Brazil's Authorised
Economic Operator Program
New rules in force from 15 April 2026.
Portaria COANA 187/2026, published on 7 April 2026, implements the revised Brazilian Authorised Economic Operator (OEA) framework under IN RFB 2,318/2026. It introduces a simplified certification track, new annexes and a fresh admissibility rules package for all applications lodged from 15 April 2026.
Get in TouchBrazil's OEA Program gives certified operators a material advantage in customs clearance speed and risk profile.
The Brazilian Authorised Economic Operator Program (Programa Brasileiro de Operador Econômico Autorizado, OEA) is the national implementation of the World Customs Organisation's (WCO) SAFE Framework of Standards. It certifies supply chain participants who demonstrate high levels of customs compliance and supply chain security, granting them a range of benefits including expedited customs processing, reduced inspection rates, access to facilitated customs regimes and recognition under Mutual Recognition Agreements (MRAs) with foreign customs administrations.
As of January 2026, the OEA Program acquired statutory status through Complementary Law 225/2026 (the Taxpayer Bill of Rights, Estatuto dos Direitos e Garantias do Contribuinte), which formally codified the program in federal statute for the first time, providing significantly greater legal certainty for certified operators.
The program operates under the authority of the Federal Revenue Department (Receita Federal do Brasil, RFB) and is administered by the Directorate-General of Customs Administration (Coordenação-Geral de Administração Aduaneira, COANA). The primary legislative basis is currently IN RFB 2,318/2026, in force since 26 March 2026, which replaced and updated the former IN RFB 2,154/2023.
Portaria COANA 187/2026, published in the Official Gazette on 7 April 2026, is the principal implementing instrument for IN RFB 2,318/2026. It establishes the procedural framework for OEA certification applications, specifies the content of the application form (Annex I), sets out the full matrix of objectives and requirements for each assessment criterion (Annex II), and prescribes the information that applicants must provide about their business operations (Annex III).
For companies already holding OEA certification or with applications in progress, transitional rules ensure continuity, with the new requirements applying only to applications lodged from 15 April 2026.
Who can be certified and at what level
Three levels: Essential, Qualified, Reference
The Compliance modality has three tiers under IN RFB 2,318/2026. OEA-C Essential is an introductory track for export trading companies, with simplified requirements and no on-site validation visit. OEA-C Qualified is the standard level covering all General and Compliance Criteria; existing OEA-C holders were automatically migrated here. OEA-C Reference is the highest tier, requiring enrolment in the Confia program or an A+ rating in Programa Sintonia; it grants tax deferral on import duties and near-guaranteed green channel access. The minimum direct-import share for importer eligibility was reduced from 85% to 60%, widening access to mid-sized companies.
Supply chain security focus
The Security modality certifies operators against the full Security Criteria set (criteria 8 to 14 of Annex II), covering cargo security, transport security, physical facility security, training and crisis management. OEA-S certified operators benefit from reduced inspection rates and expedited processing for cargo movements.
Complementary whole-of-government framework
OEA-Integrated is not a separate customs certification tier in the same sense as OEA-C or OEA-S. It is the complementary framework through which other Brazilian government agencies participate in the OEA Program and grant agency-specific benefits to operators already certified under the main OEA framework. Governing legislation for agency participation includes Portaria RFB 435/2024.
In the case of OEA-Integrated Secex, governed by Portaria Conjunta RFB/SECINT/ME 85/2021 and Portaria Secex 107/2021 (as amended), eligibility is limited to importers and exporters that hold active OEA-Conformidade certification. Following Portaria Secex 485/2026, this expressly includes all three OEA-C levels — OEA-C Essential, OEA-C Qualified and OEA-C Reference — subject to the terms, limits and conditions established by the Federal Revenue Department. ANVISA (National Health Surveillance Agency) and MAPA (Ministry of Agriculture) are also integrated into the OEA-Integrated framework, enabling certified operators to benefit from streamlined licensing across multiple regulatory agencies in a single customs process.
Operators may hold both OEA-C and OEA-S certifications simultaneously. Certification is granted per legal entity (CNPJ) and per function. An operator certified as an importer and as a freight agent will hold separate certifications for each function.
Eligible supply chain participants
| Region | Partner administrations |
|---|---|
| North America | United States (C-TPAT), Canada (PIP), Mexico (ARM Brazil–Mexico) |
| Europe | European Union (AEO), United Kingdom (AEO UK) |
| Asia | China, Japan (AEO Japan), South Korea (AEO Korea) |
| South & Central America | Argentina, Uruguay, Paraguay, Chile, Peru, Bolivia, Colombia, Costa Rica, Guatemala, Dominican Republic The multilateral regional MRA (May 2022) brought Bolivia, Colombia, Costa Rica, Guatemala, Paraguay and the Dominican Republic into the framework alongside existing bilateral partners. |
| Africa | South Africa (Joint Action Plan signed August 2024; full MRA under negotiation) |
The 22 criteria of the revised OEA framework
From application to authorisation: key stages
The steps below reflect the Track 3 process for applications lodged from 15 April 2026 under Portaria COANA 187/2026. The process for earlier applications follows the same general structure but with different forms and criteria matrices.
