(August 28, 2004 deputies of the 11th meeting of the Standing Committee by) contents chapter I General provisions chapter II chapter III data messages on electronic signatures and certification the fourth chapter legal liability the fifth chapter by-laws chapter I General provisions article in order to standardize the electronic signature Act, establishing the legal effect of electronic signatures, maintaining the lawful rights and interests of the parties, this law is enacted.
    Electronic signature referred to in article II of this law refers to data messages in electronic form in, affixed to used to identify the signatory and indicate the signer's approval of the data.
    Data messages mentioned in this law refers to electronic, optical, magnetic or similar means information generated, sent, received or stored.
    The third civil activities in the contract or other papers, documents and other instruments, the parties may agree to use or not to use electronic signatures, data messages.
    Parties agree that the use of electronic signatures, data messages instrument, not only because of its use of electronic signatures, denied legal effect in the form of a data message.
    Provisions of the preceding paragraph do not apply to the following instruments: (a) relates to personal relationships, including marriage, adoption, inheritance, (ii) involve transfer of interests in land, housing and other real property; (c) relates to stop water supply, heating, gas, electricity and other utility services; (d) laws, administrative regulations, electronic instruments shall not apply in other circumstances.
    Chapter II contained in the data message fourth to physically and ready access to reference data messages, considered to have met the requirements of laws and regulations in writing. Article data messages that meet the following criteria, as original form requirements meet the provisions of laws and regulations: (a) can be effectively contained and available for access at any time to check the content, (ii) can be reliably from the final form, the content remains complete, unaltered.
    However, adding endorsements to the data message and data exchange, storage and display forms that occur during changes do not affect the integrity of the data message.
    VI article meet following conditions of data message, considered meet legal, and regulations provides of file save requirements: (a) can effective to performance by contains content and can for at any time adjustable take check with; (ii) data message of format and its generated, and sent or received Shi of format same, or format not same but can accurate performance original generated, and sent or received of content; (three) can recognition data message of sent pieces people, and recipient and sent, and received of time.
    Seventh data messages not only because it is in electronic, optical, magnetic or similar means for generating, sending, receiving or storage is excluded as evidence.
    Article eighth review the authenticity of data messages as evidence, should consider the following factors: (a) the reliability of method of a data message was generated, stored or communicated, (ii) to maintain content integrity reliability; (c) the reliability of the method used to identify the sender, and (iv) other relevant factors.
    Nineth data messages have one of the following, sent as a sender: (a) authorized by the sender is sent; (b) the sender's information automatically sent; (c) the recipient in accordance with the methods approved by the sender to verify results after the data message.
    Otherwise agreed by the parties on the matters prescribed in the preceding paragraph, their agreement shall prevail. Article tenth of laws, administrative regulations or the parties agree to require acknowledgement of receipt of a data message should be acknowledgement of receipt.
    When the sender receives the addressee's acknowledgement, the data message is deemed to have been received.
    11th data message enters an information system outside the control of the sender time, considered that the data message was sent.
    Designated a specific system to receive messages, the data enters the system-specific time, as the data messages received; does not specify a specific system, any system of a data message entered for the first time, considered that the data message was received.
    Of data messages sent and received by the parties otherwise agree, their agreement shall prevail. 12th the sender's main place of business for the dispatch of a data message, the recipient's main place of business is that data messages received.
    No main place of business, his place of habitual residence is sent or received.
    Place of dispatch of data messages, received by the parties otherwise agree, their agreement shall prevail.
    Third chapter electronic signature and certification 13th article electronic signature while meet following conditions of, considered reliable of electronic signature: (a) electronic signature making data for electronic signature Shi, belongs to electronic signature people proprietary; (ii) signed Shi electronic signature making data only by electronic signature people control; (three) signed Hou on electronic signature of any changes can was found; (four) signed Hou on data message content and form of any changes can was found.
    Parties may also choose to use electronic signatures that conform to the conventions of the reliable criteria.
    14th a reliable electronic signature handwritten signature or seal shall have the same legal effect. 15th electronic signature shall properly keep the electronic signature creation data.
    Knowledge of electronic signatures electronic signature creation data has been compromised or may have been compromised, shall promptly inform the parties concerned, and to terminate your use of the electronic signature creation data.
    16th article needs third-party certification of electronic signatures, the electronic certification service providers established by law to provide certification services.
    17th article provides electronic certification service, should has following conditions: (a) has and provides electronic certification service phase adapted of professional technicians and management personnel; (ii) has and provides electronic certification service phase adapted of funds and business places; (three) has meet national security standard of technology and equipment; (four) has national password management institutions agreed using password of proved file; (five) legal, and administrative regulations provides of other conditions. 18th in the electronic certification service, should apply to the information industry Department of the State Council, and submitted in accordance with the conditions specified in article 17th of related material. Information Industry Department of the State Council upon receipt of the application in accordance with law review, seeking views of the commercial Administrative Department of the State Council and other relevant departments, within 45 days from the date of receipt of the application, approval or disapproval decision.
    　　License, the issued certificate for electronic authentication; no permission, shall be notified in writing to the applicant and informed reason.
    The applicant shall hold a certificate for electronic certification to the Administrative Department for industry and commerce registration formalities according to law.
