came into full force in 2014. Prior to this, relations in the sphere were regulated by a decree issued in 2011. The document specified the concepts and features EDS work. They were also given the concept of qualified and unqualified signatures. To date legal regulation electronic signature carried out on the basis of this paper. If you have any questions, please contact her.
divide this concept into two groups:
- Simple EDS.
- Enhanced EDS. This group is also divided, because the signature can be qualified and unqualified.
Federal Law on electronic digital signature says that only a qualified electronic signature is equal to a paper version. A person can sign it with his own hand or entrust the execution to another person. Law on electronic signature 63 FZ supplemented by special regulations legal acts. They separately consider the requirements that are put forward for paper and electronic media. If they are not observed, the legality of the transaction is called into question and may be challenged in court.
Get a signature
Electronic document management is actively implemented in various areas economic relations. This results in significant savings not only cash but also time. Most enterprises have already become accustomed to the fact that in in electronic format You can submit a report to the tax office. This option is also used to pay telecommunications and bank bills. According to Art. 174 Tax agents and VAT payers are not only required, but also required to submit a declaration electronically. Changes to Federal Law 63 on electronic signature provide only such reporting. It does not matter at all how many employees work at the enterprise. Law on electronic digital signature provides for an exception to this rule only for organizations that are accustomed to operating on a simplified system.
the federal law about electronic signature obliges everything large enterprises purchase a qualified certification option. Thanks to this, it is possible to completely abandon the paper version of documentation in a short period of time. At the same time, all the necessary data can be stored in electronic form and, if necessary, be able to refer to them.
EDS Law suggests that each enterprise use special electronic systems for fast document management. For modern man learning how to handle them correctly is not difficult. It is enough to have basic skills personal computer. Federal law on electronic digital signature designed to save time and money. He will no longer need to pay postage and Courier services. When will it be fully implemented digital signature law, then in the field economic activity there will be a real revolution. Business entities will be able to work with contractors even remotely.
Federal Law on EDS cares and tries to implement it in all spheres of economic activity. This program is used by all companies that provide accounting outsourcing. Now, in order to sign a document, it is not at all necessary to buy your office. It is enough to go through authorization and get all the papers for approval.
Federal Law 63 FZ on electronic signature also provides for its use on the Gosuglug website. Thanks to it, all functions become fully available to the user. For example, this method is used to pay for the services of most utility companies. EDS - assistant individual. For its registration, it is enough to contact the permitting center. The signature shows not only the author, but also the person who made the change.
Law 63 FZ on EDS is also required for individual entrepreneurs. An electronic signature for an individual can save a lot. You can also control pension savings remotely. A person can apply for a visa or a passport. The portal is specially designed to optimize the work of enterprises. EDS is an innovative attribute that confirms the value of a document and makes it possible to track the authorship of amendments. As a result, the company gets the opportunity to participate in the auction and put up its proposals on the federal resource. That is why the signature must be obtained by each enterprise. It will significantly simplify life and open up new opportunities for leaders.
The Federal Portal of Draft Regulatory Legal Acts posted a draft Federal Law on Amendments to the Federal Law "On Electronic Signature", the Federal Law "On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Implementation of State Control (Supervision) and municipal control"and the Federal Law "On Accreditation in the National Accreditation System". Let's talk about the features of this bill affecting N63-FZ "On Electronic Signature".
1. Authorized certificate.
The concept of "authoritative certificate" is introduced. Authorization certificates will be of two types:
- An authorized certificate of a state body is a qualified certificate that contains information about an individual - the head of a state body, in terms of information about his powers. Such a certificate can only be created by an accredited certification center of the Federal Treasury. This CA already issues electronic signature certificates to state bodies for participation in public procurement according to 44-FZ and 223-FZ;
- Authorization Certificate legal entity is a qualified certificate that contains information about an individual who has the right to act on behalf of a legal entity without a power of attorney. Such a certificate can only be created by an accredited certification center of the Ministry of Telecom and Mass Communications of Russia.
Certificates for government bodies will be free, while for legal entities, most likely, the issuance of certificates will become paid service. This part of the market turns out to be closed to commercial CAs, since the bill establishes a closed list of CAs. We will return to this topic a little later.
The use of authorized certificates in information systems to perform legally significant actions is allowed only by the head, director, etc. It is possible to use qualified certificates issued to a person who is not a manager. In this case, it is necessary to issue a power of attorney certified by a signature based on an authorized certificate. The requirements for the form and format of the power of attorney are established by the owners of information systems.
Thus, the Ministry of Telecom and Mass Communications of Russia solves the problem in which government bodies and legal entities cannot use one certificate in information systems of different departments and are forced to purchase different types certificates. The need to create a single signature has been discussed for a long time, so the appearance of this initiative was expected. At the same time, it is not clear why the requirements for powers of attorney for persons who are not managers are set by information system operators. After all, this will entail the need to form a power of attorney for each of the information systems, and the concept of a “single tool” will not be fully implemented.
2. Trusted Third Party.
The concept of "trusted third party" is introduced. This is the Ministry of Communications of Russia or an organization that has passed the accreditation procedure of third parties in the Ministry of Communications. The procedure for accreditation of trusted third parties will be prescribed in Article 18.2 and largely repeats the current accreditation procedure for CAs. The third party carries out activities to verify electronic signatures in electronic documents, and also documents the results of such verification.
3. Accreditation of the Certification Authority.
Part 1 of Article 16 N63-FZ “On Electronic Signature” is subject to fundamental changes. According to the document, accreditation is carried out in relation to:
- the Federal Treasury (or an organization subordinate to the Federal Treasury);
- Subordinate organizations of the Ministry of Telecom and Mass Communications;
- Federal Tax Service (or subordinate Federal tax service organizations).
This is where the list ends. The rest, operating this moment CAs (created by both state and commercial structures), of which there are more than 450 as of April 2, 2018, will lose their right to receive accreditation and will gradually stop issuing qualified certificates. State bodies will receive qualified certificates from the CA of the Federal Treasury, legal entities and individuals - from the Ministry of Telecom and Mass Communications and subordinate organizations (we sincerely hope that the powers will not go to FSUE Russian Post). At the same time, the MFC and notaries were allowed to deal with the presentation of certificates. It is not yet clear what role the FTS will play in this.
The accreditation rules will also change in terms of requirements for the value of net assets and the availability of financial security for liability for losses. These requirements for state bodies receiving accreditation have not been applied before. Thus, commercial certification centers are being removed from the electronic signature market. From a technical and organizational point of view, the Regulator in the field of the use of electronic signatures needs to do a lot of work to cover the growing market demand for qualified certificates. An interesting fact is that these changes, undoubtedly one of the most significant in the draft law under consideration, are not recorded in the descriptive part and are present in the bill "between the lines".
The bill provides that the new accreditation rules for CAs will come into force after 2 years from the date of official publication.
UPD 04/16/2018. Association "ROSEU" (Developers and Operators of Systems of Electronic Services) published an open letter to the Minister of Telecom and Mass Communications N.A. Nikiforov, containing comments and suggestions in connection with the introduction of amendments to 63-FZ "On Electronic Signature". The Association includes the largest participants in the electronic services market in Russian Federation: "SKB Kontur", "Crypto-Pro", "Active", "Infotex Internet Trust" and others. The letter outlines the possible negative consequences of the adoption of the bill and makes proposals for the regulation of the industry, which will avoid destruction existing system accredited certification centers.
"About electronic signature"
Edition dated 06/23/2016 - Valid from 12/31/2017
Show changes
RUSSIAN FEDERATION
THE FEDERAL LAW
ABOUT ELECTRONIC SIGNATURE
Article 1. Scope of this Federal Law
This Federal Law governs relations in the field of the use of electronic signatures in civil law transactions, the provision of state and municipal services, the performance of state and municipal functions, and the performance of other legally significant actions, including in cases established by other federal laws. (as amended by Federal Law No. 60-FZ of April 5, 2013)
Article 2. Basic concepts used in this Federal Law
For the purposes of this Federal Law, the following basic concepts are used:
1) electronic signature - information in electronic form, which is attached to other information in electronic form (signed information) or otherwise associated with such information and which is used to identify the person signing the information;
2) electronic signature verification key certificate - an electronic document or a paper document issued by a certification center or a trustee of the certification center and confirming that the electronic signature verification key belongs to the owner of the electronic signature verification key certificate;
3) a qualified certificate of an electronic signature verification key (hereinafter referred to as a qualified certificate) - a certificate of an electronic signature verification key that meets the requirements established by this Federal Law and other regulatory legal acts adopted in accordance with it, and created by an accredited certification center or a federal executive body, authorized in the field of the use of electronic signature (hereinafter referred to as the authorized federal body); (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) the owner of the certificate of the electronic signature verification key - a person who, in accordance with the procedure established by this Federal Law, has been issued a certificate of the electronic signature verification key;
5) electronic signature key - a unique sequence of characters intended for creating an electronic signature;
6) electronic signature verification key - a unique sequence of characters uniquely associated with the electronic signature key and designed to verify the authenticity of an electronic signature (hereinafter referred to as electronic signature verification);
7) certification center - a legal entity, individual entrepreneur or a government agency or agency local government those performing the functions of creating and issuing certificates of electronic signature verification keys, as well as other functions provided for by this Federal Law; (as amended by Federal Law No. 445-FZ of December 30, 2015)
8) accreditation of a certification center - recognition by an authorized federal body of the compliance of a certification center with the requirements of this Federal Law;
9) electronic signature means - encryption (cryptographic) means used to implement at least one of following functions- creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key and an electronic signature verification key;
10) means of the certification center - software and (or) hardware used to implement the functions of the certification center;
11) participants in electronic interaction - state bodies, local government bodies, organizations, as well as citizens exchanging information in electronic form;
12) corporate information system - an information system, the participants of electronic interaction in which constitute a certain circle of persons;
13) public information system - an information system, the participants of electronic interaction in which constitute an indefinite circle of persons and in the use of which these persons cannot be denied.
