Federal law of the Russian Federation on electronic digital signature. Legal framework of the Russian Federation

Article 1. Scope of this Federal Law

This Federal Law regulates relations in the field of using electronic signatures when making civil transactions, providing state and municipal services, performing state and municipal functions, when performing other legally significant actions.

Article 2. Basic concepts used in this Federal Law

For the purposes of this Federal Law, the following basic concepts are used:

1) electronic signature - information in electronic form, which is attached to other information in electronic form (signed information) or is otherwise associated with such information and which is used to identify the person signing the information;

2) certificate of the electronic signature verification key - an electronic document or paper document issued by the certification center or a trusted person of the certification center and confirming the ownership of the electronic signature verification key to the owner of the electronic signature verification key certificate;

3) a qualified certificate of an electronic signature verification key (hereinafter referred to as a qualified certificate) is a certificate of an electronic signature verification key issued by an accredited certification center or a proxy of an accredited certification center or by a federal executive body authorized in the field of electronic signature use (hereinafter referred to as an authorized federal body) ;

4) the owner of the electronic signature verification key certificate - the person to whom the electronic signature verification key certificate was issued in accordance with the procedure established by this Federal Law;

5) electronic signature key - a unique sequence of characters designed to create an electronic signature;

6) electronic signature verification key - a unique sequence of characters uniquely associated with the electronic signature key and intended to verify the authenticity of the electronic signature (hereinafter - electronic signature verification);

7) certification center - a legal entity or individual entrepreneur performing the functions of creating and issuing certificates of keys for verifying electronic signatures, as well as other functions provided for by this Federal Law;

8) accreditation of a certification center - recognition by an authorized federal body of compliance of a certification center with the requirements of this Federal Law;

9) electronic signature means - encryption (cryptographic) means used to implement at least one of the following functions - creating an electronic signature, verifying an electronic signature, creating an electronic signature key and an electronic signature verification key;

10) means of a certification center - software and (or) hardware used to implement the functions of a certification center;

11) participants in electronic interaction - state bodies, local authorities, organizations, as well as citizens carrying out the exchange of information in electronic form;

12) corporate information system - an information system, the participants of electronic interaction in which constitute a certain circle of persons;

13) public information system - an information system, the participants of electronic interaction in which constitute an indefinite circle of persons and the use of which these persons cannot be denied.

Article 3. Legal regulation of relations in the field of using electronic signatures

1. Relations in the field of using electronic signatures are regulated by this Federal Law, other federal laws, regulatory legal acts adopted in accordance with them, as well as agreements between participants in electronic interaction. Unless otherwise established by federal laws, regulatory legal acts adopted in accordance with them, or by a decision on the creation of a corporate information system, the procedure for using an electronic signature in a corporate information system may be established by the operator of this system or by an agreement between the participants of electronic interaction in it.

2. The types of electronic signatures used by executive authorities and local self-government bodies, the procedure for their use, as well as the requirements for ensuring the compatibility of electronic signatures when organizing electronic interaction of these bodies with each other, shall be established by the Government of the Russian Federation.

Article 4. Principles of using electronic signature

The principles of using electronic signatures are:

1) the right of participants in electronic interaction to use an electronic signature of any kind at their discretion, if the requirement to use a specific type of electronic signature in accordance with the purposes of its use is not provided for by federal laws or regulatory legal acts adopted in accordance with them or by an agreement between participants in electronic interaction;

2) the possibility of using by participants of electronic interaction, at their discretion, any information technology and (or) technical means that allow them to fulfill the requirements of this Federal Law in relation to the use of specific types of electronic signatures;

3) inadmissibility of recognizing an electronic signature and (or) an electronic document signed by it as null and void only on the basis that such an electronic signature was not created with one's own hand, but using electronic signature means to automatically create and (or) automatically verify electronic signatures in an information system.

Article 5. Types of electronic signatures

1. The types of electronic signatures, relations in the use of which are regulated by this Federal Law, are a simple electronic signature and an enhanced electronic signature. A distinction is made between an enhanced unqualified electronic signature (hereinafter referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (hereinafter referred to as a qualified electronic signature).

2. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.

3. An unqualified electronic signature is an electronic signature that:

1) received as a result of cryptographic transformation of information using an electronic signature key;

2) allows you to identify the person who signed the electronic document;

3) allows you to detect the fact of making changes to an electronic document after the moment of its signing;

4) is created using electronic signature tools.

4. A qualified electronic signature is an electronic signature that meets all the features of an unqualified electronic signature and the following additional features:

1) the electronic signature verification key is specified in the qualified certificate;

2) to create and verify an electronic signature, electronic signature means are used that have received confirmation of compliance with the requirements established in accordance with this Federal Law.

5. When using an unqualified electronic signature, a certificate of the electronic signature verification key may not be generated if the compliance of the electronic signature with the characteristics of an unqualified electronic signature established by this Federal Law can be ensured without using the electronic signature verification key certificate.

Article 6. Conditions for recognizing electronic documents signed with an electronic signature as equivalent to paper documents signed with a handwritten signature

1. Information in electronic form signed by a qualified electronic signature is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, unless federal laws or regulatory legal acts adopted in accordance with them require that a document be drawn up exclusively on paper carrier.

2. Information in electronic form signed with a simple electronic signature or an unqualified electronic signature is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, in cases established by federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with an unqualified electronic signature as equivalent to paper documents signed with a handwritten signature should provide for the procedure for verifying the electronic signature. Regulatory legal acts and agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of Article 9 of this Federal Law.

3. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them or the custom of business turnover, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on on paper, signed with a handwritten signature and certified by the seal. Federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a paper document certified by the seal.

4. Several related electronic documents (a package of electronic documents) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered signed with an electronic signature of the type that signed the package of electronic documents.

Article 7. Recognition of electronic signatures created in accordance with the norms of foreign law and international standards

1. Electronic signatures created in accordance with the rules of law of a foreign state and international standards are recognized in the Russian Federation as electronic signatures of the type, the characteristics of which they correspond to on the basis of this Federal Law.

