If you are reading this article, you probably need to sign a document, submit a report, or access an online government service. In many of these cases, an electronic signature is no longer optional.

For some users, this is their first experience with digital signing. Others have already used a qualified electronic signature before, but now need to renew a certificate, create a new one, or issue signatures for employees.

Although electronic document management has been used in Ukraine for many years, many practical questions still remain. What is an electronic signature? How is it different from a qualified electronic signature? Where can you get one? Can a key be shared with a colleague? What should you do if the key is lost?

Let’s go through the main points step by step.

What is an electronic signature?

An electronic signature is a set of electronic data used to confirm the identity of the signer and the integrity of a document.

In simple terms, it helps prove two things:

• who signed the document;
• whether the document was changed after signing.

For the user, the process usually looks simple. You select a file, enter the password to your key, and sign the document. Behind this action, however, there are cryptographic mechanisms that verify the authenticity of the signature.

What types of electronic signatures are used in Ukraine?

Ukrainian legislation recognizes several types of electronic signatures. The most widely used option for businesses is the qualified electronic signature, or QES.

QES is commonly used for:

• submitting tax reports;
• working with government registers;
• electronic document management;
• participating in public procurement;
• signing official documents.

In most business situations, when people talk about creating an electronic signature, they usually mean obtaining a qualified electronic signature.

Why businesses need an electronic signature

At first, many companies adopted electronic document management simply to save time. There was no need to print documents, wait for couriers, or send paper contracts between cities.

Today, the reasons are broader. A qualified electronic signature allows businesses to:

• work with tax services;
• submit reports;
• sign contracts remotely;
• interact with government portals;
• organize internal electronic document workflows.

For small businesses, this is mostly a matter of convenience. For medium and large companies, it also becomes a matter of control, compliance, and information security.

Who can obtain a qualified electronic signature?

A qualified electronic signature can be issued to:

• individuals;
• individual entrepreneurs;
• company directors;
• employees of organizations;
• representatives of government institutions.

In larger organizations, dozens of electronic signatures may be used at the same time by different employees and for different business roles.

What documents are required?

The list of documents depends on the applicant’s status.

For individuals, the usual documents are:

• a passport or ID card;
• a taxpayer identification number.

For legal entities, additional documents may be required to confirm the authority of the signer.

Before submitting an application, it is always worth checking the current requirements of the selected qualified trust service provider.

How much does it cost to create an electronic signature?

This is one of the most common questions from entrepreneurs and company representatives.

The cost depends on several factors:

• the type of user;
• the selected service provider;
• the method of storing the key;
• whether a secure token is required.

In some cases, the certificate may be issued free of charge. In others, the user may need to pay for the service, the token, or additional support.

That is why the current cost should be checked before starting the application process.

How to create an electronic signature

The general process is usually similar.

First, the user prepares the required documents and passes identification. After that, a private key is generated and a certificate is issued.

Depending on the provider, part of the process may be completed remotely.

In practice, most problems do not appear during the creation of the electronic signature. They appear later, when the company starts using several signatures in daily work.

Can you share your electronic signature with another person?

The short answer is no.

In real life, this still happens. A director may leave the key with an accountant. An employee may share a password with a colleague before going on vacation. Someone may keep the key on a shared computer.

From an information security perspective, this creates serious risks. Once the key is shared, it becomes difficult to prove who actually signed a specific document.

Each user should have and use their own electronic signature.

What should you do if the key is lost?

Losing a device or file with a private key does not always mean that the signature has been compromised. Still, the situation should not be ignored.

In such cases, it is recommended to:

1. contact the trust service provider;
2. revoke the certificate;
3. obtain a new key and certificate.

The sooner this is done, the lower the potential risk.

How to store an electronic signature securely

At first glance, key storage may seem like a minor detail.

However, many problems with electronic signatures are related not to the signing process itself, but to how the private keys are stored and managed.

Common mistakes include:

• storing keys on ordinary flash drives;
• writing passwords in notebooks;
• sending key files by email;
• using one signature for several employees.

For an individual entrepreneur, these risks may seem limited. For a company with many employees, the situation is different.

That is why many organizations move to secure tokens and centralized systems for managing qualified electronic signatures.

Do several employees use qualified electronic signatures in your company?

Obtaining electronic signatures is only the first step. The next challenge is controlling access, monitoring certificate validity, and ensuring secure key storage.

CybKey Base helps organizations centrally manage qualified electronic signatures and reduce the risks associated with their use.

Learn more about CybKey Base →

Frequently asked questions

Can I obtain a qualified electronic signature online?

In many cases, yes. Some procedures can be completed remotely, depending on the requirements of the selected trust service provider.

Does an individual need an electronic signature?

Yes, if they need to work with certain government services or sign electronic documents.

How long is an electronic signature valid?

The validity period is defined by the certificate and depends on the terms of its issue.

Can one QES be used by several employees?

No. Each electronic signature should be linked to a specific person.

What should I do when the certificate expires?

You need to renew the certificate or obtain a new one according to the procedure of your trust service provider.

Conclusion

Creating an electronic signature is now a standard procedure for businesses, public institutions, and entrepreneurs. But obtaining a certificate is only part of the process.

The more important question is how the signature will be used afterwards: who has access to the private key, how certificate validity is monitored, and how securely the company manages its electronic signatures.

A modern approach to electronic signatures is not only about issuing certificates. It is also about building controlled and secure processes around their daily use.