【中英文对照版】电子政务电子认证服务管理办法.docx

电子政务电子认证服务管理办法MeasuresfortheAdministrationoftheE-governmentE1.ectronicAuthenticationServices制定机关：国家密码管理后发文字号：国零走码管理局令第4号公布日烟：2024.09.04旗行H期：2024.11.01效力位阶：部门规章法规奥别：认证认可烁合规定I?>suingAuthorityStateEncryptionAdministrationDocumentNumberOrderNo.4oftheStateCryptographyAdministrationDateIssued：(>9-(M-2O24EtTcctivcDatc：11-01-20241.eve1.ofAuthority：DqxirtmcntaiRu1.esAreaof1.aw：Genera1.ProvisionsonCertificationandAccrcdita1.ionOrderoftheStateCryptographyAdministration国家密码管理局令(No.4)（第4号）TheMeasuresfortheAdministrationoftheE-governmetE1.ectronicAuthenticationServices,asde1.iberatedandadoptedattheexecutivemeetingoftheStateCryptographyAdministrationonAugust26,2024,eintoforceonNovember1,2024.电子政务电子认证服务管理办法已经2024年8月26日国家密码管理局局务会议审议通过，现予公布，自2024年11月1日起施行。Director:1.iuDongfang局长刘东方September4,20242024年9月4日第一章总则第一条为了规范电子政务电子认证服务行为，对电子政务电子认证服务机构实施监督管理，保障电子政务安全可靠，维护有关各方合法权益，根据中华人民共和国密码法、中华人民共和国电子签名法和商用密码管理条例等有关法律法规，制定本办法。第二条在中华人民共和国境内设立电子政务电子认证服务机构、提供电子政务电子认证服务及其监督管理，适用本办法。第三条本办法所称电子政务电子认证服务，是指采用商用密码技术为政务活动提供电子签名认证服务，保证电子签名的真实性和可靠性的活动。笫四条从事电子政务电子认证服务的机构，应当经国家密MeasuresfortheAdministrationoftheE-governmentE1.ectronicAuthenticationServicesChapterIGenera1.ProvisionsArtic1.e1TheseMeasuresaredeve1.opedinaccordancewiththeCryptography1.awofthePeop1.e'sRepub1.icofChina,theE1.ectronicSignature1.awofthePeop1.e'sRepub1.icofChina,theRegu1.ationsontheAdministrationofCommercia1.CipherCodes,andotherre1.evant1.awsandregu1.ations,forthepurposesofregu1.atingthebehaviorofe-governmente1.ectronicauthenticationservices,imp1.ementingsupervisionandadministrationofe-governmente1.ectronicauthenticationserviceinstitutions,ensuringthesecurityandre1.iabi1.ityofe-government,andsafeguardingthe1.egitimaterightsandinterestsofa1.1.parties.Artic1.e2TheseMeasuressha1.1.app1.ytotheestab1.ishmentofe-governmente1.ectronicauthenticationserviceinstitutions,theprovisionofe-governmente1.ectronicauthenticationservicesandtheirsupervisionandadministrationwithintheterritoryofthePeop1.e'sRepub1.icofChina.Artic1.e3Thee-governmente1.ectronicauthenticationservicesmentionedintheseMeasuresrefertotheactivitiesofprovidinge1.ectronicsignatureauthenticationservicesforgovernmentactivitiesbyusingcommercia1.cryptographytechno1.ogytoensuretheauthenticityandre1.iabi1.ityofe1.ectronicsignatures.Article 4 Institutionsprovidinge-governmente1.ectronicauthenticationservicessha1.1.beidentifiedbytheStateCryptographyAdministrationandobtainthequa1.ificationofe-governmente1.ectronicauthenticationsen/icesaccordingtothe1.aw.Article 5 TheStateCryptographyAdministrationsha1.1.supeiiseandadministerthee-governmente1.ectronicauthenticationserviceactivitiesacrossthecountry.1.oca1.cryptographicadministrativedepartmentsa1.orabovethecounty1.eve1.sha1.1.imp1.ementsupervisionandadministrationofthee-governmente1.ectronicauthenticationserviceactivitiesintheirrespectiveadministrativeareas.ChapterIIRecognitionofQua1.ificationsArtic1.e6Toobtainthequa1.ificationsfore-governmente1.ectronicauthenticationserviceinstitutions,thefo1.1.owingconditionssha1.1.bemet:(1) Ithasthe1.ega1.personqua1.ificationofanenterise1.ega1.personorapub1.icinstitution.