|
Chinese
|
|
|
To
establish a safe and reliable network environment and to ensure
that the data will not be forged, revised or stolen during the
process of network transmission, to examine the identity of both
transaction parties and to prevent against denial of the fact of
completed transaction afterwards.
This is the key to whether E-Government and E-Commerce can
be popular in all areas. In
order to expedite a safe electronic transaction system, government
and civilians are sparing their utmost effort in utilization of
modern access code technology to establish electronic
certification system of various areas and to provide identity
certification and transaction certification service so as to
improve the confidence of user.
|
|
|
|
|
|
Traditional
communication and transaction behavior employ written document
(such as contract) and signature, seal to confirm related rights
and obligations. In
the network environment, E-Government and E-Commerce has to rely
on electronic document and electronic signature as the basis of
communication and transaction. However, present regulation does
not clearly standardize the legal position of electronic document
and electronic signature and in order to cope with the daily
prosperous development of digital economy environment, it is
really urgent at present to establish a legal system for
electronic signature. Therefore, for various countries in the
world, in order to establish the safety and reliability of
electronic transaction environment and popular application of
E-Commerce, they all actively expedite legislation similar to
electronic signature. For
example, Germany (August, 1997), Malaysia (1997), Italy (March
1997), Singapore (June 998), Korea (legislated in December 1998
and was effective in July 1999), Hong Kong (January 2000), Japan
(may 2000) US Federation (June 2000) and various states (40 more
states had already legislated) and for EEC, formulation of
electronic signature order has been completed (January 2000) and
various member countries like England (July 2000), France (March
2000) already completed the coordination of domestic law within
the member states before July 2001 based on the standard of
orders.
|
top
| II.
Principle of legislation |
|
|
|
|
In
order to cooperate with the development of national data
communication infrastructure, in 1997 in the country, for the
first time, MOEA commissioned Technology and Legal Center of
Institute for Information Industry to conduct research on digital
signature law and to suggest government how to formulate digital
signature law as soon as possible so as to fix the legal position
of electronic signature and electronic document and to establish a
management system for electronic Certificate Authority and to
define the authority and responsibility of the Certificate
Authority, CA, to establish system of cross state certification in
order to solve insufficiency or uncertainty of present legal
standard. In
reference to cases of legislation by various countries and
principle of legislation of electronic signature stipulated by
international organizations of United Nations and EEC etc., the 『Electronic
signature law』shall be formulated.
|
|
|
|
|
|
Hereunder
are a brief description on important legislation principle of this
law:
|
|
|
|
|
|
|
(1)
|
Principle
of neutral technology: Any technology that can ensure the
integrity of the information during the process of
transmission or storage and can examine the identity of
the user can all be used to produce electronic signature
and will not adopt 「asymmetric」 form」confidentiality
addition technology as the limit of the foundation of 「digital
signature」 so as not to block
the development of application of other technology.
This law adopts「electronic
signature」suggested by
international organization including United Nations and
EEC as the basis of legislation instead of basing on
"digital signature" as limit so as to respond to
innovation development of electronic examination
technology such as bio-technology. For electronic
signature or electronic document produced by any
electronic technology, as long as the function and written
document and signature and seal is equivalent, they can
all be used.
|
|
(2)
|
Principle
of contract liberty: Regarding electronic transaction
behavior in civilian area, it is appropriate that under
the principle of contract liberty, both transaction
parties concerned shall agree between themselves to adopt
what kind of suitable safety technology, procedure and
method to produce electronic signature or electronic
document as the basis that both parties can mutually trust
and abide and that shall be the basis of related legal
responsibility. Therefore,
it is not appropriate to intervene the contract principle
of both transaction parties with public authority of the
government. Both transaction parties should agree amongst
themselves on the electronic signature or electronic
document produced by technology that they could commonly
abide. In
addition, between certificate authority and users, they
can use contract to standardize the rights and obligations
of both parties.
|
|
(3)
|
Principle
of market direction: Regarding management on certificate
authority by the government and development of electronic
certification market, it is suitable to be limited to only
minimum necessary standard.
