PRC Electronic Signatures Law (Revised in 2015)
中华人民共和国电子签名法 (2015修正)
Legal personality required for provision of electronic certification services.
(Adopted at the 14th Session of the Standing Committee of the 12th National People's Congress on, and effective as of, April 24 2015.)
(第十二届全国人民代表大会常务委员会第十四次会议于二零一五年四月二十四日通过施行。)
PRC President's Order (No.24 of the 12th NPC)
中华人民共和国主席令 (十二届第26号)
Part One: General Provisions
第一章 总则
Article 1: This Law has been formulated in order to regulate acts associated with electronic signatures, establish the legal validity and effect of electronic signatures and safeguard the lawful rights and interests of relevant parties.
第一条 为了规范电子签名行为,确立电子签名的法律效力,维护有关各方的合法权益,制定本法。
Article 2: For the purposes of this Law, the term "electronic signature" means data in electronic form contained in or attached to a data message and that is used to identify the signatory and indicate his endorsement of the contents of such document.
第二条 本法所称电子签名,是指数据电文中以电子形式所含、所附用于识别签名人身份并表明签名人认可其中内容的数据。
For the purposes of this Law, the term "data message" means information that is generated, sent, received or stored in electronic, optical, magnetic or other similar form.
本法所称数据电文,是指以电子、光学、磁或者类似手段生成、发送、接收或者储存的信息。
Article 3: The parties to contracts or other documents used in civil activities may agree to use or not use electronic signatures and data messages.
第三条 民事活动中的合同或者其他文件、单证等文书,当事人可以约定使用或者不使用电子签名、数据电文。
If the parties agree to use documents in the form of data messages with electronic signatures, they may not deny the legal validity of such documents solely based on the fact that they are in the form of data messages with electronic signatures.
当事人约定使用电子签名、数据电文的文书,不得仅因为其采用电子签名、数据电文的形式而否定其法律效力。
The provisions of the preceding paragraphs shall not apply to the following types of documents:
前款规定不适用下列文书:
(1) documents pertaining to human relations, such as marriage, adoption, succession, etc.;
(一)涉及婚姻、收养、继承等人身关系的;
(2) documents pertaining to the transfer of rights and interests in immovables, such as land, buildings, etc.;
(二)涉及土地、房屋等不动产权益转让的;
(3) documents pertaining to the suspension of such public utilities as water supply, heat supply, gas supply, electricity supply, etc.; and
(三)涉及停止供水、供热、供气、供电等公用事业服务的;
(4) other circumstances as specified in laws and regulations where electronic documents are not appropriate.
(四)法律、行政法规规定的不适用电子文书的其他情形。
Part Two: Data Messages
第二章 数据电文
Article 4: Data messages that can exhibit their contents in tangible form and be retrieved, consulted and used at any time shall be deemed to comply with the written form required by laws and regulations.
第四条 能够有形地表现所载内容,并可以随时调取查用的数据电文,视为符合法律、法规要求的书面形式。
Article 5: A data message complying with the conditions set forth below shall be deemed to satisfy the requirements of an original as specified in laws and regulations:
第五条 符合下列条件的数据电文,视为满足法律、法规规定的原件形式要求:
(1) it can effectively exhibit its contents and may be retrieved, consulted and used at any time; and
(一)能够有效地表现所载内容并可供随时调取查用;
(2) it can reliably ensure that its contents have maintained their integrity without modification since its finalization. However, the addition of an endorsement on a data message or changes in form arising in the course of data exchange, storage or display shall not affect the integrity of such message.
