Unofficial translation
This Law regulates public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in creation, development and operation of informatization facilities, as well as with state support for the development of information and communication technologies industry.
SECTION 1. BASICS OF REGULATION OF RELATIONS IN THE FIELD OF INFORMATIZATION Chapter 1. GENERAL PROVISIONS
Article 1. General provisions, used in this Law
The following basic concepts are used in this Law:
1) automation - the process of using means of information and communication technologies to optimize the creation, search, collection, storage, processing, receipt, use, transformation, display, distribution and provision of information;
2) informatization - organizational, socio-economic and scientific and technical process aimed at automating the activities of subjects of informatization;
3) service model of informatization – automation of state functions and provision of state services arising from them through the purchase of information and communication services;
3-1) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);3-2) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
4) objects of informatization – electronic information resources, software, Internet resource and information and communication infrastructure;
5) owner of objects of informatization - a subject to whom the owner of objects of informatization has provided the rights to own and use objects of informatization in the limits and order determined by law or agreement;
5-1) integration of objects of informatization -measures for organization and provision of information interaction between the objects of informatization on the basis of standard protocols of data transfer used in the Republic of Kazakhstan;
6) classifier of objects of informatization (hereinafter - classifier) - a systemized list of categories aimed at identification and description of objects of informatization;
6-1) development of the object of informatization – a stage of life cycle of the object of informatization, during which a set of measures for implementation of additional functional requirements, as well as modernization of the object of informatization put into industrial operation in order to optimize its functioning and (or) expansion of functionality shall be carried out;
6-2) introduction of the object of informatization – stage of creation or development of the object of informatization, aimed at conducting a complex of actions for commissioning of the object of informatization, including preparation of the automation object and personnel, pre- commissioning, preliminary and acceptance tests;
6-3) maintenance of the object of informatization – ensuring the use of the object of informatization, put into industrial operation in accordance with its purpose, including measures on conducting corrections, modifications and elimination of software defects, without modernization and implementation of additional functional requirements and subject to maintaining its integrity;
6-4) creation of the object of informatization - a stage in the life cycle of informatization, during which implementation of a complex of organizational and technical measures aimed at development, trial operation, introduction of the object of informatization are carried out, as well as acquisition and (or) property rent (lease) of hardware and software complex necessary for its functioning;
6-5) industrial operation of the object of informatization - a stage in the life cycle of the object of informatization, during which the use of an object of informatization in the normal mode is carried out in accordance with the goals, objectives and requirements set forth in technical documentation and normative-technical documentation;
6-6) trial operation of the object of informatization - operation of the object of informatization in the pilot zone, aimed at identifying and eliminating defects of its functioning and determining compliance with the requirements of technical documentation;
6-7) life cycle of the object of informatization - a set of stages for creation, industrial operation, development and termination of industrial operation of the object of informatization;
7) information security in the field of informatization (hereinafter - information security) - the condition of protection of electronic information resources, information systems and information and communication infrastructure from external and internal threats;
8)is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);9) expert council in the field of informatization (hereinafter referred to as the expert council) - an interdepartmental commission under the authorized body that considers issues of informatization of the activities of state bodies, with the exception of special state bodies;
10) authorized body in the field of informatization (hereinafter - authorized body) - central executive body exercising management and intersectoral coordination in the field of informatization and "electronic government";
11) subjects of informatization - state bodies, individuals and legal entities exercising activities or entering into legal relations in the field of informatization;
12) information system - an organizationally ordered set of information and communication technologies, maintenance personnel and technical documentation that implement certain technological activities through information interaction and specific functional tasks designed to solve;
13) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);14) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
15) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
16) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
17) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
18) audit of the information system - an independent survey of the information system in order to improve the efficiency of its use;
19) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);20) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
21) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
22) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
23) information and communication infrastructure - a set of objects of information and communication infrastructure designed to ensure the functioning of the technological environment in order to generate electronic information resources and provide access to them;
24) critically important objects of information and communication infrastructure – objects of information and communication infrastructure, the violation or termination of the functioning of which leads to illegal collection and processing of personal data restricted access and other information containing legally protected secrets, emergency situation of a social and (or) man-made nature or to significant negative consequences for defense, security, international relations, the economy, certain areas of the economy or for the life of the population living in the relevant territory, including infrastructure: heat supply, electricity, gas supply, water supply, industry, healthcare, communications, banking, transport, hydraulic structures, law enforcement, "electronic government";
25) information and communication infrastructure facilities - information systems, technology platforms, hardware and software complexes, server rooms, data processing centers, telecommunication networks, as well as systems for ensuring information security and uninterrupted operation of technical equipment;
26) information and communication service – a service or a set of services for property hiring (leasing, temporary use) and (or) placing of computing resources, providing software, software products, service software products and technical means for use, including communication services, through functioning of which these services are provided;
26-1) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);27) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
28) information and communication technologies - a set of methods of working with electronic information resources and methods of information interaction, implemented with the use of hardware and software complex and telecommunication network;
29) branch of information and communication technologies - a branch of the economy connected with the design, production and sale of software, technical means, domestic electronics and its components, as well as providing information and communication services;
29-1) threat to information security - a set of conditions and factors that create prerequisites for the occurrence of an information security incident;
29-2) monitoring of information security events - constant monitoring of the object of informatization in order to reveal and identify information security events;
30) an information security occasion - a state of objects of informatization, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of objects of informatization;
