Page 1

Search Silep ...

CONTENTS

Sorted Text

Share on:

Law history

Original

view PDF

DATA FROM THE OFFICIAL GAZETTE OF THE PLURINATIONAL STATE OF BOLIVIA
Law Number: 1793

Promulgation Date: 11/13/2013

Promulgated by: EVO MORALES AYMA

Gazette Number: Pages: 5 - 44

Title: SUPREME DECREE 1793

Status: Current

SUPREME DECREE N ° 1793
EVO MORALES AYMA
CONSTITUTIONAL PRESIDENT OF THE PLURINATIONAL STATE OF BOLIVIA
CONSIDERING:
That Paragraph II of Article 103 of the Political Constitution of the State, determines that the State will assume as policy the
implementation of strategies to incorporate knowledge and application of new information and communication technologies.
That numeral 1 of Paragraph I of Article 85 of Law No. 031, of July 19, 2010, Framework of Autonomies and
Decentralization "Andrés Ibáñez" establishes the formulation and approval of the general regime and the communications and telecommunications policies
of the country, including electromagnetic frequencies, fixed and mobile telephone services, radio broadcasting, internet access and others
Information and Communication Technologies - ICT, is an exclusive competence of the central level of the State.
That numerals 2 and 5 of Article 2 of Law No. 164, of August 8, 2011, General of Telecommunications, Technologies of
Information and Communication, have as objectives to ensure the exercise of the right to universal and equitable access to services of
telecommunications, information and communication technologies; and promote the use of information and communication technologies to
improve the living conditions of Bolivian women and men.
That Article 71 of Law No. 164, declares the promotion of the use of information and technology technologies a national priority.
communication to ensure that all Bolivians live well.
That the Sixth Transitory Provision of Law No. 164, indicates that all the aspects that are required for the application of the
The aforementioned Law will be regulated by the Executive Branch and regulated by the Telecommunications Regulation and Supervision Authority.
and Transportation.
That the Ninth Transitory Provision of Law No. 164 establishes that the Supervision and Social Control authority of
Telecommunications and Transportation - ATT will hereinafter be called the Telecommunications Regulation and Supervision Authority and
Transport - ATI and will assume the attributions, competences, rights and obligations regarding telecommunications and technologies of
information and communication, transportation and the postal service, under the supervision of the Ministry of Public Works, Services and Housing.
That ICTs have become essential means for the social, cultural, economic and political development of peoples. On
By virtue of which, the Executive Branch has proceeded to the agreement for the Regulation of Law No. 164 for the Development of Technologies
of Information and Communication, in which process contributions and proposals for this Supreme Decree were collected.
ON THE COUNCIL OF MINISTERS,
DECREE:
SOLE ARTICLE.I.

The Regulation to Law No. 164, of August 8, 2011, for the Development of Information Technologies and
Communication, which in Annex forms an integral part of this Supreme Decree.

II.

All the complementary aspects referred to the digital signature and certificate as well as the certifying entities, which
are required for the application of this Regulation will be established by Ministerial Resolution by the
Ministry of Public Works, Services and Housing.
TRANSITORY DISPOSITIONS
TRANSITIONAL PROVISION FIRST.- The Authority for the Regulation and Supervision of Telecommunications and

Transport - ATT, within a period not exceeding:

a) Eight (8) months from the publication of this Supreme Decree, will prepare and approve the technical standards
and other guidelines established for the operation of the certifying entities;
b) Six (6) months from the approval of the technical standards, you must implement the infrastructure and
Internal procedures necessary for the application of the digital signature and certification as a Root Certifier.
SECOND TRANSITORY PROVISION.- The Agency for the Development of the Information Society in Bolivia ADSIB, within a period no longer than:

a) Six (6) months from the approval of the technical standards, you must implement the infrastructure and
internal procedures necessary for the application of the digital signature and certification as a Certifying entity
Public;
b) Six (6) months from the publication of this Supreme Decree, you must implement the State Repository of
Free Software for applications developed in the state sector.
THIRD TRANSITIONAL PROVISION.- All public entities at all levels within a period no longer than:

to)

Six (6) months from the implementation of the State Free Software Repository, you have the obligation to
register applications developed directly or through third parties in the repository after evaluation and
validation by the ADSIB;

b)

Six (6) months from the approval of the free software implementation plan, they will start the migration of their
computer systems to Free Software and Open Standards.

FOURTH TRANSITORY PROVISION.- Within a period of no more than eighteen (18) months from the publication of the
present Supreme Decree, the Ministry of Development Planning, in coordination with the Ministry of Public Works, Services
and Housing through the Vice Ministry of Telecommunications and ADSIB, will prepare the Government Implementation Plan
Electronic and the Free Software and Open Standards Implementation Plan that will be approved by Supreme Decree.

FIFTH TRANSITORY PROVISION.- The maximum term for the migration of the systems of public entities to
Free Software and Open Standards will be seven (7) years from the start of the migration.

TRANSITIONAL PROVISION SIX.- The provisions of Article 23 of the Regulation for the Development of Technologies
Information and Communication, will be effective as of the approval of the Free Software and Standards Implementation Plan
Open.
ABROGATORY AND REPEAL PROVISIONS
All provisions contrary to this Supreme Decree are abrogated and repealed.

FINAL PROVISIONS
FINAL PROVISION FIRST.- The second paragraph of Article 101 of the Regulations to the General Law of
Customs, approved by Supreme Decree No. 25870 of August 11, 2000, modified by Paragraph II of Supreme Decree No.
0784 of February 2, 2011, with the following text:

"The National Customs through Board Resolution will regulate the use of the digital signature in the subscription and
presentation of the goods declaration or other documents. "
FINAL PROVISION TWO.— As long as ADSIB is established as a Certifying entity, public entities
They may choose a Foreign Certifier for the use of digital Certification services.

The Ministers of State in the Offices of Development Planning, Public Works, Services and Housing,
are in charge of the execution and fulfillment of this Supreme Decree.
It is given in the Government Palace of the city of La Paz, on the thirteenth day of the month of November of the year two thousand and thirteen.
FDO. EVO MORALES AYMA , Juan Ramón Quintana Taborga MINISTER OF THE PRESIDENCY AND INTERIM OF RELATIONS
EXTERIORES, Carlos Gustavo Romero Bonifaz, Rubén Aldo Saavedra Soto, Elba Viviana Caro Hinojosa, Luis Alberto Arce Catacora, Juan
José Hernando Sosa Soruco, Ana Teresa Morales Olivera, Arturo Vladimir Sánchez Escobar, Mario Virreira Iporre, Cecilia Luisa Ayllon
Quinteros, Juan Carlos Calvimontes Camargo MINISTER OF HEALTH AND SPORTS AND INTERIM OF LABOR, EMPLOYMENT AND PREVISION
SOCIAL, José Antonio Zamora Gutiérrez, Roberto Iván Aguilar Gómez, Nemesia Achacollo Tola, Claudia Stacy Peña Claros, Nardy Suxo
Iturry, Pablo Cesar Groux Canedo, Amanda Dávila Torres.

REGULATION FOR DEVELOPMENT
OF INFORMATION AND COMMUNICATION TECHNOLOGIES
TITLE I
GENERAL DISPOSITION
CHAPTER I
GENERAL FEATURES
ARTICLE I.- (PURPOSE). Regulate the access, use and development of Information and Communication Technologies - ICT, in
the framework of Title IV of Law No. 164, of August 8, 2011, General of Telecommunications, Information Technologies and
Communication.
ARTICLE 2.- (SCOPE OF APPLICATION). This Regulation shall apply to natural or legal persons, public or
private companies that carry out activities or provide services related to digital certification, electronic government, free software, mail
and the use of digital documents and signatures in the Plurinational State of Bolivia.
ARTICLE 3.- (DEFINITIONS). In addition to the technical definitions established in Law No. 164, for compliance with the
these Regulations, the following definitions are adopted:
I.

