Law of the People's Republic of China on Electronic Signatures

0 CommentsPrint E-mail ChinaITLaw.org, January 21, 2010
Adjust font size:

Chapter 3. Electronic Signatures and Verification

Article 13. Electronic signatures are considered reliable, when all of the following conditions are satisfied:

(1) Data that create electronic signatures are owned only by the signer when they are being used for electronic signatures;

(2) Data that create electronic signatures may only be controlled by the electronic signer at the time he is creating the signatures;

(3) Any alteration made to the electronic signatures after the signing is discernable;

(4) Any alteration made to the contents and format of the electronic data is discernable.

The parties may also choose to use electronic signatures that satisfy their own reliability requirements.

Article 14. The legal effect of reliable electronic signatures is the same as that of signatures made by hand or seal.

Article 15. The signer of electronic signatures shall keep custody of the data that create the electronic signatures. If the electronic signer learns that the data that created the electronic signatures are already deciphered or might be deciphered, he shall inform every involved party in a timely manner and terminate the use of the data.

Article 16. When electronic signatures need verification from a third party, such verification services shall be provided by lawful electronic verification service providers.

Article 17. The providers shall satisfy the following conditions in order to be able to provide electronic verification services:

(1) Having technical and administrative staffs that are suitable for providing electronic verification services;

(2) Possessing capital and business sites that are appropriate for providing electronic verification services;

(3) Equipped with technologies and facilities in accordance with national safety standards;

(4) Having documentary proof from the State Encryption Management Committee authorizing the use of passwords;

(5) Other requirements in the laws and regulations.

Article 18. Those who intend to provide electronic verification services shall send an application to the agency in charge of information industries under the State Council and submit materials relevant to the requirements stated in Article 17 of this law. The agency in charge of information industries under the State Council will examine the application according to the law, ask for opinions from the agency in charge of businesses of the State Council, and make a decision to grant or deny permission within 45 days from the date of the application. The agency will send a Permit of Electronic Verification Services to those who are granted permission; a written note with the reason for the rejection will be sent to those denied permission.

The applicant shall begin the business registration procedures with the Administration for Industry and Commerce by presenting the Permit of Electronic Verification Services in accordance with the law.

Electronic verification service providers who are deemed qualified to provide verification services shall publish information such as their name and permit number on the Internet in accordance with the requirements of the agency in charge of information industries under the State Council.

Article 19. Electronic verification service providers shall draft and publish activity rules for electronic verification services in accordance with the binding national requirements, and file with the agency in charge of information industries under the State Council.

Issues on the range of responsibilities, rules of operations, measures on ensuring information safety, and so forth shall be included in the activity rules of the electronic verification services.

Article 20. When the electronic signer submits an application for the certificate of verified electronic signatures, the signer shall provide authentic, complete, and accurate information.

When the electronic verification service provider receives the application for the certificate of verified electronic signatures, the provider shall inspect the identity of the applicant and examine the relevant materials.

Article 21. The certificate of verified electronic signatures issued by the electronic verification service provider shall be accurate and free of errors, and shall explicitly include the following contents:

(1) The name of the electronic verification service provider;

(2) The name of the holder of the certificate;

(3) The serial number of the certificate;

(4) The period of validity of the certificate;

(5) The verifying data of the electronic signatures of the certificate holder;

(6) The electronic signatures of the electronic verification service provider;

(7) Other contents required by the agency in charge of information industries under the State Council.

Article 22. The electronic verification service provider shall guarantee the completeness and accurateness of the certificate of verified electronic signatures during the period of validity, and shall guarantee that the contents conveyed by the certificate and other issues are verifiable and understandable to the party dependent on the electronic signatures.

Article 23. If the electronic verification service provider plans to temporarily discontinue or terminate the services of electronic verification, the provider shall inform every involved party of the transition in operations and other issues 90 days prior to the temporary discontinuation or termination of the provided services.

If the electronic verification service provider plans to temporarily discontinue or terminate the service of electronic verification, the provider shall report to the agency in charge of information industries under the State Council 60 days prior to the temporary discontinuation or termination of the provided services, and shall negotiate with the other electronic verification service providers regarding the transition in operations and shall arrange a smooth transition.

If the electronic verification service provider does not reach an agreement with the other electronic verification service providers regarding the transition of operations, the provider shall request that the agency in charge of information industries under the State Council assign the operation activities to other electronic verification service providers.

If the Permit of Electronic Verification Services of an electronic verification service provider is revoked by law, arrangements for the transition of its operations will be made in accordance with the requirements of the agency in charge of information industries under the State Council.

Article 24. The electronic verification service provider shall keep custody of the information relevant to the verification for at least 5 years beyond the expiration date of the certificate of verified electronic signatures.

Article 25. The agency in charge of information industries under the State Council shall draft detailed administrative measures for the electronic verification services industry and shall enforce oversight and management of the electronic verification service providers.

Article 26. With approval by the agency in charge of information industries under the State Council in accordance with the relevant protocols or with the principle of reciprocity, certificates of verified electronic signatures issued abroad by foreign electronic verification service providers have the same legal effect as those issued by electronic verification service providers authorized by this law.

   Previous   1   2   3   Next  


Print E-mail Bookmark and Share

Go to Forum >>0 Comments

No comments.

Add your comments...

  • User Name Required
  • Your Comment
  • Racist, abusive and off-topic comments may be removed by the moderator.
Send your storiesGet more from China.org.cnMobileRSSNewsletter