(二)能够可靠地保证自最终形成时起,内容保持完整、未被更改。但是,在数据电文上增加背书以及数据交换、储存和显示过程中发生的形式变化不影响数据电文的完整性。
Article 6: Data messages complying with the conditions set forth below shall be deemed to satisfy the requirements of document preservation as specified in laws and regulations:
第六条 符合下列条件的数据电文,视为满足法律、法规规定的文件保存要求:
(1) it can effectively exhibit its contents and may be retrieved, consulted and used at any time;
(一)能够有效地表现所载内容并可供随时调取查用;
(2) its format is identical to that at the time of its creation, sending or receipt, or, despite a difference in its format, it can nonetheless accurately exhibit the original content at the time of its creation, sending or receipt; and
(二)数据电文的格式与其生成、发送或者接收时的格式相同,或者格式不相同但是能够准确表现原来生成、发送或者接收的内容;
(3) it can identify the sender and recipient of the data message as well as the time of sending and receipt.
(三)能够识别数据电文的发件人、收件人以及发送、接收的时间。
Article 7: The use of a data message as evidence may not be refused solely on the grounds of its creation, sending, receipt or storage in electronic, optical, magnetic or other similar form.
第七条 数据电文不得仅因为其是以电子、光学、磁或者类似手段生成、发送、接收或者储存的而被拒绝作为证据使用。
Article 8: When examining the authenticity of a data message as evidence, the following factors shall be taken into consideration:
第八条 审查数据电文作为证据的真实性,应当考虑以下因素:
(1) the reliability of the method of creation, storage or transmission of the data message;
(一)生成、储存或者传递数据电文方法的可靠性;
(2) the reliability of the method of maintaining the integrity of its contents;
(二)保持内容完整性方法的可靠性;
(3) the reliability of the method used to identify the sender; and
(三)用以鉴别发件人方法的可靠性;
(4) other related factors.
(四)其他相关因素。
Article 9: A data message shall be deemed sent by the sender if:
第九条 数据电文有下列情形之一的,视为发件人发送:
(1) the sending thereof was authorized by the sender;
(一)经发件人授权发送的;
(2) it was sent automatically by the sender's information system; or
(二)发件人的信息系统自动发送的;
(3) after verification by the recipient using the method approved by the sender, the results are consistent.
(三)收件人按照发件人认可的方法对数据电文进行验证后结果相符的。
If the parties have otherwise agreed on the matters specified in the preceding paragraph, such agreement shall prevail.
当事人对前款规定的事项另有约定的,从其约定。
Article 10: If laws or administrative regulations stipulate or the parties agree that receipt of a data message requires confirmation, receipt shall be confirmed. Once the sender receives the confirmation of receipt from the recipient, the data message shall be deemed received.
第十条 法律、行政法规规定或者当事人约定数据电文需要确认收讫的,应当确认收讫。发件人收到收件人的收讫确认时,数据电文视为已经收到。
Article 11: The time at which a data message enters a certain information system other than that of the sender shall be deemed the time at which such data message is sent.
第十一 条数据电文进入发件人控制之外的某个信息系统的时间,视为该数据电文的发送时间。
If the recipient designates a specific system for the receipt of data messages, the time at which a data message enters such specific system shall be deemed the time at which such data message is received. If the recipient has not designated a specific system, the time at which a data message first enters any of the recipient's systems shall be deemed the time at which such data message is received.
收件人指定特定系统接收数据电文的,数据电文进入该特定系统的时间,视为该数据电文的接收时间;未指定特定系统的,数据电文进入收件人的任何系统的首次时间,视为该数据电文的接收时间。
If the parties have agreed otherwise on the time of sending or receipt of data messages, such agreement shall prevail.
当事人对数据电文的发送时间、接收时间另有约定的,从其约定。
Article 12: The principal place of business of the sender shall be the place from where a data message is sent and the principal place of business of the recipient shall be the place where the data message is received. In the absence of a principal place of business, the sender's or recipient's usual place of residence shall be deemed the place of sending or receipt of the data message.
第十二条 发件人的主营业地为数据电文的发送地点,收件人的主营业地为数据电文的接收地点。没有主营业地的,其经常居住地为发送或者接收地点。
If the parties have agreed otherwise on the place of sending or receipt of a data message, such agreement shall prevail.
