中英对照商用密码管理条例(2023修订).docx

RegulationontheAdministrationofCommercialCryptography(2023Revision)DocumentNumber：OrderNo.760of(heStateCouncilofthePeople'sRepublicofChinaAreaofLaw:Confidentiality1.evelofAuthority：AdministrativeRegulationsIssuingAuthority：StateCouncilDateIssued：04-27-2023EffectiveDale:07-01-2023Status:Effective1999-2023ComparisonVersionOrderoftheStateCouncilofthePeople'sRepublicofChina(No.760)TheRegulationontheAdministrationofCommercialCryptography,asrevisedandadoptedatthe4thexecutivemeetingoftheStateCouncilonApril4,2023,isherebyissuedandshallcomeintoforceonJuly1,2023.Premier:LiQiangApril27,2023RegulationontheAdministrationofCommercialCryPtOgraPhy(IssuedbyOrderNo.273oftheStateCouncilofthePeople'sRepublicofChinaonOctober7,1999andrevisedbyOrderNo.760oftheStateCouncilofthePeople'sRepublicofChina中华人民共和国国务院令（第760号）商用密码管理条例已经2023年4月14日国务院第4次常务会议修订通过，现予公布，自2023年7月1日起施行。总理李强2023年4月27日商用密码管理条例（1999年10月7日中华人民共和国国务院令第273号发布2023年4月27日中华人民共和国国务院令第760号修订）第一章总 则onApril27,2023)ChapterIGeneralProvisionsArticle1ThisRegulationisdevelopedinaccordancewiththeCryptographyLawofthePeople'sRepublicofChinaandotherlawsforthepurposesofstandardizingtheapplicationandadministrationofcommercialcryptography,encouragingandpromotingthedevelopmentofthecommercialcryptographyindustry,ensuringcybersecurityandinformationsecurity,safeguardingnationalsecurityandsocialandpublicinterests,andprotectingthelegitimaterightsandinterestsofcitizens,legalpersonsandotherorganizations.Article2ThisRegulationshallapplytothescientificresearch,production,sale,service,testing,certification,importandexport,applicationandotheractivitiesinrespectofcommercialcryptographywithintheterritoryofthePeople'sRepublicofChina.ForthepurposesofthisRegulation,4tcommerciaicryptography5'referstothetechnologies,productsandservicesthatconductencryption-basedprotectionandsafetycertificationoftheinformationthatisnotstatesecretbymeansofspecifictransformation.Article3TheleadershipoftheCommunistPartyofChinaovertheworkofcommercialcryptographyshallbeinsistedonandtheoverallnationalsecurityconceptshallbeimplemented.Thestatecrj,ptographyadministrativedepartmentshallbe第一条为了规范商用密码应用和管理，鼓励和促进商用密码产业发展，保障网络与信息安全，维护国家安全和社会公共利益，保护公民、法人和其他组织的合法权益，根据中华人民共和国密码法等法律，制定本条例。第二条在中华人民共和国境内的商用密码科研、生产、销售、服务、检测、认证、进出口、应用等活动及监督管理，适用本条例。本条例所称商用密码，是指采用特定变换的方法对不属于国家秘密的信息等进行加密保护、安全认证的技术、产品和服务。第三条坚持中国共产党对商用密码工作的领导，贯彻落实总体国家安全观。国家密码管理部门负责管理全国的商用密码工作。县级以上地方各级密码管理部门负责responsiblefortheadministrationofcommercialcryptographyacrossthecountry.Thelocalcryptographyadministrativedepartmentsatorabovethecountylevelshallberesponsiblefortheadministrationofcommercialcryptographyintheirrespectiveadministrativeregions.Cyberspace,commerce,customs,marketregulation,andotherrelevantdepartmentsshallberesponsiblefortheadministrationofcommercialcryptographywithinthescopeoftheirrespectiveduties.Article4Thestateshallstrengthenthetrainingofcommercialcryptographytalents,establishandimprovethedevelopmentsystemandmechanismandthetalentevaluationsystemforcommercialCryPIograPhytalents,encourageandsupporttheconstructionofdisciplinesandspecialtiesrelatedtocryptography,standardizethesocialtrainingoncommercialcryptography,andpromotetheexchangeofcommercialcryptographytalents.Article5Thepeople'sgovernmentsalalllevelsandtheirrelevantdepartmentsshallstrengthenthepublicityandeducationofcommercialCryPtOgraPhyinvariousformstoenhancethecryptographysecurityawarenessofcitizens,legalpersonsandotherorganizations.Article6Societies,tradeassociationsandothersocialorganizationsinthefieldofcommercialcryptographyshall,inaccordancewiththeprovisionsoflaws,administrativeregulationsandtheirbylaws,Carryoutacademicexchanges,管理本行政区域的商用密码工作。网信、商务、海关、市场监督管理等有关部门在各自职责范围内负责商用密码有关管理工作。第四条国家加强商用密码人才培养，建立健全商用密码人才发展体制机制和人才评价制度，鼓励和支持密码相关学科和专业建设，规范商用密码社会化培训，促进商用密码人才交流。第五条各级人民政府及其有关部门应当采取多种形式加强商用密码宣传教育，增强公民、法人和其他组织的密码安全意识。第六条商用密码领域的学会、行业协会等社会组织依照法律、行政法规及其章程的规定，开展学术交流、政策研究、公共服务等活动，加强学术和行业自律，推动诚信建设，促进行业健康发展。policyresearch,publicservicesandotheractivitiestostrengthenacademicandindustrialself-regulation,promotecredibilitybuilding,andpromotethesounddevelopmentoftheindustry.密码管理部门应当加强对商用密码领域社会组织的指导和支持。第二章科技创新与标准化Thecryptographyadministrativedepartmentsshallstrengthenguidanceandsupportforsocialorganizationsinthefieldofcommercialcrj,ptography.ChapterIIScientificandTechnologicalInnovationandStandardization第七条国家建立健全商用密码科学技术创新促进机制，支持商用密码科学技术自主创新，对作出突出贡献 的组织和个人按照国家有关规定予以表彰和奖励。Article7Theslateshallestablishandimprovethemechanismforpromotingscientificandtechnologicalinnovationincommercialcryptography,supportindependentinnovationinscienceandtechnologyoncommercialcryptography,andcommendandrewardorganizationsandindividualsthathavemadeoutstandingcontributionsinaccordancewiththerelevantrulesofthestate.国家依法保护商用密码领域的知识产权。从事商用密码活 动，应当增强知识产权意识，提高运用、保护和管理知识 产权的能力。国家鼓励在外商投资过程中基于自愿原则和商业规则开展 商用密码技术合作。行政机关及其工作人员不得利用行政 手段强制转让商用密码技术。Thestateshallprotectintellectualpropertyrightsinthefieldofcommercialcryptographyinaccordancewiththelaw.Thosewhocarryoutcommercialcryptographyactivitiesshallenhancetheirawarenessofintellectualpropertyrightsandtheirabilitytouse,protectandmanageintellectualpropertyrights.Thestateshallencouragecooperationoncommercialcryptographytechnologyintheprocessofforeigninvestmentbasedonvoluntaryprinciplesandcommercialrules.Administrativeorgansandtheirstaffmembersshallnotuse第八条国家鼓励和支持商用密码科学技术成果转化和产业化应用，建立和完善商用密码科学技术成果信息 汇交、发布和应用情况反馈机制。第九条 国家密码管理部门组织对法律、行政法规和国家有关规定要求使用商用密码进行保护的网络与信息 系统所使用的密码算法、密码协议、密钥管理机制等商用 密码技术进行审查鉴定。第十条国务院标准化行政主管部门和国家密码管 理部门依据各自职责，组织制定商用密码国家标准、行业 标准，对商用密码团体标准的制定进行规范、引导和监 督。国家密码管理部门依据职责，建立商用密码标准实施 信息反馈和评估机制，对商用密码标准实施进行监督检 查。