Eligibility and modality assessment
Confirm the applicable modality (OEA-C Essential, Qualified or Reference; or OEA-S), the supply chain function and the CNPJ to be certified. For OEA-C Essential, article 15 of Portaria COANA 187/2026 waives submission of six admissibility items (CNPJ history, activity record, operating authorisation, fiscal regularity, Electronic Tax Domicile and Digital Accounting) at application stage — but compliance with all of them remains mandatory.
Filing the Requerimento de Certificação OEA (Annex I)
The application is filed in the OEA System (Sistema OEA) of the RFB. The application form set out in Annex I of Portaria COANA 187/2026 requires: the certification modality and level; the applicant's supply chain function; the CNPJ to be certified; and the contact points for the RFB. Applicants for OEA-C at any level must also provide company profile information (Annex III) and evidence of compliance with the Annex II criteria, except that OEA-C Essential applicants are expressly dispensed from submitting items 2.1 and 2.2 of the profile at application stage.
The application also requires acceptance of a Terms of Undertaking (Termo de Compromisso) binding the operator to transparency, timely RFB responses and maintenance of OEA requirements throughout the certification.
Validation procedure by the EqOEA
From the date the application is formalised in the OEA System, the responsible OEA Management Team (Equipe de Gestão de Operadores Econômicos Autorizados, EqOEA) has 120 days to complete the validation procedure. Validation may involve requests for additional information, documents or clarifications. Applicants must respond within the deadlines set in each request; failure to respond results in rejection. The validation procedure may include on-site visits to verify compliance with security and physical facility criteria.
Authorisation certificate (Ato Declaratório Executivo)
A successful validation results in the issue of an authorisation certificate (Ato Declaratório Executivo), published in the Federal Official Gazette. The operator's name, CNPJ and certification status are published on the RFB website and, with the operator's consent (given as part of the Annex I undertaking), shared with OEA-Integrated partner agencies and foreign customs administrations with which Brazil has MRAs.
For OEA-C Essential certifications, the operator then has 180 days from the date of the authorisation act to upload digitised or born-digital documents evidencing compliance with the criteria under articles 14 (General Criteria) and criterion VIII of article 16 (specific Compliance criterion) of IN RFB 2,318/2026. This evidence will be reviewed during monitoring and revalidation.
Monitoring, revalidation and appeals
After certification, operators are subject to continuous monitoring by the EqOEA. For monitoring purposes, the applicable criteria are those set out in articles 14 to 17 of IN RFB 2,318/2026, which correspond to the full Annex II matrix of Portaria COANA 187/2026. Operators must maintain all required procedures and controls at all times, not only at the point of certification.
If the RFB proposes to reject an application or to exclude an operator from the program, the operator may lodge an internal appeal (recurso). Under article 19 of Portaria COANA 187/2026, appeals are distributed among EqOEA teams on a round-robin basis in alphabetical order, excluding the team that made the original decision. This ensures an independent review of rejection and exclusion decisions.
What Portaria COANA 187/2026 means in practice
The simplified OEA-C Essential track
For importers and exporters seeking entry-level OEA-C certification, the Essential level reduces the upfront documentation burden: six categories of admissibility evidence (CNPJ registration history, habitual activity, operating authorisation, fiscal regularity, Electronic Tax Domicile and Digital Accounting) no longer need to be uploaded at application stage.
The waiver is procedural only. Article 15, paragraph 1 of Portaria COANA 187/2026 is explicit that underlying compliance remains mandatory and the RFB may request evidence at any time. Full documentation must be uploaded within 180 days of the authorisation act.
The 180-day post-authorisation window
OEA-C Essential operators must upload evidence of compliance with the General Criteria (Article 14 of IN RFB 2,318/2026) and criterion VIII of the Compliance Criteria within 180 days of the publication of their authorisation act.
Article 18, paragraph 1 makes clear that this period does not suspend monitoring. Operators should treat it as the outer limit for formal upload, not a grace period. Compliant procedures and records should be in place before the application is lodged.
Reading the Portaria and the IN together
Portaria COANA 187/2026 is a subordinate implementing instrument. IN RFB 2,318/2026 governs the program's legal framework, modalities, eligibility, benefits and exclusion rules. The Portaria supplies the operational detail: forms, the Annex II criteria matrix and the Annex III profile template.
