中英对照 | 中华人民共和国密码法
中华人民共和国主席令
第三十五号
Order of the President of the People's Republic of China
No. 35
《中华人民共和国密码法》已由中华人民共和国第十三届全国人民代表大会常务委员会第十四次会议于2019年10月26日通过,现予公布,自2020年1月1日起施行。
The Cryptography Law of the People's Republic of China, adopted at the14th Meeting of the Standing Committee of the Thirteenth National People's Congress of the People's Republic of China on October 26, 2019, is hereby promulgated and shall enter into force as of January 1, 2020.
中华人民共和国主席 习近平
2019年10月26日
Xi Jinping
President of the People's Republic of China
October 26, 2019
中华人民共和国密码法
Cryptography Law of the People's Republic of China
(2019年10月26日第十三届全国人民代表大会常务委员会第十四次会议通过)
(Adopted at the 14th Meeting of the Standing Committee of the Thirteenth National People's Congress on October 26, 2019)
目录
Contents
第一章 总则
Chapter I General Provisions
第二章 核心密码、普通密码
Chapter II Core Cryptography and Common Cryptography
第三章 商用密码
Chapter III Commercial Cryptography
第四章 法律责任
Chapter IV Legal Liability
第五章 附 则
Chapter V Supplementary Provisions
第一章 总则
Chapter I General Provisions
第一条 为了规范密码应用和管理,促进密码事业发展,保障网络与信息安全,维护国家安全和社会公共利益,保护公民、法人和其他组织的合法权益,制定本法。
Article 1 This Law is enacted for the purpose of regulating the application and administration of cryptography, promoting the development of cryptography work, ensuring cyber and information security, safeguarding national security and public interests, and protecting the legitimate rights and interests of citizens, legal persons and other organizations.
第二条 本法所称密码,是指采用特定变换的方法对信息等进行加密保护、安全认证的技术、产品和服务。
Article 2 For the purpose of this Law, "cryptography" refers to technologies, products, and services utilized for encryption protection and security authentication on information and the like by using specific transformation methods.
第三条 密码工作坚持总体国家安全观,遵循统一领导、分级负责,创新发展、服务大局,依法管理、保障安全的原则。
Article 3 Cryptography work shall adhere to a holistic approach to national security, and be in conformity with the principles of unified leadership, hierarchical responsibilities, innovation and development, serving the overall picture, law-based administration, and ensuring security.
第四条 坚持中国共产党对密码工作的领导。中央密码工作领导机构对全国密码工作实行统一领导,制定国家密码工作重大方针政策,统筹协调国家密码重大事项和重要工作,推进国家密码法治建设。
Article 4 Cryptography work shall adhere to the leadership of the Communist Party of China. The central leading authority of cryptography work shall uniformly lead nationwide cryptography work, develop national major guidelines and policies for cryptography work, coordinate national significant affairs and tasks concerning cryptography, and promote the rule of law in the national cryptography development.
第五条 国家密码管理部门负责管理全国的密码工作。县级以上地方各级密码管理部门负责管理本行政区域的密码工作。
国家机关和涉及密码工作的单位在其职责范围内负责本机关、本单位或者本系统的密码工作。
Article 5 The national cryptography administrative department shall be charge of the nationwide cryptography work. Local cryptography administrative departments at or above the county level shall be charge of cryptography work within their respective administrative areas.
State organs and other entities relating to cryptography work shall be responsible for the cryptography work of their own organs, entities or systems within the scope of their responsibilities.
第六条 国家对密码实行分类管理。
密码分为核心密码、普通密码和商用密码。
Article 6 The State shall implement classified administration of cryptography.
Cryptography shall be classified into core cryptography, common cryptography and commercial cryptography.
第七条 核心密码、普通密码用于保护国家秘密信息,核心密码保护信息的最高密级为绝密级,普通密码保护信息的最高密级为机密级。
核心密码、普通密码属于国家秘密。密码管理部门依照本法和有关法律、行政法规、国家有关规定对核心密码、普通密码实行严格统一管理。
Article 7 Core cryptography and common cryptography shall be used to secure State secret information. The highest level of information protected by core cryptography shall be top secret, and the highest level of information protected by common cryptography shall be secret.
Core cryptography and common cryptography are State secrets. Cryptography administrative departments shall implement strict and unified administration for core cryptography and common cryptography in accordance with this Law, other relevant laws, administrative regulations, and State provisions.
