Explore by category
EconomyUser experienceElectronic SignatureRisk ManagementLegal Framework Digital Onboarding RPA - AutomationDigital TransformationIdentity VerificationX TechFraud PreventionElectronic InvoiceCustomer Hub for sales

Electronic signature in Mexico: requirements, regulation and uses

Electronic signature in México blogpost header
11 June 2025·Reading time: 5 minutes.
enes
Share

Index

    icon newsletter
    Get the latest news right in your inbox

    In the era of digital transformation, Mexico has emerged as a leader in the adoption of technologies that streamline business and government processes. One of the most disruptive and fundamental tools in this new paradigm is the electronic signature. Far from being a simple digitized image of a signature, the electronic signature is a robust technological and legal mechanism that guarantees the security, integrity and authenticity of documents and transactions in the digital environment.

    In this article we will explore everything you need to know about electronic signatures in Mexico: from their definition and legal framework to the technical requirements and best practices for their implementation. We will also analyze the differences between the different types of electronic signatures, the fundamental role of Certification Service Providers (CSP) and how to comply with NOM-151 regulations to ensure the evidentiary validity and long-term preservation of digital documents.

    Try Tecalis Sign now for 2 weeks totally free of charge

    What is the electronic signature in Mexico?

    The electronic signature is a set of electronic data that accompanies or is associated with a digital document, making it possible to identify the signatory and express their consent or approval of the contents of the document. In practical terms, it replaces the traditional autographic signature in transactions carried out by electronic means.

    In Mexico, the electronic signature has become an essential element for the digitalization of processes in both the public and private sectors. Its use ranges from the signing of contracts, authorizations, informed consents, to tax, banking and administrative procedures, providing agility and legal certainty to the parties involved. Its primary function is to guarantee:

    • Authenticity: Verifies the signer's identity.
    • Integrity: Ensures that the document has not been altered after signature.
    • Non-Repudiation: Prevents the signer from later denying having made the signature.

    This means that once the electronic signature has been applied, it is possible to verify that the document has not been altered since it was signed and that it was indeed signed by the person who claims to have signed it. This signature is not necessarily a scanned image of your signature. It can take many forms:

    • A PIN code or password.
    • A click on an "I agree" button under specific conditions.
    • A biometric signature made on a touch screen.
    • A digital signature based on public key cryptography (PKI), which is the most secure and legally valid form.

    Its adoption is essential to streamline processes, reduce costs (paper, printing, shipping, storage), improve security, enable remote operations and, in short, boost the competitiveness of companies and the efficiency of public administrations in Mexico.

    The answer is a resounding yes. The electronic signature is fully legal and valid in Mexico. Its use and recognition are solidly grounded in Mexican law, mainly in the Commercial Code, the Federal Civil Code, the Tax Code, the LFEA, and supported by NOM-151-SCFI-2016, which since its reforms in 2000, grants commercial acts celebrated by electronic means the same validity as their physical counterparts.

    Article 89 of the Commercial Code provides that information generated, sent, received or filed by electronic, optical or any other technology shall be referred to as "data message". Most importantly, Article 89 bis stipulates that no legal effect, validity or binding force shall be denied to any type of information for the sole reason that it is contained in a data message.

    The Advanced Electronic Signature Law (LFEA), enacted in 2012, establishes that electronic documents and data messages with an advanced electronic signature produce the same legal effects as those signed by handwriting, granting them the same evidentiary value. This means that, as long as the legal and technical requirements are met, the electronic signature is fully valid in Mexico.

    This means that an electronically signed contract has, as a matter of principle, the same legal weight as a contract signed with pen and paper. For this to be fulfilled, the electronic signature must satisfy certain requirements that demonstrate its reliability. This is where specialized technological solutions play a crucial role.

    Tecalis' electronic signature is designed to meet and exceed all the requirements stipulated by the regulations in Mexico, ensuring that each document signed through its platform has full legal and evidentiary validity in court. This is achieved by collecting robust electronic evidence throughout the signing process, ensuring:

    • Unequivocal identification of the signatory: By means of digital certificates issued by authorized PSCs.
    • Document integrity: Ensuring that the content has not been altered after signature.
    • Non-repudiation: Preventing the signatory from later denying having signed the document.
    • Time stamping: Establishing the exact time at which the signature was made.
    • Full traceability: Recording all actions performed during the signing process.
    Woman using an electronic signature for a parcel in México

