Unofficial translation
This Law is directed to regulation of relations, arising upon creation and use of electronic documents, certified by electronic digital signatures, providing establishment, change or termination of legal relations, as well as rights and obligations of participants of legal relations, arising in the scope of circulation of electronic documents, including commission of civil transactions.
Chapter 1. General provisions
Article 1. Basic concepts used in this Law
The following basic concepts are used in this Act:
1) Authorized body in the field of informatization - the central executive body that performs management and inter-sectoral coordination in the field of informatization and e-government;
1-1) authorized body in the field of information security - the central executive body, which shall provide leadership and intersectoral coordination in the field of information security;
2) Special certification center - an authorized subdivision of the state body of the Republic of Kazakhstan, certifying the compliance of the public key of the electronic digital signature with the private key of the electronic digital signature, carrying out activities related to the use of information constituting state secrets;
2-1) accreditation of a special certification center - official recognition by the National Security Committee of the Republic of Kazakhstan of the competence of a special certification center in carrying out activities;
3) the authorized body in the sphere of archiving and documentation support of management - the central executive body, carrying out management in the sphere of archiving and documentation support of management;
4) certification centre - legal entity certifying the compliance of the public key of the electronic digital signature with the private key of the electronic digital signature, as well as confirming the authenticity of the registration certificate;
5) accreditation of the certification center - official recognition by the authorized body in the field of ensuring information security of the competence of the certification center in the provision of services;
5-1) a special root certification center of the Republic of Kazakhstan - a certification center that shall verify the belonging and validity of public keys of electronic digital signature of special certification centers;
5-2) certification center of state bodies of the Republic of Kazakhstan - certification center serving state bodies, officials of state bodies in information systems and other state information resources of state bodies of the Republic of Kazakhstan;
5-3) the root certification center of the Republic of Kazakhstan - a certification center that shall verify the belonging and validity of the public keys of the electronic digital signature of the certification centers;
5-4) a trusted third party of the Republic of Kazakhstan - an information system that, within the framework of cross-border interaction, shall confirm the authenticity of a foreign electronic digital signature and an electronic digital signature issued in the territory of the Republic of Kazakhstan;
5-5) the national certification center of the Republic of Kazakhstan - a certification center that shall provide electronic digital signature facilities and registration certificates to individuals or legal entities for the formation of electronic documents in state and non-state information systems;
6) Signatory - an individual or legal entity legally possessing the private key of an electronic digital signature and having the right to use it in an electronic document;
7) electronic copy of the document - a document that fully reproduces the type and information (data) of the original document in electronic digital form;
8) Excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiration of ten calendar days after the day of its first official publication);9) registration certificate - an electronic document issued by the certification center to confirm compliance of the electronic digital signature with the requirements established by this Law;
10) owner of the registration certificate - a natural person or a legal entity in the name of which the registration certificate was issued, legally holding the private key corresponding to the public key specified in the registration certificate;
11) Electronic archive - a set of archival electronic documents;
12) electronic document - a document in which the information is presented in electronic digital form and certified by means of electronic digital signature;
13) electronic document flow - exchange of electronic documents between state authorities, individuals and legal entities;
14) Electronic document management system - a system of electronic documents exchange, relations between the participants of which are regulated by this Law and other regulatory legal acts of the Republic of Kazakhstan;
15) member of the electronic document management system - a natural or legal person, state body or official participating in the processes of collection, processing, storage, transfer, search and distribution of electronic documents;
16) Electronic digital signature - a set of electronic digital symbols created by means of electronic digital signature and confirming reliability of an electronic document, its belonging and invariability of its content;
17) means of electronic digital signature - a set of software and hardware tools used for creation and verification of electronic digital signature authenticity;
18) public key of electronic digital signature - sequence of electronic digital symbols available to any person and intended for confirmation of authenticity of electronic digital signature in electronic document;
19) Private key of electronic digital signature - sequence of electronic digital symbols intended for creation of electronic digital signature with use of electronic digital signature means.
Footnote. Article 1 of the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon the expiration of ten calendar days after the date of its first official publication); as of 16.05.2018 № 155-VI (shall be enforced upon the expiration of ten calendar days after the date of its first official publication); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 2. The legislation of the Republic of Kazakhstan on electronic document and electronic digital signature
1. The legislation of the Republic of Kazakhstan on electronic document and electronic digital signature shall be based on the Constitution of this Law and other regulatory legal acts of the Republic of Kazakhstan.
2. If by the international treaty, ratified by the Republic of Kazakhstan, made other rules than those that contained in this Law, the rules of the international treaty shall be applied.
