure the proper and secure use of electronic signatures, it is recommended:

1. Classify documents using a risk matrix, considering nature, economic value and legal consequences, to define the minimum type of signature allowed.
2. Establish internal policies that define:
   • the authorized technology or platform,
   • the repository and conservation mechanisms in accordance with NOM-151.
3. Incorporate standard contractual clauses that regulate the validity and effects of the electronic signature, as well as the platform used.
4. Appoint an internal person responsible for overseeing the correct application of policies.
5. Perform regular audits.
6. Train the parties involved, explaining the difference between a simple and advanced signature and the associated risks.
7. Privileging advanced firms in high-risk sectors, where the amounts or contractual implications are usually high.

‍