Regarding the development of content and applications.
a) Digital content.- Digitized information generated under any mode or form of expression that can be distributed
by any electronic means and is part of a message that the transfer or support system does not examine or modify,
except for conversion during transportation thereof;
b)

Development of digital content : It is the creativity, design and production of digital content to obtain
purpose-built digital products and applications;

c) Digital applications : Modular, specific and interactive user or multi-user software programs used
on platforms for the provision of digital services in general or terminal equipment intended for communications
personal, educational, productive or entertainment purposes, among others.
II.

Regarding free software.
a) Program or software : Any finite sequence of instructions used by a digital processing device of
data to carry out a specific task or solve a certain problem, including all dependencies
necessary for its full operation;
b) Source code or source program : Complete set of instructions and original digital files, legible for the
human being, as written by the programmer, in a specific programming language plus all files
digital support, such as data tables, images, specifications, documentation and any other element that is
necessary to produce the executable program from them;
c) Free Software: Software licensed by its author under an open source code license, in a way that allows the
user the exercise of the following freedoms:
- Run the software, for any purpose, without any restriction:
- Study how the software works and modify it so that it fulfills a certain purpose, through access to the
source code of the same and all the components that make its operation possible. Access to the source code is
a necessary and essential condition;
- Redistribute copies of the software:
- Distribute copies of the modified versions to third parties. Access to the source code is a necessary condition and
essential.
d) Proprietary software or proprietary software : Any software that does not comply partially or totally with any of the
Conditions mentioned for free software are considered for the purposes of these Regulations. software
owner;
e) Open standard : It is a technical specification or standardized protocol;
- Whose technical specifications, complete and coherent, are subject to a full public evaluation can be
use without restrictions and is available equally to all users and / or parties at no cost to use;
-

That you do not need any additional components or extensions that have dependencies with formats or protocols that
do not meet the definition of an Open Standard;

-

That it is free of legal or technical clauses that limit or restrict its use by any user and / or part or
in any business model;

- Which is managed and can be developed independently by any organization in a process open to
the equitable and inclusive participation of competitors, users, specialists in the area of ​application and third parties;
- That it is available in at least one complete implementation, whose documentation and technical specification is
available for all parties with a degree of detail sufficient for a correct and quality development.
f) State repository of free software : It is the computer system that contains free systems and applications
developed by or for the State, directly or through third parties.
III.

Regarding digital signatures and certificates.
a) Authentication : Technical verification process by which the identity of the signer is guaranteed in an electronic message
data or digital document containing digital signature;
b) Private key : Set of alphanumeric characters generated by an encryption system that contains unique data
that the signatory uses in the generation of an electronic or digital signature on an electronic data message or
digital document;
c) Public key : Set of characters of public knowledge, generated by the same encryption system of the key
private; it contains unique data that allows to verify the digital signature of the signer in the Digital Certificate;
d) Electronic signature : It is the set of electronic data integrated, linked or logically associated with other data
electronic, used by the signatory as their means of identification, which lacks any of the legal requirements for
be considered a digital signature;
e) National digital certification infrastructure : It is the set of norms, technological standards, procedures,
equipment, networks, databases and computer programs and encryption devices, prepared for the generation,
storage and publication of the status, validity and validity of the digital certificates recognized by the entities
certifiers;
f) Electronic data message : It is all information of text, image, voice, video and digitally encoded data, created,
generated, processed, sent, received, communicated or filed by electronic means, which can be exchanged for
any electronic communication system;
g) Signatory : It is the owner of a digital signature that uses it under its exclusive control and is backed by a certificate
digital provided by authorized certifying entities.

IV.

Regarding the treatment of personal data.
a) Personal data : For the purposes of this Regulation, personal data is understood to be all information
concerning a natural or legal person that identifies or makes it identifiable;
b) Authorization : Prior, express and informed consent of the owner to carry out the processing of personal data
by an Authorized Certifying Entity;
c)

Treatment of personal data : It is any operation or set of operations on personal data such
such as collection, storage, use, circulation or deletion.

V.

Regarding email.
to)

Commercial email : Any message, file, data or other electronic information, sent by any means
electronic for the purpose of disseminating, offering and advertising goods or services;

b) Junk email : Any message, file, data or other information sent periodically, by any
Electronic means addressed to a recipient with whom the issuer has no relationship whatsoever and is sent without their consent.
SAW.

Regarding computer security.
to)

Computer security : It is the set of standards, procedures and tools, which focus on the protection
of the computational infrastructure and everything related to it and, especially, the contained or circulating information;

b)

Information security: information security is the preservation of confidentiality, integrity and
information availability; in addition, other properties such as authenticity may also be involved,
responsibility, non-repudiation and reliability;

c) Contingency plan : It is an instrument that includes methods and the set of actions for the good governance of the
Information and Communication Technologies in the domain of support and performance, contains technical measures,
human and organizational necessary to guarantee the continuity of the service and the operations of an entity, in
risk circumstances, crises and other anomalous situations.
VII.

Regarding sovereignty.
to)

Technological dependence : It is the condition to which users are subjected, be they natural or legal persons,
states or nations, companies, companies, nations or states that develop, distribute or sell technology, by
deny access to knowledge of the contents, procedures, techniques and processes necessary for the use, development and
distribution of the same through licenses, patents, practical restrictions, legal restrictions and others; so that
Users are restricted from the possibility of controlling, auditing, using, modifying or developing said technology:

b)

Technological sovereignty : It is the possession of control by a nation and / or state over the technology it uses. I know
characterized by access to knowledge about the content and the procedures, processes and techniques necessary for the
development and use of said technology, the same that allows you to audit, improve, develop, modify and adjust to your
specific needs, without the intervention or specific authorization of third parties; so that the
total independence regarding the control of the technology used by said nation or state with respect to companies,
companies, people, nations or states;

c)

Decolonization of technological and informational knowledge: It is the social and scientific process that allows breaking
the ties of technological and informational dependence of a nation and / or state with respect to third parties,
companies, nations or states and develop their own knowledge and technology, according to their needs, challenges and
characteristics, starting from the dialogue between local and universal knowledge available. It is a process of
cultural, knowledge and technology exchange with other societies, nations and / or states willing to share their
own developments and internalize external ones, respecting the right of others to know the contents and
procedures, processes and techniques necessary for the development and use of technologies in general and technologies
of information and communication in particular. The decolonization of technological and informational knowledge is
directly related to the development of scientific and institutional capacities to guarantee the management and
sovereign use of natural resources and economic development of the Plurinational State of Bolivia in the
construction of living well.

VIII .

Regarding electronic commerce.
to)

Data message : The information generated, sent, received or filed or communicated by electronic, optical means
or similar, such as, among others, electronic data interchange - EDI, email, telegram,
telex or telefax;

b)

Electronic data exchange: The electronic transmission of information from one computer to another, being
structured the information according to some technical standard agreed for this purpose;

c)

Initiator of a data message : Any person who, according to the message, has acted on their own behalf or on whose behalf
action has been taken to send or generate that message before being archived, except for the one that I acted as
intermediary;

d)

Recipient of a data message : The person designated by the initiator to receive the message, except that
that I act as an intermediary;

and)

Intermediary : Any person who, acting on behalf of another, sends, receives or files a data message or lends any
other service regarding him;

f) Information system: Any system used to generate, send, receive, file or process in any other way
data messages.
ARTICLE 4.- (PRINCIPLES).
I.

