Chile's Digital Government legal framework: what a CIO must know before choosing a consultant

December 31, 2027: what Law 21,180 actually requires

Law 21,180 on Digital Transformation of the State requires every body in the Chilean State Administration to handle administrative procedures in 100% electronic format, with a hard deadline of December 31, 2027. It isn't a recommendation, it's a legal obligation.

Less than two years to that date, and most of the CIOs we talk with — public services, municipalities, ministries — admit they still don't have clarity on what “electronic procedure” means operationally. Some already hired consultancies that don't have it clear either, and they only discover the real scope when they start integrating FirmaGob or DocDigital and everything breaks.

This article is for the CIO, the IT director, the head of finance and administration or anyone inside a Chilean public institution (or State provider) who has to decide whom to hire for digital transformation. The goal isn't to make you a lawyer. It's to give you a clear mental map so you can ask the right questions.

The five regulations that form the system

Treating the regulations as separate silos is the most expensive mistake in practice. They form an interconnected system where each piece points to the next:

• Law 19,799 (2002) — the foundation. Defines what an electronic document is, what an electronic signature is (simple and advanced), and how to accredit those who issue certificates.
• Law 19,880 (2003) — the bases of administrative procedure. The rules the State must follow when making decisions that affect people and companies. Originally designed for paper.
• Law 21,180 (2019) — the obligation to digitize Law 19,880. Takes the administrative procedure from 2003 into the electronic world, with a December 31, 2027 deadline.
• Supreme Decree 83 (2005) — the first technical security standard for electronic documents in the State. Covers confidentiality, integrity and availability.
• Supreme Decree 7 (2023) — the update Law 21,180 forced into existence. Today it's the current standard on information security and cybersecurity for platforms supporting administrative procedures.

Here's how the system works: Law 21,180 forces you to digitize the procedure of Law 19,880, which forces you to use electronic signatures under Law 19,799, which forces you to comply with the security requirements of DS 7 (which replaces and updates DS 83). If your consultant handles one but not the others, you'll have integration problems.

Law 19,799: the foundation of electronic signatures

Published in April 2002, it was the first Chilean law to grant full legal validity to electronically signed documents. It distinguishes two types of signature, and the difference is critical:

Simple Electronic Signature (FES). Any electronic data that formally identifies its author. In practice, anywhere from a typed name at the end of an email to a digital signature without an accredited certificate. Has legal validity between parties that accept it, but is more easily challenged in court.

Advanced Electronic Signature (FEA). The one certified by a Certification Service Provider accredited by the Ministry of Economy. Has the same legal validity as a handwritten signature before a notary. It's what the State requires for administrative contracts, formal administrative acts, and anything demanding absolute certainty of authorship.

Confusing the two can cost you the contract. If you submit an administrative act signed with FES when FEA was required, it isn't just objectionable: it's invalid. And many private platforms sold as “digital signatures” are actually FES disguised as FEA. Always verify the provider is registered in the official Accrediting Entity registry.

In the Chilean public sector, FEA is mainly channeled through FirmaGob, the platform operated by the Digital Government Secretariat. That's where authorized officials sign official documents using their institutional certificate. The integration details (SOAP/WSDL, certificates, institutional OAuth2) are covered in a specific technical guide on FirmaGob.

Law 19,880: the foundations of administrative procedure

Published in May 2003, it set the rules every State institution must follow when making administrative decisions affecting individuals or businesses. Deadlines, ways to notify, file requirements, rights of the interested party, administrative appeals.

The problem: it was designed in and for a paper logic. Physical files, stamped letters, certified mail notifications, handwritten signatures on every page. Twenty years later, much of the State was still operating exactly that way — with massive costs in time, physical storage and processing errors. Law 21,180 fixes that.

Important: Law 19,880 is still in force. It wasn't replaced. Law 21,180 updates it so the same administrative procedure runs electronically, keeping the original rights and guarantees.

Law 21,180: the December 31, 2027 deadline

Published on November 11, 2019. It modifies Law 19,880 and requires the full cycle of administrative procedures — initiation, processing, file, notifications, official communications, archive — to happen in electronic format.

Implementation is gradual under DFL N° 1 of the General Secretariat of the Presidency. The roadmap splits public bodies into three groups:

• Group A: ministries, undersecretariats, public services, Comptroller General, Armed Forces, regional and provincial delegations. Earliest deadline.
• Group B: Regional Governments and large municipalities.
• Group C: remaining municipalities.

Regardless of group, no body can go past December 31, 2027. After that day, keeping an administrative procedure on paper is a defective administrative act.

The six areas Law 21,180 forces you to digitize are:

• Official communications between bodies (channeled via DocDigital).
• Electronic initiation of procedures (digital forms).
• Interoperability between institutions (connected platforms).
• Electronic notifications to the interested party.
• Electronic files with full traceability.
• Digitization of pre-existing paper documents.

Each of those six areas touches technical infrastructure, not just process. That's why the consultancies offering “21,180 diagnosis” by reviewing flows on a whiteboard and handing over a PDF fail. The implementation — integrating FirmaGob with your document management system, connecting DocDigital, authenticating with ClaveUnica, leaving the electronic file compliant with DS 7 — doesn't fit in the PDF.

DS 83 (2005) and DS 7 (2023): the technical standards

Electronic State procedures handle sensitive data: people's identity, administrative decisions, tax, health and judicial records. That's why the regulation requires concrete technical security standards, not generic declarations.

Supreme Decree 83 of 2005 was the first technical standard. It established the basic security and confidentiality principles for State electronic documents. Stayed in force for nearly 18 years.

