Policies and regulations

߷

 Electronic Signature Law of the People's Republic of China

contents

chapter general provisions

chapter data message

chapter electronic signature and certification

chapter legal responsibility

chapter supplementary provisions

chapter

general provisions

article 1 this law is enacted in order to standardize acts of electronic signature validate the legal effect of electronic signature and safeguard the lawful rights and interests of the parties concerned.

article 2 for the purposes of this law electronic signature means the data in electronic form contained in and attached to a data message to be used for identifying the identity of the signatory and for showing that the signatory recognizes what is in the message.

the data message as mentioned in this law means the information generated dispatched received or stored by electronic optical magnetic or similar means.

article 3 the parties concerned may agree to use or not to use electronic signature or data message in such documentations as contracts and other documents receipts and vouchers in civil activities.

the legal effect of a document with regard to which the parties concerned have agreed to use electronic signature or data message shall not be denied only because the form of electronic signature or data message is adopted.

the provisions of the preceding paragraphs shall not be applicable to the following documents

1documents relating to such personal relations as marriage adoption and succession

2documents relating to the transfer of the rights and interests residing in such real estate as land and houses

3documents relating to termination of such public utility services as water supply heat supply gas supply and power supply and

4other circumstances where electronic documentation is not applicable as provided for by laws and administrative regulations.

chapter

data message

article 4 a data message which can give visible expression to the contents carried and can readily be picked up for reference shall be deemed to be the written form which conforms to the requirements of laws and regulations.

article 5 data messages that meet the following conditions shall be deemed to satisfy the requirements for the form of the original copies as provided for by laws and regulations

1messages that can give effective expression to the contents carried and can readily be picked up for reference and

2messages that can unfailingly guarantee that the contents remain complete and unaltered form the time when they are finally generated and the completeness of the data messages shall not be affected when endorsements are added to the data messages or when their form are altered in the process of data interchange storage and display.

article 6 data messages that meet the following conditions shall be deemed to satisfy the requirements for document preservation as provided for by laws and regulations

1messages that can give effective expression to the contents carried and can readily be picked up fro reference

2the format of the data messages is the same as the format when they are generated dispatched or received or although the format is not the same the contents originally generated dispatched or received can accurately be expressed. and

3messages the addressers and receivers of which and the time of their dispatch and receipt can be identified.

article 7 no data messages to be used as evidence shall be rejected simply because they are generated dispatched received or stored by electronic optical magnetic or similar means.

article 8 the following factors shall be taken into consideration when the truthfulness of data messages to be used as evidence is examined

1the reliability of the methods used for generating storing or transmitting the data messages

2the reliability of the methods used for keeping the completeness of the contents

3the reliability of the methods for distinguishing the addressers and

4other relevant factors.

article 9 any of the following data messages shall be deemed to be dispatched by the addresser

1the data message is dispatched with authorization of the addresser

2the data message is dispatched automatically by the information system of the addresser and

3verification of the data message made by the receiver in accordance with the method recognized by the addresser proves that the message is identical with the one dispatched.

if the parties concerned have agreed otherwise with regard to the matters specified in the preceding paragraph such agreement shall be complied with.

article 10 if confirmation of receipt of a data message is required pursuant to the provisions of laws and administrative regulations or the agreement reached between the parties concerned such receipt shall be confirmed. when the addresser receives the confirmation of the receipt sent by the receiver the data message shall be deemed to have been received.

article 11 the time when a data message enters into a certain information system beyond the control of the addresser shall be deemed to be the time when the message is dispatched.

if a receiver designates a special system for receipt of a data message the time when the message enters into the system as designated shall be deemed to be time when the said message is received and if no special system is designated the first time when the data message enters into any systems of the receiver's shall be deemed to be the time when the message is received.

if the parties concerned have agreed otherwise on the time of dispatch or the time receipt of data messages such agreement shall be complied with.

article 12 the principal business place of an addresser shall be the place of dispatch of data messages and the principal business place of a receiver shall be the place of receipt of data messages. if there are no principal business places their habitual residences shall be the places of dispatch or receipt.

