Electronic Signature Law of the People's Republic of China
(Adopted at the 11th Meeting of the Standing Committee of the Tenth National People's Congress on August 28, 2004 and revised according to the Decision on Revising Six Laws including the Electric Power Law of the People's Republic of China which was adopted at the 14th Meeting of the Standing Committee of the Eighth National People's Congress on April 24th, 2015)
Contents
Chapter 1 General Provisions
Chapter 2 Data Message
Chapter 3 Electric Signature and Certification
Chapter 4 Legal Responsibility
Chapter 5 Supplementary Provisions
Chapter 1 General Provisions
Article 1 This Law is enacted in order to standardize acts of electronic signature, validate the legal effect of electronic signature, and safeguard the lawful rights and interests of the parties concerned.
Article 2 For the purposes of this Law, electronic signature means the data in electronic form contained in and attached to a data message to be used for identifying the identity of the signatory and for showing that the signatory recognizes what is in the message.
The data message as mentioned in this Law means the information generated, dispatched, received or stored by electronic, optical, magnetic or similar means.
Article 3 The parties concerned may agree to use or not to use electronic signature or data message in such documentations as contracts and other documents, receipts and vouchers in civil activities.
The legal effect of a document, with regard to which the parties concerned have agreed to use electronic signature or data message, shall not be denied only because the form of electronic signature or data message is adopted.
The provisions of the preceding paragraphs shall not be applicable to the following documents:
(1) Documents relating to such personal relations as marriage, adoption and succession;
(2) Documents relating to the transfer of the rights and interests residing in such real estate as land and houses;
(3) Documents relating to termination of such public utility services as water supply, heat supply, gas supply and power supply; and
(4) Other circumstances where electronic documentation is not applicable, as provided for by laws and administrative regulations.
Chapter 2 Data Message
Article 4 A data message, which can give visible expression to the contents carried and can readily be picked up for reference, shall be deemed to be the written form which conforms to the requirements of laws and regulations.
Article 5 Data messages that meet the following conditions shall be deemed to satisfy the requirements for the form of the original copies as provided for by laws and regulations:
(1) Messages that can give effective expression to the contents carried and can readily be picked up for reference; and
(2) Messages that can unfailingly guarantee that the contents remain complete and unaltered form the time when they are finally generated. The completeness of the data messages shall not be affected when endorsements are added to the data messages or when their forms are altered in the process of data interchange, storage and display.
Article 6 Data messages that meet the following conditions shall be deemed to satisfy the requirements for document preservation as provided for by laws and regulations:
(1) Messages that can give effective expression to the contents carried and can readily be picked up for reference; and
(2) The format of the data messages is the same as the format when they are generated, dispatched or received, or although the format is not the same, the contents originally generated, dispatched or received can accurately be expressed; and
(3) The addressers and receivers of data messages and the time of their dispatch and receipt can be identified.
Article 7 No data messages to be used as evidence shall be rejected simply because they are generated, dispatched, received or stored by electronic, optical, magnetic or similar means.
Article 8 The following factors shall be taken into consideration when the truthfulness of data messages to be used as evidence is examined:
(1) The reliability of the methods used for generating, storing or transmitting the data messages;
(2) The reliability of the methods used for keeping the completeness of the contents;
(3) The reliability of the methods used for distinguishing the addressers; and
(4) Other relevant factors.
Article 9 Any of the following data messages shall be deemed to be dispatched by the addresser;
(1) The data message is dispatched with authorization of the addresser;
(2) The data message is dispatched automatically by the information system of the addresser; and
(3) Verification of the data message made by the receiver in accordance with the method recognized by the addresser proves that the message is identical with the one dispatched.
If the parties concerned have agreed otherwise with regard to the matters specified in the preceding paragraph, such agreement shall prevail.
Article 10 If confirmation of receipt of a data message is required pursuant to the provisions of laws and administrative regulations or the agreement reached between the parties concerned, such receipt shall be confirmed. When the addresser receives the confirmation of the receipt sent by the receiver, the data message shall be deemed to have been received.
Article 11 The time when a data message enters into a certain information system beyond the control of the addresser shall be deemed to be the time when the message is dispatched.
If a receiver designates a special system for receipt of a data message, the time when the message enters into the system as designated shall be deemed to be time when the said message is received; and if no special system is designated, the first time when the data message enters into any systems of the receiver shall be deemed to be the time when the message is received.
If the parties concerned have agreed otherwise on the time of dispatch or the time receipt of data messages, such agreement shall prevail.