(2) Ithasthefundsappropriatetotheactivitiesofe-govemnente1.ectronicauthenticationservicesandtheuseofcryptography.(3) Ithasbusinesspremisesappropriatetotheactivitiesofe-governmente1.ectronicauthenticationservicesandtheuseofcryptography.码管理局认定，依法取得电子政务电子认证服务机构资质。第五条国家密码管理局对全国电子政务电子认证服务活动实施监督管理。县级以上地方各级密码管理部门对本行政区域的电子政务电子认证服务活动实施监督管理。第二章资质认定第六条取得电子政务电子认证服务机构资质，应当符合下列条件：（一）具有企业法人或者事业单位法人资格；（二）具有与从事电子政务电子认证服务活动及其使用密码相适应的资金；（三）具有与从事电子政务电子认证服务活动及其使用密码相适应的运营场所；（四）具有在境内设置、符合国家有关密码标准的电子认证服务(4) Ithase<ipnentandfaci1.itiessuchase1.ectronicauthenticationservicesystemsthataresetupinChinaandconformtore1.evantcryptographicstandardsofthestate.(5) Therearemorethan30professiona1.technicians,operationmanagementpersonne1.,securitymanagementpersonne1.,customerservicepersonne1.andotherprofessiona1.whoaresuitab1.eforcarryingoute-governmente1.ectronicauthenticationserviceactivitiesandtheuseofcryptogram.(6) Ithasabi1.itytoprovide1.ong-terme-governmente1.ectronicauthenticationservicesforgovernmentactivities,inc1.udingmaintainingasoundfinancia1.position,sufficientoperatingfunds,stab1.eoperationofequipmentandfaci1.ities,stab1.eteamofprofessiona1.s,andhasnomajor川ega1.recordsorbadcreditrecords.(7) Ithasamanagementsystemtoensurethesafeoperationofe-governmente1.ectronicauthenticationserviceactivitiesandtheuseofcryptography.Artic1.e7Toapp1.yforqua1.ificationsfore-governmente1.ectronicauthenticationserviceinstitutions,awrittenapp1.icationsha1.1.befi1.edinwritingwiththeStateCryptographyAdministration,andthefo1.1.owingmateria1.ssha1.1.besubmittedtothecryptographicadministrativedepartmentsofprovinces,autonomousregionsandmunicipa1.itiesdirect1.yundertheCentra1.GovernmententrustedbytheStateCryptographyAdministrationforacceptance:系统等设备设施:（五）具有30名以上与从事电子政务电子认证服务活动及其使用密码相适应的专业技术人员、运营管理人员、安全管理人员和客户服务人员等专业人员；（六）具有为政务活动提供长期电子政务电子认证服务的能力，包括持续保持财务状况良好、运营资金充足、设备设施稳定运行、专业人员队伍稳定，没有重大违法记录或者不良信用记录等；（）具有保证电子政务电子认证服务活动及其使用密码安全运行的管理体系。笫七条申请电子政务电子认证服务机构资质，应当向国家密码管理局提出书面申请，向国家密码管理局委托进行受理的省、自治区、直辖市密码管理部门提交下列材料：（一）电子政务电子认证服务机构资质申请表；(1) TheApp1.icationFormforQua1.ificationsofE-governmentE1.ectronicAuthenticationServiceinstitutions.(2) Thecertificateofthe1.ega1.personqua1.ification.(3) Fundsituation,inc1.udingregisteredcapita1.,capita1.structure,equitystructure,guaranteeofworkingcapita1.,etc.(4) Theinformationontheoperationpremise.(5) The1.istoftechnica1.materia1.sconcerninge1.ectronicauthenticationservicesystemandre1.atedequipment,inc1.udingworkreportonconstructionofthee1.ectronicauthenticationsen/icesystem,technica1.workreport,securitydesignreport,securitymanagementstrategiesandnorms,reportonse1.f-assessmentofstandardcomp1.iance,the1.istofre1.atedsoftwareandhardwareandtheircomp1.iancewiththere1.evantsafetystandardsofthestate.