| | |
Order of the President of the People's Republic of China
(No.18)
The Law of the People's Republic of China on Electronic Signature, which was adopted at the 11th meeting of the Standing Committee of the Tenth National People's Congress of the People's Republic of China on August 28, 2004, is hereby promulgated, and shall come into force as of the date of April 1, 2005.
President of the People's Republic of China Hu Jintao
August 28, 2004
Law of the People's Republic of China on Electronic Signature
(Adopted at the 11th meeting of the Standing Committee of the Tenth National People's Congress of the People's Republic of China on August 28, 2004)
| | 中华人民共和国主席令
(第18号)
《中华人民共和国电子签名法》已由中华人民共和国第十届全国人民代表大会常务委员会第十一次会议于2004年8月28日通过,现予公布,自2005年4月1日起施行。
中华人民共和国主席 胡锦涛
2004年8月28日
中华人民共和国电子签名法
(2004年8月28日第十届全国人民代表大会常务委员会第十一次会议通过)
|
Contents
| | 目录
|
Chapter I General Provisions
| | 第一章 总则
|
Chapter II Data Message
| | 第二章 数据电文
|
Chapter III Electronic Signature and Certification
| | 第三章 电子签名与认证
|
Chapter IV Legal Liabilities
| | 第四章 法律责任
|
Chapter V Supplementary Provisions
| | 第五章 附则
|
Chapter I General Provisions
| | 第一章 总则
|
Article 1 The present Law is formulated for the purpose of regulating the act of electronic signature, establishing the legal effect of electronic signature, and maintaining the lawful rights and interests of the relevant parties concerned.
| | 第一条 为了规范电子签名行为,确立电子签名的法律效力,维护有关各方的合法权益,制定本法。
|
Article 2 The “Electronic Signature” as mentioned in the present Law shall refer to the data included and attached in data message in electronic form, for the use of identifying the identity of the signatory and showing that the signatory has recognized the contents therein.
The “Data Message” as mentioned in the present Law shall refer to the information created, sent, received or stored by such means as electron, optics, magnetism or the similar means.
| | 第二条 本法所称电子签名,是指数据电文中以电子形式所含、所附用于识别签名人身份并表明签名人认可其中内容的数据。
本法所称数据电文,是指以电子、光学、磁或者类似手段生成、发送、接收或者储存的信息。
|
Article 3 The parties may stipulate to use or not to use electronic signature or data message in the contract or other documents and documentations in civil activities.
The legal effect of any document using electronic signature and data message as stipulated by the parties shall not be denied only because it takes the form of electronic signature and data message.
The aforesaid provisions shall not be applicable to the following documents:
| | 第三条 民事活动中的合同或者其他文件、单证等文书,当事人可以约定使用或者不使用电子签名、数据电文。
当事人约定使用电子签名、数据电文的文书,不得仅因为其采用电子签名、数据电文的形式而否定其法律效力。
前款规定不适用下列文书:
|
1. Documents concerning such personal relations as marriage, adoption and succession, etc.;
| | (一)涉及婚姻、收养、继承等人身关系的;
|
2. Documents concerning the transfer of such real estate rights and interests as land, and house, etc.;
| | (二)涉及土地、房屋等不动产权益转让的;
|
3. Documents concerning stopping water supply, heat supply, gas supply and power supply, and other public utility services; and
| | (三)涉及停止供水、供热、供气、供电等公用事业服务的;
|
4. Other circumstances under which the electronic documents are not applicable as prescribed by laws and administrative regulations.
| | (四)法律、行政法规规定的不适用电子文书的其他情形。
|
Chapter II Data Message
| | 第二章 数据电文
|
Article 4 Any data message that can show the contents it specifies in material form, and may be picked up for reference and use at any time, shall be regarded as complying with the written form as prescribed by laws and regulations.