Digital Documents.- Electronic documents and messages both with digital signature will be governed by the following
beginning:
a) Authenticity : The information of the digital document and its digital signature if they correspond to the person who signed. Is
It is an intrinsic characteristic of the digital signature, where the author of the message is credited, since it allows
verify the identity of the issuer of a digital document;
b) Integrity : Unique characteristic of the electronic data message or digital document both with digital signature, which indicates
that they have not been altered in the transmission process from their creation by the issuer to the
reception by the recipient;
c) Non-repudiation : It is the guarantee that an electronic data message or a digital document both digitally signed, does not
may be denied in their authorship and content.

II.

Processing of personal data : The digital certification services regarding the processing of personal data will be governed
by the following principles:
a) Purpose : The use and processing of personal data by authorized certifying entities must
obey a legitimate purpose, which must be prior knowledge of the owner;
b) Veracity : The information subject to treatment must be truthful, complete, precise, updated, verifiable, intelligible,
the processing of incomplete or misleading data is prohibited;
c) Transparency : The right of the holder to obtain from the authorized certifying entity, in any
moment and without impediment information related to the existence of the data that concern you:
d)

Security : The technical and administrative controls that are required to preserve the
confidentiality, integrity, availability, authenticity, non-repudiation and reliability of information, providing security to
the records, avoiding their falsification, loss, use and unauthorized or fraudulent access;

and)

Confidentiality : All the people involved and who intervene in the processing of personal data, are
obliged to guarantee the reservation of the information, even after the end of its link with any of the
activities that comprise the treatment, being able only to carry out the supply or communication of personal data
when this corresponds to the development of the authorized tasks.

III.

Digital content: Digital content is governed by the following principles:
to)

Practical : Provide practical and realistic information;

b) Accessible : Availability and exchange of information at all times;
c) Contextualized : They must be in accordance with the socio-economic, cultural and linguistic circumstances of the users;
d) Legible : Your writing must be concise, without ambiguities, redundancies or inaccuracies;
e) Exemplary : They must contain paradigmatic situations, have examples, case studies and authentic scenarios and
relevant.
IV.

Software: The software to be used by public entities must be governed by the following principles:
a) Technological sovereignty : It must allow the Plurinational State of Bolivia to exercise full control over the applications
computer systems or software used, ensuring the technological independence of the country and the computer security of the State:

b) Computer security of the source code : It must allow the Plurinational State of Bolivia the possibility of auditing,
know and modify the source code of the same without requiring any type of authorization, to obtain the behavior
desired by them and no other not consented or required, safeguarding security, independence and sovereignty
technology of Bolivia;
c) Decolonization of technological knowledge : It must allow the Plurinational State of Bolivia to break the ties of
technological and informational dependence with respect to third parties, guaranteeing technological sovereignty and security
computing; and advance in the process of developing scientific and institutional capacities that allow the development of
the national economy in the construction of living well.
CHAPTER II
CONTENT AND APPLICATION DEVELOPMENT
ARTICLE 5.- (DEVELOPMENT OF CONTENT AND ICT APPLICATIONS).
I.

The State will promote as a priority the development of ICT content and applications and services in free software,
using open standards and ensuring information security in the following areas:
a) In education, through virtual learning, training and research platforms and services in all

educational and academic levels.
b) In health, through virtual platforms of information, attention and services to the population that attends the different
health centers ensuring the credibility of the data used by the sector and promoting remote medical assistance;
c) In government management, through the implementation of electronic government promoting transparency and
training of human resources to guarantee the efficiency of the implanted systems;
d) In production, through virtual platforms for information, marketing and other services, promoting among
others, the construction of productive virtual communities as engines of ICT development for the industry in the
country;
e) In communication and information, through virtual platforms promoting the creation of spaces for socialization,
ICT awareness and evaluation in the Plurinational State of Bolivia.
II.

Content development must consider the following aspects:
a) Development of accessible and user-friendly content by the population and the use of widely understood terms
and of common use;
b) The use of Spanish, and other official languages ​recognized in the Political Constitution of the State, in order to contribute to the
preservation and dissemination of the different languages ​existing in the Plurinational State of Bolivia;
c)

Content of a social and culturally appropriate nature in relation to the values ​and principles related to the
construction of the Plurinational State of Bolivia. decolonization, de-patriarchalization and living well:

d) The generation and use of educational and cultural content appropriate to the local reality:
e) The articulation of opportunities for technological convergence based on traditional and new ICT media
for the generation and dissemination of content.
ARTICLE 6.- (DEI OBJECTIVES, DEVELOPMENT OF DIGITAL CONTENT). The development, design and innovation of
digital content will minimally have the following objectives:
a) Give support to ICT in the priority attention to demands in the areas of education. Health, government management, in
productive and communication and information:
b) Take advantage of the set of ICT resources and technological convergence in the formation of the society of the
knowledge and information:
c) To train and train in digital content and its use on the Internet or in management platforms of Technologies of
Information - IT;
d) Promote the cultural identity of native peoples, their ancestral territories, uses and customs; for welfare; the
development, security and protection and equal dignity of individuals, nations, peoples and communities and
promote mutual respect and intercultural, intercultural and multilingual dialogue:
e) Contribute to the generation of accessible content and easy to use by the population in the use of terms of
wide understanding of common use, using as far as possible the official languages ​recognized in the Political Constitution of the
State in order to contribute to its preservation and dissemination:
f) Include socially and culturally appropriate content in relation to the values ​and principles framed in the construction of the
Plurinational State of Bolivia, decolonization, de-patriarchalization and living well, promoting national sovereignty
in the generation, dissemination and replication of national and local content:
g) Promote research studies, identification and analysis of supply and demand on digital content with the
sector agents;
h) Encourage the creation of companies and business models that contribute to the economic development of Bolivia,
framed in the plural economy defined by the Political Constitution of the State;
i) Contribute to a greater transit of digital traffic, national in data communications, in communications services
voice, internet, use of content and applications and value-added digital services;
j) Promote the right to privacy of user information:
k) Deepen the process of decolonization of knowledge;
l) Advance towards the technological sovereignty of the Plurinational State of Bolivia:
m) Strengthen computer security in the Plurinational State of Bolivia
ARTICLE 7.- (DEVELOPMENT OF DIGITAL APPLICATIONS ). The development of digital applications by the
Public entities will prioritize the use of free software tools and platforms, which should allow users to:
communicate with each other, carry out procedures, entertain themselves, orient themselves, learn, work. get informed, activate services in the public networks of
communications and carry out a series of tasks in a practical way and from one or more types of terminal equipment, a process for which
They will frame the use of Open Standards, so that the contents are democratized and accessible to users.
ARTICLE 8.- (CONTINGENCY PLAN) . Public entities will promote computer security for the protection of
data in their computer systems, through contingency plans developed and implemented in each entity.

TITLE II
PLURINATIONAL COMMITTEE AND
SECTOR COUNCIL
CHAPTER I
PLURINATIONAL TECHNOLOGIES COMMITTEE
INFORMATION AND COMMUNICATION - COPLUTIC
ARTICLE 9.- (CONFORMATION) .I.

THE COPLUTIC will be made up of:
a) One (1) representative of the Ministry of Public Works, Services and Housing that presides over it;
b) One (1) representative of the Ministry of Development Planning;
c) One (1) representative of the Ministry of Communication;
d) One (1) representative of the Ministry of Education;
e) One (1) representative of the Agency for the Development of the Information Society in Bolivia - ADSIB.

II.

Representatives must have a minimum rank of Director, be appointed by their Highest Executive Authority through the
corresponding legal instrument and will not receive any remuneration or allowance for the exercise of the functions of the
Committee.

III.

Within the framework of the right to participation and social control established in Article 30 of the Political Constitution of the State and the
Law No. 341, of February 5, 2013, on Participation and Social Control, COPLUTIC will periodically convene organizations
of civil society.

SAW.