14) delivery of the certificate of the electronic signature verification key - the transfer by the authorized person of the certification center of the certificate of the electronic signature verification key produced by this certification center to its owner; (as amended by Federal Law No. 445-FZ of December 30, 2015)
15) confirmation of possession of an electronic signature key - receipt by a certification center, an authorized federal body of evidence that the person who applied for a certificate of an electronic signature verification key owns an electronic signature key that corresponds to the electronic signature verification key indicated by such a person for obtaining a certificate. (as amended by Federal Law No. 445-FZ of December 30, 2015)
Article 3. Legal regulation of relations in the field of the use of electronic signatures
1. Relations in the field of the use of electronic signatures are governed by this Federal Law, other federal laws, regulatory legal acts adopted in accordance with them, as well as agreements between participants in electronic interaction. Unless otherwise established by federal laws, regulatory legal acts adopted in accordance with them, or a decision to create a corporate information system, the procedure for using an electronic signature in a corporate information system may be established by the operator of this system or by an agreement between participants in electronic interaction in it.
2. The types of electronic signatures used by executive authorities and local governments, the procedure for their use, as well as the requirements for ensuring the compatibility of electronic signature means when organizing electronic interaction between these bodies, are established by the Government of the Russian Federation.
Article 4. Principles of using an electronic signature
The principles of using an electronic signature are:
1) the right of participants in electronic interaction to use an electronic signature of any kind at their own discretion, if the requirement to use a specific type of electronic signature in accordance with the purposes of its use is not provided for by federal laws or regulatory legal acts adopted in accordance with them or by an agreement between participants in electronic interaction;
2) the possibility of using by participants of electronic interaction at their own discretion any information technology and (or) technical means, allowing to fulfill the requirements of this Federal Law in relation to the use of specific types of electronic signatures;
3) the inadmissibility of recognizing an electronic signature and (or) an electronic document signed by it as null and void only on the basis that such an electronic signature was not created by one's own hand, but using electronic signature tools for the automatic creation and (or) automatic verification of electronic signatures in information system.
Article 5. Types of electronic signatures
1. Types of electronic signatures, relations in the field of use of which are regulated by this Federal Law, are a simple electronic signature and an enhanced electronic signature. A distinction is made between an enhanced unqualified electronic signature (hereinafter referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (hereinafter referred to as a qualified electronic signature).
2. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.
3. An unqualified electronic signature is an electronic signature that:
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to the electronic document after the moment of its signing;
4) is created using electronic signature means.
4. A qualified electronic signature is an electronic signature that meets all the features of a non-qualified electronic signature and the following additional features:
1) the electronic signature verification key is specified in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools are used that have confirmation of compliance with the requirements established in accordance with this Federal Law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
5. When using an unqualified electronic signature, an electronic signature verification key certificate may not be created if the compliance of the electronic signature with the characteristics of an unqualified electronic signature established by this Federal Law can be ensured without using an electronic signature verification key certificate.
Article 6
1. Information in electronic form, signed with a qualified electronic signature, is recognized electronic document, equivalent to a document on paper, signed with a handwritten signature, and can be used in any legal relationship in accordance with the legislation of the Russian Federation, except if federal laws or regulatory legal acts adopted in accordance with them establish a requirement that the document be drawn up exclusively on paper. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2. Information in electronic form, signed with a simple electronic signature or an unqualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, in cases established by federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction that establish cases for recognizing electronic documents signed with an unqualified electronic signature as equivalent to paper documents signed with a handwritten signature should provide for the procedure for verifying an electronic signature. Regulatory legal acts and agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of this Federal Law.
3. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them, or business practice, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on hard copy, signed with a handwritten signature and certified by a seal. Federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in electronic interaction may provide for Additional requirements to an electronic document in order to recognize it as equivalent to a document on paper, certified by a seal.
3.1. If federal laws and regulatory legal acts adopted in accordance with them provide that a document must be signed by several persons, the electronic document must be signed by the persons (authorized officials of the body, organization) who prepared this document, with the type of signature that is established by the legislation of the Russian Federation for signing the prepared electronic document with an electronic signature. (as amended by Federal Law No. 220-FZ of June 23, 2016)
4. Several interconnected electronic documents (package of electronic documents) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered to be signed with an electronic signature of the type that signed the package of electronic documents. The exception is cases when the package of electronic documents by the person who signed the package includes electronic documents created by other persons (bodies, organizations) and signed by them with the type of electronic signature that is established by the legislation of the Russian Federation for signing such documents. In these cases, the electronic document included in the package is considered signed by the person who originally created such an electronic document, with the type of electronic signature with which this document was signed during creation, regardless of the type of electronic signature signed by the package of electronic documents. (as amended by Federal Law No. 220-FZ of June 23, 2016)
Article 7. Recognition of electronic signatures created in accordance with the norms of foreign law and international standards
1. Electronic signatures created in accordance with the laws of a foreign state and international standards, in the Russian Federation are recognized as electronic signatures of the type to which they correspond on the basis of this Federal Law.
2. An electronic signature and an electronic document signed by it cannot be considered invalid only on the grounds that the certificate of the electronic signature verification key was issued in accordance with the norms of foreign law.
Article 8
1. The authorized federal body is determined by the Government of the Russian Federation.
2. Authorized federal body:
1) carries out accreditation of certification centers, checks compliance by accredited certification centers with the requirements established by this Federal Law and other regulatory legal acts adopted in accordance with it, including the requirements for compliance with which these certification centers were accredited, and in case of non-compliance with these requirements issues orders to eliminate the identified violations; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) performs the functions of the head certification center in relation to accredited certification centers.
3. The authorized federal body is obliged to ensure the storage of the following information specified in this part and round-the-clock unhindered access to it using information and telecommunication networks:
1) names, addresses of accredited certification centers;
2) a register of qualified certificates issued by the authorized federal body; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) a list of certifying centers whose accreditation has been prematurely terminated; (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) a list of accredited certification centers whose accreditation has been suspended;
5) a list of accredited certification centers whose activities have been terminated;
6) registers of qualified certificates issued by accredited certification centers, transferred to the authorized federal body in accordance with this Federal Law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
4. The federal executive body responsible for the development and implementation of public policy and legal regulation in the field information technologies, sets:
1) the procedure for the transfer of registers of qualified certificates issued by accredited certification centers and other information to the authorized federal body in the event of termination of the activities of an accredited certification center; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) the procedure for the formation and maintenance of registers of qualified certificates issued by accredited certification centers, as well as the provision of information from such registers; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) the rules for accreditation of certification centers, the procedure for verifying compliance by accredited certification centers with the requirements established by this Federal Law and other regulatory legal acts adopted in accordance with it, including the requirements for compliance with which these certification centers were accredited. (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) requirements for the procedure for the implementation of the functions of an accredited certification center and the performance of its duties established by this Federal Law and other regulatory legal acts adopted in accordance with it, in agreement with the federal executive body in the field of security; (as amended by Federal Law No. 445-FZ of December 30, 2015)
5) the format of the electronic signature, which is mandatory for implementation by all means of electronic signature, in agreement with the federal executive body in the field of security. (as amended by Federal Law No. 445-FZ of December 30, 2015)
5. The federal executive body in the field of security:
1) in agreement with the authorized federal body, establishes requirements for the form of a qualified certificate and rules for confirming possession of an electronic signature key; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) establishes requirements for the means of electronic signature and means of the certification center;
3) confirms the compliance of the means of electronic signature and the means of the certification center with the requirements established in accordance with this Federal Law, and publishes a list of such means.
4) in agreement with the authorized federal body, establishes additional requirements for the procedure for the implementation of the functions of an accredited certification center and the performance of its duties, as well as for ensuring information security accredited certification authority. (as amended by Federal Law No. 445-FZ of December 30, 2015)
Article 9. Use of a simple electronic signature
1. An electronic document is considered signed with a simple electronic signature if one of the following conditions is met:
1) a simple electronic signature is contained in the electronic document itself;
2) the key of a simple electronic signature is applied in accordance with the rules established by the operator of the information system, with the use of which the creation and (or) sending of an electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf an electronic document has been created and (or) sent.
2. Regulatory legal acts and (or) agreements between participants in electronic interaction, establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature, should provide, in particular:
1) rules for determining the person signing an electronic document by his simple electronic signature;
2) the obligation of a person creating and (or) using a simple electronic signature key to keep it confidential.
4. The use of a simple electronic signature for signing electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret, is not allowed.
Article 10. Obligations of participants in electronic interaction when using enhanced electronic signatures
When using enhanced electronic signatures, participants in electronic interaction are required to:
1) ensure the confidentiality of electronic signature keys, in particular, prevent the use of electronic signature keys belonging to them without their consent;
2) notify the certification center that issued the certificate of the electronic signature verification key and other participants in electronic interaction about the violation of the confidentiality of the electronic signature key within no more than one working day from the date of receipt of information about such a violation;
3) not to use the electronic signature key if there are reasons to believe that the confidentiality of this key has been violated;
4) to use for the creation and verification of qualified electronic signatures, the creation of keys of qualified electronic signatures and keys for their verification, electronic signature means that have confirmation of compliance with the requirements established in accordance with this Federal Law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
Article 11. Recognition of a qualified electronic signature
A qualified electronic signature is recognized as valid until a court decision establishes otherwise, while simultaneously observing the following conditions:
1) a qualified certificate has been created and issued by an accredited certification center, the accreditation of which is valid on the day of issuance of the specified certificate;
2) the qualified certificate is valid at the time of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;
3) there is a positive result of verification that the owner of the qualified certificate belongs to the qualified electronic signature with which the electronic document is signed, and the absence of changes made to this document after its signing is confirmed. In this case, verification is carried out using electronic signature means that have confirmation of compliance with the requirements established in accordance with this Federal Law, and using a qualified certificate of the person who signed the electronic document; (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) a qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).
