Digital signatures in public procurement

Considering the daily use of electronic signatures in the business activities of enterprises, a great deal of attention is paid to the purpose, types and methods of using this tool. This is especially relevant for business entities participating in public procurement, since the use of an incorrect type of signature may result in the rejection of the tender offer of such a participant.

An electronic signature is a special collection of data that:

1. is a necessary element for creating an electronic document,
2. identifies the author of the electronic document.

This is confirmed by the legal provisions currently regulating the issue of electronic signatures. The legislative definition of the concept is enshrined in subpara. 15 of Art. 1 of the Law of Ukraine “On Electronic Identification and Electronic Trust Services” No. 2155-VIII dated October 05, 2017 (hereinafter – the Law), and its significance in the creation of an electronic document is set forth in Art. 6 of the Law of Ukraine “On Electronic Documents and Electronic Document Workflow” No. 851-IV dated May 22, 2003.

Currently, the companies that use electronic document workflow services and electronic signatures in various areas and departments have clear advantages, as it greatly simplifies the processes in the company’s business activities. In particular, it is most often used in accounting, including for generating primary documents and tax reports, in the legal department for convenient editing and approval of draft contracts and other company documentation, and for participation and appeal in public procurement.

From EDS to AES

On November 7, 2018, the Law of Ukraine “On Electronic Digital Signature” ceased to be in force, and the Law of Ukraine “On Electronic Identification and Electronic Trust Services” came into force instead. According to clause 5 of Section VII of the new Law, an electronic digital signature and the enhanced public key certificate that confirms it shall be used until the enhanced public key certificate expires, but not later than two years after this Law comes into force. In other words, the use of such a type of signature as an electronic digital signature was provided only until November 07, 2020. It was replaced by an advanced electronic signature, which is still used by most companies.

According to paragraph 3 of clause 2 of CMU Resolution No. 1298 dated December 12, 2023, an advanced electronic signature is an electronic signature created as a result of cryptographic transformation of electronic data to which such electronic signature is linked, using an advanced electronic signature and a personal key uniquely associated with the signatory, and which enables electronic identification of the signatory and detection of violations of the integrity of electronic data to which such electronic signature is linked.

A special feature of the AES, which makes it more convenient, is that this type of signature can be copied and even transmitted by e-mail. At the same time, this indicates a low level of security of this type of signature compared to, for example, a QES.

QES

The only type of signature that currently has the same legal force as a handwritten signature and, particularly, is presumed by law to be equal to a handwritten signature is a qualified electronic signature, as provided for in clause 6 of Article 18 of the Law. In this regard, when conducting public procurement, procuring entities often require participants to sign offers and documents with a qualified electronic signature in the tender documentation.

The QES is non-copiable and is stored either on a token – a special device in the form of a flash drive, or in a secure cloud storage. You can sign documents using the QES in the cloud storage in the corresponding mobile application, such as Vchasno.KEP, CloudKey.

How to verify a signature – is it QES or AES?

For some time, there have been discussions among business entities about what type of signature can be considered as a qualified one. The fact is that, according to the legislative definition, a qualified electronic signature is an advanced electronic signature created using a qualified electronic signature tool and based on a qualified electronic signature certificate (subparagraph 27 of Article 1 of the Law). In addition, when verifying a signature, the “Certificate” field is displayed, which can indicate “Qualified” for both QES and AES. This has caused a lot of misunderstandings, including among participants in public procurement.

This issue was put to rest by the Ministry of Digital Transformation of Ukraine at the request of the AMCU Board to clarify the legislation in the field of electronic trust services. By letter dated February 16, 2021, No. 1/06-3-1587, the Ministry of Digital Transformation informed that if the verification of an electronic signature or seal on the CCA website reveals that the type of signature is “advanced”, such a signature cannot be considered as a qualified one.
To verify the type of your signature or to check the signature of a counterparty, it is most convenient to use the service of the Central Certification Authority.

To verify your company’s signature:

1. Go to https://czo.gov.ua/
2. In the “Trust Services” section, select “Sign document” and follow the instructions to sign the document. After the document is signed, you can immediately check the information about the signature in the “Signers” section.

To verify a signature on an already signed document:

1. Go to https://czo.gov.ua/
2. In the “Trust services” section, select “Verify e-signature” and upload the file with the signature for verification. As a result, you will receive information about the signature in the “Signers” section.

In the information about the imposed signature, there is a field “Signature Type”, which clearly indicates what type of signature is imposed on the document – advanced (AES) or qualified (QES).

As mentioned above, when verifying a signature, the “Certificate” field is also displayed, which can have the value “Qualified” both when applying a QES and when applying an AES. Nevertheless, the value of the “Signature Type” field is taken into account to determine the type of signature.

What signature should be used in public procurement?

It should be noted that the law does not impose any restrictions on the type of signature to be affixed to a tender offer by public procurement participants. Procuring entities, on the other hand, are prohibited from requiring participants to certify documents submitted as part of the tender offer with the seal and signature of an authorized person if such documents are submitted in the form of an electronic document. However, the procuring entity may stipulate in the tender documents what signature the participant shall use to sign the tender offer and electronic documents as part of the offer, e.g. “the tender offer of the participant shall be signed with a qualified electronic signature (QES)/advanced electronic signature (AES)”. At the same time, the procuring entity may require only one type of signature, such as a QES. This requirement is not considered discriminatory for procurement participants according to the practice of consideration of such disputes by the AMCU (for example, decision No. 6742-r/pk-pz dated November 15, 2022).

At the same time, if the requirement for only one type of signature is established and if the participant uses an incorrect signature (in accordance with the requirements of the tender documents) when submitting the proposal, the participant has the right to correct such a discrepancy. As provided for in clause 43 of CMU Resolution No. 1178 dated October 12, 2022 (hereinafter referred to as the “Specifics”), if the procuring entity, during the consideration of the tender offer of the participant finds discrepancies in the information and/or documents submitted by the participant in the tender offer and/or the submission of which was provided for by the tender documents, it shall place a notice requiring the elimination of such discrepancies in the electronic procurement system within a period that cannot be less than two business days before the expiration of the term for consideration of the tender offers. Therefore, disqualification of a participant on the above grounds without providing an opportunity to change the signature is not considered legitimate in accordance with the Specifics.

I would like to draw your attention to the fact that the procuring entity may make a request to eliminate discrepancies, including on a weekend, and the participant has only 24 hours from the moment the request is made. Therefore, in order to avoid rejection of the offer, the participant must have time to obtain the required signature and re-sign the documents within 24 hours. In light of the above, it is advisable for participants to pay attention to the requirements of the procuring entity as to the type of signature well in advance when studying the tender documents, as these requirements are most often found in the section “Instructions for preparing a tender offer” of the tender documents.

An electronic signature is not only a tool that speeds up a company’s business activities, but also a mandatory element for certain business processes, such as e-commerce and, in particular, participation in public procurement. The imposition of an electronic signature on a participant’s proposal is a mandatory requirement in accordance with applicable law. Currently, you can choose the type of signature that will be most convenient for use by officials of business entities, for example, the one stored on a token or used in a mobile application. To participate in the bidding, I believe it is advisable to obtain a qualified electronic signature (QES), since this type of signature is equivalent to a handwritten signature in accordance with the law and is the most secure signature at the moment.