Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

Unofficial transfer (c) Soyuzpravoinform LLC

RESOLUTION OF THE CABINET OF MINISTERS OF UKRAINE

of June 28, 2024 No. 764

Some questions of electronic identification and electronic confidential services

According to Articles 4-1, 11-2, 13, of 18, 20-23, 26-28 of the Law of Ukraine "About electronic identification and electronic confidential services" the Cabinet of Ministers of Ukraine decides:

1. Approve enclosed:

Requirements to service providers of electronic identification and electronic confidential services;

Procedure for informing monitoring body and users of services of electronic identification, users of electronic confidential services about violation of confidentiality and/or integrity of information;

Procedure for test of information on persons to which means of electronic identification or qualified certificates of public keys with use of data of information systems and public electronic registers are issued;

Procedure for use of aliases by physical persons who are users of services of electronic identification or electronic confidential services;

Procedure for conducting check of civil legal capacity and capacity to act of the legal entity or physical person - the entrepreneur by provision of electronic confidential services.

2. Recognize invalid resolutions of the Cabinet of Ministers of Ukraine according to the enclosed list.

Prime Minister of Ukraine

D. Shmygal

Approved by the Resolution of the Cabinet of Ministers of Ukraine of June 28, 2024 No. 764

Requirements to service providers of electronic identification and electronic confidential services

General provisions

1. These requirements determine organizational and methodological, technical and technological conditions to which service providers of electronic identification, and also suppliers of electronic confidential services shall adhere (qualified and unqualified) (further - suppliers of confidential services), including on safety and information protection, and their isolated registration Items in case of provision of services of electronic identification and electronic confidential services, and also workers of the supplier of confidential services.

2. Action of these requirements does not extend to provision of services of electronic identification and electronic confidential services according to provisions of paragraph two of part one of article 2 of the Law of Ukraine "About electronic identification and electronic confidential services" (further - the Law).

3. In these requirements terms are used in the following value:

1) gesh - values - the electronic data fixed on amount created by conversion of electronic data using the cryptographic algorithm;

2) the applicant - the physical person, including the foreigner and the stateless person, the physical person - the entrepreneur, the legal entity and their authorized representatives who addressed predostavitel of services of electronic identification or predostavitel of confidential services for receipt of services of electronic identification and electronic confidential services;

3) information communications system of the central certifying body set of information and communications systems of the central certifying body which in processing of information are effective as a unit and are used during provision of electronic confidential services and accomplishment of other powers determined by articles 7 and 7-1 of the Law;

4) the user of means of electronic identification person to whom the service provider of electronic identification issued means of electronic identification according to the scheme entered to the list of schemes of electronic identification;

5) online transaction - any action which is carried out by means of electronic devices in real time and providing continuous connection by means of electronic communications during its carrying out;

6) check - the offside event of the state supervision (control) of observance of requirements of the legislation in spheres of electronic identification and electronic confidential services performed by officials of monitoring body according to their functional obligations on the location of the supplier of confidential services, the central certifying body or certification center;

7) policy of the certificate - rule set, the electronic confidential services applied by the skilled supplier (further - the skilled supplier of confidential services) in the course of provision of qualified electronic confidential services in forming, check and confirmation of action of qualified certificates of public keys;

8) provisions certified expert set of all practical actions and procedures applied to realization of policy of the certificate of the skilled supplier of confidential services;

9) the program interface of the central certifying body component of information communications system of the central certifying body which allows to receive or transfer certain smoked data set to electronic information resource (ensuring interoperability) and provides accomplishment of other powers determined by articles 7 and 7-1 of the Law;

10) the publication of the qualified certificate of open key provision of the qualified certificate of public key to the user and in case of its consent - to other persons by placement of such certificate on the website of the supplier of confidential services;

11) the certificate revocation list of open keys - is created and published by predostavitel of confidential services, the central certifying body / certification center the list of qualified certificates of public keys which status is changed on blocked, updated or cancelled;

12) the status of the qualified certificate of public key - condition of the qualified certificate of public key (acting, blocked, cancelled) on certain timepoint;

13) management of the status of the certificate - change of the status of the qualified certificate of public key predostavitel of confidential services.

4. Other terms are used in the value given in the Laws of Ukraine "About electronic identification and electronic confidential services", "About electronic documents and electronic document management", "About electronic communications", "About information protection in information communications systems", "About the basic principles of ensuring cyber security of Ukraine", "On regulation of town-planning activities", the resolution of the Cabinet of Ministers of Ukraine of August 11, 2023 No. 844 "About approval of requirements to the confidential list" (The Official Bulletin of Ukraine, 2023, No. 79, the Art. 4487) and other regulatory legal acts in spheres of electronic identification and electronic confidential services.

