Ukrainian companies have widely transitioned to qualified electronic signatures (QES) and electronic document management (EDM) — and rightly so. However, in legal practice, one recurring issue continues to emerge: businesses tend to assume that a QES automatically ensures legal protection, whereas in reality it merely records the state of affairs — including any existing deficiencies.
A QES is linked to a specific individual. In a dispute, courts assess not a “document issued by an LLC”, but whether the particular individual had the authority to sign on behalf of the company.
A typical scenario involves a document being signed by a manager or accountant, although such authority is reserved for the director. Alternatively, a document may be signed by a person without duly confirmed powers. In such cases, a QES does not mitigate the issue — it effectively evidences the violation.
The focus therefore shifts from “whether a signature exists” to “whether the signatory was duly authorised.”
In traditional paper-based practice, such control mechanisms were inherent: a director’s handwritten signature or a notarised power of attorney. In the digital environment, this boundary becomes blurred — technically, anyone with access to the key may execute the signature.
A common (yet legally flawed) practice is the storage of the director’s QES by an accountant, with its use occurring without the direct involvement of the signatory.
From a legal standpoint, each such document is deemed to have been signed personally by the director. As long as no dispute arises, this issue often remains unnoticed. However, in the event of a conflict, this practice becomes a critical vulnerability: the circumstances of signing — who had access to the key and under what conditions it was used — become central to the case.
Ukrainian courts recognise a QES as equivalent to a handwritten signature, provided that the identity of the signatory can be established and the integrity of the document is ensured.
The Supreme Court ruling dated 9 January 2026 in case No. 751/4083/24 illustrates this approach. The court recognised a Viber message as admissible evidence of acknowledgment of an order. The decisive factor was the totality of circumstances: the known phone number of the recipient, their response, and subsequent conduct confirming awareness of the content.
Submissions lacking a proper electronic signature or made outside the prescribed system are typically returned without consideration.
Most legal issues related to QES arise from the absence of basic internal governance rules. At a minimum, companies should clearly define:
Compromise of QES keys, unauthorised access, or execution of agreements by third parties may result in binding obligations and potential litigation. Accordingly, risk management in this area shifts from an IT function to a matter of executive responsibility.
A qualified electronic signature becomes an effective legal protection tool only when embedded within a well-defined framework of authority and control. Absent such a framework, digitalisation merely accelerates the same errors previously made in paper-based processes — now with a permanent digital trace.