30-1) information security researcher - a specialist in the field of information security and (or) information and communication technologies, registered in the program for interaction with information security researchers, examining information objects connected to the program for interaction with information security researchers to identify vulnerabilities;
30-2) program of interaction with information security researchers (hereinafter - the interaction program) - an informatization object intended for registration of information security researchers, registration of identified vulnerabilities, as well as to ensure interaction of information security researchers with informatization objects;
30-3) system of information security monitoring - organizational and technical measures aimed at monitoring the safe use of information and communication technologies;
30-4) an authorized body in the field of ensuring information security - the central executive body exercising leadership and intersectoral coordination in the field of ensuring information security;
30-5) National development institute in the field of information security - a legal entity determined by the Government of the Republic of Kazakhstan for the purpose of developing the field of information security and electronics industry;
30-6) operational center of information security - a legal entity or a structural unit of a legal entity carrying out activities to protect electronic information resources, information systems, telecommunications networks, and other informatization objects;
30-7) response service for information security incidents - a legal entity or a structural unit of a legal entity carrying out activities in accordance with the competence established by this Law;
31) information security incident - separately or serially occurring failures in the operation of the information and communication infrastructure or its individual objects, which threaten their proper functioning and (or) the conditions for illegally obtaining, copying, distributing, modifying, destroying or blocking electronic information resources;
31-1) industry information security center - a legal entity or a structural subdivision of the central executive body, the authorized body for the regulation, control and supervision of the financial market and financial organizations, organizing and coordinating measures to ensure the protection of information from unauthorized access or impact in relation to subordinate organizations and (or) the regulated area of management;
32) means of information security - software, technical and other means designed and used to ensure the protection of information;
32-1) hardware and software complex - a set of software and hardware used jointly to solve problems of a certain type;
33) special expert council - a commission of special state bodies of the Republic of Kazakhstan, considering the issues of informatization of the activities of special state bodies of the Republic of Kazakhstan;
33-1) Astana Hub International Technology Park - a legal entity determined by the authorized body, which owns or under other legal grounds has a single material and technical complex where favorable conditions are created for the implementation of innovative activities in the field of information and communication technologies;
33-2) acceleration of the participants of the international technology park "Astana Hub" - the process of preparing and training the participants of the international technology park "Astana Hub" for the implementation of their innovative projects in the field of information and communication technologies;
34) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);35) open data – data, presented in a machine-readable form and designed for further use, re-publication in an unchanged form;
36) the Internet portal of open data – an object of informatization that provides centralized storage of descriptive and reference information on open data;
37) software - a set of programs, software codes, as well as software products with technical documentation necessary for their operation;
38) software product - an independent program or part of the software which is a product that regardless of its developers can be used for the intended purposes in accordance with the system requirements established by the technical documentation;
38-1) biometric authentication - a set of measures that identify a person on the basis of physiological and biological invariable characteristics;
38-2) blockchain - an information and communication technology that ensures the immutability of information in a distributed data platform based on a chain of interrelated data blocks, specified integrity confirmation algorithms and encryption tools;
38-3) cloud computing - an information and communication technology that ensures the provision of network access on request to pools of computing resources via the Internet;
39) one-time password - a password that is valid only for one session for authentication of subjects of receipt services in electronic form;
39-1) distributed data platform - a technological platform, the components of which are interconnected by specified algorithms, located on different network nodes, may have one or more owners, and may also have a different level of data identity;
39-2) excluded by the Law of the Republic of Kazakhstan dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication);39-3) data processing center — an object of the information and communication infrastructure that ensures fault-tolerant and uninterrupted functioning of computing resources and telecommunications equipment, as well as data storage and processing systems;
39-4) national technical audit of the data processing center — a voluntary assessment of the reliability of data processing centers;
39-5) data analytics — the process of processing data in order to obtain information and conclusions for decision-making;
40) domain name - a symbolic (alphanumeric) designation, formed in accordance with the rules of addressing the Internet, corresponding to a specific network address and intended for a named reference to the Internet object;
41) free software - an open source software for which the copyright holder provides to the user the right in unlimited installation, launching and copying, as well as free using, studying, developing and distributing;
42) a local network - part of a telecommunication network that has a closed infrastructure to the point of connection to other telecommunication networks and provides information transfer and organization of joint access to network devices in the territorially limited space of the facility (premises, building, structure and its complex);
43) system maintenance - measures to ensure the uninterrupted functioning of the hardware and software complex and telecommunication networks;
43-1) intelligent robot - an automated device that performs a certain action or is inactive, taking into account the perceived and recognized external environment;
44) Internet - a worldwide system of integrated networks of telecommunications and computing resources for the transmission of electronic information resources;
45) a unified gateway to Internet access – hardware and software complex designed to protect the objects of informatization in accessing the Internet and (or) communication networks that have access to the Internet;
46) Internet resource-information (in text, graphic, audiovisual or other form) placed on the hardware and software complex having a unique network address and (or) domain name and functioning on the Internet;
46-1) the space of the Kazakhstani segment of the Internet - a set of Internet resources hosted on hardware and software systems located on the territory of the Republic of Kazakhstan;
46-2) multi-factor authentication – a method of user authentication using a combination of various parameters, including the generation and input of passwords or authentication features (digital certificates, tokens, smart cards, one-time password generators and biometric identification tools);
47) national gateway of the Republic of Kazakhstan - an information system designed to provide interstate information interaction of information systems and electronic information resources of states;
47-1) protection profile-a list of minimum requirements for the security of software and hardware that are the components of information objects;
47-2) excluded by the Law of the Republic of Kazakhstan dated 10.07.2023 № 19-VIII (shall be enforced sixty calendar days after the date of its first official publication);48) a unified platform of Internet resources of state bodies - a technological platform designed for placing of Internet resources of state agencies;
49) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);50) state technical service - a joint-stock company established by decision of the Government of the Republic of Kazakhstan;
51) normative and technical documentation - a set of documents that define common tasks, principles and requirements for the creation and using (operation) of objects of informatization, as well as controlling over their compliance with established requirements in the field of informatization;
51-1) Excluded by the Law of the Republic of Kazakhstan dated 10.07.2023 № 19-VIII (shall be enforced sixty calendar days after the date of its first official publication);51-2) Excluded by the Law of the Republic of Kazakhstan dated 10.07.2023 № 19-VIII (shall be enforced sixty calendar days after the date of its first official publication);
51-3) vulnerability - a deficiency of an information technology object, the use of which may lead to a violation of integrity and (or) confidentiality, and (or) availability of an information technology object;
52) the user - a subject of informatization using objects of informatization for execution of specific function and (or) task;
52-1) register of trusted software and products of electronic industry – a list of software and products of electronic industry meeting the requirements of information security, created for the purposes of national defense and state security;
53) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);53-1) technical support - the provision of consulting, information technology and other services to support the performance of licensed software and hardware;
53-2) technical documentation – a set of documentation for the object of informatization, on the basis of which the creation and development of the object of informatization as well as its experimental and industrial operation are carried out;
54) national artificial intelligence platform - a technological platform designed to collect, process, store and distribute data sets and provide services in the field of artificial intelligence;
55) operator of the national artificial intelligence platform - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the development and operation of the National Artificial Intelligence Platform assigned to it;
55-1) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);55-2) "Single Window" of the national innovation system — an information system that ensures access to measures to support innovation activities and innovations through a single portal. The organization authorized to ensure the creation, development and maintenance of the "Single Window" of the national innovation system is an autonomous cluster fund;
55-3) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);55-4) digital document service — an object of the information and communication infrastructure of the "electronic government" assigned to the operator and intended for the display and use of documents in electronic form, generated on the basis of information from informatization objects.
Documents in the digital document service used and submitted to government agencies, individuals and legal entities are equivalent to paper documents;
56) digital literacy - the knowledge and ability of a person to use information and communication technologies in daily and professional activities;
56-1) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);57) electronic information resources - data in electronic digital form contained on an electronic medium and in informatization objects;
57-1) a survey of ensuring the security of the processes of storage, processing and distribution of personal data of restricted access contained in electronic information resources - an assessment of the security measures and protective actions applied in the processing, storage, distribution and protection of personal data of restricted access contained in electronic information resources ;
58) "electronic akimat" - a system of information interaction of local executive bodies with state bodies, individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form that is part of "electronic government";
59) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);60) electronic media - a material media designed for storage of information in electronic form, as well as recording or its reproduction through technical means;
61) the subject of receiving services in electronic form – an individual or legal entity that applied for a state or another service in electronic form;
62) subject of rendering services in electronic form - an individual or legal entity rendering a state or another service in electronic form;
62-1) electronic industry - an industry that includes the development, assembly, testing and production of devices such as computers, computer peripheral equipment, communication equipment, electronic devices for consumers, measuring, testing and aviation, irradiation-resistant components for space , electromedical and electrotherapeutic equipment, optical devices and equipment, equipment for the study of the magnetic and optical environment, as well as the production of components, components (integrated circuits, electronic components "active" and "passive") and spare parts for electronic industry products;
62-2) products of the electronic industry - electronic components and products from them for various purposes;
62-3) authorized body in the field of electronic industry - the central executive body that carries out state regulation in the field of electronic industry;
63) "electronic government" - a system of information interaction of state bodies among themselves and with individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form;
64) objects of informatization of "electronic government" - state electronic information resources, software of state bodies, an Internet resource of a state body, objects of information and communication infrastructure of "electronic government", including objects of informatization of other persons intended for the formation of state electronic information resources , implementation of public functions and provision of public services;
65) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);66) information and communication infrastructure of "electronic government" - information and communication infrastructure that ensures the functioning of "electronic government";
67) operator of the information and communication infrastructure of "electronic government" (hereinafter - operator) - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the functioning of the information and communication infrastructure of "electronic government" assigned to it;
68) information and communication platform of “electronic government” – technological platform designed for automation of the activities of a state body, including automation of state functions and rendering state services arising from them, as well as centralized collection, processing, storage of state electronic information resources;
68-1) software product of the information and communication platform of the "electronic government" (hereinafter referred to as the platform software product) - software developed and placed on the information and communication platform of the "electronic government";
69) architecture of "electronic government" – a description of the objects of informatization of "electronic government", including tasks, functions of public administration in the context of relevant industries (areas), in digital form;
69-1) a unified repository of “electronic government” - a repository of source codes and executable codes of “electronic government” informatization objects compiled from them;
70) the user's cabinet on the web portal of "electronic government" - a component of the web portal of "electronic government", designed for official information interaction of individuals and legal entities with state agencies on the issues of provision of services in electronic form, the issues of appeal to subjects considering the appeals of these individuals, as well as the use of personal data;
71) service integrator of "electronic government" – a legal entity, determined by the Government of the Republic of Kazakhstan, which is responsible for functions on methodological support of the development of architecture of "electronic government", as well as other functions provided by this Law;
71-1) external gateway of "electronic government" - subsystem of the "electronic government" gateway, designed for ensuring interaction of information systems located in a single transport environment of state bodies with information systems, located outside the single transport environment of state bodies;
72) a unified gateway of electronic mail of "electronic government" - a hardware and software complex that provides protection of electronic mail of "electronic government" in accordance with information security requirements.
