- digital identification; electronic signature; certification of means; information security; technical standard; interagency coordination; digital transformation
- https://doi.org/10.63341/naia-chasopis/3.2025.24.
- Pages 24-44
The relevance of the study was determined by the need for legal and technical rethinking of state regulation of cryptographic information protection under the conditions of Ukraine’s digital transformation. The aim of the article was to identify the effectiveness of the existing regulatory, institutional, and technical model for data cryptographic protection, taking into account the provisions of international standards. The study applied methods of structural-functional analysis, systematic comparison of legal provisions, and content analysis of technical requirements. As a result of the study, it was established that the regulatory field covered two levels of influence – general technical and specialised – yet only approximately sixty percent of the provisions on electronic signature, cryptographic key management, and timestamps corresponded to international technical requirements. Fragmentation in the definition of mandatory certification procedures and the absence of unified regulations in the field of digital identification and electronic seals were recorded. Within the framework of interinstitutional interaction, it was found that only three out of eight functional areas were governed by formalised mechanisms, which complicated the response to cryptographic incidents. Technical analysis confirmed that the average key length in cryptographic algorithms resistant to quantum computing systems exceeded three thousand bits – two to three times higher than the parameters of traditional algorithms – yet the implementation of such solutions into the state certification system was limited. It was also established that only a portion of cryptographic protection hardware complied with international technical security level requirements. The practical significance of the study results lay in the potential application for updating the regulatory architecture, forming technical regulations, developing state control procedures, and supporting public authorities, technical expert units, and developers in the implementation of the national cybersecurity strategy
References
- Aydeger, A., Zeydan, E., Yadav, A.K., Hemachandra, K.T., & Liyanage, M. (2024). Towards a quantum- resilient future: Strategies for transitioning to post-quantum cryptography. In Proceedings of the 15th international conference on network of the future (pp. 195-203). Castelldefels: IEEE. doi: 10.1109/NoF62948.2024.10741441.
- Balaji, K. (2025). E-government and E-governance: Driving digital transformation in public administration. In K. Wongmahesak & J. Ahmad (Eds.), Public governance practices in the age of AI (pp. 23-44). London: IGI Global. doi: 10.4018/979-8-3693-9286-7.ch002.
- Bavdekar, R., Chopde, E.J., Bhatia, A., Tiwari, K., & Daniel, S.J. (2022). Post quantum cryptography: Techniques, challenges, standardisation, and directions for future research. arXiv. doi: 10.48550/arXiv.2202.02826.
- Bommareddy, S., Khan, J.A., & Anand, R. (2022). A review on healthcare data privacy and security. In P. Singh, O. Kaiwartya, N. Sindhwani, V. Jain & R. Anand (Eds.), Networking technologies in smart healthcare: Innovations and analytical approaches (pp. 165-187). Boca Raton: CRC Press. doi: 10.1201/9781003239888.
- Bouraffa, T., & Hui, K.-L. (2025). Regulating information and network security: Review and challenges. ACM Computing Surveys, 57(5), article number 126. doi: 10.1145/3711124.
- Cardoso, O.V. (2022). Cryptography and law: The case of Brazil. Digital Law Journal, 3(3), 8-19. doi: 10.38044/2686-9136-2022-3-3-8-19.
- Chen, J. (2020). Regulation and deregulation: Understanding the evolution of the Chinese cryptography legal regime from the newly released Cryptography Law of China. International Cybersecurity Law Review, 1(1), 73-86. doi: 10.1365/s43439-020-00003-6.
- Chen, L. (2024). Standardisation of and migration to post-quantum cryptography. In X. Lu & C.J. Mitchell (Eds.), Security standardisation research (pp. 3-13). Cham: Springer. doi: 10.1007/978-3-031-87541-0_1.
- Ciancarini, P., Giancarlo, R., & Grimaudo, G. (2024). Digital transformation in the public administrations: A guided tour for computer scientists. IEEE Access, 12, 22841-22865. doi: 10.1109/ACCESS.2024.3363075.