The COPLUTIC, is framed in the concepts and principles of the decolonization of knowledge, computer security,
technological sovereignty of the Plurinational State of Bolivia and the use of free software and open standards.
ARTICLE 10.- (FUNCTIONS OF THE COPLUTIC). The following are functions of the COPLUTIC:
a) Propose to the Executive Branch of the central level national development plans that allow guaranteeing universal access
of all Bolivians and Bolivians to information and communication technologies, in order to promote their use,
supporting the growth of national development and increased productivity and competitiveness of the country:
b)

Coordinate the projects and lines of action among all the actors involved, regarding the penetration, use and
behavior of information and communication technologies:

c) Propose training, awareness and socialization programs in the use and exploitation of ICT;
d)

Define the mechanisms of execution and follow-up of the results for the good fulfillment and benefit of the
information and communication technologies and access to knowledge in the socio-economic environment of the State
Plurinational of Bolivia;

e) Propose lines of action for computer security;
F)

Generate policies conducive to achieving technological sovereignty, information security and decolonization of the
knowledge in the ICT area;

g) Promote the production of national content, according to the needs of Bolivian society and organizations,
peasant native indigenous nations and peoples recognized in the Political Constitution of the State;
h) Promote the adaptation and appropriation by Bolivian society of technologies, knowledge and knowledge
related to ICT.
i)

Promote the provision of tools to social organizations, nations and rural native indigenous peoples
ICT that allow them to form communities and networks of cultural exchange and knowledge for the development and
technological deployment of the cultures recognized by the Political Constitution of the State:

j) Promote a cultural and technological paradigm alternative to the capitalist one, based on community principles and values,
of cultural exchange and knowledge for the development of peoples.
k) Propose adequate standards for the protection and defense of users of media, messages and computer resources;
l) The sectoral proposals of COPLUTIC must be submitted to the consideration of the entities that comprise it, for the
appropriation by the competent ministries or ministries.
ARTICLE 11.- (PARTICIPATION).
I.

The members of COPLUTIC, when they determine it, may require the participation of institutions or public entities or
private, depending on the specific topic to be covered.

II.

The COPLUTIC may have, when required, the participation of other experts, who will provide
specialized technical advice regarding the topics discussed as a recommendation.
ARTICLE 12.- (COPLUTIC MEETINGS).

I.

The meetings will be called by the Chairman of the Committee and will be held at their facilities or at any other place.
that is established in advance.

II.

The meetings may be ordinary or extraordinary. The ordinary will be held quarterly and the extraordinary
as many times as necessary.

III.

Meetings will be held when at least three (3) of its members attend; the decision will be made by majority
simple, in the event of a tie, the presiding member will have a casting vote.

SAW.

The Chairman of the Committee will designate the Recording Secretary.
CHAPTER II
SECTORIAL TELECOMMUNICATIONS COUNCIL
AND TECHNOLOGIES OF. INFORMATION AND COMMUNICATION - COSTETIC
ARTICLE 13.- (CONFORMATION).

I.

The COSTETIC will be made up of:
a) One (1) representative or competent authority of the sector of each departmental association of municipalities:
b) One (1) representative of the Ministry of Development Planning:
c) One (1) representative of the Ministry of Economy and Public Finance:
d) One (1) representative of the Ministry of Communication:
e) One (1) representative of the Vice Ministry of Telecommunications;
f) One (1) representative of the Telecommunications and Transport Regulation and Supervision Authority ATT as
as a technical advisor, with the right to speak and not to vote.

II.

Within the framework of the right to participation and social control established in Article 30 of the Political Constitution of the State and the
Law No. 341, COSTETIC will periodically convene civil society organizations.

III.

The COSTETIC, is framed in the concepts and principles of the decolonization of knowledge, computer security,
technological sovereignty of the Plurinational State of Bolivia and the use of open standards.

ARTICLE 14.- (FUNCTIONS OF THE COSTETIC) .- The COSTETIC, within the framework of Article 74 of Law No. 164, has as
main functions the following:
a) Propose and coordinate necessary mechanisms to promote access, use and social appropriation of the technologies of
Information and communication;
b) Coordinate and arrange the deployment and use of the technological infrastructure;
c) Propose and arrange services and applications of information and communication technologies in the areas of education,
health, government management, production, communication and information at their respective levels of government.

ARTICLE 15.- (MEETINGS).
I.

The COSTETIC meetings will be called by the President of the Council on his initiative or at the request of one of his
members.

II.

Depending on the need for coordination of sectorial issues and projects and their territorial concern, a (1)
representative or competent authority of each Departmental Autonomous Government, one (1) representative of each association
department of municipalities or social organizations for their participation in the meetings.

III.

The President of COSTETIC will appoint the Recording Secretary.
TITLE III
ELECTRONIC GOVERNMENT AND FREE SOFTWARE
CHAPTER I
ELECTRONIC GOVERNMENT
ARTICLE 16.- (ELECTRONIC GOVERNMENT IMPLEMENTATION PLAN).

Page 2

I.

The Ministry of Development Planning, in coordination with the Ministry of Public Works, Services and Housing through
of the Vice Ministry of Telecommunications, and the ADSIB, is the body responsible for preparing, promoting, managing, articulating the
Electronic Government Implementation Plan in the Plurinational State of Bolivia, as well as its permanent updating.

II.

The implementation of the Electronic Government Implementation Plan will be in charge of the public entities of the State.

III.

The follow-up to the execution of the Electronic Government Implementation Plan will be in charge of the ADSIB in coordination
with each entity of the public administration of the State.
ARTICLE 17.- (OBJECTIVE OF THE ELECTRONIC GOVERNMENT).

I.

Modernize and make public management transparent, providing quality services and care to citizens, guaranteeing the right
information, as well as contributing to the efficiency and effectiveness of administrative acts in internal government processes,
through the use of information and communication technologies and other tools.

II.

Generate technological mechanisms for participation and social control, through the use of ICT by citizens,
social organizations and peasant native indigenous peoples and nations.
ARTICLE 18.- (IMPLEMENTATION PLAN GUIDELINES) .- The Electronic Government Implementation Plan

should consider minimally the following guidelines:
a) Provide the general population with the right to access, participate and interact efficiently and transparently with
public entities by electronic means, ensuring credibility and trust in government online;
b) Strengthen the protection of information, content and digital applications of the general population, who access the
provision of online services;
c) Establish the appropriate technological conditions so that the general population can access and communicate with
public entities and make use of the services provided by them, under conditions of equality,
Regardless of the hardware or software used, the network infrastructure, the language and the geographical location;
d) Propose mechanisms to achieve efficiency in the use of technological resources of public entities in addition to
the interoperability of information systems and government services developed by each of them, to
through the application and use of open standards;
e) Promote collaboration mechanisms to generate integration between the different public entities that enable
expand and improve the joint development of online government solutions and services, allowing effective management and
vocation of service to the public;
f) Promote the training and education of human resources in order to contribute to the use and exploitation of
different electronic government systems and applications in order to achieve their efficiency;
g)

Promote access to public information through computer systems that allow citizens,
social organizations and peasant native indigenous peoples and nations exercise the rights to participation and
social control established in the Political Constitution of the State and Law No. 341;

h) Strengthen the participation mechanisms of citizens, social organizations and indigenous peoples and nations
peasant origin in the elaboration of public policies, through the use of ICT.
CHAPTER II
FREE SOFTWARE AND OPEN STANDARDS

ARTICLE 19.- (FREE SOFTWARE IMPLEMENTATION PLAN AND OPEN STANDARDS).
I.

The Ministry of Development Planning in coordination with the Ministry of Public Works, Services and Housing, through
of the Vice Ministry of Telecommunications and the ADSIB, is the body responsible for preparing, promoting, managing and articulating the
Free Software Implementation Plan and Open Standards for the Executive, Legislative, Judicial and Electoral Bodies in
all its levels of the Plurinational State of Bolivia, as well as its permanent updating.