当事人对数据电文的发送地点、接收地点另有约定的,从其约定。
Part Three: Electronic Signatures And Certification
第三章 电子签名与认证
Article 13: An electronic signature that simultaneously satisfies all of the following conditions shall be deemed a reliable electronic signature:
第十三条 电子签名同时符合下列条件的,视为可靠的电子签名:
(1) at the time the electronic signature creation data is used for an electronic signature, it is proprietary to the electronic signatory;
(一)电子签名制作数据用于电子签名时,属于电子签名人专有;
(2) at the time of signing, the electronic signature creation data is controlled solely by the electronic signatory;
(二)签署时电子签名制作数据仅由电子签名人控制;
(3) any change to the electronic signature after signing can be noticed; and
(三)签署后对电子签名的任何改动能够被发现;
(4) any change to the content and form of the data message after signing can be noticed.
(四)签署后对数据电文内容和形式的任何改动能够被发现。
The parties may select for use electronic signatures that comply with the reliability conditions agreed upon by them.
当事人也可以选择使用符合其约定的可靠条件的电子签名。
Article 14: A reliable electronic signature shall have the same legal validity and effect as a handwritten signature or an affixed seal.
第十四条 可靠的电子签名与手写签名或者盖章具有同等的法律效力。
Article 15: An electronic signatory shall duly safeguard his electronic signature creation data. If an electronic signatory learns that his electronic signature creation data has been descrambled or may have been descrambled, he shall promptly notify the relevant parties thereof and cease to use such electronic signature creation data.
第十五条 电子签名人应当妥善保管电子签名制作数据。电子签名人知悉电子签名制作数据已经失密或者可能已经失密时,应当及时告知有关各方,并终止使用该电子签名制作数据。
Article 16: If an electronic signature requires third party certification, the certification service shall be provided by an electronic certification service provider established in accordance with the law.
第十六条 电子签名需要第三方认证的,由依法设立的电子认证服务提供者提供认证服务。
Article 17: To provide electronic certification services, the following conditions shall be satisfied:
第十七条 提供电子认证服务,应当具备下列条件:
(一)取得企业法人资格
(1) having secured the status as an enterprise with legal personality;
(二)具有与提供电子认证服务相适应的专业技术人员和管理人员;
(2) having professional technicians and management personnel commensurate with the provision of electronic certification services;
(三)具有与提供电子认证服务相适应的资金和经营场所;
(3) having the funds and business premises commensurate with the provision of electronic certification services;
(四)具有符合国家安全标准的技术和设备;
(4) having technologies and equipment that comply with state security standards;
(五)具有国家密码管理机构同意使用密码的证明文件;
(5) having documentary evidence from the state encryption administrative authority consenting to the use of encryption; and
(六)法律、行政法规规定的其他条件。
(6) other conditions as specified in laws and administrative regulations.
第十八条 从事电子认证服务,应当向国务院信息产业主管部门提出申请,并提交符合本法第十七条规定条件的相关材料。国务院信息产业主管部门接到申请后经依法审查,征求国务院商务主管部门等有关部门的意见后,自接到申请之日起四十五日内作出许可或者不予许可的决定。予以许可的,颁发电子认证许可证书;不予许可的,应当书面通知申请人并告知理由。
Article 18: To engage in the provision of electronic certification services, an application and the relevant materials complying with the conditions specified in Article 17 hereof shall be submitted to the State Council department in charge of the information industry. After receipt of the application, the State Council department in charge of the information industry shall examine the same in accordance with the law and seek the comments of the State Council department in charge of commerce and other relevant departments. Thereafter, the State Council department in charge of the information industry shall render its decision on whether or not to give its permission within 45 days of the application date. If it gives its permission, it shall issue an electronic certification permit. If it denies permission, it shall notify the applicant thereof in writing and inform it as to the reason therefor.