if the parties concerned have agreed otherwise on the place of dispatch or the place of receipt of data messages such agreement shall be complied with.

chapter

electronic signature and certification

article 13 if an electronic signature concurrently meets the following condition if shall be deemed as a reliable electronic signature

1when the creation data of the electronic signature are used for electronic signature it exclusively belongs to an electronic signatory

2when the signature is entered its creation data are controlled only by the electronic signatory

3after the signature is entered any alteration made to the electronic signature can be detected and

4after the signature is entered any alteration made to the contents and form of a data message can be detected.

the parties concerned may also choose to use the electronic signatures which meet the conditions of reliability they have agreed to.

article 14 a reliable electronic signature shall have equal legal force with handwritten signature or the seal.

article 15 an electronic signatory shall have the creation data of his electronic signature well preserved. when an electronic signatory learns that the creation data of his electronic signature have got lost or may have got lost he shall make it known to all the parties concerned in time and terminate the use of such data.

article 16 if an electronic signature needs to be verified by a third party the electronic verification service established according to law shall provide such service.

article 17 an electronic verification service shall meet the following conditions

1having the professional technicians and managerial personnel suited for provision of electronic verification services

2having the funds and business places suited for provision of electronic verification services

3having the technology and equipment complying with the safety standards of the state

4having the certificates for the use of the codes approved by the code control institution of the state and

5other conditions prescribed by laws and administrative regulations.

article 18 a person that intends to engage in electronic verification service shall make an application to the department in charge of the information industry under the state council and submits the materials proving fulfillment of the conditions as specified by article 17 of this law. upon receiving the application the department in charge of the information industry under the state council shall examine it according to law and consult with the department in charge of commerce and other relevant departments under the state council before making a decision on whether to grant of deny approval within 45 days from the date it receives the application. if it grants approval it shall inform the applicant in writing of the fact and of reasons why.

the applicant shall upon the strength of the license of electronic verification go through the formalities for enterprise registration at the administrative department for industry and commerce according to law.

the electronic verification service that has been qualified for verification shall in accordance with the regulations of the department in charge of the information industry under the state council make public in the internet such information as its name and the number of its license.

article 19 the electronic verification service shall formulate and publish its rules for electronic verification which are in conformity with the relevant regulations of the state and submit them to the department in charge of the information industry under the state council for the record.

the rules for electronic verification shall include the matter such as the scope of liability the norms for operation and the protective measures for information safety.

article 20 where an electronic signatory applier to an electronic verification service for the certificate f his electronic signature he shall provide truthful complete and accurate information.

upon receiving the application for certificate of the electronic signature the electronic verification service shall check the identity of the applicant and examine the relevant materials.

article 21 the certificate of an electronic signature issued by the electronic verification service shall be accurate and devoid of error and the following items shall be accurate and devoid of error and the following items shall clearly be stated therein

1the name of the electronic verification service

2the name of the certificate holder

3the serial number of the certificate

4the term of validity for the certificate

5the validation data of the electronic signature of the certificate holder

6the electronic signature of the electronic verification service and

7other items prescribed by the department in charge of the information industry under the state council.

article 22 an electronic verification service shall guarantee that the items is the certificate of and electronic signature are complete and accurate within the term of its validity and guarantee the party relying on the electronic signature the ability t prove or to know the items stated in the certificate of the electronic signature and other relevant matters.

article 23 if an electronic verification service intends to suspend or terminate the service it shall 90 days prior to the suspension or termination of service notify the parties concerned of how to get continued services and of other relevant matters.

if an electronic verification service intends to suspend or terminate the service it shall report to the department in charge of the information industry under the state council 60 days prior to the suspension or termination of service and shall make proper arrangements by negotiating with other electronic verification services on how carry on its business.

if an electronic verification service fails to reach an agreement with other electronic verification services on matters of how to carry on its business it shall apply to the department in charge of the information industry under the state council for arranging other electronic verification services to carry on its business.