2. An electronic signature and an electronic document signed by it cannot be considered invalid only on the basis that the certificate of the electronic signature verification key was issued in accordance with the norms of foreign law.

Article 8. Powers of federal executive bodies in the field of using electronic signatures

1. The authorized federal body is determined by the Government of the Russian Federation.

2. The authorized federal body:

1) carries out accreditation of certification centers, conducts inspections of compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers have been accredited, and in case of non-compliance, issues instructions to eliminate the identified violations;

2) performs the functions of the head certification center in relation to accredited certification centers.

3. The authorized federal body is obliged to ensure the storage of the following information specified in this part and round-the-clock unimpeded access to it using information and telecommunication networks:

1) names, addresses of accredited certification centers;

2) register of qualified certificates issued and canceled by the authorized federal body;

3) a list of certification centers, the accreditation of which has been canceled;

4) a list of accredited certification centers whose accreditation has been suspended;

5) a list of accredited certification centers whose activities have been terminated;

6) registers of qualified certificates transferred to the authorized federal body in accordance with Article 15 of this Federal Law.

4. The federal executive body in charge of the development and implementation of state policy and legal regulation in the field of information technology establishes:

1) the procedure for transferring the registers of qualified certificates and other information to the authorized federal body in the event of termination of the activities of the accredited certification center;

2) the procedure for the formation and maintenance of registers of qualified certificates, as well as the provision of information from such registers;

3) the rules for the accreditation of certification centers, the procedure for verifying compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers have been accredited.

5. The federal executive body in the field of security:

1) establish requirements for the form of a qualified certificate;

2) establishes requirements for means of electronic signature and means of a certification center;

3) carry out confirmation of compliance of electronic signature means and means of a certification center with the requirements established in accordance with this Federal Law, and publishes a list of such means.

Article 9. Use of simple electronic signature

1. An electronic document is considered signed by a simple electronic signature if, inter alia, one of the following conditions is met:

1) a simple electronic signature is contained in the electronic document itself;

2) the key of a simple electronic signature is applied in accordance with the rules established by the operator of the information system using which the creation and (or) sending of the electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf an electronic document was created and / or sent.

2. Regulatory legal acts and (or) agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature should provide, in particular:

1) the rules for determining the person signing an electronic document by his simple electronic signature;

2) the duty of the person who creates and (or) uses the key of a simple electronic signature, to maintain its confidentiality.

3. The rules established by Articles 10-18 of this Federal Law shall not apply to relations associated with the use of a simple electronic signature, including the creation and use of a simple electronic signature key.

4. The use of a simple electronic signature for signing electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret, is not allowed.

Article 10. Obligations of participants in electronic interaction when using enhanced electronic signatures

When using enhanced electronic signatures, participants in electronic interaction must:

1) ensure the confidentiality of electronic signature keys, in particular, prevent the use of electronic signature keys belonging to them without their consent;

2) notify the certification center that issued the certificate of the electronic signature verification key and other participants in electronic interaction about the violation of the confidentiality of the electronic signature key within no more than one business day from the date of receipt of information about such a violation;

3) not to use the electronic signature key if there are reasons to believe that the confidentiality of this key has been violated;

4) to use for the creation and verification of qualified electronic signatures, the creation of keys for qualified electronic signatures and keys for their verification, electronic signature tools that have received confirmation of compliance with the requirements established in accordance with this Federal Law.

Article 11. Recognition of a qualified electronic signature

A qualified electronic signature is recognized as valid until otherwise established by a court decision, provided that the following conditions are met:

1) the qualified certificate is created and issued by an accredited certification center, the accreditation of which is valid on the day of issue of the specified certificate;

2) the qualified certificate is valid at the moment of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;

3) there is a positive result of verifying that the owner of the qualified certificate has a qualified electronic signature, with the help of which the electronic document was signed, and the absence of changes made to this document after its signing was confirmed. In this case, verification is carried out using electronic signature means that have received confirmation of compliance with the requirements established in accordance with this Federal Law, and using a qualified certificate of the person who signed the electronic document;

4) the qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).

Article 12. Means of electronic signature

1. To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used that:

1) allow to establish the fact of a change in the signed electronic document after the moment of its signing;

2) provide the practical impossibility of calculating the electronic signature key from the electronic signature or from the key of its verification.

2. When creating an electronic signature, the electronic signature means must:

1) show the person signing the electronic document the content of the information he signs;

2) create an electronic signature only after confirmation by the person signing the electronic document of the operation to create an electronic signature;

3) clearly show that the electronic signature has been created.

3. When verifying the electronic signature, the electronic signature means must:

1) show the content of an electronic document signed with an electronic signature;

2) show information on making changes to an electronic document signed with an electronic signature;

3) indicate the person using the electronic signature key of which the electronic documents were signed.

4. Means of electronic signature designed to create electronic signatures in electronic documents containing information constituting a state secret, or intended for use in an information system containing information constituting a state secret, are subject to confirmation of compliance with mandatory requirements for the protection of information of the appropriate degree of secrecy in accordance with with the legislation of the Russian Federation. Electronic signature tools designed to create electronic signatures in electronic documents containing restricted information (including personal data) should not violate the confidentiality of such information.

5. The requirements of parts 2 and 3 of this article do not apply to electronic signatures used for automatic creation and (or) automatic verification of electronic signatures in the information system.

Article 13. Certification center

1. Certification center:

1) creates certificates of keys for verification of electronic signatures and issues such certificates to persons who applied for their receipt (applicants);

2) establishes the validity period for certificates of keys for verifying electronic signatures;

3) cancels certificates of keys for verification of electronic signatures issued by this certification center;

4) upon the request of the applicant, issues electronic signature means containing the electronic signature key and the electronic signature verification key (including those created by the certification center) or providing the opportunity to create an electronic signature key and the electronic signature verification key by the applicant;

5) maintains a register of certificates of keys for verification of electronic signatures issued and canceled by this certification center (hereinafter - the register of certificates), including information contained in the certificates of keys for verification of electronic signatures issued by this certification center, and information on the dates of termination or cancellation certificates of keys for verification of electronic signatures and the grounds for such termination or cancellation;

6) establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, and also ensures access of persons to the information contained in the register of certificates, including using the information and telecommunications network "Internet";

7) generates electronic signature keys and electronic signature verification keys upon requests from applicants;

8) checks the uniqueness of the keys for verifying electronic signatures in the certificate registry;

9) checks electronic signatures upon requests from participants in electronic interaction;

10) carries out other activities related to the use of electronic signatures.

