Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

LAW OF UKRAINE

of October 5, 2017 No. 2155-VIII

About electronic identification and electronic confidential services

(as amended on 18-11-2021)

This Law determines legal and organizational basis of electronic identification and provision of electronic confidential services, the rights and obligations of subjects of the relations in the field of electronic identification and electronic confidential services, procedure of the state control of observance of requirements of the legislation in spheres of electronic identification and electronic confidential services.

The purpose of this Law is settlement of the relations in spheres of provision of electronic identification and electronic confidential services.

Section I General provisions

Article 1.

Determination of terms

1. In this Law terms are used in the following value:

1) authentication - the electronic process allowing to confirm electronic identification of the physical, legal entity, information or information communications system and/or origin and integrity of electronic data;

2) multifactor authentication – authentication with use of two or more authentication factors belonging to different groups of authentication factors;

3) blocking of the certificate of public key – temporary stop of force of the certificate of public key;

4) the website – set of the software placed on unique address in the computer network, including on the Internet together with the information resources which are at the disposal of certain subjects and the legal entities and physical persons providing access to these information resources and other information services via the computer network;

5) public key (this for confirmation of the digital signature or electronic seal) – the data used for confirmation of the digital signature or electronic seal;

6) isolated registration Item - representative office (branch, division, territorial authority) of service provider of electronic identification, the supplier of electronic confidential services or legal entity or physical person, including the notary, based on the order of the service provider of electronic identification, the supplier of electronic confidential services (his head) or the agreement signed with it, the users of means of electronic identification or subscribers performing registration with observance of requirements of the legislation in spheres of electronic identification, electronic confidential services and information protection;

7) the purse with digital identification - means of identification that allows the user to provide at the request of the third parties information about identification data, to perform electronic identification and authentication for service provision, to create qualified digital signatures and/or seals and shall meet the requirements of article 15-1 of this Law;

8) The confidential list – the list of skilled suppliers of electronic confidential services with information on them and about qualified electronic confidential services which they provide;

9) documentary information - documents from which electronic confidential services from which that number qualified certificates of public keys were created, blocked, updated, cancelled were provided to users of electronic confidential services all are created qualified certificates of public keys, as well as registers of the created qualified certificates of public keys;

10) electronic confidential service – the electronic service provided for ensuring electronic interaction of two or more subjects trusting to provision of electronic confidential services in provision of such service;

11) electronic identification – process of use identification these persons electronically, unambiguously determining physical, legal entity or the authorized representative of the legal entity;

12) electronic seal - electronic data which are attached to other electronic data or logically with them communicate and used for ensuring reliability of origin of the connected electronic data, or for assurance of signatures of subscribers on electronic documents, or for assurance of compliance of copies of documents to originals and integrity violation identification;

13) electronic mark of time – the electronic data connecting other electronic data with specific timepoint for the certificate of availability of these electronic data at the moment of time;

14) electronic service – any service in provision of certain material or non-material benefit for benefit of other person rendered through information communications system;

15) the digital signature – the electronic data attached to other electronic data or logically with them communicate and used by subscriber as the signature;

16) electronic data – any information electronically;

17) the certificate owing to public key – the procedure of forming of the certificate of public key;

18) digital signature facility or seals – the hardware-software device or the software used for creation of the digital signature or seal;

19) means of electronic identification - the material and/or non-material object containing identification these persons is also used for authentication of the personality in information communications systems;

20) means of the qualified digital signature or seal - the digital signature facility or seals meeting the requirements established by parts one - the fourth article 19 of this Law;

21) identification these persons - data set, the physical, legal person or the representative of the legal entity allowing to identify;

22) identification of the personality - process of use of identification data of the personality of the documents created on material carriers, and/or electronic data as a result of which unambiguous establishment of the physical, legal entity or authorized representative of the legal entity and check of accessory is provided to person of such data;

23) interoperability – technological compatibility of the technical solutions used for provision of electronic services and their capability to interact among themselves;

24) qualified electronic confidential service of the registered electronic delivery – the registered electronic delivery meeting the requirements established by part one of article 27 of this Law;

25) qualified electronic seal – the advanced electronic seal created with use of means of qualified electronic seal and which is based on the qualified certificate of electronic seal;

26) qualified electronic mark of time – the electronic mark of time meeting the requirements established by part two of article 26 of this Law;

27) the qualified digital signature – the advanced digital signature which is created with use of means of the qualified digital signature and is based on the qualified digital signature certificate;

28) the skilled supplier of electronic confidential services - the legal entity irrespective of legal form and pattern of ownership, the physical person - the entrepreneur providing one or more qualified electronic confidential services and the data on which are entered in the Confidential list;

