|
Decree No. 18, President of the People¡¯s Republic of China
The ¡°Law of the People¡¯s Republic of China on Electronic Signatures,¡± passed by the 11th conference of the Standing Committee of the 10th State Council of the People¡¯s Republic of China on August 28, 2004, is hereby promulgated and will take effect as of April 1, 2005.
President Hu Jintao
August 28, 2004
Law of the People¡¯s Republic of China on Electronic Signatures
Chapter 1. General Provisions
Article 1. This law is made in order to regulate the behavior of electronic signatures, to validate the legal effect of electronic signatures, and to protect the legal rights of every involved party.
Article 2. Electronic signatures in this law refer to data that are included or attached in electronic data for identification of the signer and for proof that the signer agrees with the included contents.
Electronic data in this law refer to information that is created, sent, received, or preserved via electronic, optical, or magnetic tools or similar media.
Article 3. For contracts or other files such as documents and certificates of civil activities, the parties may agree to use or not to use electronic signatures and electronic data.
If the parties agree to use contracts with electronic signatures and electronic data, the legal effect of the contracts may not be denied solely because of the electronic form of the signatures or of the data.
The above paragraph does not apply to the following legal documents:
(1) Documents concerning personal relationships such as matrimony, adoption, or inheritance;
(2) Documents concerning trade of immovable estates such as land or domiciles;
(3) Documents concerning termination of public services such as the supply of water, heat, gas, or electricity;
(4) Documents concerning other inapplicable situations regulated by law or administrative regulations.
Chapter 2. Electronic Data
Article 4. Electronic data that can show the contents they specify tangibly, and may be accessible at any time, shall be considered as complying with the written form as defined by the laws and regulations.
Article 5. Electronic data that satisfy the following requirements are considered in accordance with the requirements for the official form of the original copies by laws and regulations:
(1) Data that can show the contents they specify tangibly and may be accessible at any time;
(2) Data that can guarantee a complete, unaltered status of the contents once they come into being. The completeness of electronic data will not be affected by the adding of endorsements or altered forms that take place in the process of the interchange, preservation, and presentation of the data.
Article 6. Electronic data that satisfy the following requirements are considered in accordance with the requirements for document preservation by laws and regulations:
(1) Data that can show the contents they specify tangibly and may be accessible at any time;
(2) Data that are in the same format when they are created, sent, or received, or that can accurately convey the contents being created, sent, or received albeit in different formats;
(3) Data that have identifying information about the senders, receivers, and time that the data are sent and received.
Article 7. Electronic data to be used as evidence may not be denied solely because they are created, sent, received, or preserved via electronic, optical, or magnetic tools or similar media.
Article 8. The following factors shall be taken into consideration for examining the authenticity of electronic data as evidence:
(1) Reliability of the ways in which the electronic data are created, preserved, or circulated;
(2) Reliability of the ways in which the completeness of the electronic data is maintained;
(3) Reliability of the ways that the senders are identified;
(4) Other relevant factors.
Article 9. The electronic data are considered being transmitted by the sender when any of the following conditions applies:
(1) The transfer of the electronic data is authorized by the sender;
(2) The electronic data are automatically transferred by the sender¡¯s information system;
(3) The receiver verifies the electronic data according to the method approved by the addresser.
If the parties have their own agreement concerning the provision in (3), their agreement will be followed.
Article 10. Confirmation of the receipt of electronic data received shall be made, if required by the laws and regulations or by the parties¡¯ own contract. When the sender acquires the receiver¡¯s confirmation, the electronic data will be considered received.
Article 11. The time of the sending of the electronic data is considered to be the moment when the electronic data are transferred into a certain information system that is beyond the control of the sender.
If the receiver designates a certain system for receiving the electronic data, the moment the data enter this designated system is considered the receiving time.
If the parties have their own agreement on the sending or receiving time of the electronic data, their agreement is in force.
Article 12. The sending location shall be the location of the main business operations of the sender. The receiving location shall be the location of the main business operations of the receiver. If there is no main business operations location, the domicile will be considered the sending or receiving location.
If the parties have their own agreement on the sending and receiving locations of the electronic data, their own agreement is in force.
