《【中英文对照版】商用密码管理条例(2023修订).docx》由会员分享,可在线阅读,更多相关《【中英文对照版】商用密码管理条例(2023修订).docx(28页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、商用密码管理条例(2023修订)Regulation on the Administration of CommercialCryptography(2023 Revision)制定机关:国务院发文字号:中华人民共和国国务院令第760号公布日期:施行日期:效力位阶:行政法规法规类别:保密Issuing Authority :State CouncilDocument Number : Order No. 760 of the State Council of the Peoples Republic of ChinaDate Issued : 04-27-2023Effective Date
2、: 07-01-2023Level of Authority : Administrative RegulationsArea of Law : ConfidentialityOrder of the State Council of the Peoples Republic of China中华人民共和国国务院令(No. 760)(第760号)The Regulation on the Administration of Commercial Cryptography, as revised and adopted at the 4th executive meeting of the St
3、ate Council on April 4, 2023, is hereby issued and shall come into force on July 1,2023.商用密码管理条例已经 2023年4月14日国务院第4次 常务会议修订通过,现予公 布,自2023年7月1日起施 行。Premier: Li Qiang总理李强第四章电子认证第二十二条采用商用密 码技术提供电子认证服务,应 当具有与使用密码相适应的场 所、设备设施、专业人员、专 业能力和管理体系,依法取得 国家密码管理部门同意使用密 码的证明文件。第二十三条电子认证服 务机构应当按照法律、行政法 规和电子认证服务密码使用技
4、 术规范、规则,使用密码提供 电子认证服务,保证其电子认 证服务密码使用持续符合要 求。电子认证服务密码使用技术规 范、规则由国家密码管理部门 制定并公布。第二十四条采用商用密 码技术从事电子政务电子认证 服务的机构,应当经国家密码 管理部门认定,依法取得电子 政务电子认证服务机构资质。第二十五条取得电子政 务电子认证服务机构资质,应 当符合下列条件:Chapter IV Electronic AuthenticationArticle 22 Where commercial cryptographic technology is used to provide electronic auth
5、entication services, the service provider shall have premises, facilities, professionals, professional capabilities and management systems suitable for the use of cryptography, and obtain the certification documents on the approval of the use of the cryptography issued by the state cryptographic adm
6、inistrative department according to the law.Article 23 An electronic authentication service institution shall, in accordance with laws, administrative regulations and technical standards and rules for the use of cryptography for electronic authentication services, use cryptography to provide electro
7、nic authentication services and ensure that its use of cryptography in electronic authentication services continue to satisfy the requirements.The technical specifications and rules for the use of cryptography in electronic authentication services shall be developed and issued by the state cryptogra
8、phic administrative department.Article 24 Institutions that use commercial cryptographic technology to provide e-govemment electronic authentication services shall be identified by the state cryptographic administrative department and obtain the qualifications of e-government electronic authenticati
9、on service institutions according to the law.Article 25 To obtain the qualifications of e- govemment electronic authentication service institutions, the following conditions shall be met:(1) It has the legal person qualification of an enterprise legal person or a public institution.(2) It has the fu
10、nds, premises, equipment, facilities and professional personnel appropriate to the activities of e-government electronic authentication services and the use of cryptography.(3) It has the ability to provide long-term e- govemment electronic authentication services for government affairs activities.(
11、4) It has a management system to ensure the safe operation of e-government electronic authentication service activities and the use of cryptography.Article 26 To apply for the qualification of an e- govemment electronic authentication service institution, an applicant shall file a written applicatio
12、n with the state cryptographic administrative department and submit materials that meet the conditions as stipulated in Article 25 of this Regulation.The state cryptographic administrative department shall, within 20 working days from the date of accepting an application, examine the application and
