Regulations on the Commercial Passwords have been issued for enforcement by State Council since Oct.7, 1999, strengthening the administration of the commercial passwords, safeguarding the information security and the lawful rights and interest of the citizens and organizations and maintaining the security and interest of the state.
Regulations on the Commercial Passwords
Chapter 1 General Principles
Article 1
In order to strengthen the administration of the commercial passwords, safeguard the information security and the lawful rights and interests of the citizens and organizations and maintain the security and interest of the state, these Regulations are hereby issued.
Article 2
The commercial passwords referred to herein shall mean the password techniques and products used in the encryption protection and security certification to the information does not involve the state secrets.
Article 3
The commercial password techniques shall belong to the state secrets. The scientific research, production, selling and use of the commercial password products shall be under the special control and administration of the state.
Article 4
The State Password Administration Committee and its offices (hereinafter referred to as the State Password Administration Institution) shall be in charge of the administration of the commercial passwords nationwide. The institutions in charge of the administration of the commercial passwords in the provinces, autonomous regions and municipalities shall, in accordance with the entrustment of the State Password Administration Institution, be responsible for the relevant administration of the commercial passwords.
Chapter 2 The Administration of the Scientific Research and Production
Article 5
The scientific research of the commercial passwords shall be undertaken by the units designated by the State Password Administration Institution. The designated scientific research units of the commercial passwords shall have the corresponding techniques and equipments and be able to adopt advanced theories and techniques of coding and the arithmetic of the commercial passwords programmed shall have high secrecy intensity and ability against the attack.
Article 6
The scientific research results of the commercial passwords shall, in accordance with the standards and criterion of the commercial password techniques, be examined and appraised by the specialists organized by the State Password Administration Institution.
Article 7
The commercial password products shall be produced by the units designated by the State Password Administration Institution. Any corporation or individual without the designation shall not produce the commercial password products. The designated production units of the commercial password products shall have the techniques competent for the production of the commercial products and the equipments, produce arts and crafts and the quality guarantee system insuring the quality of the commercial password products.
Article 8
The varieties and types of the commercial password products produced by the designated production units shall be approved by the State Password Administration Institution and the designated production units of the commercial password products shall not produce the commercial password products exceeding the production scope approved.
Article 9
Commercial password products must be qualified by the product quality inspection institutions designated by the State Password Administration Institution.
Chapter 3 The Administration of Sales
Article 10
The commercial password products shall be sold by the units licensed by the State Password Administration Institution. Any corporation or individual without the license shall not sell the commercial password products.
Article 11
To sell the commercial password products, the units shall apply to the State Password Administration Institution with the following conditions: (1) Having the personnel who know the knowledge of the commercial password products and bear the after services; (2) Having the consummate selling services and security administration rules and regulations; and (3) Having the independent corporate capacity. The units examined to be qualified shall be issued with a Selling License of the Commercial Password products by the State Password Administration Institution.
Article 12
To sell the commercial password products, the units shall accurately register the title (or name), address or (residence) and the code of the organization (or the Identity Card number of the citizen) of the consumer directly using the commercial password products and the purpose of every commercial password product. In addition, the registration shall be submitted to the State Password Administration Institution for records.
Article 13
To import the password products and the equipments containing the password techniques or to export the commercial password products shall be submitted to the State Password Administration Institution for approval. Any corporation or individual shall not sell the password products produced overseas.
Chapter 4 The Administration of Use
Article 14
Any corporation or individual can only use the commercial password products approved by the State Password Administration Institution and shall not use the password products produced by itself or oneself or produced beyond the borders.
Article 15
The corporation or individual beyond the borders using the password products or the equipments containing the password techniques within the boundaries of the People's Republic of China shall be approved by the State Password Administration Institution; however, the foreign representative diplomatic institutions and the consular institutions stationed in the People's Republic of China shall be excluded.
Article 16
The consumer of the commercial password products shall not transfer the commercial password products he/it is using. The malfunction of the commercial password products shall be repaired by the units designated by the State Password Administration Institution. To disuse or destroy the commercial password products shall be submitted to the State Password Administration Institution for records.