Article 12. Means of electronic signature
1. To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used that:
1) allow to establish the fact of a change in the signed electronic document after the moment of its signing;
2) ensure the practical impossibility of calculating the electronic signature key from the electronic signature or from its verification key;
3) allow creating an electronic signature in the format established by the federal executive body responsible for the development and implementation of state policy and legal regulation in the field of information technology, and providing the possibility of its verification by all means of electronic signature. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2. When creating an electronic signature, the electronic signature means must:
1) show independently or using software, software, hardware and technical means necessary to display information signed using these means to the person who creates an electronic signature, the content of the information that is being signed; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) create an electronic signature only after the person signing the electronic document confirms the operation to create an electronic signature;
3) unequivocally show that the electronic signature has been created.
3. When verifying an electronic signature, the electronic signature means must:
1) show independently or using software, software and hardware and technical means necessary to display information signed using these means, the content of an electronic document signed with an electronic signature; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) display information about making changes to an electronic document signed with an electronic signature;
3) indicate the person using whose electronic signature key electronic documents are signed.
4. Electronic signature tools designed to create electronic signatures in electronic documents containing information constituting a state secret, or intended for use in an information system containing information constituting a state secret, are subject to confirmation of compliance mandatory requirements to protect information of the appropriate degree of secrecy in accordance with the legislation of the Russian Federation. Electronic signature tools designed to create electronic signatures in electronic documents containing restricted access information (including personal data) must not violate the confidentiality of such information.
5. The requirements of parts 2 and 3 of this article do not apply to electronic signature tools used for automatic creation and (or) automatic verification of electronic signatures in the information system.
Article 13. Certification center
1. Certification authority:
1) creates certificates of electronic signature verification keys and issues such certificates to persons who applied for their receipt (applicants), subject to the identification of the recipient of the certificate (applicant) or the authority of the person acting on behalf of the applicant to apply for this certificate, taking into account the requirements, established in accordance with Part 4 of Article 8 of this Federal Law; (as amended by Federal Law No. 445-FZ of December 30, 2015)
1.1) carries out, in accordance with the rules for confirming the possession of an electronic signature key, confirmation of the applicant's possession of an electronic signature key corresponding to the electronic signature verification key specified by him to receive the certificate of the electronic signature verification key; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) establishes the validity periods of certificates of electronic signature verification keys;
3) revokes the certificates of electronic signature verification keys issued by this certification authority;
4) issues, at the request of the applicant, electronic signature means containing an electronic signature key and an electronic signature verification key (including those created by a certification center) or providing the possibility of creating an electronic signature key and an electronic signature verification key by the applicant;
5) maintains a register of certificates of electronic signature verification keys issued and canceled by this certification center (hereinafter referred to as the register of certificates), including information contained in certificates of electronic signature verification keys issued by this certification center, and information on the dates of termination or cancellation certificates of keys for verifying electronic signatures and the grounds for such termination or cancellation;
6) establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, as well as provides access for persons to the information contained in the register of certificates, including using the information and telecommunication network "Internet";
7) creates, at the request of applicants, keys of electronic signatures and keys for verification of electronic signatures;
8) checks the uniqueness of the keys for verifying electronic signatures in the register of certificates;
9) at the request of participants in electronic interaction, checks electronic signatures;
10) carry out other activities related to the use of an electronic signature.
2. The certification center is obliged:
1) inform in writing applicants about the conditions and procedure for using electronic signatures and electronic signature means, about the risks associated with the use of electronic signatures, and about the measures necessary to ensure the security of electronic signatures and their verification;
2) ensure the relevance of the information contained in the register of certificates and its protection from unauthorized access, destruction, modification, blocking, other illegal actions;
3) provide free of charge to any person at his request in accordance with the established procedure for access to the register of certificates the information contained in the register of certificates, including information on the cancellation of the certificate of the electronic signature verification key;
4) ensure the confidentiality of the electronic signature keys created by the certification center.
5) refuse the applicant to create an electronic signature verification key certificate if it has not been confirmed that the applicant owns an electronic signature verification key that corresponds to the electronic signature verification key specified by the applicant to obtain an electronic signature verification key certificate; (as amended by Federal Law No. 445-FZ of December 30, 2015)
b) refuse the applicant to create a certificate of the electronic signature verification key in case of a negative result of verification in the register of uniqueness certificates of the electronic signature verification key specified by the applicant for obtaining the certificate of the electronic signature verification key. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2.1. The certification authority is prohibited from specifying in the certificate of the electronic signature verification key it creates the electronic signature verification key contained in the certificate of the electronic signature verification key issued to this certification center by any other certification center. (as amended by Federal Law No. 445-FZ of December 30, 2015)
3. The certification center, in accordance with the legislation of the Russian Federation, is liable for damage caused to third parties as a result of:
1) non-fulfillment or improper fulfillment of obligations arising from the contract for the provision of services by the certification center;
2) failure to perform or improper performance of the obligations provided for by this Federal Law.
4. The certification center has the right to empower third parties (hereinafter referred to as trusted persons) with the authority to present certificates of electronic signature verification keys on behalf of this certification center. on behalf of the applicant, upon application for obtaining this certificate in accordance with the procedure for implementing the functions of a certification center and performing its duties, established by the person who empowered the specified trustee with the authority to present certificates of electronic signature verification keys by the certification center, taking into account the requirements provided for in Part 4 of Article 8 of this Federal Law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
5. The certification center specified in part 4 of this article, in relation to authorized persons, is the main certification center and performs the following functions:
1) performs verification of electronic signatures, the verification keys of which are indicated in certificates of electronic signature verification keys issued by trusted persons;
2) provides electronic interaction proxies among themselves, as well as trusted persons with a certification authority.
6. Information entered in the register of certificates is subject to storage during the entire period of activity of the certification center, if more than short term not established by regulatory legal acts. In the event of termination of the activities of the certification center without transferring its functions to other persons, it must notify in writing the owners of certificates of electronic signature verification keys issued by this certification center and whose validity period has not expired, at least one month before the date of termination of this certification center. In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be destroyed. In case of termination of the activities of the certification center with the transfer of its functions to other persons, it must notify in writing the owners of certificates of electronic signature verification keys issued by this certification center and which have not expired, at least one month before the date of transfer of its functions . In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be transferred to the person who transferred the functions of the certification center that ceased its activities.
7. The procedure for implementing the functions of a certification center, exercising its rights and fulfilling the obligations specified in this article, is established by the certification center independently, unless otherwise established by this Federal Law and other federal laws or regulatory legal acts adopted in accordance with them or an agreement between participants in electronic interaction . (as amended by Federal Law No. 445-FZ of December 30, 2015)
8. A contract for the provision of services by a certification center operating in relation to an unlimited number of persons using a public information system is public contract.
Article 14. Certificate of the electronic signature verification key
1. The certification center generates and issues a certificate of the electronic signature verification key on the basis of an agreement between the certification center and the applicant.
2. The certificate of the electronic signature verification key must contain the following information:
1) unique number the certificate of the electronic signature verification key, the start and expiration dates of such a certificate; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) last name, first name and patronymic (if any) - for individuals, name and location - for legal entities or other information that allows to identify the owner of the certificate of the electronic signature verification key;
3) unique key electronic signature verification; (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) the name of the electronic signature means used and (or) the standards, the requirements of which correspond to the electronic signature key and the electronic signature verification key;
5) the name of the certification center that issued the certificate of the electronic signature verification key;
6) other information provided for in Article 17 of this Federal Law - for a qualified certificate.
3. In case of issuing an electronic signature verification key certificate to a legal entity, along with the name of the legal entity, an individual acting on behalf of the legal entity on the basis of the constituent documents of the legal entity or a power of attorney shall be indicated as the owner of the electronic signature verification key certificate. It is allowed not to indicate as the owner of the certificate of the electronic signature verification key an individual acting on behalf of a legal entity in the certificate of the electronic signature verification key (including a qualified certificate) used for automatic creation and (or) automatic verification of electronic signatures in the information system in the provision of state and municipal services, the performance of state and municipal functions, as well as in other cases provided for by federal laws and regulatory legal acts adopted in accordance with them. The owner of such an electronic signature verification key certificate is a legal entity, information about which is contained in such a certificate. At the same time, the administrative act of the legal entity determines the individual responsible for the automatic creation and (or) automatic verification of the electronic signature in the information system when providing state and municipal services, performing state and municipal functions, as well as in other cases provided for by federal laws and adopted in in accordance with their laws and regulations. In the absence of the specified administrative act by the person responsible for the automatic creation and (or) automatic verification of the electronic signature in the information system in the provision of state and municipal services, the performance of state and municipal functions, as well as in other cases provided for by federal laws and adopted in accordance with them normative legal acts, is the head of the legal entity. In the event that federal law vests the authority to execute state functions for a specific executive Responsible for the automatic creation and (or) automatic verification of an electronic signature in the information system in the performance of state functions is this official. (as amended by Federal Law No. 184-FZ of June 28, 2014)
4. The certification center has the right to issue certificates of keys for verification of electronic signatures both in the form of electronic documents and in the form of documents on paper. The owner of an electronic signature verification key certificate issued in the form of an electronic document is also entitled to receive a copy of the electronic signature verification key certificate on paper, certified by a certification center.
5. The certificate of the electronic signature verification key is valid from the moment of its issuance, unless another date of validity of such a certificate is indicated in the certificate of the electronic signature verification key itself. Information about the certificate of the electronic signature verification key must be entered by the certification authority into the register of certificates no later than the date of commencement of validity of such a certificate indicated in it.