administrativemeanstoforcethetransferofcommercialcryptographytechnology.Article8Thestateshallencourageandsupportthetransformationandindustrialapplicationofscientificandtechnologicalachievementsincommercialcryptography,andestablishandimprovethefeedbackmechanismfortheexchange,releaseandapplicationOfinformationonscientificandtechnologicalachievementsincommercialcryptography.Article9Thestatecrj,tograhyadministrativedepartmentshallorganizetheexaminationandauthenticationofthecryptographicalgorithms,cryptographicprotocols,keymanagementmechanismsandothercommercialcryptographytechnologiesusedinnetworksandinformationsystemsthatneedtobeprotectedbycommercialcryptographyasrequiredbylaws,administrativeregulationsandrelevantregulationsofthestate.Article10ThestandardizationauthorityoftheStateCouncilandthestatecryptographyadministrativedepartmentshall,accordingtotheirrespectivefunctions,organizethedevelopmentofnationalandindustrialstandardsforcommercialcryptography,andregulate,guideandsupen,isethedevelopmentofgroupstandardsforcommercialcryptography.Thestatecryptographyadministrativedepartmentsshall,inaccordancewiththeirduties,establishaninformationfeedbackandevaluationmechanismfortheimplementationofthestandardsforcommercialcryptography,andsuperviseandinspecttheimplementationofthestandardsforcommercialcryptography.Chapter III Testing and Authentication第三章检测认证Thestateshallpromoteparticipationintheinternationalstandardizationactivitiesofcommercialcryptography,participateinthedevelopmentofinternationalstandardsforcommercialcryptography,promotetheconversionandapplicationbetweenChineseandforeignstandardsforcommercialcryptography,andencourageenterprises,socialorganizations,educationalandscientificresearchinstitutionstoparticipateintheinternationalstandardizationactivitiesofcommercialcryptography.Ifthestandardsinotherfieldsinvolvecommercialcryptography,theyshallbecoordinatedwiththenationalandindustrialstandardsforcommercialcryptography.ArtiClC11Commercialcryptographyactivitiesshallcomplywithrelevantlaws,administrativeregulations,compulsorynationalstandardsforcommercialcryptography,andthetechnicalrequirementsforthestandardsforself-declarationdisclosure.Thestateshallencouragetheuseofrecommendednationalandindustrialstandardsforcommercialcrj,ptographyincommercialcryptographyactivities,toimprovetheprotectionabilityofcommercialcryptographyandsafeguardthelegitimaterightsandinterestsofusers.国家推动参与商用密码国际标准化活动，参与制定商用密码国际标准，推进商用密码中国标准与国外标准之间的转化运用，鼓励企业、社会团体和教育、科研机构等参与商用密码国际标准化活动。其他领域的标准涉及商用密码的，应当与商用密码国家标准、行业标准保持协调。第一条从事商用密码活动，应当符合有关法律、行政法规、商用密码强制性国家标准，以及自我声明公开标准的技术要求。国家鼓励在商用密码活动中采用商用密码推荐性国家标准、行业标准，提升商用密码的防护能力，维护用户的合法权益。Article12Thestateshallpromotetheconstructionofthecommercialcryptographytestingandauthenticationsystemandencouragevoluntaryacceptanceofcommercialcryptographytestingandauthenticationincommercialcryptographyactivities.Article13InstitutionsCaiTyingoutcommercialCryPtOgraPhytestingactivitiessuchastestingofcommercialcryptographyproductsandsecurityassessmentofapplicationofcommercialcryptographyinthenetworkandinformationsystem,andprovidingdataandresultswiththefunctionofproofforthepublicshallbeaccreditatedbythestatecryptographyadministrativedepartmentandobtainthequalificationofacommercialCryPIograPhytestinginstitutioninaccordancewiththelaw.Article 14 Toobtainthequalificationofacommercialcryptographytestinginstitution,aninstitutionshallmeetthefollowingconditions:(1) Ithaslegalpersonqualification.