An electronic digital signature or electronic digital signature will allow you to optimize the workflow within the company and outside it, as well as spend much less time and effort on document preparation. Today, electronic document management and the method of protecting information with a digital signature have found quite wide application in systems for exchanging documents with counterparties, as well as submitting information and reports to regulatory authorities. When transferring an electronic signature to its owner, the certification center draws up an EDS acceptance and transfer certificate. Some companies also practice drawing up such a document to transfer the signature to a third party. We will consider how legal this is later in the article.
What is digital signature and why is it needed?
An electronic signature or electronic signature is an analogue of a personal signature of an individual, which can be used to sign electronic documents. An electronic signature is proof that a document was signed by a specific person. There are the following types of digital signature:
Types of digital signature | Detailed description |
Simple | pairs of login - password, confirmation code and scratch card. The purpose of the signature is to confirm the signer. For example, when paying via the Internet, the bank must receive confirmation that the transfer of funds is carried out by a specific person. A simple signature is generated by the program in which the individual works. Such a signature has no legal force and works simply on behalf of the individual. Such a signature is absolutely not suitable for signing a document, for example, an agreement. |
Reinforced unskilled | An unqualified signature (NES) is a more complex and secure signature. It confirms that the document was signed by a specific person and provides a guarantee that no one subsequently made changes to the document. This type of signature is created by the system in which documents are signed. For example, if an individual sends an income statement to the tax authority, the Federal Tax Service will create such a signature on its website completely free of charge. |
Reinforced qualified | An enhanced qualified signature (ECS) is a signature that is required by government agencies to submit reports. CEP is the most secure signature, which is encrypted with special certificates. That is why government agencies can accept it on documents of legal entities. |
Important! All signature forks differ from each other in reliability and the possibility of their use
https://youtu.be/QvctwZSPX08
basic information
The use of electronic signatures is regulated by Federal Law No. 63 “On Electronic Signatures” dated April 6, 2011. It represents electronic symbols assigned to a document or information resource. It is necessary to identify the user. Required for effective protection against unauthorized changes to documents.
Question: Is it possible to use a qualified electronic signature when signing additional agreements to a contract if the parties did not initially agree on the possibility of electronic document management? View answer
There are three forms of electronic signature. They differ from each other in the following ways:
- Receipt procedure.
- Degree of protection.
- User identification function.
- Availability of protection against unauthorized changes to documents.
How can an organization grant the right to use its electronic signature ?
The types of electronic signatures are prescribed in Article 5 of Federal Law No. 63:
- Simple. It is a combination of password and login. This is the most common identification method, which is also recognized by electronic signature. It is used on forums and social networks. Some resources have two-step identification. It involves receiving a one-time password via SMS. Basic characteristics of this electronic signature: no encryption technology, poor security. This method is not used when certifying official documentation. However, the method is convenient when performing everyday activities that do not require a high degree of protection.
- Unskilled. Such electronic signature is provided by special centers. They may not have government accreditation. The advantages of the method are the use of encryption methods. The signature is valid for government procurement. It is used in your personal account on the Federal Tax Service resource. To use it, you need to formalize an agreement between the parties.
- Qualified. It can only be obtained from certification centers that have accreditation. Main characteristics: increased reliability, security. Essentially, this is a replacement for a regular signature. The owner of such an electronic signature is provided with a certificate.
The choice of signature type depends on the specific task. As a rule, an electronic signature is understood as a qualified type.
In what cases can an agreement be signed electronically ?
How to obtain an electronic signature
To obtain an electronic digital signature, you will need to contact a certification center (CA) accredited by the Ministry of Telecom and Mass Communications (currently there are 456 such CAs in Russia). Such centers use special encryption tools, which guarantee that the signature cannot be hacked.
The certification authority issues a signing certificate as well as a key. It is the certificate that confirms that the key belongs to a specific person. It contains the owner’s data, the signature key, as well as the scope of application of the signature, that is, those sites that accept this signature. You need to install an electronic certificate on your computer.
