中华人民共和国电子签名法 PRC, Electronic Signature Law
(Promulgated on 28 August 2004 and effective as of 1 April 2005.) 颁布日期:20040828 实施日期:20050401 PART ONE GENERAL PROVISIONS Article 1 This Law is formulated in order to regulate electronic signatures, to establish the legal validity of electronic signatures, and to safeguard the lawful rights and interests of all relevant parties. Article 2 For the purposes of this Law, the term “electronic signature” shall refer to data included in or appended to an electronic data message, in electronic form, to distinguish the signer and to indicate his consent to the contents therein. For the purposes of this Law, the term “electronic data message” shall refer to information created, transmitted, received or stored by electronic, optical, magnetic or similar means. Article 3 In regards to contracts or other documents or certificates in civil activities, parties may agree on the use or non-use of electronic signatures and electronic data messages. Parties that agree on using electronic signatures and electronic data messages in documents may not deny the legal validity of such signatures and data messages solely on the grounds of their form. The preceding provisions shall not apply to the following documents: 1. documents involving personal relationships such as marriage, adoption and inheritance; 2. documents involving the transfer of rights in immovable property such as land and buildings; 3. documents involving the cessation of public utility services such as the supply of water, heat, gas and electricity; and 4. other circumstances in which laws or administrative regulations stipulate that electronic documents are not applicable. PART TWO ELECTRONIC DATA MESSAGES Article 4 Electronic data messages that are able to demonstrate the contents tangibly and that may be retrieved and accessed at any time shall be deemed as complying with the written format required by laws and regulations. Article 5 Electronic data messages that meet the following criteria shall be deemed as fulfilling the requirements of laws and regulations on the form of the original text: 1. they are able to effectively demonstrate their contents and may be retrieved and accessed at any time; and 2. they are able to reliably guarantee that the contents have remained intact and have not been altered since the final formation. However, endorsements added to electronic data messages and the changes of format in the course of data exchange, storage and display shall not affect the integrity of the electronic data message. Article 6 Electronic data messages that fulfil the following criteria shall be deemed as fulfilling the requirements of laws and regulations on document preservation: 1. they are able to effectively demonstrate their contents and be retrieved and accessed at any time; 2. the format of the electronic data message is the same as that at the time of its creation, transmission or receipt, or the formats are different but they are able to demonstrate accurately the content originally created, transmitted or received; and 3. they are able to differentiate the sender and recipient, and the time of transmission and receipt of the electronic data message. Article 7 Electronic data messages shall not be rejected for use as evidence solely on the grounds that they have been created, transmitted, received or stored by electronic, optical, magnetic or similar means. Article 8 The examination of the authenticity of electronic data messages used as evidence shall take into account the following factors: 1. the reliability of the method of creation, storage or transmission of the electronic data message; 2. the reliability of the method of maintaining the integrity of the content; 3. the reliability of the method used to ascertain the sender; and 4. other relevant factors. Article 9 Electronic data messages in any of the following circumstances shall be deemed as being sent by the sender: 1. the transmission of the message has been authorized by the sender; 2. the message is automatically transmitted by the information system of the sender; or 3. the result is identical after the recipient has verified the message in accordance with the methods recognized by the sender. If the parties have a separate agreement on the matters stipulated in the preceding paragraph, such agreement shall prevail. Article 10 If it is stipulated in laws or administrative regulations or agreed between the parties that acknowledgement of receipt of the electronic data message is necessary, receipt shall be acknowledged. When the sender receives the acknowledgement of receipt from the recipient, the electronic data message shall be deemed as having been received. Article 11 The time at which an electronic data message enters into an information system beyond the control of the sender shall be deemed as the time of transmission. If the recipient specifies a particular system for the receipt of electronic data messages, the time at which an electronic data message enters into the specified system shall be deemed as the time of receipt of the message. If no particular system is specified, the initial time at which an electronic data message enters into any system of the recipient shall be deemed as the time of receipt of the message. If the parties have a separate agreement on the time of transmission and receipt of electronic data messages, such agreement shall prevail. Article 12 The principal place of operation of the sender shall be the place from which electronic data messages are transmitted. The principal place of operation of the recipient shall be the place at which electronic data messages are received. If there is no principal place of operation, the place of habitual residence shall be the place of transmission or receipt. If the parties have a separate agreement on the place of transmission or receipt of electronic data messages, such agreement shall prevail. PART THREE ELECTRONIC SIGNATURES AND THE CERTIFICATION THEREOF Article 13 Electronic signatures that fulfil all the following criteria shall be deemed as reliable electronic signatures: 1. the data for producing