2. The certifying center must:

1) inform applicants in writing about the conditions and the procedure for the use of electronic signatures and electronic signatures, the risks associated with the use of electronic signatures, and the measures necessary to ensure the security of electronic signatures and their verification;

2) ensure the relevance of the information contained in the register of certificates, and its protection from unauthorized access, destruction, modification, blocking, and other illegal actions;

3) provide free of charge to any person upon his request in accordance with the established procedure for access to the register of certificates information contained in the register of certificates, including information on the cancellation of the certificate of the electronic signature verification key;

4) ensure the confidentiality of the electronic signature keys created by the certification center.

3. The certification center, in accordance with the legislation of the Russian Federation, is responsible for harm caused to third parties as a result of:

1) non-fulfillment or improper fulfillment of obligations arising from the contract for the provision of services by the certification center;

2) non-fulfillment or improper fulfillment of obligations provided for by this Federal Law.

4. The certification center has the right to endow third parties (hereinafter referred to as proxies) with the authority to create and issue certificates of keys for checking electronic signatures on behalf of the certification center, signed with an electronic signature based on the certificate of the key for checking electronic signatures issued to the authorized person by this certification center.

5. The certification center specified in part 4 of this article, in relation to authorized persons, is the main certification center and performs the following functions:

1) carries out verification of electronic signatures, the verification keys of which are indicated in the certificates of electronic signature verification keys issued by authorized persons;

2) ensures the electronic interaction of proxies with each other, as well as proxies with a certification center.

6. Information entered in the register of certificates shall be kept during the entire period of activity of the certification center, unless a shorter period is established by regulatory legal acts. In case of termination of the activities of the certification center without transferring its functions to other persons, it must notify in writing the owners of certificates of keys for verification of electronic signatures, which were issued by this certification center and which have not expired, at least one month before the date of termination of this certification center. In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be destroyed. In the event of the termination of the activities of the certification center with the transfer of its functions to other persons, he must notify in writing the owners of certificates of keys for verifying electronic signatures, which were issued by this certification center and whose validity period has not expired, at least one month before the date of transfer of his functions ... In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be transferred to the person to whom the functions of the certification center have been transferred, which ceased its activities.

7. The procedure for exercising the functions of a certification center, exercising its rights and fulfilling the duties specified in this article, shall be established by the certification center independently, unless otherwise established by federal laws or regulatory legal acts adopted in accordance with them or by an agreement between participants in electronic interaction.

8. An agreement on the provision of services by a certification center carrying out its activities in relation to an unlimited number of persons using a public information system is a public agreement.

Article 14. Certificate of the electronic signature verification key

1. The certification center creates and issues a certificate of the electronic signature verification key on the basis of an agreement between the certification center and the applicant.

2. The electronic signature verification key certificate must contain the following information:

1) start and end dates of its validity;

2) last name, first name and patronymic (if any) - for individuals, name and location - for legal entities or other information that allows identifying the owner of the certificate of the electronic signature verification key;

3) electronic signature verification key;

4) the name of the electronic signature used and (or) standards, the requirements of which correspond to the electronic signature key and the electronic signature verification key;

5) the name of the certification center that issued the certificate of the electronic signature verification key;

6) other information provided for by Part 2 of Article 17 of this Federal Law - for a qualified certificate.

3. In the case of issuing a certificate of an electronic signature verification key to a legal entity, an individual acting on behalf of a legal entity on the basis of the legal entity's constituent documents or a power of attorney is indicated along with the name of the legal entity as the owner of the certificate of the electronic signature verification key. It is allowed not to indicate an individual acting on behalf of a legal entity as the owner of the electronic signature verification key certificate in the electronic signature verification key certificate used for automatic creation and (or) automatic verification of electronic signatures in the information system when providing state and municipal services, execution state and municipal functions, as well as in other cases provided for by federal laws and regulatory legal acts adopted in accordance with them. The owner of such an electronic signature verification key certificate is a legal entity, information about which is contained in such a certificate.

4. The certification center has the right to issue certificates of keys for verification of electronic signatures both in the form of electronic documents and in the form of documents on paper. The owner of the electronic signature verification key certificate issued in the form of an electronic document is also entitled to receive a copy of the electronic signature verification key certificate on paper, certified by the certification center.

5. The certificate of the electronic signature verification key is valid from the moment of its issuance, unless another start date of such a certificate is indicated in the certificate of the electronic signature verification key. Information about the certificate of the electronic signature verification key must be entered by the certification authority into the register of certificates no later than the start date of such a certificate specified in it.

6. The certificate of the electronic signature verification key is terminated:

1) due to the expiration of the established period of its validity;

2) on the basis of an application by the owner of the certificate of the electronic signature verification key, submitted in the form of a document on paper or in the form of an electronic document;

3) in case of termination of the activities of the certification center without transfer of its functions to other persons;

4) in other cases established by this Federal Law, other federal laws adopted in accordance with them by regulatory legal acts or an agreement between the certification center and the owner of the certificate of the electronic signature verification key.

7. Information on the termination of the certificate of the electronic signature verification key must be entered by the certifying center in the register of certificates within one business day from the date of occurrence of the circumstances that entailed the termination of the certificate of the electronic signature verification key. The validity of the certificate of the electronic signature verification key is terminated from the moment of making an entry about it in the certificate register.

8. Within no more than one business day, the certification center cancels the certificate of the electronic signature verification key by making an entry on its cancellation in the register of certificates by a court decision that has entered into legal force, in particular if the court decision established that the electronic signature verification key certificate contains inaccurate information.