第八条 商用密码用于保护不属于国家秘密的信息。
公民、法人和其他组织可以依法使用商用密码保护网络与信息安全。
Article 8 Commercial cryptography shall be used to protect the information that does not involve anything of State secret.
Citizens, legal persons and other organizations may use commercial cryptography to protect cyber and information security in accordance with law.
第九条 国家鼓励和支持密码科学技术研究和应用,依法保护密码领域的知识产权,促进密码科学技术进步和创新。
国家加强密码人才培养和队伍建设,对在密码工作中作出突出贡献的组织和个人,按照国家有关规定给予表彰和奖励。
Article 9 The State encourages and supports research in and application of cryptography science and technology, protects the intellectual property rights concerning cryptography in accordance with law, and facilitates the progress and innovation in cryptography science and technology.
The State shall strengthen the cultivation and development of cryptography talent teams. The State commends and rewards organizations or individuals that have conducted outstanding contributions to cryptography work in accordance with the relevant State provisions.
第十条 国家采取多种形式加强密码安全教育,将密码安全教育纳入国民教育体系和公务员教育培训体系,增强公民、法人和其他组织的密码安全意识。
Article 10 The State shall take various measures to strengthen public education in cryptography security, incorporate the education of cryptography security into the national education system and public servant education and training system, and enhance the awareness of cryptography security of citizens, legal persons and other organizations.
第十一条 县级以上人民政府应当将密码工作纳入本级国民经济和社会发展规划,所需经费列入本级财政预算。
Article 11 The people's government at or above the county level shall incorporate cryptography work into the corresponding national economic and social development plan, and incorporate required funds into the fiscal budget of the corresponding level.
第十二条 任何组织或者个人不得窃取他人加密保护的信息或者非法侵入他人的密码保障系统。
任何组织或者个人不得利用密码从事危害国家安全、社会公共利益、他人合法权益等违法犯罪活动。
Article 12 No organization or individual may steal encrypted information or illegally intrude into the cryptography-protected system of others.
No organization or individual may use cryptography to engage in activities endangering national security or public interests or the legitimate rights and interests of others, or other illegal or criminal activities.
第二章 核心密码、普通密码
Chapter II Core Cryptography and Common Cryptography
第十三条 国家加强核心密码、普通密码的科学规划、管理和使用,加强制度建设,完善管理措施,增强密码安全保障能力。
Article 13 The State shall strengthen the scientific planning, management and utilization of core cryptography and common cryptography, enhance system building, improve management measures, and enhance cryptography security and protection capability.
第十四条 在有线、无线通信中传递的国家秘密信息,以及存储、处理国家秘密信息的信息系统,应当依照法律、行政法规和国家有关规定使用核心密码、普通密码进行加密保护、安全认证。
Article 14 State secrets that are transmitted in wired or wireless communication and information systems that store or process State secrets shall be encrypted or authenticated using core cryptography or common cryptography in accordance with relevant laws, administrative regulations, and State provisions.
第十五条 从事核心密码、普通密码科研、生产、服务、检测、装备、使用和销毁等工作的机构(以下统称密码工作机构)应当按照法律、行政法规、国家有关规定以及核心密码、普通密码标准的要求,建立健全安全管理制度,采取严格的保密措施和保密责任制,确保核心密码、普通密码的安全。
Article 15 The institutions engaged in scientific research, production, service, testing, equipment, utilizing or destruction of core cryptography and common cryptography (hereinafter collectively referred to as "cryptography working institutions") shall establish and improve the security management system, take strict confidential measures and responsibilities to ensure the security of core cryptography and common cryptography in accordance with relevant laws, administrative regulations, State provisions, and the requirements in core cryptography and common cryptography standards.
第十六条 密码管理部门依法对密码工作机构的核心密码、普通密码工作进行指导、监督和检查,密码工作机构应当配合。
Article 16 Cryptography administrative departments shall guide, supervise, and inspect the core cryptography and common cryptography work of cryptography working institutions in accordance with law, and the said institutions shall cooperate.