Footnote. Article 1 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 № 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 262-VI as of 03.07.2019 (shall be enforced from 01.01.2020); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); № 262-VI dated July 3, 2019 (see Article 2 for the entry into force ); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication); dated 30.12.2021 № 96-VII (shall be enforced upon the expiration of sixty calendar days after the day of its first official publication); dated 03.05.2022 № 118-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 05.11.2022 № 157-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023); dated 10.07.2023 № 19-VIII (shall be enforced sixty calendar days after the date of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall enter into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Article 2).Article 2. Legislation of the Republic of Kazakhstan on informatization
1. Legislation of the Republic of Kazakhstan on informatization is based on the Constitution of the Republic of Kazakhstan, consists of this Law and other normative legal acts of the Republic of Kazakhstan.
2. If an international treaty ratified by the Republic of Kazakhstan establishes other rules than those contained in this Law, the rules of the international treaty are applied.
Article 3. Aims and principles of state regulation of public relations in the field of informatization
1. The aims of state regulation of public relations in the field of informatization are formation and ensuring the development of information and communication infrastructure, creation of conditions for the development of domestic value in the production of goods, works and services in the field of information and communication technologies for information support of social and economic development and competitiveness of the Republic of Kazakhstan.
2. State regulation of public relations in the field of informatization is based on the following principles:
1) legality;
2) observance of rights, freedoms and legal interests of individuals, as well as the rights and legal interests of legal entities;
3) equality of rights of individuals and legal entities to participate in activities in the field of informatization and the use of its results;
4) ensuring free access to electronic information resources containing information on the activities of state bodies (presumption of openness), and their compulsory provision, except electronic information resources access to which is restricted in accordance with the laws of the Republic of Kazakhstan;
5) timeliness of the provision, objectivity, completeness and reliability of electronic information resources in respect of which the laws of the Republic of Kazakhstan establish the mandatory nature of their public distribution or provision by state bodies;
6) freedom to search, form and transmit any electronic information resources, access to which is not restricted in accordance with the laws of the Republic of Kazakhstan;
7) ensuring the security of the individual, society and state in the application of information and communication technologies;
8) creation of conditions for development of the industry of information and communication technologies and conscientious competition;
9) ensuring centralized management of objects of “electronic government” informatization;
10) implementation of activities on informatization in the territory of the Republic of Kazakhstan on the basis of unified standards that ensure the reliability and manageability of informatization objects.
Footnote. Article as amended by the Law of the Republic of Kazakhstan dated 27.12.2021 № 87-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 4. Scope of action of this Law
1. A scope of action of this Law is public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in the creation, development, maintenance, operation of informatization objects, as well as in state support for development of the industry of information and communication technologies.
2. The act of this Law does not apply to:
1) content and ways of distribution of information;
2) relations arising during the implementation by the National Bank of the Republic of Kazakhstan and organizations included in its structure, the authorized body for regulation, control and supervision of the financial market and financial organizations, of work on the creation or development of Internet resources, information systems that are not integrated with the objects of the information and communication infrastructure of the "electronic government", on the collection, processing, storage, transfer of electronic information resources for the implementation of data analytics for the purpose of implementing functions by government agencies in accordance with data management requirements, as well as during the procurement of goods, works and services in the field of informatization;
3) excluded by the Law of the Republic of Kazakhstan dated 19.06.2024 № 97-VIII (shall enter into force on 01.07.2024).3. The provisions of this Law applied to second-tier banks shall apply to branches of non-resident banks of the Republic of Kazakhstan opened in the territory of the Republic of Kazakhstan.
4. Creation and development of information systems of special state bodies of the Republic of Kazakhstan are carried out in the manner determined by Article 39-1 of this Law.