Article 3. Use of foreign registration certificate and exchange of electronic documents with participation of foreign individuals and legal entities
1. Upon regulation of legal relations, arising between the certifying center and owner of foreign registration certificate shall be applied the right of the state, in which the registration certificate was issued, unless otherwise established by agreement of parties.
2. Upon exchange of electronic documents with participation of foreign individuals and legal entities shall be applied the legislation of the Republic of Kazakhstan, unless otherwise established by agreement of parties.
Article 4. The competence of the Government of the Republic of Kazakhstan
Footnote. Article 4 as excluded by the Law of the Republic of Kazakhstan dated 19.04.2023 № 223-VII (shall enter into force upon expiry of ten calendar days after the day of its first official publication).
Article 5. Competence of the competent authorities
1. Authorized body in the field of informatization:
1) form and implement state policy in the field of electronic document and electronic digital signature;
2) develop and approve regulatory legal acts of the Republic of Kazakhstan in the field of electronic document and electronic digital signature;
3) as excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall enter into force upon expiry of sixty calendar days after the day of its first official publication).4) Excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication);
5) Approves the standard position of the certification centre;
6) approves the rules of issue, storage, revocation of registration certificates and confirmation of belonging and validity of the public key of the electronic digital signature by the certification centre, except for the root certification centre of the Republic of Kazakhstan, certification centre of state authorities, national certification centre of the Republic of Kazakhstan and trusted third party of the Republic of Kazakhstan;
7) Approves the rules of registration, re-registration and cancellation of object identifiers in the Kazakhstan segment of object identifiers;
8) Excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication);9) Approves the rules of registration and termination of interaction of certification centers, trusted third parties of foreign states with a trusted third party of the Republic of Kazakhstan;
10) Approves the rules for verifying the authenticity of electronic digital signatures;
11) Excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication);12) approves the rules for issuance, storage, revocation of registration certificates and confirmation of belonging and validity of the public key of the electronic digital signature by the root certification centre of the Republic of Kazakhstan, certification centre of state authorities and national certification centre of the Republic of Kazakhstan;
13) approves the rules of confirming the authenticity of the electronic digital signature by a trusted third party of the Republic of Kazakhstan;
13-1) coordinates the activities of the Root Certification Centre of the Republic of Kazakhstan, the Certification Centre of the State Authorities of the Republic of Kazakhstan, the National Certification Centre of the Republic of Kazakhstan and a trusted third party of the Republic of Kazakhstan;
13-2) excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication);13-3) develop and approve rules for the creation, use and storage of electronic digital signature private keys in the certification center in agreement with the authorized body in the field of information security;
14) exercise other powers stipulated by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
2. The authorized body in the sphere of archiving and documentation support of management:
1) form and implement state policy in the field of electronic document management and electronic archives;
2) provides intersectoral organizational and methodical management of the issues of electronic document management and electronic archives;
3) develops and approves normative legal acts of the Republic of Kazakhstan in the field of electronic document management and electronic archives;
4) carries out the state control over observance of the legislation of the Republic of Kazakhstan about the electronic document and the electronic digital signature in a part of electronic document circulation and electronic archives in acquisition sources of the National archive of the Republic of Kazakhstan, the central state archives;
5) Approves checklists, risk assessment criteria, half-yearly schedules of inspections in accordance with the Entrepreneurial Code of the Republic of Kazakhstan;
6) carry out other powers stipulated by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
3. Authorized body in the field of information security shall:
1) exercise state control over compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature;
2) draw up and approve the regulations for issuing and withdrawing certificates of accreditation for certification centres;
3) exercise other powers provided by this Law, other Laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
Footnote. Article 5 of the Law of the Republic of Kazakhstan of 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); as amended by the laws of the Republic of Kazakhstan of 28.12.2017 № 128-VI (shall be enforced upon the expiration of ten calendar days after the date of its first official publication); dated 16.05.2018 № 155-VI (shall be enforced upon the expiration of ten calendar days after the date of its first official publication); dated 25.11.2019 № 272-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication); № 141-VII of 14.07.2022 (shall be brought into force ten calendar days after the date of its first official publication); dated 19.04.2023 № 223-VII (shall enter into force upon expiry of ten calendar days after its first official publication); dated 21.05.2024 № 86-VIII (shall enter into force upon expiry of sixty calendar days after its first official publication).Article 5-1. State control in the sphere of electronic document and electronic digital signature
1. State control in the field of electronic document and electronic digital signature shall be carried out in the form of an unscheduled inspection and preventive control with a visit to the subject (object) of control in accordance with the Entrepreneurial Code of the Republic of Kazakhstan, unless otherwise established by part two of this paragraph.