electronic signature belongs exclusively to the electronic signer when it is used in the electronic signature; 2. the data for producing electronic signature is under the sole control of the electronic signer at the time of signing; 3. it is possible to discover any changes to the electronic signature after signing; and 4. it is possible to discover any changes to the contents and format of the electronic data message after signing. The parties may also choose to use electronic signatures that fulfil the reliable criteria stipulated in their agreement. Article 14 A reliable electronic signature shall have the same legal validity as a hand-written signature or a seal. Article 15 An electronic signer shall duly keep safe the data for producing electronic signature. If the electronic signer is aware that the data is no longer encrypted, or may no longer be encrypted, he shall inform all relevant parties in a timely manner and terminate the use of the data for producing the signature. Article 16 If an electronic signature requires certification by a third party, the certification service shall be provided by an electronic certification service provider established in accordance with the law. Article 17 To provide electronic certification services, the following criteria shall be fulfilled: 1. having professional technical and management personnel appropriate for the provision of electronic certification services; 2. having the capital and business premises appropriate for the provision of electronic certification services; 3. having the technology and equipment that comply with the safety standards of the State; 4. having documentary proof from the State encryption administration authorities approving the use of encryption; and 5. other criteria stipulated in laws and administrative regulations. Article 18 To engage in electronic certification services, an application shall be filed to the State Council department in charge of information industry, and the relevant materials that fulfil the criteria stipulated in Article 17 hereof shall be submitted. After the State Council department in charge of information industry has received the application, it shall carry out examination thereof according to law, and shall, after consulting the opinions of relevant departments such as the State Council department in charge of commerce, render a decision on whether or not to grant permission within 45 days of the date of receipt of the application. If permission is granted, an electronic certification permit shall be issued. If permission is not granted, it shall notify the applicant of the reasons therefor in writing. Applicants shall, in accordance with the law, handle enterprise registration procedures with the administration for industry and commerce on the strength of the electronic certification permit. Electronic certification service providers that have obtained certification qualification shall, in accordance with the regulations of the State Council department in charge of information industry, publish information such as their names and permit number on the internet. Article 19 Electronic certification service providers shall formulate and publish the business rules for electronic certification that comply with the relevant State regulations, and shall report the same to the State Council department in charge of information industry for record filing. Business rules for electronic certification shall include items such as the scope of liability, business operational standards, and measures for safeguarding information security. Article 20 Where an electronic signer applies to an electronic certification service provider for an electronic signature certification certificate, he shall provide true, complete and accurate information. After an electronic certification service provider receives an application for electronic signature certification certificate, it shall inspect the identity of the applicant and examine the relevant materials. Article 21 Electronic signature certification certificates issued by electronic certification service providers shall be accurate and error-free, and shall contain the following particulars: 1. the name of the electronic certification service provider; 2. the name of the certificate holder; 3. the serial number of the certificate; 4. the term of validity of the certificate; 5. electronic signature verification data of the certificate holder; 6. electronic signature of the electronic certification service provider; and 7. other information stipulated by the State Council department in charge of information industry. Article 22 Electronic certification service providers shall ensure that the contents of the electronic signature certification certificates are complete and accurate during the term of validity, and shall ensure that the parties reliant on the electronic signature are able to prove or understand the contents of the electronic signature certification certificates and other relevant matters. Article 23 Where an electronic certification service provider intends to suspend or terminate electronic certification services, it shall notify all relevant parties of the handover of business and other related issues 90 days prior to the suspension or termination of services. Where an electronic certification service provider intends to suspend or terminate electronic certification services, it shall notify the State Council department in charge of information industry 60 days prior to the suspension or termination of services, and shall consult with other electronic certification service providers on the handover of business and make appropriate arrangements. If an electronic certification service provider is unable to reach an agreement on the handover of business with another electronic certification service provider, it shall apply to the State Council department in charge of information industry for arranging another electronic certification service provider to take over its business. If the electronic certification permit of an electronic certification service provider is revoked in accordance with the