Law of the People’s Republic of China on Electronic Signature

(Adopted at the 11th meeting of the Standing Committee of the Tenth National People’s Congress of the People’s Republic of China on August 28, 2004)

Contents

Chapter I General Provisions

Chapter II Data Message

Chapter III Electronic Signature and Certification

Chapter IV Legal Liabilities

Chapter V Supplementary Provisions

Chapter I General Provisions

Article 1 The present Law is formulated for the purpose of regulating the act of electronic signature, establishing the legal effect of electronic signature, and maintaining the lawful rights and interests of the relevant parties concerned.

Article 2 The “Electronic Signature” as mentioned in the present Law shall refer to the data included and attached in data message in electronic form, for the use of identifying the identity of the signatory and showing that the signatory has recognized the contents therein.

The “Data Message” as mentioned in the present Law shall refer to the information created, sent, received or stored by such means as electron, optics, magnetism or the similar means.

Article 3 The parties may stipulate to use or not to use electronic signature or data message in the contract or other documents and documentations in civil activities.

The legal effect of any document using electronic signature and data message as stipulated by the parties shall not be denied only because it takes the form of electronic signature and data message.

The aforesaid provisions shall not be applicable to the following documents:

1. Documents concerning such personal relations as marriage, adoption and succession, etc.;

2. Documents concerning the transfer of such real estate rights and interests as land, and house, etc.;

3. Documents concerning stopping water supply, heat supply, gas supply and power supply, and other public utility services; and

4. Other circumstances under which the electronic documents are not applicable as prescribed by laws and administrative regulations.

Chapter II Data Message

Article 4 Any data message that can show the contents it specifies in material form, and may be picked up for reference and use at any time, shall be regarded as complying with the written form as prescribed by laws and regulations.

Article 5 The data message meeting the following requirements shall be regarded as satisfying the requirements for the form of the original as prescribed by laws and regulations:

1. Data message that is capable of effectively showing the contents it specifies and may be picked up for reference and use at any time; and

2. Data message that is capable of unfailingly ensuring that the contents are complete and unaltered from the time when it finally comes into being. But the integrality of the data message will not be influenced by the adding of endorsement in the data message and the alteration of forms occurred during the course of data interchange, storage and display.

Article 6 Any data message that meets the following requirements shall be regarded as satisfying the requirements for document preservation as prescribed by laws and regulations:

1. Being capable of effectively showing the contents it specifies and may be picked up for reference and use at any time;

2. The format of the data message is the same as the format when it is created, sent or received, or the format is not the same but is able to accurately show the contents of original creation, sending, or receiving; and

3. Being capable of identifying the addresser, addressee of the data message and the time for sending and receiving.

Article 7 No data message may be rejected for being used as evidence only because it is created, sent, received or stored by ways of electron, optics, magnetism, or the similar means.

Article 8 The following factors shall be taken into consideration when making examination on the truthfulness of any data message as evidence:

1. The reliability of the methods for creation, storage or transmission of data message;

2. The reliability of the methods for keeping the integrality of the contents;

3. The reliability of the methods for identifying the addresser; and

4. Other relevant factors.

Article 9 Under any of the following circumstances, the data message shall be regarded as being sent by the addresser:

1. Being sent upon the authorization of the addresser;

2. Being sent automatically by the information system of the addresser; or

3. The addressee finds that the consequence complies, upon examination, with the validation on the data message according to the method approved by the addresser.

Unless there are different stipulations by the parties on the matters prescribed in the preceding paragraph, the stipulations shall be followed.

Article 10 In case the receiving of any data message needs to be confirmed as prescribed by laws and administrative regulations or the stipulations of the parties, the receiving shall be confirmed. If an addresser has received any confirmation of the addressee on the receiving, the data message shall be regarded as having been received.

Article 11 The time when any data message enters into a certain information system out of the control of the addresser shall be regarded as the time for sending the data message.

In case an addressee has designated a given system to receive any data message, the time when the data message enters into the given system shall be regarded as the time for receiving the data message. If no given system is designated, the time when the data message enters into any system of the addressee for the first time shall be regarded as the time for receiving the data message.

In case the parties have different stipulations on the time for sending and receiving the data message, the stipulations shall be followed.

Article 12 The main business place of an addresser shall be the place for sending data message, the main business place of the addressee shall be the place for receiving data message. If there is no main business place, the habitual residence shall be the sending or receiving place.