| | 第四条 能够有形地表现所载内容,并可以随时调取查用的数据电文,视为符合法律、法规要求的书面形式。
|
Article 5 The data message meeting the following requirements shall be regarded as satisfying the requirements for the form of the original as prescribed by laws and regulations:
| | 第五条 符合下列条件的数据电文,视为满足法律、法规规定的原件形式要求:
|
1. Data message that is capable of effectively showing the contents it specifies and may be picked up for reference and use at any time; and
| | (一)能够有效地表现所载内容并可供随时调取查用;
|
2. Data message that is capable of unfailingly ensuring that the contents are complete and unaltered from the time when it finally comes into being. But the integrality of the data message will not be influenced by the adding of endorsement in the data message and the alteration of forms occurred during the course of data interchange, storage and display.
| | (二)能够可靠地保证自最终形成时起,内容保持完整、未被更改。但是,在数据电文上增加背书以及数据交换、储存和显示过程中发生的形式变化不影响数据电文的完整性。
|
Article 6 Any data message that meets the following requirements shall be regarded as satisfying the requirements for document preservation as prescribed by laws and regulations:
| | 第六条 符合下列条件的数据电文,视为满足法律、法规规定的文件保存要求:
|
1. Being capable of effectively showing the contents it specifies and may be picked up for reference and use at any time;
| | (一)能够有效地表现所载内容并可供随时调取查用;
|
2. The format of the data message is the same as the format when it is created, sent or received, or the format is not the same but is able to accurately show the contents of original creation, sending, or receiving; and
| | (二)数据电文的格式与其生成、发送或者接收时的格式相同,或者格式不相同但是能够准确表现原来生成、发送或者接收的内容;
|
3. Being capable of identifying the addresser, addressee of the data message and the time for sending and receiving.
| | (三)能够识别数据电文的发件人、收件人以及发送、接收的时间。
|
Article 7 No data message may be rejected for being used as evidence only because it is created, sent, received or stored by ways of electron, optics, magnetism, or the similar means.
| | 第七条 数据电文不得仅因为其是以电子、光学、磁或者类似手段生成、发送、接收或者储存的而被拒绝作为证据使用。
|
Article 8 The following factors shall be taken into consideration when making examination on the truthfulness of any data message as evidence:
| | 第八条 审查数据电文作为证据的真实性,应当考虑以下因素:
|
1. The reliability of the methods for creation, storage or transmission of data message;
| | (一)生成、储存或者传递数据电文方法的可靠性;
|
2. The reliability of the methods for keeping the integrality of the contents;
| | (二)保持内容完整性方法的可靠性;
|
3. The reliability of the methods for identifying the addresser; and
| | (三)用以鉴别发件人方法的可靠性;
|
4. Other relevant factors.
| | (四)其他相关因素。
|
Article 9 Under any of the following circumstances, the data message shall be regarded as being sent by the addresser:
| | 第九条 数据电文有下列情形之一的,视为发件人发送:
|
1. Being sent upon the authorization of the addresser;
| | (一)经发件人授权发送的;
|
2. Being sent automatically by the information system of the addresser; or
| | (二)发件人的信息系统自动发送的;
|
3. The addressee finds that the consequence complies, upon examination, with the validation on the data message according to the method approved by the addresser.
Unless there are different stipulations by the parties on the matters prescribed in the preceding paragraph, the stipulations shall be followed.
| | (三)收件人按照发件人认可的方法对数据电文进行验证后结果相符的。
当事人对前款规定的事项另有约定的,从其约定。
|
Article 10 In case the receiving of any data message needs to be confirmed as prescribed by laws and administrative regulations or the stipulations of the parties, the receiving shall be confirmed. If an addresser has received any confirmation of the addressee on the receiving, the data message shall be regarded as having been received.
| | 第十条 法律、行政法规规定或者当事人约定数据电文需要确认收讫的,应当确认收讫。发件人收到收件人的收讫确认时,数据电文视为已经收到。
|
Article 11 The time when any data message enters into a certain information system out of the control of the addresser shall be regarded as the time for sending the data message.
In case an addressee has designated a given system to receive any data message, the time when the data message enters into the given system shall be regarded as the time for receiving the data message. If no given system is designated, the time when the data message enters into any system of the addressee for the first time shall be regarded as the time for receiving the data message.