13、 make a decision on whether to grant the identification according to the law.(一)具有企业法人或者事业 单位法人资格;(二)具有与从事电子政务电 子认证服务活动及其使用密码 相适应的资金、场所、设备设 施和专业人员;(三)具有为政务活动提供长 期电子政务电子认证服务的能 力;(四)具有保证电子政务电子 认证服务活动及其使用密码安 全运行的管理体系。第二十六条申请电子政 务电子认证服务机构资质,应 当向国家密码管理部门提出书 面申请,并提交符合本条例第 二十五条规定条件的材料。国家密码管理部门应当自受理 申请之日起20
14、个工作日内,对 申请进行审查,并依法作出是 否准予认定的决定。需要对申请人进行技术评审 的,技术评审所需时间不计算 在本条规定的期限内。国家密 码管理部门应当将所需时间书 面告知申请人。If it is necessary to conduct technical review of an applicant, the time required for the technical review shall not be counted within the time limit as prescribed in this article. The state cryptographic ad
15、ministrative department shall notify the applicant of the required time in writing.第二十七条外商投资电 子政务电子认证服务,影响或 者可能影响国家安全的,应当 依法进行外商投资安全审查。第二十八条电子政务电 子认证服务机构应当按照法 律、行政法规和电子政务电子 认证服务技术规范、规则,在 批准范围内提供电子政务电子 认证服务,并定期向主要办事 机构所在地省、自治区、直辖 市密码管理部门报送服务实施 情况。电子政务电子认证服务技术规 范、规则由国家密码管理部门 制定并公布。第二十九条国家建立统 一的电子认证信任机
16、制。国家 密码管理部门负责电子认证信 任源的规划和管理,会同有关 部门推动电子认证服务互信互 认。第三十条密码管理部门 会同有关部门负责政务活动中 使用电子签名、数据电文的管 理。政务活动中电子签名、电子印Article 27 Where foreign-invested e-government electronic authentication services affect or may affect national security, security of foreign investment shall be examined according to the law.Artic
17、le 28 An e-government electronic authentication service institution shall, in accordance with the laws, administrative regulations, and technical specifications and rules for e-government electronic authentication services, provide e-government electronic authentication services within the approved
18、scope, and report the service implementation information to the cryptographic administrative departments of the provinces, autonomous regions or municipalities directly under the Central Government where the main offices are located on a regular basis.The technical specifications and rules for e- go
19、vemment electronic authentication services shall be developed and issued by the state cryptographic administrative department.Article 29 The state shall establish a unified trust mechanism for electronic authentication. The state cryptographic administrative department shall be responsible for the p
20、lanning and management of electronic authentication trust sources, and promote mutual trust and recognition of electronic authentication services in conjunction with the relevant departments.Article 30 The cryptographic administrative departments shall, in conjunction with relevant departments, be r
21、esponsible for the administration of electronic signatures and data messages used in government affairs activities.The electronic authentication services involving electronic signatures, electronic seals, electroniclicenses and certificates, etc. in government affairs activities shall be provided by
22、 the e-government electronic authentication service institutions formed according to the law.Chapter V Import and ExportArticle 31 Commercial cryptography that involves national security, social and public interests and has the function of encryption based protection shall be included in the list of
23、 commercial cryptography subject to import license and and be subject to import license. Commercial cryptography that involves national security, social and public interests, or in which China undertakes international obligations shall be included in the list of commercial cryptography subject to ex
24、port control and be subject to export control.The list of commercial cryptography subject to import license and list of commercial cryptography subject to export control shall be developed and announced by the competent commerce department of the State Council in conjunction with the state cryptogra