9. The use of a revoked electronic signature verification key certificate does not entail legal consequences, except for those related to its revocation. Before entering the information on the cancellation of the electronic signature verification key certificate into the register of certificates, the certification center is obliged to notify the owner of the electronic signature verification key certificate about the cancellation of his electronic signature verification key certificate by sending a document on paper or an electronic document.

Article 15. Accredited certification center

1. A certification center that has received accreditation is an accredited certification center. An accredited certification center is obliged to store the following information:

1) details of the main identity document of the owner of the qualified certificate - an individual;

2) information about the name, number and date of issue of a document confirming the right of a person acting on behalf of the applicant - a legal entity, to apply for a qualified certificate;

3) information on the names, numbers and dates of issuance of documents confirming the authority of the owner of the qualified certificate to act on behalf of third parties, if information on such authority of the owner of the qualified certificate is included in the qualified certificate.

2. An accredited certification center must store the information specified in part 1 of this article during the period of its activity, unless a shorter period is provided for by the regulatory legal acts of the Russian Federation. Information storage should be carried out in a form that allows you to check its integrity and reliability.

3. An accredited certification center is obliged to provide any person with free access using information and telecommunication networks to the qualified certificates issued by this certification center and to the current list of canceled qualified certificates at any time during the life of this certification center, unless otherwise established by federal laws or adopted in accordance with them, regulatory legal acts.

4. In the event of a decision to terminate its activities, the accredited certification center is obliged:

1) inform the authorized federal body about this no later than one month before the date of termination of its activities;

2) transfer the register of qualified certificates to the authorized federal body in the prescribed manner;

3) transfer the information to be stored in an accredited certification center in accordance with the established procedure to the authorized federal body for storage.

Article 16. Accreditation of the certification center

1. The accreditation of certification centers is carried out by the authorized federal body in relation to certification centers that are Russian or foreign legal entities.

2. Accreditation of a certification center is carried out on a voluntary basis. The accreditation of the certification center is carried out for a period of five years, unless a shorter period is indicated in the application of the certification center.

3. Accreditation of the certification center is carried out subject to the fulfillment of the following requirements:

1) the value of the net assets of the certification center is at least one million rubles;

2) the availability of financial security for liability for losses caused to third parties due to their trust in the information specified in the certificate of the electronic signature verification key issued by such a certification center, or information contained in the register of certificates maintained by such a certification center, in an amount not less than one and a half million rubles;

3) the availability of means of electronic signature and means of a certification center, which have received confirmation of compliance with the requirements established by the federal executive body in the field of security;

4) the presence in the staff of the certification center of at least two employees who are directly involved in the creation and issuance of certificates of keys for verifying electronic signatures who have a higher professional education in the field of information technology or information security or a higher or secondary vocational education, followed by retraining or advanced training in issues of using electronic signature.

4. Accreditation of the certification center is carried out on the basis of its application submitted to the authorized federal body. The application shall be accompanied by documents confirming the compliance of the certification center with the requirements established by part 3 of this article.

5. Within a period not exceeding thirty calendar days from the date of receipt of the application of the certification center, the authorized federal body, on the basis of the submitted documents, makes a decision on the accreditation of the certification center or on the refusal of its accreditation. In the event of a decision on the accreditation of a certification center, the authorized federal body, within a period not exceeding ten days from the date of the decision on accreditation, notifies the certification center of the decision made and issues a certificate of accreditation in the prescribed form. Simultaneously with the issuance of the certificate of accreditation, the authorized federal body issues to the accredited certification center a qualified certificate created using the funds of the head certification center, the functions of which are performed by the authorized federal body. If a decision is made to refuse accreditation of a certification center, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision to refuse accreditation, sends or delivers to the certification center a notification of the decision, indicating the reasons for the refusal in the form of a document on paper.

6. The basis for refusal to accredit a certification center is its non-compliance with the requirements established by part 3 of this article, or the presence of inaccurate information in the documents submitted by it.

7. An accredited certification center must comply with the requirements for which it is accredited during the entire period of its accreditation. If circumstances arise that make it impossible to comply with these requirements, the certification center must immediately notify the authorized federal body in writing. An accredited certification center, when exercising its functions and fulfilling its obligations, must comply with the requirements established for certification centers by Articles 13-15, 17 and 18 of this Federal Law. The authorized federal body has the right to carry out inspections of compliance by accredited certification centers with the requirements of this Federal Law during the entire period of their accreditation. If the accredited certifying center does not comply with the specified requirements, the authorized federal body is obliged to issue this certifying center an order to eliminate violations within the prescribed period and suspend the accreditation for this period with the inclusion of information about this in the list specified in clause 4 of part 3 of article 8 of this Federal Law ... The accredited certification center notifies the authorized federal body in writing about the elimination of the identified violations. The authorized federal body makes a decision to renew the accreditation, while it has the right to verify the actual elimination of previously identified violations and, if they are not eliminated within the time period established by the order, cancels the accreditation of the certification center.

8. The requirements established by paragraphs 1 and 2 of part 3 of this article do not apply to state bodies, local self-government bodies, state and municipal institutions performing the functions of certification centers.

9. The head certification center, whose functions are performed by the authorized federal body, is not subject to accreditation in accordance with this Federal Law.

Article 17. Qualified certificate

1. A qualified certificate must be created using the funds of an accredited certification center.

2. The qualified certificate must contain the following information:

1) the unique number of the qualified certificate, the start and end dates of its validity;

2) the surname, first name and patronymic (if any) of the owner of the qualified certificate - for an individual, or the name, location and main state registration number of the owner of the qualified certificate - for a legal entity;

3) the insurance number of the individual personal account of the owner of the qualified certificate - for an individual or the taxpayer identification number of the owner of the qualified certificate - for a legal entity;

4) electronic signature verification key;

5) the names of the means of electronic signature and the means of the accredited certification center that were used to create the electronic signature key, the electronic signature verification key, the qualified certificate, as well as the details of the document confirming the compliance of these means with the requirements established in accordance with this Federal Law;

6) the name and location of the accredited certification center that issued the qualified certificate, the number of the qualified certificate of the certification center;

7) restrictions on the use of a qualified certificate (if such restrictions are established);

8) other information about the owner of the qualified certificate (at the request of the applicant).

