To ensure information security and protect users, the authorization procedure on the eGov.kz portal has changed since October this year. Now, after the first stage of authorization using a digital signature (DS), the user must verify their identity with an SMS code sent from 1414. The changes apply to the eGov.kz portal as well as its components (the eOtinish service and the 'Open Government' portal).

The new authorization system is aimed at enhancing information security and protecting users' data when using government online services. The second stage of authorization protects citizens in case of loss of access to their digital signature (DS) key, as well as against unauthorized access to the eGov.kz portal by third parties using the user's key. For this, the user’s identity must be verified via the mobile phone number linked to their eGov.kz portal account.

What should a user do if they do not receive an SMS from 1414?

To receive SMS codes correctly, the user must ensure that their phone number is linked to their eGov.kz portal account. If the phone number is not linked to the account, the user will not be able to receive messages from 1414. You can find the instructions for linking your mobile phone number to your eGov.kz portal account here.

Is there another way to log in without an SMS code?

A user can log in to the eGov.kz portal using the eGov Mobile application. To do this, the user needs to scan a special QR code from the eGov.kz portal's authorization page using the eGov Mobile application.

What steps should users take if they are abroad?

Users located outside the Republic of Kazakhstan will only receive SMS messages from 1414 if international roaming is enabled. Therefore, it is important to ensure that the roaming service is active before using the public services of the eGov.kz portal abroad.

Note! Sharing digital signature (DS) keys with third parties is prohibited, since DS serves as a personal identification tool and is equivalent to a handwritten signature. The transfer of DS to other persons is subject to administrative liability.

To avoid violations when using a digital signature (DS), documents on behalf of a legal entity can only be signed by the head of the organization or individuals officially authorized by the organization. Each person uses their own digital signature (DS), and the power of attorney only confirms that the individual has the right to sign documents on behalf of the legal entity. If the information system used for signing requires additional permissions, the procedure should be clarified with the system owner.

Individuals and individual entrepreneurs can officially authorize another person to sign documents on their behalf. In this case, each person uses their own digital signature (DS) issued in their name.

In the event that violations are detected, individuals and legal entities will be held administratively liable. Depending on the category of the offender, the following amounts of administrative fines are established:

• individuals – 50 MCI (KZT 196,600);
• officials, small business entities, and non-profit organizations – 100 MCI (KZT 393,200);
• medium-sized business entities – 150 MCI (KZT 589,800);
• large business entities – 200 MCI (KZT 786,400).

The change to the authorization procedure was implemented in accordance with Clause 47, 'Approval of Unified Requirements in the Field of Information and Communication Technologies and Information Security', which stipulates the mandatory use of multi-factor authentication. The updated authorization procedure applies to both individuals and legal entities.