The key is a code that is recorded on an electronic medium. In this case, a flash drive, memory card or bank card containing a chip can be used as a storage medium. In order for the owner of the signature to be able to sign documents, a cryptoprovider must be installed on the computer, which is an intermediary program between the electronic signature and the OS (
Responsibility for using someone else's digital signature
According to Federal Law 63, responsibility for the use of someone else's digital signature lies entirely with the owner of the electronic signature. This is true even if the person who has received the right to use someone else’s digital signature will use it for personal gain.
It is necessary to understand that an electronic signature is a complete analogue of your own signature. It is impossible to physically transfer it to someone. In legal terms, it’s like giving a third party your own hand to sign documents. That is why there is no legal regulation of such a process (and, most likely, it will not appear in the future).
Moreover, Federal Law 63 clearly states that the recipient of the digital signature is obliged to take all possible steps to prevent third parties from acquiring his signature. This means that it cannot transmit root tokens, passwords for generating keys, and so on. All this is his personal responsibility.
Transferring a digital signature to another person within the company
Now let's move on to the second option. It is immediately worth noting that it cannot be called completely legal, since the digital signature determines the powers of a specific person, and not third parties to whom it was transferred independently . All responsibility, even if the signature is transferred, remains with its official owner.
Even if the head of the company issues orders and instructions and signs acts of acceptance and transfer of digital signatures, such documents do not have legal force. The person for whom the digital signature was originally issued will be responsible for documents signed using an electronic signature.
It should also be remembered that such transfer of digital signature may be regarded as negligence or abuse of authority. If the fact of using the electronic signature of a dismissed employee is revealed, this may be regarded as a criminal offense. Especially if the signing of documents was associated with the theft of funds.
Is it possible to transfer an EDS to another person?
The general regulations for the use of electronic signatures are established in Federal Law No. 63-FZ of April 6, 2011 on digital signatures. 63-FZ prescribes the legal regulation of working with electronic signatures, types of signatures and principles of their use. A separate provision regulates the obligations of participants in electronic document flow (Article 10 63-FZ).
63-FZ stipulates whether it is possible to transfer an electronic signature to third parties - this cannot be done. The digital signature identifies its owner, and transferring the key itself or the right to use it essentially discredits the encrypted information.
IMPORTANT!
From 01/01/2022, employees of enterprises and authorized persons use a personal electronic signature to sign not only personal, but also working documents (clause 2, clause 1, article 17.2, clause 2, article 17.3 63-FZ as amended by 476-FZ dated December 27. 2019). According to the rules, using someone else’s digital signature key where a visa for a specific employee is required is not allowed. The digital signature of an individual is not transferred either. To sign working papers, the employee attaches an electronic power of attorney in machine-readable form to the electronic signature.
But in practice, a situation often arises when employees transfer their electronic signature to another employee to sign specific papers. As an example, a manager who periodically provides an electronic signature to the chief accountant for signing and sending payment orders and reports. The current regulations for the use of electronic signatures do not allow this, but do not directly prohibit it either. In Art. 10 63-FZ states that the key cannot be used without the consent of the owner (clause 1 of Article 10 63-FZ). Therefore, if another employee signed the manager’s electronic signature documents, then, according to legislative logic, the director allowed him to do so. This means that the manager bears personal responsibility for all negative consequences. Even if the key was actually used without the knowledge of the owner.
Documents required to obtain an electronic signature
To obtain an electronic signature you will need to present the following documents:
- application for obtaining an electronic signature;
- a notarized copy of the registration certificate;
- original or notarized copy of an extract from the Unified State Register of Legal Entities (extract period no more than 1 month);
- certified copy of TIN;
- a copy of the order on the appointment of a manager;
- for a legal entity, copies of statutory documents are provided;
- Entrepreneurs will need to provide a certificate from the Unified State Register of Individual Entrepreneurs, a copy of the TIN, and a certificate of state registration.
Important! The CA takes up to 3 days to produce a digital signature.
The procedure for obtaining an electronic digital signature and a certificate for its verification key
We have already written about what an electronic signature is and how to obtain it. Below we briefly summarize the sequence of actions to obtain an electronic digital signature and key:
- Conclusion of an agreement - an agreement on accession to the regulations of the Certification Center.