law, the handover of its business shall be handled in accordance with the provisions of the State Council department in charge of information industry. Article 24 Electronic certification service providers shall duly keep safe information related to certification. The period of safekeeping of information shall be at least five years after the expiry of the electronic signature certification certificate. Article 25 The State Council department in charge of information industry shall, in accordance with this Law, formulate specific procedures for the administration of the electronic certification service industry and implement regulation of electronic certification service providers in accordance with the law. Article 26 After verification and approval by the State Council department in charge of information industry in accordance with the relevant agreements or on the basis of the principle of reciprocity, electronic signature certification certificates issued outside China by electronic certification service providers outside China shall have the same legal validity as those issued by electronic certification service providers established in accordance with this Law. PART FOUR LEGAL LIABILITY Article 27 Where an electronic signer that is aware that the data for producing electronic signature is no longer encrypted or may no longer be encrypted fails to notify all relevant parties in a timely manner or terminate the use of the data for producing electronic signature, fails to provide true, complete and accurate information to the electronic certification service provider, or commits other faults, thereby causing losses to the parties reliant on the electronic signature and the electronic certification service provider, he shall bear the liability for compensation. Article 28 If an electronic signer or a party reliant on an electronic signature incurs losses as a result of using electronic certification services offered by an electronic certification service provider in the course of civil activities, and the electronic certification service provider is unable to prove that it is not at fault, such provider shall bear the liability for compensation. Article 29 In case of provision of electronic certification services without permit, the State Council department in charge of information industry shall order cessation of the illegal act. If there is illegal income, the illegal income shall be confiscated. If the illegal income is Rmb 300,000 or above, a fine of not less than one time and not more than three times the illegal income shall be imposed. If there is no illegal income or if the illegal income is less than Rmb 300,000, a fine of not less than Rmb 100,000 and not more than Rmb 300,000 shall be imposed. Article 30 If an electronic certification service provider that suspends or terminates electronic certification services fails to report to the State Council department in charge of information industry 60 days prior to the suspension or termination of services, the State Council department in charge of information industry shall impose a fine of not less than Rmb 10,000 and not more than Rmb 50,000 on the personnel directly in charge. Article 31 If an electronic certification service providers fails to abide by the certification business rules, fails to duly keep safe information related to certification, or commits other illegal acts, the State Council department in charge of information industry shall order rectification within a stipulated time period. If it fails to carry out rectification within the stipulated time period, its electronic certification permit shall be revoked, and its personnel directly in charge and other directly responsible personnel may not engage in electronic certification services for 10 years. Revocation of electronic certification permits shall be publicly announced and reported to the administration for industry and commerce. Article 32 If the forgery, use without authorization or theft of another‘s electronic signature constitutes a criminal offence, criminal liability shall be pursued in accordance with the law. If the loss of another party is caused thereby, the perpetrator shall bear civil liability in accordance with the law. Article 33 If the personnel of departments that are responsible for the regulation of the electronic certification service industry in accordance with this Law fail to perform the duties of administrative licensing or regulation in accordance with the law, they shall be subject to administrative penalty. Where the act constitutes a criminal offence, criminal liability shall be pursued in accordance with the law. PART FIVE SUPPLEMENTARY PROVISIONS Article 34 For the purposes of this Law, the following terms have the meanings set forth below: 1. the term “electronic signer” shall mean a signer that holds the data for producing electronic signature and applies the electronic signature in his own capacity or in the name of the person he represents; 2. the term “parties reliant on the electronic signature” shall mean the parties conducting relevant activities in reliance on an electronic signature certification certificate or an electronic signature; 3. the term “electronic signature certification certificate” shall mean an electronic data message or other electronic records that are able to prove a connection between the electronic signer and the data for producing electronic signature; 4. the term “data for producing electronic signature” shall mean such data as symbols and codes used in the process of signing electronically that reliably connects the electronic signature and the electronic signer; and 5. the term “electronic signature verification data” shall mean the data used for the verification of electronic signatures, such as codes, commands, arithmetic methods or public keys. Article 35 The State Council or the authorities designated by the State Council may formulate specific procedures for the use of electronic signatures and electronic data messages in governmental and other social activities according to this Law. Article 36 This Law shall be implemented as of 1 April 2005. |