法律文本

中華人民共和國電子簽名法（2019修訂）

Electronic Signature Law of the People’s Republic of China (Amended in 2019)

（2004年8月28日第十屆全國人民代表大會常務委員會第十一次會議通過 根據2015年4月24日第十二屆全國人民代表大會常務委員會第十四次會議《關於修改〈中華人民共和國電力法〉等六部法律的決定》第一次修正 根據2019年4月23日第十三屆全國人民代表大會常務委員會第十次會議《關於修改〈中華人民共和國建築法〉等八部法律的決定》第二次修正）

(Adopted at the 11th Session of the Standing Committee of the 10th National People's Congress of the People's Republic of China on August 28, 2004; amended for the first time according to the Decision on Revising Six Laws including the Electric Power Law of the People's Republic of China passed at the 14th Session of the Standing Committee of the 12th National People's Congress of the People's Republic of China on April 24, 2015; and amended for the second time according to the Decision on Amending Eight Laws Including the Construction Law of the People's Republic of China passed at the 10th Session of the Standing Committee of the 13th National People's Congress on April 23, 2019)

第一章 總 則

Chapter 1 General Provisions

第一條   為了規範電子簽名行為，確立電子簽名的法律效力，維護有關各方的合法權益，制定本法。

Article 1. This Law is formulated for the purposes of standardising the conduct of electronic signature, confirming the legal validity of electronic signature and safeguarding the legal rights and interests of the relevant parties.

第二條   本法所稱電子簽名，是指數據電文中以電子形式所含、所附用於識別簽名人身份並表明簽名人認可其中內容的數據。

Article 2 "Electronic signature" referred to herein shall mean data incorporated into or associated with any electronic form, which may be used to identify the signatory and indicate the signatory's approval of the information contained in the data message.

本法所稱數據電文，是指以電子、光學、磁或者類似手段生成、發送、接收或者儲存的信息。

Data telex "referred to herein shall mean information generated, sent, received or stored by electronic, optical, magnetic or similar means.

第三條   民事活動中的合同或者其他文件、單證等文書，當事人可以約定使用或者不使用電子簽名、數據電文。

Article 3 Parties involved in civil activities may agree to use or not to use electronic signature and data telex for contracts or other documents and instruments.

當事人約定使用電子簽名、數據電文的文書，不得僅因為其采用電子簽名、數據電文的形式而否定其法律效力。

Documents for which the parties concerned agree to the use of electronic signature and data telex shall not be denied of legal validity on the ground of electronic signature and data telex being used.

前款規定不適用下列文書：

The preceding paragraph shall not apply to the following documents:

（一）涉及婚姻、收養、繼承等人身關系的；

1. personal relationships such as marriage, adoption and inheritance are involved;

（二）涉及停止供水、供熱、供氣等公用事業服務的；

(II) Documents concerning stopping the supply of water, heat, gas and other public utility services; and

（三）法律、行政法規規定的不適用電子文書的其他情形。

(III) Other circumstances under which electronic documents do not apply as prescribed by laws and administrative regulations.

第二章 數據電文

Chapter 2 Electronic Data

第四條   能夠有形地表現所載內容，並可以隨時調取查用的數據電文，視為符合法律、法規要求的書面形式。

Article 4 Data telex that tangibly express the content it recorded and can be investigated and checked at any time shall be deemed as compliance with the written form provided by law and regulations.

第五條   符合下列條件的數據電文，視為滿足法律、法規規定的原件形式要求：

Article 5 Any data message meeting the following requirements shall be regarded as satisfying the requirements for the form of the original as prescribed by laws and regulations:

（一）能夠有效地表現所載內容並可供隨時調取查用；

1. Being capable of effectively showing the contents it specifies, and which may be accessed for reference and used at any time; and

（二）能夠可靠地保證自最終形成時起，內容保持完整、未被更改。但是，在數據電文上增加背書以及數據交換、儲存和顯示過程中發生的形式變化不影響數據電文的完整性。

2. It can be reliably guaranteed that the contents remain complete and unchanged from the time of final formation. However, the integrity of the data message is not affected by the addition of endorsement to the data message and changes in form that occur during data exchange, storage and display.