    Achieving certification electronic certification service providers shall, in accordance with State Council departments in charge of information industry on the Internet publish their name, license number, and other information.
    19th electronic certification service provider should be formulated and promulgated rules of electronic certification services in line with relevant regulations of the State, and to the information industry Department under the State Council for the record.
    Electronic authentication business rules should include responsibility, job specifications, information security measures and other matters.
    20th electronic signature to the electronic certification service providers to apply for e-signature certificates should be provided is true, complete and accurate information.
    Electronic certification service providers after receiving the application for electronic signature certificates, it shall check the identity of the applicant, and to review the relevant material.
    21st article electronic certification service provides who issued of electronic signature certification certificate should accurate, and should contains Ming following content: (a) electronic certification service provides who name; (ii) certificate holds people name; (three) certificate serial number; (four) certificate validity; (five) certificate holds people of electronic signature validation data; (six) electronic certification service provides who of electronic signature; (seven) state information industry competent sector provides of other content.
    22nd electronic certification service providers shall ensure that the electronic signature certificates during the term complete, accurate, and to ensure that electronic signatures relying party to confirm that or to understand the elements contained in the electronic signature certificates and other related matters.
    Article 23rd electronic certification service provider intends to suspend or terminate the electronic certification service, shall suspend or terminate the service before 90 days, notify the relevant parties on business and other related matters.
    Electronic certification service provider intends to suspend or terminate the electronic certification service, shall suspend or terminate the service before 60 days to report to the information industry Department of the State Council, and other electronic verification service providers business consultations to make proper arrangements.
    Electronic certification service providers fail to reach business matters reached an agreement with other electronic verification service providers, shall apply for the information industry Department to arrange other electronic verification service providers to undertake their business.
    Electronic certification electronic certification is revoked licenses of service providers whose business transactions are processed in accordance with the regulations of the competent authorities of the information industry under the State Council.
    24th electronic certification service providers shall keep information associated with the certification, electronic signature verification information retention period of at least five years after the expiration of the certificate.
    25th information industry Department of the State Council in accordance with this law, formulate specific measures for the management of electronic authentication services on electronic certification services providers to supervise and administer according to law.
    26th as the information industry Department under the agreement or approval of the principle of reciprocity, People's Republic of China outside the electronic certification service providers in the electronic signature issued outside certification electronic certification service providers established in accordance with this law issuing certificate of the electronic signature has the same legal effect. The fourth chapter legal liability article 27th e-Signer aware of electronic signature creation data has been compromised or may have been compromised when not informed all parties concerned, and terminate the use of electronic signature creation data, did not provide electronic certification service providers with true, complete and accurate information, or has other faults, giving electronic signatures relying parties, loss of the electronic certification service providers, be liable.

    28th electronic signatures or electronic signatures relying party based on electronic certification service provider to offer electronic signature certification services suffered losses in civil activities, electronic certification service providers cannot prove the absence of fault, liability.
    Article 29th provide electronic authentication services without a permit, the information industry Department under the State Council shall order to stop violations; has illegally obtained, confiscation of illegal income; illegal gains of more than 300,000 yuan, illegal gains more than 1 time fined not more than three times; no less than 300,000 yuan of illegal income or the illegal income, fines of between 100,000 yuan and 300,000 yuan.
    Article 30th electronic certification electronic certification service provider to suspend or terminate the service, does not suspend or terminate the service before 60 days to report to the information industry Department of the State Council shall be formulated by the Department of information industry executives directly responsible for the fine of between 50,000 yuan and 10,000 yuan. 31st electronic certification service providers to comply with accreditation business rules, were not properly saved and certification-related information or other illegal acts, the information industry Department under the State Council shall order correction within; it fails to mend, revocation certificate for electronic authentication, directly in charge of personnel and other persons not engaged in the electronic certification services in ten years.
    Revoke certificate for electronic authentication, should make an announcement and to notify the administration of industry and commerce.
    Article 32nd forgery, fraudulent use, to steal other people's electronic signature constitutes a crime, criminal responsibility shall be investigated according to law; cause damage to others shall bear civil liability.
    33rd in accordance with this law shall be responsible for supervision and administration of electronic certification services Department staff does not perform its administrative licensing, supervisory and management functions, shall be given administrative sanctions constitutes a crime, criminal responsibility shall be investigated according to law.
    Fifth chapter schedule 34th article this method in the following terms of meaning: (a) electronic signature people, is refers to holds electronic signature making data and to I identity or to its by representative of people of name implementation electronic signature of people; (ii) electronic signature rely on party, is refers to based on on electronic signature certification certificate or electronic signature of trust engaged in about activities of people; (three) electronic signature certification certificate, is refers to can confirmed electronic signature people and electronic signature making data has contact of data message or other electronic records;
    (D) the electronic signature creation data, refers to the use in the electronic signature process of the electronic signature and electronic signature characters, encoded data to reliably link; (e) the electronic signature verification data refers to the data used to verify electronic signatures, including codes, passwords, algorithms or keys, etc.
    35th State Council or State Council departments in accordance with this law, formulate the Chief events and other social activities in the specific measures for the use of electronic signatures, data messages. 36th article this law shall enter into force on April 1, 2005.