Supreme Decree 7 of 2023, published in August 2023, updates that framework to meet Law 21,180's requirements. General principles are no longer enough: every State body must now have an Information Security and Cybersecurity Policy, manage risks, protect software, hardware, infrastructure and data, and maintain auditable traceability. DS 7 absorbs and integrates DS 83 — in practical terms, the current standard today is DS 7.

DS 7 is relevant even for private companies providing services to the State: if your SaaS platform stores data from a public service, the service will ask you to comply with the standard. ISO 27001 covers a good chunk of DS 7 requirements, but not all. The Chilean standard has specifics on interoperability and electronic archiving that ISO doesn't address directly. And if your organization is a Vital Importance Operator under Law 21,663 on Cybersecurity, the requirements double: certified ISMS + DS 7 + incident reporting to ANCI.

The official platforms: FirmaGob, DocDigital, ClaveUnica

The Chilean State doesn't expect every service to invent its own infrastructure. To comply with Law 21,180, there are three platforms operated by the Digital Government Secretariat that are mandatory pieces of the puzzle:

FirmaGob. Platform for advanced electronic signatures (FEA) by public officials. Lets any administrative act, official letter or resolution be signed with legal validity equivalent to handwritten signatures. Integration is via SOAP/WSDL (still) or REST API in the more modern version, using institutional certificates with specific PKI.

DocDigital. The official electronic communications system between State bodies. Replaces paper letters. Allows sending and receiving documents signed via FirmaGob, with proof of dispatch and receipt. More than 5,000 State entities are already connected.

ClaveUnica. The State's citizen authentication system. It's the official OAuth2: any citizen can identify themselves in public systems with their ClaveUnica credentials, without registering separately in each service. For your platform to accept citizen procedures, on the road to 2027 you'll need to integrate it.

These three aren't optional if the scope of your transformation includes procedures involving citizens or inter-institutional communication. Integrating them isn't trivial: public documentation is reasonable, but real production behavior has edges (certificate handling, token refresh, SOAP XML formats, idempotency under retries) that only get learned by having more than one integration done and operating.

The cascade effect: why complying with one regulation forces touching the others

If Law 21,180 forces you to digitize the administrative procedure, the mandatory sequence is this:

• You'll need to electronically sign administrative acts ⇒ Law 19,799 + FirmaGob.
• You'll have to communicate officially with other bodies ⇒ DocDigital.
• You'll receive electronic citizen procedures ⇒ ClaveUnica.
• All that infrastructure must be secure, auditable and available ⇒ DS 7 / 2023.
• The procedure is still the one from Law 19,880 — rights and guarantees don't disappear, only the medium changes.

There's no way to comply with just one regulation. If you try, the next piece of the system blocks you. A serious digital transformation project treats the five regulations as a single set.

How to evaluate the consultant: the questions that matter

If you're evaluating consultancies or running a digital transformation tender, this is the short list of questions any serious provider should answer without hesitation:

• Which group (A, B, C) does our institution belong to, and how does that affect the roadmap? If they can't answer this in a couple of lines, they don't know Law 21,180.
• Have you integrated FirmaGob in production? With which protocol, SOAP or REST? How do you handle institutional certificate refresh? Specific answers separate those who integrated from those who only read the documentation.
• Do you know DS 7 of 2023? What controls does it include that ISO 27001 doesn't cover directly? If they answer “it's equivalent to ISO 27001,” they're oversimplifying.
• How do you design the transition from paper files to electronic files without breaking legal continuity? There's a real problem with hybrid files during the transition.
• Do you have experience with interoperability between internal systems and State platforms? Building a clean internal system isn't the same as connecting it to DocDigital, FirmaGob, SII, Civil Registry, etc.

If two of the five answers are vague, you're hiring a team that's going to learn at your expense. And learning with public money and a 2027 deadline is expensive.

The cost of arriving late vs the cost of preparing now

Some reference numbers. A serious digital transformation project for a mid-sized municipality — diagnosis, integration with FirmaGob/DocDigital/ClaveUnica, electronic file, DS 7 governance — ranges between 80 and 250 million Chilean pesos depending on starting state. That's what it costs to do it well and unhurried.

The cost of not doing it on time is different. After December 31, 2027:

• Any administrative act issued on paper can be challenged for formal defect.
• The Comptroller has specific oversight powers over compliance.
• Last-minute consultancy pressure multiplies the price — the equivalent of rush pay in any market.
• Implementation quality drops when done against the clock, and lingers as technical debt for the next decade.

There's also an upside few mention: complying with Law 21,180 + DS 7 today is practically complying with ISO 27001 and parts of GDPR. If your institution ever collaborates with international organizations or handles personal data under Law 21,719 on Personal Data Protection (in force since December 2026), the base is already in place.

Conclusion: Digital Government isn't a project, it's a system

Treating the State's digital transformation as a one-off project is the most expensive thing an institution can do today. It's a system of five interconnected regulations that demand each other and all point to the same day on the calendar: December 31, 2027.

The CIO who understands the full system makes better decisions. Hires consultants who master all five regulations, not just one. Evaluates providers by their ability to integrate real State platforms, not by their ability to draft reports. And prepares today instead of paying triple in 2027.

If you're in that position and need a technical starting point — assessment of the current state, concrete roadmap, or direct integration with FirmaGob, DocDigital and ClaveUnica — that's exactly what we do in our Digital Government service. Diagnosis + implementation under the same team, no middlemen between the person who understands the law and the person who writes the code.