    Code of Commerce

    The legal system that governs the use of electronic signatures for private commercial or mercantile purposes such as the signing of contracts -and therefore the most relevant- is the Code of Commerce. Articles 89 to 94 of the Commercial Code establish the fundamental definitions and requirements for the use of electronic signatures in commercial transactions. The Commercial Code recognizes two main types of electronic signatures:

    Advanced Electronic Signature Law (LFEA)

    In Mexico, there is a specific law that regulates the use of this signature: the Advanced Electronic Signature Law (LFEA). Article 7 of this law establishes that the advanced electronic signature has the same effectiveness and validity as an autograph signature made by hand on paper. The LFEA was enacted in 2012 and establishes:

    • Technical requirements for the advanced electronic signature.
    • The obligations of Certification Service Providers (CSP).
    • Procedures for PSC accreditation.
    • Sanctions for non-compliance with regulations.

    Federal Civil Code

    The Federal Civil Code also recognizes the validity of electronic signatures, especially in Article 1834-bis, which establishes that when the law does not require the written form for the validity of the legal act, it may be executed through the use of electronic means.

    Sector Regulations

    Different sectors have specific regulations:

    • Financial sector: Regulated by the CNBV and Banxico.
    • Health sector: Subject to NOM-024-SSA3-2012.
    • Judicial proceedings: Regulated by the Federal Code of Civil Procedures.
    • Public Administration: Governed by the Federal Law of Administrative Procedure.

    Schedule a meeting with a Mexican electronic signature expert now

    Differences between Simple Electronic Signature and Advanced Electronic Signature

    In the Mexican legal framework, the fundamental distinction between the Simple Electronic Signature (FES) and the Advanced Electronic Signature (FEA) does not reside in their appearance, but in their level of security and the legal consequences that each one entails. While both seek to manifest consent in the digital environment, their technological construction and the legal backing they receive place them in two distinct categories. The choice between one or the other depends directly on the level of certainty and risk that the parties are willing to assume in a transaction.

    The first major difference is in the method of linking to the signer. The Simple Electronic Signature identifies a person in a contextual manner, using data such as an e-mail address, an IP address or the click on an acceptance box. In contrast, the Advanced Electronic Signature is linked to the identity of a person in a univocal and previously verified way, by means of a digital certificate issued by an authority that reliably verified the identity of the holder, as the SAT does with the electronic signature.

    Another key difference lies in the guarantee of integrity and non-repudiation. The security of a Simple Signature depends on external evidence that the document was not altered after signing. The Advanced Signature, on the other hand, integrates this security in itself. Thanks to public key cryptography, it seals the document in such a way that any subsequent modification is detectable, and ensures that the signer cannot deny its authorship, giving it an intrinsic technical robustness.

    Perhaps the most critical divergence from a legal perspective is the reversal of the burden of proof. In the event of a dispute over a document signed with a Simple Signature, the submitting party must prove that the signature is valid and attributable to the correct person. With the Advanced Electronic Signature, the opposite is true: the law presumes that the signature is valid. Therefore, it is the signatory who would have to prove that he did not sign or that his certificate was breached, a considerably more difficult task.

    As a consequence of these differences, the probative value of each signature is different. The Simple Signature is perfectly valid for low-risk agreements, but its strength in a trial depends on the quality of the evidence surrounding it. On the other hand, the Advanced Signature enjoys the maximum legal validity, being legally equivalent to a handwritten signature. This makes it the indispensable option for high-value contracts, government procedures and any act that requires an indisputable level of certainty.

    Discover the functionalities and use cases of the Tecalis electronic signature

    The role of the accredited Certification Service Providers (CSP)

    In order for the electronic signature ecosystem in Mexico to function with confidence and security, there are specialized entities known as Certification Service Providers (PSC) or QTSP. A CSP is a legal entity, public or private, that is accredited by the Ministry of Economy to issue digital certificates and provide other services related to electronic signatures.

    The main functions of a PSC are:

    • Issuance of Digital Certificates: Verify the identity of an individual or legal entity and issue a digital certificate that links that identity to a pair of cryptographic keys. This certificate is the basis for creating an Advanced Electronic Signature.
    • Timestamping: They provide a digital timestamp, which is a cryptographic evidence that proves that a data set (a document) existed at a certain point in time and has not been modified since then. This is crucial for integrity and non-repudiation.
    • Data Message Storage: They offer services for the secure, long-term storage of signed electronic documents, complying with regulations such as NOM-151.
    • Signature Validation: They allow verifying the validity of a certificate and an electronic signature at any time.

    Using a PSC accredited by the Ministry of Economy adds an invaluable layer of legal and technical certainty to any electronic transaction, ensuring that processes meet the highest standards required by Mexican regulations.