In case the parties have different stipulations on the time for sending and receiving the data message, the stipulations shall be followed.
| | 第十一条 数据电文进入发件人控制之外的某个信息系统的时间,视为该数据电文的发送时间。
收件人指定特定系统接收数据电文的,数据电文进入该特定系统的时间,视为该数据电文的接收时间;未指定特定系统的,数据电文进入收件人的任何系统的首次时间,视为该数据电文的接收时间。
当事人对数据电文的发送时间、接收时间另有约定的,从其约定。
|
Article 12 The main business place of an addresser shall be the place for sending data message, the main business place of the addressee shall be the place for receiving data message. If there is no main business place, the habitual residence shall be the sending or receiving place.
Unless there are different stipulations by the parties on the place for sending or receiving data message, the stipulations shall be followed.
| | 第十二条 发件人的主营业地为数据电文的发送地点,收件人的主营业地为数据电文的接收地点。没有主营业地的,其经常居住地为发送或者接收地点。
当事人对数据电文的发送地点、接收地点另有约定的,从其约定。
|
Chapter III Electronic Signature and Certification
| | 第三章 电子签名与认证
|
Article 13 If any electronic signature complies with the following conditions concurrently, it shall be regarded as a reliable electronic signature:
| | 第十三条 电子签名同时符合下列条件的,视为可靠的电子签名:
|
1. When any data made by electronic signature is used for electronic signature, and it is owned exclusively by the electronic signatory;
| | (一)电子签名制作数据用于电子签名时,属于电子签名人专有;
|
2. The data made by electronic signature is controlled only by the electronic signatory when signing;
| | (二)签署时电子签名制作数据仅由电子签名人控制;
|
3. Any alteration on electronic signature after signing can be found out; and
| | (三)签署后对电子签名的任何改动能够被发现;
|
4. Any alteration on the contents and form of any data message can be found out after signing.
The parties may also choose to use the electronic signature with reliable conditions, which complies with their stipulations.
| | (四)签署后对数据电文内容和形式的任何改动能够被发现。
当事人也可以选择使用符合其约定的可靠条件的电子签名。
|
Article 14 A reliable electronic signature shall have the same legal effect with the hand signature or seal.
| | 第十四条 可靠的电子签名与手写签名或者盖章具有同等的法律效力。
|
Article 15 An electronic signatory shall properly keep the data made by electronic signature. In case any electronic signatory has known that any data made by electronic signature has given away official secrets or may give away official secrets, he shall notify the relevant parties concerned in time, and terminate the use of the data made by electronic signature.
| | 第十五条 电子签名人应当妥善保管电子签名制作数据。电子签名人知悉电子签名制作数据已经失密或者可能已经失密时,应当及时告知有关各方,并终止使用该电子签名制作数据。
|
Article 16 In case there is necessity for any electronic signature to be certified by a third party, the certification service shall be provided by an legally established electronic certification service provider.
| | 第十六条 电子签名需要第三方认证的,由依法设立的电子认证服务提供者提供认证服务。
|
Article 17 The following conditions shall be met when providing electronic certification services:
| | 第十七条 提供电子认证服务,应当具备下列条件:
|
1. Having professional technicians and managers suited for providing electronic certification service;
| | (一)具有与提供电子认证服务相适应的专业技术人员和管理人员;
|
2. Having capital and business place meeting the requirements for providing electronic certification service;
| | (二)具有与提供电子认证服务相适应的资金和经营场所;
|
3. Having technology and equipment complying with the national safety standards and technology;
| | (三)具有符合国家安全标准的技术和设备;
|
4. Having certification documents using codes as approved by the state code administration organ; and
| | (四)具有国家密码管理机构同意使用密码的证明文件;
|
5. Other conditions as prescribed by laws and administrative regulations.
| | (五)法律、行政法规规定的其他条件。
|
Article 18 The applicant who is to undertake electronic certification service shall file an application to the competent department of information industry of the State Council, and submit the relevant documents as prescribed in Article 17 of the present Law. The competent department of information industry of the State Council shall make examination according to law after the application is accepted, and make a decision on giving permission or not giving permission within 45 days from the date when the application is accepted after soliciting the opinions of the competent commerce department of the State Council and the relevant departments. If the permission is granted, an electronic certification licensing certificate shall be issued. If the permission is not granted, the applicant shall be notified in writing and the reasons shall be explained.
An applicant shall go through formalities for enterprise registration at the administrative department for industry and commerce according to law upon the strength of electronic certification licensing certificate.