6. The certificate of the electronic signature verification key is terminated:
1) in connection with the expiration of the established period of its validity;
2) based on the application of the owner of the certificate of the electronic signature verification key, submitted in the form of a document on paper or in the form of an electronic document;
3) in case of termination of the activities of the certification center without the transfer of its functions to other persons;
4) in other cases established by this Federal Law, other federal laws, regulatory legal acts adopted in accordance with them or an agreement between the certification center and the owner of the electronic signature verification key certificate.
6.1. The certification center revokes the certificate of the electronic signature verification key in the following cases: (as amended by Federal Law No. 445-FZ of December 30, 2015)
1) it is not confirmed that the owner of the certificate of the electronic signature verification key owns the electronic signature key corresponding to the electronic signature verification key specified in such a certificate; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) it has been established that the electronic signature verification key contained in such a certificate is already contained in another previously created certificate of the electronic signature verification key; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) a court decision has entered into force, which, in particular, established that the certificate of the electronic signature verification key contains false information. (as amended by Federal Law No. 445-FZ of December 30, 2015)
7. Information about the termination of the validity of the certificate of the electronic signature verification key must be entered by the certification center into the register of certificates within twelve hours from the moment the circumstances specified in parts 6 and 6.1 of this article occur, or within twelve hours from the moment when the certification center became aware or should have become aware of the occurrence of such circumstances. The validity of the certificate of the electronic signature verification key is terminated from the moment of making an entry about it in the register of certificates. (as amended by Federal Law No. 445-FZ of December 30, 2015)
8. The part is no longer valid. (as amended by Federal Law No. 445-FZ of December 30, 2015)
9. The use of a revoked certificate of the electronic signature verification key does not entail legal consequences, except for those related to its cancellation. Prior to entering information on the revocation of the certificate of the electronic signature verification key certificate into the register of certificates, the certification center is obliged to notify the owner of the certificate of the electronic signature verification key of the cancellation of his certificate of the electronic signature verification key by sending a document on paper or an electronic document.
Article 15. Accredited certification center
1. A certification center that has received accreditation is an accredited certification center. An accredited certification center is required to store the following information:
1) details of the main document proving the identity of the holder of a qualified certificate - an individual;
2) information about the name, number and date of issue of a document confirming the right of a person acting on behalf of an applicant - a legal entity, to apply for a qualified certificate;
3) information about the names, numbers and dates of issue of documents confirming the powers of the holder of a qualified certificate to act on behalf of third parties, if information on such powers of the holder of a qualified certificate is included in the qualified certificate.
2. An accredited certification center must store the information specified in part 1 of this article during the period of its activity, unless a shorter period is provided for by regulatory legal acts of the Russian Federation. Information must be stored in a form that allows checking its integrity and reliability.
2.1. To sign qualified certificates on its own behalf, an accredited certification center must use a qualified electronic signature based on a qualified certificate issued to it by the head certification center, the functions of which are performed by the authorized federal body. An accredited certification center is prohibited from using a qualified electronic signature based on a qualified certificate issued to it by the head certification center, the functions of which are performed by the authorized federal body, for signing certificates that are not qualified certificates. (as amended by Federal Law No. 445-FZ of December 30, 2015)
3. An accredited certification center is obliged to provide any person with free access using information and telecommunication networks, including the Internet, to the register of qualified certificates of this accredited certification center at any time during the period of activity of this certification center, unless otherwise established by federal laws or regulations adopted in accordance with them. (as amended by Federal Law No. 445-FZ of December 30, 2015)
4. In the event of a decision to terminate its activities, an accredited certification center is obliged to:
1) inform the authorized federal body about it no later than one month before the date of termination of its activities;
2) transfer to the authorized federal body in the prescribed manner the register of qualified certificates issued by this accredited certification center; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) transfer for storage to the authorized federal body in accordance with the established procedure the information to be stored in an accredited certification center.
5. An accredited certification center is obliged to comply with the procedure for exercising the functions of an accredited certification center and performing its duties, established by such an accredited certification center in accordance with the requirements approved by the authorized federal body for the procedure for exercising the functions of an accredited certification center and performing duties, as well as with this Federal Law and other regulatory legal acts adopted in accordance with this Federal Law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
6. An accredited certification center is not entitled to empower third parties to create keys for qualified electronic signatures and qualified certificates on behalf of such an accredited certification center. (as amended by Federal Law No. 445-FZ of December 30, 2015)
7. An accredited certification center bears civil and (or) administrative liability in accordance with the legislation of the Russian Federation for failure to fulfill the obligations established by this Federal Law and other regulatory legal acts adopted in accordance with it, as well as the procedure for implementing the functions of an accredited certification center and performing his duties. (as amended by Federal Law No. 445-FZ of December 30, 2015)
Article 16. Accreditation of a certification center
1. Accreditation of certification centers is carried out by the authorized federal body in respect of certification centers that are legal entities. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2. Accreditation of a certification center is carried out on a voluntary basis. Accreditation of a certification center is carried out for a period of five years, unless a shorter period is specified in the certification center's application.
3. Accreditation of a certification center is subject to the fulfillment of the following requirements:
1) the value of the net assets of the certification center is at least seven million rubles; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) the availability of financial security for liability for losses caused to third parties as a result of their trust in the information specified in the certificate of the electronic signature verification key issued by such a certification center, or the information contained in the register of certificates maintained by such a certification center, in the amount of at least 30 million rubles and 500 thousand rubles for each location of the licensed type of activity specified in the license of the federal executive body in the field of security, issued to the certification center in accordance with paragraph 1 of part 1 of Article 12 of the Federal Law of May 4, 2011 N 99-FZ "About Licensing certain types activity", if the number of such places exceeds ten, but not more than 100 million rubles. If the number of places for the implementation of the specified licensed type of activity does not exceed ten, the financial security of liability is 30 million rubles; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) the availability of electronic signature means that have confirmation of compliance with the requirements established by the federal executive body in the field of security, as well as the means of a certification center that, when contacted by a participant in electronic interaction, establish and confirm the validity of a qualified certificate at the time of signing an electronic document with an electronic signature and having confirmation compliance with the requirements established by the federal executive authority in the field of security; (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) the presence in the staff of the certification center of at least two employees directly involved in the creation and issuance of certificates of electronic signature verification keys that have higher education in the field of information technology or information security or higher education or secondary professional education with the subsequent receipt of additional professional education on the use of electronic signatures. (as amended by Federal Law No. 185-FZ of July 2, 2013)
5) the certification center applying for accreditation has a procedure for implementing the functions of a certification center and performing its duties, established by the certification center in accordance with the approved federal executive body that performs the functions of developing and implementing state policy and legal regulation in the field of information technologies, requirements for the procedure for the implementation of the functions of an accredited certification center and the performance of its duties, as well as with this Federal Law and other regulatory legal acts adopted in accordance with it. (as amended by Federal Law No. 445-FZ of December 30, 2015)
3.1. The certification center, along with the requirements specified in Part 3 of this article, is also entitled to ensure its compliance with the additional requirements established by the federal executive body in the field of security, in agreement with the authorized federal body, for the procedure for implementing the functions of an accredited certification center and performing its duties, as well as for providing information security of an accredited certification center in cases where the need to comply with such additional requirements in certain respects is provided for by federal law. (as amended by Federal Law No. 445-FZ of December 30, 2015)
4. Accreditation of a certification center is carried out on the basis of its application submitted to the authorized federal body. The application shall be accompanied by documents confirming the compliance of the certification center with the requirements established by part 3 of this article. The certification center has the right not to submit a document confirming the compliance of its electronic signature facilities and certification center facilities with the requirements established by the federal executive authority in the field of security, if such a document or the information contained in it is at the disposal of the federal executive authority in the field of security . In this case, the authorized federal body independently checks the availability of a document confirming the compliance of such funds established requirements, on the basis of information received from the federal executive body in the field of security, using a unified system of interdepartmental electronic interaction. The certification center has the right to attach documents confirming the compliance of the certification center with the requirements established by part 3.1 of this article. (as amended by Federal Laws No. 169-FZ dated July 1, 2011, No. 445-FZ dated December 30, 2015)
5. Within a period not exceeding thirty calendar days from the date of receipt of the application of the certification center, the authorized federal body, on the basis of the submitted documents, makes a decision on accreditation of the certification center or on refusal of its accreditation. If a decision on accreditation of a certification center is made, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision on accreditation, notifies the certification center of decision and issues a certificate of accreditation in the prescribed form. After receiving an accreditation certificate, an accredited certification center is obliged to connect the information system that ensures the implementation of the functions of an accredited certification center (hereinafter referred to as the connection of an accredited certification center) to the information technology and communication infrastructure in the manner established in accordance with Part 4 of Article 19 of the Federal Law No. July 27, 2010 N 210-FZ "On the organization of the provision of state and municipal services" (hereinafter referred to as infrastructure). After the accredited certification center is connected to the infrastructure, the authorized federal body issues to the accredited certification center a qualified certificate created using the means of the main certification center. If a decision is made to refuse accreditation of a certification center, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision to refuse accreditation, sends or delivers to the certification center a notice of the decision taken indicating the reasons for the refusal. (as amended by Federal Law No. 445-FZ of December 30, 2015)
6. The basis for refusing to accredit a certification center is its non-compliance with the requirements established by part 3 of this article, or the presence of inaccurate information in the documents submitted by it.