    Compliance with NOM-151 for evidentiary validity and long-term conservation

    One of the key standards of the Mexican regulatory framework is the Mexican Official Standard NOM-151-SCFI-2016. This standard establishes the requirements to be observed for the preservation of data messages and the digitization of paper documents. Its main objective is to ensure the integrity of an electronic document over time. How does it achieve this? Through the issuance of a Preservation Certificate.

    When a document is electronically signed, it can be sent to an accredited PSC. The PSC generates a cryptographic summary (hash) of the document and seals it with its own signature and a time stamp. The result is a "Proof of Preservation" that functions as a "digital notary of time". This certificate certifies two fundamental things:

    • That the electronic document existed on the exact date and time that the record was issued.
    • That the document has not undergone any alteration since that time.

    NOM-151 is crucial for long-term evidentiary validity. A contract signed today may be presented in litigation five years from now. Without compliance with NOM-151, it would be difficult to prove that the digital file was not modified in that time. With a Certificate of Preservation issued by a PSC, you have an irrefutable proof of its integrity, which shields the document against any challenge to its authenticity over time.

    People using the electronic signature in a business in México

    Digital identity protected under RENAPO and CURP rules.

    The unequivocal verification of the signer's identity is the first and most crucial step to issue a valid digital certificate and, therefore, to create an advanced electronic signature with full legal validity. In Mexico, this verification relies heavily on state systems:

    RENAPO (National Population Registry)

    It is the institution in charge of registering and accrediting the identity and vital facts (birth, marriage, death) of all Mexicans and residents in the country. It is the official and most reliable source of identity data. How do CSPs use it? Accredited CSPs are required (and authorized) to query and validate the data provided by the digital certificate applicant against the RENAPO databases. This includes verifying:

    • Full name.
    • Date of birth.
    • Place of birth.
    • Nationality.
    • Photograph (biometric comparison).
    • Validity of the identity document (INE/IFE).

    This validation against RENAPO is essential to prevent identity theft and to guarantee that the natural person requesting the certificate is who he/she claims to be.

    CURP (Unique Population Registry Number)

    It is a unique and unrepeatable alphanumeric code that is assigned to all persons living in the national territory and to Mexicans residing abroad. It functions as a universal identifier. How do the PSCs use it? The CURP is an essential piece of information in the verification process:

    • Unique Identifier: Allows to disambiguate persons with similar names and accurately link the data verified in RENAPO with the digital certificate.
    • Cross Validation: The CURP contains information (first letters of paternal, maternal and first name, date of birth, sex, state of birth) that can be cross-checked with the data provided and those obtained from RENAPO to ensure consistency.
    • Mandatory Requirement: Obtaining the CURP is an indispensable prerequisite for an individual to obtain a digital certificate for FEA. For legal entities, there is the Cédula de Identificación Fiscal (CIF), although the CURP of the legal representatives is also relevant.

    Download this free PDF and discover how to choose an electronic signature solution

    Tags
    Electronic SignatureLegal Framework
    Newsletter icon

    Get the latest news right in your inbox

    Ft
    aifintech
    regtech
    etica
    techbehemoths
    finnovating
    ecija

    Trust, identity and automation services

    Tecalis creates disruptive digital product to make the most innovative companies grow and evolve. We drive growth and digital transformation processes to bring the future to businesses today.
    Identity

    KYC (Know Your Customer) Video Identity Verification, Digital Onboarding and Authentication (MFA/2FA) solutions and services enable our customers to provide their users with an agile and secure experience.

    Our RPA (Robot Process Automation) software enables the creation of sustainable, scalable, productive and efficient business models through BPM (Business Process Management), allowing unlimited growth.

    Digitization

    Advanced and Qualified Electronic Signature and Certified Communication services (Electronic Burofax) allow customer acquisition, contracting and acceptance processes that used to take days or weeks to be completed and approved in minutes or seconds.

    Customer Onboarding (eKYC), Digital Signature (eSignature) services and Automated Fraud Prevention are making it possible for companies to operate online and without borders.

    Trust

    As an EU-certified Trust Services Provider and an established RegTech partner, we help organizations comply with the most demanding regulatory standards in their sector and region, including AML (Anti-Money Laundering), eIDAS (Electronic IDentification, Authentication and etrust Services), GDPR (General Data Protection Regulation), SCA (Strong Customer Authentication) or PSD2 (Payment Services Directive) regulations thanks to Tecalis Anti-Fraud Controls and Document Verification.

    Union europea
    Union europea