Any electronic certification service provider who has obtained qualification of certification shall publicize its name and number of license and other information in the internet in accordance with the provisions of the competent department of information industry of the State Council.
| | 第十八条 从事电子认证服务,应当向国务院信息产业主管部门提出申请,并提交符合本法第十七条规定条件的相关材料。国务院信息产业主管部门接到申请后经依法审查,征求国务院商务主管部门等有关部门的意见后,自接到申请之日起四十五日内作出许可或者不予许可的决定。予以许可的,颁发电子认证许可证书;不予许可的,应当书面通知申请人并告知理由。
申请人应当持电子认证许可证书依法向工商行政管理部门办理企业登记手续。
取得认证资格的电子认证服务提供者,应当按照国务院信息产业主管部门的规定在互联网上公布其名称、许可证号等信息。
|
Article 19 An electronic certification service provider shall formulate and promulgate the electronic certification business rules complying with the relevant state provisions, and put them on records at the competent department of information industry of the State Council.
The electronic certification business rules shall cover the scope of liabilities, working operational specifications, information safeguard measures, and other matters concerned.
| | 第十九条 电子认证服务提供者应当制定、公布符合国家有关规定的电子认证业务规则,并向国务院信息产业主管部门备案。
电子认证业务规则应当包括责任范围、作业操作规范、信息安全保障措施等事项。
|
Article 20 In case any electronic signatory provides electronic signature certification certificate to any electronic certification service provider, he shall provide true, complete and accurate information.
After receiving any application for electronic signature certification certificate, an electronic certification service provider shall check the identity of the applicant and make examination on the relevant materials.
| | 第二十条 电子签名人向电子认证服务提供者申请电子签名认证证书,应当提供真实、完整和准确的信息。
电子认证服务提供者收到电子签名认证证书申请后,应当对申请人的身份进行查验,并对有关材料进行审查。
|
Article 21 Any electronic signature certification certificate signed by an electronic certification service provider shall be accurate and have no mistakes, and shall specify the following contents:
| | 第二十一条 电子认证服务提供者签发的电子签名认证证书应当准确无误,并应当载明下列内容:
|
1. Name of the electronic certification service provider;
| | (一)电子认证服务提供者名称;
|
2. Name of the certificate holder;
| | (二)证书持有人名称;
|
3. Serial number of the certificate;
| | (三)证书序列号;
|
4. Period of validity of the certificate;
| | (四)证书有效期;
|
5. Electronic signature validation data of the certificate holder;
| | (五)证书持有人的电子签名验证数据;
|
6. Electronic signature of the electronic certification service provider; and
| | (六)电子认证服务提供者的电子签名;
|
7. Other contents as prescribed by the competent department of information industry of the State Council.
| | (七)国务院信息产业主管部门规定的其他内容。
|
Article 22 An electronic certification service provider shall ensure that the contents of an electronic signature certification certificate are complete and accurate within the period of validity, and ensure that the party depending on the electronic signature is able to prove or know the contents specified in the electronic certification certificate and other relevant matters concerned.
| | 第二十二条 电子认证服务提供者应当保证电子签名认证证书内容在有效期内完整、准确,并保证电子签名依赖方能够证实或者了解电子签名认证证书所载内容及其他有关事项。
|
Article 23 In case any electronic certification service provider intends to suspend or terminate electronic certification service, it shall notify the relevant parties concerned of the carrying-on of business and other relevant matters 90 days before the suspension or termination of the service.
In case any electronic certification service provider intends to suspend or terminate electronic certification service, it shall report to the competent department of information industry of the State Council 60 days before suspending or terminating the service, and negotiates with other electronic certification service provider on the carrying-on of business, so as to make proper arrangements.
In case any electronic certification service provider fails to reach an agreement on the carrying-on of business with other electronic certification service provider, it shall apply to the competent department of information industry of the State Council for arranging other electronic certification service provider to carry on its business.