7. An accredited certification center must comply with the requirements for which it is accredited during the entire period of its accreditation. If circumstances arise that make it impossible to comply with specified requirements, the certification center must immediately notify the authorized federal body of this in writing. An accredited certification center in the performance of its functions and fulfillment of its obligations must comply with the requirements established for certification centers by articles -, and this Federal Law. The authorized federal body shall have the right to conduct inspections of compliance by accredited certification centers with the requirements of this Federal Law and other regulatory legal acts adopted in accordance with this Federal Law, including the requirements for compliance with which these certification centers were accredited, during the entire period of their accreditation. In the event that an accredited certification center fails to comply with these requirements, the authorized federal body is obliged to issue an order to this certification center to eliminate violations within the prescribed period and suspend accreditation for this period with information about this included in the list specified in Part 3 of Article 8 of this Federal Law. The accredited certification center notifies the authorized federal body in writing of the elimination of the identified violations. The authorized federal body makes a decision to renew accreditation, while it has the right to check the actual elimination of previously identified violations and, if they are not eliminated within the time period established by the order, terminates the accreditation of the certification center ahead of schedule. (as amended by Federal Law No. 445-FZ of December 30, 2015)
7.1. Audits of compliance by accredited certification centers with the requirements of this Federal Law and other regulatory legal acts adopted in accordance with it are carried out once every three years during the entire period of accreditation, with the exception of unscheduled audits conducted in accordance with the legislation of the Russian Federation. First scheduled inspection compliance by accredited certification centers with these requirements is carried out no later than one year from the date of accreditation of the certification center indicated in the certificate of accreditation of the certification center. (as amended by Federal Law No. 445-FZ of December 30, 2015)
7.2. Unscheduled inspections within the framework of state control (supervision) and municipal control are carried out on the grounds specified in Part 2 of Article 10 of the Federal Law of December 26, 2008 N 294-FZ "On the protection of the rights of legal entities and individual entrepreneurs in the exercise of state control (supervision) and municipal control", as well as on the basis of reasoned appeals about violations of the requirements of this Federal Law and other regulatory legal acts adopted in accordance with it, admitted by an accredited certification center, which were received by the authorized federal body from federal executive authorities, bodies state power subjects of the Russian Federation, other state bodies, local governments, Central Bank Russian Federation, state bodies off-budget funds, legal entities and individuals.
1) a unique number of a qualified certificate, the start and end dates of its validity;
2) last name, first name, patronymic (if any) of the holder of a qualified certificate - for an individual who is not an individual entrepreneur, or last name, first name, patronymic (if any) and the main state registration number of an individual entrepreneur - holder of a qualified certificate - for an individual, being an individual entrepreneur, or the name, location and main state registration number of the owner of the qualified certificate - for a Russian legal entity, or the name, location of the owner of the qualified certificate, as well as an identification number taxpayer (if any) - for a foreign organization (including branches, representative offices and other separate subdivisions foreign organization); (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) the insurance number of an individual personal account and the taxpayer identification number of the holder of a qualified certificate - for an individual or the taxpayer identification number of the holder of a qualified certificate - for a legal entity; (as amended by Federal Law No. 184-FZ of June 28, 2014)
Qualified certificates of electronic signature verification keys, created and issued in accordance with the requirements that were in force before the date of entry into force of paragraph 3 of part 2 of Article 17, are recognized as qualified certificates of electronic signature verification keys (paragraph 3 of the Federal Law of June 28, 2014 N 184-FZ)
An electronic document signed with an electronic signature, the verification key of which is contained in a qualified certificate of the electronic signature verification key, issued in accordance with the requirements that were in force before the date of entry into force of paragraph 3 of part 2 of Article 17, is recognized as a document signed with an enhanced qualified electronic signature (paragraph 4 of the Federal Law of June 28, 2014 N 184-FZ).
4) a unique key for verifying an electronic signature; (as amended by Federal Law No. 445-FZ of December 30, 2015)
5) the names of the electronic signature means and the means of the accredited certification center that were used to create the electronic signature key, the electronic signature verification key, the qualified certificate, as well as the details of the document confirming the compliance of these means with the requirements established in accordance with this Federal Law;
6) the name and location of the accredited certification center that issued the qualified certificate, the number of the qualified certificate of the certification center;
7) restrictions on the use of a qualified certificate (if such restrictions are established);
8) other information about the owner of the qualified certificate (at the request of the applicant).
2.1. Operators of state and municipal information systems, as well as information systems, the use of which is provided for by regulatory legal acts, or public information systems are not entitled to require the presence in a qualified certificate of information that restricts its use in other information systems. (as amended by Federal Law No. 445-FZ of December 30, 2015)
3. If the applicant submits to the accredited certification center documents confirming his right to act on behalf of third parties, the qualified certificate may include information about such powers of the applicant and their validity period.
4. A qualified certificate is issued in the form, the requirements for which are established by the federal executive body in the field of security in agreement with the authorized federal body. (as amended by Federal Law No. 445-FZ of December 30, 2015)
5. In case of cancellation of a qualified certificate issued by an accredited certification center that issued a qualified certificate to an applicant, or in case of early termination or expiration of the accreditation period of a certification center, a qualified certificate issued by an accredited certification center to an applicant ceases to be valid. (as amended by Federal Law No. 445-FZ of December 30, 2015)
6. The holder of a qualified certificate must:
1) do not use the electronic signature key and immediately contact the accredited certification center that issued the qualified certificate to terminate this certificate if there is reason to believe that the confidentiality of the electronic signature key has been violated;
2) use a qualified electronic signature in accordance with the restrictions contained in the qualified certificate (if such restrictions are established).
Article 18. Issuance of a qualified certificate
1. When issuing a qualified certificate, an accredited certification center must:
1) to establish the identity of the applicant - an individual who applied to him for a qualified certificate;
2) receive from the person acting on behalf of the applicant - a legal entity, confirmation of the right to apply for a qualified certificate.
2. When applying to an accredited certification center, the applicant indicates the restrictions on the use of a qualified certificate (if such restrictions are established by him) and submits the following documents or their duly certified copies and information: (as amended by Federal Law No. 445-FZ of December 30, 2015)
1) the main identity document; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) the number of the insurance certificate of the state pension insurance of the applicant - an individual; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) identification number of the taxpayer of the applicant - an individual; (as amended by Federal Law No. 445-FZ of December 30, 2015)
4) the main state registration number of the applicant - legal entity; (as amended by Federal Law No. 445-FZ of December 30, 2015)
5) the main state registration number of the entry on state registration an individual as an individual entrepreneur of the applicant - an individual entrepreneur; (as amended by Federal Law No. 445-FZ of December 30, 2015)
b) the number of the certificate of registration in tax authority the applicant - a foreign organization (including branches, representative offices and other separate divisions of a foreign organization) or the tax identification number of the applicant - a foreign organization; (as amended by Federal Law No. 445-FZ of December 30, 2015)
7) a power of attorney or other document confirming the right of the applicant to act on behalf of other persons. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2.1. The applicant has the right, on his own initiative, to submit copies of documents containing the information specified in clauses 4-6 of part 2 of this article. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2.2. An accredited certification center, using the infrastructure, checks the authenticity of documents and information submitted by the applicant in accordance with parts 2 and 2.1 of this article. To fill in a qualified certificate in accordance with Article 17 of this Federal Law, an accredited certification center requests and receives from state information resources: (as amended by Federal Law No. 445-FZ of December 30, 2015)
1) an extract from the unified state register of legal entities in respect of the applicant - a legal entity; (as amended by Federal Law No. 445-FZ of December 30, 2015)
2) an extract from the unified state register of individual entrepreneurs in respect of the applicant - an individual entrepreneur; (as amended by Federal Law No. 445-FZ of December 30, 2015)
3) an extract from the Unified State Register of Taxpayers in respect of the applicant - a foreign organization. (as amended by Federal Law No. 445-FZ of December 30, 2015)
2.3. In the event that the information received in accordance with Part 2.2 of this Article confirms the accuracy of the information provided by the applicant for inclusion in the qualified certificate, and the identity of the applicant - an individual has been established by an accredited certification center or confirmation of the authority of a person acting on behalf of an applicant - a legal entity has been received, applying for a qualified certificate, an accredited certification center carries out the procedure for creating and issuing a qualified certificate to the applicant. Otherwise, the accredited certification authority refuses to issue a qualified certificate to the applicant. (as amended by Federal Law No. 445-FZ of December 30, 2015)
3. Upon receipt of a qualified certificate by the applicant, he must be familiarized against receipt by an accredited certification center with the information contained in the qualified certificate.
4. Simultaneously with the issuance of a qualified certificate, an accredited certification center must issue to the holder of a qualified certificate a manual on ensuring the security of using a qualified electronic signature and means of a qualified electronic signature.
5. When issuing a qualified certificate, an accredited certification center sends information about the person who received the qualified certificate to the unified identification and authentication system to the extent necessary for registration in unified system (as amended by Federal Law No. 33-FZ of March 12, 2014)
identification and authentication, and about the qualified certificate he received (the unique number of the qualified certificate, the start and end dates of its validity, the name of the accredited certification center that issued it). When issuing a qualified certificate, an accredited certification center, at the request of the person to whom the qualified certificate was issued, registers the specified person in the unified identification and authentication system free of charge. (as amended by Federal Law No. 33-FZ of March 12, 2014)
Article 19. Final provisions
1. Signature key certificates issued in accordance with Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signature" are recognized as qualified certificates in accordance with this Federal Law.
2. An electronic document signed with an electronic signature, the verification key of which is contained in the certificate of the electronic signature verification key, issued in accordance with the procedure previously established by Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signature", during the validity period of the specified certificate, but no later than December 31, 2013, is recognized as an electronic document signed with a qualified electronic signature in accordance with this Federal Law. (as amended by Federal Law No. 171-FZ of July 2, 2013)
FZ-63 on electronic signature regulates the use of special programs required to certify electronic documents. Consider what changes were made to the law in Lately and how it affected relationships.
Document Verification Practice software tools has existed for more than a decade, and the legislation corrects certain provisions and the procedure for working. Now the use of such funds is regulated by the Federal Law-63 on electronic signature (). The law is updated periodically. Consider last changes that have been introduced into the law.