In the future, on establishment of electronic
certification system and development of electronic
certification market, it is better to allow civilians to
direct the development of various electronic certification
service required by various electronic transactions and
its related standard.
|
|
top
| III. Essentials
of article |
|
|
|
|
There
are seventeen articles of
this law and its essentials are as follows:
|
|
|
|
|
|
|
(1)
|
Definition
of the terms of articles of this law. (Article 2)
|
|
(2)
|
Stipulation
of legal behavior and legal provision that should be
conducted in writing can be based on electronic document
as essential document and effect of electronic document
can base on its production according to specific terms.
(Article 4).
|
|
(3)
|
Based
on provision of the law that the original or original copy
has to be presented, it can be substituted by electronic
document based on specific terms. (Article 5)
|
|
(4)
|
Based
on provision of the law
that document should be kept in writing, it can be
substituted by electronic document based on specific
terms. (Article 6)
|
|
(5)
|
Standard
of electronic communication and transaction receive and
dispatch time and place. (Article 7 and Article 8).
|
|
(6)
|
Based
on provision of the law
that signature and seal is necessary, it can be
substituted by electronic signature based on specific
terms. (Article 9)
|
|
(7)
|
Essentials
of preparation of digital signature should be confirmed.
(Article 10)
|
|
(8)
|
Certificate
Authority should announce to outside the operation
standard of certification practice. (Article 11)
|
|
(9)
|
Penalty
rules. (Article 12)
|
|
(10)
|
Handling
method when service of Certificate Authority is
terminated. (Article 13)
|
|
(11)
|
Damage
indemnity liability that the Certificate Authority should
bear. (Article 14).
|
|
(12)
|
Effect
of certificate signed by foreign Certificate Authority.
(Article 15)
|
|
(13)
|
Sub-laws
of this law shall be stipulated by supervisory
institution. Article 16)
|
|
(14)
|
Date
of implementation of this law shall be stipulated by
Executive Yuan. (Article 17)
|
|
|
|
|
top
| IV. Full script
of electronic signature law |
|
※
Only provided for reference, standard of
actual script shall be based on the terms publicly
announced by the President and passed by Legislative Yuan.
|
|
|
|
(Purpose
of legislation)
|
Article
1
|
In
order to expedite common utilization of electronic
transaction and to ensure safety of electronic
transaction and to promote e-Government and
e-Commerce, this law is specifically stipulated.
|
|
|
When
this law has not been regulated, it will be
applicable to regulation of other law.
|
|
|
(Definition
of term )
|
Article
2
|
Definition
of terms used in this law shall be as follows:
|
|
|
|
1.
|
Electronic
document:Refers
to word, voice, picture, image, symbol or
other information and by means of
electronic or method that other people
cannot directly understand with sense to
produce record that is sufficient to
express its meaning and is provided for
use in electronic processing.
|
|
2.
|
Electronic
signature:Refers
to attachment to the electronic documents
and is associated with them and is used to
identity and confirm the identity,
qualification of the electronic document
signature party and the true and false of
the electronic document.
|
|
3.
|
Digital
signature:A
certain length of digital information of
electronic document by mathematical method
or other formula, then confidentiality
will be added with the secret key of the
signature party forming an electronic
signature and the key can be opened to
public for certificatiion.
|
|
4.
|
Added
confidentiality:Electronic
document with be processed in the form of
disorderly code by means of mathematical
method or other method,.
|
|
5.
|
Certification
organization:Refers
to institution, finance corporation
signing and issuing certificate.
|
|
6.
|
Certification:Refers
to an electronic certification on
certification material with signature for
use in confirming identity and
qualification of the signature party.
|
|
7.
|
Certification
practice operation standard:Certificate
Authority will publicly announce to
outside to describe the operation standard
of certificate authority for issuance of
certificate and handling of other
certification business.
|
|
8.
|
Information
system:System
that can generate, send out, receive,
store or handle other form of electronic
message and data.
|
top
|
|
|
(Supervisory
institution of this law)
|
Article
3
|
Supervisory
institution of this law shall be Ministry of
Economic Affairs”
|
|
|
(Written
document can be prepared with electronic document)
|
Article
4
|
Upon
consent by corresponding party, electronic
document can be used as a way of expression.
|
|
|
If
processing by writing is based on provision in
law, if its content can be displayed completely
and can be provided for examination at a later
date, then it can be conducted by electronic
document upon consent by the corresponding party.
|
|
|
The
previous two provisions shall base on law or
public announcement of administrative institution
and for expulsion of its suitability or on its
application technology and procedure they will be
regulated separately.