Footnote. Article 4 is as amended by Law № 262-VI of the Republic of Kazakhstan as of 03.07.2019 (shall be enforced from 01.01.2020); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 02.01.2021 № 399-VI (see Article 2 for the procedure for enactment); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 19.06.2024 № 97-VIII (shall enter into force on 01.07.2024); dated 05.07.2024 № 115-VIII (shall come into force ten calendar days after the date of its first official publication).Chapter 2. STATE ADMINISTRATION IN THE FIELD OF INFORMATIZATION
Article 5. The main tasks of state administration in the field of informatization
The main tasks of state administration in the field of informatization are:
1) formation and development of information society;
2) ensuring the implementation and support of administrative reform of state bodies;
3) development of "electronic government" and "electronic akimat";
4) increase digital literacy;
5) ensuring participants of the educational process with conditions for access to electronic information resources of electronic learning;
6) ensuring conditions for the development and introduction of modern information and communication technologies in production processes;
7) assistance in the formation and development of the domestic industry of information and communication technologies;
8) formation and implementation of a unified scientific, technical, state technological and industrial policy in the field of informatization;
9) formation, development and protection of state electronic information resources, information systems and telecommunication networks, ensuring their interaction in a unified information space;
9-1) ensuring the transition to a service model of informatization;
10) monitoring of ensuring information security of state bodies, individuals and legal entities;
11) prevention and prompt response to incidents of information security, including in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation;
12) creation of conditions for attracting investments in the industry of information and communication technologies on a systemic basis;
13) improvement of the legislation of the Republic of Kazakhstan in the field of informatization;
14) participation in international cooperation in the field of informatization;
15) creation of conditions for international information exchange and access to information.
Footnote. Article 5 as amended by the laws of the Republic of Kazakhstan dated 27.12.2021 № 87-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 6. Competence of the Government of the Republic of Kazakhstan in the field of informatization
Government of the Republic of Kazakhstan in the field of informatization:
1) develops the main directions of state policy in the field of informatization and organizes their implementation;
2) defines the national institute of development in the field of information and communication technologies, service integrator of "electronic government", operator;
3) approves unified requirements in the field of information and communication technologies and ensuring information security;
4) excluded by the Law of the Republic of Kazakhstan dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication);5) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
6) excluded by the Law of the Republic of Kazakhstan dated 05.07.2024 № 115-VIII (shall come into force ten calendar days after the date of its first official publication);
6-1) approve the national anti-crisis plan to respond to information security incidents;
6-2) excluded by the Law of the Republic of Kazakhstan dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication);7) excluded by the Law of the Republic of Kazakhstan dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication);
8) defines the policy of priority of cloud computing.
Footnote. Article 6 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 № 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 237-VI as of 18.03.2019 (shall be enforced ten calendar days after its first official publication); dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication); 05.07.2024 № 115-VIII (for the procedure of entry into force, see Art. 2).Article 7. Competence of the authorized body
Authorized body:
1) forms and implements the state policy in informatization;
2) approves the composition and position on the activities of expert council;
2-1) approves the list of personal data of individuals included in the state electronic information resources;
3) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);4) approves the rules for the creation, development, operation, acquisition of objects of informatization of "electronic government", as well as information and communication services;
5) approves the list of objects of the information and communication infrastructure of the "electronic government", as well as platform software products assigned to the operator;
6) approves the rules for forming the list of objects of the information and communication infrastructure of the "electronic government", as well as platform software products assigned to the operator;
7) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);8) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
9) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
10) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);
11) approves the rules for classification of objects of informatization and the classifier of objects of informatization;
12) approves the rules of information interaction of information system for monitoring the provision of state services with information systems;
13) approves the rules for the integration of objects of informatization of "electronic government" in agreement with the authorized body in the field of ensuring information security and the National Security Committee of the Republic of Kazakhstan;
13-1) approve the rules of functioning and technical requirements for the external gateway of "electronic government";
14) approves the list of information systems and electronic information resources that carry out interstate information interaction through the national gateway of the Republic of Kazakhstan;
15) excluded by the Law of the Republic of Kazakhstan dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication);16) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
17) approves the rules for the formation and monitoring of the implementation of the e-government architecture;
18) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);19) approve the rules for expert examination in the field of informatization of investment proposals, financial and economic justifications of budget investments in agreement with the authorized body for information security;
20) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);21) approves the instruction on drafting, presenting and reviewing the calculation of expenses for public procurement of goods, works, services in the field of informatization in agreement with the authorized agency on state planning;
22) approve the rules for conducting audit of information systems in coordination with the authorized body in the sphere of ensuring information security;
23) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);24) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
24-1) develop and approve the rules of activity of the international technological park "Astana Hub", including the procedure for provision of services and determining their cost;
25) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);25-1) evaluates the efficiency of the state bodies’ activities in the use of information and communication technologies and evaluates the process of public services automation;
26) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);27) approves the checklists, risk assessment criteria, semi-annual audit schedules in accordance with the Entrepreneurship code of the Republic of Kazakhstan;
28) excluded by the Law of the Republic of Kazakhstan dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication);29) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
30) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);
31) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);
32) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
33) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
34) develops and approves normative legal acts in the field of informatization;
35) issues an industry opinion on the tender documentation for a public-private partnership project, a business plan for a public-private partnership project in direct negotiations to determine a private partner;
36) executes activities to improve the system of attracting investments and incentive mechanisms for the development and implementation of investment projects in the field of informatization;
37) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);38) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication;
39) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
40) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
41) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
41-1) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
41-2) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
42) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
42-1) carry out monitoring of implementation of state-private partnership projects on the service model of informatization, as well as monitoring of fulfillment of obligations during implementation of the state-private partnership project;
43) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);44) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
45) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
46) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
47) participate in putting the “e-government” objects of informatization into industrial operation;
48) issue an opinion in the field of informatization on investment proposals, financial and economic justifications for budget investments;
49) review and issue opinions on estimates of expenses for public procurement of goods, works and services in the field of information presented by administrators of budget programs, with the exception of special state bodies of the Republic of Kazakhstan;
50) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);51) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
52) organizes the recording of information on the objects of informatization of the “electronic government” and placement of electronic copies of technical documentation of the objects of informatization of the “electronic government”, as well as information and copies of technical documentation of the objects of informatization of state legal entities, subjects of quasi-public sector at the architectural portal of “electronic government”;
53) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);54) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);
55) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
56) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
57) participates in works on standardization and confirmation of compliance in the field of informatization;
58) executes international cooperation in the field of informatization;
59) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);59-1) coordinate the activities of the international technological park "Astana Hub";
59-2) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);59-3) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);
60) approves the rules for registering and connecting the subscriber number of the subscriber provided by the mobile operator to the account of the web portal of "electronic government" for receiving state and other services in electronic form through the subscriber device of the mobile network;
61) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);62) approves the rules for the classification of state services in electronic form for determining the method of authentication of a service recipient;
63) approves the mandatory requisites of the results of rendering state and other services in electronic form received through the subscriber device of the mobile network, as well as the procedure for verifying their reliability;
63-1) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);63-2) issue instructions upon revealing violations of the requirements of the legislation of the Republic of Kazakhstan on informatization;
63-3) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);63-4) approves the rules for displaying and using electronic documents in the digital document service;
63-5) approves the methodology for building "smart" cities (the reference standard for "smart" cities of the Republic of Kazakhstan) in agreement with the central authorized body for state planning;
63-6) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);63-7) ensures the management, maintenance, support, operation and use of the "Single Window" of the national innovation system;
64) executes other authority provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
Footnote. Article 7 as amended by the laws of the Republic of Kazakhstan dated 30.11.2017 № 112-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 № 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication); dated November 18, 2021 № 73-VII (shall be enforced upon the expiration of sixty calendar days after the day of its first official publication); dated 01.07.2022 № 131-VII (shall be enforced upon the expiration of sixty calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023); dated 05.04.2023 № 221-VII (shall be enforced from 01.07.2023); dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Art. 2).Article 7-1. Competence of the authorized body in the sphere of ensuring information security
Authorized body in the sphere of ensuring information security shall:
1) ensure implementation of the state policy in the sphere of ensuring information security;
2) develops uniform requirements in the field of information and communication technologies and ensuring information security, taking into account the requirements of the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and financial organizations;
3) develop a list of critically important objects of information and communication infrastructure, as well as the rules and criteria for classifying the objects of information and communication infrastructure as critically important objects of information and communication infrastructure;
4) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);5) approve the methodology and rules for testing informatization objects of “electronic government” and critically important objects of information and communication infrastructure for compliance with information security requirements;
5-1) approve the rules for monitoring information security events of the objects of informatization of state bodies in coordination with the Committee for national security of the Republic of Kazakhstan;
6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);7) approves the rules for monitoring the provision of information security of the objects of informatization of the "electronic government" and critically important objects of information and communication infrastructure in agreement with the National Security Committee of the Republic of Kazakhstan;
8) approve the rules for monitoring implementation of the unified requirements in the field of information and communication technologies and ensuring information security;
9) carry out monitoring of implementation of the unified requirements in the field of information and communication technologies and ensuring information security;
10) carry out coordination of activity on the development of information security tools in terms of detection, analysis and prevention of threats to information security to ensure the sustainable functioning of information systems and telecommunications networks of state bodies;
11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);11-1) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);
12) exercises state control in the field of informatization;
13) direct for execution of the instruction at detection of violations of requirements of the legislation of the Republic of Kazakhstan in the sphere of ensuring information security";
14) carry out coordination of activity on the management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of a state of emergency or martial law;
14-1) participate in introduction into industrial operation of the objects of informatization of "electronic government";
14-2) organize assistance to the owners, possessors and users of the objects of informatization on the issues of safe use of information and communication technologies, including prevention of illegal actions to obtain, copy, distribute, modify, destroy or block electronic information resources;
15) develop a National anti-crisis plan to respond to information security incidents;
16) determine the administrator and registrar of domain names, approve the rules for registration, use and distribution of domain names in the space of the Kazakhstani segment of the Internet;
17) approves the rules for the functioning of a single national backup platform for storing electronic information resources, the frequency of backup of electronic information resources of critically important objects of information and communication infrastructure;
17-1) approves the rules for the functioning of a single Internet access gateway and a single e-mail gateway of "electronic government" in agreement with the National Security Committee of the Republic of Kazakhstan;
17-2) approve the rules for the functioning of a single repository of “electronic government”;
18) approve protection profiles and methods of development of protection profiles;
19) approve the rules for exchange of information necessary for information security between the operation centers of ensuring information security and the National coordination center for information security;