Amendments have been made to the Federal Law on electronic signatures on certification centers and the scope of EDS
The law included changes that relate to the ability of government agencies or self-government bodies to perform the functions of a certification center (part 7 of article 2 of FZ-63 on electronic signature No. 63-FZ dated April 6, 2011). In the previous version of the article, the legislator did not mention these structures. The definition of a certification authority indicated that it is a legal entity that creates and issues certificates for signature verification keys, and also performs other functions (clause 7, part 1, article 2 of Law No. 63-FZ).
The question arose: can state bodies or local self-government be such centers? Only legal entities are entitled to receive accreditation (confirmation) (Part 1, Article 16 of Law No. 63-FZ). The law indicates the right of the authorities to act as legal entities (Article 41). But there was no unequivocal point of view on the status of state bodies. The article was corrected: the legislator answered in the affirmative about the right of such bodies to accreditation. The question now does not require further interpretation.
According to Federal Law-63, an electronic signature can be used in any legal relationship
In another case, the court found it illegal to reject a participant's application. He pointed out that the operator electronic platform unreasonably denied registration. The operator unlawfully deprived the company of the opportunity to participate in the auction. Application and Required documents the participant signed with an electronic signature, the law allowed this. Refusal to accept an application is a violation of the law ().
According to FZ-63, the period for entering information on the termination of the signature verification key certificate has been halved
To change the information, instead of one day, it will now take twelve hours (part 7 of article 14 of the law of 04/06/2011 No. 63-FZ).
You will need to make changes to terminate the signature verification key when:
- the key will expire;
- the owner of the verification key certificate will send a corresponding application;
- the certification center will cease its activities without transferring its functions to other persons.
The certification authority revokes the key certificate if:
- it is not confirmed that the owner of the key certificate owns the key that corresponds to the key specified in such a certificate;
- the verification key is already contained in another previously created certificate;
- the court found that the key certificate contained false information, and the judicial act entered into force (parts 6, 6.1 of Law No. 63-FZ).
It is advisable to contact the certification center, for example, when the employee in whose name the company issued the certificate of the electronic signature verification key according to the Federal Law quit. If the company does not do this, there are risks of disputes with former employees. The latter may drag the company into litigation, but material damage former employer does not threaten. The court does not consider that the use of a key certificate, which the defendant has not reissued to another employee, is detrimental.
For example, a former employee repeatedly contacted a former employer and asked to revoke the validity of the verification key certificate, which the parties employment contract issued in his name. The company did so when almost two months had elapsed from the date of the first request. Former employee believed that such actions caused him moral damage, and went to court. The court dismissed the claim. He considered that the defendant did not violate the rights of the plaintiff. The former employee did not provide evidence of how the late cancellation of the certificate led to negative consequences (appellate ruling Moscow City Court dated September 16, 2016 in case No. 33-37356/2016).
More information in a qualified certificate
In FZ-63 on the electronic signature, changes were made in relation to the list of information about the owners of certificates. The owner of the signature verification key certificate is the person who received this certificate in the prescribed manner. The legislator added information about the owners of TIN certificates in relation to individuals to the list (clause 3, part 2, article 17 of Law No. 63-FZ). Thus, after this novel in FZ-63 on electronic signature, it became easier to identify the owner.
Article 1. Scope of this Federal Law
This Federal Law regulates relations in the field of the use of electronic signatures in civil law transactions, the provision of state and municipal services, the performance of state and municipal functions, and the performance of other legally significant actions.
Article 2. Basic concepts used in this Federal Law
For the purposes of this Federal Law, the following basic concepts are used:
1) electronic signature - information in electronic form, which is attached to other information in electronic form (signed information) or otherwise associated with such information and which is used to identify the person signing the information;
2) electronic signature verification key certificate - an electronic document or a paper document issued by a certification center or a trustee of the certification center and confirming that the electronic signature verification key belongs to the owner of the electronic signature verification key certificate;
3) a qualified certificate of an electronic signature verification key (hereinafter referred to as a qualified certificate) - a certificate of an electronic signature verification key issued by an accredited certification center or a trustee of an accredited certification center or a federal executive body authorized in the field of using an electronic signature (hereinafter referred to as an authorized federal body) ;
4) the owner of the certificate of the electronic signature verification key - a person who, in accordance with the procedure established by this Federal Law, has been issued a certificate of the electronic signature verification key;
5) electronic signature key - a unique sequence of characters intended for creating an electronic signature;
6) electronic signature verification key - a unique sequence of characters uniquely associated with the electronic signature key and designed to verify the authenticity of an electronic signature (hereinafter referred to as electronic signature verification);
7) certification center - a legal entity or an individual entrepreneur that performs the functions of creating and issuing certificates of keys for verifying electronic signatures, as well as other functions provided for by this Federal Law;
8) accreditation of a certification center - recognition by an authorized federal body of the compliance of a certification center with the requirements of this Federal Law;
9) electronic signature means - encryption (cryptographic) means used to implement at least one of the following functions - creating an electronic signature, verifying an electronic signature, creating an electronic signature key and an electronic signature verification key;
10) means of the certification center - software and (or) hardware used to implement the functions of the certification center;
11) participants in electronic interaction - state bodies, local government bodies, organizations, as well as citizens exchanging information in electronic form;
12) corporate information system - an information system, the participants of electronic interaction in which constitute a certain circle of persons;
13) public information system - an information system, the participants of electronic interaction in which constitute an indefinite circle of persons and in the use of which these persons cannot be denied.
Article 3. Legal regulation of relations in the field of the use of electronic signatures
1. Relations in the field of the use of electronic signatures are governed by this Federal Law, other federal laws, regulatory legal acts adopted in accordance with them, as well as agreements between participants in electronic interaction. Unless otherwise established by federal laws, regulatory legal acts adopted in accordance with them, or a decision to create a corporate information system, the procedure for using an electronic signature in a corporate information system may be established by the operator of this system or by an agreement between participants in electronic interaction in it.
2. The types of electronic signatures used by executive authorities and local governments, the procedure for their use, as well as the requirements for ensuring the compatibility of electronic signature means when organizing electronic interaction between these bodies, are established by the Government of the Russian Federation.
Article 4. Principles of using an electronic signature
The principles of using an electronic signature are:
1) the right of participants in electronic interaction to use an electronic signature of any kind at their own discretion, if the requirement to use a specific type of electronic signature in accordance with the purposes of its use is not provided for by federal laws or regulatory legal acts adopted in accordance with them or by an agreement between participants in electronic interaction;
2) the possibility for the participants of electronic interaction to use, at their own discretion, any information technology and (or) technical means that make it possible to fulfill the requirements of this Federal Law in relation to the use of specific types of electronic signatures;
3) the inadmissibility of recognizing an electronic signature and (or) an electronic document signed by it as null and void only on the basis that such an electronic signature was not created by one's own hand, but using electronic signature tools for the automatic creation and (or) automatic verification of electronic signatures in information system.
Article 5. Types of electronic signatures
1. Types of electronic signatures, relations in the field of use of which are regulated by this Federal Law, are a simple electronic signature and an enhanced electronic signature. A distinction is made between an enhanced unqualified electronic signature (hereinafter referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (hereinafter referred to as a qualified electronic signature).
2. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.
3. An unqualified electronic signature is an electronic signature that:
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to the electronic document after the moment of its signing;
4) is created using electronic signature means.
4. A qualified electronic signature is an electronic signature that meets all the features of a non-qualified electronic signature and the following additional features:
1) the electronic signature verification key is specified in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools are used that have received confirmation of compliance with the requirements established in accordance with this Federal Law.
5. When using an unqualified electronic signature, an electronic signature verification key certificate may not be created if the compliance of the electronic signature with the characteristics of an unqualified electronic signature established by this Federal Law can be ensured without using an electronic signature verification key certificate.
Article 6
1. Information in electronic form signed with a qualified electronic signature is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, unless federal laws or regulatory legal acts adopted in accordance with them establish a requirement that the document be drawn up exclusively on paper. carrier.
2. Information in electronic form, signed with a simple electronic signature or an unqualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, in cases established by federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction that establish cases for recognizing electronic documents signed with an unqualified electronic signature as equivalent to paper documents signed with a handwritten signature should provide for the procedure for verifying an electronic signature. Normative legal acts and agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of Article 9 of this Federal Law.
3. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them, or business practice, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on hard copy, signed with a handwritten signature and certified by a seal. Federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a document on paper, certified by a seal.
4. Several interconnected electronic documents (package of electronic documents) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered to be signed with an electronic signature of the type that signed the package of electronic documents.
Article 7. Recognition of electronic signatures created in accordance with the norms of foreign law and international standards
1. Electronic signatures created in accordance with the rules of law of a foreign state and international standards are recognized in the Russian Federation as electronic signatures of the type to which they correspond on the basis of this Federal Law.
2. An electronic signature and an electronic document signed by it cannot be considered invalid only on the grounds that the certificate of the electronic signature verification key was issued in accordance with the norms of foreign law.
Article 8
1. The authorized federal body is determined by the Government of the Russian Federation.
2. Authorized federal body:
1) carries out accreditation of certification centers, checks compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers were accredited, and in the event of their non-compliance, issues instructions to eliminate the identified violations;
2) performs the functions of the head certification center in relation to accredited certification centers.
3. The authorized federal body is obliged to ensure the storage of the following information specified in this part and round-the-clock unhindered access to it using information and telecommunication networks:
1) names, addresses of accredited certification centers;
2) a register of qualified certificates issued and canceled by the authorized federal body;
3) a list of certification centers whose accreditation has been cancelled;
4) a list of accredited certification centers whose accreditation has been suspended;
5) a list of accredited certification centers whose activities have been terminated;
6) registers of qualified certificates transferred to the authorized federal body in accordance with Article 15 of this Federal Law.
