Enforcement Rules of the Electronic Signatures Act
2024-11-14
手機睡眠
語音選擇
Article 1
These Enforcement Rules are enacted in accordance with Article 21 of the Electronic Signatures Act (hereinafter referred to as " the Act ").
Article 2
For any announcement published by the Judicial Yuan or the Ministry of Justice in accordance with Paragraph 2, Article 1 of the Act, the competent authority shall be informed.
Article 3
The expression "attached to and associated with an electronic record" as set forth in Subparagraph 2, Article 2 of the Act shall mean the act of being affixed to, incorporated in, or logically associated with an electronic record.
Article 4
The term "private key" as defined in Subparagraph 3, Article 2 of the Act shall mean certain digital data that are contained in the digital data having the parity matching relation and are possessed by a signatory to create a digital signature.
Article 5
The term "public key" as defined in Subparagraph 3, Article 2 of the Act shall mean certain digital data that are contained in the digital data having the parity matching relation and are open to the public to verify a digital signature.
Article 6
The expression "a government agency or a juristic person that issues certificates" as set forth in Subparagraph 5, Article 2 of the Act shall mean the nominal issuer as indicated on the certificate.
Article 7
The competent authority shall refer to international technical standards related to electronic signatures, solicit expert opinions, and announce the electronic signature technology with effect of an electronic signature in accordance with Paragraph 2, Article 2 of the Act; and may establish a registration mechanism for electronic signature services, an accreditation/certification mechanism for relevant standards, or other promotion mechanisms.
Article 8
The expression “a reasonable manner” as set forth in Paragraph 4, Article 5 of the Act shall mean the use of words, writing, or other means that are sufficient to the parties known or knowable; and the expression “a reasonable period” shall mean the period not less than three days from the counterparty is informed, unless otherwise agreed by the parties or customary in transaction.
Article 9
The expression "a certificate issued by a certification authority" as set forth in Subparagraph 1, Article 6 of the Act, the assurance level for the identification and authentication process during a subscriber’s initial registration shall be at least equivalent to one of the following standards:
1. “Level of Assurance 3-High” or above, as defined in ISO/IEC 29115.
2. “Identity Assurance Level 2 (IAL2)” or above, as defined in US NIST SP 800-63A Digital Identity Guidelines.
3. “Substantial Level of Assurance for Digital Identity” or above, as defined in EU eIDAS Regulation.
1. “Level of Assurance 3-High” or above, as defined in ISO/IEC 29115.
2. “Identity Assurance Level 2 (IAL2)” or above, as defined in US NIST SP 800-63A Digital Identity Guidelines.
3. “Substantial Level of Assurance for Digital Identity” or above, as defined in EU eIDAS Regulation.
Article 10
The expression “law” as set forth in Paragraph 1, Article 11 of the Act shall mean laws and regulations particularly and expressly authorized by laws.
For any announcement published by a government agency in accordance with Paragraph 2, Article 11 of the Act, the competent authority shall be informed.
For any announcement published by a government agency in accordance with Paragraph 2, Article 11 of the Act, the competent authority shall be informed.
Article 11
The expression "to provide services for issuing certificates" as set forth in Paragraph 1, Article 12 of the Act shall mean that a certificate issued by a certification authority may be used by the certificate subscriber as a proof to sign an electronic record with a third party other than the certification authority.
Article 12
When a certification authority files an application, in accordance with Paragraph 1, Article 12 of the Act, to the competent authority for approval, the application form and the following documents shall be submitted:
1. The certification practice statement;
2. A checklist of the required information for the certification practice statement; and
3. Other documents required by the competent authority.
A certification authority that is not a government agency shall, in addition to those required in the preceding paragraph, submit the following documents:
1. The juristic person’s registration certificate;
2. The explanation of its organization and share structure;
3. The Notice of Profit-Seeking Enterprise Income Tax Return, copies of balance sheet and comprehensive income statements, or the copy of the Notice of Assessment for Income from Professional Practice for the most recent period.
If a certification authority that is not a government agency has provided certification service to the public upon the competent authority’s approval of its certification practice statement before the enforcement of the amendments to these Rules, it shall submit various documents under the preceding paragraph to the competent authority for recordation within six months after the enforcement of the amendments to these Rules.
The format of the application form and documents under Paragraphs 1 and 2 shall be prescribed by the competent authority.