In relation to state bodies, state control shall be carried out over compliance with the legislation of the Republic of Kazakhstan on electronic documents and electronic digital signatures in accordance with this Law.
The requirement of this paragraph shall not apply to the National Bank of the Republic of Kazakhstan and organizations included in its structure, and legal entities, fifty or more percent of voting shares (stakes in the authorized capital) of which belong to the National Bank of the Republic of Kazakhstan or are in its trust management, as well as special state bodies of the Republic of Kazakhstan.
2. Is excluded by the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Footnote. Chapter 1 is supplemented by article 5-1 in accordance with the Law of the Republic of Kazakhstan dated 17.07.2009 № 188-IV (the order of introduction into effect see article 2); with changes introduced by the laws of the Republic of Kazakhstan dated 06.01.2011 № 378-IV (shall be enforced upon the expiration of ten calendar days after its first official publication); dated 29.10.2015 № 376-V (shall be enforced dated 01.01.2016); dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).
Article 5-2. Competence of local executive bodies of the region, the city of republican importance and the capital
1. Local executive bodies of the region, cities of national importance and the capital:
1) implement the state policy in the sphere of electronic document management and electronic archives on the territory of the region, the city of republican importance and the capital;
2) carry out methodical management of issues of electronic document management and electronic archives in the region, the city of national importance and the capital;
3) carry out state control over compliance with the legislation of the Republic of Kazakhstan on an electronic document and electronic digital signature, with the exception of sources of acquisition of the National Archive of the Republic of Kazakhstan and central state archives;
4) carry out in the interests of local state administration other powers assigned to local executive bodies by the legislation of the Republic of Kazakhstan.
Footnote. Chapter 1 has been supplemented by Article 5-2 of the Law of the Republic of Kazakhstan dated 16.05.2018 № 155-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); as amended by Law of the Republic of Kazakhstan dated 05.07.2024 № 115-VIII (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 5-3. Competence of the National Security Committee of the Republic of Kazakhstan
National Security Committee of the Republic of Kazakhstan shall:
1) approve the rules for issuing, storing, revoking registration certificates and confirming the ownership and validity of the public key of the electronic digital signature by a special root certification center of the Republic of Kazakhstan;
2) coordinate the activities of the special root certification center of the Republic of Kazakhstan;
3) exercise other powers provided by this Law, other Laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan.
Footnote. Chapter 1 as added by the Article 5-3 in accordance with the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 5-4. The procedure for conducting state control in relation to state bodies over compliance with the legislation of the Republic of Kazakhstan on electronic documents and electronic digital signatures
1. State control over compliance with the legislation of the Republic of Kazakhstan on electronic documents and electronic digital signatures in relation to state bodies (hereinafter - the subjects of control) shall be conducted by the authorized body in the field of information security in the form of inspections.
Inspections are divided into periodic and unscheduled.
Periodic inspections in relation to subjects of control shall be carried out according to the following sources of information:
1) the results of previous inspections;
2) the results of monitoring reports and information;
3) the results of analysis of the Internet resources of state bodies;
4) information from the operator of the information and communication infrastructure of “electronic government”.
2. Periodic inspections shall be conducted at intervals of no more than once a year in accordance with the plan for conducting periodic inspections, approved by the first head of the authorized body in the field of information security.
The authorized body in the field of information security, no later than December 1 of the year preceding the year of inspections, shall approve a plan for conducting periodic inspections.
The plan for conducting periodic inspections shall be posted on the Internet resource of the authorized body in the field of information security no later than December 20 of the year preceding the year of inspections.
The periodic inspection plan includes:
1) number and date of approval of the plan;
2) name of the state body;
3) name of the subject of control;
4) location of the subject (object) of control;
5) timing of the inspection;
6) subject of inspection;
7) signature of the person authorized to sign the plan.
Amendments and additions to the plan for conducting periodic inspections shall be carried out in cases of liquidation, reorganization of the subject of control, change of its name, or redistribution of powers between the subjects of control.
