Key Changes to Cryptographic Key PIN Security Defined by the Ministry of Finance

The General Directorate of Taxation of the Ministry of Finance (MH) has announced new security policies for the PIN used in cryptographic keys applied to the signing of electronic invoices.

This change aims to strengthen the protection of tax information and reduce risks associated with unauthorized access.

What will happen to existing cryptographic keys?

Cryptographic keys currently in use will remain valid until their expiration date, unless the taxpayer decides to revoke them in advance.

What changes does the new security policy introduce?

In order to enhance security standards, the Ministry of Finance has established new mandatory requirements for cryptographic key PINs:

Minimum length of 14 characters (previously 4).
At least one uppercase letter.
At least one lowercase letter.
At least one number.
At least one special character.

These requirements apply exclusively to new cryptographic keys generated from the specified date onward.

When will these changes become mandatory?

All cryptographic keys generated as of July 27, 2026, must comply with the new security parameters defined by the Ministry of Finance.

Transition period

Until July 26, 2026, the Ministry of Finance will keep the option to generate cryptographic keys using a 4-digit PIN (current policy) enabled.

Cryptographic keys generated under this policy will remain valid until their expiration or revocation, even after the new regulation comes into effect.

Will the process for obtaining a cryptographic key change?

No. The process for obtaining a cryptographic key remains unchanged. Keys will continue to be generated through the TRIBU-CR platform, as is currently the case.

Do you have questions about how these changes may impact your electronic invoicing operations?

At LLB Solutions, we support you in ensuring regulatory compliance and the proper management of your cryptographic keys.

info@llbsolutions.com | Localización Costa Rica