if the license of electronic verification of an electronic verification service is revoked according to law its business shall be carried on in accordance with the regulations of the department in charge of the information industry under the state council.

article 24 an electronic verification service shall have the information relating to verification well preserved. the time limit for preservation of such information shall at least be five years after the certificate of the electronic signature ceases be valid.

article 25 the department in charge of the information industry under the state council shall in accordance with this law formulate the specific measures for administration of the electronic verification services and exercise supervision over the electronic verification services according to law.

article 26 upon examination and approval by the department in charge of the information industry under the state council on the basis of relevant agreements or the principle of reciprocity the certificates of electronic signatures issued by overseas electronic verification services outside of the territory of the people's republic of china shall have equal legal force with the one issued by the electronic verification services established in accordance with this law.

chapter

legal responsibility

article 27 an electronic signatory who having learnt that the creation data of his electronic signature have got lost or might have got lost fails to notify in time the parties concerned of fact and to terminate the use of the same who fails to provide the electronic verification service with truthful complete and accurate information or who makes other errors thus causing losses to the party relying on the electronic signature and to the electronic verification service shall bear the responsibility for compensation.

article 28 where an electronic signatory or the party relying on the electronic signature suffers losses due to engaging in civil activities on the basis of the electronic signature verified by an electronic verification service and if the electronic verification service fails to prove that it is free from fault the service shall bear the responsibility for compensation.

article 29 where a person provides electronic verification services without permission the department in charge of the information industry under the state council shall order him t desist from illegal act the unlawful gains if any shall be confiscated if such gains exceed rmb 300000 yuan a fine of not less than one time but not more than three times the unlawful gains shall be imposed and if there are no unlawful gains or the amount f such gains is less than 300 000yuan a fine of not less than 100 000 yuan but not more than 300 000 yuan shall be imposed.

article 30 where an electronic verification service that intends to suspend or terminate electronic verification services fails to report to the department in charge of the information industry under the state council 60 days prior to the suspension or termination of service the said department shall impose a fine of not than 10000 yuan but not more than 50000 yuan on the person who is directly in charge of the service.

article 31 where an electronic verification service fails to observe the rules for verification fails to have the information relating to verification well preserved or commits other illegal acts the department in charge of the information industry under the state council shall order it to rectify within a time limit if it fails to comply at the expiration of the time limit its electronic verification license shall be revoked and the persons who are directly in charge of the service and the other persons who are directly responsible shall be prohibited from engaging in electronic verification service within the period of 10 years. if an electronic verification license is revoked the fact shall be made known to the public and the administrative department for industry and commerce shall be informed of the same.

article 32 where a person counterfeits copies or usurps the electronic signature of another person's which constitutes a crime his criminal responsibility shall be investigated according to law and if losses are caused to another person he shall bear civil responsibility according to law.

article 33 where a staff member of the department in charge of supervision and administration over the electronic verification industry in accordance with license and exercising supervision and administration according to law he shall be given and administrative sanction according to law and if a crime is constituted he shall be investigated for the criminal responsibility according to law.

chapter

supplementary provisions

article 34 the meanings of the following terms used in this law are

1the electronic signatory means a person who holds the creation data of an electronic signature and produces the electronic signature either in person or on behalf of the person he represents

2the relying party on the electronic signature means the person who engages in relevant activities on the basis of his trust in the certificate of the electronic signature or the electronic signature

3the certificate of the electronic signature means a data message or other electronic records that can prove the connection between the electronic signatory and the creation data of the electronic signature

4 the creation data of an electronic signature means such data as the characters and codes that are used in the course of the electronic signature and that reliably connects the electronic signature with the electronic signatory and

5the validation data of and electronic signature means the data used for verifying the electronic signature including the code password algorithm and pubic key.

article 35 the state council or the departments specified by the state council may in accordance with this law formulate specific measures for the use of the electronic signatures and data messages in administrative and other public activities.

article 36 this law shall go into effect as of april 1 2005.