第十七条 密码管理部门根据工作需要会同有关部门建立核心密码、普通密码的安全监测预警、安全风险评估、信息通报、重大事项会商和应急处置等协作机制,确保核心密码、普通密码安全管理的协同联动和有序高效。
密码工作机构发现核心密码、普通密码泄密或者影响核心密码、普通密码安全的重大问题、风险隐患的,应当立即采取应对措施,并及时向保密行政管理部门、密码管理部门报告,由保密行政管理部门、密码管理部门会同有关部门组织开展调查、处置,并指导有关密码工作机构及时消除安全隐患。
Article 17 Cryptography administrative departments shall establish core-cryptography-and-common-cryptography-related coordination mechanisms in conjunction with relevant departments based on the needs of work, conducting security surveillance and alert, security risks assessment, information reporting, critical issue consultation, and emergency response to ensure the coordination and efficiency of core cryptography and common cryptography security administration.
If a cryptography working institution detects a core cryptography or common cryptography leak or a major problem or serious risk affecting the security of core cryptography or common cryptography, the institution shall immediately take measures to resolve it and report to the confidentiality administrative department and the cryptography administrative department. The confidentiality administrative department and the cryptography administrative department shall, in conjunction with relevant departments, organize the investigation and response, and guide the relevant cryptography working institution to eliminate security risks in a timely manner.
第十八条 国家加强密码工作机构建设,保障其履行工作职责。
国家建立适应核心密码、普通密码工作需要的人员录用、选调、保密、考核、培训、待遇、奖惩、交流、退出等管理制度。
Article 18 The State shall strengthen the construction of cryptography working institutions to ensure that they fulfill their responsibilities.
The State shall establish the personnel management systems in respect of recruitment, selection, confidentiality, evaluation, training, treatment, award and punishment, exchange and withdrawal, which adapt to the needs of core cryptography and common cryptography work.
第十九条 密码管理部门因工作需要,按照国家有关规定,可以提请公安、交通运输、海关等部门对核心密码、普通密码有关物品和人员提供免检等便利,有关部门应当予以协助。
Article 19 Cryptography administrative departments may, based on the needs of work and in accordance with relevant State provisions, ask the public security, transport, customs or other relevant departments for privileges such as inspection exemptions on items and personnel related to core cryptography and common cryptography, and the relevant departments shall cooperate.
第二十条 密码管理部门和密码工作机构应当建立健全严格的监督和安全审查制度,对其工作人员遵守法律和纪律等情况进行监督,并依法采取必要措施,定期或者不定期组织开展安全审查。
Article 20 Cryptography administrative departments and cryptography working institutions shall establish and improve strict supervision and security review mechanisms, oversee staff members as to their compliance with laws and disciplines, and take necessary measures to regularly or irregularly organize security review in accordance with law.
第三章 商用密码
Chapter III Commercial Cryptography
第二十一条 国家鼓励商用密码技术的研究开发、学术交流、成果转化和推广应用,健全统一、开放、竞争、有序的商用密码市场体系,鼓励和促进商用密码产业发展。
各级人民政府及其有关部门应当遵循非歧视原则,依法平等对待包括外商投资企业在内的商用密码科研、生产、销售、服务、进出口等单位(以下统称商用密码从业单位)。国家鼓励在外商投资过程中基于自愿原则和商业规则开展商用密码技术合作。行政机关及其工作人员不得利用行政手段强制转让商用密码技术。
商用密码的科研、生产、销售、服务和进出口,不得损害国家安全、社会公共利益或者他人合法权益。
Article 21 The State encourages the research, development, academic exchange, transfer and application of commercial cryptography technology, facilitates a unified, open, competitive, and orderly commercial cryptography market environment, encourages and promotes the development of commercial cryptography industry.
People's governments at various levels and their relevant departments shall follow the non-discrimination principle and provide equal treatment in accordance with law, to all entities, including foreign invested enterprises, which engage in scientific research, production, sale, service, import and export of commercial cryptography (hereinafter collectively referred to as "commercial cryptography entities"). The State encourages foreign investors to cooperate in commercial cryptography technology based on voluntariness and commercial rules. Administrative departments and their staff members shall not force the transfer of commercial cryptography technology by administrative means.
The research, production, sale, service, import and export of commercial cryptography shall not endanger national security, public interests, or the legitimate rights and interests of others.
第二十二条 国家建立和完善商用密码标准体系。
国务院标准化行政主管部门和国家密码管理部门依据各自职责,组织制定商用密码国家标准、行业标准。
国家支持社会团体、企业利用自主创新技术制定高于国家标准、行业标准相关技术要求的商用密码团体标准、企业标准。
Article 22 The State establishes and improves the system of commercial cryptography standards.