- Providing signed copies of the agreement to the Regional Registration Center of the Federal Treasury Department for a specific area.
- Writing an application - a letter about providing an electronic signature.
- Providing a blank storage medium with the ability to write to it (disk, flash drive, etc.).
- Issuing a power of attorney to an authorized person to receive an electronic signature.
- Installation of software on the applicant's automated workstation.
- Providing access to the Remote Financial Document Management System portal and confirming this by letter to the Regional Registration Center.
- Creating an electronic key. There are two options for this:
- by the applicant or his authorized representative at his workplace;
- by the applicant under the control of an operator on the Federal Treasury computer.
Certificate of acceptance and transfer of digital signature
In order for the fact of acceptance and transmission of an electronic signature to be recorded, it will be necessary to draw up a primary accounting document confirming this type of transaction. The act of acceptance and transfer of digital signature is usually used as such a document. However, it should be remembered that the procedure for transferring an electronic signature to its owner is not regulated in any way. Immediately from the moment the transfer has been completed, responsibility for the use of the signature and software passes to its owner.
Risks when transferring an electronic signature to others
The electronic signature of a manager is often used by his subordinates; only his consent is required. This makes it easier for an accountant to submit reports, a lawyer has the opportunity to easily submit documents to the court, etc.
Despite this, granting rights to digital signature is a very dangerous matter, because it can lead to very undesirable consequences. It is often not possible to predict the actions of a subordinate - he may not be interested in carrying out assignments, but, on the contrary, use the rights given to him for selfish purposes.
If unlawful actions have been committed against the owner of the digital signature, he will have great problems proving his innocence. The court, guided by the violation of the principle of digital signature confidentiality, will not always be able to help compensate for the damage or recognize the signing of documents as illegal.
Materials that are transferred to the customer by digital signature
When transferring the digital signature by the certification center, the customer is given the following package of documents:
- certificate of acceptance and transfer of digital signature;
- USB flash drive with software, signature certificate and signature itself;
- signed service agreement;
- a reminder about the procedure for using digital signatures.
When signing the acceptance certificate, you should pay attention to what details it contains. The document must contain the following:
- name of the certification center;
- name of the company receiving the digital signature;
- list of documents and valuables to be transferred under the act;
- fact of transfer and indication of the exact date;
- signatures and transcripts of signatures of the parties.
Receipt procedure
In order to obtain an electronic signature, you need to contact the appropriate accredited center. To choose one of them, you can see the list on the website of the Ministry of Telecom and Mass Communications. Such organizations exist in most large cities of the Russian Federation.
More precisely, the center transfers to the customer not the electronic signature itself, but the software with which it can be created.
To register and issue software, a strictly specified package of documents is required. For individuals this should include:
- An application expressing a desire to receive an electronic signature.
- TIN certificate.
- A passport, which is required for identification of a citizen.
- Pension certificate (SNILS).
- A receipt confirming payment for the center's services.
Almost all specialized organizations in Russia provide a service for submitting documents via the Internet.
Confidentiality and digital signature protection
In electronic systems, 2 keys can be used to work with digital signatures. One of them is secret and you can use it to sign electronic documents. And the second is open, which does not make it possible to certify documents, but allows you to determine the authenticity and ownership of a digital signature. The first key is stored in a secret place, and the second can be transferred to interested parties, for example, fiscal authorities, the Pension Fund, other funds and interested partners.
To ensure the safety of the secret key, technical means are used such as:
- smart cards;
- floppy disks (already losing its relevance);
- flash drives.
It is also possible to use a secret key in the computer's memory. The most reliable option is considered to be the use of a smart card, since it will require not only the use of it, but the introduction of a special code.
Document structure
The legislation does not provide for a single correct form for the document.
The act must indicate all persons who are allowed access to the electronic digital signature, and it must be certified by a person protecting the interests of the company in negotiations, participating in the signing of contracts, agreements, etc. A power of attorney on an electronic signature from the director must contain a detailed list of actions of the representative or representatives of the organization (if the transfer is carried out to 2 or more persons), as well as a personal handwritten signature of the head of the company.