Article 12 The principal business place of an addresser shall be the place of dispatch of data messages, and the principal business place of a receiver shall be the place of receipt of data messages. If there are no principal business places, their habitual residences shall be the places of dispatch or receipt.
If the parties concerned have agreed otherwise on the place of dispatch or the place of receipt of data messages, such agreement shall prevail.
Chapter 3 Electric Signature and Certification
Article 13 If an electronic signature concurrently meets the following conditions, it shall be deemed as a reliable electronic signature:
(1) When the creation data of the electronic signature are used for electronic signature, it exclusively belongs to an electronic signatory;
(2) When the signature is entered, its creation data are controlled only by the electronic signatory;
(3) After the signature is entered, any alteration made to the electronic signature can be detected; and
(4) After the signature is entered, any alteration made to the contents and form of a data message can be detected.
The parties concerned may also choose to use the electronic signatures which meet the conditions of reliability they have agreed to.
Article 14 A reliable electronic signature shall have equal legal force with handwritten signature or the seal.
Article 15 An electronic signatory shall have the creation data of his electronic signature well preserved. When an electronic signatory learns that the creation data of his electronic signature have got lost or may have got lost, he shall make it known to all the parties concerned in time, and terminate the use of such data.
Article 16 If an electronic signature needs to be verified by a third party, the electronic verification service provider established according to law shall provide such service.
Article 17 Providing electronic verification service shall meet the following conditions:
(1) Having the corporate qualification;
(2) Having the professional technicians and managerial personnel suited for provision of electronic verification services;
(3) Having the funds and business places suited for provision of electronic verification services;
(4) Having the technology and equipment complying with the safety standards of the State;
(5) Having the certificates for the use of the codes approved by the State Password Administration Institution; and
(6) Other conditions stipulated by laws and administrative regulations.
Article 18 A person that intends to engage in electronic verification service shall make an application to the competent department of information industry of the State Council and submits the materials proving fulfillment of the conditions as specified by Article 17 of this Law. Upon receiving the application, the competent department of information industry of the State Council shall examine it according to law, and shall consult with the competent commercial department of the State Council and other relevant departments before making a decision on whether to grant or deny approval within 45 days from the date it receives the application. If it grants approval, it shall issue the license of electronic verification; if it refuses to do so, it shall inform the applicant of the fact in writing and explain reasons.
The electronic verification service provider that has been qualified for verification shall, in accordance with the regulations stipulated by the competent department of information industry of the State Council, publish such information as its name and the number of its license on the Internet.
Article 19 An electronic verification service provider shall formulate and publish its rules for electronic verification, which are in line with the relevant regulations of the State, and submit them to the competent department of information industry of the State Council for the record.
The rules for electronic verification shall include the matter such as the scope of liability, the norms for operation and the protective measures for information safety.
Article 20 Where an electronic signatory applies to the electronic verification service provider for the certificate of his electronic signature, he shall provide truthful, complete and accurate information.
Upon receiving the application for certificate of the electronic signature, the electronic verification service provider shall check the identity of the applicant and examine the relevant materials.
Article 21 The certificate of an electronic signature issued by the electronic verification service provider shall be accurate, and shall include the following contents:
(1) Name of the electronic verification service provider;
(2) Name of the certificate holder;
(3) Serial number of the certificate;
(4) Validity of the certificate;
(5) Validation data of the electronic signature of the certificate holder;
(6) Electronic signature of the electronic verification service; and
(7) Other items stipulated by the competent department of information industry of the State Council.
Article 22 An electronic verification service provider shall guarantee that the items in the certificate of electronic signature are complete and accurate within the validity period, and guarantee that the party relying on the electronic signature can prove or to know the items stated in the certificate of the electronic signature and other relevant matters.
Article 23 If an electronic verification service provider intends to suspend or terminate the service, it shall, 90 days prior to the suspension or termination of service, notify the parties concerned of how to get continued services and of other relevant matters.
If an electronic verification service provider intends to suspend or terminate the service, it shall report to the competent department of information industry of the State Council 60 days prior to the suspension or termination of service, and shall make proper arrangements by negotiating with other electronic verification service providers on how carry on its business.
If an electronic verification service provider fails to reach an agreement with other electronic verification service providers on matters of how to carry on its business, it shall apply to the competent department of information industry of the State Council for arranging other electronic verification service providers to carry on its business.