3. If the applicant has submitted to the accredited certification center documents confirming his right to act on behalf of third parties, the qualified certificate may include information on such powers of the applicant and their validity period.

4. A qualified certificate is issued in a form, the requirements for which are established by the federal executive authority in the field of security.

5. In case of cancellation of a qualified certificate issued to an accredited certification center that issued a qualified certificate to the applicant, or in case of cancellation or expiration of the accreditation period of a certification center, a qualified certificate issued by an accredited certification center to the applicant shall be terminated.

6. The owner of a qualified certificate must:

1) do not use the electronic signature key and immediately contact the accredited certification center that issued the qualified certificate to terminate this certificate if there are reasons to believe that the confidentiality of the electronic signature key has been violated;

2) use a qualified electronic signature in accordance with the restrictions contained in the qualified certificate (if such restrictions are established).

Article 18. Issue of a qualified certificate

1. When issuing a qualified certificate, an accredited certification center must:

1) establish the identity of the applicant - an individual who applied to him for obtaining a qualified certificate;

2) receive from the person acting on behalf of the applicant - a legal entity, confirmation of the right to apply for a qualified certificate.

2. When applying to an accredited certification center, the applicant indicates the restrictions on the use of the qualified certificate (if such restrictions are established) and submits the following documents confirming the accuracy of the information provided by the applicant for inclusion in the qualified certificate, or their duly certified copies:

1) the main identity document, insurance certificate of the state pension insurance of the applicant - an individual or constituent documents, a document confirming the fact of making an entry about the legal entity in the Unified State Register of Legal Entities, and a certificate of registration with the tax authority of the applicant - a legal entity ;

2) a properly certified translation into Russian of documents on state registration of a legal entity in accordance with the legislation of a foreign state (for foreign legal entities);

3) a power of attorney or other document confirming the applicant's right to act on behalf of other persons.

3. Upon receipt of a qualified certificate by the applicant, he must be familiarized with the information contained in the qualified certificate by the accredited certification center against receipt.

4. The accredited certification authority, simultaneously with the issuance of the qualified certificate, must issue the owner of the qualified certificate with guidance on ensuring the security of the use of a qualified electronic signature and means of a qualified electronic signature.

Article 19. Final provisions

1. Certificates of signature keys issued in accordance with Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signatures" are recognized as qualified certificates in accordance with this Federal Law.

2. An electronic document signed with an electronic digital signature before the date of invalidation of the Federal Law of January 10, 2002 N 1-FZ "On Electronic Digital Signature" is recognized as an electronic document signed with a qualified electronic signature in accordance with this Federal Law.

Article 20. Entry into force of this Federal Law

1. This Federal Law shall enter into force on the day of its official publication.

2. Federal Law of January 10, 2002 N 1-FZ "On Electronic Digital Signature" (Collected Legislation of the Russian Federation, 2002, N 2, Art. 127) shall be declared invalid from July 1, 2012.

President of the Russian Federation D. Medvedev

The current Law on Electronic Signature allows individuals, entrepreneurs and organizations to use it for document circulation, concluding contracts and many other purposes. An electronic digital signature (EDS) is a requisite required to give legal force to a document. It works in a similar way to a regular ink signature on a paper document. The Law on EDS regulates its types and possibilities of application in document circulation via the Internet.

Normative base for using EDS

The formation of legal norms in this area proceeded gradually. With the development of technology and the clarification of some technical points, the original provisions have lost their force. Thus, for the first time the Law on Electronic Digital Signature was developed in 2002: namely, No. 1-FZ dated 10.01.2002. From that moment on, it became possible to certify electronic versions of documents with a digital signature, which paved the way for the development of digital workflow. This law set out the definition of an EDS, as well as the possibility of obtaining and applying it.

Subsequently, Law 1-FZ on electronic digital signature was declared invalid; instead, a new regulation was introduced. The latter takes into account new technical capabilities and algorithms for using digital signatures. It was published and put into practice in 2012-2013. And today it remains the main document governing the algorithm for using digital signatures.

The Federal Law No. 63 on Electronic Signature, adopted in 2011, specifies in which areas an EDS can be used, as well as where the functioning of electronic document management (EDM) is permissible:

In addition, EDS can be used when conducting auctions by budget enterprises, when purchasing goods and ordering services by state corporations and utilities.

It is important that the 2011 Law on Electronic Signature expanded its capabilities and greatly simplified the conduct of electronic tenders. Participants can now submit applications via the Internet, as well as conclude contracts and agreements, certifying them using modern digital means.

The main types of EDS

The outdated version of the 2002 Law on Electronic Digital Signature did not clearly distinguish the types of EDS. The new version provides a detailed classification, which contains three types of electronic signatures:

Name What is
1 Simple Such a signature consists of codes and passwords, the introduction of which confirms the consent to perform certain actions. It is used by various websites and client applications of banks.
2 Reinforced unqualified According to the Law of the Russian Federation on electronic signature, it allows you to identify the person who signs the document and the changes made to its content. In essence, it is analogous to a signature in ink on paper.
3 Reinforced qualified This is the most difficult type of signature, which allows you to replace not only the usual signature, but also the seal of the certifying organization or entrepreneur.

For more details see "

Federal Law on electronic signature has been operating since 2002. What is the purpose of the electronic signature, who can use it and what legislative acts this possibility is supported by - read on.

The original FZ-1 and the regime for the exchange of electronic documents, which operates in 2015-2016

The current legislation provides an opportunity for individuals and legal entities to exchange electronic documents.

An electronic document is documented information presented in electronic form, that is, in a form suitable for human perception using electronic computers, as well as for transmission over information and telecommunication networks or processing in information systems (clause 11.1, article 2 of the law “ On information, information technologies and information protection "dated 27.07.2006 No. 149-FZ). To give legal force, an electronic document must be certified with an electronic digital signature (EDS) of an authorized person.