It is also important to specify the right of the trustee to resolve intermediate issues that may arise when signing documents, agreements, etc. In addition to the details of the organization, the principal and the authorized representative, you can indicate the full contact details of the parties
In addition to the details of the organization, the principal and the authorized representative, you can indicate the full contact information of the parties.
Programs for installing digital signatures
Software for the operation of electronic signatures may vary. Today, several popular programs are used for this purpose:
- “Crypto-Pro” (the most common, can be provided free of charge);
- "Continent-Up";
- “Continent TLS-VPN Client”;
- "Jinn."
The name and number of the electronic signature tool must be included in the installation certificate if it is carried out by external specialists.
Three rules when drawing up an order
The requirements for drawing up a power of attorney or order are specified in Art. 185-186 Civil Code of the Russian Federation. They also apply to a power of attorney for the transfer of the right to sign an electronic digital signature. The document must contain:
- date of preparation: the expiration date of the document is indicated only if the power of attorney is valid for less than a year;
- complete information about the authorized representative of the taxpayer, which may be a third-party individual, another organization or an employee of the company.
Rule one
The universal rules for drawing up a document on the transfer of signature rights are valid only when signing personnel documentation and tax reporting, as well as for intra-business activities. The order must be in writing and certified by a notary in cases where:
- the individual entrepreneur acts as the principal;
- the document is intended for concluding transactions that require notarization;
- The document is intended for concluding real estate transactions.
In other cases, to recognize the legal force of a document, you can limit yourself to the seal and signature of the manager.
Sample order for the right to sign the chief accountant
Rule two
Federal and Civil Legislation does not define a single correct form of a document, therefore an organization has the right to develop its own template or sample and use it in the future for work. This template does not need to be approved by a separate internal order, because it does not apply to primary accounting documents.
Rule three
A power of attorney or order drawn up in writing must necessarily contain:
- date of issue;
- manager's signature;
- details of the company and its legal form;
- full name of the authorized employee;
- passport details, including the number of the government department that issued the passport.
The sample signature, contact details and validity period of the power of attorney are not mandatory details and are indicated at the request of the parties.
Compromise of the ES key
In the current Federal Law on electronic signatures, there is no definition of compromise, but it is usually understood as a loss of trust in the private key. However, according to the Federal Law, responsibility for compromising a key lies not only with the owner, but also with the CA that issued the digital signature (clause 4, part 2, article 13).
In practice, several situations have been identified when the safety and validity of the key can be doubted. These include:
- loss of a key and its subsequent recovery. There is a chance that third parties could have used the key during this period;
- dismissal of an employee who previously received an electronic digital signature for safekeeping;
- storing the key in a publicly accessible place or in a safe on which signs of forced entry were found;
- violation of the integrity of the key.
If a compromise has been discovered or there are suspicions that third parties have gained access to digital signature funds, then it is necessary:
- stop work that requires the use of an electronic signature;
- contact the CA that issued the electronic signature with a statement about the fact of compromise;
- revoke an EDS key that has lost trust. This can only be done by the owner of the digital signature in person at the CA office.
A compromised electronic signature is usually recalled within 30-40 minutes after being contacted, however, it is stored in the system for several months. Next, the user needs to issue a new electronic signature, providing a complete package of documents and paying for the details according to the selected tariff.
Compliance with the basic safety provisions when working with digital signatures will allow you to avoid many unpleasant situations, incl. compromising the activities of a company or legal entity. The transfer of rights to use an electronic digital signature is not prohibited by law, but is undesirable: violation of the confidentiality of a private key can lead to financial or other losses, and it is not always possible to prove in court the fact of violation or theft.
Accounting for electronic signatures at an enterprise
Obtaining an electronic digital signature is included in the accounting department as intangible assets. It is displayed on the balance sheet based on the cost of acquisition and installation, which includes not only the purchase price, but also other costs that were incurred to establish electronic document management.
The field of working with electronic documentation is becoming increasingly important. There is a need in this area to confirm the authorship and authenticity of such papers. For this purpose, an electronic digital signature is used, which is issued and subsequently serviced by a certification center. The ability to confidently use digital signatures in your activities will allow you to work not only more efficiently, but also more comfortably.
