Brazil’s PIX System Exposed to Legal Risk for Withholding Its Source Code


Image: pexels.com

As Brazil undergoes a rapid digital transformation of its public services, the debate around transparency, technological sovereignty, and the role of open-source software in public administration becomes more urgent than ever.

Yet, one critical point—largely absent from public discussion—raises a serious legal and ethical concern: the development and distribution of digital systems by the Brazilian state, with PIX as a prime example.

What Does the Law Say?

In 2021, Brazil enacted Law No. 14.063, which governs the digitalization of public services. Its Article 16 is clear:

“Information and communication systems developed exclusively by the public administration shall be governed by open-source licenses, allowing their unrestricted use, copying, modification, and distribution by all public agencies and entities.”

In short, software developed solely by the public sector—funded with taxpayer money and intended to serve the public interest—must be made available under an open-source license. This principle supports transparency, auditability, interoperability, and democratic security.

So… What About PIX?

PIX was developed entirely by the Central Bank of Brazil, an autonomous federal agency linked to the Ministry of the Economy. It’s widely hailed as one of the most important public technology innovations in recent years, now integrated into the everyday lives of millions of Brazilians.

But here's the problem: PIX’s source code is not public.

No external institution—be it a citizen, a researcher, a company, or even another government agency—can audit how PIX operates under the hood. This directly contradicts both the letter and the spirit of Article 16 of Law 14.063/2021.

Why Does It Matter?

This isn’t just a legal technicality. It goes to the heart of what public technology should be in a democratic society.

1. Transparency and Trust

In an era of increasing digital surveillance, citizens have the right to understand how systems that process their financial data work. Without visibility, trust erodes.

2. Security

Open source enables independent auditing, which is vital for critical infrastructure like PIX. Any security flaw or backdoor could have severe financial and social consequences.

3. Legal Compliance

By not releasing the code, the Central Bank may be in violation of the law. At the very least, it should offer a clear legal or technical justification for this exception. So far, it hasn't.

4. Technological Sovereignty

Open source gives the state—and society—control over its own tools. It prevents dependence on closed, proprietary systems and fosters innovation through shared knowledge.

What Has the Central Bank Said?

As of now, the Central Bank has not released the full source code of PIX.

Some parts of the system—particularly those related to how banks and financial institutions connect to PIX, the API —are documented and standardized. But the core engine of the system remains closed.

If the Central Bank believes PIX is somehow exempt from Article 16, that position should be made public and subject to democratic scrutiny. Otherwise, we risk normalizing a dangerous precedent: the public sector choosing when to follow its own transparency laws.

Conclusion

PIX is, without a doubt, a major public innovation. But that doesn’t place it above the law.

By keeping its code secret, PIX risks not only being legally non-compliant, but also morally inconsistent with the democratic values that should guide Brazil’s digital transformation.

It’s time to ask hard questions. Because public technology must, above all, be public.

---

This article was originally published in Portuguese on: https://voxleone.com

Comments

Post a Comment

Popular posts from this blog

The Eternal November

 The concept of Eternal September originated from the internet's early days, when AOL started offering easy internet access to a massive number of people in September 1993. This influx of new users overwhelmed the existing online communities, changing the dynamics of the internet forever. What was once a niche, controlled space became open to everyone, leading to a period of chaotic growth and learning curves. Now, when we think about AI's public emergence — especially large language models like GPT (and its successors) becoming publicly accessible and widely used — we might say we're experiencing a similar phenomenon, except this time in the realm of artificial intelligence. The "Second Eternal September" of AI In a way, we are indeed living through something like a **second Eternal September**, but this time for AI: 1. Mass Adoption of AI Tools: With platforms like ChatGPT, DALL·E, and MidJourney becoming widely accessible to the public, AI is no longer confine...
Read more

The Split in OOP: Compositional vs. Genealogical Design

The Two Faces of Object-Oriented Programming: Inheritance vs. Composition Object-oriented programming (OOP) has evolved over the decades, branching into two distinct paradigms that shape how developers model and structure their systems: genealogical (inheritance-based) OOP and compositional (composition-over-inheritance) OOP. While both approaches fall under the OOP umbrella, they reflect fundamentally different philosophies on how to build and organize behavior. 🔹 Genealogical OOP (Classical Inheritance) This is the traditional, textbook model of OOP. In this approach, classes form hierarchies where child classes inherit behavior and structure from parent classes—a lineage that resembles a family tree. This is the familiar “is-a” relationship. Common Languages : Java, C++, classic Python, Ruby Key Characteristics : Emphasis on class hierarchies Behavior is reused via subclassing Polymorphism is achieved through inheritance Often leads to deep class trees that can becom...
Read more