The standardization administrative department of the State Council and the national cryptography administrative department shall organize the development of national standards and industry standards for commercial cryptography according to their respective responsibilities.
The State supports social organizations and enterprises in using independent innovative technologies to develop association standards or enterprise standards for commercial cryptography that are stricter than relevant technical requirements of national standards or industry standards.
第二十三条 国家推动参与商用密码国际标准化活动,参与制定商用密码国际标准,推进商用密码中国标准与国外标准之间的转化运用。
国家鼓励企业、社会团体和教育、科研机构等参与商用密码国际标准化活动。
Article 23 The State promotes participation in international standardization activities concerning commercial cryptography and in the development of international standards for commercial cryptography, and advances the conversion between Chinese standards and foreign standards for better application.
The State encourages enterprises, social organizations, educational institutions, scientific research institutes and other organizations to participate in international standardization activities concerning commercial cryptography.
第二十四条 商用密码从业单位开展商用密码活动,应当符合有关法律、行政法规、商用密码强制性国家标准以及该从业单位公开标准的技术要求。
国家鼓励商 用密码从业单位采用商用密码推荐性国家标准、行业标准,提升商用密码的防护能力,维护用户的合法权益。
Article 24 Commercial cryptography entities shall, when engaging in activities involving commercial cryptography, comply with the technical requirements prescribed in relevant laws, administrative regulations, mandatory national standards for commercial cryptography and the standards published by such entities themselves.
The State encourages commercial cryptography entities to adopt voluntary national standards and industry standards for commercial cryptography to enhance commercial cryptography protection capability and safeguard the legitimate interests of users.
第二十五条 国家推进商用密码检测认证体系建设,制定商用密码检测认证技术规范、规则,鼓励商用密码从业单位自愿接受商用密码检测认证,提升市场竞争力。
商用密码检测、认证机构应当依法取得相关资质,并依照法律、行政法规的规定和商用密码检测认证技术规范、规则开展商用密码检测认证。
商用密码检测、认证机构应当对其在商用密码检测认证中所知悉的国家秘密和商业秘密承担保密义务。
Article 25 The State facilitates the development of the commercial cryptography testing and certification system, formulates the technical specifications and rules for commercial cryptography testing and certification, and encourages commercial cryptography entities to have their cryptography tested and certified on a voluntary basis to boost their market competitiveness.
Commercial cryptography testing and certification bodies shall obtain relevant qualifications in accordance with law, and conduct commercial cryptography testing and certification in compliance with the laws, administrative regulations, and the technical specifications and rules for commercial cryptography testing and certification.
Commercial cryptography testing and certification bodies shall have the duty to keep confidential any State and commercial secrets learned in the course of commercial cryptography testing and certification.
第二十六条 涉及国家安全、国计民生、社会公共利益的商用密码产品,应当依法列入网络关键设备和网络安全专用产品目录,由具备资格的机构检测认证合格后,方可销售或者提供。商用密码产品检测认证适用《中华人民共和国网络安全法》的有关规定,避免重复检测认证。
商用密码服务使用网络关键设备和网络安全专用产品的,应当经商用密码认证机构对该商用密码服务认证合格。
Article 26 Commercial cryptography products which concern national security, national welfare and people's livelihood, or public interests shall be listed in the catalog of critical network equipment and specialized cyber security products in accordance with law, and be sold or provided for use provided that they have passed the testing and certification conducted by qualified testing and certification bodies. The testing and certification on commercial cryptography products shall be in compliance with relevant provisions of the Cyber security Law of the People's Republic of China, and repeated testing and certification shall be avoided.
Commercial cryptography service using critical network equipment and specialized cyber security products shall pass the certification conducted by a commercial cryptography certification body.
第二十七条 法律、行政法规和国家有关规定要求使用商用密码进行保护的关键信息基础设施,其运营者应当使用商用密码进行保护,自行或者委托商用密码检测机构开展商用密码应用安全性评估。商用密码应用安全性评估应当与关键信息基础设施安全检测评估、网络安全等级测评制度相衔接,避免重复评估、测评。
关键信息基础设施的运营者采购涉及商用密码的网络产品和服务,可能影响国家安全的,应当按照《中华人民共和国网络安全法》的规定,通过国家网信部门会同国家密码管理部门等有关部门组织的国家安全审查。
Article 27 Operators of critical information infrastructure shall adopt commercial cryptography to protect such infrastructure if so required by relevant laws, administrative regulations, and State provisions, and shall, conduct application security assessment on commercial cryptography by themselves or by entrusting a commercial cryptography testing body. Commercial cryptography application security assessment shall be coordinated with both critical information infrastructure security testing and assessment system and classified cyber security assessment system to avoid repeated testing and assessment.