(6) Theinformationonprofessiona1.s.(7) Theexp1.anationandcommitmenttoprovideuserswith1.ong-termserviceandqua1.ityassurancecapabi1.ities.（二）法人资格证书;（三）资金情况，包括注册资本、资本结构、股权结构、运营资金保障等情况；（四）运营场所情况;（五）电子认证服务系统相关技术材料及相关设备清单，包括电子认证服务系统建设工作报告、技术工作报告、安全性设计报告、安全管理策略和规范、标准符合性自评估报告，相关软件、硬件清单及其符合国家有关安全标准的情况等；（六）专业人员情况;（七）为用户提供长期服务和质量保獐能力说明及承诺：（）电子政务电子认证服务及其使用密码安全管理体系建立情况，包括业务运营管理、电子认证服务系统运行管理、人员管理、档案管理、安全保密管理等管理体系建立情况。(8) Theinformationontheestab1.ishmentofe-governmente1.ectronicauthenticationsen/icesandtheiruseofcryptographicsecuritymanagementsystems,inc1.udingtheestab1.ishmentofmanagementsystemsforbusinessoperationmanagement,operationmanagementofe1.ectronicauthenticationservicesystem,personne1.management,fi1.emanagement,securityandconfidentia1.itymanagement.Artic1.e8Thecryptographicadministrativedepartmentsoftheprovinces,autonomousregionsandmunicipa1.itiesdirect1.yundertheCentra1.GovernmententrustedbytheStateCryptographyAdministrationtoaccepttheapp1.icationmateria1.ssha1.1.,withinfiveworkingdaysfromthedateofreceiptoftheapp1.icationmateria1.s,conductaforma1.reviewoftheapp1.icationmateria1.sandhand1.ethemrespective1.yaccordingtothefo1.1.owingcircumstances:wheretheapp1.icationmateria1.sarecomp1.eteandconformtotheprescribedforms,theapp1.icationforadministrative1.icensesha1.1.beacceptedandanotificationofacceptancesha1.1.beissued;wheretheapp1.icationmateria1.sarenotcomp1.eteordonotconformtotheprescribedform,theapp1.icantsha1.1.benotifiedofsupp1.ementingandcorrectinga1.1.contentsinaone-offmanneronthespotorwithinfiveworkingdays;andwhereacaseisnotaccepted,anoticeofrejectionsha1.1.beissuedandthereasonssha1.1.beexp1.ained.Artic1.e9TheStateCryptographyAdministrationsha1.1.,within20workingdaysofthedateofacceptinganapp1.icationforadministrative1.icense,examinetheapp1.icationforadministrative1.icenseandmakeadecisionofgranting1.icenseornotaccordingtothe1.aw.Wherea1.icenseisgranted,theCertificateofQua1.ificationsforE-governmentE1.ectronicAuthenticationServiceInstitutionssha1.1.beissuedandannounced;andwherea1.icenseisnotgranted,awrittendecisionofnotgrantingadministrative1.icensesha1.1.beissued,thereasonssha1.1.beexp1.ainedandtheapp1.icantsha1.1.benotifiedofthere1.evantrights.笫八条受国家密码管理局委托进行受理的省、自治区、直辖市密码管理部门自收到申请材料之日起5个工作日内，对申请材料进行形式审查，根据下列情况分别作出处理：申请材料齐全、符合规定形式的，应当受理行政许可申请并出具受理通知书；申请材料不齐全或者不符合规定形式的，应当当场或者在5个工作日内一次告知需要补正的全部内容；不子受理的，应当出具不予受理通知书并说明理由。笫九条国家密码管理局应当自行政许可申请受理之日起20个工作日内，对行政许可申请进行审查，并依法作出是否许可的决定。准予许可的，族发电子政务电子认证服务机构资质证书，并予以公开；不予许可的，应当出具不予行政许可决定书，说明理由并告知申请人相关权利。需要对申请人进行技术评审的，技术评审所需时间不计算在本条规定的期限内。国家密码管理局Ifitisnecessarytoconducttechnica1.reviewofanapp1.icant,thetimerequiredforthetechnica1.reviewsha1.1.notbecountedwithinthetime1.imitasprescribedinthisartic1.e.TheStateCryptographyAdministrationsha1.1.notifytheapp1.icantinwritingofthetimerequired.应当将所需时间书面告知申请人。