Laws of the People's Republic of China

The Standing Committee of the National People's Congress

Order of the President of the People's Republic of China

No.18

The Law of the People's Republic of China on Electronic Signature, adopted at the 11th meeting of the Standing Committee of the Tenth National People's Congress of the People's Republic of China on August 28, 2004, is hereby promulgated, and shall go into effect as of April 1, 2005.

President of the People's Republic of China, Hu Jintao

August 28, 2004

Law of the People's Republic of China on Electronic Signature ContentsChapter I General Provisions

Chapter II Data Message

Chapter III Electronic Signature and Certification

Chapter IV Legal Liabilities

Chapter V Supplementary Provisions

Chapter I General Provisions

Article 1

The present Law is constituted in order to regulate the act of electronic signature, establish the legal effect of electronic signature, and maintain the lawful rights and interests of the relevant parties concerned.

Article 2

For the purpose of this Law, the term of "Electronic Signature" refers to the data included and attached in data message in electronic form used to identify the identity of the signatory and show that the signatory has recognized the contents therein.

For purpose of this Law, the term of "Data Message" refers to the information created, sent, received or stored by means such as electron, optics, magnetism or similar means.

Article 3

The interested parties may stipulate to use or not to use electronic signature or data message in the contract or other documents and documentations in civil activities.

The force adeffect of any document using electronic signature and data message as stipulated by the interested parties shall not be denied only because the document takes the form of electronic signature and data message.

The aforesaid provisions shall not be applied to the following documents:

1.

Documents concerning personal relations such as marriage, adoption, inheritance and etc.;

2.

Documents concerning the transfer of such real estate rights and interests as land, house and etc.;

3.

Documents concerning stopping the service of public utility such as water supply, heat supply, gas supply, power supply and etc.;

4.

Other circumstances under which the electronic documents are inapplicable as prescribed by laws and administrative regulations.

Chapter II Data Message

Article 4

Any data message, which can represent the contents it specifies in material form and may be picked up for reference and use at any time, shall be regarded as congruous written forms prescribed by laws and regulations.

Article 5

Any data message meeting the following requirements shall be regarded as satisfying the requirements for the form of the original as prescribed by laws and regulations:

1.

Data message that is capable of effectively representing the contents it specifies and may be picked up for reference and use at any time; and

2.

Data message that can reliably ensure that the contents are complete and unaltered from the time when it finally comes into being. But the integrality of the data message will not be influenced by adding endorsement in the data message and the transformation of forms occurred during the course of data interchange, storage and display.

Article 6

Any data message meeting the following requirements shall be regarded as satisfying the requirements for document preservation as prescribed by laws and regulations:

1.

Being capable of effectively representing the contents it specifies and may be picked up for reference and use at any time;

2.

The format of the data message is the same as that when it is created, sent or received, or the format is different but is able to accurately represent the contents of original creation, sending, or receiving;

3.

Being capable of identifying the addresser and addressee of the data message and the time for sending and receiving it.

Article 7

Any data message may not be refused for being used as evidence only because it is created, sent, received or stored by ways of electron, optics, magnetism, or the similar means.

Article 8

When making examination on the authenticity of any data message as evidence, the following factors shall be taken into consideration:

1.

The reliability of the methods for creation, storage or transmission of data message;

2.

The reliability of the methods for keeping the integrality of the contents;

3.

The reliability of the methods for identifying the addresser; and

4.

Other relevant factors.

Article 9

Under any of the following circumstances, the data message shall be regarded as being sent by the addresser:

1.

Being sent with the authorization of the addresser;

2.

Being sent automatically by the information system of the addresser; or

3.

The consequence is proved congruous after the validation on the data message by the addressee according to the method approved by the addresser.

Unless there are different stipulations by the interested parties on the matters prescribed in the preceding paragraph, the stipulations shall be followed.

Article 10

In case that the receiving of any data message needs to be confirmed as prescribed by laws and administrative regulations or the stipulations of the interested parties, the receiving shall be confirmed. If an addresser has received any confirmation on the receiving from the addressee, the data message shall be regarded as having been received.

Article 11

The time when any data message enters into a certain information system beyond the control of the addresser shall be regarded as the time for sending the data message.

Where an addressee has appointed a given system to receive any data message, the time when the data message enters into the given system shall be regarded as the time for receiving the data message. Where no given system is appointed, the time when the data message enters into any system of the addressee for the first time shall be regarded as the time for receiving the data message.