Where operators of critical information infrastructure purchase network products and services involving commercial cryptography that may affect national security, such products and services shall be subject to the national security review by the national cyberspace administrative department in conjunction with the national cryptography administrative department and other relevant departments in accordance with the Cyber Security Law of the People's Republic of China.
第二十八条 国务院商务主管部门、国家密码管理部门依法对涉及国家安全、社会公共利益且具有加密保护功能的商用密码实施进口许可,对涉及国家安全、社会公共利益或者中国承担国际义务的商用密码实施出口管制。商用密码进口许可清单和出口管制清单由国务院商务主管部门会同国家密码管理部门和海关总署制定并公布。
大众消费类产品所采用的商用密码不实行进口许可和出口管制制度。
Article 28 The competent department in charge of commerce under the State Council and the national cryptography administrative department shall, in accordance with law, apply import licensing to commercial cryptography which has encryption functionality and concerns national security or public interests, and shall apply export control to commercial cryptography which concerns national security or public interests or which entails international obligations on China. The import licensing list and export control list of commercial cryptography shall be formulated and published by the competent department in charge of commerce under the State Council in conjunction with the national cryptography administrative department and the General Administration of Customs.
Import licensing and export control shall not be applied to commercial cryptography used in mass consumption products.
第二十九条 国家密码管理部门对采用商用密码技术从事电子政务电子认证服务的机构进行认定,会同有关部门负责政务活动中使用电子签名、数据电文的管理。
Article 29 The national cryptography administrative department shall be responsible for the approval of institutions using commercial cryptography technologies to engage in electronic certification service for E-Government activities, and shall, in conjunction with relevant departments, be responsible for the administration of the use of electronic signatures and data messages in administrative activities.
第三十条 商用密码领域的行业协会等组织依照法律、行政法规及其章程的规定,为商用密码从业单位提供信息、技术、培训等服务,引导和督促商用密码从业单位依法开展商用密码活动,加强行业自律,推动行业诚信建设,促进行业健康发展。
Article 30 Organizations such as commercial cryptography industry associations shall, in accordance with laws, administrative regulations, and their articles of association, provide information, technology, training and other services for commercial cryptography entities, guide and supervise commercial cryptography entities to conduct commercial cryptography activities in accordance with law, improve industry self-discipline and integrity, and promote the healthy development of the industry.
第三十一条 密码管理部门和有关部门建立日常监管和随机抽查相结合的商用密码事中事后监管制度,建立统一的商用密码监督管理信息平台,推进事中事后监管与社会信用体系相衔接,强化商用密码从业单位自律和社会监督。
密码管理部门和有关部门及其工作人员不得要求商用密码从业单位和商用密码检测、认证机构向其披露源代码等密码相关专有信息,并对其在履行职责中知悉的商业秘密和个人隐私严格保密,不得泄露或者非法向他人提供。
Article 31 Cryptography administrative departments and relevant departments shall establish the mechanism of both in-process and ex-post supervision on commercial cryptography, which combines routine supervision with random inspection, and shall establish a unified information platform for supervision and administration on commercial cryptography, coordinate the in-process and ex-post supervision mechanism and the social credit system, strengthen the self-discipline of commercial cryptography entities and public supervision.
Cryptography administrative departments and other relevant departments, as well as their staff members shall not require commercial cryptography entities or commercial cryptography testing and certification bodies to reveal source code or other cryptography-related proprietary information, and shall strictly keep confidential the trade secrets and individual privacy learned in the course of performing their duty, and shall not disclose or illegally provide such information to others.
第四章 法律责任
Chapter IV Legal Liability
第三十二条 违反本法第十二条规定,窃取他人加密保护的信息,非法侵入他人的密码保障系统,或者利用密码从事危害国家安全、社会公共利益、他人合法权益等违法活动的,由有关部门依照《中华人民共和国网络安全法》和其他有关法律、行政法规的规定追究法律责任。
Article 32 In case of a violation of Article 12 of this Law by stealing encrypted information, illegally intruding into the cryptography-protected system of others, or using cryptography to engage in activities endangering national security or public interests or the legitimate rights and interests of others, or other illegal activities, the relevant department shall investigate the legal liability in accordance with the Cyber Security Law or other relevant laws or administrative regulations.
