CONTACT US

Provimento CNJ 213: o que todo cartório precisa saber para se adequar

  • Home
  • Cases
  • Provimento CNJ 213: o que todo cartório precisa saber para se adequar

Provimento CNJ 213: o que todo cartório precisa saber para se adequar

The Brazilian notary sector is facing one of the biggest regulatory changes in technology in recent years. Provision 213 of the National Council of Justice replaced the previous regulation and sent a clear message to notaries and registry office owners throughout Brazil: What was once a recommendation is now an obligation.

If you are responsible for a notary office or registry and haven't yet started thinking about compliance, this article is for you. We will explain what has changed, what the regulation requires in practice, what the risks are of not complying, and what the best way to resolve this safely and without complications is.

What is CNJ Provision 213?

Provision 213 is a regulation published by the National Council of Justice in 2026 that It establishes mandatory minimum standards for information technology, digital security, and data governance. For extrajudicial registry offices throughout Brazil.

It replaces Provision 149/2023, which already addressed the topic, but in a less rigorous manner. The new rule significantly expands the requirements and... This makes technology and information security non-negotiable requirements for the regular operation of a notary office.

In other words: starting from Provision 213, There is no longer room for treating IT as a secondary cost. Or leave digital security for "when it's convenient." It becomes part of regulatory compliance—just like keeping accurate books or paying fees.

Why did the CNJ create this rule?

Notaries and registry offices deal with this on a daily basis. extremely sensitive data. Deeds, wills, property records, birth certificates, contracts—all of these involve personal and financial information of Brazilian citizens.

With the significant increase in cyberattacks against public bodies and entities that handle sensitive data, the CNJ (National Council of Justice) understood that it was necessary... to establish a minimum standard of protection for the entire notary system in the country.

Furthermore, the General Data Protection Law (LGPD) already imposes obligations regarding the processing of personal data. Provision 213 reinforces this duty for the specific sector of notary offices., making compliance with the LGPD an integral part of the regulatory requirements of the standard.

What does Provision 213 require in practice?

The standard sets out specific requirements. Here are the main ones:

  • Corporate firewall and managed antivirus.The registry office needs a corporate network firewall; a home router or laptop antivirus is not enough. The solution needs to be continuously managed and monitored.
  • Data encryptionThe data of those under the jurisdiction of the court must be protected by encryption, both in transit (when traveling over the network) and at rest (when stored in the court's systems).
  • Automated backup with copy to an external environment.It's not enough to just make backups. The standard requires that at least one copy exist in an environment different from the main one, that is, in the cloud or in a separate physical location. An external hard drive stored in the same room as the server does not meet this requirement.
  • Formal information security policyThe registry office needs to have formally documented how it handles its data and how it ensures the security of the digital environment. This includes access rules, responsibilities, and procedures in case of an incident.
  • Business Continuity PlanIn the event of a cyberattack, system failure, or disaster that compromises operations, the registry office needs to have a plan in place to ensure the continuity of services. This needs to be planned in advance, not improvised when the problem arises.
  • Compliance with the LGPD (Brazilian General Data Protection Law)Compliance with the General Data Protection Law is an integral part of the requirements of Provision 213. The registry office must process the data of the data subjects for the correct purposes and have clear data governance processes.
  • Classification by classesThe CNJ (National Council of Justice) classified notary offices into classes according to their size and volume of operations. The requirements are proportional to the class., But no class is exempt. All notary offices and registry offices in Brazil are subject to the rule.

What are the risks of not conforming?

This is the point that many starters still underestimate. The risks of not complying with Provision 213 are not only technical, but also operational, legal, and reputational.

  • Risk of administrative sanctions by the CNJ (National Council of Justice). Inspections can result in warnings, fines, and, in more serious cases, in the suspension of activities at the registry office. This means an interruption of services provided to the population, a critical scenario for any unit.
  • Risk of cyber incidents without protection. Notary offices without a corporate firewall, external backup, and security policy are vulnerable targets. A ransomware attack can encrypt all the registry office's data and disrupt operations for days or weeks.
  • Legal risk under the LGPD (Brazilian General Data Protection Law). The leakage of personal data of those under the jurisdiction of the court can lead to sanctions from the ANPD (National Data Protection Authority) and civil liability for damages caused to the data subjects. For a notary's office, which handles particularly sensitive data, This represents a significant legal exposure.
  • Reputational risk. Trust is the most important asset of a notary office. A security incident or a citation for non-compliance with regulations compromises credibility with those under its jurisdiction and with society.

How do you know what your registry office needs to do?

This is the correct starting point: understanding exactly what the current situation of your registry office is and what is needed to achieve compliance with Provision 213.

Here are some questions you can ask yourself right now:

Your notary office has Corporate firewall Installed and monitored? Backups are performed automatically. with copy in external environmentIs there a documented information security policyThe registry office went through a process of compliance with the LGPD (Brazilian General Data Protection Law)There is a documented plan To ensure business continuity in the event of an incident?

If any of these answers are "no" or "I don't know," your registry office has areas of inadequacy that need to be resolved before the CNJ (National Council of Justice) inspection.

How Forte Security helps notary offices adapt

Forte Security is a technology company focused on cybersecurity that works to adapt notary offices and registry offices to Provision 213. Our work covers all areas required by the standard:

  • Corporate firewall with continuous monitoring for environments that demand security, performance, and cost-effectiveness.
  • Endpoint Protection for all devices in the registry office, ensuring protection against threats to the unit's computers and equipment.
  • Managed Backup with cloud backup, configured automatically and monitored.
  • Compliance with the LGPD (Brazilian General Data Protection Law) with a structured process and the Vencyone platform, which organizes and documents the entire compliance process with the General Data Protection Law.
  • Security policy and business continuity plan documented, prepared in conjunction with the registry office staff.
  • Technical verification at the end of the process.: the proof that the CNJ (National Council of Justice) can request during an audit.

We act in a consultative manner: our language is clear, our process is structured, and our goal is that... The notary public needs to understand exactly what is being done and why.

Where to begin?

The first step is to understand the current situation of your notary office. For this, Forte Security offers a... diagnosis For notary offices, this involves a technical analysis of the environment to identify areas of inadequacy and what needs to be resolved to achieve compliance with Provision 213.

This diagnosis is made by specialists. The goal is for you to have clarity about where you are and what the next step is.

Conclusion

CNJ Provision 213 is not a threat., This is an opportunity to modernize your notary office's infrastructure, protect the data of those under your jurisdiction, and ensure the continuity of operations securely.

Notary offices that adapt in advance will operate more smoothly, with less risk of incidents and with documented compliance in hand. Those who leave it for later will be racing against the deadline and against risk.

If you are the owner or manager of a notary office and want to understand what needs to be done in your specific case, talk to Forte Security. We are ready to guide you. From diagnosis to technical verification.

Click here and speak with a Forte Security specialist.

Share :

More articles

Article categories

Security
LGPD
Digital
Articles
en_USEnglish
pt_BRPortuguês do Brasil es_ESEspañol en_USEnglish