Chapter 3. Electronic Signatures and Verification
Article 13. Electronic signatures are considered reliable, when all of the following conditions are satisfied:
(1) Data that create electronic signatures are owned only by the signer when they are being used for electronic signatures;
(2) Data that create electronic signatures may only be controlled by the electronic signer at the time he is creating the signatures;
(3) Any alteration made to the electronic signatures after the signing is discernable;
(4) Any alteration made to the contents and format of the electronic data is discernable.
The parties may also choose to use electronic signatures that satisfy their own reliability requirements.
Article 14. The legal effect of reliable electronic signatures is the same as that of signatures made by hand or seal.
Article 15. The signer of electronic signatures shall keep custody of the data that create the electronic signatures. If the electronic signer learns that the data that created the electronic signatures are already deciphered or might be deciphered, he shall inform every involved party in a timely manner and terminate the use of the data.
Article 16. When electronic signatures need verification from a third party, such verification services shall be provided by lawful electronic verification service providers.
Article 17. The providers shall satisfy the following conditions in order to be able to provide electronic verification services:
(1) Having technical and administrative staffs that are suitable for providing electronic verification services;
(2) Possessing capital and business sites that are appropriate for providing electronic verification services;
(3) Equipped with technologies and facilities in accordance with national safety standards;
(4) Having documentary proof from the State Encryption Management Committee authorizing the use of passwords;
(5) Other requirements in the laws and regulations.
Article 18. Those who intend to provide electronic verification services shall send an application to the agency in charge of information industries under the State Council and submit materials relevant to the requirements stated in Article 17 of this law. The agency in charge of information industries under the State Council will examine the application according to the law, ask for opinions from the agency in charge of businesses of the State Council, and make a decision to grant or deny permission within 45 days from the date of the application. The agency will send a Permit of Electronic Verification Services to those who are granted permission; a written note with the reason for the rejection will be sent to those denied permission.
The applicant shall begin the business registration procedures with the Administration for Industry and Commerce by presenting the Permit of Electronic Verification Services in accordance with the law.
Electronic verification service providers who are deemed qualified to provide verification services shall publish information such as their name and permit number on the Internet in accordance with the requirements of the agency in charge of information industries under the State Council.
Article 19. Electronic verification service providers shall draft and publish activity rules for electronic verification services in accordance with the binding national requirements, and file with the agency in charge of information industries under the State Council.
Issues on the range of responsibilities, rules of operations, measures on ensuring information safety, and so forth shall be included in the activity rules of the electronic verification services.
Article 20. When the electronic signer submits an application for the certificate of verified electronic signatures, the signer shall provide authentic, complete, and accurate information.
When the electronic verification service provider receives the application for the certificate of verified electronic signatures, the provider shall inspect the identity of the applicant and examine the relevant materials.
Article 21. The certificate of verified electronic signatures issued by the electronic verification service provider shall be accurate and free of errors, and shall explicitly include the following contents:
(1) The name of the electronic verification service provider;
(2) The name of the holder of the certificate;
(3) The serial number of the certificate;
(4) The period of validity of the certificate;
(5) The verifying data of the electronic signatures of the certificate holder;
(6) The electronic signatures of the electronic verification service provider;
(7) Other contents required by the agency in charge of information industries under the State Council.
Article 22. The electronic verification service provider shall guarantee the completeness and accurateness of the certificate of verified electronic signatures during the period of validity, and shall guarantee that the contents conveyed by the certificate and other issues are verifiable and understandable to the party dependent on the electronic signatures.
Article 23. If the electronic verification service provider plans to temporarily discontinue or terminate the services of electronic verification, the provider shall inform every involved party of the transition in operations and other issues 90 days prior to the temporary discontinuation or termination of the provided services.
If the electronic verification service provider plans to temporarily discontinue or terminate the service of electronic verification, the provider shall report to the agency in charge of information industries under the State Council 60 days prior to the temporary discontinuation or termination of the provided services, and shall negotiate with the other electronic verification service providers regarding the transition in operations and shall arrange a smooth transition.
If the electronic verification service provider does not reach an agreement with the other electronic verification service providers regarding the transition of operations, the provider shall request that the agency in charge of information industries under the State Council assign the operation activities to other electronic verification service providers.
If the Permit of Electronic Verification Services of an electronic verification service provider is revoked by law, arrangements for the transition of its operations will be made in accordance with the requirements of the agency in charge of information industries under the State Council.