取得认证资格的电子认证服务提供者,应当按照国务院信息产业主管部门的规定在互联网上公布其名称、许可证号等信息。
An electronic certification service provider that has obtained certification qualifications shall post such information as its name, permit number, etc. on the internet in accordance with the provisions of the State Council department in charge of the information industry.
第十九条 电子认证服务提供者应当制定、公布符合国家有关规定的电子认证业务规则,并向国务院信息产业主管部门备案。
Article 19: An electronic certification service provider shall formulate and publish electronic certification rules that comply with relevant state provisions and submit the same to the State Council department in charge of the information industry for the record.
电子认证业务规则应当包括责任范围、作业操作规范、信息安全保障措施等事项。
Electronic certification rules shall include the scope of liability, operational standards, the measures for the preservation of information security, etc.
第二十条 电子签名人向电子认证服务提供者申请电子签名认证证书,应当提供真实、完整和准确的信息。
Article 20: When applying to an electronic certification service provider for an electronic signature certificate, an electronic signatory shall provide true, complete and accurate information.
电子认证服务提供者收到电子签名认证证书申请后,应当对申请人的身份进行查验,并对有关材料进行审查。
After receiving the application for an electronic signature certificate, the electronic certification service provider shall check the applicant's identity and examine the relevant materials.
第二十一条 电子认证服务提供者签发的电子签名认证证书应当准确无误,并应当载明下列内容:
Article 21: The electronic signature certificates issued by an electronic certification service provider shall be accurate and error free and shall specify the following particulars:
(一)电子认证服务提供者名称;
(1) the name of the electronic certification service provider;
(二)证书持有人名称;
(2) the name of the certificate holder;
(三)证书序列号;
(3) the certificate number;
(四)证书有效期;
(4) the term of validity of the certificate;
(五)证书持有人的电子签名验证数据;
(5) the certificate holder's electronic signature verification data;
(六)电子认证服务提供者的电子签名;
(6) the electronic signature of the electronic certification service provider; and
(七)国务院信息产业主管部门规定的其他内容。
(7) other particulars as specified by the State Council department in charge of the information industry.
第二十二条 电子认证服务提供者应当保证电子签名认证证书内容在有效期内完整、准确,并保证电子签名依赖方能够证实或者了解电子签名认证证书所载内容及其他有关事项。
Article 22: An electronic certification service provider shall ensure that the contents of electronic signature certificates are complete and accurate during the term of validity and ensure that the parties that rely on electronic signatures can verify or obtain an understanding of the contents of the electronic signature certificate and other relevant matters.
第二十三条 电子认证服务提供者拟暂停或者终止电子认证服务的,应当在暂停或者终止服务九十日前,就业务承接及其他有关事项通知有关各方。
Article 23: If an electronic certification service provider intends to suspend or terminate its provision of electronic certification services, it shall notify the relevant parties concerning the taking over of its business by a third party and other relevant matters 90 days prior to the suspension or termination of its services.
电子认证服务提供者拟暂停或者终止电子认证服务的,应当在暂停或者终止服务六十日前向国务院信息产业主管部门报告,并与其他电子认证服务提供者就业务承接进行协商,作出妥善安排。
If an electronic certification service provider intends to suspend or terminate its provision of electronic certification services, it shall submit a report to the State Council department in charge of the information industry 60 days prior to the suspension or termination of its services and it shall consult with other electronic certification service providers on the taking over of its business and make suitable arrangements.
电子认证服务提供者未能就业务承接事项与其他电子认证服务提供者达成协议的,应当申请国务院信息产业主管部门安排其他电子认证服务提供者承接其业务。
If the electronic certification service provider is unable to reach an agreement with another electronic certification service provider on matters relating to the taking over of its business, it shall apply to the State Council department in charge of the information industry to arrange for another electronic certification service provider to take over its business.