第六條   符合下列條件的數據電文，視為滿足法律、法規規定的文件保存要求：

Article 6 Any data message meeting the following requirements shall be regarded as satisfying the requirements for document preservation as prescribed by laws and regulations:

（一）能夠有效地表現所載內容並可供隨時調取查用；

1. Being capable of effectively showing the contents it specifies, and which may be accessed for reference and used at any time; and

（二）數據電文的格式與其生成、發送或者接收時的格式相同，或者格式不相同但是能夠準確表現原來生成、發送或者接收的內容；

2. the format of the data message is the same as that when it is created, sent or received, or the format is different but is able to accurately represent the contents originally created, sent, or received; and

（三）能夠識別數據電文的發件人、收件人以及發送、接收的時間。

(III) Being able to identify the addresser, the addressee, and the time of sending and receiving.

第七條   數據電文不得僅因為其是以電子、光學、磁或者類似手段生成、發送、接收或者儲存的而被拒絕作為證據使用。

Article 7 No electronic data may be rejected for being used as evidence simply because it was created, sent, received or stored by way of electronic, optical, magnetic or similar means.

第八條   審查數據電文作為證據的真實性，應當考慮以下因素：

Article 8 The following factors shall be considered when examining the authenticity of any data message as evidence:

（一）生成、儲存或者傳遞數據電文方法的可靠性；

1. The reliability of the methods used in creating, storing or transmitting the electronic data;

（二）保持內容完整性方法的可靠性；

(II) The reliability of the methods used to maintain the integrity of the contents;

（三）用以鑒別發件人方法的可靠性；

(III) The reliability of the methods used to identify the sender;

（四）其他相關因素。

(IV) Other relevant factors.

第九條   數據電文有下列情形之一的，視為發件人發送：

Article 9 Under any of the following circumstances, the data message shall be regarded as being sent by the addresser:

（一）經發件人授權發送的；

1. Being sent with the authorization of the addresser;

（二）發件人的信息系統自動發送的；

(II) An information system of the sender automatically sends;

（三）收件人按照發件人認可的方法對數據電文進行驗證後結果相符的。

(III) The consequence is consistent after the validation on the data message by the addressee according to the method approved by the addresser.

當事人對前款規定的事項另有約定的，從其約定。

Where the parties agree otherwise on the matters prescribed in the preceding paragraph, their agreement shall be followed.

第十條   法律、行政法規規定或者當事人約定數據電文需要確認收讫的，應當確認收讫。發件人收到收件人的收讫確認時，數據電文視為已經收到。

Article 10 Where receipt acknowledgement of the data telex is required by laws and administrative regulations or agreed between the parties, the recipient shall acknowledge receipt of the data telex. Upon receipt by the sender of the recipient's acknowledgement of receipt, the data message shall be deemed to have been received.

第十一條   數據電文進入發件人控制之外的某個信息系統的時間，視為該數據電文的發送時間。

Article 11 The time when a data message enters an information system outside the control of the originator shall be deemed to be the time when the data message is sent.

收件人指定特定系統接收數據電文的，數據電文進入該特定系統的時間，視為該數據電文的接收時間；未指定特定系統的，數據電文進入收件人的任何系統的首次時間，視為該數據電文的接收時間。

The time at which a data message enters the specific system designated by the recipient for the receipt of data messages shall be deemed to be the time at which the data message enters such specific system; if no specific system is designated, the time at which the data message enters any system of the recipient for the first time shall be deemed to be the time at which the data message is received.

當事人對數據電文的發送時間、接收時間另有約定的，從其約定。

Where the parties agree otherwise on the time of sending and receiving of data telex, such agreement shall prevail.