3. An unscheduled inspection is an inspection appointed by the authorized body in the field of information security in the following cases:
1) the presence of confirmed requests to the subject of control, received from individuals and legal entities, about violation of the requirements of the legislation of the Republic of Kazakhstan on an electronic document and electronic digital signature;
2) appeals from individuals and legal entities whose rights and legitimate interests have been violated;
3) demands of the prosecutor on specific facts of causing or threat of causing harm to the rights and legitimate interests of individuals and legal entities, the state;
4) appeals from state bodies on specific facts of harm to the rights and legitimate interests of individuals and legal entities, the state, as well as on specific facts of violations of the requirements of the legislation of the Republic of Kazakhstan, the failure to eliminate which entails harm to the rights and legitimate interests of individuals and legal entities;
5) instructions from the criminal prosecution body on the grounds provided for by the Criminal Procedure Code of the Republic of Kazakhstan;
6) the need to monitor the execution of the report on the results of the inspection.
4. Officials of the authorized body in the field of information security when conducting an inspection shall have the right to:
1) unhindered access to the territory and premises of the subject (object) of control in accordance with the subject of inspection upon presentation of the documents specified in paragraph 8 of this Article;
2) receive documents (information) on paper and electronic media or copies thereof for inclusion in the report on the results of inspection, as well as access to automated databases (information systems) in accordance with the subject of inspection;
3) carry out audio, photo and video recording;
4) attract specialists, consultants and experts from state bodies, subordinate and other organizations.
5. Subjects of control or their authorized representatives when conducting an inspection shall have the right:
1) not to allow officials of the authorized body in the field of information security who arrived to conduct the inspection to an inspection in the following cases:
exceeding or expiration of the deadlines specified in the act on appointment of the inspection (additional act on extension of the deadline, if any), which do not correspond to the deadlines established by this Article;
absence of documents provided for in paragraph 8 of this Article;
2) to appeal the act on the results of the inspection in the manner established by the legislation of the Republic of Kazakhstan.
6. Subjects of control or their authorized representatives when conducting an inspection shall be obliged to:
1) ensure unimpeded access for officials of the authorized body in the field of information security to the territory and premises of the subject (object) of control;
2) provide officials of the authorized body in the field of information security with documents (information) on paper and electronic media or copies thereof for inclusion in the report on the results of the inspection, as well as access to automated databases (information systems) in accordance with the subject of the inspection;
3) make a note on the second copy of the act on the appointment of the inspection and the act on the results of the inspection on the day of its completion.
7. The inspection shall be carried out on the basis of an act on the inspection appointment.
The act on the inspection appointment shall indicate:
1) date and number of the act;
2) name of the state body;
3) surname, name, patronymic (if it is indicated in the identity document), and position of the person (persons) authorized to conduct the inspection;
4) information about specialists, consultants, and experts of state bodies, subordinate and other organizations involved in conducting the inspection;
5) name of the subject of control, its location.
In the case of an inspection of a structural unit of a state body, the act on the appointment of the inspection shall indicate its name and location;
6) subject of inspection;
7) type of inspection;
8) the period for conducting the inspection;
9) the grounds for conducting the inspection;
10) period under inspection;
11) rights and obligations of the subject of control;
12) signature of the head of the subject of control or his authorized person on receipt or refusal to receive the act;
13) signature of the person authorized to sign the act.
When conducting an inspection, the authorized body in the field of information security shall be obliged to notify the subject of control about the start of the inspection at least one day before its start, indicating the subject of the inspection.
The beginning of the inspection shall be considered to be the date of delivery to the subject of control of the act on the appointment of the inspection.
8. Officials of the authorized body in the field of information security who arrived at the facility for inspection shall be required to present to the subject of control:
1) an act on the appointment of an inspection;
2) service ID or identification card;
3) if necessary, permission from the competent authority to visit sensitive facilities.
9. The period for conducting an inspection shall be established taking into account the subject of the inspection, as well as the volume of works to be done, and should not exceed ten working days.
The inspection period can be extended only once by no more than fifteen working days. The extension shall be carried out by the decision of the head of the authorized body in the field of information security.
Extension of the inspection period shall be formalized by an additional act on the extension of the inspection period with a notification to the subject of control, which indicates the date and order number of the previous act on the appointment of the inspection and the reasons for the extension.
A notification on the extension of the inspection period shall be given to the subject of control by the authorized body in the field of information security one working day before the extension with a delivery notice.
10. Based on the inspection results, the officials of the authorized body in the field of information security carrying out the inspection shall draw up a report on the inspection results.
The first copy of the act on the results of the inspection in electronic form shall be submitted to the state body carrying out activities in the field of state legal statistics and special accounting within its competence, the second copy with copies of appendices, except for copies of documents available in the original from the subject of control, on paper under signature or in electronic form shall be handed over to the subject of control (to the head or his authorized person) for familiarization and taking measures to eliminate the identified violations and other actions, the third copy remains with the authorized body in the field of information security.
