Federal Law of the Russian Federation on the electronic digital signature
Passed by the State Duma on 13 December 2001
Approved by the Federation Council on 26 December 2001
Approved by the Federation Council on 26 December 2001
Federal Law of the Russian Federation
of 10 January 2002, No 1-FL
ON THE ELECTRONIC DIGITAL SIGNATURE
Chapter I. General Provisions
Article 1. The objective and scope of application of this Federal Law
1. The objective of this Federal Law is to provide statutory conditions of use of electronic digital signature in electronic documents so that, such conditions having been satisfied, an electronic digital signature in an electronic document shall be deemed equivalent to a handwritten signature in a document on paper medium.
2. The effect of this Federal Law covers the relations that arise when transactions are made under civil law and in such other cases as may be provided for in the legislation of the Russian Federation. The effect of this Federal Law does not cover the relations that arise when other substitutes for the handwritten signature are used.
Article 2. Statutory regulation of relations in the area of electronic digital signature use
Statutory regulation of relations in the area of electronic digital signature use is implemented under this Federal Law, the Civil Code of the Russian Federation, the Federal Law "On Information, Informatization and Information Protection", the Federal Law "On Communications", other federal laws and such other regulatory legal acts of the Russian Federation as may be adopted in accordance therewith, as well as by agreement between the parties.
Article 3. The basic concepts used in this Federal Law
For the purposes hereof, the following basic concepts are used:
• electronic document means a document in which information is presented in an electronic digital format;
• electronic digital signature means an electronic document attribute which is designed to protect the electronic document against forgery, which is produced as a result of cryptographic transformation of information using a private key of electronic digital signature and which enables the identification of the owner of the signature key certificate, as well as the verification of the absence of corrupted information in the electronic document;
• signature key certificate owner means a natural person in whose name a certification centre has issued the signature key certificate and who holds the electronic digital signature private key which enables, with the help of electronic digital signature facilities, the creation of own electronic digital signature in electronic documents (the signing of electronic documents);
• electronic digital signature facilities means hardware and/or software to enable the implementation of at least one of the following functions: creation of an electronic digital signature in an electronic document using a private key of electronic digital signature; authentication, using a public key of electronic digital signature, an electronic digital signature in an electronic document; creation of private and public keys of electronic digital signatures;
• certificate of electronic digital signature facilities means a document on paper medium, issued in compliance with the certification system rules, to certify the conformance of electronic digital signature facilities to statutory requirements;
• private key of electronic digital signature means such unique sequence of characters as is known to the owner of signature key certificate and is designed for the creation of an electronic digital signature in electronic documents using electronic digital signature facilities;
• public key of electronic digital signature means a unique character sequence which corresponds to the private key of the electronic digital signature, which is accessible to any information system user and which is designed for the authentication, using electronic digital signature facilities, of electronic digital signature in an electronic document;
• signature key certificate means a document on paper medium or an electronic document with the electronic digital signature of an authorized person of a certification centre, which incorporate a public key of electronic digital signature and which are issued by a certification centre to an information system member for the authentication of electronic digital signature and the identification of the owner of the signature key certificate;
• authentication of electronic digital signature in an electronic document means a positive result of verification, by means of a proper certified facility of electronic digital signature, using a signature key certificate, of the origination of an electronic digital signature in an electronic document with the owner of the signature key certificate and of the absence of corruption in the electronic document signed with the electronic digital signature;
• signature key certificate user means a natural person who uses the information obtained at the certification centre on a signature key certificate to verify the origination of an electronic digital signature with the owner of the signature key certificate;
• public information system means an information system available for use by all natural and legal persons and the services whereof may not be denied to such persons;
• corporate information system means an information system the membership whereof may be restricted by the owner thereof or by agreement between the members of the information system.
Chapter II. The terms and conditions for the use of electronic digital signature
Article 4. The conditions for the recognition of equivalence of electronic digital signature and handwritten signature
1. An electronic digital signature in an electronic document is equivalent to a handwritten signature in a document on paper medium when all of the following conditions are satisfied:
• the signature key certificate related to the electronic digital signature is not invalid (remains in effect) at the time of verification or at the time of electronic document signature, provided proof is available to identify the time of signature;
• the authenticity of the electronic digital signature in the electronic document has been confirmed;
• the electronic digital signature is used in accordance with the specifications provided in the signature key certificate.
2. An information system member may be the owner of any number of key signature certificates at the same time. This being the case, an electronic document with an electronic digital signature shall be legally binding in the exercise of the relations specified in the signature key certificate.
