| Order of the State Council of the People's Republic of China | | 中华人民共和国国务院令 |
| (No. 760) | | (第760号) |
| The Regulation on the Administration of Commercial Cryptography, as revised and adopted at the 4th executive meeting of the State Council on April 4, 2023, is hereby issued and shall come into force on July 1, 2023. | | 《商用密码管理条例》已经2023年4月14日国务院第4次常务会议修订通过,现予公布,自2023年7月1日起施行。 |
| Premier: Li Qiang | | 总理 李强 |
| April 27, 2023 | | 2023年4月27日 |
| Regulation on the Administration of Commercial Cryptography | | 商用密码管理条例 |
| (Issued by Order No. 273 of the State Council of the People's Republic of China on October 7, 1999 and revised by Order No. 760 of the State Council of the People's Republic of China on April 27, 2023) | | (1999年10月7日中华人民共和国国务院令第273号发布 2023年4月27日中华人民共和国国务院令第760号修订) |
| Chapter I General Provisions | | 第一章 总 则 |
| Article 1 This Regulation is developed in accordance with the Cryptography Law of the People's Republic of China and other laws for the purposes of standardizing the application and administration of commercial cryptography, encouraging and promoting the development of the commercial cryptography industry, ensuring cybersecurity and information security, safeguarding national security and social and public interests, and protecting the legitimate rights and interests of citizens, legal persons and other organizations. | | 第一条 为了规范商用密码应用和管理,鼓励和促进商用密码产业发展,保障网络与信息安全,维护国家安全和社会公共利益,保护公民、法人和其他组织的合法权益,根据《中华人民共和国密码法》等法律,制定本条例。 |
| Article 2 This Regulation shall apply to the scientific research, production, sale, service, testing, certification, import and export, application and other activities in respect of commercial cryptography within the territory of the People's Republic of China. | | 第二条 在中华人民共和国境内的商用密码科研、生产、销售、服务、检测、认证、进出口、应用等活动及监督管理,适用本条例。 |
| For the purposes of this Regulation, “commercial cryptography” refers to the technologies, products and services that conduct encryption-based protection and safety certification of the information that is not state secret by means of specific transformation. | | 本条例所称商用密码,是指采用特定变换的方法对不属于国家秘密的信息等进行加密保护、安全认证的技术、产品和服务。 |
| Article 3 The leadership of the Communist Party of China over the work of commercial cryptography shall be insisted on and the overall national security concept shall be implemented. The state cryptography administrative department shall be responsible for the administration of commercial cryptography across the country. The local cryptography administrative departments at or above the county level shall be responsible for the administration of commercial cryptography in their respective administrative regions. | | 第三条 坚持中国共产党对商用密码工作的领导,贯彻落实总体国家安全观。国家密码管理部门负责管理全国的商用密码工作。县级以上地方各级密码管理部门负责管理本行政区域的商用密码工作。 |
| Cyberspace, commerce, customs, market regulation, and other relevant departments shall be responsible for the administration of commercial cryptography within the scope of their respective duties. | | 网信、商务、海关、市场监督管理等有关部门在各自职责范围内负责商用密码有关管理工作。 |
| Article 4 The state shall strengthen the training of commercial cryptography talents, establish and improve the development system and mechanism and the talent evaluation system for commercial cryptography talents, encourage and support the construction of disciplines and specialties related to cryptography, standardize the social training on commercial cryptography, and promote the exchange of commercial cryptography talents. | | 第四条 国家加强商用密码人才培养,建立健全商用密码人才发展体制机制和人才评价制度,鼓励和支持密码相关学科和专业建设,规范商用密码社会化培训,促进商用密码人才交流。 |
| Article 5 The people's governments at all levels and their relevant departments shall strengthen the publicity and education of commercial cryptography in various forms to enhance the cryptography security awareness of citizens, legal persons and other organizations. | | 第五条 各级人民政府及其有关部门应当采取多种形式加强商用密码宣传教育,增强公民、法人和其他组织的密码安全意识。 |
| Article 6 Societies, trade associations and other social organizations in the field of commercial cryptography shall, in accordance with the provisions of laws, administrative regulations and their bylaws, carry out academic exchanges, policy research, public services and other activities to strengthen academic and industrial self-regulation, promote credibility building, and promote the sound development of the industry. | | 第六条 商用密码领域的学会、行业协会等社会组织依照法律、行政法规及其章程的规定,开展学术交流、政策研究、公共服务等活动,加强学术和行业自律,推动诚信建设,促进行业健康发展。 |