How to obtain and subsequently use an enhanced digital key to certify documentation and reports is described below.
Is it possible to transfer an electronic digital signature to another person by proxy?
April 29, 2019
Having considered the issue, we came to the following conclusion: The law does not provide for the transfer of an electronic signature key to another person by proxy. The owner of an electronic signature has the right only to coordinate its technical use with the consent and under the control of the owner, subject to the confidentiality of the key of such a signature. The use of an electronic signature in violation of the confidentiality of the corresponding key does not relieve the owner from liability for adverse consequences resulting from such use.
Rationale for the conclusion: First of all, we note that a signature is a mandatory requisite of any document, giving it legal force (Article 160 of the Civil Code of the Russian Federation, Article 57 of the Labor Code of the Russian Federation, Article 313 of the Tax Code of the Russian Federation, Part 2 of Article 9, Part 4 of Art. 10, Part 8, Article 13 of the Federal Law of December 6, 2011 N 402-FZ “On Accounting”). An electronic signature (hereinafter - ES) is an analogue of a handwritten signature, its use is permitted in cases and in the manner provided for by law, other legal acts or agreement of the parties (clause 2 of article 160 of the Civil Code of the Russian Federation, article 6 of the Federal Law of 04/06/2011 N 63-FZ “On Electronic Signature”, hereinafter referred to as Law No. 63-FZ). Law N 63-FZ regulates relations in the field of using digital signatures when making civil transactions, providing state and municipal services, performing state and municipal functions, when performing other legally significant actions, as well as in all cases established by federal laws (Article 1 Law No. 63-FZ). Electronic signature means information in electronic form that is attached to other information in electronic form (signed information) or is otherwise associated with such information and is used to determine the person signing the information (Clause 1 of Article 2 of Law No. 63-FZ). In accordance with paragraph 1 of Art. 5 of Law N 63-FZ establishes the types of electronic signature: simple and enhanced. Enhanced electronic signature can be unqualified or qualified. An enhanced electronic signature is distinguished from a simple enhanced electronic signature by the mandatory presence of an electronic signature key (a unique sequence of characters intended to create an electronic signature) and an electronic signature verification key (a unique sequence of characters uniquely associated with the electronic signature key and intended to verify the authenticity of the electronic signature), specified in the corresponding certificate - electronic a document or document on paper issued by a certification center or an authorized representative of the certification center and confirming that the electronic signature verification key belongs to the owner of the digital signature verification key certificate (clauses 2, 3, 5, 6, article 2, clauses 2, 3, art. 5 of Law No. 63-FZ). For an unqualified ES, an electronic signature verification key certificate may not be created if the compliance of such ES with the characteristics of an unqualified ES can be ensured without using this document (clause 5 of Article 5 of Law No. 63-FZ). Whereas one of the requirements that a qualified electronic signature must meet is the requirement to indicate the electronic signature verification key in the qualified certificate (clause 1, part 4, article 5 of Law N 63-FZ). As follows from paragraph 2, part 2, part 3 of Art. 14 of Law N 63-FZ, an ES verification key certificate can also be issued to a legal entity. In this case, it indicates the name and location of the legal entity, as well as the individual acting on behalf of the legal entity on the basis of the constituent documents of the legal entity or a power of attorney. In other words, it can be either a manager or another person authorized by a power of attorney. However, there are no restrictions on the number of certificates issued to one legal entity. In other words, an electronic signature can be issued both to the manager and to another person acting on the basis of a power of attorney. Moreover, in accordance with paragraph 1 of Art. 10 of Law N 63-FZ, when using enhanced ES, participants in electronic interaction are obliged, among other things, to ensure the confidentiality of ES keys, in particular, to prevent the use of ES keys belonging to them without their consent. This formulation allows us to draw a conclusion about the possibility of using electronic keys by other persons with the consent of the participant in the electronic interaction. Otherwise, we are talking about a violation of the confidentiality of the electronic signature key, about which its owner is obliged to notify the certification center that issued the digital signature verification key certificate and other participants in electronic interaction within no more than one business day from the date of receipt of information about such a violation. He is also obliged not