However, regulation on application
technology and procedure shall be fair, reasonable
and shall not have different treatment without
proper reason.
|
|
|
((Original
or original copy of the written document can be prepared
with electronic document)
|
Article
5
|
Based
on the provision of law to present document
original or original copy, if the document is
prepared in the form of electronic document and
its content can be completely displayed and can be
retrieved at a later date for examination, it can
be conducted in electronic document except if
writing mark and chop mark has to be checked or
other necessity to identify the true and false of
document or there is other provision in law.
|
|
|
Content
of previous item that can be completely displayed
does not include information dispatched, received,
stored in the form of electronic form and display
of information attached in the operation.
|
|
|
(Legal
custody of written document can be prepared with
electronic document)
|
Article
6
|
Based
on provision in law, if the document has to be
kept in written form, if its content can be
completely displayed and can be acquired for
examination at a later date, then it can be
conducted in the form of electronic document.
|
|
|
The
previous electronic document shall be limited to
its place of issue, place of receipt date and
information of certification, and examination on
the true or false of the content of electronic
document shall combine its main content keeper.
|
|
|
The
first provision shall base on law or public
announcement of administrative institution and for
expulsion of its suitability or on its application
technology and procedure they will be regulated
separately. However,
regulation on application technology and procedure
shall be fair, reasonable and shall not have
different treatment without proper reason.
|
|
|
((Electronic
document receipt and dispatch time inference standard)
|
Article
7
|
For
electronic document, the document issuing time
shall be the time of information system
that
the entering issuing party cannot control.
However, if there is separate agreement by
the
party concerned or there is separate public
announcement by administrative institution,
then
it shall be based on its agreement or public
announcement.
|
|
|
Electronic
document shall base on the following time as the
document receipt time. However, if there is
separate agreement by the party concerned or there
is separate public announcement by administrative
institution, then it shall be based on its
agreement or public announcement.
|
|
|
|
1.
|
If
the receiving party has designated
information system for receiving
electronic document, then the time of
entry into that information system
by that electronic document shall
be time of receipt. If the electronic
document is sent to information system is
not designated by the receiving party,
then the receipt time shall be the time
when the receiving party acquires the
electronic document.
|
|
2.
|
If
the receiving party does not designate
information system for receiving
electronic document, then the time of
entry into that information system of the
receiving party shall be the time of
receipt.
|
|
|
|
(Place
for receipt and dispatch of electronic document)
|
Article
8
|
Place
of business execution of issuing party shall be
inferred as the place of issue of electronic
document. Place
of business execution of receiving party shall be
inferred as the place of receipt of electronic
document.
|
|
|
When
issuing party and receiving party has more than
one business execution place, then the most
closely related business place with major
transaction or communication behavior shall be the
issuing place or receiving place.
If major transaction or communication
behavior is unclear, then the major place of
business execution shall be the issuing place and
receiving place.
|
|
|
When
the issuing party and receiving party has no
business execution place, then its residence shall
be the issuing place and receiving place.
|
|
|
(Signature
or seal can be conducted in electronic signature)
|
Article
9
|
If
signature or seal is necessary based on provision
in law, upon consent by the corresponding party,
it can be conducted in electronic signature.
|
|
|
The
previous provision shall base on law or public
announcement of administrative institution and for
expulsion of its suitability or on its application
technology ad procedure they will be regulated
separately. However,
regulation on application technology and procedure
shall be fair, reasonable and shall not have
different treatment without proper reason.
|
|
|
(Digital
signature should base on a certain procedure for its
production before becoming effective)
|
Article
10
|
For
signing electronic document with digital
signature, it is necessary to conform to the
following provisions in various articles before
Item 1 of the previous article can become
effective.