II.

The Free Software and Open Standards Implementation Plan will establish the mechanisms for community development
of Free Software applications, transversal to the needs of the Plurinational State.

III.

The implementation of the Free Software and Open Standards Implementation Plan will be in charge of public entities.

IV.

The follow-up to the execution of the Free Software and Open Standards Implementation Plan will be in charge of the ADSIB
in coordination with each entity of the public administration of the State.

ARTICLE 20.- (OBJECTIVE OF THE PLAN). Establish the conditions and mechanisms for the implementation, use, study,
audit, research and development of free software and open standards in public entities.
ARTICLE 21.- (PLAN GUIDELINES). The Free Software and Open Standards Implementation Plan must
consider minimally the following guidelines:
a) Enable the implementation, use and development of Free Software and Open Standards on computer platforms,
applications, computers, computer networks, data exchange and publication of digital content of the organs of the
Plurinational State of Bolivia;
b) Promote the advancement of the process of decolonization of knowledge;
c) Promote the training, specialization and training of human resources in free software and open standards in
coordination with state bodies and public administration entities;
d) Promote international cooperation mechanisms in the field of free software and open standards, in respect of the
sovereignty and information security of the Plurinational State of Bolivia;
e) Establish monitoring and control mechanisms that guarantee the application of these Regulations and the Plan of
Implementation of Free Software and Open Standards.
F)

Promote the development of free software in the public and private sectors, favoring professionals and companies
Bolivian;

g) Establish the conditions and hierarchy to strengthen the systems units of public entities, in such a way that
that can meet the objectives of the Regulation.
ARTICLE 22.- (STATE REPOSITORY OF FREE SOFTWARE).
I.

It will be used to promote and share the software developed by or for the State allowing optimization and reuse
of resources.

II.

ADSIB is the entity that manages the State Free Software Repository for registration, preservation and custody. Should
publish online the information of all systems and applications found in the Repository.

III .

The technical norms, development standards and licensing of free software for registration in the repository and use by
of the State, will be established by the ADSIB.

IV.

The ADSIB will establish the mechanisms and processes for registration, consultation and use of the State Free Software Repository.

V.

Public entities have the obligation to register the systems and free applications used and developed, in a manner
directly or through third parties, in the State Repository of Free Software in accordance with procedures established by the ADSIB,
with the exception of those considered strategic by each institution.
ARTICLE 23.- (PRIVATE SOFTWARE LICENSES).
I.

In the event of acquisition or donation, extension and / or renewal of Proprietary Software Licenses by the
public entities of the Plurinational State of Bolivia, the Highest Executive Authority will request the ADSIB's approval
accompanied by the technical report that justifies the use of said software. In the event that the software is used by
several institutions, the request submitted by the project coordinator will suffice.

II . In the case of development of applications on a proprietary software platform by public entities of the State
Plurinational Bolivian, the Highest Executive Authority will request the ADSIB's approval accompanied by the respective
technical report that justifies the development of said software under that platform.
III.

For what is established in Paragraphs I and II, the ADSIB will make known its agreement or opposition, by means of a document of its
Highest Executive Authority, accompanied by the respective technical report, establishing the necessary recommendations.
The final decision in these cases will be assumed by the Highest Executive Authority of each entity.

IV.

Any hardware acquisition by public entities of the Plurinational State of Bolivia must require the
compatibility of the same with free software systems.

V.

In the event that an essential peripheral hardware requires irreplaceable software for its operation, do not
the provisions of Paragraph I of this Article apply for said software.
TITLE IV
CERTIFICATE AND DIGITAL SIGNATURE AND CERTIFICATION ENTITIES
CHAPTER I
CERTIFICATE AND DIGITAL SIGNATURE

Article 24.- (DIGITAL CERTIFICATE ) .- Digital certificates must be issued by an authorized certifying entity,
respond to internationally recognized formats and standards set by the ATT, contain at least the data that allow
Identify its holder, the certifying entity that issued it, its period of validity and contemplate the information necessary for the
verification of the digital signature.
Article 25.- (TYPES OF CERTIFICATES) .- The ATT will establish through Administrative Resolution the types of certificates
that may be issued by authorized certifying entities according to their use and in accordance with standards and recommendations
applicable international standards that promote interoperability with other systems.
ARTICLE 26.- (FUNCTION OF THE DIGITAL CERTIFICATE ). The digital certificate fulfills the following functions:
a) It accredits the identity of the owner of the digital signature:
b) The authorship of the digital signature that certifies:
c) Links a digital document or electronic data message, with the digital signature and the person:
d) It guarantees the integrity of the digital document or electronic message with digital signature.
ARTICLE 27.- (CHARACTERISTICS OF THE DIGITAL CERTIFICATE).
I.

Digital certificates must contain at least the following characteristics:
a) The issuance must be carried out by an authorized certification body:
b) Contain the unique serial number that identifies the certificate:
c) Respond to internationally recognized standard formats:
d) Period of validity:
e) Be capable of verification regarding their revocation status:
f) Accredit, in the cases of representation, the powers of the signatory to act on behalf of the natural person or
legal entity that you represent:
g) Take into account the information necessary for the verification of the signature:
h) Identify the certification policy under which it was issued:
i) Contemplate the limits of use of the certificate, if foreseen;
j) Validate the legal correspondence between the digital certificate, the digital signature and the person:
k) Unambiguously identify its holder and the authorized certifier that issued it.

II.

The ATT through Administrative Resolution will establish the format and structure of digital certificates for both people
natural as for legal persons.
ARTICLE 28.- (OBTAINING THE DIGITAL CERTIFICATE).

I.

To obtain the digital certificate, the certifying entities must sign an agreement of parties or contracts of
provision of services with users, in accordance with the terms and conditions of this provision, previously approved
by ATT.

II.

The minimum requirements for obtaining the Digital Certificate will be established by the ATT through Resolution
Administrative, according to the type of Certificate.
ARTICLE 29, (VALIDITY OF CERTIFICATES FOR PUBLIC OFFICES ). The validity of the signature certificates

issued in relation to the exercise of public office will not exceed two (2) years and must not exceed the duration of
said public position unless there are extensions of functions in the institutions, and any change in the position must be communicated to the
public certifying entity immediately.
ARTICLE 30.- (SUSPENSION OF VALIDITY).
I.

The validity of a digital certificate will be suspended by the certifying entity, when any of the following is verified
circumstances:
a) At the request of the certificate holder, duly communicated to the certifying entity;
b) Decision of the certifying entity by virtue of technical reasons, prior communication to the signatories;
c)

By order or duly substantiated judicial decision that determines the provisional suspension of the validity of the
digital certificate.

II.

As a result of the suspension of validity, the legal effects of the digital certificate in accordance with the uses temporarily cease.
that are their own and prevents the legitimate use of the same by the owner.

III.

The suspension of the validity of the digital certificate will be lifted for any of the following causes:

to. At the request of the holder of the digital certificate, when the suspension has been requested by him:
b. Cessation of the technical causes that led to the suspension at the discretion of the certifying entity:
c.

By order or duly substantiated judicial decision that determines the cessation of the suspension of the validity of the
digital certificate.

III.

In the situations described in the previous paragraph, the certifying entity has the obligation to immediately enable the
digital certificate in question.

V.

The suspension of a digital certificate will not produce, by itself, the legal invalidity of the acts that under said
certificate have been made previously.
ARTICLE 31.- (REVOCATION OF A DIGITAL CERTIFICATE).

I.