Article 5. The use of electronic digital signature facilities
1. Electronic digital signature keys are created to be used in:
• a public information system by a member thereof or by a certification centre if requested by the member;
• a corporate information system in the manner provided for in the system.
2. Only certified electronic digital signature facilities may be used for the creation of electronic digital signature keys to be used in a public information system. The indemnification for the losses caused in connection with the creation of electronic digital signature keys using uncertified electronic digital signature facilities may be assigned to the creators and distributors of the facilities pursuant to the legislation of the Russian Federation.
3. It is forbidden to use uncertified electronic digital signature facilities and such electronic digital signature keys as may have been created thereby in corporate information systems of federal agencies, state agencies of constituent territories of the Russian Federation, and local government agencies.
4. The certification of electronic digital signature facilities shall be effected pursuant to the legislation of the Russian Federation on the certification of products and services.
Article 6. Signature key certificate
1. The signature key certificate shall feature the following information:
• the unique registration number of the signature key certificate, the start and end date of the term of signature key certificate in the register of certification centre;
• the surname, forename and patronymic of the signature key certificate owner, or the owner's alias. In the event of an alias being used, the certification centre shall make a note thereof in the signature key certificate;
• the public key of electronic digital signature;
• the name of electronic digital signature facilities with which this public key of electronic digital signature is used;
• the name and place of business of the certification centre that has issued the signature key certificate;
• information on the relations in the exercise of which an electronic document with the electronic digital signature will be legally binding.
2. If necessary, the signature key certificate shall specify, based on corroborating documents, the position (complete with the name and place of business of the organization that has instituted the position) and qualifications of the signature key certificate owner, and, if requested by the latter in writing, other information supported by appropriate documents.
3. The signature key certificate shall be entered by the certification centre into the register of key signature certificates not later than by the first day of the term of the signature key certificate.
4. To verify the origination of an electronic digital signature with the owner, users shall be provided with the signature key certificate specifying the date and time of the issue thereof, information on the validity of the signature key certificate (in effect, suspended, suspension time frame, annulled, date and time of annulment of the signature key certificate) and information on the register of key signature certificates. In the event of the signature key certificate being issued in the form of a document on paper medium, the certificate shall be produced on the certification centre's letterhead stationery, with the handwritten signature of an authorized person and the seal of the certification centre applied. In the event of the signature key certificate and the additional information specified being issued in the form of an electronic document, the certificate shall be signed with the electronic digital signature of an authorized person of the certification centre.
Article 7. The time frame and procedure for the holding of signature key certificate by the certification centre
1. The term of holding of a signature key certificate in the form of an electronic document by the certification centre shall be set in a contract between the certification centre and the owner of the signature key certificate. Within this period, information system members shall have access to the certification centre to obtain the signature key certificate.
2. The term of holding of a signature key certificate in the form of an electronic document by the certification centre following the annulment of the signature key certificate shall not be less than the action limitation period established by federal law for the relations specified in the signature key certificate.
The said term of holding having expired, the signature key certificate shall be removed from the register of key signature certificates and archived. The term of archival storage shall not be less than five years. The arrangements for the issue of key signature certificate copies within this period shall be established pursuant to the legislation of the Russian Federation.
3. The signature key certificate in the form of a document on paper medium shall be stored using the procedure laid down by the legislation of the Russian Federation on archives and archiving.
Chapter III. Certification centres
Article 8. The status of certification centre
1. The certification centre to issue key signature certificates for use in public information systems shall be a legal entity that performs the functions specified herein. This being the case, the certification centre shall have such physical and financial resources as may be required for it to assume liability to the users of signature key certificates for losses which the latter may incur as a result of incorrect information being featured in signature key certificates.
The requirements imposed on the physical and financial resources of certification centres shall be established by the Government of the Russian Federation at the request of authorized federal agency.
The status of a certification centre supporting the operation of a corporate information system shall be established by the owner of the latter or by agreement between the members of the system.
2. The activities of certification centre are subject to licensing pursuant to the legislation of the Russian Federation on the licensing of certain types of activities.
Article 9. The activities of certification centre
1. The certification centre shall:
produce key signature certificates;
create electronic digital signature keys when requested by information system members, guaranteeing the confidentiality of the private key of electronic digital signature;
suspend and reactivate signature key certificates, as well as annul the same;
keep a register of signature key certificates, ensure that it is updated and can be freely accessed by information system members;
verify the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archives of the certification centre;
issue key signature certificates in the form of documents on paper media and/or in the form of electronic documents with information on the validity thereof;
perform, when requested by users of signature key certificates, the authentication of electronic digital signature in an electronic document in respect to signature key certificates issued by it;
be entitled to provide information system members with such other services as may be related to the use of electronic digital signatures.