In case the interested parties have different stipulations on the time for sending and receiving data message, the stipulations shall be followed.

Article 12

The main business place of the addresser shall be regarded as the place for sending data message, and the main business place of the addressee shall be regarded as the place for receiving data message. If there is no main business place, the habitual residence shall be regarded as the sending or receiving place.

In case the interested parties have different stipulations on the place for sending or receiving data message, the stipulations shall be followed.

Chapter III Electronic Signature and Certification

Article 13

Any electronic signature, simultaneously according with the following circumstances, shall be regarded as a reliable electronic signature:

1.

Where any data made by electronic signature is used for electronic signature, and it is owned exclusively by the electronic signatory;

2.

The data made by electronic signature is controlled only by the electronic signatory when signing;

3.

Any alteration on electronic signature after signing can be found out; and

4.

Any alteration on the content and the form of any data message after signing can be found out.

The parties may also choose to use the electronic signature stipulated by themselves of reliable conditions.

Article 14

Reliable electronic signatures shall have the same force adeffect as the hand signatures or seals.

Article 15

The electronic signatory shall well keep the data made by electronic signature. In case that an electronic signatory realizes that the data made by electronic signature has given away official secrets or may give away official secrets, he shall notify relevant parties in time and terminate the use of the data made by electronic signature.

Article 16

Where it is necessary for an electronic signature to be certified by a third party, the certification service shall be provided by a legally established electronic certification service provider.

Article 17

The following conditions shall be met when providing electronic certification service:

1.

Having professional technicians and managers suited for providing electronic certification service;

2.

Having capital and business places meeting the requirements for providing electronic certification service;

3.

Having techniques and equipments up to the standard of the national safety;

4.

Having certification documents on using codes approved by the state code administration organs;

5.

Other conditions prescribed by laws and administrative regulations.

Article 18

The applicant, who is to provide electronic certification service, shall bring forward an application to the competent department of information industry of the State Council, and submit relevant materials prescribed in Article 17 of the present Law. The competent department of information industry of the State Council shall make examination according to law after receiving the application, and make a decision on whether to give permission or not within 45 days from the date when the application is accepted after soliciting the opinions of the competent commerce department of the State Council and other relevant departments. If the permission is granted, an electronic certification exequatur shall be issued. Or else the applicant shall be notified in writing form and the reasons shall be explained.

The applicant shall, with the electronic certification licensing certificate, go to the administrative department for industry and commerce to go through formalities for enterprise registration according to law.

Any electronic certification service providers who have obtained the qualification of certification shall publicize their names and numbers of licenses and other information in the internet in accordance with the provisions of the competent department of information industry of the State Council.

Article 19

The electronic certification service provider shall formulate and promulgate the electronic certification business rules according with the relevant provisions of the state, and put them on records at the competent department of information industry of the State Council.

The electronic certification business rules shall include the scope of liabilities, the criterions of work operation, the information safeguard measures, and other matters concerned.

Article 20

When any electronic signatory applies for electronic signature certification certificate to any electronic certification service provider, he shall provide true, complete and accurate information.

After receiving any application for electronic signature certification certificates, the electronic certification service provider shall check the identity of the applicant and make examination on the relevant materials.

Article 21

Any electronic signature certification certificate signed by electronic certification service providers shall be accurate and inerrant, and shall specify the following contents:

1.

Name of the electronic certification service provider;

2.

Name of the certificate holder;

3.

Serial number of the certificate;

4.

Period of validity of the certificate;

5.

Electronic signature validation data of the certificate holder;

6.

Electronic signature of the electronic certification service provider; and

7.

Other contents prescribed by the competent department of information industry of the State Council.

Article 22

The electronic certification service provider shall ensure that the contents of the electronic signature certification certificates are complete and accurate within the period of validity, and ensure that the parties depending on the electronic signature are able to prove or know the contents specified in the electronic certification certificate and other relevant matters concerned.

Article 23

Where any electronic certification service provider intends to suspend or terminate the electronic certification service, it shall notify relevant parties concerned of the carrying-on of the operation and other relevant matters 90 days before the suspension or termination of the service.

Where any electronic certification service provider intends to suspend or terminate the electronic certification service, it shall report to the competent department of information industry of the State Council 60 days before the suspension or termination of the service, and negotiates with other electronic certification service providers about the carrying-on of the operation, so as to make proper arrangements.