第三十三条 违反本法第十四条规定,未按照要求使用核心密码、普通密码的,由密码管理部门责令改正或者停止违法行为,给予警告;情节严重的,由密码管理部门建议有关国家机关、单位对直接负责的主管人员和其他直接责任人员依法给予处分或者处理。
Article 33 In case of a violation of Article 14 of this Law and failure in using core cryptography or common cryptography as required, the cryptography administrative department shall give an order of correction or ceasing the illegal activities, and shall issue a warning. Where the circumstances are serious, the cryptography administrative department shall recommend the relevant State organ or entity to impose punishment on the persons in charge who are directly responsible and the other persons who are directly responsible in accordance with law.
第三十四条 违反本法规定,发生核心密码、普通密码泄密案件的,由保密行政管理部门、密码管理部门建议有关国家机关、单位对直接负责的主管人员和其他直接责任人员依法给予处分或者处理。
违反本法第十七条第二款规定,发现核心密码、普通密码泄密或者影响核心密码、普通密码安全的重大问题、风险隐患,未立即采取应对措施,或者未及时报告的,由保密行政管理部门、密码管理部门建议有关国家机关、单位对直接负责的主管人员和其他直接责任人员依法给予处分或者处理。
Article 34 In case of a core cryptography or common cryptography leak in violation of this Law, the confidentiality administrative department and the cryptography administrative department shall recommend the relevant State organ or entity to impose punishment on the persons in charge who are directly responsible and the other persons who are directly responsible in accordance with law.
In case of a violation of the second paragraph of Article 17 of this Law and failure in taking measures immediately or reporting the situation upon detecting a core cryptography or common cryptography leak or a major problem or serious risk affecting the security of core cryptography or common cryptography in a timely manner, the confidentiality administrative department and the cryptography administrative department shall recommend the relevant State organ or entity to impose punishment on the persons in charge who are directly responsible and the other persons who are directly responsible in accordance with law.
第三十五条 商用密码检测、认证机构违反本法第二十五条第二款、第三款规定开展商用密码检测认证的,由市场监督管理部门会同密码管理部门责令改正或者停止违法行为,给予警告,没收违法所得;违法所得三十万元以上的,可以并处违法所得一倍以上三倍以下罚款;没有违法所得或者违法所得不足三十万元的,可以并处十万元以上三十万元以下罚款;情节严重的,依法吊销相关资质。
Article 35 Where a commercial cryptography testing or certification body conducts commercial testing and certification in violation of the second or third paragraph of Article 25 of this Law, the market supervision administration shall, in conjunction with the cryptography administrative department, order the said commercial cryptography testing or certification body to make correction or cease the illegal activities, and shall issue a warning and confiscate the illegal gains. Where the amount of illegal gains is RMB 300,000 yuan and above, a fine of not less than one time but not more than three times the amount of illegal gains may be concurrently imposed; where there are no illegal gains or the amount of illegal gains is less than RMB 300,000 yuan, a fine of not less than RMB 100,000 yuan but not more than RMB 300,000 yuan may be concurrently imposed; where the circumstances are serious, the relevant qualifications shall be revoked in accordance with law.
第三十六条 违反本法第二十六条规定,销售或者提供未经检测认证或者检测认证不合格的商用密码产品,或者提供未经认证或者认证不合格的商用密码服务的,由市场监督管理部门会同密码管理部门责令改正或者停止违法行为,给予警告,没收违法产品和违法所得;违法所得十万元以上的,可以并处违法所得一倍以上三倍以下罚款;没有违法所得或者违法所得不足十万元的,可以并处三万元以上十万元以下罚款。
Article 36 Where an untested, uncertified or unqualified commercial cryptography product is sold or provided, or uncertified or unqualified commercial cryptography service is provided in violation of Article 26 of this Law, the market supervision administration shall, in conjunction with the cryptography administrative department, give an order of correction or ceasing the illegal activities, and shall issue a warning and confiscate the illegal products and gains. Where the amount of illegal gains is RMB 100,000 yuan or more, a fine of not less than one time but not more than three times the amount of illegal gains may be concurrently imposed; where there are no illegal gains or the amount of illegal gains is less than RMB 100,000 yuan, a fine of not less than RMB 30,000 yuan but not more than RMB 100,000 yuan may be concurrently imposed.
