Digital certificate: what is and how to use to meet obligations with the Treasury

The use of digital certificates in procedures with Tax Authorities has increased in recent years, and this is an indispensable tool in large numbers of individuals and legal entities’ routine.

What is a digital certificate?

The digital certificate is a virtual identity linked to an entity, whether it is a legal entity, individual, machine, application, or web site, and has the function to associate it with a public key.

The digital certificate’s computer file contains a set of proprietary information, ensuring security, authenticity, reliability, and integrity in the relationship between an encryption key and an individual, legal, machine, or application.

The digital certification guarantees, under the legislation, legal and fiscal validity to the acts by using it, which may be e-commerce, signing contracts, banking transactions, filing statements to the government, issuing invoices, among others. They are transactions made virtually, that is, without the attendance of the interested party, but require clear identification of this person online.

What types of digital certificates?

There are 2 types of digital certificates:

1) A1 - This is a digital file installed on the user's computer, valid for one year.

2) A3 - This certificate depends on an external device (cryptographic medium in USB token or card), valid for one or three years. If the card is chosen (smartcard), a digital certificate reader should be coupled to use it.

What are the best-known digital certificates models?

In the accounting-tax routine the certificates usually used are:

• e-CPF: Certificate for individuals.
• e-CNPJ: Certificate for legal entities.
• NF-e: Certificate to issue electronic invoices.

Note: There are also other modalities, such as the OAB digital certificate, for practice of lawyers; and SSL, for a secure exchange of information and commerce via websites.

What are the entities authorized to issue digital certificates?

Certification Authorities (CA) issue, suspend, renew or revoke certificates, linking cryptographic key pairs to the respective owner. These entities are supervised and submitted to the National Institute of Information Technology (ITI), through the hierarchical chain called Brazilian Public Key Infrastructure (ICP-Brasil).

In what situations can we use the digital certificate?

Digital certificates have many uses. Within the accounting-tax routine, we may highlight:

• Communication with public agencies, for digital services and processes at municipal, state and federal levels;
• Signature and filing Individual’s Income Tax Statement (DIRPF), specifically with e-CPF;
• Signing and filing statements of legal entities in all levels;
• Access and filing of Social Connectivity files;
• Signing and sending files related to the Public Digital Bookkeeping System (SPD) obligations - ECD, EFD, EFD-ICMS/IPI, EFD-Contribuições, EFD-Reinf, e-Financeira, eSocial, etc.;
• Issuance of tax documents, such as: NF-e, CT-e, MDF-e, NFC-e, etc.;
• Access to the systems of the Brazil’s Central Bank, to provide information and file statements;
• Issuance and cancellation of electronic proxy at public agencies portals.

What is the responsibility attached to the digital certificate?

Despite the facilities related to the digital certificates use, it is noteworthy stress the owner’s responsibility. While the private key use authenticates a transaction or a document, it provides the non-repudiation feature to the operation, that is, the user may not deny later that transaction.

Therefore, the user must protect both their digital certificate and access password, regardless of whether the certificate is saved to the USB token, smartcard or at user's machine. The ICP-Brasil digital certificates owners are fully responsible for the acts signed with their certificates, even if third parties have signed with them.

For security measures, register electronic proxies with specific access for people who act on your behalf or your company’s (as in the Federal Revenue, FGTS and Unemployment Insurance accesses) whenever possible. Also, keep proper guard of your certificate.

In case of loss or theft, revoke have your digital certificate with CA that issued it.