How to open a certificate authority (certification authority)

In any large company, document flow is represented by a large volume of documents, many of which are stored and transmitted electronically. To eliminate the possibility of forgery and protect your data, an electronic signature is used, which is analogous to a handwritten signature on paper. Only if everything is relatively simple with a signature on paper, then in order to ensure the security of electronic documents, you will have to obtain an electronic signature corresponding to state standards, which is issued by a certification authority or certification authority. At present, such organizations are formed by entrepreneurs who develop an electronic digital signature for their clients, but before starting such work, you need to obtain a license to carry out their activities. This line of business is, of course, very promising, especially given the fact that even small businesses and individual entrepreneurs already use EDS, but opening a certification center is associated with a number of difficulties.

It would seem that this is a very good idea for your undertaking, however, not many companies strive to do business in this area. But here it is necessary to immediately note that the opening of the certification center may be relevant in two different cases. Many companies open such a center in order to maintain workflow within their enterprises and branches, as well as exchange documents with partner organizations. That is, the center opens exclusively for its own needs. Several companies can unite in order to arrange the transfer of documents only between themselves and allocate funds for one to open a certification center on the basis of one enterprise (it makes no sense to open a center on the basis of each company). From a legal point of view, in this case, it does not seem necessary to obtain a license, but then there are many risks … Another case is an entrepreneurial activity of developing and issuing an electronic signature to third-party customers. There can not do without a license. This is an important point, and now we’ll discuss in more detail the process of registering and licensing our activities.

So, first you need to register as a business entity. It is better to immediately issue a legal entity, the preferred form – a limited liability company. There is already a good idea to have in the state or simply contact a competent lawyer who will help with the registration and selection of the tax system. Activity code – (OKPD 2) 62.09 Other services in the field of information technology and computer services, although additional codings may be needed depending on the list of services offered. After completing the registration stage, you can apply for a license. In fact, the license for issuing electronic signatures is issued by the Ministry of Communications and Mass Communications of the Russian Federation (the Ministry of Communications and Mass Media) and its territorial offices, or rather, it is not even a license, but an accreditation of a certification center, which results in issuing a permit for activities confirming that electronic signatures comply with the state standard.

It is relatively easy to get accredited, because to obtain permits you need to submit three documents – the application itself, a sample contract with the client and, most importantly, a document confirming the conclusion of a liability insurance contract. In the field of information security, there are big risks, which, among other things, can entail serious material damage to the customer, therefore, one cannot do without insurance for one’s activity. If all this is available, the Ministry of Communications and Mass Media must issue a license.

However, there is another significant difficulty. Work in the field of information security requires obtaining a license from the Federal Security Service of the Russian Federation (FSB) for (literally) “the development, production, distribution of encryption (cryptographic) tools, information systems and telecommunication systems that are protected using encryption (cryptographic) tools, works, rendering services in the field of information encryption, maintenance of encryption (cryptographic) tools, information systems and telecommunication systems loans protected using encryption (cryptographic) means (except if maintenance of encryption (cryptographic) facilities, information systems and telecommunication systems protected using encryption (cryptographic) facilities is performed to ensure the own needs of a legal entity or an individual entrepreneur) “. The last point is especially important – that is, if you work only to secure yourself with an electronic signature, then a license is not needed (however, there may be some complaints from the FSB, which very carefully monitors the activities of companies.