| The cryptography administrative departments shall strengthen guidance and support for social organizations in the field of commercial cryptography. | | 密码管理部门应当加强对商用密码领域社会组织的指导和支持。 |
| Chapter II Scientific and Technological Innovation and Standardization | | 第二章 科技创新与标准化 |
| Article 7 The state shall establish and improve the mechanism for promoting scientific and technological innovation in commercial cryptography, support independent innovation in science and technology on commercial cryptography, and commend and reward organizations and individuals that have made outstanding contributions in accordance with the relevant rules of the state. | | 第七条 国家建立健全商用密码科学技术创新促进机制,支持商用密码科学技术自主创新,对作出突出贡献的组织和个人按照国家有关规定予以表彰和奖励。 |
| The state shall protect intellectual property rights in the field of commercial cryptography in accordance with the law. Those who carry out commercial cryptography activities shall enhance their awareness of intellectual property rights and their ability to use, protect and manage intellectual property rights. | | 国家依法保护商用密码领域的知识产权。从事商用密码活动,应当增强知识产权意识,提高运用、保护和管理知识产权的能力。 |
| The state shall encourage cooperation on commercial cryptography technology in the process of foreign investment based on voluntary principles and commercial rules. Administrative organs and their staff members shall not use administrative means to force the transfer of commercial cryptography technology. | | 国家鼓励在外商投资过程中基于自愿原则和商业规则开展商用密码技术合作。行政机关及其工作人员不得利用行政手段强制转让商用密码技术。 |
| Article 8 The state shall encourage and support the transformation and industrial application of scientific and technological achievements in commercial cryptography, and establish and improve the feedback mechanism for the exchange, release and application of information on scientific and technological achievements in commercial cryptography. | | 第八条 国家鼓励和支持商用密码科学技术成果转化和产业化应用,建立和完善商用密码科学技术成果信息汇交、发布和应用情况反馈机制。 |
| Article 9 The state cryptography administrative department shall organize the examination and authentication of the cryptographic algorithms, cryptographic protocols, key management mechanisms and other commercial cryptography technologies used in networks and information systems that need to be protected by commercial cryptography as required by laws, administrative regulations and relevant regulations of the state. | | 第九条 国家密码管理部门组织对法律、行政法规和国家有关规定要求使用商用密码进行保护的网络与信息系统所使用的密码算法、密码协议、密钥管理机制等商用密码技术进行审查鉴定。 |
| Article 10 The standardization authority of the State Council and the state cryptography administrative department shall, according to their respective functions, organize the development of national and industrial standards for commercial cryptography, and regulate, guide and supervise the development of group standards for commercial cryptography. The state cryptography administrative departments shall, in accordance with their duties, establish an information feedback and evaluation mechanism for the implementation of the standards for commercial cryptography, and supervise and inspect the implementation of the standards for commercial cryptography. | | 第十条 国务院标准化行政主管部门和国家密码管理部门依据各自职责,组织制定商用密码国家标准、行业标准,对商用密码团体标准的制定进行规范、引导和监督。国家密码管理部门依据职责,建立商用密码标准实施信息反馈和评估机制,对商用密码标准实施进行监督检查。 |
| The state shall promote participation in the international standardization activities of commercial cryptography, participate in the development of international standards for commercial cryptography, promote the conversion and application between Chinese and foreign standards for commercial cryptography, and encourage enterprises, social organizations, educational and scientific research institutions to participate in the international standardization activities of commercial cryptography. | | 国家推动参与商用密码国际标准化活动,参与制定商用密码国际标准,推进商用密码中国标准与国外标准之间的转化运用,鼓励企业、社会团体和教育、科研机构等参与商用密码国际标准化活动。 |
| If the standards in other fields involve commercial cryptography, they shall be coordinated with the national and industrial standards for commercial cryptography. | | 其他领域的标准涉及商用密码的,应当与商用密码国家标准、行业标准保持协调。 |
| Article 11 Commercial cryptography activities shall comply with relevant laws, administrative regulations, compulsory national standards for commercial cryptography, and the technical requirements for the standards for self-declaration disclosure. | | 第十一条 从事商用密码活动,应当符合有关法律、行政法规、商用密码强制性国家标准,以及自我声明公开标准的技术要求。 |
| The state shall encourage the use of recommended national and industrial standards for commercial cryptography in commercial cryptography activities, to improve the protection ability of commercial cryptography and safeguard the legitimate rights and interests of users. | | 国家鼓励在商用密码活动中采用商用密码推荐性国家标准、行业标准,提升商用密码的防护能力,维护用户的合法权益。 |