Artic1.e10TheStateCryptographyAdministrationmay,accordingtotheneedsoftechnica1.reviewandprofessiona1.requirements,authorizeprofessiona1.institutionsororganizeexpertstocarryouttechnica1.review.第十条国家密码管理局根据技术评审需要和专业要求，可以委托专业机构或者组织专家实施技术评审。Thetechnica1.reviewinc1.udesthesecurityreviewofthee1.ectronicauthenticationservicesystem,thefie1.dsurveyoftheoperationpremise,equipmentandfaci1.ities,andconstructionofthemanagementsystem,andtheassessmentofprofessiona1.s'abi1.ities.技术评审包括电子认证服务系统安全性审查，运营场所、设备设施、管理体系建设实地查勘，专业人员能力考核等。Professiona1.institutionsandexpertssha1.1.independent1.y,impartia1.1.y,scientifica1.1.yandfaithfu1.1.ycarryouttechnica1.reviewactivities,beresponsib1.efortheauthenticityandconformityoftechnica1.reviewconc1.usions,andassumecorresponding1.ega1.responsibi1.ity.TheStateCryptographyAdministrationsha1.1.supervisethetechnica1.reviewactivitiesandestab1.ishamechanismforaccountabi1.ity.专业机构和专家应当独立、公正、科学、诚信地开展技术评审活动，对技术评审结论的真实性、符合性负责，并承担相应法律责任。国家密码管理局应当对技术评审活动进行监督，建立责任追究机制。Artic1.e11Whereforeign-investede-governmente1.ectronicauthenticationsen/icesaffectormayaffectnationa1.security,securityofforeigninvestmentsha1.1.beexaminedaccordingtothe1.aw.第十一条外商投资电子政务电子认证服务，影响或者可能影响国家安全的，应当依法进行外商投资安全审查。Artic1.e12ACertificateofQua1.ificationsforE-第十二条电子政务电子认证服务机构资质证书有效期5年，内容包括：获证机构名称、证书编号、有效期限、发证机关和发证日期等。governmentE1.ectronicInstitutionssha1.1.beinc1.uding:thenameofthecertificatenumber,issuingauthorityandt1.AuthenticationServiceva1.idforfiveyears,thecertifiedinstitution,theva1.idityperiod,theeissuingdate,amongothers.电子政务电子认证服务机构资质证书由正本和副本组成，正本、副本具有同等法律效力。ACertificateofQua1.ificationsforE-governmentE1.ectronicAuthenticationServiceInstitutionsconsistsoftheorigina1.andthedup1.icate,whichhavethesame1.ega1.effect.禁止转让、出租、出借、伪造、变造、冒用、租借电子政务电子认证服务机构资质证书。第十三条电子政务电子认证服务机构应当在其网站和运营场所公布并及时更新其电子政务电子认证服务机构资质证书的机构名称、证书编号、有效期限、发证机关和发证日期等内容。Itisprohibitedtotransfer,1.ease,1.end,forge,a1.ter,fa1.se1.yuseorborrowanyCertificateofQua1.ificationsforE-governmentE1.ectronicAuthenticationServiceInstitutions.Artic1.e13Ane-governmente1.ectronicauthenticationserviceinstitutionsha1.1.pub1.ishandtime1.yupdateitsname,certificatenumber,va1.idityperiod,issuingauthorityandissuingdateoftheCertificateofQua1.ificationsforE-governmentE1.ectronicAuthenticationServiceInstitutionsonitswebsiteandatitsoperationpremise.第十四条有下列情形之一的，电子政务电子认证服务机构应当自变更之日起30日内向国家密码管理局办理变更手续：Artic1.e14Underanyofthefo1.1.owingcircumstances,thee-governmente1.ectronicauthenticationserviceinstitutionsha1.1.,within30daysfromthedateofchange,undergothechangeforma1.itieswiththeStateCryptographyAdministration:（一）机构名称、住所、法定代表人发生变更；(1) Thename,domici1.eand1.ega1.representativeoftheinstitutionarechanged.（二）机构注册资本、资本结构、股权结构、法人性质或者单位隶属关系发生变更；(2) Theregisteredcapita1.,capita1.structure,equitystructure,natureofthe1.ega1.personorthesubordinationoftheentityischanged.（三）电子认证服务系统等设备设施发生变化，影响或者可能影(3) Thee1.ectronicauthenticationservicesystemandotherequipmentandfaci1.itiesarechanged,whichaffectormayaffectthecryptographysecurityofe-governmente1.ectronicauthenticationservice.