Both instruments must be read together. References in the Portaria to specific articles of the IN (such as articles 14 to 17 for monitoring criteria) require the IN to be consulted. Relying on the Portaria alone will produce an incomplete picture of program requirements.
IT security requirements are now more prescriptive
Criterion 5 sets out 13 specific requirements, including a formalised cybersecurity policy with annual review, malware protection, infrastructure vulnerability testing, role-based access controls, individual user accounts, VPN for remote access, bring-your-own-device policies and equipment sanitisation on disposal.
For carriers and freight agents whose systems interface directly with customs portals, this level of formalisation may require investment in policy documentation even where technical controls already exist. The validation process looks for written policies, not merely working systems.
OEA certification and the DUIMP
The OEA program is increasingly integrated with DUIMP (Declaração Única de Importação), Brazil's new single import declaration system. For operators using DUIMP, OEA-certified status directly improves risk-scoring outcomes and accelerates customs release. Information submitted through DUIMP is cross-referenced with OEA compliance profiles during monitoring.
Companies preparing an OEA application should conduct a gap analysis against both the Annex II criteria and their DUIMP data quality, as inconsistencies between declaration data and OEA-submitted information can trigger adverse findings during validation.
High-security seal standards are mandatory and audited
Criterion 9 requires operators to use seals meeting ISO 17,712, to maintain seal inventories with full audit trails and to follow the VVTT protocol (visualise, verify, tug, twist/turn) on every container and transport unit. Seal discrepancies must be investigated and documented; compromised seals must be reported to the competent authority.
These requirements are aligned with C-TPAT and WCO SAFE standards and will be verified during validation visits. Operators that rely on warehouses or transport partners to manage seals must ensure those partners' procedures meet the same standard.
Portaria Secex 485/2026: Secex module aligned with new OEA-C structure
Portaria Secex 485/2026 amended Portaria Secex 107/2021 to align OEA-Integrated Secex with the new OEA-C structure introduced by IN RFB 2,318/2026. Importers and exporters holding OEA-C Essential, OEA-C Qualified or OEA-C Reference may be certified under OEA-Integrated Secex, subject to the terms, limits and conditions established by the RFB.
Not all Secex benefits apply equally to all OEA-C levels. The simplified drawback-suspension benefits in article 6, items I and II of Portaria Secex 107/2021 do not apply in two situations: (a) to drawback suspension requests where the production process of the goods for export involves the fragmentation, separation or splitting of inputs; and (b) to companies holding only OEA-C Essential certification. These limitations are set out in the new § 3º of article 6, inserted by Portaria Secex 485/2026.
OEA-Integrated Secex — principal benefits
OEA-Integrated Secex benefits are focused on Secex-controlled procedures, especially drawback and non-automatic import licensing. They may include: priority review of drawback and non-automatic import licence requests; reduced information requirements for certain drawback suspension applications (dispensation from detailed input descriptions and NCM/quantity specifications); deferred presentation of technical reports at the concession or amendment stage; and extended validity of certain import licences. As noted above, the drawback simplifications in article 6, items I and II are not available to OEA-C Essential operators, and do not apply where the production process involves fragmentation, separation or splitting of inputs.
Brazilian customs and international trade law
Fabiano Deffenti is Senior Partner at D&Q Lawyers, admitted to practise in Brazil and Australia, enrolled as a barrister and solicitor in New Zealand, and licensed as an attorney-at-law in New York. He is co-editor of Introduction to Brazilian Law (Wolters Kluwer) and editor of LawsofBrazil.com.
D&Q advises importers, exporters, freight agents, carriers and logistics operators on Brazilian customs law, including OEA certification strategy, admissibility assessment, compliance program design, and representation in administrative proceedings before the RFB and COANA.
Meet the Full TeamPursuing OEA certification in Brazil?
Whether you are assessing eligibility, preparing a first application under the new framework or managing an existing certification through transition, early legal advice reduces preparation time and avoids the procedural errors that delay or defeat applications.
OEA readiness checklist (Track 3, from 15 April 2026)
- Modality and level confirmed (OEA-C Essential / Qualified / Reference; or OEA-S)
- Supply chain function(s) and target CNPJ identified
- 36-month CNPJ registration and activity requirements verified
- Fiscal regularity (CND/CPEND) confirmed
- Electronic Tax Domicile (DTE) and Digital Accounting (ECD) active
- 5-year compliance history reviewed; any incidents documented with corrective actions
- Cybersecurity policy formalised and annual review cycle established
- ISO 17,712-compliant seal program in place with VVTT protocol
- Annex III information (ownership, structure, units, third parties) compiled
- OEA-C Essential: 180-day post-authorisation evidence upload plan prepared
- OEA-Integrated Secex: drawback benefit eligibility reviewed against OEA-C level and production process
Initial enquiries are always welcome.
This page is a summary only and does not constitute legal advice.