A digital certificate will be revoked by the certifying entity in the following cases:
a) At the request of the owner, duly communicated to the certifying entity:
b) Due to the death of the certificate holder:
c) Due to dissolution or bankruptcy of the legal person who owns the digital certificate, from the official communication received by the
certifying entity;
d) Conviction sentence executed against the holder of the digital certificate, for the commission of crimes in which there has been
used as an instrument the digital signature;
e) Judicial sentence declaring the absence or interdiction of the holder of the digital certificate;
f) As required by the competent authority in accordance with the Law;
g) When it is confirmed that the holder of the digital certificate has not adequately guarded the security mechanisms,
specific to the operation of the certification system, provided by the authorized certifying entity;
h) If verified by the ATT, that there have been technical violations of the entity's security system
certifier that affects the provision of digital certification services:
i) Due to non-compliance with the causes agreed between the certifying entity and the holder of the digital certificate.

II .

The revocation of the digital certificate does not exempt its holder from the fulfillment of the obligations contracted during the validity of the
certificate.
ARTICLE 32.- (CONSERVATION).

I.

The preservation of the information contained in an electronic data message or digital document, both with a digital signature,
must meet the following conditions:
a) Be in the original format with which it was generated, sent or received, proving its integrity, the identity of the
generator of the electronic data message or digital document, its origin, date, time of creation, destination and others:
b) Be accessible and available for subsequent consultations at the request of the competent authority:
c) Be kept in accordance with the nature of the electronic data message or digital document and current regulations.

II .

For the conservation of the information contained in electronic data messages or digital documents, the entity
Certifying company may use the service of third parties, as long as their integrity is guaranteed.

III.

The information whose sole purpose is to make known the sending or receipt of an electronic data message or
digital document is exempt from the obligation to keep it.

IV.

The ATT, by means of an Administrative Resolution, will determine the procedure and the conditions that the entities must comply with.
certifiers for the preservation of physical and digitized documents, ensuring their storage in
servers located in the territory and under the legislation of the Plurinational State of Bolivia.
ARTICLE 33.- (CHARACTERISTICS OF THE DIGITAL SIGNATURE). You must minimally meet the following conditions:
a) Be linked to a digital certificate so that any subsequent alteration in it is detectable;
b) Having been created during the validity period of the signer's valid digital certificate;
c) Have been created using a technically secure and reliable signature creation device;
d) Be created by means that the signer can keep under his / her exclusive control and the signature is controlled by the person to
who belongs;
e) Contain information linked exclusively to its owner;
f) Allow to univocally verify the authorship and identity of the signatory, by means of technical verification devices;
g) That the method of creation and verification is reliable, safe and unalterable for the purpose for which it was generated.
signature creation record;
h) That the data be subject to verification by third parties;
i) That at the time of creation of the digital signature, the data with which it is created is under the exclusive control of the
signatory;
j) That the digital signature is controlled by the person to whom it belongs.
ARTICLE 34.- (VALIDITY OF THE DIGITAL SIGNATURE).

I.

When a digital signature has been inscribed in a digital document or electronic data message, the will of the
holder of the digital signature to accredit that digital document or electronic data message, and is attached and linked to the
content of their information.

II .

Electronic data messages or digital documents, both with digital signature, acquire full legal probative validity
under the following conditions:
a) Be individual and be linked exclusively to its owner;
b) That allows to unequivocally verify the authorship and identity of the signatory, through authentication and
safety and is in accordance with current regulations:
c) That its method of creation and verification is reliable, secure and unalterable for the purpose for which the message was
generated or communicated;
d) That at the time of creation of the digital signature, the data with which it is created is under the exclusive control of the
signatory;
e) That the firm is controlled by the person to whom it belongs.

III .

A digital signature loses validity when the validity of the digital certificate has expired or it has been revoked.
ARTICLE 35.- (USE OF THE DIGITAL SIGNATURE IN THE NATIONAL PAYMENT SYSTEM). For the use and acceptance of the signature

digital payment system in the national payment system, the competent authorities may establish the conditions to grant security to the
electronic transfers in the financial system. All participants of the national payment system in order to carry out operations,
In addition to observing the provisions of these Regulations, they must comply with the regulations established by these instances.
CHAPTER II
NATIONAL INFRASTRUCTURE OF DIGITAL CERTIFICATION
ARTICLE 36.- (NATIONAL HIERARCHY OF DIGITAL CERTIFICATION) . Establishes the levels of the National Infrastructure
of Digital Certification where there is a higher-level certifying entity in charge of regulating and supervising the processes of
certification.
ARTICLE 37.- (HIERARCHICAL STRUCTURE ). The organization of the National Digital Certification Infrastructure has the
following levels:
1. First level : Root Certification Entity. The ATT is the highest level certification body within the Hierarchy
National Digital Certification that will self-sign your certificate and issue digital certificates to the certifying entities
subordinate public and private.
2. Second level: Certifying Entities. They are the subordinate public or private certifying entities of the
Root Certification Entity. The public certifying entity is the ADSIB and the private certifying entities are all
those authorized by ATT to provide Certification Services, meeting the requirements for authorization
service provision.
3. Third level : Registration Agency. It is the agency dependent on a certifying entity, in charge of carrying out the registration
and the identification of the natural or legal person in a reliable and complete way must carry out the procedures with fidelity to
reality. It is also who is in charge of requesting the approval or revocation of a digital certificate. Your primary objective
is to ensure the veracity of the data that was used to request the digital certificate.
4. Fourth level : Signatories. They are all users and end users who have been issued a certificate by a
certifying entity, within the National Hierarchy of Digital Certification.
ARTICLE 38.- (FUNCTIONS OF THE AUTHORITY). For the fulfillment of the attributions established in Law No. 164, the
ATT will have the following functions:
a) Authorize the operation of certification entities:
b) Ensure the proper functioning and efficient provision of the service by the certification bodies and the
full compliance with the legal and regulatory provisions of the activity;
c) Define the technical requirements that qualify the suitability of the activities carried out by the entities of
certification;
d) Evaluate the activities carried out by the certification entities according to the standards defined in the
technical regulations;
e) Revoke or suspend the authorization to operate as a certification entity;
f) Require at any time from the certification entities information related to certificates, signatures
digital documents issued and the documents in computer support that are safeguarded or managed by:
g) Verify the quality of the provision of the public certification and digital signature service:
h) Impose sanctions on certification bodies for non-compliance or partial compliance with the obligations
derived from the provision of the service:
i) Order the revocation or suspension of digital certificates when the certification body has issued them without the
compliance with legal formalities.
j) Approve the specific regulations and procedures of the certifying entities for the provision of the
digital certification, as well as its modifications;
k) Issue digital certificates in relation to the digital signatures of the certification bodies.
ARTICLE 39.- (FUNCTIONS OF THE CERTIFICATION ENTITY ). The certifying entities will have the following
functions:
a) Issue, validate, renew, deny, suspend or cancel digital certificates;
b) Facilitate digital signature generation services;
c) Guarantee the validity of digital signatures, their digital certificates and the ownership of their signatory:
d) Validate and verify where appropriate, the identity and real existence of the natural or legal person:
e) Recognize and validate digital certificates issued abroad;
f) Other functions related to the provision of digital certification services.
ARTICLE 40.- (FUNCTIONS OF THE REGISTRATION AGENCY ). The functions of the Registration Agency are the following:
a) The receipt of applications for the issuance of certificates:
b) Check the identity and authentication of the data of the certificate holders:
c) Check other data of the certificate holders that are presented before it whose verification is delegated by the entity
certifier;
d) The forwarding of approved applications to the certifying entity with which it is operatively linked:
e) The reception and validation of certificate revocation requests: and their directing to the certifying entity
with which they are linked;
f) The identification and authentication of the certificate revocation applicants:
g) The file and conservation of all the supporting documentation of the identity validation process, in accordance with the
procedures established by the certifying entity:
h) Compliance with the rules and regulations established for the protection of personal data:
i) Compliance with the provisions established by the certification policy and the entity's procedure manual
certifier with which it is linked.
ARTICLE 41.- (DIGITAL CERTIFICATION SERVICE). Certifying entities must provide the following
services:
a) Digital certification service : It consists of issuing, revoking and managing the digital certificates used to generate
digital signatures:
b) Registration service : It consists of verifying and validating the identity of the applicant for a digital certificate, and other functions
related to the process of issuance and handling of digital certificates;
c) Other services related to digital certification.
ARTICLE 42.- (FEES FOR THE PROVISION OF THE DIGITAL CERTIFICATION SERVICE) . Certifying entities
Authorized companies will establish their rates considering criteria supported and oriented in costs of the digital certification service, prior
presentation of its tariff structure to the ATT for its approval and registration.
ARTICLE 43.- (OBLIGATIONS OF THE CERTIFICATION ENTITIES ). To ensure publicity, security,
integrity and effectiveness of the digital signature and certificate, the certifying entities are obliged to:
a) Comply with current regulations and technical standards issued by the ATT;
b) Develop and update the digital certification service procedures based on the techniques and methods of
information protection and guidelines established by the ATT.
c) Inform users of the conditions of issuance, validation, renewal, low suspension, agreed rates and use of
your digital certificates through a list that must be published on your website among other means:
d) Maintain control, reserve and care of the private key used to digitally sign the digital certificates that
emits. Any anomaly that may compromise your confidentiality must be reported immediately to the ATT.
e) Maintain control, reserve and care over the public key that is entrusted to it by the signatory:
f) Maintain an information system of free, permanent and updated access where the procedures of
digital certification, as well as the digital certificates issued stating, their unique serial number, their date of issue,
validity and applicable restrictions, as well as the detail of suspended and revoked digital certificates;
g) The certifying entities that derive from the root certifier (ATT) must maintain an information system with the
same characteristics mentioned in the previous point, located in the territory and under legislation of the Plurinational State of
Bolivia;
h) Revoke the digital certificate upon the occurrence of any of the causes established in this Regulation. The causes and
Conditions under which the revocation must be carried out must be stipulated in the contracts of the holders;
i) Maintain the confidentiality of the information provided by the holders of digital certificates by limiting their use to
the needs of the certification service, except for a court order or request from the holder of the digital certificate as required
the case;
j) Maintain the information related to the digital certificates issued, for a minimum period of five (5) years after the
period of its validity or validity;
k) Provide information and provide the collaboration due to the personnel authorized by the ATT, in the exercise of their functions,
for the purposes of control, monitoring, supervision and inspection of the digital certification service, demonstrating that the
technical controls used are adequate and effective when required;
l) Maintain legal domicile in the territory of the Plurinational State of Bolivia;
m) Notify ATT of any change in legal status, commercial action, or any administrative change, address,
phones or email;
n) Verify all the information provided by the requestor of the service, under his exclusive responsibility;
o) Have professional, technical and administrative personnel with specialized knowledge in the matter;
p) Have high availability technological platforms, which guarantee to maintain the integrity of the information of the
certificates and digital signatures issued that it manages.
ARTICLE 44.- (RESPONSIBILITY OF THE AUTHORIZED CERTIFICATION ENTITIES TO THIRD PARTIES).
I.