Unless there are different stipulations by the parties on the place for sending or receiving data message, the stipulations shall be followed.

Chapter III Electronic Signature and Certification

Article 13 If any electronic signature complies with the following conditions concurrently, it shall be regarded as a reliable electronic signature:

1. When any data made by electronic signature is used for electronic signature, and it is owned exclusively by the electronic signatory;

2. The data made by electronic signature is controlled only by the electronic signatory when signing;

3. Any alteration on electronic signature after signing can be found out; and

4. Any alteration on the contents and form of any data message can be found out after signing.

The parties may also choose to use the electronic signature with reliable conditions, which complies with their stipulations.

Article 14 A reliable electronic signature shall have the same legal effect with the hand signature or seal.

Article 15 An electronic signatory shall properly keep the data made by electronic signature. In case any electronic signatory has known that any data made by electronic signature has given away official secrets or may give away official secrets, he shall notify the relevant parties concerned in time, and terminate the use of the data made by electronic signature.

Article 16 In case there is necessity for any electronic signature to be certified by a third party, the certification service shall be provided by an legally established electronic certification service provider.

Article 17 The following conditions shall be met when providing electronic certification services:

1. Having professional technicians and managers suited for providing electronic certification service;

2. Having capital and business place meeting the requirements for providing electronic certification service;

3. Having technology and equipment complying with the national safety standards and technology;

4. Having certification documents using codes as approved by the state code administration organ; and

5. Other conditions as prescribed by laws and administrative regulations.

Article 18 The applicant who is to undertake electronic certification service shall file an application to the competent department of information industry of the State Council, and submit the relevant documents as prescribed in Article 17 of the present Law. The competent department of information industry of the State Council shall make examination according to law after the application is accepted, and make a decision on giving permission or not giving permission within 45 days from the date when the application is accepted after soliciting the opinions of the competent commerce department of the State Council and the relevant departments. If the permission is granted, an electronic certification licensing certificate shall be issued. If the permission is not granted, the applicant shall be notified in writing and the reasons shall be explained.

An applicant shall go through formalities for enterprise registration at the administrative department for industry and commerce according to law upon the strength of electronic certification licensing certificate.

Any electronic certification service provider who has obtained qualification of certification shall publicize its name and number of license and other information in the internet in accordance with the provisions of the competent department of information industry of the State Council.

Article 19 An electronic certification service provider shall formulate and promulgate the electronic certification business rules complying with the relevant state provisions, and put them on records at the competent department of information industry of the State Council.

The electronic certification business rules shall cover the scope of liabilities, working operational specifications, information safeguard measures, and other matters concerned.

Article 20 In case any electronic signatory provides electronic signature certification certificate to any electronic certification service provider, he shall provide true, complete and accurate information.

After receiving any application for electronic signature certification certificate, an electronic certification service provider shall check the identity of the applicant and make examination on the relevant materials.

Article 21 Any electronic signature certification certificate signed by an electronic certification service provider shall be accurate and have no mistakes, and shall specify the following contents:

1. Name of the electronic certification service provider;

2. Name of the certificate holder;

3. Serial number of the certificate;

4. Period of validity of the certificate;

5. Electronic signature validation data of the certificate holder;

6. Electronic signature of the electronic certification service provider; and

7. Other contents as prescribed by the competent department of information industry of the State Council.

Article 22 An electronic certification service provider shall ensure that the contents of an electronic signature certification certificate are complete and accurate within the period of validity, and ensure that the party depending on the electronic signature is able to prove or know the contents specified in the electronic certification certificate and other relevant matters concerned.

Article 23 In case any electronic certification service provider intends to suspend or terminate electronic certification service, it shall notify the relevant parties concerned of the carrying-on of business and other relevant matters 90 days before the suspension or termination of the service.

In case any electronic certification service provider intends to suspend or terminate electronic certification service, it shall report to the competent department of information industry of the State Council 60 days before suspending or terminating the service, and negotiates with other electronic certification service provider on the carrying-on of business, so as to make proper arrangements.

In case any electronic certification service provider fails to reach an agreement on the carrying-on of business with other electronic certification service provider, it shall apply to the competent department of information industry of the State Council for arranging other electronic certification service provider to carry on its business.

