Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
voxleone a day ago

It may be good, but what does the Brazilian law say[0]?

In 2021, Brazil enacted Law No. 14.063, which governs the digitalization of public services. Its Article 16 is clear:

“Information and communication systems developed exclusively by the public administration shall be governed by open-source licenses, allowing their unrestricted use, copying, modification, and distribution by all public agencies and entities.”

In short, software developed solely by the public sector—funded with taxpayer money and intended to serve the public interest—must be made available under an open-source license.

Pix is exposed to a legal instrument called 'Mandado de Segurança'.

I have written about it:

https://d1gesto.blogspot.com/2025/06/brazils-pix-system-face...

[0] https://www.gov.br/governodigital/pt-br/plataformas-e-servic...

jt2190 a day ago | parent | next [-]

Having an entity that’s sorta kinda government (I assume that the Brazilian Federal Bank is somewhat independent) develop and run Pix brings an interesting set of problems with it, including how it should be regulated and by whom. Open sourcing the platform’s software is only one form of audit/refulation. So maybe the source is secure and maybe another entity could run it but could another entity participate in the Pix network or would they have to establish their own separate one?

voxleone a day ago | parent [-]

>>So maybe the source is secure and maybe another entity could run it but could another entity participate in the Pix network or would they have to establish their own separate one?

MInd you, the Central Bank of Brazil (BCB) does have administrative autonomy. But under Brazilian law, it still counts as part of the public administration when it comes to digital systems developed using public funds.

So the legal issue isn’t about how “independent” the BCB is — it's about the origin of the software and who paid for its development. If Pix was created exclusively by a government entity, Law 14.063/2021, Article 16 requires it to be released under an open-source license. That’s the core of my point — a legal compliance issue, not a technical or governance judgment.

As for your broader question: yes, open-sourcing the platform wouldn’t necessarily mean other entities could plug into Pix directly. Participation in the network still depends on BCB regulations, trust, compliance layers, and access controls. Open code is transparency, not necessarily interoperability.

But in a system as critical as Pix, open code would at least allow independent auditing, public scrutiny, and possibly innovation through forks or parallel implementations — even if those don’t run on the live network.

So I agree — it’s a multi-layered governance issue. But transparency of publicly funded code is a foundational first step. That’s what the law mandates — and what hasn’t yet been fulfilled.

miohtama a day ago | parent | prev | next [-]

Similar things happen in the EU.

The EU Digital Wallet is open source. But this is not actually a wallet, but just an identity application. Then there are is Digital Euro and its wallets for which European Central Bank is willing to dump few billions of euros on closed source consultancyware.

JoeJonathan a day ago | parent | prev | next [-]

I don't think there's any legal exposure here. Article 16 of 14.063 gives an exception to code protected by Law 12.527/2011. Articles 22 and 23 seem to clearly allow for not releasing source code if that release risks the "financial, economic, or monetary" stability of the country.

Beyond that, Pix is so popular that I doubt a challenge would hold up in court. If it went to the STF, there's no way they wouldn't give Pix a carve out.

I'm as big a fan of open source as anyone else, but can we audit any other payment systems anywhere? Is that a reasonable expectation to have for payment systems?

marcosdumay a day ago | parent | prev | next [-]

You are complaining that the if the government publishes software it must be open source, and that data (without even looking at what data) can be requested by a judicial order?

voxleone a day ago | parent [-]

I'm not complaining. Just pointing a legal requirement.

Edited

marcosdumay a day ago | parent [-]

Oh, you are complaining that it's not currently open source.

Yeah, the government has a lot of software it still has to publish.

mvieira38 a day ago | parent | prev | next [-]

Wasn't BCB breached for a couple hundred million reais this month, as well? Maybe they are trying to keep the code closed because they know it's insecure

iury-sza a day ago | parent [-]

> Wasn't BCB breached for a couple hundred million reais this month, as well? Maybe they are trying to keep the code closed because they know it's insecure

It wasn't a BCB breach. The issue was with an integrator. Like a client API built on top of it that provided banking features to fintech startups

jowea a day ago | parent | prev [-]

Isn't it much more likely that a court would order the code published instead of restricting the use of an extremely popular payment system and brake half of the economy?

I mean, they blocked WhatsApp (95+% usage) before so who knows, but it seems unlikely it will actually affect the average person.

voxleone a day ago | parent [-]

I mentioned 'Mandado de Segurança' not to suggest halting Pix, but because, yes, it's the relevant instrument in Brazilian law for forcing public agencies to comply with legal duties — in this case, transparency around public code. Courts would not block Pix itself unless something extreme happened. They might simply compel BCB to release the code if the legal conditions are met.