|
|
|
|
1
|
Utilize
certificate issued by Certificate
Authority based on law through approval by
Article 11 or Article 15.
|
|
2
|
Certificate
is still valid and has not exceeded the
area of utilization.
|
|
|
|
(Certificate
Authority should prepare and publicly announce
certification practice operation standard)
|
Article
11
|
Certificate
Authority shall prepare certification practice
operation standard stating clearly the
certificate authority operation or provide
related operation procedure of certification
service. After submission to supervisory
institution for approval, it will be publicly
announcing in the open website established by the
certificate authority for public inquiry before
providing certification issuance service to
outside. When the certification practice operation
standard change, the procedure will be the same.
|
|
|
Certification
practice operation standard should state clearly
the following items:
|
|
|
|
1.
|
Reliability
that will affect the certificate issued by
the certification institution or important
information of its business execution.
|
|
2.
|
Cause
of direct cancellation of the certificate
by the certificate authority.
|
|
3.
|
Examination
on the content of the certificate
|
|
4.
|
Method
and procedure for protection on personal
information of the party concerned.
|
|
5.
|
Other
important items stipulated by supervisory
institution.
|
|
|
|
Before
the execution of this law, when the certification
institution has conducted certificate-issuing
service, then within six months after execution of
this law, submit certification practice operation
standard to supervisory institution for approval.
However, before completion of aprpoval by
the supervisory institution, the institution can
still continue to provide certification service to
outside.
|
|
|
Supervisory
institution should publicly announce name list of
approved Certificate Authority.
|
|
|
(Penalty
rules)
|
Article
12
|
When
the certification violates the regulation of the
previous article, depending on its condition, the
supervisory institution can sentence for penalty
of over NT$1,000,000 and under $5,000,0000 and
shall instruct the certification institution to
improve within a time limit.
If correction cannot be made after the
expiry date, then continuous penalty based on each
time shall be imposed.
For matters that are major, part or all of
its business shall be suspended.
|
|
|
(Termination of
service)
|
Article
13
|
Before
termination of its service, certificate authority
should complete the following measures:
|
|
|
|
1.
|
30
days before date of termination of service
notify supervisory institution.
|
|
2.
|
On
certificate that is valid at time of
termination, arrange other certificate
authority to undertake its business.
|
|
3.
|
30
days before date of termination, other
certificate authority shall undertake its
business and the fact shall be notified to
the party concerned.
|
|
4.
|
File
record shall be transferred to the
certificate authority that undertakes its
business.
|
|
|
|
If
there is no Certificate Authority undertaking the
business of that certificate authority based on
the provision in Item 1 and Item 2, supervisory
institution shall arrange other certificate
authority to undertake.
If necessary, supervisory institution can
publicly announce the certificate that is still
valid at that time.
|
|
|
The
above regulation is also applicable to
certification that is ordered to suspend its
business based on this law or other law.
|
|
|
(Compensation
obligation)
|
Article
14
|
If
operation of the Certificate Authority or related
operation procedure of its certification service
causes damage on the party concerned, or due to
proper intention, the third party suffer damage
due to trust on that certificate, the institution
should bear compensation except that it can prove
it has no error in its behavior.
|
|
|
When
the usage area on the certificate has accurate
limitation, on damage caused that exceeds the
usage area, the certificate authority will not
bear compensation responsibility.
|
|
|
(Principle of
International mutual benefit )
|
Article
15
|
For
certificate authority registered based on foreign
legal organization, under the principle of
international mutual benefit and safety condition,
upon approval by supervisory institution,
certificate issued by them and certificate issued
by domestic certificate authority shall bear the
same effect.
|
|
|
Approval
method of the previous item shall be stipulated by
supervisory institution.
|
|
|
Supervisory
institution should announce publicly name list of
the approved certificate authority in Item 1.
|
|
|
(By-laws)
|
Article
16
|
By-laws
of this law can be stipulated by supervisory
institution.
|
|
|
(Date
of implementation)
|
Article
17
|
Date
of implementation of this law shall be stipulated
by Executive Yuan.
|
|
| |
I.
General description