If the license of electronic verification of the electronic verification service provider is revoked according to law, its business shall be carried on in accordance with the regulations stipulated by the competent department of information industry of the State Council.
Article 24 An electronic verification service provider shall have the information relating to verification well preserved. The time limit for preservation of such information shall be at least five years after the certificate of the electronic signature ceases to be valid.
Article 25 The competent department of information industry of the State Council shall, in accordance with this Law, formulate the specific measures for administration of the electronic verification services and exercise supervision over the electronic verification service providers according to law.
Article 26 Upon examination and approval by the competent department of information industry of the State Council on the basis of relevant agreements or the principle of reciprocity, the certificates of electronic signatures issued by overseas electronic verification service providers outside of the territory of the People's Republic of China shall have equal legal force with the one issued by the electronic verification service providers established in accordance with this Law.
Chapter 4 Legal Responsibility
Article 27 An electronic signatory who, having learned that the creation data of his electronic signature have got lost or might have got lost, fails to notify in time the parties concerned of fact and to terminate the use of the same, who fails to provide the electronic verification service provider with truthful, complete and accurate information, or who makes other errors, thus causing losses to the party relying on the electronic signature and to the electronic verification service provider, shall bear the responsibility for compensation.
Article 28 Where an electronic signatory or the party relying on the electronic signature suffers losses due to engaging in civil activities on the basis of the electronic signature verified by the electronic verification service provider, and if the electronic verification service provider fails to prove that it is free from fault, the provider shall bear the responsibility for compensation.
Article 29 Where a person provides electronic verification services without permission, the competent department of information industry of the State Council shall order him to desist from illegal act; the unlawful gains, if any, shall be confiscated; if such gains exceed RMB 300,000, a fine of not less than one time but not more than three times the unlawful gains shall be imposed; and if there are no unlawful gains or the amount of such gains is less than RMB 300,000, a fine of not less than RMB 100,000 but not more than RMB 300,000 shall be imposed.
Article 30 Where an electronic verification service provider that intends to suspend or terminate electronic verification services fails to report to the competent department of information industry of the State Council 60 days prior to the suspension or termination of service, the said department shall impose a fine of not than RMB 10,000 but not more than RMB 50,000 on the person who is directly in charge of the service.
Article 31 Where an electronic verification service provider fails to observe the rules for verification, fails to have the information relating to verification well preserved, or commits other illegal acts, the competent department of information industry of the State Council shall order it to rectify within a time limit; if it fails to comply at the expiration of the time limit, its electronic verification license shall be revoked, and the persons who are directly in charge of the service and the other persons who are directly responsible shall be prohibited from engaging in electronic verification service within the period of 10 years. If an electronic verification license is revoked, the fact shall be made known to the public and the administrative department for industry and commerce shall be informed of the same.
Article 32 Where a person counterfeits, copies or usurps the electronic signature of another person's which constitutes a crime, he shall be investigated for the criminal responsibility according to law; and if losses are caused to another person, he shall bear civil responsibility according to law.
Article 33 Where a staff member of the department in charge of supervision and administration over the electronic verification industry in accordance with license and exercising supervision and administration according to law, he shall be given and administrative sanction according to law; and if a crime is constituted, he shall be investigated for the criminal responsibility according to law.
Chapter 5 Supplementary Provisions
Article 34 The meanings of the following terms used in this Law are:
(1) Electronic signatory means a person who holds the creation data of an electronic signature and produces the electronic signature either in person or on behalf of the person he represents;
(2) Relying party on the electronic signature means the person who engages in relevant activities on the basis of his trust in the certificate of the electronic signature or the electronic signature;
(3) Certificate of an electronic signature means a data message or other electronic records that can prove the connection between the electronic signatory and the creation data of the electronic signature;
(4) Creation data of an electronic signature means such data as the characters and codes that are used in the course of the electronic signature and that reliably connects the electronic signature with the electronic signatory; and
(5) Validation data of an electronic signature means the data used for verifying the electronic signature, including the code, password, algorithm and pubic key.
Article 35 The State Council or the departments specified by the State Council may, in accordance with this Law, formulate specific measures for the use of the electronic signatures and data messages in administrative and other public activities.
Article 36 This Law shall come into force on April 1, 2005.
Copyright material trading center far east co., LTD.
All Rights Researved. Sue ICP for beian.miit.gov.cn # 16024348-1 without the written authorization, prohibiting reproduced.
Address: China yixing city of jiangsu province in the far east avenue 29 on the third floorZip code: 214257