第十二條   發件人的主營業地為數據電文的發送地點，收件人的主營業地為數據電文的接收地點。沒有主營業地的，其經常居住地為發送或者接收地點。

Article 12 The principal place of business of the originator is the place where data messages are sent and the principal place of business of the addressee is the place where data messages are received. If there is no main place of business, the habitual residence shall be considered the sending or receiving place.

當事人對數據電文的發送地點、接收地點另有約定的，從其約定。

In case the interested parties have different stipulations on the place for sending or receiving data message, the stipulations shall be followed.

第三章 電子簽名與認證

Chapter 3 Electronic Signature and Certification

第十三條   電子簽名同時符合下列條件的，視為可靠的電子簽名：

Article 13 Any electronic signature, which satisfies the following conditions, shall be regarded as reliable electronic signature:

（一）電子簽名制作數據用於電子簽名時，屬於電子簽名人專有；

1. If data made by electronic signature is used for electronic signature, and if it is owned exclusively by the electronic signatory;

（二）簽署時電子簽名制作數據僅由電子簽名人控制；

(II) The data made by electronic signature is controlled only by the electronic signatory when signing;

（三）簽署後對電子簽名的任何改動能夠被發現；

(III) Any alteration to the electronic signature after signing can be detected; and

（四）簽署後對數據電文內容和形式的任何改動能夠被發現。

(IV) Any alteration to the content and form of any data message after signing can be found out.

當事人也可以選擇使用符合其約定的可靠條件的電子簽名。

The parties may choose other electronic signatures which comply with their agreement on reliable requirements.

第十四條   可靠的電子簽名與手寫簽名或者蓋章具有同等的法律效力。

Article 14. Reliable electronic signatures shall have the same legal validity as handwritten signatures or seals.

第十五條   電子簽名人應當妥善保管電子簽名制作數據。電子簽名人知悉電子簽名制作數據已經失密或者可能已經失密時，應當及時告知有關各方，並終止使用該電子簽名制作數據。

Article 15 The electronic signatory shall keep electronic signature creation data properly. In case that an electronic signatory knows that data made by electronic signature has given away official secrets or may give away official secrets, he shall notify relevant parties in time, and terminate the use of the data made by electronic signature.

第十六條   電子簽名需要第三方認證的，由依法設立的電子認證服務提供者提供認證服務。

Article 16 Where a third party's certification is required for the electronic signature, such certification service shall be provided by a legally established electronic certification service provider.

第十七條   提供電子認證服務，應當具備下列條件：

Article 17 The following conditions shall be met when providing electronic certification services:

（一）取得企業法人資格；

1. Obtain corporate capacity;

（二）具有與提供電子認證服務相適應的專業技術人員和管理人員；

(II) Having professional technicians and managers who are suited to provide electronic certification services;

（三）具有與提供電子認證服務相適應的資金和經營場所；

(III) Having capital and a place of business that meets the requirements for providing electronic certification services;

（四）具有符合國家安全標準的技術和設備；

(IV) Having technology and equipment that comply with the national safety and technology standards;

（五）具有國家密碼管理機構同意使用密碼的證明文件；

(V) Having certification documents that use codes that have been approved by the state code administration organ; and

（六）法律、行政法規規定的其他條件。

(VI) Other conditions prescribed by laws and administrative regulations.

第十八條   從事電子認證服務，應當向國務院信息產業主管部門提出申請，並提交符合本法第十七條規定條件的相關材料。國務院信息產業主管部門接到申請後經依法審查，征求國務院商務主管部門等有關部門的意見後，自接到申請之日起四十五日內作出許可或者不予許可的決定。予以許可的，頒發電子認證許可證書；不予許可的，應當書面通知申請人並告知理由。

Article 18. Proposed electronic certification service providers shall apply with the relevant materials to the information industry department of the State Council in accordance with the provisions of Article 17. Upon examination of an application by the information industry department of the State Council and concurring with the commerce administration department of the State Council, the information industry department of the State Council shall decide on approval or non-approval within 45 days from receipt of the application. An electronic certification licence shall be issued to successful applicants; unsuccessful applicants shall be notified in writing and the reason shall be stated.