In case any electronic certification service provider is revoked of the electronic certification licensing certificate, the carrying on of its business and other matters shall be handled in accordance with the provisions of the competent department of information industry of the State Council.
| | 第二十三条 电子认证服务提供者拟暂停或者终止电子认证服务的,应当在暂停或者终止服务九十日前,就业务承接及其他有关事项通知有关各方。
电子认证服务提供者拟暂停或者终止电子认证服务的,应当在暂停或者终止服务六十日前向国务院信息产业主管部门报告,并与其他电子认证服务提供者就业务承接进行协商,作出妥善安排。
电子认证服务提供者未能就业务承接事项与其他电子认证服务提供者达成协议的,应当申请国务院信息产业主管部门安排其他电子认证服务提供者承接其业务。
电子认证服务提供者被依法吊销电子认证许可证书的,其业务承接事项的处理按照国务院信息产业主管部门的规定执行。
|
Article 24 An electronic certification service provider shall properly keep the information relating to certification. The time limit for keeping the information shall be at least 5 years after the invalidation of the electronic signature certification certificate.
| | 第二十四条 电子认证服务提供者应当妥善保存与认证相关的信息,信息保存期限至少为电子签名认证证书失效后五年。
|
Article 25 The competent department of information industry of the State Council shall conduct supervision over electronic certification service providers according to law in accordance with the concrete measures for the administration of electronic certification service industry.
| | 第二十五条 国务院信息产业主管部门依照本法制定电子认证服务业的具体管理办法,对电子认证服务提供者依法实施监督管理。
|
Article 26 Upon the approval of the competent department of information industry of the State Council, and in light of the relevant agreement or the principle of reciprocity, any electronic signature certification certificate issued overseas by any electronic certification service provider outside the territory of the People's Republic of China shall have the same legal effect with the electronic certification certificate issued by the electronic certification service provider established according to the present Law.
| | 第二十六条 经国务院信息产业主管部门根据有关协议或者对等原则核准后,中华人民共和国境外的电子认证服务提供者在境外签发的电子签名认证证书与依照本法设立的电子认证服务提供者签发的电子签名认证证书具有同等的法律效力。
|
Chapter IV Legal Liabilities
| | 第四章 法律责任
|
Article 27 In case any electronic signatory knows that any data made by electronic signature has given away official secrets or may have given away official secrets but fails to notify the relevant parties concerned and terminate the use of the data made by electronic signature, or fails to provide truthful, complete and accurate information to the electronic service provider, or has any other fault, which result in the damage to the party depending on electronic signature, the electronic certification service provider, he shall undertake compensation liabilities.
| | 第二十七条 电子签名人知悉电子签名制作数据已经失密或者可能已经失密未及时告知有关各方、并终止使用电子签名制作数据,未向电子认证服务提供者提供真实、完整和准确的信息,或者有其他过错,给电子签名依赖方、电子认证服务提供者造成损失的,承担赔偿责任。
|
Article 28 Where any electronic signatory or any party depending on electronic signature suffers losses due to undertaking civil activities on the basis of the electronic signature certification service provided by any electronic certification service provider, and if the electronic certification service provider cannot prove that he has no fault, he shall undertake compensation liabilities.
| | 第二十八条 电子签名人或者电子签名依赖方因依据电子认证服务提供者提供的电子签名认证服务从事民事活动遭受损失,电子认证服务提供者不能证明自己无过错的,承担赔偿责任。
|
Article 29 In case anyone provides electronic certification service without approval, the competent department of information industry of the State Council shall order it to stop the illegal acts; if there are any illegal gains, the illegal gains shall be confiscated; if the illegal gains are more than RMB 300 thousand Yuan, it shall be given a fine of one time up to three times of the illegal gains. If it has no illegal gains or the illegal gains are less than RMB 300 thousand Yuan, it shall be given a fine of RMB 100 thousand Yuan up to RMB 300 thousand Yuan.
| | 第二十九条 未经许可提供电子认证服务的,由国务院信息产业主管部门责令停止违法行为;有违法所得的,没收违法所得;违法所得三十万元以上的,处违法所得一倍以上三倍以下的罚款;没有违法所得或者违法所得不足三十万元的,处十万元以上三十万元以下的罚款。
|
Article 30 In case any electronic certification service provider suspends or terminates electronic certification service, but fails to report to the competent department of information industry of the State Council within 60 days before the suspension or termination of the service, the competent department of information industry of the State Council shall impose a fine of RMB 10 thousand Yuan up to RMB 50 thousand Yuan upon the person directly in charge.