(2) Ithasthefunds,premises,equipmentandfacilities,professionalpersonnelandprofessionalcapabilitiessuitableforcommercialcryptographytestingactivities.(3) Ithasamanagementsystemtoensuretheeffectiveoperationofcommercialcryptographytestingactivities.第十二条国家推进商用密码检测认证体系建设,鼓励在商用密码活动中自愿接受商用密码检测认证。第十三条从事商用密码产品检测、网络与信息系统商用密码应用安全性评估等商用密码检测活动，向社会出具具有证明作用的数据、结果的机构，应当经国家密码管理部门认定，依法取得商用密码检测机构资质。第十四条取得商用密码检测机构资质，应当符合下列条件：（一）具有法人资格；（二）具有与从事商用密码检测活动相适应的资金、场所、设备设施、专业人员和专业能力；（三）具有保证商用密码检测活动有效运行的管理体系。Article 15 Toapplyforthequalificationofacommercial第十五条申请商用密码检测机构资质，应当向国家密码管理部门提出书面申请，并提交符合本条例第I四 条规定条件的材料。国家密码管理部门应当自受理申请之日起20个工作日内, 对申请进行审查，并依法作出是否准予认定的决定。需要对申请人进行技术评审的，技术评审所需时间不计算 在本条规定的期限内。国家密码管理部门应当将所需时间 书面告知申请人。第十六条商用密码检测机构应当按照法律、行政 法规和商用密码检测技术规范、规则，在批准范围内独 立、公正、科学、诚信地开展商用密码检测，对出具的检 测数据、结果负责，并定期向国家密码管理部门报送检测 实施情况。商用密码检测技术规范、规则由国家密码管理部门制定并公布。cryptographytestinginstitution,awrittenapplicationshallbefiledwiththestateCryPtograPhyadministrativedepartmentandmaterialsthatmeettheconditionsasstipulatedinArticle14ofthisRegulationshallbesubmitted.Thestatecrj,ptographyadministrativedepartmentshall,within20workingdaysfromthedateofacceptinganapplication,examinetheapplicationandmakeadecisiononwhethertogranttheaccreditationinaccordancewiththelaw.Ifitisnecessarytoconducttechnicalreviewofanapplicant,thetimerequiredforthetechnicalreviewshallnotbecountedwithinthetimelimitasprescribedinthisarticle.Thestatecryptographyadministrativedepartmentshallnotifytheapplicantoftherequiredtimeinwriting.ArtiClC16Commercialcryptographytestinginstitutionsshall,inaccordancewithlaws,administrativeregulationsandtechnicalspecificationsandrulesforcommercialcryptographytesting,independently,impartially,scientificallyandfaithfullycarryoutcommercialCryPtograPhytestingwithintheapprovedscope,beresponsibleforthetestingdataandresultsissued,andsubmittheinformationontestingimplementationtothestatecr),ptographyadministrativedepartmentonaregularbasis.Thetechnicalspecificationsandrulesforcommercialcryptographytestingshallbedevelopedandissuedbythestatecryptographyadministrativedepartment.Article17ThemarketregulationdepartmentoftheStateCouncilshall,inconjunctionwiththestateCryPtograPhyadministrativedepartment,establishaunifiednationalcommercialcryptographyauthenticationsystem,implementtheauthenticationofcommercialcryptographyproducts,servicesandmanagementsystems,anddevelopandissuetheauthenticationcatalogue,technicalspecificationsandrules.Article 18 