取得認證資格的電子認證服務提供者，應當按照國務院信息產業主管部門的規定在互聯網上公布其名稱、許可證號等信息。

An electronic certification service provider who has obtained certification shall publicize its name, license number and other information on the Internet in accordance with the provisions of the department of information industry of the State Council.

第十九條   電子認證服務提供者應當制定、公布符合國家有關規定的電子認證業務規則，並向國務院信息產業主管部門備案。

Article 19 Electronic certification service providers shall formulate and promulgate electronic certification service rules in accordance with relevant State regulations and file them with the information industry department of the State Council for record.

電子認證業務規則應當包括責任範圍、作業操作規範、信息安全保障措施等事項。

Electronic certification business rules shall cover the scope of liabilities, the criterions of operation, the information safeguard measures and other matters concerned.

第二十條   電子簽名人向電子認證服務提供者申請電子簽名認證證書，應當提供真實、完整和準確的信息。

Article 20. Electronic signatories shall provide true, complete and accurate information to their electronic certification service provider for the application of an electronic signature certificate.

電子認證服務提供者收到電子簽名認證證書申請後，應當對申請人的身份進行查驗，並對有關材料進行審查。

After receiving an application for an electronic signature certificate, the electronic certification service provider shall check the identity of the applicant and examine relevant materials.

第二十一條   電子認證服務提供者簽發的電子簽名認證證書應當準確無誤，並應當載明下列內容：

Article 21 An electronic signature certification certificate signed by an electronic certification service provider shall be accurate and have no mistakes, and shall specify the following contents:

（一）電子認證服務提供者名稱；

1. Name of the electronic certification service provider;

（二）證書持有人名稱；

2. the name of the certificate holder;

（三）證書序列號；

3. Serial number of the certificate;

（四）證書有效期；

(IV) validity period of the certificate;

（五）證書持有人的電子簽名驗證數據；

(V) electronic signature verification data of the certificate holder;

（六）電子認證服務提供者的電子簽名；

(VI) Electronic signature of the electronic certification service provider;

（七）國務院信息產業主管部門規定的其他內容。

(VII) Other contents prescribed by the competent department of information industry of the State Council.

第二十二條   電子認證服務提供者應當保證電子簽名認證證書內容在有效期內完整、準確，並保證電子簽名依賴方能夠證實或者了解電子簽名認證證書所載內容及其他有關事項。

Article 22. Electronic certification service providers shall guarantee the completeness and accuracy of the contents of the electronic signature certificate within the validity period of the certificate and that parties relying on the electronic signature are able to verify and understand the contents and other relevant matters recorded on the electronic signature certificate.

第二十三條   電子認證服務提供者擬暫停或者終止電子認證服務的，應當在暫停或者終止服務九十日前，就業務承接及其他有關事項通知有關各方。

Article 23. Electronic certification service providers suspending or terminating their electronic certification service shall inform the relevant parties of the service takeover and other matters at least 90 days prior to the suspension or termination of the service.

電子認證服務提供者擬暫停或者終止電子認證服務的，應當在暫停或者終止服務六十日前向國務院信息產業主管部門報告，並與其他電子認證服務提供者就業務承接進行協商，作出妥善安排。

In the event an electronic certification service provider intends to suspend or terminate his/her/its electronic certification service, he/she/it shall report to the department of information industry of the State Council 60 days before suspending or terminating the service, and negotiate with other electronic certification service providers about the carrying-on of the operation, so as to make proper arrangements.

電子認證服務提供者未能就業務承接事項與其他電子認證服務提供者達成協議的，應當申請國務院信息產業主管部門安排其他電子認證服務提供者承接其業務。

In the event an electronic certification service provider fails to reach an agreement on the carrying-on of the operation with another electronic certification service provider, he/she/it shall apply to the department of information industry of the State Council to arrange another electronic certification service provider to carry on the operation.