11. The act on the results of the inspection shall indicate:
1) date, time and place of drawing up the act;
2) name of the state body;
3) number and date of the act on the appointment of an inspection (additional act on the extension of the period, if any);
4) surname, name, patronymic (if it is indicated in the identity document) and position of the person (persons) who conducted the inspection;
5) information about specialists, consultants, and experts of state bodies, subordinate and other organizations involved in conducting the inspection;
6) name of the subject of control, its location;
7) subject of inspection;
8) type of inspection;
9) date and period of the inspection;
10) information about the results of the inspection, including the violations identified and their nature;
11) requirements to eliminate identified violations of the requirements of the legislation of the Republic of Kazakhstan on an electronic document and electronic digital signature, indicating the deadline for their execution;
12) information about familiarization or refusal to familiarize with the act of the head of the subject of control or his authorized person, as well as persons present during the inspection, their signatures or a record of refusal to sign;
13) signature of the officials who conducted the inspection.
Documents related to the inspection results (if any) and their copies shall be attached to the report on the results of the inspection.
12. If there are comments and (or) objections based on the results of the inspection, the subject of control shall state them in writing. Comments and (or) objections shall be attached to the report on the results of the inspection, about which a corresponding note is made.
The authorized body in the field of information security must consider the comments and (or) objections of the subject of control to the report on the results of the inspection and give a reasoned response within fifteen working days.
In case of refusal to accept an act on the results of the inspection, an act shall be drawn up and signed by the officials carrying out the inspection and the head of the subject of control or his authorized representative.
The subject of control shall have the right to refuse to sign the act by giving a written explanation on the reason for the refusal.
13. The end of the inspection period shall be considered to be the day of delivery to the subject of control of the report on the results of the inspection no later than the end date of the inspection specified in the act on the appointment of the inspection or an additional act on the extension of the inspection period.
14. The terms of execution of the act on the results of the inspection shall be determined taking into account the circumstances influencing the real possibility of its execution, but not less than ten calendar days from the date of delivery of the act on the results of inspection.
15. When determining the deadlines for the execution of the act on the results of the inspection, the following shall be taken into account:
1) availability of organizational and technical capabilities to eliminate violations at the subject of control;
2) the deadlines for obtaining mandatory conclusions, approvals, and other documents from state bodies established by the laws of the Republic of Kazakhstan.
16. After the expiration of the deadline for eliminating the identified violations established in the act on the results of the inspection, the subject of control shall be obliged, within the period established in the act on the results of the inspection, to provide the authorized body in the field of information security with information about the elimination of the identified violations with supporting documents.
In case of failure to provide information on the elimination of identified violations, the authorized body in the field of information security shall have the right to appoint an unscheduled inspection in accordance with subparagraph 6) of paragraph 3 of this Article.
17. In case of violation of the rights and legitimate interests of the subject of control during an inspection, the subject of control shall have the right to appeal the decisions, actions (inaction) of officials of the authorized body in the field of ensuring information security to a higher official or to the court in the manner established by the legislation of the Republic of Kazakhstan.
Footnote. Chapter 2 has been supplemented by Article 5-4 in accordance with the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Chapter 2. Electronic document
Article 6. Principles of electronic document management system
Electronic document management system shall be carried out in the state and non-state information systems on the basis of the following principles:
1) functioning of various systems of electronic document management system;
2) use of electronic documents in any area where information and communication technology is used to create, process, store, transmit, provide and validate data;
3) transfer of electronic documents with the use of any information systems.
Footnote. Article 6 as amended by the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); № 141-VII of 14.07.2022 (shall be promulgated ten calendar days after the date of its first official publication).Article 7. Requirements to the electronic document management system
1 An electronic document complying with the requirements of this Law and certified by the electronic digital signature of the person authorized to sign it shall be equivalent to a signed document on paper.
2. An electronic document shall be deemed to have been sent from the moment of its transmission through the telecommunication networks.
3. Incoming electronic document shall be considered as received after its fixation in the information system of addressee.
4. Notification on reception shall contain the data on the fact and time of reception of electronic document and its sender. In the case of its non-reception to the author shall be considered that the document is not received by addressee.
4-1. In the cases, established by the legislation of the Republic of Kazakhstan, the electronic copy of document shall be presented for rendering of the state service.
5. The procedure for electronic document management shall be determined by the authorized body in the field of archiving and documentation support for management.