29) the qualified certificate of authentication of the website - the certificate of authentication of the website issued by the skilled supplier of electronic confidential services, certification center or the central certifying body and meeting the requirements established by part two of article 23 of this Law;

30) the qualified digital signature certificate - the digital signature certificate issued by the skilled supplier of electronic confidential services and meeting the requirements established by part two of article 23 of this Law;

31) the qualified certificate of electronic seal - the certificate of electronic seal issued by the skilled supplier of electronic confidential services and meeting the requirements established by part two of article 23 of this Law;

32) compromise of means of electronic identification - any event which brought or can lead to illegal access to electronic identification;

33) compromise of personal key – any event which brought or can lead to illegal access to personal key;

34) users of electronic confidential services are subscribers, creators of electronic seals, senders and receivers of electronic data, other physical persons and legal entities receiving electronic confidential services at suppliers of such services according to requirements of this Law;

35) users of services of electronic identification - physical, legal entities or authorized representatives of the legal entity who use means of electronic identification, purses with digital identification or receive services of electronic identification at suppliers of such services according to requirements of this Law;

36) the supplier of electronic confidential services - the legal entity irrespective of legal form and pattern of ownership, the physical person - the entrepreneur rendering one or more electronic confidential services as the skilled or unskilled supplier of electronic confidential services;

37) the service provider of electronic identification - the legal entity irrespective of legal form and pattern of ownership, the physical person - the entrepreneur providing service of electronic identification in the scheme entered to the list of schemes of electronic identification and also can register users of means of electronic identification;

38) the unskilled supplier of electronic confidential services - the supplier of electronic confidential services, data on whom are not entered in the Confidential list and meeting the requirements determined by the Cabinet of Ministers of Ukraine to unskilled suppliers of electronic confidential services;

39) conformity assessment body - the company, organization, the organization or their divisions performing activities for assessment of conformity, accredited according to the legislation in the field of accreditation or assigned according to the legislation on technical regulations and assessment of conformity, and also the foreign conformity assessment body accredited in compliance by foreign accreditation bodies are signers of the multilateral agreement about recognition of the International forum on accreditation and/or the European cooperation on accreditation (EA MLA);

40) personal key (this for creation of the digital signature or seal) – the unique data used by the subscriber or the creator of electronic seal for creation of the digital signature or seal;

41) couple of keys – personal and corresponding to it opened the keys which are the interconnected parameters;

42) confirmation of the digital signature or seal – verification process and confirmations of validity of the digital signature or seal;

43) confirmation of electronic identification – verification process and confirmations of accessory of identification data to the physical, legal entity or the authorized representative of the legal entity;

44) subscriber – the physical person creating the digital signature;

45) recovery of the certificate of public key – recovery of action of previously blocked certificate of public key;

46) service of electronic identification – the service provided for providing or confirmation of electronic identification;

47) the software and hardware complex used for provision of electronic confidential services (further - software and hardware complex), - hardware-software and the software providing accomplishment of the functions connected with provision of electronic confidential services;

48) the register of the existing, blocked and cancelled certificates of public keys – the electronic database which contains the data on certificates of public keys created by provision of electronic confidential services, certification center or the central certifying body, their status and certificate revocation lists of public keys;

49) the registered electronic delivery - the service giving opportunity to transmit electronic data between the third parties through electronic means, to provide the proofs connected with processing of the transferred electronic data including the proof of their sending and obtaining, and to protect the transferred electronic data from risk of loss, theft, damage or any unauthorized changes;

50) the self-signed certificate of electronic seal - the qualified certificate of electronic seal created by the central certifying body or certification center with use of personal key of the central certifying body or certification center;

51) the certificate of authentication of the website - the electronic certificate allowing to perform authentication of the website and to coordinate this website to physical person or legal entity to which the certificate is issued;

52) the digital signature certificate - the electronic certificate connecting public key of the digital signature with physical person and confirming at least surname, own name, middle name (in the presence) or pseudonymization of such person;

53) the certificate of electronic seal - the electronic certificate connecting public key of electronic seal with the legal entity, person performing economic activity, and confirming the name of such person;

54) canceling of the certificate of public key – stop of action of the certificate of public key;

55) the creator of electronic seal - the legal entity or the physical person - the entrepreneur creating electronic seal;

56) the scheme of electronic identification – system of electronic identification in which means of electronic identification are issued to physical, legal entities and authorized representatives of legal entities;

57) technological neutrality of technical solutions - non-admission of establishment of such mandatory requirements to the technical solutions used in the course of electronic identification and provision of electronic confidential services which can be satisfied only with one technology;

58) advanced electronic seal - the electronic seal meeting the requirements established by part one of article 17-1 of this Law;

59) the advanced digital signature based on the qualified digital signature certificate - the advanced digital signature created with use of the qualified digital signature certificate issued by the skilled supplier of electronic confidential services and which is not containing data that the personal key is stored in means;

60) authentication factor - one of signs on the basis of knowledge (ownership of information (data), only to the famous user) or ownerships (use of physical item which is owned only by the user), or properties (verification of biometric data or other properties (rice, characteristics), inherent only to the user, distinguishing it from other users).