The authorized certifying entities will be responsible for the issuance of digital certificates with errors and omissions that
cause harm to their signatories.

II.

The private authorized certifying entities must provide a surety that will be used to answer for the
possible contractual or non-contractual civil consequences of its activity. This surety will be paid by means of a
Insurance Policy issued by an Insurance Entity duly established in the Plurinational State of Bolivia taking
taking into account the risks and responsibilities inherent in digital certification work. The amount of the surety will be fixed
by the ATT annually through Administrative Resolution, according to categories that will be determined in accordance with the
number of certificates issued.

III.

The authorized certifying entity will be released from responsibilities if it shows that it acted with due diligence and they are not
attributable errors and omissions object of the claims.

IV.

The authorized certifying entities must respond for possible damages caused to the signatory or third parties of
good faith for the delay in the publication of the information on the validity of the digital certificates.
ARTICLE 45.- (GUARANTEE).

I.

The certifying entities must obtain and keep in force a certificate of guarantee of contract fulfillment, by the
seven percent (7%) of your gross income from the immediate previous management, or on your projections for the first year. what
support your activity during the validity of the authorization to provide digital certification services.

II.

Failure to comply with this requirement will give rise to the corresponding actions within the framework of the ATT's powers.

ARTICLE 46.- (AUDITS).
I.

The certifying entities may be subjected to technical inspections or audits by the ATT.

II.

The ATT may implement the audit system that must at least evaluate the reliability and quality of the systems.
used, compliance with national and international standards on certification and digital signature, integrity,
confidentiality and availability of data, as well as compliance with the certification policies defined by the
authority, its statement of certification practices, and approved security and contingency plans.

CHAPTER III
AUTHORIZATION TO THE CERTIFICATION ENTITY

ARTICLE 47.- (AUTHORIZATION TO PROVIDE DIGITAL CERTIFICATION SERVICES). The ATT, through the
signing a contract, will grant the authorization for the provision of digital certification services, with a validity of five (5) years,
renewable for similar periods, to natural or legal persons who request it, after compliance with the requirements and conditions
established in Administrative Resolution by the ATT.
ARTICLE 48.- (PAYMENT OF RIGHT).
I.

The certifying entities will pay the ATT annually, one percent (1%) of their gross operating income.
of the digital certification service corresponding to the previous year, as a control and regulation fee.

II.

For the first year of operation, the certifying entity will cancel the inspection and regulation fee in advance, in
based on your gross income projection.
ARTICLE 49.- (TRANSFER OF AMOUNTS COLLECTED). The collection for the audit fee and

regulation, as well as interest and penalties for late payment, will be deposited by the ATT every six months until ten (10) days of the month
following, after the semester, to the Single Treasury Account - CUT.
ARTICLE 50.- (REVOCATION OF THE AUTHORIZATION).
I.

The ATT may revoke the authorization for the provision of digital certification services granted in favor of the entity
certifier, for the following reasons:
a) When the authorized certifying entity transfers, assigns, leases or performs any act of disposition of its
authorization to provide digital certification services, without the express authorization of the ATT;
b) By express request of the authorized certifying entity;
c) Bankruptcy of the legally declared certifying entity;
d) When the authorized certifying entity has not started the provision of services to applicants during the twelve (12)
months after the granting of the authorization to provide digital certification services;
e) When the certifying entity provides a different service or modifies the object for which it obtained the authorization to
provision of digital certification services, without permission from the ATT;
f) When the authorized certifying entity, after having received a notification from the ATT, regarding the breach of
contractual, legal, technical and regulatory provisions, do not correct or correct them within the deadlines indicated by the
contract or applicable regulations;
g) In the event that the authorized certifying entity fails to comply with the payment of the right for the provision of
digital certification;
h) For incurring in any other cause established in your contract.

II.

If the revocation occurs, the ATT must provide for the safekeeping and transfer of the certificates to another certifying entity.
digital data and the information provided by the holders, being empowered to do so to intervene the certifying entity before the
notice with revocation, if necessary.
ARTICLE 51.- (TRANSFER OF THE AUTHORIZED CERTIFICATION ENTITY).

I.

To transfer the authorization to provide digital certification services to another certifying entity
authorized, the certifying entity must communicate such situation to the holders of the digital certificates issued by it, with
an advance notice of at least two (2) months, indicating to the holder that if there is no objection to the transfer of the certificates
digital, within a period of fifteen (15) business days from the date of communication, it will be understood that the user
has consented to the transfer of the same.

II.

In the event of revocation of an authorization, the certifying entity whose authorization has been revoked, must communicate
immediately to the holders of digital certificates this situation for the transfer of digital certificates to another entity
authorized certifier.

