Updated law on digital signature: paralised document management or order in the market?

17-years-long epic

The law On Digital Signature was first signed in early 2002, however, due to a big number of remarks, it was substituted for another document nine years later — Federal Law On Digital Signature. The 2011 law determined three types of digital signature: simple, upgraded (granted by a certification centre) and encrypted (granted by a certification centre accredited by the Ministry of Digital Development, Communications and Mass Media). The document also includes the next conditions: the lowest bar of capital for accredited certification centres is 1 million rubles, and the smallest amount of money to cover third persons’ possible losses is 1,5 million rubles.

In 2015, on the Ministry of Communications’ initiative, the above-mentioned sums significantly rose: the amount of net worth grew to 7 million rubles, while the lowest bar of financial security did to 30 million rubles. Two years later, the same ministry offered to monopolise the issue of encrypted digital signatures by the state. However, the initiative was frozen because of a barrage of criticism.

This summer, two new bills with amendments to the law On Digital Signature have been introduced to the State Duma. This time deputies offered to set a higher bar for a certification centre’s net worth — at least 1 billion, while the authors of amendments think that the lowest insurance liability must be at least 100 million rubles.

The documents also include a reduction of the accreditation term of certification centres to three years and the introduction of criminal liability for willful acts of certification centre’s employees. Besides, juridical persons and sole proprietors will be able to obtain an encrypted digital signature only in the Federal Tax Service, while financial institutions can do it in the Central Bank. In other words, the authors of amendments came to the state’s monopolisation of the digital signature market.

Vulnerability, failed biddings and interrupted document management

Businesses did have remarks this time, too. According to RBK, L’Oreal, Unilever, X5 Retail Group and other companies sent Dmitry Medvedev a letter with criticism of the amendments. Sberbank was also against them. At the same time, the Centre for Information Technologies of the Republic of Tatarstan State Unitarian Enterprise Certification Centre also indicates a number of negative consequences of the adoption of bills.

“It should be noted that the idea of the Federal Tax Service’s monopolisation of the issue of digital signatures for juridical persons causes a negative reaction among many digital signature market players. The transfer of authority to issue digital signature to the FTS will remove competition and reduce fail tolerance of the digital signature issue system. The centralisation of the digital signature system will be vulnerable to unintended failures, the activity of all juridical persons in Russia can be paralised: not only document management will interrupt but auctions and economic activity will stop,” Realnoe Vremya was said in the certification centre of the Centre for Information Technologies. “In case the amendments are adopted, the current state digital document management information systems will have to be improved, and the current infrastructure of the certification centre will have to be modernised.”

The only thing that calms down that there will be compulsory consultations by the second reading of the bill, and changes considering interests of all interested sides will be made to documents. At least, it is what RBK’s source in the Federation Council said.

Fight against swindlers and clean-up

Together with plenty of criticism, market players and experts provide quite weighty arguments in favour of making strict amendments. The same Centre for Information Technologies of the Republic of Tatarstan State Unitarian Enterprise Certification Centre admits that the insufficient identification of clients by certification centres is the main problem of the current law On Digital Signature.

The case is that hundreds of commercial certification centres operate in the country now that offer to get a digital signature with a copy of your passport or offline with a photocopy or in other possible ways. Unfortunately, cases of theft of real estate with digital signature and registration of bogus firms in the name of citizens who have nothing to do with them have become a common practice.

“The rules of the issue of encrypted digital signature have existed for long. However, many certification centres still allow a lot of violations in this area. A desire of commercial certification centres to earn from the number of sold digital signatures is the reason. Clients, in turn, want to go through the procedure as easier and faster as possible,” Centre for Information Technologies of the Republic of Tatarstan State Unitarian Enterprise Certification Centre comments.

Director General of the Agency for Government Procurement JSC Yakov Geller doesn’t understand why security agencies are responsible for the issue of passport, while “some private stands” are responsible for digital signature (which also identifies a citizen).

1

Director General of Etton IT company Yefin Klimov also has a similar position. In the expert’s opinion, the requirements to get a digital signature must become stricter.

1

Summing all the above-mentioned up, one can assume that the changes designed by the bill will significantly reduce the number of certification centres, improve the quality of their performance and decrease fraudulence of digital signature. However, there is still a risk of negative consequences: interruption of document management and disruption of biddings. We are pinning our hopes on the second reading scheduled for autumn 2019.