- DSTU 4145-2002 “Information technology. Cryptographic protection of information. Digital signature based on elliptic curves. Formation and verification”. (2002). Retrieved from https://online.budstandart.com/ua/ catalog/doc-page.html?id_doc=68769.
- DSTU 7624:2014 “Information technology. Cryptographic protection of information. Symmetric block transformation algorithm. Correction”. (2014). Retrieved from https://online.budstandart.com/ua/catalog/doc-page.html?id_doc=65314.
- European Telecommunications Standards Institute. (2016a). ETSI EN 319 411-2 V2.2.2: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates. Retrieved from https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.02.00_20/en_31941102v020200a.pdf.
- European Telecommunications Standards Institute. (2016b). ETSI EN 319 421 V1.1.1: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing signature validation services. Retrieved from https://cdn.standards.iteh.ai/samples/39366/0766c518ead24fcfb5e9bc4cb7527f9c/ETSI-EN-319-421-V1-1-1-2016-03-.pdf.
- European Telecommunications Standards Institute. (2018). ETSI TS 103 097 V1.3.1: Intelligent Transport Systems (ITS); Security; Security header and certificate formats. Retrieved from https://www.etsi.org/deliver/etsi_ts/103000_103099/103097/01.03.01_60/ts_103097v010301p.pdf.
- European Union Agency for Cybersecurity. (2014). Securing personal data: ENISA guidelines on cryptographic solutions. Retrieved from https://surli.cc/kulckx.
- Firmansyah, B., & Bansal, R. (2024). Standardisation and regulatory challenges in modern cryptography. In B. Gupta (Ed.), Metaverse security paradigms (pp. 145-183). London: IGI Global. doi: 10.4018/979-8-3693-3824-7.ch006.
- ISO/IEC 27001:2022 “Information security, cybersecurity and privacy protection – Information security management systems – Requirements”. (2022). Retrieved from https://www.iso.org/ru/standard/27001.
- ISO/IEC No. 15408-1:2009 “Evaluation criteria for IT security”. (2009). Retrieved from https://www.iso. org/standard/50341.html.
- ISO/IEC No. 18033-1:2021 “Encryption algorithms”. (2021). Retrieved from https://www.iso.org/ standard/76156.html.
- ISO/IEC No. 19790:2012 “Security requirements for cryptographic modules”. (2012). Retrieved from https://www.iso.org/standard/52906.html.
- ISO/IEC 27033-5:2016 “Information technology. Security methods. Network security. Part 5. Securing communications across networks using virtual private networks (VPNs)”. (2016). Retrieved from https://online.budstandart.com/ua/catalog/doc-page.html?id_doc=69130.
- ISO/IEC No. 7816-4:2020 “Integrated circuit cards”. (2020). Retrieved from https://surl.li/rxclpp.
- Jia, X., Xu, J., Han, M., Zhang, Q., Zhang, L., & Chen, X. (2023). International standardisation of blockchain and distributed ledger technology: Overlaps, gaps and challenges. CMES-Computer Modeling in Engineering & Sciences, 137(2), 1491-1523. doi: 10.32604/cmes.2023.026357.
- Joshi, A., Bhalgat, P., Chavan, P., Chaudhari, T., & Patil, S. (2024). Guarding against quantum threats: A survey of post-quantum cryptography standardisation, techniques, and current implementations. In V.S. Shankar Sriram, A. Glory, G. Li & S.R. Pokhrel (Eds.), International conference on applications and techniques in information security (pp. 33-46). Singapore: Springer. doi: 10.1007/978-981-97-9743-1_3.
- Kazimi, J., & Thalwal, H. (2024). Legal implications and challenges of cryptography and data security: Current trends and future directions. In Proceedings of the First international conference on technological innovations and advance computing (pp. 19-27). Bali: IEEE. doi: 10.1109/TIACOMP64125.2024.00014.