1. The certification practice statement;
2. A checklist of the required information for the certification practice statement; and
3. Other documents required by the competent authority.
A certification authority that is not a government agency shall, in addition to those required in the preceding paragraph, submit the following documents:
1. The juristic person’s registration certificate;
2. The explanation of its organization and share structure;
3. The Notice of Profit-Seeking Enterprise Income Tax Return, copies of balance sheet and comprehensive income statements, or the copy of the Notice of Assessment for Income from Professional Practice for the most recent period.
If a certification authority that is not a government agency has provided certification service to the public upon the competent authority’s approval of its certification practice statement before the enforcement of the amendments to these Rules, it shall submit various documents under the preceding paragraph to the competent authority for recordation within six months after the enforcement of the amendments to these Rules.
The format of the application form and documents under Paragraphs 1 and 2 shall be prescribed by the competent authority.
Article 13
When a certification authority files an application to the competent authority for modification of its certification practice statement, in accordance with Paragraph 1, Article 12 of the Act, the application form and the following documents shall be submitted:
1. The modified certification practice statement and the checklist of the required information for the certification practice statement thereof;
2. A comparison table of content variation; and
3. Other documents required by the competent authority.
The format of the application form and documents stipulated in the preceding paragraph shall be prescribed by the competent authority.
1. The modified certification practice statement and the checklist of the required information for the certification practice statement thereof;
2. A comparison table of content variation; and
3. Other documents required by the competent authority.
The format of the application form and documents stipulated in the preceding paragraph shall be prescribed by the competent authority.
Article 14
For the service provided by a certification authority in the performance of its certification practice statement, the competent authority may conduct audit thereof, if necessary, and the certification authority shall cooperate therein.
For the audit under the preceding paragraph, the competent authority may delegate its subordinate agency, or commission other agency, juristic person or group to conduct such audit.
For the audit under the preceding paragraph, the competent authority may delegate its subordinate agency, or commission other agency, juristic person or group to conduct such audit.
Article 15
All the documents to be submitted along with any application filed by a certification authority in accordance with the Act and these Enforcement Rules must be written in Chinese; and for the relevant scientific (and technical) terminologies, if any, the Chinese translation as published by the National Academy for Educational Research shall be used as the standard translation thereof provided that such Chinese translation must be followed by the original nomenclature of such scientific (or technical) terminology in a foreign language.
If the aforementioned documents are in a foreign language, the original foreign language documents or the photocopy thereof shall be attached as well.
In respect of the format of relevant documents to be submitted by a foreign certification authority in its application for permission, the Regulations Governing Permission of Foreign Certification Service Providers shall be followed.
If the aforementioned documents are in a foreign language, the original foreign language documents or the photocopy thereof shall be attached as well.
In respect of the format of relevant documents to be submitted by a foreign certification authority in its application for permission, the Regulations Governing Permission of Foreign Certification Service Providers shall be followed.
Article 16
The term "archives and records" referred to in Subparagraph 4, Paragraph 1, Article 13 of the Act shall include the following information:
1. Certificate subscribers’ registration information;
2. All the certificates already issued;
3. Certificate revocation list;
4. Status information of the certificates;
5. Various versions of the certification practice statement;
6. The certification policy;
7. The compliance audit or other assessment records;
8. Archival records; and
9. Other documents required by the competent authority.
In case a certificate subscriber has any objection to the certificate subscribers` registration information in Subparagraph 1 of the preceding Paragraph, such registration information shall not be applicable.
1. Certificate subscribers’ registration information;
2. All the certificates already issued;
3. Certificate revocation list;
4. Status information of the certificates;
5. Various versions of the certification practice statement;
6. The certification policy;
7. The compliance audit or other assessment records;
8. Archival records; and
9. Other documents required by the competent authority.
In case a certificate subscriber has any objection to the certificate subscribers` registration information in Subparagraph 1 of the preceding Paragraph, such registration information shall not be applicable.
Article 17
For the industrial investigation conducted in accordance with Article 19 of the Act, the competent authority may request certification authorities to provide the following information in the designated formats:
1. The population to which various certificates are issued.
2. Valid quantity of various certificates.
3. Other statistical data designated by the competent authority.
1. The population to which various certificates are issued.
2. Valid quantity of various certificates.
3. Other statistical data designated by the competent authority.
Article 18
These Enforcement Rules shall come into force from the date of promulgation.