Federal law on digital signaturegives the following definition of an electronic signature: an electronic form of information attached to other information (a signed document) or otherwise related to it, which is used to determine the authorized person who signed the document.

Exchange of documents in electronic form allows you to simultaneously solve problems:

  • slow process of document exchange in paper format;
  • the need for costs of moving papers;
  • purchase of stationery and storage of voluminous paper archives;
  • loss of a paper document, loss of its physical and informational properties over time, etc.

The possibility of electronic document exchange for participants appeared in 2002 with the adoption of the law about electronic digital signature№ 1-FZdated 10.01.2002. Since then, an electronic document certified by an EDS is equivalent to a paper version signed by an authorized employee in his own hand.

IMPORTANT! Effective from 08.04.2011 eDS law63-FZ of 04/06/2011, which regulates the algorithm for obtaining and using EDS by participants in electronic document management (EDM). Clause 2 of Art. 20 of Law No. 63-FZ is recognized as invalidated by the law about EDS№ 1-FZ.

Electronic digital signature lawNo. 63-FZ describes the algorithm of operation of certification centers, from which EDF participants must receive electronic signature keys.

EDF can be organized:

  • within the company between employees;
  • between the parties to the agreement (both legal entities and individuals) in the exchange of agreements (Article 434 of the Civil Code of the Russian Federation) and any correctly executed primary documents signed by an EDS (clause 5 of Article 9 of the Law "On Accounting" dated 06.12.2011 No. 402-FZ );
  • between the taxpayer and the fiscal authorities for sending declarations and necessary documents to the Federal Tax Service (clause 2 of article 93 of the Tax Code of the Russian Federation), the Pension Fund of the Russian Federation and the FSS.

Digital signatures are also used to sign bids for the procurement of goods or services and bidding by budgetary organizations, state corporations, some utilities and other legal entities named in the law "On the procurement of goods and services by certain types of legal entities" dated July 18, 2011 No. 223-FZ.

Types and legal force of EDS

ФЗ No. 63 - federal law on electronic digital signature:

Simple EDS is an algorithm consisting of a certain sequence of codes and passwords, which confirms the fact of signing an electronic document by a certain person.

Strengthened unqualified EDS is a signature obtained after cryptographic data encryption, which allows identifying:

  • the person who signed the document;
  • the fact of making changes to the document after signing

and is created using special software.

Enhanced Qualified EDS - a signature that has all the properties of an unqualified EDS, the confirmation key of which is specified in the certificate.

In what situations you should use the qualified version of the signature, it is explained in the material.

Simple and strengthened unqualified EDS correspond to the autograph of the signatory on paper, and the strengthened qualified one corresponds to the signatures and seals of the company certifying the electronic document (clauses 2, 3, article 6 of Law No. 63- Federal Law on electronic digital signature).

Federal Law No. 63-FZ - last edition

IN rF law on electronic digital signaturechanges were made several times. Last revised digital signature lawwas approved by the law of 23.06.2016 No. 220-FZ.

But especially a lot of adjustments and clarifications were made to law about e signatures 63-FZ by the law dated 30.12.2015 No. 445-FZ.

See revision 63- Federal Law on digital signature, effective in 2016, can be found on our website.

the federal law63-FZ on electronic signaturefrom 06.04.2011, as amended by Law of 30.12.2015 No. 445-FZ

The purchase of goods by individual legal entities is regulated by law No. 223-FZ

State corporations, state-owned companies, utilities monopolists and other legal entities, the list of which is approved in Art. 2 of the Law "On the Procurement of Goods and Services by Individual Legal Entities" dated July 18, 2011 No. 223-FZ, are obliged to form a procurement plan for goods and services for the current year by February 1 of each year and post information on planned purchases worth more than 100,000 rubles. in a unified information system, as well as on other Internet sites, for example, on the website of the customer company. But before placing an application, the customer should register in the Unified Identification and Authentication System (ESIA). To do this, you need to obtain a qualified digital signature at a certified certification center. If tenders or auctions are held on the customer's website, then it is allowed to use an unqualified digital signature. What kind of signature to use depends on the requirements of the selected site, which can be found on the resource itself. If a company places applications on several sites, then for each of them it is necessary to purchase its own certificate or use a universal signature, which will contain both a qualified and an unqualified signature in its composition.

Signing a contract with an electronic signature in accordance with Law No. 44-FZ

To purchase goods and services for municipal and state needs, budgetary organizations are required to enter plans, procurement schedules, applications for auctions, contracts with winning suppliers, etc., in the unified information system (EIS) in accordance with the provisions of the law "On the contract system in the field of procurement" dated 05.04.2013 No. 44-FZ. All documents posted on the electronic platform must be signed with a strengthened qualified EDS. Electronic signatureby 44-FZ, as well as keys and certificates for it are issued in an accredited certification center (CA).

Within 5 days after placing the order, the winner who won the tender posts on the electronic platform a draft contract signed by the EDS of the authorized person. In the event of disagreements under the contract, the parties can draw up a protocol of disagreements and exchange it in the EDF format. After agreeing on disagreements under the contract, the customer places the approved contract on the electronic platform and signs it with his EDS. From that day on, the contract is considered concluded.

Outcome

There is no single law on the use of digital signatures describing all possible documents and transactions in the Russian Federation. The algorithm for obtaining and using EDS keys describes federal law on electronic digital signaturedated 06.04.2011 No. 63-FZ. The procedure for using EDS by various organizations when signing declarations, primary documentation, contracts, etc. is enshrined in the relevant legislative acts.

Everything is not as simple as it seems.

The introduction to the business practice of exchanging documents in electronic form has revealed the need for their certification so that the papers have legal force. For this, an electronic signature (ES) was developed, but its application would have been impossible without securing the procedure at the legal level.

For this purpose, in 2002, Federal Law No. 1-FZ "On Electronic Digital Signatures" was adopted. With the development of electronic document management and its introduction into various spheres of economic activity, it became necessary to adopt a new normative act, which became Federal Law No. 63-FZ of 06.04.2011 “On Electronic Signatures” (hereinafter - Law No. 63-FZ). In this article, we will look at its main provisions, as well as learn about possible changes that may be made to it in the near future.