20) is excluded by the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);20-1) issue conclusions in the sphere of ensuring information security on investment proposals and financial and economic justifications of budget investments on the basis of expertises of the state technical service and coordinate technical tasks for creation and development of the object of informatization of "electronic government" on compliance with information security requirements based on the expertises of the state technical service;
20-2) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);20-3) excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023);
20-4) approve the rules for the functioning of the program of interaction with information security researchers;
21) carry out other powers provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented by Article 7-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 7-2. Information security operational center
1. Information security operational center shall:
1) carry out activity on detection, assessment, forecasting, localization, neutralization and prevention of threats to information security of information and communication infrastructure, objects of informatization, connected to the operational center of information security;
2) take measures to minimize threats to information security, immediately inform the owner of the information and communication infrastructure, as well as the National coordination center for information security about the facts of detection of incidents and threats to information security;
3) carry out monitoring of ensuring information security of critically important objects of information and communication infrastructure, objects of informatization, which are not related to the objects of informatization of " electronic government";
4) carry out exchange of information necessary for ensuring information security of the objects of informatization, connected to the operational center of information security, with the National coordination center for information security and other operational centers of information security;
5) carry out collection, consolidation, analysis and storage of information about the events and incidents of information security;
6) provide the owners of critically important objects of information and communication infrastructure with information, necessary to ensure information security of objects of information and communication infrastructure, including information about security threats, vulnerability of software, equipment and technologies, the ways of realization of information security threats, the prerequisites for occurrence of information security incidents and methods for their prevention and liquidation of consequences;
7) ensure the safety of information of limited distribution, which became known to the operational center of information security in the framework of its activities;
8) provides the National Information Security Coordination Center with access to the event logs of the "electronic government" informatization objects connected to the operational information security center;
9) have the right to create own interaction program or purchase the interaction program service from third parties in accordance with the Civil Code of the Republic of Kazakhstan;
10) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation;
11) conducts a national technical audit of data processing centers.
2. The operational center of information security shall carry out its activity on the basis of the license for rendering services on identification of technical channels of information leakage and special technical means intended for operational-search actions.
3. Employees of the operational center of information security shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.
4. The requirement of paragraph 2 of this Article shall not apply to law-enforcement and special state bodies of the Republic of Kazakhstan, second-tier banks of the Republic of Kazakhstan, in which the functions of the operational center of information security are carried out by their structural divisions.
Footnote. Chapter 2 is supplemented by Article 7-2, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced see Article 2); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 7-3. Information security incident response service
1. Information security incident response service shall:
1) collects and analyzes information about information security incidents and current information security threats, and provides recommendations for their elimination;
2) develop recommendations aimed at countering threats to information security;
3) informs the owners and owners of informatization objects, as well as the National Information Security Coordination Center about information security incidents and threats that have become known;
4) have the right to create own interaction program or purchase the interaction program service from third parties in accordance with the Civil Code of the Republic of Kazakhstan;
5) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation.
2. Information security incident response service shall carry out its activity on the basis of a license for provision of services to identify technical channels of information leakage and special technical means intended for operational-search actions.
3. Employees of the information security incident response service shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.
4. The requirement of paragraph 2 of this Article shall not apply to the second-tier banks of the Republic of Kazakhstan, in which the functions of information security incident response service are carried out by their structural divisions.
Footnote. Chapter 2 is supplemented by Article 7-3, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced see Article 2).Article 7-4. National coordination center for information security
1. National coordination center for information security shall:
1) carry out collection, analysis and generalization of information of industry centers for information security and operational centers of information security on information security incidents at the objects of information and communication infrastructure of "electronic government" and other critically important objects of information and communication infrastructure;
2) implement the tasks and functions of the National Information Security Incident Response Service;
3) implement the tasks and functions of the State Operational Center for Information Security;
4) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation.
2. Employees of the National coordination center for information security shall be responsible for disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented by Article 7-4, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of six months after its first official publication); № 262-VI as of 03.07.2019 (shall be enforced from 01.01.2020); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced from 01.07.2024).Article 7-5. Industry Center for Information security
1. The industry center for information security shall organize and coordinate the provision of information security by the subjects of informatization of the relevant industry (sphere) of state regulation, and specifically shall:
1) carry out activities for the analysis, assessment, forecasting and prevention of threats to information security of organizations;
2) exchange information necessary to ensure information security with the National Information Security Coordination Center;
3) carry out the collection, consolidation, analysis and storage of information about information security events and incidents received from the subjects of informatization of the relevant industry (field);
4) provide information required to ensure information security to informatization subjects of the relevant industry (field), including information about security threats, vulnerabilities in informatization objects of the relevant industry (field), prerequisites for the occurrence of information security incidents, as well as methods for their prevention and elimination of consequences;
5) ensure the safety of information of restricted distribution that has become known to the industry information security center as part of its activities;
6) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation.
2. The industry center for information security has the right to operate in accordance with subparagraph 2) of paragraph 1 of Article 7-2 of this Law.
3. Employees of the industry center for information security are held liable in accordance with the laws of the Republic of Kazakhstan for disclosing commercial, banking or other law-protected secrets obtained by them in line of duty.
4. In order to implement its functions, the industry center for information security shall use an informatization object for collecting, processing and exchanging information about the events and incidents of information security, the procedure for connecting and using which by industry organizations shall be determined by the authorized body of the relevant industry (sphere) of state regulation.
