The Ministry for Digital Development, Communications and the Mass Media (known by the Russian acronym Mintsyfry) has outlined the procedure for applying an electronic signature after January 1, 2022. The magazine “Raschet” studied the explanations of the government department in order to answer questions about which signatures will be used by business, which electronic digital signatures (EDS) will continue to operate, and which ones need to be received in advance.
On July 1 of this year, amendments to Federal Law No. 63-FZ “On an Electronic Signature” dated April 6, 2011 came into force. The law determines three types of electronic signatures.
1. A simple electronic signature
This type of EDS is a login and password to log in to a website or a code received in the form of an SMS to the subscriber’s phone. This EDS is created in an information system, and is used, as a rule, in banking transactions, for authentication, obtaining state services, and sometimes in internal corporate electronic digital flow (EDF). A simple electronic signature has a similar significance to a handwritten one, if it is stipulated in a separate statutory enactment or in an agreement between those involved in electronic document flow. The latter elaborates the rules for identifying the owner of a simple EDS and compliance with confidentiality.
2. An unqualified enhanced electronic signature
These EDS, according to the law, already have a much larger range of opportunities. Such a signature is created by cryptographic encryption programs using a private key. Its use helps to identify the identity of the owner and confirm the fact of changes being made to a file. The main area of application is document flow between contractors and participation in electronic auctions.
3. An enhanced Qualified Electronic Signature (EQES)
Like the previous type, this signature is created using cryptography and public keys. But according to Law 63-FZ, such a signature differs in that it has a qualified certificate. The software to work with it has to be certified by the Federal Security Service of Russia. Also, according to the law, the EQES is issued only by certification authorities accredited by the Ministry of Communications. This EDS does not require additional conditions and agreements from the participants of the exchange, and it has legal value on a par with a paper document signed with the signatory’s own hand. Such a signature, in accordance with the law, is used to send reporting to state authorities, in electronic auctions, to work with information systems of any state authority, as well as internal and external EDF. Therefore, if organizations and individual entrepreneurs use such a signature, electronic document flow is automatically recognized by the law as legally valid.
Receiving an EDS actually means receiving a signature certificate. Using the private and public keys, the certificate holder generates an electronic signature for each file. The certificate confirms that the keys belong to specifically this owner and that it was he or she who signed the document. The law determines several types of certificates:
Here it is important to explain the first change. Thus, starting from January 1 of the new year, the types of certificates issued by certification authorities will not change, but there will still be adjustments. They will touch upon the methods of obtaining certificates and their application. Subsequently, the certificate of a legal entity can no longer be obtained by an employee of the organization or by an authorized person. They will be issued only to CEOs and only by the certification authority (CA) of the Federal Tax Service or its authorized representatives (for financial organizations, they will be issued by the Central Bank’s CA, and for state employees by the Federal Treasury’s CA). A certificate of an individual will be used not only for personal needs, but also by employees of organizations. To sign reporting or other documents on behalf of the company, they will also need an electronic power of attorney, certified, in turn, by a qualified EDS of the head of the organization. Previously, impersonal certificates were used only in the system of interdepartmental electronic interaction (IEIS) in the provision of state services. Since 2022, such certificates can be used only when signing documents in an information system whose operator is also the owner of the EDS.
RECEIVING AN EDS
Currently, the certification authorities of the Federal Tax Service, which are local branches of tax inspectorates, can issue electronic signatures. The list of certification authorities of the Federal Tax Service can be found on the regional website of the tax service. The certification authorities of the Federal Tax Service will issue signatures to organizations (only a person who has the right to act on behalf of an organization without a power of attorney, namely, its CEO, will be able to obtain a signature) and individual entrepreneurs and notaries who have to apply for a signature in person.
Please note: the Federal Tax Service will not be engaged in issuing signatures to individuals, including employees of organizations.
It will also be possible to obtain an EDS at accredited certification authorities (ACA). ACA are commercial certification authorities, which became able to obtain accreditation under the new rules on July 1, 2021. The full list of accredited CA can be found on the website of the Mintsyfry at the link https://digital.gov.ru/ru/activity/govservices/2 /
During the transition period from July 1 to the end of this year, an ACA will issue signatures to organizations, individual entrepreneurs and individuals. Starting from January 1, 2022, ACA will be able to issue electronic signatures only to individuals: both private individuals and employees of organizations (those who are authorized to perform any actions under a power of attorney).
And finally, the third group of organizations that have the right to issue electronic signatures are authorized representatives of the certification authorities of the Federal Tax Service. Such organizations are ACAs that will undergo an even more rigorous selection process and will be determined by the Federal Tax Service in accordance with the procedure established by the Government of the Russian Federation. Authorized representatives of the certification authorities of the Federal Tax Service will be able to issue signatures on behalf of the tax service. The list of authorized representatives is posted on the official website of the Federal Tax Service https://www.nalog.gov.ru/rn77/related_activities/ucfns/dlucfns /
Authorized representatives of the certification authorities of the Federal Tax Service will issue an EDS to a company.