6. The procedure for the collection, processing, storage, transfer, search, dissemination, application, protection, registration, confirmation and destruction of electronic documents and other data comprising information constituting state secrets, using information systems in protected version classified as state secrets, as well as the procedure for the establishment, accreditation and termination of the special certification centre shall be established by the National Security Committee of the Republic of Kazakhstan.
7. The requirements of paragraphs 2, 3 and 4 of this Article shall not apply to electronic documents filed via the digital document service.
Footnote. Article 7 is in the wording of the Republic of Kazakhstan dated 04.06.2009 № 162-IV (the order of enforcement see Article 2); as amended by the Law of the Republic of Kazakhstan dated 10.07.2012 № 36-V (shall be enforced upon expiry of ten calendar days after its first official publication); dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); № 141-VII of 14.07.2022 (shall enter into force ten calendar days after the date of its first official publication); dated 19.04.2023 № 223-VII (shall enter into force upon expiry of ten calendar days after its first official publication).Article 8. Storage of electronic documents
Electronic documents shall be stored in the state and (or) non-state information systems in the manner established by the legislation of the Republic of Kazakhstan.
Electronic documents held in public and/or non-public information systems may be used and made available via a digital document service.
Footnote. Article 8 as amended by the Law of the Republic of Kazakhstan № 141-VII of 14.07.2022 (shall be enacted ten calendar days after the date of its first official publication).Article 9. Rights and obligations of participant of the system of electronic document management system
1. Participant of the system of electronic document management system shall have a right to:
1) apply to the certifying center for approval of belonging and validity of public key of electronic digital signature, registered by this certifying center;
2) serve by several certifying centers.
2. Participant of the system of electronic document management system shall be obliged to observe the established rules of electronic document management system.
Footnote. Article 9 as amended by the Law of the Republic of Kazakhstan dated 20 December, 2004 № 13 (shall be enforced from 1 January 2005).Chapter 3. Electronic digital signature
Article 10. Use of electronic digital signature
1. Electronic digital signature is equivalent to the autograph signature of signed person and entail the same legal consequences upon execution of the following conditions:
1) certified the authenticity of electronic digital signature using the public key, having the registration certificate;
2) a person signed the electronic document, lawfully in possession of private key of electronic digital signature;
3) electronic digital signature is used in accordance with details, specified in the registration certificate;
4) the electronic digital signature is created and the registration certificate is issued by the accredited certifying center of the Republic of Kazakhstan or foreign certifying center registered in the trusted third party of the Republic of Kazakhstan.
2. The private keys of the electronic digital signature shall be the property of the persons legally holding them.
A person may have the private keys of the electronic digital signature for various information systems. Private keys of electronic digital signature may not be transferred to other persons.
Closed electronic digital signature keys can be stored in the certification center in accordance with the rules for creating, using and storing closed electronic digital signature keys in the certification center.
3. The head of a legal entity or a person replacing him shall have the right to authorize an employee of this legal entity or a person appointed by him to sign an electronic document. In this case, each employee uses a registration certificate and the corresponding private key of an electronic digital signature received in his name.
Footnote. Article 10 as amended by the Law of the Republic of Kazakhstan dated 15.07.2010 № 337-IV (the order of enforcement see Article 2); dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication); dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 11. Means of electronic digital signature
Means of electronic digital signature shall be subject to confirmation of conformity in cases and order established by the legislation of the Republic of Kazakhstan in the field of technical regulation.
Footnote. Article 11 of the Law of the Republic of Kazakhstan dated 29.10.2015 № 376-V (shall be enforced dated 01.01.2016).Article 12. Electronic digital signature in the system of electronic document management system
1. Electronic digital signature may be used by the civil servants of the state bodies upon certification of electronic documents, issued by them within their competence.
2. In the non-state systems of electronic document management system the electronic digital signature shall be used in the manner established by the civil legislation of the Republic of Kazakhstan.
Footnote. Article 12 as amended by the Law of the Republic of Kazakhstan dated 15.07.2010 № 337-IV (the order of enforcement see Article 2).Article 13. Recognition of a foreign electronic digital signature
A foreign electronic digital signature having a foreign registration certificate shall be recognized on the territory of the Republic of Kazakhstan in the following cases:
1) authenticated foreign electronic digital signature by a trusted third party of the Republic of Kazakhstan;
2) the person who signed the electronic document rightfully shall own the private key of the foreign electronic digital signature;
3) a foreign electronic digital signature shall be used in accordance with the information specified in the registration certificate;
4) formed by means of electronic digital signature of a foreign certification center registered in a trusted third party of the Republic of Kazakhstan, or a foreign certification center registered in a trusted third party of a foreign state registered in a trusted third party of the Republic of Kazakhstan.