to use the electronic signature key if there is reason to believe that the confidentiality of this key has been violated (clauses 2, 3, Article 10 of Law No. 63-FZ). Nevertheless, the norm of paragraph 1 of Art. 10 of Law N 63-FZ does not imply the transfer of the right to use an enhanced electronic signature to another person on the basis of any administrative document or power of attorney (Article 185 of the Civil Code of the Russian Federation), but only indicates the technical possibility of affixing the electronic signature to another person (for example, a technical specialist) with the consent and under the control of the owner of the electronic signature verification key certificate. This version of the interpretation of the norm of paragraph 1 of Art. 10 of Law No. 63-FZ is also found in judicial practice (see, for example, the appeal ruling of the Investigative Committee for civil cases of the Chelyabinsk Regional Court dated December 14, 2015 in case No. 11-14292/2015, the decision of the Sovetsky District Court of Makhachkala of the Republic of Dagestan dated September 8. 2016 in case No. 12-636/2016). As mentioned above, an electronic signature is analogous to a handwritten signature, the responsibility for the execution of which lies with its owner. Law No. 63-FZ does not directly imply the transfer of the right to use a digital signature from its owner to another person. The use of an electronic signature in violation of the confidentiality of the corresponding key does not relieve the owner from liability for adverse consequences resulting from such use (see, for example, the decision of the Fifth Arbitration Court of Appeal dated March 14, 2016 N 05AP-1119/16, the decision of the Leninsky District Court of Vladivostok Primorsky Territory dated December 8, 2014 in case No. 5-1087/2014).
Answer prepared by: Expert of the Legal Consulting Service GARANT Pavlova Natalia
The answer has passed quality control
document
Download as .doc/.pdf Save this document in a convenient format. It's free.
(Sample)
I APPROVED I APPROVED Head of OIV Head of the Authorized Certification Center __________________ I.O. Last name __________________ I.O. Last name “___”_______________ 200_ “___”________________ 200_ M.P. M.P. ACT OF COMMISSIONING OF A WORKPLACE WITH EDS "____"_________ 200_ Moscow This act was drawn up by _______________________________________ (name of the OIV) represented by ___________________________________________________________ (position, surname, first name, patronymic ___________________________________________________________________ of the authorized person of the OIV) and by a representative: represented by ___________________________________________________________ (last name , name, patronymic of the employee of the Authorized ___________________________________________________________________ certification center) that the Authorized certification center has performed the following work: 1. Installed digital signature tools, reg. No. __________ to the workplace of an authorized person of the OIV. 2. Completed the necessary settings. 3. Conducted training for an authorized person on the rules of working with digital signatures and digital signature tools. Authorized person Employee of the Authorized Certification Center ___________________ I.O. Last name ___________________ I.O. Last name "___"______ 200_ "___"___________________ 200_
Download as .doc/.pdfSave this document now. It will come in handy.
You found what you were looking for?
* By clicking on one of these buttons, you help form a rating of the usefulness of documents. Thank you!
Related documents
- Act: samples (Full list of documents)
- Search for the phrase “Act” throughout the site
- “Act of commissioning of a workplace with electronic digital signature means.”doc
Documents that may also interest you:
- Certificate of acceptance of agent services (annex to the agency agreement for the distribution of operator communication services)
- Acceptance certificate for the stage of research (development) work performed under the contract
- Certificate of acceptance of research (experimental and design) work performed under the contract
- Acceptance certificate of scientific and technical products produced under a government contract for research (development) work
- Work acceptance certificate (annex to the contract for the provision of consulting (legal) services to represent the customer’s interests in the arbitration court)
- Acceptance certificate of completed work under the state contract concluded within the framework of the Federal Target Program “Scientific and scientific-pedagogical personnel of innovative Russia” for 2009 - 2013
- Acceptance certificate (annex to the contract for design and survey work on land management, land cadastre and land monitoring)
- Acceptance certificate of a land plot on the territory of the city of Moscow
- Certificate of acceptance of materials and technical documentation (attachment to the contract for the performance of works and services for the transfer of equipment for free use)
- Certificate of acceptance of work (services) (annex to the contract for the performance of works and services with the transfer of equipment for free use)