Article 24. The electronic verification service provider shall keep custody of the information relevant to the verification for at least 5 years beyond the expiration date of the certificate of verified electronic signatures.
Article 25. The agency in charge of information industries under the State Council shall draft detailed administrative measures for the electronic verification services industry and shall enforce oversight and management of the electronic verification service providers.
Article 26. With approval by the agency in charge of information industries under the State Council in accordance with the relevant protocols or with the principle of reciprocity, certificates of verified electronic signatures issued abroad by foreign electronic verification service providers have the same legal effect as those issued by electronic verification service providers authorized by this law.
Chapter 4. Legal Responsibilities
Article 27. If damages incurred to the party dependent on electronic signatures or the electronic verification service provider are due to (1) the electronic signer¡¯s failure to inform every involved party that the data creating the electronic signatures have already or may have been deciphered and failure to terminate the use of the data in a timely manner when he recognizes the problem, (2) the electronic signer¡¯s failure to provide authentic, complete, and accurate information to the electronic verification service provider, or (3) other conditions for which the electronic signer is at fault, the electronic signer shall be liable for damages.
Article 28. If damages are incurred when the electronic signer or the party dependent on electronic signatures are undertaking civil activities based on the electronic signatures verification service provided by the electronic verification service provider, and the electronic verification service provider cannot prove that he is not at fault, the provider shall be liable for damages.
Article 29. The agency in charge of information industries under the State Council shall demand termination of all unlawful activities through the provision of unauthorized electronic verification services. The profits of those who engage in such unlawful activities shall be confiscated. For profits in excess of 300,000 yuan, a fine will be imposed ranging from 1 to 3 times of the unlawful profits. If the unlawful profits or earnings are less than 300,000 yuan, a fine of 100,000 to 300,000 yuan will be imposed.
Article 30. If the electronic verifications service provider fails to report to the agency in charge of information industries under the States Council 60 days prior to when the services are temporarily discontinued or terminated, the agency in charge of information industries under the State Council will impose a fine of between 10,000 and 50,000 yuan on the chief manager who has direct responsibility.
Article 31. If the electronic verification service provider does not comply with the operating rules for verification, does not preserve the information relevant to verification, or engages in other unlawful activities, the agency in charge of information industries under the State Council will demand a correction within a specified time. If corrections are not made within this specified time, the Permit of Electronic Verification Services will be revoked. The chief manager and other staff persons who are directly responsible may not provide electronic verification services for the next 10 years. An announcement will be made and reported to the Administration for Industry and Commerce if a Permit of Electronic Verification Services is revoked.
Article 32. Those who forge, imitate, or misappropriate electronic signatures of others will bear criminal liabilities if a crime is committed, and they will bear civil liabilities if damages are incurred by others.
Article 33. Staff persons working for the agency in charge of oversight and management of the electronic verification industry will receive administrative punishments if they do not perform their obligations of administrative authorization and oversight and management in accordance with the law, and will bear criminal responsibilities when a crime is committed.
Chapter 5. Supplementary Provisions
Article 34. The definitions of the following phrases in this law are:
(1) ¡°Electronic signer¡± refers to the person who holds the data that created the electronic signatures and who implements the electronic signatures for oneself or on behalf of others;
(2) ¡°Party dependent on electronic signatures¡± refers to the person who undertakes the relevant activities on the basis of trust and reliance in the certificate of verified electronic signatures or electronic signatures;
(3) The ¡°certificate of verified electronic signatures¡± refers to the electronic data or other electronic records that can verify the relationship between the electronic signer and the data that created the electronic signatures;
(4) The ¡°data that created electronic signatures¡± refers to the data of characters, codes, and so forth that reliably associate the electronic signatures with the electronic signer in the process of signing;
(5) ¡°Verifying data of electronic signatures¡± refer to data that are used for verifying the electronic signatures, which include codes, passwords, algorithms, or public keys, and so forth.
Article 35. The State Council, or the agencies designated by the State Council, may draft specific measures for the use of electronic signatures and electronic data in governmental affairs or other social activities in light of the present law.
Article 36 The law is implemented as of April 1, 2005.
Translated by Lu, Yang
Proof Reading by Nancy Hearst, librarian, Fairbank Center Library, Harvard University.
Note: The copyright of English version of this law or regulation belongs to "China Internet Project", please specify the source when quote.
| 