25、phic administrative department and the General Administration of Customs.Commercial cryptography used in mass consumer products are not subject to the import license or export control systems.章、电子证照等涉及的电子认 证服务,应当由依法设立的电 子政务电子认证服务机构提 供。第五章进出口第三十一条涉及国家安 全、社会公共利益且具有加密 保护功能的商用密码,列入商 用密码进口许可清单,实施进 口许可。涉及
26、国家安全、社会 公共利益或者中国承担国际义 务的商用密码,列入商用密码 出口管制清单,实施出口管 制。商用密码进口许可清单和商用 密码出口管制清单由国务院商 务主管部门会同国家密码管理 部门和海关总署制定并公布。大众消费类产品所采用的商用 密码不实行进口许可和出口管 制制度。第三十二条 进口商用密 码进口许可清单中的商用密码 或者出口商用密码出口管制清 单中的商用密码,应当向国务 院商务主管部门申请领取进出 口许可证。Article 32 To import the commercial cryptography in the list of commercial cryptography s
27、ubject to import license or export the commercial cryptography in the list of commercial cryptography subject to export control, an application shall be filed with the competent commerce department of the State Council for obtaining an import or export license.The provisions of the preceding paragra
28、ph shall apply to the transit, transshipment, through transportation and re-export of commercial cryptography between overseas and comprehensive bonded areas and other areas under special customs supervision, or between overseas and export supervised warehouses, bonded logistics centers and other bo
29、nded supervision places.Article 33 When importing the commercial cryptography in the list of commercial cryptography subject to import license or exporting the commercial cryptography in the list of commercial cryptography subject to export control, the import or export license shall be submitted to
30、 the customs for verification, and the declaration formalities shall be undergone according to the relevant rules of the state.Where an import or export operator fails to submit an import or export license to the customs for verification, and the customs has evidence that the imported or exported pr
31、oducts may fall under the scope of the list of commercial cryptography subject to import license or the list of commercial cryptography subject to export control, a question shall be put forward to the import or export operator; and the customs may propose to the competent commerce department of the
32、 State Council for organizing identification and handle the matter according to the identification conclusion made jointly by the competent commerce department of the State Council and the state cryptographic administrative department. During the period of identification or questioning, the customs
33、shall not release imported or exported products.商用密码的过境、转运、通 运、再出口,在境外与综合保 税区等海关特殊监管区域之间 进出,或者在境外与出口监管 仓库、保税物流中心等保税监 管场所之间进出的,适用前款 规定。第三十三条进口商用密 码进口许可清单中的商用密码 或者出口商用密码出口管制清 单中的商用密码时,应当向海 关交验进出口许可证,并按照 国家有关规定办理报关手续。进出口经营者未向海关交验进 出口许可证,海关有证据表明 进出口产品可能属于商用密码 进口许可清单或者出口管制清 单范围的,应当向进出口经营 者提出质疑;海关可以向国务 院商
34、务主管部门提出组织鉴 别,并根据国务院商务主管部 门会同国家密码管理部门作出 的鉴别结论依法处置。在鉴别 或者质疑期间,海关对进出口 产品不予放行。第三十四条申请商用密 码进出口许可,应当向国务院 商务主管部门提出书面申请,Article 34 To apply for an import or export license for commercial cryptography, a written application shall be filed with the competent commerce department ofthe State Council and the fol
35、lowing materials shall be 并提交下列材料: submitted:(1) The Identifications of the applicants legal representative, main business manager and handling personnel.(一)申请人的法定代表人、 主要经营管理人以及经办人的 身份证明;(2) The photocopy of the contract or agreement.(二)合同或者协议的副本;(3) The technical instructions for commercial cryptog
36、raphy.(三)商用密码的技术说明;(4) The certificates of ultimate-users and end uses.(四)最终用户和最终用途证 明;(五)国务院商务主管部门规 定提交的其他文件。国务院商务主管部门应当自受 理申请之日起45个工作日内, 会同国家密码管理部门对申请 进行审查,并依法作出是否准 予许可的决定。对国家安全、社会公共利益或 者外交政策有重大影响的商用 密码出口,由国务院商务主管 部门会同国家密码管理部门等 有关部门报国务院批准。报国 务院批准的,不受前款规定时 限的限制。(5) Other documents to be submitted a
37、s prescribed by the competent commerce department of the State Council.The competent commerce department of the State Council shall, within 45 working days from the date of receiving an application, examine the application in conjunction with the state cryptographic administrative department and mak