Where any electronic certification service provider fails to reach an agreement on the carrying-on of the operation with other electronic certification service providers, it shall apply to the competent department of information industry of the State Council for arranging other electronic certification service providers to carry on its operation.

Where any electronic certification service provider is revoked of the electronic certification licensing certificate, the matters of carrying on its operation shall be handled according to the provisions of the competent department of information industry of the State Council.

Article 24

The electronic certification service providers shall well keep the information related to certification. The time limit for keeping the information shall be at least 5 years after the invalidation of the electronic signature certification certificates.

Article 25

The competent department of information industry of the State Council shall formulate concrete measures for the administration of electronic certification service industry in accordance with the present Law and conduct supervision over electronic certification service providers according to law.

Article 26

Upon the approval of the competent department of information industry of the State Council, and in light of the relevant agreement or the principle of reciprocity, any electronic signature certification certificate issued overseas by any electronic certification service provider outside the territory of the People's Republic of China shall have the same force adeffect as the electronic certification certificates issued by the electronic certification service providers established according to the present Law.

Chapter IV Legal Liabilities

Article 27

The electronic certification service provides shall undertake compensation liabilities, in case that he knows that data made by electronic signature has given away official secrets or may have given away official secrets but fails to notify the relevant interested parties concerned and terminate the use of the data made by electronic signature, or fails to provide truthful, complete and accurate information to the electronic service providers, or has any other faults resulting in the damage to the party depending on electronic signature .

Article 28

The electronic certification service provider shall undertake compensation liabilities, if any electronic signatory or any party depending on electronic signature suffers losses due to engaging in civil activities based on the electronic signature certification service provided by the electronic certification service provider and he cannot prove that he has no faults.

Article 29

Where anyone provides electronic certification service without approval, the competent department of information industry of the State Council shall order it to stop the illegal act; where there are illegal gains, they shall be confiscated; and if the illegal gains are more than RMB 300 thousand Yuan, it shall be given a fine of one time to three times of the illegal gains; if there are no illegal gains or the illegal gains are less than RMB 300 thousand Yuan, it shall be given a fine of RMB 100 thousand Yuan to RMB 300 thousand Yuan.

Article 30

Where any electronic certification service provider suspends or terminates the electronic certification service, but fails to report to the competent department of information industry of the State Council within 60 days before the suspension or termination of the service, the competent department of information industry of the State Council shall penalize the person directly in charge with a fine of RMB 10 thousand Yuan up to RMB 50 thousand.

Article 31

Where any electronic certification service provider does not comply with the certification operation rules, fails to well keep the information related to the certification, or has any other illegal acts, the competent department of information industry of the State Council may charge it to correct within a prescribed time limit; if the electronic certification service provider fails to correct within the time limit, its electronic certification licensing certificate shall be revoked and the person directly in charge and other persons directly liable shall be banned from undertaking electronic certification service within 10 years; and if the electronic certification licensing certificate is revoked, a public notice on this shall be made, and the administrative administrations for industry and commerce shall be notified.

Article 32

Where anyone forges, falsely uses or embezzles electronic signature of others and commits a crime, he shall be subject to criminal liability according to law. Where that causes damage to others, he shall undertake civil liabilities.

Article 33

Where any staff member of the department in charge of the work for the supervision over electronic certification service, according to the present Law, fails to perform duties of administration approval and supervision, he shall be given an administrative punishment according to law. Where a crime is constituted, he shall be subject to criminal liabilities.

Chapter V Supplementary Provisions

Article 34

The words used in the present Law shall have meanings as follows:

1.

The "Electronic Signatory" shall refer to the person who holds data made by electronic signature and implements electronic signature in his own identity or on behalf of the person he represents;

2.

The "Party Depending on Electronic Signature" shall refer to the person who engages in relevant activities based on his trust in any electronic signature certification certificate or electronic signature;

3.

The "Electronic Signature Certification Certificate" shall refer to the data message or other electronic records that can prove that any electronic signatory has some relations with the data made by electronic signature;

4.

The "Data Made by Electronic Signature" shall refer to such data as characters, coding and etc., which are used in the course of electronic signature and can reliably connect electronic signature with electronic signatory; and

5.

The "Electronic Signature Validation Data" shall refer to the data used to validate electronic signature, including codes, passwords, arithmetic or public keys and etc..

Article 35

The State Council or the departments prescribed by the State Council may, in accordance with the present Law, formulate concrete measures for the use of electronic signature and data message in government affairs and other social activities.

Article 36

The present Law shall go into effect as of April 1, 2005.