| Chapter III Testing and Authentication | | 第三章 检测认证 |
| Article 12 The state shall promote the construction of the commercial cryptography testing and authentication system and encourage voluntary acceptance of commercial cryptography testing and authentication in commercial cryptography activities. | | 第十二条 国家推进商用密码检测认证体系建设,鼓励在商用密码活动中自愿接受商用密码检测认证。 |
| Article 13 Institutions carrying out commercial cryptography testing activities such as testing of commercial cryptography products and security assessment of application of commercial cryptography in the network and information system, and providing data and results with the function of proof for the public shall be accreditated by the state cryptography administrative department and obtain the qualification of a commercial cryptography testing institution in accordance with the law. | | 第十三条 从事商用密码产品检测、网络与信息系统商用密码应用安全性评估等商用密码检测活动,向社会出具具有证明作用的数据、结果的机构,应当经国家密码管理部门认定,依法取得商用密码检测机构资质。 |
| Article 14 To obtain the qualification of a commercial cryptography testing institution, an institution shall meet the following conditions: | | 第十四条 取得商用密码检测机构资质,应当符合下列条件: |
| (1) It has legal person qualification. | | (一)具有法人资格; |
| (2) It has the funds, premises, equipment and facilities, professional personnel and professional capabilities suitable for commercial cryptography testing activities. | | (二)具有与从事商用密码检测活动相适应的资金、场所、设备设施、专业人员和专业能力; |
| (3) It has a management system to ensure the effective operation of commercial cryptography testing activities. | | (三)具有保证商用密码检测活动有效运行的管理体系。 |
| Article 15 To apply for the qualification of a commercial cryptography testing institution, a written application shall be filed with the state cryptography administrative department and materials that meet the conditions as stipulated in Article 14 of this Regulation shall be submitted. | | 第十五条 申请商用密码检测机构资质,应当向国家密码管理部门提出书面申请,并提交符合本条例第十四条规定条件的材料。 |
| The state cryptography administrative department shall, within 20 working days from the date of accepting an application, examine the application and make a decision on whether to grant the accreditation in accordance with the law. | | 国家密码管理部门应当自受理申请之日起20个工作日内,对申请进行审查,并依法作出是否准予认定的决定。 |
| If it is necessary to conduct technical review of an applicant, the time required for the technical review shall not be counted within the time limit as prescribed in this article. The state cryptography administrative department shall notify the applicant of the required time in writing. | | 需要对申请人进行技术评审的,技术评审所需时间不计算在本条规定的期限内。国家密码管理部门应当将所需时间书面告知申请人。 |
| Article 16 Commercial cryptography testing institutions shall, in accordance with laws, administrative regulations and technical specifications and rules for commercial cryptography testing, independently, impartially, scientifically and faithfully carry out commercial cryptography testing within the approved scope, be responsible for the testing data and results issued, and submit the information on testing implementation to the state cryptography administrative department on a regular basis. | | 第十六条 商用密码检测机构应当按照法律、行政法规和商用密码检测技术规范、规则,在批准范围内独立、公正、科学、诚信地开展商用密码检测,对出具的检测数据、结果负责,并定期向国家密码管理部门报送检测实施情况。 |
| The technical specifications and rules for commercial cryptography testing shall be developed and issued by the state cryptography administrative department. | | 商用密码检测技术规范、规则由国家密码管理部门制定并公布。 |
| Article 17 The market regulation department of the State Council shall, in conjunction with the state cryptography administrative department, establish a unified national commercial cryptography authentication system, implement the authentication of commercial cryptography products, services and management systems, and develop and issue the authentication catalogue, technical specifications and rules. | | 第十七条 国务院市场监督管理部门会同国家密码管理部门建立国家统一推行的商用密码认证制度,实行商用密码产品、服务、管理体系认证,制定并公布认证目录和技术规范、规则。 |
| Article 18 Institutions carrying out commercial cryptography authentication activities shall obtain the qualifications of commercial cryptography authentication institutions in accordance with the law. | | 第十八条 从事商用密码认证活动的机构,应当依法取得商用密码认证机构资质。 |
