Publications

ICP-Brasil, maintained by the National Institute of Information Technology (ITI), is Brazil’s governmental system that issues qualified digital certificates with a legal presumption of authenticity. When it was created through Provisional Measure 2.200-2/2001, it included a frequently overlooked provision: Article 10, Paragraph 2, which expressly allows other methods of proving the authorship and integrity of electronic documents, so long as both parties agree to them. This rule has served as the foundation for a growing body of case law from the Superior Court of Justice (STJ), which has become increasingly open to recognizing different forms of digital authentication.

The recent ruling in Special Appeal (REsp) 2,197,156 by the STJ’s Third Panel, concluded in March 2026, represents the most precise and up‑to‑date development in this area.

 

What the STJ Established

In a unanimous decision, the Third Panel confirmed the validity of a loan agreement executed through a private electronic-signature platform not accredited by ICP-Brasil. Minister Nancy Andrighi, the reporting justice, rejected the notion of automatic invalidity and established two central criteria for analyzing these types of contracts.

The first criterion concerns the authentication method used. Certification through ICP-Brasil is not a mandatory requirement for validity. Law 14.063/2020, which regulates the use of electronic signatures in interactions with public entities and private transactions, recognizes multiple levels of evidentiary strength. Advanced electronic signatures — such as those based on tokens, facial biometrics, geolocation and IP address records — fall within this regulatory framework and carry legal validity when used properly.

The second criterion addresses challenges to the signature after the contract has been executed. The court held that a generic objection raised later by one of the parties, without concrete evidence suggesting fraud, is insufficient to invalidate the agreement. The decision aligns with STJ’s Binding Theme 1,061, reaffirming that when a consumer contests the authenticity of a signature in a banking contract, the financial institution must prove that the contract was executed properly. The burden of proof remains with the creditor. What the court rejected was the idea that any signature not certified by ICP-Brasil should automatically be viewed with suspicion, regardless of the evidence presented.

 

Points of Attention

Among the most relevant aspects of the precedent are:

• The legal validity of private advanced electronic-signature platforms, such as Clicksign and similar services, provided the authentication process can demonstrate authorship, integrity and consent
• The evidentiary importance of the contracting party’s active digital behavior, including document submission, biometric data and geolocation records
• The continued allocation of the burden of proof to the contracting institution, which must be prepared to demonstrate the regularity of the transaction when there is a well‑founded challenge

 

Impacts for Companies and Fintechs

For fintechs, financial institutions and companies whose operations rely on digital contracts, this precedent creates tangible effects on contractual governance. The legal discussion shifts away from whether a formal certificate exists and toward the quality of the authentication process: its ability to record consent, ensure the document’s integrity and reliably attribute authorship.

Companies already using advanced electronic-signature platforms gain reinforced legal certainty. Those that have not yet structured their digital authentication procedures properly should view this ruling as a warning: certain minimum conditions must be met to sustain contract validity in possible disputes.

The regulatory and judicial landscape is moving consistently in one direction: Brazil’s legal system is embracing widespread recognition of digital contracting, while still requiring robust evidence of the parties’ intent.

 

Next Steps

Companies that work with electronic contracts should consider:

• Assessing whether their authentication procedures are strong enough to demonstrate authorship and consent if challenged
• Reviewing the documentation produced by their electronic-signature platforms, including log records, IP addresses, biometrics and geolocation data
• Adjusting contractual workflows to comply with STJ Theme 1,061, ensuring the contracting institution is prepared for its burden of proof
• Following legislative developments on electronic contracts, especially within the context of Brazil’s upcoming Civil Code reform

Attorney Victor Nunes, from DGN, had already mapped this judicial trend last year. You can read the article by clicking here.

DGN continues to monitor developments on this topic and is available to assess how this precedent may affect your organization’s contractual structure.