电子认证服务提供者被依法吊销电子认证许可证书的,其业务承接事项的处理按照国务院信息产业主管部门的规定执行。
If an electronic certification service provider has its electronic certification permit revoked in accordance with the law, the handling of matters relating to the taking over of its business shall be carried out in accordance with the provisions of the State Council department in charge of the information industry.
第二十四条 电子认证服务提供者应当妥善保存与认证相关的信息,信息保存期限至少为电子签名认证证书失效后五年。
Article 24: An electronic certification service provider shall duly preserve information relating to certification for a period of at least five years from the expiration of an electronic signature certificate.
第二十五条 国务院信息产业主管部门依照本法制定电子认证服务业的具体管理办法,对电子认证服务提供者依法实施监督管理。
Article 25: The State Council department in charge of the information industry shall formulate the specific measures for the administration of the electronic certification service industry in accordance with this Law and regulate electronic certification service providers in accordance with the law.
第二十六条 经国务院信息产业主管部门根据有关协议或者对等原则核准后,中华人民共和国境外的电子认证服务提供者在境外签发的电子签名认证证书与依照本法设立的电子认证服务提供者签发的电子签名认证证书具有同等的法律效力。
Article 26: After approval by the State Council department in charge of the information industry pursuant to the relevant agreement or the principle of reciprocity, electronic signature certificates issued by electronic certification service providers outside the People's Republic of China shall have the same legal validity and effect as electronic signature certificates issued by electronic certification service providers established in accordance with this Law.
第四章 法律责任
Part Four: Legal Liability
第二十七条 电子签名人知悉电子签名制作数据已经失密或者可能已经失密未及时告知有关各方、并终止使用电子签名制作数据,未向电子认证服务提供者提供真实、完整和准确的信息,或者有其他过错,给电子签名依赖方、电子认证服务提供者造成损失的,承担赔偿责任。
Article 27: If an electronic signatory is aware that its electronic signature creation data has been descrambled or may have been descrambled but fails to inform relevant parties thereof in a timely manner and fails to cease using such electronic signature creation data, or if he fails to provide true, complete and accurate information to the electronic certification service manner provider or if he commits another fault thereby causing parties that rely on electronic signatures and/or the electronic certification service provider to incur a loss, he shall be liable for damages.
第二十八条 电子签名人或者电子签名依赖方因依据电子认证服务提供者提供的电子签名认证服务从事民事活动遭受损失,电子认证服务提供者不能证明自己无过错的,承担赔偿责任。
Article 28: If an electronic signatory or a party that relies on electronic signatures incurs a loss as a result of relying on the electronic signature certification service provided by an electronic certification service provider when engaging in civil activities and if the electronic certification service provider fails to provide evidence that it was not at fault, the electronic certification service provider shall be liable for damages.
第二十九条 未经许可提供电子认证服务的,由国务院信息产业主管部门责令停止违法行为;有违法所得的,没收违法所得;违法所得三十万元以上的,处违法所得一倍以上三倍以下的罚款;没有违法所得或者违法所得不足三十万元的,处十万元以上三十万元以下的罚款。
Article 29: If electronic certification services are offered without a permit, the State Council department in charge of the information industry shall order a halt to the violation. If there is illegal income, such illegal income shall be confiscated. If the illegal income totalled not less than Rmb300,000, a fine equivalent to not less than the amount of and not more than three times the illegal income shall be imposed. If there was no illegal income or if such illegal income was less than Rmb300,000, a fine of not less than Rmb100,000 and not more than Rmb300,000 shall be imposed.
第三十条 电子认证服务提供者暂停或者终止电子认证服务,未在暂停或者终止服务六十日前向国务院信息产业主管部门报告的,由国务院信息产业主管部门对其直接负责的主管人员处一万元以上五万元以下的罚款。
Article 30: If an electronic certification service provider suspends or terminates the provision of its electronic certification services but fails to submit a report to the State Council department in charge of the information industry 60 days prior to such suspension or termination, the State Council department in charge of the information industry shall fine the person directly in charge not less than Rmb10,000 and not more than Rmb50,000.