2. Signature key certificates shall be produced upon application by an information system member, to feature such information as is specified in Article 6 hereof and required for the identification of signature key certificate owner and communication with him. The application shall be signed by the owner of signature key certificate in own hand. The information contained in the application shall be proved by presentation of relevant documents.
3. When producing signature key certificates, the certification centre shall make available, in the form of documents on paper media, two copies of signature key certificate, with the handwritten signatures of the signature key certificate owner and of an authorized person of the certification centre as well as the seal of the certification centre applied. One copy of signature key certificate shall be released to the owner of signature key certificate; the other shall be retained by the certification centre.
4. The services of providing information system members with signature key certificates registered by the certification centre together with information on the validity thereof in the form of electronic documents shall be rendered free of charge.
Article 10. The relations between the certification centre and the authorized federal agency
1. Before beginning to use the electronic digital signature of the certification centre's authorized person to sign on behalf of the certification centre the signature key certificates, the certification centre shall file with the authorized federal agency a key certificate for the signature of the certification centre's authorized person in the form of an electronic document, as well as the certificate in the form of a document on paper medium with the handwritten signature of the said authorized person, with the signature of the chief executive officer and the seal of the certification centre applied.
2. The authorized federal agency shall keep a unified state register of key certificates for the signatures used by the certification centres serving public information system members to sign the key signature certificates issued by them, provide free access to the register and issue key certificates for the signatures of the certification centre authorized persons involved.
3. The electronic digital signatures of the authorized persons of certification centres may not be used until after the entry thereof into the unified state register of signature key certificates. It is forbidden to use the electronic digital signatures in question for purposes other than those related to the signing of signature key certificates and information on the validity thereof.
4. The authorized federal agency shall:
• perform, when requested by natural persons, organisations, federal agencies, state agencies of constituent territories of the Russian Federation and local government agencies, the authentication of electronic digital signatures of authorized persons of certification centres in the signature key certificates issued by them;
• perform, pursuant to the regulation on the authorized federal agency, other functions to enforce this Federal Law.
Article 11. The obligations of the certification centre towards the owner of signature key certificate
In producing a signature key certificate, the certification centre shall assume the following obligations towards the owner of signature key certificate:
• to enter the signature key certificate into the register of signature key certificates;
• to arrange for the signature key certificate to be issued to the information system members that request it therefrom;
• to suspend a signature key certificate when requested by the owner thereof;
• to notify the signature key certificate owner of facts which may come to the attention of the certification centre and which may materially affect the possibility of further use of the signature key certificate;
• such other obligations as may be established by regulatory legal acts or by agreement between the Parties.
Article 12. The obligations of the owner of signature key certificate
1. The owner of signature key certificate shall:
• not use public or private keys of electronic digital signature to apply an electronic digital signature if he becomes aware that these are being used or were used previously;
• keep confidential the private key of electronic digital signature;
request forthwith that the signature key certificate be suspended if there is reason to believe that the confidentiality of private key of electronic digital signature has been compromised.
2. In the event of failure to comply with the requirements set forth in this Article, the indemnification of losses incurred as a result thereof shall be for the account of the owner of signature key certificate.
Article 13. Suspension of signature key certificate
1. A signature key certificate may be suspended by the certification centre if ordered by persons or agencies vested with this right by law or contract, and for a corporate information system, also by the rules established for the use thereof.
2. The period from the receipt by the certification centre of the order to suspend a signature key certificate to the entry of relevant information into the register of signature key certificates shall be set pursuant to a rule applicable to all the owners of signature key certificates. Subject to agreement between the certification centre and the owner of signature key certificate, this period may be reduced.
3. When ordered by an authorized person (agency), the signature key certificate shall be suspended for a period measured in days unless otherwise provided for in regulatory legal acts or the contract. The certification centre shall reactivate the signature key certificate when ordered by an authorized person (agency). No order having been received to reactivate the signature key certificate by the end of the said period, it shall be annulled.
4. In accordance with the order by an authorized person (agency) to suspend a signature key certificate, the certification centre shall notify the users of signature key certificates thereof by entering information to this effect into the register of signature key certificates, with the date, time and duration of signature key certificate suspension specified, as well as notify thereof the signature key certificate owner and the authorized person (agency) that gave the order to suspend the signature key certificate.