38、e a decision on whether to grant a license or not according to the law.The export of commercial cryptography with major impact on national security, social and public interests or foreign policies shall be reported to the State Council for approval by the competent commerce department of the State C
39、ouncil in conjunction with the state cryptographic administrative department and other relevant departments. Where the application is submitted to the State Council for approval, the time limit as prescribed in the preceding paragraph shall not apply.第六章应用促进Chapter VI Application Promotion第三十五条 国家鼓励
40、公 民、法人和其他组织依法使用 商用密码保护网络与信息安 全,鼓励使用经检测认证合格 的商用密码。Article 35 The state shall encourage citizens, legal persons and other organizations to use commercial cryptography to protect cybersecurity and information security according to the law, and encourage the use of commercial cryptography that have pass
41、ed testing and authentication.任何组织或者个人不得窃取他 人加密保护的信息或者非法侵 入他人的商用密码保障系统, 不得利用商用密码从事危害国 家安全、社会公共利益、他人 合法权益等违法犯罪活动。No organization or individual may steal others* encrypted information or illegally intrude into others commercial cryptography protection system, or use commercial cryptography to carry ou
42、t illegal or criminal activities that endanger national security, social and public interests, or lawful rights and interests of others.第三十六条 国家支持网 络产品和服务使用商用密码提 升安全性,支持并规范商用密 码在信息领域新技术、新业 态、新模式中的应用。Article 36 The state shall support the use of commercial cryptography in network products and service
43、s to improve the security, and support and standardize the application of commercial cryptography in new technologies, new business types and new models in the information field.第三十七条国家建立商Article 37 The state shall establish a mechanism for用密码应用促进协调机制,加 强对商用密码应用的统筹指 导。国家机关和涉及商用密码 工作的单位在其职责范围内负 责本机关、
44、本单位或者本系统 的商用密码应用和安全保障工 作。promoting and coordinating the application of commercial cryptography and strengthen overall guidance for the application of commercial cryptography. State organs and entities involved in the work of commercial cryptography shall, within the scope of their functions, be resp
45、onsible for the application and security guarantee of commercial cryptography within their organs, entities or systems.密码管理部门会同有关部门加 强商用密码应用信息收集、风 险评估、信息通报和重大事项 会商,并加强与网络安全监测The cryptographic administrative department shall, in conjunction with the relevant departments, strengthen information collec
46、tion, risk assessment, information notification and joint consultation on important matters concerning application of commercialcryptography, and strengthen connection with 预警和信息通报的衔接。 cybersecurity monitoring and warning and informationnotification.第三十八条法律、行政 法规和国家有关规定要求使用 商用密码进行保护的关键信息 基础设施,其运营者应当
47、使用 商用密码进行保护,制定商用 密码应用方案,配备必要的资 金和专业人员,同步规划、同 步建设、同步运行商用密码保 障系统,自行或者委托商用密 码检测机构开展商用密码应用 安全性评估。Article 38 Operators of critical information infrastructure which is required to be protected by commercial cryptography as required by laws, administrative regulations and relevant rules of the state shall
48、use commercial cryptography for protection, develop commercial cryptography application schemes, allocate necessary funds and professional personnel, and concurrently plan, construct and operate commercial cryptography protection systems. The security of commercial cryptography application shall be
49、assessed by itself or commercial cryptography testing institutions on a commission basis.The critical information infrastructure listed in the前款所列关键信息基础设施通 过商用密码应用安全性评估方 可投入运行,运行后每年至少 进行一次评估,评估情况按照 国家有关规定报送国家密码管 理部门或者关键信息基础设施 所在地省、自治区、直辖市密 码管理部门备案。preceding paragraph may be put into operation only after it has passed the security assessment of commercial cr