4. The federal executive body, which performs the functions of developing and implementing state policy and legal regulation in the field of information technology, establishes:
1) the procedure for transferring registers of qualified certificates and other information to the authorized federal body in the event of termination of the activities of an accredited certification center;
2) the procedure for the formation and maintenance of registers of qualified certificates, as well as the provision of information from such registers;
3) the rules for accreditation of certification centers, the procedure for verifying compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers were accredited.
5. The federal executive body in the field of security:
1) establishes requirements for the form of a qualified certificate;
2) establishes requirements for the means of electronic signature and means of the certification center;
3) confirms the compliance of the means of electronic signature and the means of the certification center with the requirements established in accordance with this Federal Law, and publishes a list of such means.
Article 9. Use of a simple electronic signature
1. An electronic document is considered signed with a simple electronic signature if one of the following conditions is met:
1) a simple electronic signature is contained in the electronic document itself;
2) the key of a simple electronic signature is applied in accordance with the rules established by the operator of the information system, with the use of which the creation and (or) sending of an electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf an electronic document has been created and (or) sent.
2. Regulatory legal acts and (or) agreements between participants in electronic interaction, establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature, should provide, in particular:
1) rules for determining the person signing an electronic document by his simple electronic signature;
2) the obligation of a person creating and (or) using a simple electronic signature key to keep it confidential.
3. The rules established by Articles 10-18 of this Federal Law do not apply to relations associated with the use of a simple electronic signature, including the creation and use of a simple electronic signature key.
4. The use of a simple electronic signature for signing electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret, is not allowed.
Article 10. Obligations of participants in electronic interaction when using enhanced electronic signatures
When using enhanced electronic signatures, participants in electronic interaction are required to:
1) ensure the confidentiality of electronic signature keys, in particular, prevent the use of electronic signature keys belonging to them without their consent;
2) notify the certification center that issued the certificate of the electronic signature verification key and other participants in electronic interaction about the violation of the confidentiality of the electronic signature key within no more than one working day from the date of receipt of information about such a violation;
3) not to use the electronic signature key if there are reasons to believe that the confidentiality of this key has been violated;
4) to use for the creation and verification of qualified electronic signatures, the creation of keys of qualified electronic signatures and keys for their verification, electronic signature means that have received confirmation of compliance with the requirements established in accordance with this Federal Law.
Article 11. Recognition of a qualified electronic signature
A qualified electronic signature is recognized as valid until a court decision establishes otherwise, while simultaneously observing the following conditions:
1) a qualified certificate has been created and issued by an accredited certification center, the accreditation of which is valid on the day of issuance of the specified certificate;
2) the qualified certificate is valid at the time of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;
3) there is a positive result of verification that the owner of the qualified certificate belongs to the qualified electronic signature with which the electronic document is signed, and the absence of changes made to this document after its signing is confirmed. In this case, verification is carried out using electronic signature means that have received confirmation of compliance with the requirements established in accordance with this Federal Law, and using a qualified certificate of the person who signed the electronic document;
4) a qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).
Article 12. Means of electronic signature
1. To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used that:
1) allow to establish the fact of a change in the signed electronic document after the moment of its signing;
2) ensure the practical impossibility of calculating an electronic signature key from an electronic signature or from its verification key.
2. When creating an electronic signature, the electronic signature means must:
1) show the person signing the electronic document the content of the information that he signs;
2) create an electronic signature only after the person signing the electronic document confirms the operation to create an electronic signature;
3) unequivocally show that the electronic signature has been created.
3. When verifying an electronic signature, the electronic signature means must:
1) show the content of an electronic document signed with an electronic signature;
2) display information about making changes to an electronic document signed with an electronic signature;
3) indicate the person using whose electronic signature key electronic documents are signed.
4. Electronic signature tools designed to create electronic signatures in electronic documents containing information constituting a state secret, or intended for use in an information system containing information constituting a state secret, are subject to confirmation of compliance with the mandatory requirements for the protection of information of the appropriate degree of secrecy in accordance with with the legislation of the Russian Federation. Electronic signature tools designed to create electronic signatures in electronic documents containing restricted access information (including personal data) must not violate the confidentiality of such information.
5. The requirements of parts 2 and 3 of this article do not apply to electronic signature tools used for automatic creation and (or) automatic verification of electronic signatures in the information system.
Article 13. Certification center
1. Certification authority:
1) creates certificates of electronic signature verification keys and issues such certificates to persons who have applied for their receipt (applicants);
2) establishes the validity periods of certificates of electronic signature verification keys;
3) revokes the certificates of electronic signature verification keys issued by this certification authority;
4) issues, at the request of the applicant, electronic signature means containing an electronic signature key and an electronic signature verification key (including those created by a certification center) or providing the possibility of creating an electronic signature key and an electronic signature verification key by the applicant;
5) maintains a register of certificates of electronic signature verification keys issued and canceled by this certification center (hereinafter referred to as the register of certificates), including information contained in certificates of electronic signature verification keys issued by this certification center, and information on the dates of termination or cancellation certificates of keys for verifying electronic signatures and the grounds for such termination or cancellation;
6) establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, as well as provides access for persons to the information contained in the register of certificates, including using the information and telecommunication network "Internet";
7) creates, at the request of applicants, keys of electronic signatures and keys for verification of electronic signatures;
8) checks the uniqueness of the keys for verifying electronic signatures in the register of certificates;
9) at the request of participants in electronic interaction, checks electronic signatures;
10) carry out other activities related to the use of an electronic signature.
2. The certification center is obliged:
1) inform applicants in writing about the conditions and procedure for using electronic signatures and electronic signature means, about the risks associated with the use of electronic signatures, and about the measures necessary to ensure the security of electronic signatures and their verification;
2) ensure the relevance of the information contained in the register of certificates and its protection from unauthorized access, destruction, modification, blocking, other illegal actions;
3) provide free of charge to any person at his request in accordance with the established procedure for access to the register of certificates the information contained in the register of certificates, including information on the cancellation of the certificate of the electronic signature verification key;
4) ensure the confidentiality of the electronic signature keys created by the certification center.
3. The certification center, in accordance with the legislation of the Russian Federation, is liable for damage caused to third parties as a result of:
1) non-fulfillment or improper fulfillment of obligations arising from the contract for the provision of services by the certification center;
2) failure to perform or improper performance of the obligations provided for by this Federal Law.
4. The certification center has the right to empower third parties (hereinafter referred to as trusted persons) with the authority to create and issue certificates of electronic signature verification keys on behalf of the certification center, signed with an electronic signature based on an electronic signature verification key certificate issued to a trusted person by this certification center.
5. The certification center specified in part 4 of this article, in relation to authorized persons, is the main certification center and performs the following functions:
1) performs verification of electronic signatures, the verification keys of which are indicated in certificates of electronic signature verification keys issued by trusted persons;
2) provides electronic interaction of trusted persons among themselves, as well as trusted persons with a certification authority.
6. Information entered in the register of certificates is subject to storage during the entire period of activity of the certification center, unless a shorter period is established by regulatory legal acts. In the event of termination of the activities of the certification center without transferring its functions to other persons, it must notify in writing the owners of certificates of electronic signature verification keys issued by this certification center and whose validity period has not expired, at least one month before the date of termination of this certification center. In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be destroyed. In case of termination of the activities of the certification center with the transfer of its functions to other persons, it must notify in writing the owners of certificates of electronic signature verification keys issued by this certification center and which have not expired, at least one month before the date of transfer of its functions . In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be transferred to the person who transferred the functions of the certification center that ceased its activities.
7. The procedure for implementing the functions of a certification center, exercising its rights and fulfilling the obligations defined by this article, is established by the certification center independently, unless otherwise established by federal laws or regulatory legal acts adopted in accordance with them, or by an agreement between participants in electronic interaction.
8. An agreement on the provision of services by a certification center operating in relation to an unlimited number of persons using a public information system is a public agreement.
Article 14. Certificate of the electronic signature verification key
1. The certification center generates and issues a certificate of the electronic signature verification key on the basis of an agreement between the certification center and the applicant.
2. The certificate of the electronic signature verification key must contain the following information:
1) start and end dates of its validity;
2) last name, first name and patronymic (if any) - for individuals, name and location - for legal entities or other information that allows to identify the owner of the certificate of the electronic signature verification key;
3) electronic signature verification key;
4) the name of the electronic signature means used and (or) the standards, the requirements of which correspond to the electronic signature key and the electronic signature verification key;
5) the name of the certification center that issued the certificate of the electronic signature verification key;
6) other information provided for by Part 2 of Article 17 of this Federal Law - for a qualified certificate.
3. In case of issuing an electronic signature verification key certificate to a legal entity, along with the name of the legal entity, an individual acting on behalf of the legal entity on the basis of the constituent documents of the legal entity or a power of attorney shall be indicated as the owner of the electronic signature verification key certificate. It is allowed not to indicate an individual acting on behalf of a legal entity as the owner of the certificate of the electronic signature verification key in the certificate of the electronic signature verification key used to automatically create and (or) automatically verify electronic signatures in the information system when providing state and municipal services, performing state and municipal functions, as well as in other cases provided for by federal laws and regulatory legal acts adopted in accordance with them. The owner of such an electronic signature verification key certificate is a legal entity, information about which is contained in such a certificate.
4. The certification center has the right to issue certificates of keys for verification of electronic signatures both in the form of electronic documents and in the form of documents on paper. The owner of an electronic signature verification key certificate issued in the form of an electronic document is also entitled to receive a copy of the electronic signature verification key certificate on paper, certified by a certification center.
5. The certificate of the electronic signature verification key is valid from the moment of its issuance, unless another date of validity of such a certificate is indicated in the certificate of the electronic signature verification key itself. Information about the certificate of the electronic signature verification key must be entered by the certification authority into the register of certificates no later than the date of commencement of validity of such a certificate indicated in it.