Article 14. Annulment of signature key certificate
1. The certification centre that has issued a signature key certificate shall annul the same:
• upon the expiration of the term thereof;
• upon invalidation of the certificate of the relevant electronic digital signature facilities used in public information systems;
• in the event of the certification centre having been reliably informed of the invalidation of the document used as grounds for the issue of the signature key certificate;
• upon request in writing by the owner of signature key certificate;
• in such other cases as may be prescribed by regulatory legal acts or by agreement between the parties.
2. In the event of signature key certificate annulment, the certification centre shall notify the users of signature key certificates thereof by entering information to this effect into the register of signature key certificates, with the date and time of signature key certificate annulment specified, except when a signature key certificate is annulled upon the expiration of the term thereof, as well as notify thereof the signature key certificate owner and the authorized person (agency) that gave the order to annul the signature key certificate.
Article 15. Termination of certification centre activities
1. The activities of a certification centre that issues key signature certificates to be used in public information systems may be terminated in the manner provided for in civil legislation.
2. In the event of termination of activities of the certification centre specified in Section 1 of this Article, the key signature certificates issued by the certification centre may be transferred to another certification centre with consent of the owners of signature key certificates.
The key signature certificates not transferred to another certification centre shall be annulled and deposited for safekeeping under Article 7 hereof with the authorized federal agency.
3. The activities of a certification centre supporting the operation of a corporate information system shall be terminated by resolution of the owner of the system, as well as by agreement between the members of the system in connection with the assignment of the obligations of the certification centre to another certification centre or in connection with the liquidation of the corporate information system.
Chapter IV. Aspects of electronic digital signature usage
Article 16. The use of electronic digital signature in the area of public administration
1. Federal agencies, state agencies of constituent territories of the Russian Federation, local government agencies, as well as organizations involved in the document flow with the said agencies shall use electronic digital signatures of authorized persons of the said agencies and organisations to sign their electronic documents.
2. The key certificates for the signatures of authorized persons of federal agencies shall be incorporated into the signature key certificate register kept by the authorized federal agency, and shall be issued to users of signature key certificates from the register in the manner established by this Federal Law for the certification centres.
3. The arrangements for the issue of key certificates for the signatures of the authorized persons of state agencies of constituent territories of the Russian Federation and of the authorized persons of local government agencies shall be set forth in the regulatory legal acts of the agencies involved.
Article 17. The use of electronic digital signature in a corporate information system
1. The corporate information system that provides public information system members with services of certification centre of corporate information system shall comply with the requirements laid down herein for public information systems.
2. The procedure for using electronic digital signatures in a corporate information system shall be established by resolution of the owner of the corporate information system or by agreement between the members of the system.
3. The contents of information in signature key certificates, the arrangements for keeping the register of signature key certificates, the arrangements for the storage of signature key certificates annulled, the circumstances of invalidation of the certificates in a corporate information system shall be regulated by resolution of the owner of the system or by agreement between the members of the corporate information system.
Article 18. Recognition of a foreign signature key certificate
A foreign signature key certificate certified in accordance with the legislation of the foreign state in which the signature key certificate is registered shall be recognized in the Russian Federation subject to compliance with the procedures laid down by the legislation of the Russian Federation for the legal recognition of foreign documents.
Article 19. Circumstances of seal substitution
1. The contents of a document on paper medium certified with a seal and transformed into an electronic document may be certified with the electronic digital signature of an authorized person pursuant to regulatory legal acts or agreement between the parties.
2. In the cases provided for by laws and other regulatory legal acts of the Russian Federation or by agreement between the Parties, an electronic digital signature in an electronic document the certificate of which [signature] contains such information on the powers of the owner thereof as is required for the exercise of the relations involved shall be deemed equivalent to the handwritten signature of the person in a document on paper medium, certified with a seal.
Chapter V. Concluding and transitory provisions
Article 20. Harmonization of regulatory legal acts with this Federal Law
1. The regulatory legal acts of the Russian Federation shall be harmonized with this Federal Law within three months of this Federal Law coming into effect.
2. The constituent instruments of the certification centres that issue key signature certificates to be used in public information systems shall be harmonized with this Federal Law within six months of this Federal Law coming into effect.
Article 21. Transitory provisions
The certification centres set up after this Federal Law comes into effect and before the authorized federal agency begins to keep a register of signature key certificates shall comply with the requirements hereof, excepting the requirement of advance filing with the authorized federal agency of key certificates for the signatures of their authorized persons. The relevant certificates shall be filed with the said agency within three months of this Federal Law coming into effect.
President
of the Russian Federation
V. Putin