Footnote. Article 13 in the wording of the Law of the RK dated 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Chapter 4. Registration certificate
Article 14. Issuance of registration certificate
The registration certificate shall be issued to a person who has reached the age of sixteen in accordance with the procedure established by the authorized body in the field of informatization.
Footnote. Article 14 as amended by the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016).Article 14-1. Refusal to issue a registration certificate
The certification centre refuses to issue a registration certificate in cases:
1) incompleteness of the submitted documents;
2) submission of false information;
3) in accordance with the decision of the court which has come into force;
4) a person's failure to reach the age of sixteen years.
Footnote. Chapter 4 has been supplemented by Article 14-1 of the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016).Article 15. The content of registration certificate
1. Registration certificate shall contain the following details:
1) number of registration certificate and the term of its validity;
2) data, allowing to identify the owner of electronic digital signature;
3) public key of electronic digital signature;
4) excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication);5) information on the scopes of application and restrictions of application of electronic digital signature;
6) requisites of relevant certifying center.
2. Certifying center in coordination with participant of the system of electronic document management system shall include additional information, necessary for the electronic document management system to the registration certificate.
Footnote. Article 15 as amended by the Law of the Republic of Kazakhstan dated 27.04.2012 № 15-V (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 16. Procedure and term of storage of registration certificates in the certifying centers
1. Copies of registration certificates shall be stored in the relevant certifying centers in the manner established by the authorized body.
2. The term of storage of revoked registration certificates in the certifying centers shall consist not less than five years.
3. Upon expire of the term, specified in paragraph 2 of this Article, revoked registration certificates shall be received to the archiving in the manner established by the legislation of the Republic of Kazakhstan.
Article 17. Rights and obligations of the owner of registration certificate
1. The owner of registration certificate shall have a right to require the revocation of registration certificate from the certifying center in the cases, if it involves the violation of the regime of access to the private key of electronic digital signature, relevant to the public key, specified in the registration certificate.
2. The owner of registration certificate shall be obliged to:
1) provide reliable information to the certifying center;
2) use the private key, relevant to the public key, specified in the registration certificate;
3) Is excluded by the Law of the Republic of Kazakhstan dated 27.04.2012 № 15-V (shall be enforced upon expiry of ten calendar days after its first official publication);4) take measures to protect the private key of the electronic digital signature belonging to him from unauthorized access and use, as well as store and transfer the public key for verifying the electronic digital signature along with the electronic document.
Footnote. Article 17 as amended by the Laws of the Republic of Kazakhstan dated 15.07.2010 № 337-IV (the order of enforcement see Article 2); dated 27.04.2012 № 15-V (shall be enforced upon expiry of ten calendar days after its first official publication); dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 18. Withdrawal of registration certificate
1. The certifying center issuing the registration certificate shall revoke it on the basis of the relevant notification in the following cases:
1) at the request of the holder of the registration certificate or his representative;
2) in establishing the fact of submission of false information or incomplete package of documents upon receipt of registration certificate;
3) death of the holder of the registration certificate;
4) changes of the surname, first name or patronymic (if it is indicated in the identity document) of the holder of the registration certificate;
5) change of name, reorganization, liquidation of legal entity - owner of registration certificate, change of head of legal entity;
6) provided by the agreement between the certification center and the holder of the registration certificate;
7) by a court decision that has entered into force.
2. The certification center shall withdraw the registration certificate in accordance with the procedure and time limits established by the legislation of the Republic of Kazakhstan.
3. When revoking a registration certificate, the certification center shall be obliged to make changes to the register of registration certificates within one day from the moment of receipt of the relevant information.
Footnote. Article 18 in the wording of the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 19. Recognition of foreign registration certificates
Footnote. Article 19 excluded by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).
Chapter 5. Certifying center
Article 20. An activity of certifying center
1. Certifying center shall be a legal entity, created in accordance with the legislation of the Republic of Kazakhstan.
2. Certifying center may serve several systems of electronic document management system.
Footnote. Article 20 is in the wording of the Law of the Republic of Kazakhstan dated 15.07.2011 № 461-IV (shall be enforced from 30.01.2012).Article 20-1. The state monopoly in the scope of electronic document and electronic digital signature
A footnote. Article 20-1 is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
Article 20-2. Accreditation of certification centres
1. Accreditation of certification centers shall be a prerequisite for certification centers (with the exception of the root certification center of the Republic of Kazakhstan) to carry out their activities in the territory of the Republic of Kazakhstan. Accreditation shall be carried out by an authorized body in the field of ensuring information security in relation to certification centers that shall be legal entities of the Republic of Kazakhstan.