6. The certificate of the electronic signature verification key is terminated:
1) in connection with the expiration of the established period of its validity;
2) based on the application of the owner of the certificate of the electronic signature verification key, submitted in the form of a document on paper or in the form of an electronic document;
3) in case of termination of the activities of the certification center without the transfer of its functions to other persons;
4) in other cases established by this Federal Law, other federal laws, regulatory legal acts adopted in accordance with them or an agreement between the certification center and the owner of the electronic signature verification key certificate.
7. Information on the termination of the validity of the certificate of the electronic signature verification key must be entered by the certification center into the register of certificates within one working day from the date of occurrence of the circumstances that led to the termination of the validity of the certificate of the electronic signature verification key. The validity of the certificate of the electronic signature verification key is terminated from the moment of making an entry about it in the register of certificates.
8. Within no more than one working day, the certification center revokes the certificate of the electronic signature verification key by making an entry about its cancellation in the register of certificates by a court decision that has entered into force, in particular, if the court decision establishes that the certificate of the electronic signature verification key contains incorrect information.
9. The use of a revoked certificate of the electronic signature verification key does not entail legal consequences, except for those related to its revocation. Prior to entering information on the revocation of the certificate of the electronic signature verification key certificate into the register of certificates, the certification center is obliged to notify the owner of the certificate of the electronic signature verification key of the cancellation of his certificate of the electronic signature verification key by sending a document on paper or an electronic document.
Article 15. Accredited certification center
1. A certification center that has received accreditation is an accredited certification center. An accredited certification center is required to store the following information:
1) details of the main document proving the identity of the holder of a qualified certificate - an individual;
2) information about the name, number and date of issue of a document confirming the right of a person acting on behalf of an applicant - a legal entity, to apply for a qualified certificate;
3) information about the names, numbers and dates of issue of documents confirming the powers of the holder of a qualified certificate to act on behalf of third parties, if information on such powers of the holder of a qualified certificate is included in the qualified certificate.
2. An accredited certification center must store the information specified in part 1 of this article during the period of its activity, unless a shorter period is provided for by regulatory legal acts of the Russian Federation. Information must be stored in a form that allows checking its integrity and reliability.
3. An accredited certification center is obliged to provide any person with free access using information and telecommunication networks to the qualified certificates issued by this certification center and to current list revoked qualified certificates at any time during the period of activity of this certification center, unless otherwise provided by federal laws or regulatory legal acts adopted in accordance with them.
4. In the event of a decision to terminate its activities, an accredited certification center is obliged to:
1) inform the authorized federal body about it no later than one month before the date of termination of its activities;
2) transfer to the authorized federal body in the prescribed manner the register of qualified certificates;
3) transfer for storage to the authorized federal body in accordance with the established procedure the information to be stored in an accredited certification center.
Article 16. Accreditation of a certification center
1. Accreditation of certification centers is carried out by the authorized federal body in respect of certification centers that are Russian or foreign legal entities.
2. Accreditation of a certification center is carried out on a voluntary basis. Accreditation of a certification center is carried out for a period of five years, unless a shorter period is specified in the certification center's application.
3. Accreditation of a certification center is subject to the fulfillment of the following requirements:
1) the value of the net assets of the certification center is at least one million rubles;
2) the availability of financial security for liability for losses caused to third parties as a result of their trust in the information specified in the certificate of the electronic signature verification key issued by such a certification center, or the information contained in the register of certificates maintained by such a certification center, in the amount of at least one and a half million rubles;
3) the availability of electronic signature facilities and certification center facilities that have received confirmation of compliance with the requirements established by the federal executive body in the field of security;
4) the presence in the staff of the certification center of at least two employees who are directly involved in the creation and issuance of certificates of keys for verifying electronic signatures, who have higher professional education in the field of information technology or information security or higher or secondary professional education, followed by retraining or advanced training in issues related to the use of electronic signatures.
4. Accreditation of a certification center is carried out on the basis of its application submitted to the authorized federal body. The application shall be accompanied by documents confirming the compliance of the certification center with the requirements established by part 3 of this article.
5. Within a period not exceeding thirty calendar days from the date of receipt of the certification center's application, the authorized federal body, on the basis of the submitted documents, makes a decision to accredit the certification center or to refuse its accreditation. If a decision is made to accredit a certification center, the authorized federal body, within a period not exceeding ten days from the date of the decision on accreditation, notifies the certification center of the decision taken and issues an accreditation certificate in the prescribed form. Simultaneously with the issuance of an accreditation certificate, the authorized federal body issues to the accredited certification center a qualified certificate created using the funds of the head certification center, the functions of which are performed by the authorized federal body. If a decision is made to refuse accreditation of the certification center, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision to refuse accreditation, sends or hands over to the certification center a notice of the decision taken indicating the reasons for the refusal in the form of a document on paper.
6. The basis for refusing to accredit a certification center is its non-compliance with the requirements established by part 3 of this article, or the presence of inaccurate information in the documents submitted by it.
7. An accredited certification center must comply with the requirements for which it is accredited during the entire period of its accreditation. If circumstances arise that make it impossible to comply with these requirements, the certification center must immediately notify the authorized federal body in writing. An accredited certifying center, in the course of performing its functions and fulfilling its obligations, must comply with the requirements established for certifying centers by Articles 13-15, 17 and 18 of this Federal Law. The authorized federal body shall have the right to conduct inspections of compliance by accredited certification centers with the requirements of this Federal Law during the entire period of their accreditation. In the event that an accredited certification center fails to comply with these requirements, the authorized federal body is obliged to issue an order to this certification center to eliminate violations within the prescribed period and suspend accreditation for this period with information about this included in the list specified in paragraph 4 of part 3 of Article 8 of this Federal Law . The accredited certification center notifies the authorized federal body in writing of the elimination of the identified violations. The authorized federal body makes a decision to renew the accreditation, while it has the right to check the actual elimination of previously identified violations and, if they are not eliminated within the time period established by the order, cancels the accreditation of the certification center.
8. To state bodies, local governments, state and municipal institutions that perform the functions of certification centers, the requirements established by paragraphs 1 and 2 of part 3 of this article do not apply.
9. The head certification center, whose functions are performed by the authorized federal body, is not subject to accreditation in accordance with this Federal Law.
Article 17 Qualified Certificate
1. A qualified certificate is to be created using the means of an accredited certification center.
2. The qualified certificate must contain the following information:
1) a unique number of a qualified certificate, the start and end dates of its validity;
2) last name, first name and patronymic (if any) of the owner of a qualified certificate - for an individual or name, location and main state registration number of the owner of a qualified certificate - for a legal entity;
3) the insurance number of the individual personal account of the holder of a qualified certificate - for an individual or the taxpayer identification number of the holder of a qualified certificate - for a legal entity;
4) electronic signature verification key;
5) the names of the electronic signature means and the means of the accredited certification center that were used to create the electronic signature key, the electronic signature verification key, the qualified certificate, as well as the details of the document confirming the compliance of these means with the requirements established in accordance with this Federal Law;
6) the name and location of the accredited certification center that issued the qualified certificate, the number of the qualified certificate of the certification center;
7) restrictions on the use of a qualified certificate (if such restrictions are established);
8) other information about the owner of the qualified certificate (at the request of the applicant).
3. If the applicant submits to the accredited certification center documents confirming his right to act on behalf of third parties, the qualified certificate may include information about such powers of the applicant and their validity period.
4. A qualified certificate is issued in the form, the requirements for which are established by the federal executive body in the field of security.
5. In case of cancellation of a qualified certificate issued by an accredited certification center that issued a qualified certificate to an applicant, or in case of cancellation or expiration of the accreditation period of a certification center, a qualified certificate issued by an accredited certification center to an applicant ceases to be valid.
6. The holder of a qualified certificate must:
1) do not use the electronic signature key and immediately contact the accredited certification center that issued the qualified certificate to terminate this certificate if there is reason to believe that the confidentiality of the electronic signature key has been violated;
2) use a qualified electronic signature in accordance with the restrictions contained in the qualified certificate (if such restrictions are established).
Article 18. Issuance of a qualified certificate
1. When issuing a qualified certificate, an accredited certification center must:
1) to establish the identity of the applicant - an individual who applied to him for a qualified certificate;
2) receive from the person acting on behalf of the applicant - a legal entity, confirmation of the right to apply for a qualified certificate.
2. When applying to an accredited certification center, the applicant indicates the restrictions on the use of a qualified certificate (if such restrictions are established) and submits the following documents confirming the accuracy of the information provided by the applicant for inclusion in a qualified certificate, or their duly certified copies:
1) the main identity document, the insurance certificate of the state pension insurance of the applicant - an individual or constituent documents, a document confirming the fact of making an entry about the legal entity in the Unified State Register legal entities, and a certificate of registration with the tax authority of the applicant - legal entity;
2) a properly certified translation into Russian of documents on state registration of a legal entity in accordance with the legislation of a foreign state (for foreign legal entities);
3) a power of attorney or other document confirming the right of the applicant to act on behalf of other persons.
3. Upon receipt of a qualified certificate by the applicant, he must be familiarized against receipt by an accredited certification center with the information contained in the qualified certificate.
4. Simultaneously with the issuance of a qualified certificate, an accredited certification center must issue to the holder of a qualified certificate a manual on ensuring the security of using a qualified electronic signature and means of a qualified electronic signature.
Article 19. Final provisions
1. Signature key certificates issued in accordance with Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signature" are recognized as qualified certificates in accordance with this Federal Law.
2. An electronic document signed with an electronic digital signature before the date of invalidation of Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signature" is recognized as an electronic document signed with a qualified electronic signature in accordance with this Federal Law.
Article 20. Entry into force of this Federal Law
1. This Federal Law shall enter into force on the day of its official publication.
2. Federal Law No. 1-FZ of January 10, 2002 "On Electronic Digital Signature" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2002, No. 2, Article 127) shall be declared invalid as of July 1, 2012.
President of the Russian Federation D. Medvedev