| | 第三十条 电子认证服务提供者暂停或者终止电子认证服务,未在暂停或者终止服务六十日前向国务院信息产业主管部门报告的,由国务院信息产业主管部门对其直接负责的主管人员处一万元以上五万元以下的罚款。
|
Article 31 In case any electronic certification service provider does not abide by the certification business rules, fails to properly keep the information relating to certification, or has any other illegal acts, the competent department of information industry of the State Council may order it to correct within a prescribed time limit; if it fails to correct within the time limit, its electronic certification licensing certificate shall be revoked, and the person directly in charge and other persons directly liable shall be banned from undertaking electronic certification service within 10 years. If any electronic certification licensing certificate is revoked, a public notice on this shall be made, and the administrative department for industry and commerce shall be notified.
| | 第三十一条 电子认证服务提供者不遵守认证业务规则、未妥善保存与认证相关的信息,或者有其他违法行为的,由国务院信息产业主管部门责令限期改正;逾期未改正的,吊销电子认证许可证书,其直接负责的主管人员和其他直接责任人员十年内不得从事电子认证服务。吊销电子认证许可证书的,应当予以公告并通知工商行政管理部门。
|
Article 32 In case anyone forges, falsely uses or embezzles electronic signature of others and commits a crime, he shall be subject to criminal liability according to law. If that causes damage to others, he shall undertake civil liabilities.
| | 第三十二条 伪造、冒用、盗用他人的电子签名,构成犯罪的,依法追究刑事责任;给他人造成损失的,依法承担民事责任。
|
Article 33 According to the present Law if any staff member of the department taking charge of the work for the supervision over electronic certification service fails to perform duties of administrative license and supervision, he shall be given an administrative punishment according to law. If a crime is constituted, he shall be subject to criminal liabilities.
| | 第三十三条 依照本法负责电子认证服务业监督管理工作的部门的工作人员,不依法履行行政许可、监督管理职责的,依法给予行政处分;构成犯罪的,依法追究刑事责任。
|
Chapter V Supplementary Provisions
| | 第五章 附则
|
Article 34 The following words in the present Law shall have the following meaning:
| | 第三十四条 本法中下列用语的含义:
|
1. The “Electronic Signatory”, shall refer to the person who holds data made by electronic signature and implement electronic signature in his own identity or on behalf of the person he represents;
| | (一)电子签名人,是指持有电子签名制作数据并以本人身份或者以其所代表的人的名义实施电子签名的人;
|
2. The “Party Depending on Electronic Signature”, shall refer to the person who undertakes the relevant activities on the basis of his trust on any electronic signature certification certificate or electronic signature;
| | (二)电子签名依赖方,是指基于对电子签名认证证书或者电子签名的信赖从事有关活动的人;
|
3. The “Electronic Signature Certification Certificate”, shall refer to the data message or other electronic records that can prove that any electronic signatory has any connection with the data made by electronic signature;
| | (三)电子签名认证证书,是指可证实电子签名人与电子签名制作数据有联系的数据电文或者其他电子记录;
|
4. The “Data Made by Electronic Signature”, shall refer to such data as the character, coding, etc., which are used in the course of electronic signature, and can connect electronic signature with electronic signatory reliably; and
| | (四)电子签名制作数据,是指在电子签名过程中使用的,将电子签名与电子签名人可靠地联系起来的字符、编码等数据;
|
5. The “Electronic Signature Validation Data”, shall refer to the data used for validating electronic signature, including codes, passwords, arithmetics or public keys, etc..
| | (五)电子签名验证数据,是指用于验证电子签名的数据,包括代码、口令、算法或者公钥等。
|
Article 35 The State Council or the departments prescribed by the State Council may formulate concrete measures for the use of electronic signature and data message used in governmental affairs and other social activities in light of the present Law.
| | 第三十五条 国务院或者国务院规定的部门可以依据本法制定政务活动和其他社会活动中使用电子签名、数据电文的具体办法。
|
| Article 36 The present Law shall come into force as of April 1, 2005. | | 第三十六条 本法自2005年4月1日起施行。
|
| | | |
| | | |