電子認證服務提供者被依法吊銷電子認證許可證書的，其業務承接事項的處理按照國務院信息產業主管部門的規定執行。

In the event an electronic certification service provider's electronic certification licensing certificate is revoked in accordance with the law, the takeover of its business shall be handled in accordance with the provisions of the department of information industry of the State Council.

第二十四條   電子認證服務提供者應當妥善保存與認證相關的信息，信息保存期限至少為電子簽名認證證書失效後五年。

Article 24. Electronic certification service providers shall maintain certification information properly for at least 5 years from the date of expiry of an electronic signature certificate.

第二十五條   國務院信息產業主管部門依照本法制定電子認證服務業的具體管理辦法，對電子認證服務提供者依法實施監督管理。

Article 25 The competent department of information industry of the State Council shall formulate specific measures for the administration of electronic certification service industry in accordance with the present Law, and conduct supervision over electronic certification service providers according to law.

第二十六條   經國務院信息產業主管部門根據有關協議或者對等原則核準後，中華人民共和國境外的電子認證服務提供者在境外簽發的電子簽名認證證書與依照本法設立的電子認證服務提供者簽發的電子簽名認證證書具有同等的法律效力。

Article 26. Upon verification by the information industry department of the State Council on the basis of relevant agreements or reciprocity, electronic signature certificates issued overseas by foreign electronic certification service providers shall have the same legal validity as electronic signature certificates issued by electronic certification service providers established in accordance with the Law.

第四章 法律責任

Chapter 4 Legal Liabilities

第二十七條   電子簽名人知悉電子簽名制作數據已經失密或者可能已經失密未及時告知有關各方、並終止使用電子簽名制作數據，未向電子認證服務提供者提供真實、完整和準確的信息，或者有其他過錯，給電子簽名依賴方、電子認證服務提供者造成損失的，承擔賠償責任。

Article 27 In the event an electronic signatory knows that any data made by electronic signature has given away official secrets or may have given away official secrets but fails to inform the relevant parties concerned in a timely manner and terminate the use of such data, or fails to provide authentic, complete and accurate information to the electronic service provider, or has any other fault resulting in losses to the party depending on electronic signature and the electronic certification service provider, he/she/it shall be liable for compensation.

第二十八條   電子簽名人或者電子簽名依賴方因依據電子認證服務提供者提供的電子簽名認證服務從事民事活動遭受損失，電子認證服務提供者不能證明自己無過錯的，承擔賠償責任。

Article 28. Where an electronic signatory or parties relying on the electronic signature for undertaking civil activities suffered losses from the electronic signature certification service provided by an electronic certification service provider, the electronic certification service provider shall be liable for compensation if it is unable to prove that it is not at fault.

第二十九條   未經許可提供電子認證服務的，由國務院信息產業主管部門責令停止違法行為；有違法所得的，沒收違法所得；違法所得三十萬元以上的，處違法所得一倍以上三倍以下的罰款；沒有違法所得或者違法所得不足三十萬元的，處十萬元以上三十萬元以下的罰款。

Article 29. Provision of electronic certificate service without licence shall be ordered by the information industry department of the State Council to cease the illegal activity and the illegal income shall be confiscated; a fine ranging from one to three times of the amount of illegal income shall be imposed if the amount of illegal income exceeds RMB300,000; a fine ranging from RMB100,000 to RMB300,000 shall be imposed if there is no illegal income or the amount of illegal income does not exceed RMB300,000.

第三十條   電子認證服務提供者暫停或者終止電子認證服務，未在暫停或者終止服務六十日前向國務院信息產業主管部門報告的，由國務院信息產業主管部門對其直接負責的主管人員處一萬元以上五萬元以下的罰款。

Article 30. Electronic certification service providers which suspend or terminate their electronic certification service without informing the information industry department of the State Council at least 60 days prior to the suspension or termination of the service shall have a fine ranging from RMB10,000 to RMB50,000 imposed by the information industry department of the State Council on the person-in-charge.