2. Accreditation of the certification centre is free of charge for a period of three years, unless a shorter period is specified in the application of the certification centre.
3. Accreditation of special certification centers shall be a prerequisite for special certification centers (with the exception of the special root certification center of the Republic of Kazakhstan) to carry out their activities in the territory of the Republic of Kazakhstan.
Footnote. Chapter 5 is supplemented by Article 20-2 in accordance with the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); with changes introduced by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 21. Functions of certifying center
1. Certifying center shall:
1) create the keys of electronic digital signatures by application of participants of the system of electronic document management system with adoption of measures for protection of private keys of electronic digital signature from illegal access;
2) issue, register, revoke, store the registration certificates, maintain register of registration certificates, issued in the established procedure;
2-1) approve the rules of application of registration certificates;
3) carry out accounting of effective and revoked registration certificates;
4) approved belonging and validity of public key of electronic digital signature, registered by the certifying center in the manner established by the legislation of the Republic of Kazakhstan;
5) (Is excluded)2. The Certification centre shall take all necessary measures to prevent loss, modification and counterfeiting of stored public keys and/or private keys of electronic digital signature.
3. Certifying center shall bear responsibility in accordance with the Laws of the Republic of Kazakhstan for non-performance of obligation, provided by paragraph 2 of this Article.
4. The functions of the certification centre of the state bodies of the Republic of Kazakhstan, the national certification centre of the Republic of Kazakhstan and the root certification centre of the Republic of Kazakhstan shall be provided by the operator of the information and communication infrastructure of the "electronic government" defined in accordance with the Law of the Republic of Kazakhstan "On informatization"
5. The National Security Committee of the Republic of Kazakhstan shall provide the functions of a special root certification center of the Republic of Kazakhstan.
Footnote. Article 21 as amended by the Law of the Republic of Kazakhstan dated 20 December, 2004 № 13 (shall be enforced from 1 January, 2005); dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); dated 28.12.2017 № 128-VI (shall be enforced upon the expiration of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 22. Termination of activity of certifying center
1. An activity of certifying center shall be terminated in the manner established by the legislation of the Republic of Kazakhstan.
2. In the event of a decision to terminate its activities, the certification center must inform all participants of the electronic document management systems it serves and the authorized body in the field of information security thirty calendar days before the termination of activities.
3. Upon termination of activity of certified center, the registration certificates and relevant keys of electronic digital signature, issued them, details on the owners of registration certificates shall be transferred to other certifying centers by coordination with the owner of registration certificate.
4. Upon expire of the term, specified in paragraph 2 of this Article, the registration certificates and relevant keys of electronic digital signatures, not transferred to other certifying centers shall terminate its activity and subject to storage in accordance with the legislation of the Republic of Kazakhstan.
Footnote. Article 22 as amended by the Law of the RK dated 25.06.2020 № 347-VI (shall enter into force upon expiry of ten calendar days after the day of its first official publication).Article 23. Protection of details on the owners of registration certificates, private and public keys of electronic digital signatures
1. Certifying center shall ensure protection of details on the owners of registration certificates and disclose them in the cases, provided by the legislation of the Republic of Kazakhstan.
2. Details on the owners of registration certificates, being confidential in accordance with agreement of parties shall not be included in the public register of registration certificates.
Chapter 6. Final provisions
Article 24. Responsibility for violation of the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature
Persons who guilty in violation of the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature shall bear responsibility provided by the Laws of the Republic of Kazakhstan.
Refusal to accept electronic documents in cases stipulated by the Laws of the Republic of Kazakhstan, as well as non-delivery of electronic documents to the addressee by blocking software and (or) technical means of the electronic document management system shall not be allowed.
Footnote. Article 24 as amended by the Law of the Republic of Kazakhstan dated 24.11.2015 № 419-V (shall be enforced dated 01.01.2016); dated 05.07.2024 № 115-VIII (shall enter into force upon expiry of six months after its first official publication).Article 25. Consideration of disputes
The disputes arising upon the use of electronic document and electronic digital signature shall subject to consideration in the judicial procedure in accordance with the legislation of the Republic of Kazakhstan.
Article 26. The order of enforcement of this Law
This Law shall be enforced from 1 July, 2003.
|
The President of the Republic of Kazakhstan |