| To apply for the qualification of a commercial cryptography authentication institution, a written application shall be filed with the market regulation department of the State Council. Besides meeting the basic conditions of authentication institutions as required by laws, administrative regulations and relevant rules of the state, an applicant shall also have the technical capabilities of detection and inspection suitable for the commercial cryptography authentication activities. | | 申请商用密码认证机构资质,应当向国务院市场监督管理部门提出书面申请。申请人除应当符合法律、行政法规和国家有关规定要求的认证机构基本条件外,还应当具有与从事商用密码认证活动相适应的检测、检查等技术能力。 |
| The market regulation department of the State Council shall, when examining the application for the qualification of a commercial cryptography authentication institution, request opinions of the state cryptography administrative department. | | 国务院市场监督管理部门在审查商用密码认证机构资质申请时,应当征求国家密码管理部门的意见。 |
| Article 19 Commercial cryptography authentication institutions shall independently, impartially, scientifically and faithfully carry out commercial cryptography authentication within the approved scope in accordance with laws, administrative regulations and technical specifications and rules for commercial cryptography authentication, and be responsible for the authentication conclusions issued. | | 第十九条 商用密码认证机构应当按照法律、行政法规和商用密码认证技术规范、规则,在批准范围内独立、公正、科学、诚信地开展商用密码认证,对出具的认证结论负责。 |
| A commercial cryptography authentication institution shall carry out an effective follow-up investigation into the commercial cryptography products, services and management systems authenticated by it, to ensure that the authenticated commercial cryptography products, services and management systems continue to satisfy the authentication requirements. | | 商用密码认证机构应当对其认证的商用密码产品、服务、管理体系实施有效的跟踪调查,以保证通过认证的商用密码产品、服务、管理体系持续符合认证要求。 |
| Article 20 Commercial cryptography products that concern national security, national economy and people's livelihood, and social and public interests shall be listed in the catalogue of key network equipment and special products for cybersecurity in accordance with the law, and may be sold or provided only after being tested and authenticated by qualified commercial cryptography testing and certification institutions. | | 第二十条 涉及国家安全、国计民生、社会公共利益的商用密码产品,应当依法列入网络关键设备和网络安全专用产品目录,由具备资格的商用密码检测、认证机构检测认证合格后,方可销售或者提供。 |
| Article 21 Commercial cryptography services that use key network equipment and special products for cybersecurity shall pass the authentication of a commercial cryptography authentication institution. | | 第二十一条 商用密码服务使用网络关键设备和网络安全专用产品的,应当经商用密码认证机构对该商用密码服务认证合格。 |
| Chapter IV Electronic Authentication | | 第四章 电子认证 |
| Article 22 Where commercial cryptography technology is used to provide electronic authentication services, the service provider shall have premises, facilities, professionals, professional capabilities and management systems suitable for the use of cryptography, and obtain the certification documents on the approval of the use of the cryptography issued by the state cryptography administrative department in accordance with the law. | | 第二十二条 采用商用密码技术提供电子认证服务,应当具有与使用密码相适应的场所、设备设施、专业人员、专业能力和管理体系,依法取得国家密码管理部门同意使用密码的证明文件。 |
| Article 23 An electronic authentication service institution shall, in accordance with laws, administrative regulations and technical standards and rules for the use of cryptography for electronic authentication services, use cryptography to provide electronic authentication services and ensure that its use of cryptography in electronic authentication services continue to satisfy the requirements. | | 第二十三条 电子认证服务机构应当按照法律、行政法规和电子认证服务密码使用技术规范、规则,使用密码提供电子认证服务,保证其电子认证服务密码使用持续符合要求。 |
| The technical specifications and rules for the use of cryptography in electronic authentication services shall be developed and issued by the state cryptography administrative department. | | 电子认证服务密码使用技术规范、规则由国家密码管理部门制定并公布。 |
Article 24 Institutions that use commercial cryptography technology to provide e-government electronic authentication services shall be accrediated by the state cryptography administrative department and obtain the qualification of e-government electronic authentication service institutions in accordance with the law.
...... | | 第二十四条 采用商用密码技术从事电子政务电子认证服务的机构,应当经国家密码管理部门认定,依法取得电子政务电子认证服务机构资质。
...... |
|
Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.
1. To become a premium member, please call 400-810-8266 Ext. 171.
2. Binding to the account with access to this database.
3. Apply for a trial account.
4. To get instant access to a document, you can Pay Amount 【¥1000.00】 for your single purchase. | |
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
|
| | | |
| | | |