(4) Thee1.ectronicauthenticationservicesystemisnew1.ybui1.torre1.ocated.(5) Anyothermatterforwhichthemodificationproceduresha1.1.beundergoneaccordingtothe1.aw.Wherechangesine-governmente1.ectronicauthenticationserviceinstitutionsaffecttheircomp1.iancewiththequa1.ificationconditionsandrequirements,theStateCryptographyAdministrationsha1.1.,accordingtotheactua1.situationoftheapp1.icant,carryoutareviewinwritingoronthespot.Technica1.review,ifnecessary,sha1.1.becarriedoutinaccordancewiththeprovisionsofArtic1.e10oftheseMeasures.Artic1.e15Wherethequa1.ificationsfore-governmente1.ectronicauthenticationserviceinstitutionsneedtobeextendedaftertheexpirationoftheva1.idityperiod,awrittenapp1.icationsha1.1.befi1.edwiththeStateCryptographyAdministration60daysbeforetheexpirationoftheva1.idityperiod.Accordingtotheactua1.circumstancesoftheapp1.icant,theStateCryptographyAdministrationsha1.1.conductawrittenoron-siteexamination,andmakeadecisiononwhethertoapprovetheextensionofthequa1.ificationsfore-governmente1.ectronicauthenticationserviceinstitutionsbeforeexpirationoftheva1.idityperiod.响电子政务电子认证服务使用密码安全；（四）新建、搬迁电子认证服务系统；（五）依法霜要办理变更的其他事项。电子政务电子认证服务机构发生变更的事项影响其符合资质认定条件和要求的，国家密码管理局根据申请人的实际情况，采取书面或者现场形式开展审查。需要进行技术评审的，依照本办法第十条规定对其开展技术评审。第十五条电子政务电子认证服务机构资质有效期届满需要延续的，应当在有效期届满60日前向国家密码管理局提出书面申请。国家密码管理局根据申请人的实际情况，采取书面或者现场形式进行审查，并在电子政务电子认证服务机构资质有效期届满前作出是否准予延续的决定。ChapterIIICodeofConduct第三章行为规范笫十六条电子政务电子认证服务机构应当按照国家密码管理局公布的电子政务电子认证业务规则规范等要求，制定本机构的电子政务电子认证业务规则和相应的电子签名认证证书策略，在提供电子政务电子认证服务前予以公布，并向住所地省、自治区、直辖市密码管理部门备案。电子政务电子认证业务规则和电子签名认证证书策略发生变更的，电子政务电子认证服务机构应当予以公布，并自公布之日起30日内向住所地省、自治区、直辖市密码管理部门备案。电子政务电子认证服务机构应当保持本机构已公布的电子政务电子认证业务规则和电子签名认证证书策略的可访问性。笫十七条电子政务电子认证服务机构应当按照本机构公布的电子政务电子认证业务规则提供电子政务电子认证服务。Artic1.e16Ane-governmente1.ectronicauthenticationserviceinstitutionsha1.1.,inaccordancewiththerequirementsofthee-governmente1.ectronicauthenticationbusinessru1.esandnormsissuedbytheStateCryptographyAdministration,deve1.opitse-governmente1.ectronicauthenticationbusinessru1.esandcorrespondingstrategiesfore1.ectronicsignatureauthenticationcertificates,announcethembeforeprovidinge-governmente1.ectronicauthenticationservices,andundergorecordationforma1.itieswiththe1.oca1.cryptographicadministrativedepartmentsoftheprovinces,autonomousregions,andmunicipa1.itiesdirect1.yundertheCentra1.Government.Wheree-governmente1.ectronicauthenticationbusinessru1.esandpo1.iciesfore1.ectronicsignatureauthenticationcertificatesarechanged,e-governmente1.ectronicauthenticationserviceinstitutionssha1.1.makeanannouncement,andundergorecordationforma1.itieswiththe1.oca1.cryptographicadministrativedepartmentsoftheprovinces,autonomousregions,andmunicipa1.itiesdirect1.yundertheCentra1.Governmentwithin30daysfromthedateofannouncement.E-governmente1.ectronicauthenticationserviceinstitutionssha1.1.maintaintheaccessibi1.ityoftheire-governmente1.ectronicauthenticationbusi