Its purpose is to regulate relations between contractors when using an analogue of a visa and printing on paper. It is used during transactions of a various nature, including civil ones. An electronic signature can be used when receiving state and municipal services, it is valid when performing the functions of state and municipal services, during court proceedings and when resolving other disputes.

Electronic signature and its types

The law says that such is information in electronic form that can be attached to an electronic document for its certification, being an analogue of a regular signature on paper. An electronic signature can be:

  • Plain. It is created using passwords and codes in order to confirm the fact of the document's certification by a specific person. It is used in ordinary business relations between legal entities or individuals, when considering cases in arbitration courts, when providing public services.
  • Reinforced unqualified. It is information encrypted in a cryptographic way. This method of coding excludes the possibility of forging a signature, as well as making unauthorized edits to the document. Allows you to establish what changes have occurred with the signed document, to determine the person who has put his visa. To create it, special encryption tools are used. It can be used in the same spheres of activity as a simple one, except for the provision of public services.
  • Reinforced skilled. It has all the properties of an unqualified electronic signature, but for its creation, means are used that have been certified by the FSB of the Russian Federation. In addition to all possible spheres of application, it is also used in relations with regulatory authorities (FTS, FSS, PRF) and when participating in electronic trading.

Electronic signature verification key certificate

They only confirm enhanced electronic signatures, it is issued by a specialized organization or its authorized representative to the owner of such electronic signature. Its main purpose is to confirm the fact of this ownership, to protect the rights of the owner of the electronic signature.

  • Closed. With its help, an electronic signature is generated and the document is endorsed. The person who is the owner of the electronic signature must keep this information secret in order to prevent the use of the signature by another person.
  • Open. It is inextricably linked with the previous key and is designed to determine the authenticity of the electronic signature.

The certificate of the electronic signature verification key must contain information:

  • unique number, validity period;
  • data of the owner of the certificate, by which it can be identified;
  • original ES verification key;
  • the name of the digital signature used;
  • the standards that private and public keys comply with;
  • the name of the organization and the address that issued the certificate.

In addition to this information, a qualified certificate must contain:

  • insurance number of an individual personal account and TIN of the owner of this document for citizens, TIN - for organizations;
  • eS verification key;
  • name, address of the accredited organization that issued the certificate, number of its qualification certificate;
  • data on the restrictions imposed on the qualification certificate, if any.

The ES verification key certificate can be provided on paper or in electronic form. In the latter case, the owner of the document has the right to demand a certified copy on paper.

Note!

If the organization receives the key certificate, then the information of the authorized person who is responsible for using the digital signature is additionally indicated. When there is no such employee - the data of the head of the legal entity.

Information about the certificate of the digital signature verification key is entered into the unified register no later than the day when the document comes into force. This date is considered the day of its issue, unless otherwise indicated in the certificate itself.

This document expires upon the expiration of the period specified in it or for the following reasons:

  • at the written request of its owner, submitted on paper or in electronic form;
  • when the organization that issued the certificate ceases its work and does not transfer its functions to another person;
  • by a court decision;
  • in the case when the owner of the document ceases to operate, or due to the death of the owner - an individual.

The organization that issued the certificate of the electronic signature verification key may, on its own initiative, revoke the document if there is information that the owner of the certificate does not own the corresponding ES key or the document contains inaccurate data, which is confirmed by a court decision.

Information about the cancellation of the document is entered into the register of certificates within 12 hours from the moment the above circumstances occur. The organization that issued this document must notify its owner of the termination of the certificate.

Note!

The legislation of the Russian Federation does not provide for any liability for the use of a revoked certificate.

Means of electronic signature

According to the law, they are considered to be encryption devices that create electronic signatures and generate ES keys, private and public.

Such funds should:

  • determine the fact of amendments to the signed document;
  • ensure the protection of the digital signature key from its unauthorized calculation;
  • when signing a document, show information about it;
  • create an ES only after confirmation by its owner;
  • indicate the fact of signing the document;
  • maintain confidentiality when signing a document containing restricted data.
If electronic signatures are used when working with documents containing state secrets, then they must be certified by the FSB of the Russian Federation.

Who issues electronic signatures and certificates to them in accordance with Federal Law No. 63-FZ "On Electronic Signatures"

This right is granted to certification centers (CAs), which can be private entrepreneurs, organizations of various forms of ownership, as well as municipal and state bodies. In addition to issuing electronic signatures and certificates of keys for verifying digital signatures, CAs have the right to:

  • at the request of the owner of the electronic signature key, to confirm the right of such property;
  • determine the terms during which the certificates of the ES verification keys are valid;
  • revoke the certificates they issued;
  • issue electronic signatures at the request of the applicant;
  • maintain registers of valid and canceled certificates of ES verification keys;
  • determine the procedure for maintaining such registers, if unqualified certificates are registered in them, establish the procedure for accessing this information;
  • create digital signature keys of both types;
  • check the uniqueness of these keys;
  • at the request of persons who are participants in relations with the use of electronic signature, to verify the authenticity of digital signatures;
  • perform other actions related to the implementation of the provisions of Law No. 63-FZ.

Certification centers can be:

  • Not accredited by the RF Ministry of Telecom and Mass Communications. They have the right to deal with issues related to enhanced unqualified ES.
  • Federally accredited. Such organizations have all the powers, including matters related to Qualified Digital Signatures.

In accordance with the legislation of the Russian Federation, certification centers are responsible for causing harm to citizens and organizations due to improper performance of their duties.

Note!

Certification authorities can delegate their authority to hand over key certificates to third parties. In such cases, they become the head DDs in relation to those whom they have trusted.