2. Other terms are used in this Law in the values given in the Civil code of Ukraine, the laws of Ukraine "About electronic documents and electronic document management", "About information protection in information communications systems", "About personal data protection", "About the basic principles of ensuring cyber security of Ukraine", "About standardization", "About technical regulations and assessment of conformity", "About scientific and scientific and technical examination", "About the National Bank of Ukraine".

Article 2. Law coverage

1. This Law governs the relations arising between legal, physical persons, subjects of powers of authority in the course of provision and receipt of services of electronic identification, purses with digital identification and electronic confidential services, the procedure of provision of such services, supervision and control of observance of requirements of the legislation in the field of electronic identification and electronic confidential services.

This Law does not extend to implementation of electronic identification and provision of electronic confidential services in systems in which office information and the state secret, and also in systems which are used by exclusively certain group of participants on a contract basis for internal needs of legal entities or physical persons are processed.

2. Features of legal regulation of electronic identification and provision of electronic confidential services of the public relations determined in spheres can be established by the laws of Ukraine.

Article 3. The legislation in the field of electronic confidential services of electronic identification

1. The relations connected with electronic identification and provision of electronic confidential services are regulated by the Constitution of Ukraine, the Civil code of Ukraine, the laws of Ukraine "About information", "About information protection in information communications systems", "About electronic documents and electronic document management", "About personal data protection", this Law, and also other regulatory legal acts.

Article 4. The basic principles of state regulation in spheres of electronic confidential services of electronic identification

1. State regulation and management in spheres of electronic identification and electronic confidential services is performed on basis:

ensuring the principle of supremacy of law in the course of electronic identification and provision of electronic confidential services;

creation of favorable and competitive conditions for development and functioning of spheres of electronic identification and confidential electronic services;

free circulation of services of electronic identification and electronic confidential services in Ukraine, and also possibility of free provision of services of electronic identification and electronic confidential services of electronic identification by service providers and suppliers of electronic confidential services who are nonresidents of Ukraine, in case of recognition of such services according to requirements of this Law;

ensuring protection of the rights and legitimate interests of users of electronic identification and electronic confidential services;

ensuring availability and opportunities of use of services of electronic identification and electronic confidential services for persons with disability on an equal basis with other physical persons;

compliance of requirements to electronic identification and provision of electronic confidential services to national, European and international standards;

ensuring interoperability and technological neutrality of technical solutions, and also discrimination non-admission;

ensuring personal data protection, processed in the course of electronic identification and provision of confidential services electronic.

2. The purpose of implementation of state regulation and management in spheres of electronic confidential services of electronic identification are:

carrying out single and effective state policy in spheres of electronic confidential services of electronic identification;

creating favorable conditions for development and functioning of spheres of electronic confidential services of electronic identification;

ensuring interoperability and technological neutrality of technical solutions, and also non-admission of their discrimination;

providing equal opportunities for access to services of electronic identification, electronic confidential services and protection of the rights of their subjects;

prevention of monopolization and creation of conditions for development of fair competition in the field of electronic identification and electronic confidential services;

ensuring personal data protection, processed in case of provision of services of electronic identification and electronic confidential services, according to requirements of the legislation on personal data protection;

holding actions for promoting of electronic confidential services of electronic identification among the population and legal entities;

control of transparency and openness in spheres of electronic confidential services of electronic identification;

assistance of integration of Ukraine into world electronic information space.

3. State regulation and control in spheres of electronic confidential services of electronic identification is exercised in the way:

normative legal regulation in spheres of electronic confidential services of electronic identification;

supervision (control) of observance of requirements of the legislation in spheres of electronic identification and electronic confidential services;

international cooperation in spheres of electronic confidential services of electronic identification;

carrying out other measures of state regulation in spheres of electronic confidential services of electronic identification, stipulated by the legislation.

Article 4-1. Use of aliases in spheres of electronic identification and electronic confidential services

1. Physical persons who are users of services of electronic identification or electronic confidential services in case of receipt of such services have the right instead of surname, own name and middle name (in the presence) to use alias in the cases determined by the law on condition of obligatory specifying about its use in means of electronic identification and certificates of public keys according to the procedure determined by the Cabinet of Ministers of Ukraine.

2. Use of alias does not exempt the service provider of electronic identification, the supplier of electronic confidential services from obligation of identification of physical person which intends to use alias, according to requirements of the legislation in spheres of electronic identification and electronic confidential services.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.