Unofficial transfer (c) Soyuzpravoinform LLC
of June 28, 2024 No. 764
Some questions of electronic identification and electronic confidential services
According to Articles 4-1, 11-2, 13, of 18, 20-23, 26-28 of the Law of Ukraine "About electronic identification and electronic confidential services" the Cabinet of Ministers of Ukraine decides:
1. Approve enclosed:
Requirements to service providers of electronic identification and electronic confidential services;
2. Recognize invalid resolutions of the Cabinet of Ministers of Ukraine according to the enclosed list.
Prime Minister of Ukraine
D. Shmygal
Approved by the Resolution of the Cabinet of Ministers of Ukraine of June 28, 2024 No. 764
General provisions
1. These requirements determine organizational and methodological, technical and technological conditions to which service providers of electronic identification, and also suppliers of electronic confidential services shall adhere (qualified and unqualified) (further - suppliers of confidential services), including on safety and information protection, and their isolated registration Items in case of provision of services of electronic identification and electronic confidential services, and also workers of the supplier of confidential services.
2. Action of these requirements does not extend to provision of services of electronic identification and electronic confidential services according to provisions of paragraph two of part one of article 2 of the Law of Ukraine "About electronic identification and electronic confidential services" (further - the Law).
3. In these requirements terms are used in the following value:
1) gesh - values - the electronic data fixed on amount created by conversion of electronic data using the cryptographic algorithm;
2) the applicant - the physical person, including the foreigner and the stateless person, the physical person - the entrepreneur, the legal entity and their authorized representatives who addressed predostavitel of services of electronic identification or predostavitel of confidential services for receipt of services of electronic identification and electronic confidential services;
3) information communications system of the central certifying body set of information and communications systems of the central certifying body which in processing of information are effective as a unit and are used during provision of electronic confidential services and accomplishment of other powers determined by articles 7 and 7-1 of the Law;
4) the user of means of electronic identification person to whom the service provider of electronic identification issued means of electronic identification according to the scheme entered to the list of schemes of electronic identification;
5) online transaction - any action which is carried out by means of electronic devices in real time and providing continuous connection by means of electronic communications during its carrying out;
6) check - the offside event of the state supervision (control) of observance of requirements of the legislation in spheres of electronic identification and electronic confidential services performed by officials of monitoring body according to their functional obligations on the location of the supplier of confidential services, the central certifying body or certification center;
7) policy of the certificate - rule set, the electronic confidential services applied by the skilled supplier (further - the skilled supplier of confidential services) in the course of provision of qualified electronic confidential services in forming, check and confirmation of action of qualified certificates of public keys;
8) provisions certified expert set of all practical actions and procedures applied to realization of policy of the certificate of the skilled supplier of confidential services;
9) the program interface of the central certifying body component of information communications system of the central certifying body which allows to receive or transfer certain smoked data set to electronic information resource (ensuring interoperability) and provides accomplishment of other powers determined by articles 7 and 7-1 of the Law;
10) the publication of the qualified certificate of open key provision of the qualified certificate of public key to the user and in case of its consent - to other persons by placement of such certificate on the website of the supplier of confidential services;
11) the certificate revocation list of open keys - is created and published by predostavitel of confidential services, the central certifying body / certification center the list of qualified certificates of public keys which status is changed on blocked, updated or cancelled;
12) the status of the qualified certificate of public key - condition of the qualified certificate of public key (acting, blocked, cancelled) on certain timepoint;
13) management of the status of the certificate - change of the status of the qualified certificate of public key predostavitel of confidential services.
4. Other terms are used in the value given in the Laws of Ukraine "About electronic identification and electronic confidential services", "About electronic documents and electronic document management", "About electronic communications", "About information protection in information communications systems", "About the basic principles of ensuring cyber security of Ukraine", "On regulation of town-planning activities", the resolution of the Cabinet of Ministers of Ukraine of August 11, 2023 No. 844 "About approval of requirements to the confidential list" (The Official Bulletin of Ukraine, 2023, No. 79, the Art. 4487) and other regulatory legal acts in spheres of electronic identification and electronic confidential services.