III.

The certifying entity will notify the ATT, with at least two (2) months in advance about the destination that will give the data
of the digital certificates issued.
TITLE V
DIGITAL CERTIFICATE HOLDER
CHAPTER I
RIGHTS AND OBLIGATIONS
OF THE HOLDERS OF THE DIGITAL CERTIFICATE

ARTICLE 52.- (DIGITAL CERTIFICATE HOLDER). The holders of the digital signature and the digital certificate are the persons
natural and legal persons through their legal representatives, who have requested by themselves and for themselves a certification that accredits their
digital signature.
ARTICLE 53.- (RESPONSIBILITY OF THE OWNER).
I

The holder will be responsible for the falsehood, error or omission in the information provided to the certification body and for the
breach of your obligations as owner.

II

The creation data of the digital signature linked to each digital certificate of a legal entity, will be the responsibility of the
legal representative, whose identification will be included in the digital certificate.

III.

The document with digital signature gives its holder responsibility for the legal effects generated by the use of the
same.
ARTICLE 54.- (RIGHTS OF THE CERTIFICATE HOLDER). The holder of the digital certificate has the following rights:
to)

To be informed by the certifying entity, of the general characteristics, of the creation procedures and
verification of digital signature, as well as the rules on certification practices and any information generated that it saves
relationship with the provision of the service prior to the start of it, as well as any subsequent modification:

b) To the confidentiality of the information provided to the certifying entity;
c) To receive information on the general characteristics of the service, prior to the start of its provision;
d) To be informed, before signing the contract for the issuance of digital certificates, about the price of the
certification services, including additional charges and forms of payment, of the precise conditions for the use of the
certificate, of the limitations of use, of the procedures of claim and resolution of disputes foreseen in the laws
or those who remember;
e) For the certifying entity to provide information on their legal address in the country and on all the means to the
that the owner can go to request clarification, report the malfunction of the contracted service, or the way
in which you will submit your claims;

f) To be informed, at least two (2) months in advance, by the certifying entity of the cessation of its activities, with the
In order to assert your acceptance or opposition to the transfer of your certificate data to another certifying entity.
ARTICLE 55.- (OBLIGATIONS OF THE OWNER).
I.

Page 3

The holder of the digital signature through the corresponding digital certificate has the following obligations:
a) Provide reliable and verifiable information to the certifying entity;
b) Maintain control and reserve of the method of creating your digital signature to avoid unauthorized use;
c) Observe the conditions established by the certifying entity for the use of the digital certificate and the generation
of the digital signature;
d) Notify the certifier in a timely manner that the creation data of your digital signature have been known to third parties.
authorized and that could be improperly used, in this case you must request the cancellation of your digital certificate;
e) Act with diligence and take the necessary security measures to maintain the generation data of the digital signature
under its strict control, avoiding the unauthorized use of the digital certificate;
f) Communicate to the certifying entity, when there is a risk that the data of your digital signature may not be known
authorized by third parties, by the owner and may be used improperly;
g) Not to use the digital signature creation data when the period of validity of the digital certificate has expired; wave
certification body notifies you of the suspension of its validity or the conclusion of its validity.

II.

Failure to comply with the obligations detailed above will make the owner of the digital signature responsible for the consequences
generated by the improper use of your digital signature.

CHAPTER II
PROCESSING OF PERSONAL DATA

ARTICLE 56.- (PROTECTION OF PERSONAL DATA) . In order to guarantee personal data and computer security
of them the following provisions are adopted:
a) The use of personal data will respect the fundamental rights and guarantees established in the Constitution
State Policy:
b) The technical processing of personal data in the public and private sector in all its modalities, including among these
the activities, collection, conservation, processing, blocking, cancellation, transfers, consultations and
interconnections, will require the prior knowledge and express consent of the owner, which will be provided in writing or
other comparable means according to the circumstances. This consent may be revoked when there is cause
justified for it, but such revocation will not have retroactive effect:
c) People who are requested personal data must be previously informed that their data will be subject to
of treatment, of the purpose of the collection and registration of these; of the potential recipients of the information; of the
identity and address of the person responsible for the treatment or their representative; and the possibility of exercising the rights of
access, rectification, update, cancellation, objection, revocation and others that are pertinent. Personal information
object of treatment may not be used for purposes other than those expressed at the time of collection and
record;
d) The personal data subject to treatment may only be used, communicated or transferred to a third party, prior
consent of the owner or written order of the competent judicial authority;
e) The person responsible for the processing of personal data, both in the public and private sectors, must adopt the
technical and organizational measures necessary to guarantee the security of personal data and prevent its
alteration, loss, unauthorized treatment that must be adjusted in accordance with the state of technology, the
nature of the stored data and the risks to which they are exposed, whether they come from human action or the environment
physical or natural.

TITLE VI
ADVERTISING COMMUNICATIONS
BY EMAIL
SINGLE CHAPTER
ADVERTISING COMMERCIAL COMMUNICATIONS

ARTICLE 57.- (ADVERTISING COMMERCIAL COMMUNICATIONS). Communications by email
or other equivalent digital means of communication whose purpose is to promote, directly or indirectly, the image or the goods or
services of a company, organization or person that carries out a commercial, industrial, artisan or professional activity, must comply
the following conditions:
a) They must advertise the services, characterizing them on the basis of technical and technology terms, including
technical, economic, commercial characteristics, rates, legal aspects, regarding all services, as well as the
subscription mechanisms and termination of subscription to said type of services;
b) In the advertising texts that refer to the services, conditions and characteristics, and promotions as well as in the
advertising for access to digital content and applications, should use broadcast copywriting that highlights the
facilities and benefits of the service;
c)

In the case of promotional offers, such as those that include discounts, prizes and gifts, and contests or games
promotional activities, in addition to compliance with the requirements established in the previous paragraphs of the
this Article, that they are clearly identified as such and that the conditions of access, and where appropriate
participation, are expressed clearly and unequivocally, as well as the authorizations of the competent authorities;

d) You must indicate how the recipient can accept or reject the sending of future communications from the sender,
so that users can be enabled or disabled in the event that they do not wish to continue receiving these messages
or emails;
e) The senders and data of the same must be clearly identifiable, indicating the natural or legal person on behalf
of which they are made;
f) In advertising and interactive access to the provider's websites through terminal equipment, the simple commercial registration
entry does not lead to a commercial link from the subsequent broadcast provider, but it must be explicit and
manifestly accepted by subscription;
g)

Product or service offers must provide clear, precise and truthful information consistent with their
benefits.

TITLE VII
ELECTRONIC COMMERCE
SINGLE CHAPTER
ARTICLE 58.- (ELECTRONIC COMMERCE). ICTs will be used as an instrument to promote trade
electronic, between the offeror and the demander of goods and services.
ARTICLE 59.- (OBJECTIVES OF ELECTRONIC COMMERCE). Electronic commerce will have the following minimally
objectives:
a) Facilitate electronic commerce within and outside the Plurinational State of Bolivia;
b) Validate the operations carried out by means of the new ICT:

c) Encourage and stimulate the application of new information technologies;
d) Support new business practices.

SOURCE: GACETA

IMPORTANT:
THE NATIONAL LAWS SHOWN ON THIS WEBSITE ARE THE RESULT OF THE REGISTRATION AND UPDATING OF THE EXPRESS ABROGATIONS AND DEROGATIONS APPROVED BY THE LEGISLATIVE BODY SINCE 1825. THE DOCUMENTS PRESENTED HERE CANNOT BE OF ANY
WAY TO BE USED AS A LEGAL REFERENCE, SINCE SUCH ATTRIBUTION CORRESPONDS TO THE OFFICIAL STATUS GAZETTE.

SILEP - Legal Information System of the Plurinational State
Vice Presidency of the Plurinational State. 2021