PREREQUISITES FOR CHANGES
Starting from this year, the process of gradual changes in terms of the procedure for issuing electronic digital signatures has begun. Relationships in the field of using EDS are regulated by Federal Law No. 63-FZ dated April 6, 2011. In 2019, large-scale changes were made to this instrument. Nadezhda Galkina, Acsour’s Accountant explained what the reason was for this.
The decision to make amendments could owe to an excessive number of existing certification authorities in operation. At the same time, not all of them could ensure proper information security and be responsible to their clients. A large number of certification authorities complicated state control and supervision of the market. The solution to this problem was a set of amendments.
To protect yourself, before entering into a contract with a CA, verify that it is in the updated list of accredited certification authorities and that the sale of an EDS in this case will be lawful. On the official website of the Ministry for Digital Development, Communications and Mass Media of the Russian Federation, you can check the list of currently accredited certification authorities. It should be noted that the accreditation has been passed by CA that previously owned a significant part of the market.
It is important that conducting activities without appropriate accreditation will be classed as illegal entrepreneurship. The corresponding amendments to article 171 of the Criminal Code of the Russian Federation entered into force on July 27, 2021. This means that the CEO of a CA that is illegally selling EDS can face criminal liability.
SIGNATURES OF A MANAGER AND INDIVIDUAL ENTREPRENEUR
Starting from January 1, 2022, the CEOs of organizations and individual entrepreneurs will have to use signatures of the Federal Tax Service. It became possible to obtain such an EDS as early as July 1, 2021.
To obtain a signature, it is necessary to contact the tax service directly or its authorized representatives.
For the first signature, the CEO has to attend in person for identification purposes. It is impossible to obtain an EDS for him or her even with a notarized power of attorney. When receiving the following signatures, the CEO will be able to certify his or her identity remotely: with a valid electronic signature or biometric data. At the first meeting with representatives of the Federal Tax Service or the certification authority, the CEO needs to take his or her passport, personal insurance policy number (referred to by the Russian acronym SNILS), a protected media (token) and documentation for it. Media can be purchased at the CA or from the manufacturer, or it is possible to use an existing one that meets the requirements of the Tax Service.
In order for the electronic signature to work, there should be a valid means of cryptographic protection on the computer (for example, the CryptoPro CSP program and a license for it). This program can be purchased from the certification authority, as well as from authorized representatives or from the manufacturer.
At the Federal Tax Service, managers will be able to obtain only one signature for the company. Its key will be non-copyable – which means that it will be impossible to make a copy for an employee. All authorized persons who sign documents on behalf of the company will need their own signature of an individual together with an electronic power of attorney.
Starting from 2022, other rules will be applied to the CEOs of financial organizations and to government officers. They need to apply the signatures received from the Central Bank and the Treasury, respectively.
CHANGES FOR EMPLOYEES
Signatures of employees which are currently valid contain information not only about the individual, but also about him or her belonging to a specific organization. New signatures will not reflect such information. In other words, employees will simply receive a signature of an individual. The powers will be confirmed by an electronic power of attorney in machine-readable form (MRP).
If a Russian certifies an electronic document for personal purposes, he or she will sign it with a new EDS of an individual. If he or she acts as an employee of an organization or individual entrepreneur, then an electronic power of attorney in machine-readable form has to be attached to a document signed by the signature of an individual.
In the nearest future, the requirements for the format of the MRP, the content of mandatory particulars in it, and the procedure for sending, revoking and storing it should be approved.
Starting from January 1, 2022, a company’s employees and authorized representatives have to use their personal signature for both work and personal documents. If, as of January 1, an employee has an electronic signature of a CA accredited under the new rules, he or she can continue to use it. He or she will then receive the next signature according to the new rules by contacting an accredited certification authority.
A SIGNATURE’S VALIDITY PERIOD
All electronic signatures that organizations and individual entrepreneurs currently use to sign documents can be used until their expiration date or until December 31, 2021 inclusive, whichever date is earlier. In an official letter No. OP-P15-085-33604 dated August 10, 2021, the Ministry for Digital Development, Communications and the Mass Media explained how electronic signatures received in 2021 will be used in 2022.
If the electronic signature was issued by a CA accredited after July 1, 2020, the signature will be valid until the QES certificate expires (even if the expiration date comes after January 1, 2022). If the QES certificate was created before July 1, 2021 by a CA accredited earlier than July 1, 2020 and was accredited under the new rules between July 1 and December 31, 2021, then the electronic signature can be used until the QES certificate expires. If the electronic signature was issued before July 1, 2021, and the certification authority that issued it did not pass accreditation under the new rules, it is impossible to use such a signature after January 1, 2022. If the certificate was issued after July 1, 2021 by a certification authority that, at the time the certificate was issued, had not yet been accredited under the new rules, then such a signature is invalid.