第三十一條   電子認證服務提供者不遵守認證業務規則、未妥善保存與認證相關的信息，或者有其他違法行為的，由國務院信息產業主管部門責令限期改正；逾期未改正的，吊銷電子認證許可證書，其直接負責的主管人員和其他直接責任人員十年內不得從事電子認證服務。吊銷電子認證許可證書的，應當予以公告並通知工商行政管理部門。

Article 31. Electronic certification service providers which do not comply with the certification service rules or fail to maintain certification information properly or commit other violations shall be ordered by the information industry department of the State Council to make correction within a stipulated time limit; where the correction is not made within the stipulated time limit, the electronic certification permit shall be revoked and the person-in-charge and other accountable personnel shall be prohibited from providing electronic certification service for a 10-year period thereafter. Withdrawal of the electronic certification licence shall be announced and the industrial and commercial administrative department shall be notified.

第三十二條   偽造、冒用、盜用他人的電子簽名，構成犯罪的，依法追究刑事責任；給他人造成損失的，依法承擔民事責任。

Article 32. Persons guilty of forgery and unauthorised use of other's electronic signature which constitutes a criminal offence shall be prosecuted for criminal liability in accordance with the law, and shall bear civil liability for losses suffered by other persons therefrom.

第三十三條   依照本法負責電子認證服務業監督管理工作的部門的工作人員，不依法履行行政許可、監督管理職責的，依法給予行政處分；構成犯罪的，依法追究刑事責任。

Article 33. Personnel of the department in charge of supervision and management of electronic certificate service which do not perform administrative licensing and supervision and management duties in accordance with the law shall be subject to administrative punishment in accordance with the law. Where the case constitutes a criminal offence, criminal liability shall be pursued in accordance with the law.

第五章 附 則

Chapter 5 Supplementary Provisions

第三十四條   本法中下列用語的含義：

Article 34 For purposes of this Law, the definitions of the following terms are:

（一）電子簽名人，是指持有電子簽名制作數據並以本人身份或者以其所代表的人的名義實施電子簽名的人；

1. The "electronic signatory" shall refer to the person who holds data made by electronic signature, and who implements electronic signature in his own identity or on behalf of the person he represents;

（二）電子簽名依賴方，是指基於對電子簽名認證證書或者電子簽名的信賴從事有關活動的人；

(II) "Party Depending on Electronic Signature" shall refer to the person who engages in relevant activities based on his trust in any electronic signature certification certificate or Electronic Signature;

（三）電子簽名認證證書，是指可證實電子簽名人與電子簽名制作數據有聯系的數據電文或者其他電子記錄；

(III) "Electronic Signature Certification Certificate" shall refer to the data message or other electronic records that can prove that any electronic signatory has some connection with the data made by electronic signature;

（四）電子簽名制作數據，是指在電子簽名過程中使用的，將電子簽名與電子簽名人可靠地聯系起來的字符、編碼等數據；

(IV) "Data Made by Electronic Signature" shall refer to data such as the character, coding, etc., used in the course of electronic signature, and to connect the electronic signature with the electronic signatory; and

（五）電子簽名驗證數據，是指用於驗證電子簽名的數據，包括代碼、口令、算法或者公鑰等。

(V) "Electronic Signature Validation Data" shall refer to the data used for validating Electronic Signature, including codes, passwords, arithmetic or public keys, etc.

第三十五條   國務院或者國務院規定的部門可以依據本法制定政務活動和其他社會活動中使用電子簽名、數據電文的具體辦法。

Article 35 The State Council and other departments stipulated by the State Council may formulate specific measures on use of electronic signature and data telex in government activities and other social activities pursuant to this Law.

第三十六條   本法自2005年4月1日起施行。

Article 36. This Law shall be effective 1 April 2005.