5. Forming of certificates of public keys shall be performed with observance of the following standards:

DSTU ISO/IEC 9594-8:2021 (ISO/IEC 9594-8: 2020, IDT) "Information technologies. Interrelation of open systems. Part 8. Directory. Structure of certificates of public keys and attributes";

DSTU ETSI EN 319 412-1:2021 (ETSI EN 319 412-1 V1.4.4 (2021-05), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 1. Overview and typical data structures";

DSTU ETSI EN 319 412-2:2021 (ETSI EN 319 412-2 V2.2.1 (2020-07), IDT) "Digital signatures and infrastructures. (ESI). Profiles of certificates. Part 2. Profiles of the certificates issued to physical persons";

DSTU ETSI EN 319 412-3:2021 (ETSI EN 319 412-3 V1.2.1 (2020-07), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 3. Profiles of the certificates issued to legal entities";

DSTU ETSI EN 319 412-4:2022 (ETSI EN 319 412-4 V1.2.1 (2021-11), IDT) "Digital signatures and infrastructures (ESI). Profiles of certificates. Part 4. Certificate profile for certificates of websites";

Skilled suppliers of confidential services have the right to independently select concerning each service standards from the list according to appendix which can apply to provision of qualified electronic confidential services.

Requirements to service providers of electronic identification

6. The service provider of electronic identification provides service of electronic identification in the scheme entered to the list of schemes of electronic identification.

7. Service providers of electronic identification in case of issue of means of electronic identification have the right to perform verification of information containing in means of electronic identification which is issued to person with use of data of information resources of unified information system of the Ministry of Internal Affairs (the data containing in the Unified state demographic register and data concerning the stolen (lost) documents - according to addresses of citizens), the state register of physical persons - the state register of acts of civil status of citizens, the Unified State Register of Legal Entities, physical persons entrepreneurs and public forming, and also information from other public electronic registers according to the Law of Ukraine "About public electronic registers", received in the course of electronic interaction by means of the integrated system of electronic identification according to article 11-2 of the Law.

8. Provision of services of electronic identification by service providers of electronic identification shall be performed with observance of the following standards:

DSTU EN ISO/IEC 29100:2022 (EN ISO/IEC 29100:2020, IDT; ISO/IEC 29100:2011, including Amd 1:2018, IDT) "Information technologies. Protection methods. Basic provisions on ensuring non-interference to private life";

DSTU ISO/IEC 29101:2018 (IDT ISO/IEC 29101:2013,) "Information technologies. Protection methods. Structure of architecture of providing prayvesa";

DSTU ISO/IEC 19989-1:2023 (ISO/IEC 19989-1:2020, of IDT) "Information security. Criteria and methodology of assessment of safety of biometric systems. Part 1. Structure";

DSTU ISO/IEC 19989-2:2023 (ISO/IEC 19989-2:2020, of IDT) "Information security. Criteria and methodology of assessment of safety of biometric systems. Part 2. Efficiency of biometric recognition";

DSTU ISO/IEC 24745:2023 (IDT ISO/IEC 24745:2022,) "Information technologies. Cyber security and privacy protection. Protection of biometric information";

DSTU ISO/IEC 30107-1:2023 (ISO/IEC 30107-1: 2016, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 1. Structure";

DSTU ISO/IEC 30107-2:2023 (ISO/IEC 30107-2: 2017, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 2. Formats of data";

DSTU ISO/IEC 30107-3:2023 (ISO/IEC 30107-3: 2017, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 3. Testing and reporting";

DSTU ISO/IEC 30107-4:2023 (ISO/IEC 30107-4: 2020, IDT) "Information technologies. Identification of the attacks to biometric representation. Part 4. Profile for testing of mobile devices";

DSTU ISO/IEC 29146:2023 (IDT ISO/IEC 29146:2016,) "Information technologies. Safety methods. Management structure access";

DSTU ISO/IEC 15408-1:2023 (ISO/IEC 15408-1:2022, of IDT) "Information technologies. Cyber security and privacy protection. Criteria for evaluation of safety of IT. Part 1. Introduction and general model";

DSTU ISO/IEC 15408-2:2023 (ISO/IEC 15408-2:2022, of IDT) "Information technologies. Cyber security and privacy protection. Criteria for evaluation of IT-safety. Part 2. Components of functional safety";

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.