- Kokarcha, Y., & Lalueva, A. (2022). Peculiarities of personal data protection in social networks: The impact of martial law. Proceedings of the III international scientific and theoretical conference “Current issues of science, prospects and challenges” (pp. 70-74). Sydney: SCIENTA.
- Kostiuk, Y.V., Skladanny, P.M., Hulak, G.M., Bebeshko, B.T., Khorolska, K.V., & Rzaeva, S.L. (2025). Information security systems. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
- Lampe, G.S. (2023). Critical success factors for integrating a circular interaction model for security processes in digital transformation. Ecoforum Journal, 12(2).
- Limniotis, K. (2021). Cryptography as the means to protect fundamental human rights. Cryptography, 5(4), article number 34. doi: 10.3390/cryptography5040034.
- López, P. (2025). The national security framework as a cybersecurity reference for information cryptosystems. In C.P. Sempere (Ed.), Governance and control of data and digital economy in the European Single Market: Legal framework for new digital assets, identities and data spaces (pp. 125-144). Cham: Springer. doi: 10.1007/978-3-031-74889-9_6.
- Millard, J. (2023). Impact of digital transformation on public governance. Retrieved from https://s4andalucia.es/wp-content/uploads/2023/10/JRC133975_01.pdf.
- National Institute of Standards and Technology. (2001). FIPS PUB 140-2: Security requirements for cryptographic modules. Retrieved from https://csrc.nist.gov/publications/detail/fips/140/2/final.
- National Institute of Standards and Technology. (2008). NIST Special Publication 800-115: Technical guide to information security testing and assessment. Retrieved from https://surl.li/mnnfqg.
- National Institute of Standards and Technology. (2019). NIST Special Publication 800-52 Revision 2: Guidelines for the selection, configuration, and use of transport layer security (TLS) implementations. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final.
- National Institute of Standards and Technology. (2020). NIST Special Publication 800-57 Part 1 Rev. 5: Recommendation for key management. Retrieved from https://surl.li/uujzun.
- National Police of Ukraine. (n.d.). Annual reports. Retrieved from https://surl.lt/pjhzkk.
- National Security and Defense Council of Ukraine. (n.d.). Accounting for public information. Retrieved from https://rnbo.gov.ua/ua/Oblik-publichnoi-informatsii.html.
- Riebe, T., Kühn, P., Imperatori, P., & Reuter, C. (2022). US security policy: The dual-use regulation of cryptography and its effects on surveillance. European Journal for Security Research, 7(1), 39-65. doi: 10.1007/s41125-022-00080-0.
- Saragih, H. (2025). The impact of digital transformation on the performance and security of information systems in government institutions. Pakistan Journal of Life and Social Sciences, 23(1), 5333-5344. doi: 10.57239/PJLSS-2025-23.1.00416.
- Security Service of Ukraine. (n.d.). Reports. Retrieved from https://ssu.gov.ua/zvity.
- Shaik, N., Chandana, B.H., Chitralingappa, P., & Sasikala, C. (2025). Protecting in the digital age: A comprehensive examination of cybersecurity and legal implications. In S. Barman, S. Koley & S. Joardar (Eds.), Next-generation systems and secure computing (pp. 105-135). London: Scrivener Publishing LLC. doi: 10.1002/9781394228522.ch6.
- Shamo, S.A. (2024). Bridging the quantum divide: A comprehensive analysis of NIST and ISO standards for post- quantum cryptography and strategies for global harmonisation. Retrieved from https://surl.li/pudanm.
- Vargiolu, A. (2022). Cryptography and privacy issues: An OECD framework for global data protection. doi: 10.13140/RG.2.2.13868.88969.
- Yanamala, A.K., & Suryadevara, S. (2024). Navigating data protection challenges in the era of artificial intelligence: A comprehensive review. Revista de Inteligencia Artificial en Medicina, 15(1), 113-146.
- Zinchuk, M.V. (2024). Legal support for the protection of confidential information in Ukraine. Lutsk: Lesya Ukrainka Volyn National University.