第三十一条 电子认证服务提供者不遵守认证业务规则、未妥善保存与认证相关的信息,或者有其他违法行为的,由国务院信息产业主管部门责令限期改正;逾期未改正的,吊销电子认证许可证书,其直接负责的主管人员和其他直接责任人员十年内不得从事电子认证服务。吊销电子认证许可证书的,应当予以公告并通知工商行政管理部门。
Article 31: If an electronic certification service provider fails to abide by the certification rules, fails to duly preserve information relating to certification or commits another violation of the law, the State Council department in charge of the information industry shall order it to rectify the matter within a specified period of time; if it fails to rectify the matter within the specified period of time, its electronic certification permit shall be revoked and the person directly in charge and the other persons directly responsible shall be prohibited from engaging in the provision of electronic certification services for 10 years. If an electronic certification service provider has its electronic certification permit revoked, the same shall be publicly announced and the administration for industry and commerce shall be notified.
第三十二条 伪造、冒用、盗用他人的电子签名,构成犯罪的,依法追究刑事责任;给他人造成损失的,依法承担民事责任。
Article 32: If a third party's electronic signature is forged, fraudulently used or misappropriated, and such forgery, fraudulent use or misappropriation constitutes a criminal offence, criminal liability shall be pursued in accordance with the law. If such action causes a third party to incur a loss, civil liability shall be borne in accordance with the law.
第三十三条 依照本法负责电子认证服务业监督管理工作的部门的工作人员,不依法履行行政许可、监督管理职责的,依法给予行政处分;构成犯罪的,依法追究刑事责任。
Article 33: If a member of the working personnel of an authority responsible, in accordance with this Law, for the regulation of the electronic certification service industry fails to perform his administrative permit or regulation responsibilities, he shall be subjected to administrative punishment in accordance with the law. If a criminal offence is constituted, his criminal liability shall be pursued in accordance with the law.
第五章 附则
Part Five: Supplementary Provisions
第三十四条 本法中下列用语的含义:
Article 34: The following terms used in this Law shall have the meanings assigned to them below:
(一)电子签名人,是指持有电子签名制作数据并以本人身份或者以其所代表的人的名义实施电子签名的人;
(1) "Electronic signatory" means a person who holds electronic signature creation data and affixes an electronic signature in his own capacity or in the name of the party that he represents.
(二)电子签名依赖方,是指基于对电子签名认证证书或者电子签名的信赖从事有关活动的人;
(2) "Party that relies on electronic signatures" means the party that engages in the relevant activity based on its reliance on an electronic signature certificate or electronic signature.
(三)电子签名认证证书,是指可证实电子签名人与电子签名制作数据有联系的数据电文或者其他电子记录;
(3) "Electronic signature certificate" means the data message or other electronic record that can authenticate the connection between an electronic signatory and the electronic signature creation data.
(四)电子签名制作数据,是指在电子签名过程中使用的,将电子签名与电子签名人可靠地联系起来的字符、编码等数据;
(4) "Electronic signature creation data" means such data as symbols, numbers, etc. used in the electronic signature process that can reliably connect an electronic signature to the electronic signatory.
(五)电子签名验证数据,是指用于验证电子签名的数据,包括代码、口令、算法或者公钥等。
(5) "Electronic signature verification data" means the data used to verify an electronic signature, including codes, passwords, algorithms or public keys, etc.
第三十五条 国务院或者国务院规定的部门可以依据本法制定政务活动和其他社会活动中使用电子签名、数据电文的具体办法。
Article 35: The State Council or the departments specified by the State Council may formulate specific procedures for the use of electronic signatures and data messages in political activities and other social activities based on this Law.
第三十六条 本法自2005年4月1日起施行。
Article 36: This Law shall be effective as of April 1 2005.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now