Chapter 5 The Administration of the Security and Secrecy
Article 17
The scientific research and production of the commercial password products shall be conducted under the circumstances competent for the demands of security and secrecy. Relevant security measures shall be taken to sell, transport and store the commercial password products. The corporation or personnel involved in the scientific research and production of the commercial password products and using the commercial password products shall bear the responsibility of keeping secret to the techniques of the commercial password products touched or mastered.
Article 18
To propagandize or openly exhibit the commercial password products shall be submitted to the State Password Administration Institution for approval.
Article 19
Any corporation or individual shall not illegally attack the commercial passwords, impair the security and interests of the state or the public security of the society or conduct any other activities of violating the law or committing a crime with the commercial passwords.
Chapter 6 Penalty Provisions
Article 20
Anyone who commits any of the following acts shall be confiscated of his password products and the illegal gains, if any, by the State Password Administration Institution jointly with the administrative departments of industry and commerce and the customs according to the different situation; if the circumstances are serious, he shall be concurrently fined not less than 1 time, but not more than 3 times the amount of the illegal gains: (1) To produce the commercial password products without any designation, or the designated units produce the commercial password products exceeding the scope approved; (2) To sell the commercial password products without any licenses; and (3) To import the password products and the equipments containing the password techniques, to export the commercial password products or to sell the password products produced overseas without permit. The units licensed to sell the commercial password products not selling the commercial password products according to the relevant provisions shall be given a warning and be ordered to revise by the State Password Administration Institution jointly with the administration department of industry and commerce.
Article 21
Any one commits any of the following acts shall be given a warn and be ordered to make corrections immediately by the State Password Administration Institution jointly with the public security organ and the state security organ: (1) To violate the provisions of security and secrecy in the course of the scientific research and production of the commercial password products; (2) To sell, transport and store the commercial password products without corresponding security measures; (3) To propagandize or openly exhibit the commercial password products without any approval; and (4) To presumptuously transfer the commercial password products or not to repair the commercial password products in the units designated by the State Password Administration Institution. The password products produced by itself or oneself or produced overseas, the commercial password products transferred or the commercial password products not being repaired in the units designated by the State Password Administration Institution, in the serious cases, shall be confiscated by the State Password Administration Institution jointly with the organs of public security and the state security.
Article 22
If the scientific research, production and selling units of the commercial password products commit the acts referred to in Article 20 and Paragraph 1, 2 and 3 in Article 21 and cause serious results, their qualification of scientific research and production shall be canceled and the Selling License of the Commercial Password products shall be withdrawn by the State Password Administration Institution.
Article 23
The acts that divulge the secret of commercial password techniques, unlawfully attack the commercial passwords or conduct the activities impairing the security and interest of the state with commercial passwords and constitute a crime in serious cases shall be legally investigated into the criminal responsibility.
The acts referred to in previous paragraph that do not constitute a crime shall have the commercial password products confiscated by the State Password Administration Institution jointly with the organs of state security and secrecy according to different situation; the acts impairing the security of the state shall be legally punished with an administrative detention by the organ of state security; the state personnel involved shall be concurrently subject to administrative penalty.
Article 24
The corporation or individual beyond the borders presumptuously use the password products or the equipments containing the password techniques without any approval, shall be given a warn, ordered to revise and concurrently punished with a confiscation of the password products or the equipments containing the password techniques by the State Password Administration Institution jointly with the organ of public security.
Article 25
The staff members of the State Password Administration Institution, who abuse their power, neglect their duty, and commit irregularities for personal gains, which constitutes a crime, shall be prosecuted in accordance with the law; if the offence does not constitute a crime, they shall be subject to the administrative sanctions in accordance with the law.
Chapter 7 Supplementary Rules
Article 26
The State Password Administration Committee may, in accordance with these Regulations, stipulate the corresponding provisions.
Article 27
These Regulations shall take effect as of the promulgation. |