5. Forming of certificates of public keys shall be performed with observance of the following standards:
DSTU ISO/IEC 9594-8:2021 (ISO/IEC 9594-8: 2020, IDT) "Information technologies. Interrelation of open systems. Part 8. Directory. Structure of certificates of public keys and attributes";
DSTU ETSI EN 319 412-1:2021 (ETSI EN 319 412-1 V1.4.4 (2021-05), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 1. Overview and typical data structures";
DSTU ETSI EN 319 412-2:2021 (ETSI EN 319 412-2 V2.2.1 (2020-07), IDT) "Digital signatures and infrastructures. (ESI). Profiles of certificates. Part 2. Profiles of the certificates issued to physical persons";
DSTU ETSI EN 319 412-3:2021 (ETSI EN 319 412-3 V1.2.1 (2020-07), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 3. Profiles of the certificates issued to legal entities";
DSTU ETSI EN 319 412-4:2022 (ETSI EN 319 412-4 V1.2.1 (2021-11), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 4. Certificate profile for certificates of websites";
Skilled suppliers of confidential services have the right to independently select concerning each service standards from the list according to appendix which can apply to provision of qualified electronic confidential services.
Requirements to service providers of electronic identification
6. The service provider of electronic identification provides service of electronic identification in the scheme entered to the list of schemes of electronic identification.
7. Service providers of electronic identification in case of issue of means of electronic identification have the right to perform verification of information containing in means of electronic identification which is issued to person with use of data of information resources of unified information system of the Ministry of Internal Affairs (the data containing in the Unified state demographic register and data concerning the stolen (lost) documents - according to addresses of citizens), the state register of physical persons - the state register of acts of civil status of citizens, the Unified State Register of Legal Entities, physical persons entrepreneurs and public forming, and also information from other public electronic registers according to the Law of Ukraine "About public electronic registers", received in the course of electronic interaction by means of the integrated system of electronic identification according to article 11-2 of the Law.
8. Provision of services of electronic identification by service providers of electronic identification shall be performed with observance of the following standards:
DSTU EN ISO/IEC 29100:2022 (EN ISO/IEC 29100:2020, IDT; ISO/IEC 29100:2011, including Amd 1:2018, IDT) "Information technologies. Protection methods. Basic provisions on ensuring non-interference to private life";
DSTU ISO/IEC 29101:2018 (IDT ISO/IEC 29101:2013,) "Information technologies. Protection methods. Structure of architecture of providing prayvesa";
DSTU ISO/IEC 19989-1:2023 (ISO/IEC 19989-1:2020, of IDT) "Information security. Criteria and methodology of assessment of safety of biometric systems. Part 1. Structure";
DSTU ISO/IEC 19989-2:2023 (ISO/IEC 19989-2:2020, of IDT) "Information security. Criteria and methodology of assessment of safety of biometric systems. Part 2. Efficiency of biometric recognition";
DSTU ISO/IEC 24745:2023 (IDT ISO/IEC 24745:2022,) "Information technologies. Cyber security and privacy protection. Protection of biometric information";
DSTU ISO/IEC 30107-1:2023 (ISO/IEC 30107-1: 2016, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 1. Structure";
DSTU ISO/IEC 30107-2:2023 (ISO/IEC 30107-2: 2017, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 2. Formats of data";
DSTU ISO/IEC 30107-3:2023 (ISO/IEC 30107-3: 2017, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 3. Testing and reporting";
DSTU ISO/IEC 30107-4:2023 (ISO/IEC 30107-4: 2020, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 4. Profile for testing of mobile devices";
DSTU ISO/IEC 29146:2023 (IDT ISO/IEC 29146:2016,) "Information technologies. Safety methods. Management structure access";
DSTU ISO/IEC 15408-1:2023 (ISO/IEC 15408-1:2022, of IDT) "Information technologies. Cyber security and privacy protection. Criteria for evaluation of safety of IT. Part 1. Introduction and general model";
DSTU ISO/IEC 15408-2:2023 (ISO/IEC 15408-2:2022, of IDT) "Information technologies. Cyber security and privacy protection. Criteria for evaluation of IT-safety. Part 2. Components of functional safety";
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.