03 — Legislation
Legal framework for electronic signatures and public key infrastructure by jurisdiction. Defines when a digital signature has evidentiary value and which technical standard is required for each category.
Chapters
| File | Jurisdiction | Status |
|---|---|---|
01-brazil-mp-2200-2.kmd |
Brazil — Provisional Measure 2.200-2/2001 (ICP-Brasil) | seed |
02-brazil-law-14063.kmd |
Brazil — Law 14.063/2020 (3 levels: simple, advanced, qualified) | seed |
03-eu-eidas.kmd |
European Union — Regulation (EU) No 910/2014 and eIDAS 2 (2024) | seed |
04-us-esign-uniform.kmd |
USA — ESIGN Act 2000 + UETA + state laws | planned |
05-comparativo-internacional.kmd |
Cross-reference table: jurisdiction × levels × technical standard × mutual recognition | planned |
Why it matters for a Koder product
A digital signature ≠ a legally valid electronic signature. What counts is the legal category recognized by the jurisdiction of the signer and the recipient, and that category dictates:
- The required technical standard (ICP-Brasil, eIDAS QES, etc.)
- The permitted key custody (certified HSM, smart card, qualified cloud)
- The presence of an accredited TSP (Trust Service Provider)
- The signer identification requirements (KYC, in-person vs. remote)
A product that "just signs PDFs with OpenSSL" has legal value limited to a civil contract between parties that accept it (Art. 10 §2 MP 2.200-2). It does not replace a notarized signature.
Cross-references
02-standards/— technical formats required by the legislation05-icp-brasil/— detailed Brazilian implementation04-modelos-de-confianca/— alternative models (and their legal limitations)