Confirmation of the Procedure for Mutual Recognition of Ukrainian and Foreign Certificates of Public Keys and Electronic Signatures, as well as the use of the information and telecommunications system of the central certification authority to ensure recognition in Ukraine of electronic trust services and foreign public key certificates used in providing legally significant electronic services in interactions between entities of different states
{With changes made pursuant to the Resolution of the Cabinet of Ministers
Nš 1068 dated 11.12.2019}
Pursuant to part two of article 7 and part three of article 38of the Law of Ukraine “On Electronic Trust Services”, the Cabinet of Ministers of Ukraine resolves to:
1. Approve the Procedure for Mutual Recognition of Ukrainian and Foreign Public Key Certificates, Electronic Signatures, and Use of the Information and Telecommunications System of the Central Certification Authority to Ensure Recognition in Ukraine of Electronic Trust Services and Foreign Public Key Certificates Used in Providing Legally Significant Electronic Services in Interactions Between Entities of Different States, which is attached.
2. To establish that the administrator of the information and telecommunications system of the central certification authority as the state enterprise “DIIA”, which comes under the management of the Ministry of Digital Transformation.
{Point 2, as amended pursuant to the Resolution of the Cabinet of Ministers Nš 1068 of 11/12/2019}
PROCEDURE
Procedure for Mutual Recognition of Ukrainian and Foreign Public Key Certificates, Electronic Signatures, and Use of the Information and Telecommunications System of the Central Certification Authority to Ensure Recognition in Ukraine of Electronic Trust Services and Foreign Public Key Certificates Used in Providing Legally Significant Electronic Services in Interactions Between Entities of Different States
1. This Procedure defines the mechanism of mutual recognition of Ukrainian and foreign certificates of public keys, electronic signatures, as well as the use of the information and telecommunications system of the central certification authority to ensure recognition in Ukraine of electronic trust services, foreign public key certificates used in providing legally significant electronic services in interactions between the entities of different states.
2. This Procedure does not apply to qualified providers of electronic trust services included in the Trust List at the request of a certification centre and to software and hardware used by them when providing qualified electronic trust services in the banking system and when transferring funds.
3. The terms used in this Procedure have the following meaning:
information and telecommunications system of the central certification authority (hereinafter - information and telecommunications system) - a set of information and telecommunications systems of the central certification authority that is designed to ensure recognition in Ukraine of electronic trust services and foreign public key certificates used in providing legally significant electronic services in interactions between entities of different states;
legally significant electronic services - services that result in legal consequences aimed at acquiring, changing or terminating the rights and/or obligations of a natural person or legal entity and which are provided using electronic trust services, including for authentication in information systems.
4. Other terms are used in the meanings given in the Laws of Ukraine “On Information”, “On Information Protection in Information and Telecommunications Systems”, “On Telecommunications”, “On Electronic Documents and Electronic Document Management”, “On Electronic Trust Services”, “On International agreements of Ukraine ”, other regulatory legal acts regulating relations in the area of electronic trust services.
5. Electronic trust services provided pursuant to the regulations governing relations in the area of electronic trust services in foreign countries are recognized in Ukraine as electronic trust services of the same type if they comply with the conditions specified in part one of Article 38 of the Law of Ukraine “On Electronic Trust Services”.
6. The Ministry of Finance ensures the recognition of electronic trust services and foreign public key certificates used in the provision of legally significant electronic services in interactions between entities of different states by concluding the corresponding international agreements of Ukraine on mutual recognition of public keys certificates and electronic signatures (hereinafter - international agreements).
{Point 6, as amended pursuant to the Resolution of the Cabinet of Ministers Nš 1068 of 11/12/2019}
7. Technical support for the implementation of international agreements of Ukraine is provided by the administrator of the information and telecommunications system.
8. Types of international agreement and procedures for concluding them are determined in accordance with the provisions of the Law of Ukraine “On International Agreements of Ukraine”, other regulatory legal acts and taking into account the positions of the parties to the international agreements.
9. An international agreement must provide for:
the scope of the international agreement;
parties to the international agreement and a list of regulatory legal acts establishing the powers of the parties to the international agreement;
entities of the parties to the international agreement to which its effect extends and who provide technical support for the implementation of the international agreement;
information on the compliance of providers of cross-border electronic trust services with the requirements of the national legislation of each of the parties to the international agreement and the conditions for confirming compliance with these requirements;
conditions for the exchange of notifications on the compliance of providers of electronic trust services of each of the parties to the international agreement with the requirements for providers of cross-border electronic trust services;
conditions and procedure for certification of public keys of providers of cross-border electronic trust services originating from one country which is a party to the international agreement by entities of a party to the international agreement of another country;
conditions and procedure for the exchange of qualified electronic signatures between the parties to the international agreement and their publication;
requirements for formats, protocols, algorithms and object identifiers used in qualified electronic signatures and qualified public key certificates when providing cross-border electronic trust services;
conditions for mutual recognition, approval and publication of certification policies and certification practices of providers of cross-border electronic trust services;
conditions for temporary suspension and termination of mutual recognition of public key certificates and electronic trust services;
features of maintaining trust lists by the parties to the international agreement;
the procedure for supervision by the supervisory authorities of the parties to the international agreement;
conditions for the protection of information and protection of personal data;
other terms of the international agreement.
10. In order to implement an international agreement, a working group is formed that includes representatives of the Ministry of Finance, the State Service for Special Communications and Information Protection, the administrator of the information and telecommunications system and the significant entities of the foreign state.
{Point 10, as amended pursuant to the Resolution of the Cabinet of Ministers Nš 1068 of 11/12/2019}
11. International agreements are published pursuant to the requirements of Article 21 of the Law of Ukraine “On International Agreements of Ukraine”, as well as on the official website of the state body of Ukraine on whose behalf the international agreement is concluded.
12. Users of cross-border electronic trust services have access to qualified electronic signatures used for the recognition of electronic trust services and foreign public key certificates in Ukraine through the official website of the central certification authority.
13. Qualified electronic signatures used for the recognition of electronic trust services and foreign public key certificates must be part of the information and telecommunications system and comply with information protection legislation.
14. Electronic signatures or seals using qualified electronic signatures from the information and telecommunications system used for recognition of electronic trust services and foreign public key certificates are created and validated pursuant to the requirements for providing qualified electronic trust service for creating, verifying and validating qualified electronic signatures or seals specified by the Law of Ukraine “On Electronic Trust Services”, unless otherwise provided by an international agreement.
15. Supervision of compliance with the requirements of this Procedure in terms of information protection is carried out by the State Service for Special Communications and Information Protection.