In case any electronic certification service provider is revoked of the electronic certification licensing certificate, the carrying on of its business and other matters shall be handled in accordance with the provisions of the competent department of information industry of the State Council.

Article 24 An electronic certification service provider shall properly keep the information relating to certification. The time limit for keeping the information shall be at least 5 years after the invalidation of the electronic signature certification certificate.

Article 25 The competent department of information industry of the State Council shall conduct supervision over electronic certification service providers according to law in accordance with the concrete measures for the administration of electronic certification service industry.

Article 26 Upon the approval of the competent department of information industry of the State Council, and in light of the relevant agreement or the principle of reciprocity, any electronic signature certification certificate issued overseas by any electronic certification service provider outside the territory of the People’s Republic of China shall have the same legal effect with the electronic certification certificate issued by the electronic certification service provider established according to the present Law.

Chapter IV Legal Liabilities

Article 27 In case any electronic signatory knows that any data made by electronic signature has given away official secrets or may have given away official secrets but fails to notify the relevant parties concerned and terminate the use of the data made by electronic signature, or fails to provide truthful, complete and accurate information to the electronic service provider, or has any other fault, which result in the damage to the party depending on electronic signature, the electronic certification service provider, he shall undertake compensation liabilities.

Article 28 Where any electronic signatory or any party depending on electronic signature suffers losses due to undertaking civil activities on the basis of the electronic signature certification service provided by any electronic certification service provider, and if the electronic certification service provider cannot prove that he has no fault, he shall undertake compensation liabilities.

Article 29 In case anyone provides electronic certification service without approval, the competent department of information industry of the State Council shall order it to stop the illegal acts; if there are any illegal gains, the illegal gains shall be confiscated; if the illegal gains are more than RMB 300 thousand Yuan, it shall be given a fine of one time up to three times of the illegal gains. If it has no illegal gains or the illegal gains are less than RMB 300 thousand Yuan, it shall be given a fine of RMB 100 thousand Yuan up to RMB 300 thousand Yuan.

Article 30 In case any electronic certification service provider suspends or terminates electronic certification service, but fails to report to the competent department of information industry of the State Council within 60 days before the suspension or termination of the service, the competent department of information industry of the State Council shall impose a fine of RMB 10 thousand Yuan up to RMB 50 thousand Yuan upon the person directly in charge.

Article 31 In case any electronic certification service provider does not abide by the certification business rules, fails to properly keep the information relating to certification, or has any other illegal acts, the competent department of information industry of the State Council may order it to correct within a prescribed time limit; if it fails to correct within the time limit, its electronic certification licensing certificate shall be revoked, and the person directly in charge and other persons directly liable shall be banned from undertaking electronic certification service within 10 years. If any electronic certification licensing certificate is revoked, a public notice on this shall be made, and the administrative department for industry and commerce shall be notified.

Article 32 In case anyone forges, falsely uses or embezzles electronic signature of others and commits a crime, he shall be subject to criminal liability according to law. If that causes damage to others, he shall undertake civil liabilities.

Article 33 According to the present Law if any staff member of the department taking charge of the work for the supervision over electronic certification service fails to perform duties of administrative license and supervision, he shall be given an administrative punishment according to law. If a crime is constituted, he shall be subject to criminal liabilities.

Chapter V Supplementary Provisions

Article 34 The following words in the present Law shall have the following meaning:

1. The “Electronic Signatory”, shall refer to the person who holds data made by electronic signature and implement electronic signature in his own identity or on behalf of the person he represents;

2. The “Party Depending on Electronic Signature”, shall refer to the person who undertakes the relevant activities on the basis of his trust on any electronic signature certification certificate or electronic signature;

3. The “Electronic Signature Certification Certificate”, shall refer to the data message or other electronic records that can prove that any electronic signatory has any connection with the data made by electronic signature;

4. The “Data Made by Electronic Signature”, shall refer to such data as the character, coding, etc., which are used in the course of electronic signature, and can connect electronic signature with electronic signatory reliably; and

5. The “Electronic Signature Validation Data”, shall refer to the data used for validating electronic signature, including codes, passwords, arithmetics or public keys, etc..

Article 35 The State Council or the departments prescribed by the State Council may formulate concrete measures for the use of electronic signature and data message used in governmental affairs and other social activities in light of the present Law.

Article 36 The present Law shall come into force as of April 1, 2005.