InstitutionsCarryingoutcommercialCryPIOgraPhyauthenticationactivitiesshallobtainthequalificationsofcommercialCryPtOgraPhyauthenticationinstitutionsinaccordancewiththelaw.ToapplyforthequalificationofacommercialCryPIograPhyauthenticationinstitution,awrittenapplicationshallbefiledwiththemarketregulationdepartmentoftheStateCouncil.Besidesmeetingthebasicconditionsofauthenticationinstitutionsasrequiredbylaws,administrativeregulationsandrelevantrulesofthestate,anapplicantshallalsohavethetechnicalcapabilitiesofdetectionandinspectionsuitableforthecommercialcryptographyauthenticationactivities.ThemarketregulationdepartmentoftheStateCouncilshall,whenexaminingtheapplicationforthequalificationofacommercialcryptographyauthenticationinstitution,requestopinionsofthestatecryptographyadministrativedepartment.Article 19 Commercialcryptographyauthenticationinstitutionsshallindependently,impartially,scientificallyandfaithfullycarryoutcommercialcryptographyauthentication第十七条国务院市场监督管理部门会同国家密码管理部门建立国家统一推行的商用密码认证制度，实行商用密码产品、服务、管理体系认证，制定并公布认证目录和技术规范、规则。第十八条从事商用密码认证活动的机构，应当依法取得商用密码认证机构资质。申请商用密码认证机构资质，应当向国务院市场监督管理部门提出书面申请。申请人除应当符合法律、行政法规和国家有关规定要求的认证机构基本条件外，还应当具有与从事商用密码认证活动相适应的检测、检查等技术能力。国务院市场监督管理部门在审查商用密码认证机构资质申请时，应当征求国家密码管理部门的意见。第十九条商用密码认证机构应当按照法律、行政法规和商用密码认证技术规范、规则，在批准范围内独立、公正、科学、诚信地开展商用密码认证，对出具的认withintheapprovedscopeinaccordancewithlaws,administrativeregulationsandtechnicalspecificationsandrulesforcommercialcryptographyauthentication,andberesponsiblefortheauthenticationconclusionsissued.Acommercialcryptographyauthenticationinstitutionshallcarryoutaneffectivefbllow-upinvestigationintothecommercialcrj,ptographyproducts,servicesandmanagementsystemsauthenticatedbyit,toensurethattheauthenticatedcommercialcryptographyproducts,servicesandmanagementsystemscontinuetosatisfytheauthenticationrequirements.Article 20 Commercialcryptographyproductsthatconcernnationalsecurity,nationaleconomyandpeople'slivelihood,andsocialandpublicinterestsshallbelistedinthecatalogueofkeynetworkequipmentandspecialproductsforcybersecurityinaccordancewiththelaw,andmaybesoldorprovidedonlyafterbeingtestedandauthenticatedbyqualifiedcommercialCryPtOgraPhytestingandcertificationinstitutions.Article 21 Commercialcryptographysendeesthatusekeynetworkequipmentandspecialproductsforcybersecurityshallpasstheauthenticationofacommercialcryptographyauthenticationinstitution.ChapterIVElectronicAuthenticationArticle 22 Wherecommercialcryptographytechnologyisusedtoprovideelectronicauthenticationservices,theserviceprovidershallhavepremises,facilities,professionals,证结论负责。商用密码认证机构应当对其认证的商用密码产品、服务、管理体系实施有效的跟踪调查，以保证通过认证的商用密码产品、服务、管理体系持续符合认证要求。第二十条涉及国家安全、国计民生、社会公共利益的商用密码产品，应当依法列入网络关键设备和网络安全专用产品目录，由具备资格的商用密码检测、认证机构检测认证合格后，方可销售或者提供。第二*一条商用密码服务使用网络关键设备和网络安全专用产品的，应当经商用密码认证机构对该商用密码服务认证合格。第四章电子认证第二十二条采用商用密码技术提供电子认证服务，应当具有与使用密码相适应的场所、设备设施、专业人员、专业能力和管理体系，依法取得国家密码管理部门同意使用密码的证明文件。professionalcapabilitiesandmanagementsystemssuitablefortheuseofcryptography,andobtainthecertificationdocumentsontheapprovaloftheuseofthecryptographyissuedbythestaleCryPlOgraPhyadministrativedepartmentinaccordancewiththelaw.第二十三条电子认证服务机构应当按照法律、行 政法规和电子认证服务密码使用技术规范、规则，使用密 码提供电子认证服务，保证其电子认证服务密码使用持续 符合要求。Article 23 Anelectronicauthenticationserviceinstitutionshall,inaccordancewithlaws,administrativeregulationsandtechnicalstandardsandrulesfortheuseofcryptographyforelectronicauthenticationservic