第三十七条 关键信息基础设施的运营者违反本法第二十七条第一款规定,未按照要求使用商用密码,或者未按照要求开展商用密码应用安全性评估的,由密码管理部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处十万元以上一百万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款。
关键信息基础设施的运营者违反本法第二十七条第二款规定,使用未经安全审查或者安全审查未通过的产品或者服务的,由有关主管部门责令停止使用,处采购金额一倍以上十倍以下罚款;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。
Article 37 Where an operator of critical information infrastructure, in violation of the first paragraph of Article 27 of this Law, fails to use commercial cryptography as required, or fails to conduct security assessment on commercial cryptography as required, the cryptography administrative department shall give an order of correction and issue a warning; where the operator refuses to make correction, or the violation has endangered cyber security or caused other results, a fine of not less than RMB 100,000 yuan but not more than RMB 1,000,000 yuan shall be imposed, and a fine of not less than RMB 10,000 yuan but not more than RMB 100,000 yuan shall be imposed upon the persons in charge who are directly responsible.
Where an operator of critical information infrastructure, in violation of the second paragraph of Article 27 of this Law, uses products or services which have not been subjected to or have failed to pass the security review, the relevant administrative department in charge shall order the operator to stop using such products or services, and shall impose a fine of not less than one time but not more than ten times the value of the purchase amount, and a fine of not less than RMB 10,000 yuan but not more than RMB 100,000 yuan upon the persons in charge who are directly responsible and the other persons who are directly responsible.
第三十八条 违反本法第二十八条实施进口许可、出口管制的规定,进出口商用密码的,由国务院商务主管部门或者海关依法予以处罚。
Article 38 Where the import or export of commercial cryptography is in violation of Article 28 of this Law on import licensing and export control, a punishment shall be imposed in accordance with law by the competent department in charge of commerce under the State Council or the customs.
第三十九条 违反本法第二十九条规定,未经认定从事电子政务电子认证服务的,由密码管理部门责令改正或者停止违法行为,给予警告,没收违法产品和违法所得;违法所得三十万元以上的,可以并处违法所得一倍以上三倍以下罚款;没有违法所得或者违法所得不足三十万元的,可以并处十万元以上三十万元以下罚款。
Article 39 In case of a violation of Article 29 of this Law and engagement in electronic certification service for E-government activities without approval, the cryptography administrative department shall give an order of correction or ceasing the illegal activities, and shall issue a warning and confiscate the illegal products and gains. Where the amount of illegal gains is RMB 300,000 yuan or more, a fine of not less than one time but not more than three times the amount of illegal gains may be concurrently imposed; where there are no illegal gains or the amount of illegal gains is less than RMB 300,000 yuan, a fine of not less than RMB 100,000 yuan but not more than RMB 300,000 yuan may be concurrently imposed.
第四十条 密码管理部门和有关部门、单位的工作人员在密码工作中滥用职权、玩忽职守、徇私舞弊,或者泄露、非法向他人提供在履行职责中知悉的商业秘密和个人隐私的,依法给予处分。
Article 40 Where, in cryptography work, a staff member of cryptography administrative departments or other relevant departments or entities abuses his or her power, neglect his or her duties or practices favoritism for personal gain, or discloses or illegally provides to others trade secrets or individual privacy he or she has learned in the course of performing his or her duty, the said staff member shall be punished in accordance with law.
第四十一条 违反本法规定,构成犯罪的,依法追究刑事责任;给他人造成损害的,依法承担民事责任。
Article 41 Where a person or entity violates the provisions of this Law, if a crime is constituted, he or it shall be investigated for criminal responsibility in accordance with law; and shall bear civil liability in accordance with law if damage is caused to others.
第五章 附 则
Chapter V Supplementary Provisions
第四十二条 国家密码管理部门依照法律、行政法规的规定,制定密码管理规章。
Article 42 The national cryptography administrative department shall formulate rules of cryptography administration in accordance with laws and administrative regulations.
第四十三条 中国人民解放军和中国人民武装警察部队的密码工作管理办法,由中央军事委员会根据本法制定。
Article 43 The Central Military Commission shall formulate measures for cryptography administration of the Chinese People's Liberation Army and the Chinese People's Armed Police Force in accordance with this Law.
第四十四条 本法自2020年1月1日起施行。
Article 44 This Law shall enter into force as of January1, 2020.
扫一扫在手机打开当前页