What changes are planned to be introduced into Law No. 63-FZ

The Ministry of Telecom and Mass Communications of the Russian Federation on 03.04.2018 published the draft amendments to this law in the open access so that the public could consider them and make their comments. The main amendments in the new edition concern:

  1. Introduction of the concept of "authorized certificates".

They are classified into two types:

  • Authorized certificate of a legal entity. In fact, this is a qualified certificate, owned by the head of the organization, who has the right to carry out his actions without a power of attorney. The document, in addition to information about the legal entity, contains information about the owner. This certificate is issued by the Ministry of Telecom and Mass Communications of the Russian Federation.
  • Authorized certificate of a public authority. It is also qualified, its owner can be a citizen of Russia, determined by the president or the government of the Russian Federation. The document contains information about the authority, the official of which is the owner of the certificate, as well as information about this person. The document issued by the CA of the Federal Treasury of the Russian Federation.
In both cases, certificate holders can delegate their powers, for this they will need to issue an electronic power of attorney, the concept of which also appears for the first time in this draft law.
  1. Rules for accreditation of certification centers.

Accredited CAs will be those organizations that, according to the Ministry of Telecom and Mass Communications, comply with the provisions of Law No. 63-FZ. They have the right to delegate their authority to issue certificates to the MFC and notaries. Only the Federal Treasury, state institutions subordinate to it, as well as state structures subordinate to the Ministry of Telecom and Mass Communications of the Russian Federation can receive accreditation.

It follows from the draft law that commercial organizations will not be able to obtain accreditation.

Summary

To certify electronic documents, an electronic signature was invented. To give it legal force, the Federal Law No. 63-FZ of 06.04.2011 “On Electronic Signature” was adopted. Issues related to electronic signature are within the competence of the Ministry of Communications and Mass Media of the Russian Federation.

An electronic signature is information in electronic form that can be attached to an electronic document for its certification, being an analogue of a regular signature on paper.

An electronic signature can be simple, it is created using passwords and codes in order to confirm the fact of the document's certification by a specific person, and strengthened (qualified and unqualified), is created using cryptographic encryption tools. These types of electronic signatures are used for various purposes.

To create and verify electronic signature, there are electronic signature tools with certain properties. When a digital signature is issued, a certificate of its verification key is issued. He may be qualified or unskilled. Certification centers are in charge of issuing electronic signatures. They can be accredited by the Ministry of Telecom and Mass Communications of the Russian Federation and in this case they receive special powers.

It is planned to amend Law No. 63-FZ. They relate to the introduction of the concept of "authorized certificates" and changes in the rules for accreditation of certification centers.

The issue of electronic signatures is complex and has many nuances. Therefore, it is impossible to consider all the points in one article. If you have any questions, please contact our professional lawyers. They will give you comprehensive advice on this topic.

Instead of one electronic digital signature (EDS), the new law introduced three types of electronic signatures: simple (EDS), enhanced unqualified (NEP), enhanced qualified (CEP).

On July 1, 2013, the Federal Law of 10.01.02 No. 1-FZ "On Electronic Digital Signatures" became invalid and instead Federal Law of 06.04.11 No. 63-FZ "On Electronic Signatures" came into force. He brought Russian and foreign legislation closer together and delimited the areas of application of electronic signatures. And first of all, this prompted the widespread use of public services in electronic form.

Instead of one electronic digital signature (EDS), the new law introduced three types of electronic signature:

  • simple (EP),
  • reinforced unqualified (NEP),
  • reinforced qualified (CEP).

Simple signature confirms the signing of an electronic document by a certain person, but does not guarantee the invariability of the file after signing (clause 2 of Art. 5 63-FZ). This electronic signature is created using one-time passwords or other means. A simple electronic signature is easy to “obtain” and use: make an appointment with a doctor, queue up to receive documents, etc.

Unqualified electronic signature allows you to identify the author of the document and check if any changes were made to the file after it was submitted. This type of signature is less regulated. A document signed with its help replaces a paper document only in cases stipulated by law, or by agreement of the parties. The certification authority is not obliged to additionally confirm an unqualified signature (as is the case with a qualified one). To date, NEP is most actively used at the accredited public procurement sites.

To obtain an unqualified certificate, you must have the original passport of an individual - an authorized representative, as well as the following documents (originals or certified copies):

  • passport of an authorized person or head of an organization;
  • extract from the Unified State Register of Legal Entities;
  • document on the appointment of the head (original or copy of the protocol);
  • certificate or notification of registration with the IFTS;
  • power of attorney for the right to participate in the auction (for a legal entity).

Qualified Electronic Signature (CEP) - the most widely used and regulated of all three types of signatures under Federal Law No. 63-FZ. A document signed with a CEP certificate is equated to a document that is personally signed by an individual or an authorized representative of a legal entity.

It is the CEP that opens up the maximum opportunities for the owner to work on electronic trading platforms and information resources. It is suitable for working on state electronic portals and obtaining financial services, for organizing purchases in accordance with 223-FZ, participating in commercial auctions and auctions for the sale of bankruptcy property.

As a rule, the CEP certificate has a validity period of 1 year (UC SKB Kontur can issue certificates for 15 months), however, the validity of the signatures supplied with its help is unlimited. To obtain a CEP certificate, you must have the original passport of an individual - an authorized representative, as well as the following documents (originals or certified copies):

  • registration certificate (OGRN);
  • constituent documents;
  • certificate of registration (TIN);
  • insurance certificate of the Pension Fund (from an individual - an authorized representative);
  • application for the issue of an electronic signature certificate;
  • extract from the Unified State Register of Legal Entities.

Certification center SKB Kontur issues certificates of qualified electronic signatures for work on:

  • the all-Russian official website of public procurement and the Unified portal of public services;
  • portal EFRSFDUL;
  • the portal of the Federal Service for Financial Markets;
  • the portal of the FSIS of territorial planning.

Also, qualified certificates of UC SKB Kontur can be used for:

  • submission of regulatory reports to the National Union of Insurers;
  • submission of documents for licensing in the Ministry of Health of pharmacies, pharmaceutical companies, cosmetology and medical centers;
  • filling out electronic documents by enterprises of the housing and communal services sector.


© 2021 We know everything about foundations. Job. Materials. Choice. Documentation