Footnote. Chapter 2 is supplemented with Article 7-5 in accordance with Law № 262-VI of the Republic of Kazakhstan as of 03.07.2019 (shall be enforced from 01.01.2020); as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced from 01.07.2024).Article 7-6. Competence of the authorized body in the field of electronic industry
Authorized body in the field of electronic industry:
1) ensures the implementation of state policy in the field of electronic industry;
2) ensures the implementation of projects and programs in the field of the electronics industry, including the conduct of research and development work;
3) develops and approves the rules for the implementation of industry expertise in the electronics industry;
4) carries out industry expertise of projects in the field of electronic industry;
5) develops and adopts, within its competence, regulatory legal acts in the field of electronic industry;
6) carries out international cooperation in the field of electronic industry and represents the interests of the Republic of Kazakhstan in international organizations and foreign states;
7) develops and approves the rules for the formation and maintenance of a register of trusted software and products of the electronic industry, as well as criteria for including software and products of the electronic industry in the register of trusted software and products of the electronic industry;
8) exercise other powers provided for by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented by Article 7-6 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Article 7-7. National Response Service for Information Security Computer Incidents
1. The National Response Service for Information Security Computer Incidents:
1) carries out intersectoral coordination on monitoring the provision of information security, protection and safe operation of informatization objects of the "electronic government", the Kazakhstani segment of the Internet, as well as critically important objects of information and communication infrastructure, responding to information security incidents with joint activities to ensure information security in accordance with the procedure prescribed by the legislation of the Republic of Kazakhstan;
2) assists owners, owners and users of informatization objects in matters of safe use of information and communication technologies;
3) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation.
2. the employees of the National Response Service for Information Security Computer Incidents shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.
Footnote. The Law as amended by Article 7-7 in accordance with the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced from 01.07.2024).Article 7-8. State Operational Center for Information Security
1. The State Operational Center for Information Security:
1) monitors the provision of information security of the objects of informatization of "electronic government" through the monitoring system for ensuring information security of the National Coordination Center for Information Security;
2) monitors information security events of informatization objects of state bodies;
3) carries out activities to identify, suppress and investigate threats and information security incidents at the objects of informatization of "electronic government" and generate recommendations for their elimination or prevention;
4) coordinates activities to ensure the information security of the objects of informatization of the "electronic government", as well as responding to information security incidents;
5) ensures the publication of information on the platform for identifying vulnerabilities about informatization objects connected to the State Operational Center for Information Security;
6) ensure the functioning of the interaction program on the objects of informatization of state bodies;
7) within one working day from the moment of detection of a violation of personal data security, notify the authorized body in the field of personal data protection about such a violation.
2. Employees of the State Operational Center for Information Security shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.
Footnote. The Law as amended by Article 7-8 in accordance with the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced see Article 2).Article 8. Expert council
1. The expert council is chaired by the head of the authorized body and it includes officials – heads of the state bodies responsible for informatization of activities of the state body, representatives of the authorized body, service integrator of “electronic government”, the authorized body in the sphere of information security and other organizations in the sphere of informatization in coordination with the specified bodies and organizations.
2. Expert council executes its activities on an ongoing basis.
3. The expert council shall consider the issues in the field of informatization and develop proposals and (or) recommendations.
The powers and procedure of the expert council activity shall be determined by the regulations on the activities of the expert council.
4. The National Security Committee of the Republic of Kazakhstan and the State Security Service of the Republic of Kazakhstan create a special expert council.
Its position and composition are approved by a joint order of the first heads of special state bodies of the Republic of Kazakhstan.
The Special Expert Council carries out its activities on a permanent basis and its working body is the National Security Committee of the Republic of Kazakhstan.
Footnote. Article 8 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication).Article 9. Competence of central executive bodies and state bodies, including those directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization
Footnote. The heading of Article 9 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
The central executive bodies and state bodies, including those directly subordinate and accountable to the President of the Republic of Kazakhstan:
1) ensure compliance with uniform requirements in the field of information and communication technologies and information security, data management requirements;
2) ensure the implementation of the architecture of “electronic government”;
3) create and develop the objects of informatization of " electronic government";
3-1) develop and place platform software products;
4) execute filling, ensure the reliability and relevance of electronic information resources;
5) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication);6) participate in the development of "electronic government";
7) provide access to local executive bodies within their competence to information systems of state bodies under the authority of state body;
8) place open data in Kazakh and Russian on the Internet portal of open data;
9) record and update information on the objects of informatization of the "electronic government" and technical documentation of the objects of informatization of the "electronic government" on the architectural portal of the "electronic government";
10) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);11) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;
12) carry out the use of standard solutions in creation and development of the objects of informatization of "e-government";
13) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;
14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;
15) excluded by the Law of the Republic of Kazakhstan dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication);16) purchase information and communication services;
17) establish the requirements for the level of digital literacy of specialists in relevant fields of activity in developing and approving professional standards;
17-1) provide the operator with electronic information resources necessary for the information content of the “e-government” website;
17-2) determine the objects related to the critically important objects of information and communication infrastructure, within their competence;
17-3) provide jobs with access to informatization facilities to employees of the National Coordination Center for Information Security, with the exception of the authorized body for regulation, control and supervision of the financial market and financial organizations and special state bodies of the Republic of Kazakhstan;
17-4) provide the operator with access to electronic information resources for data analytics in accordance with the requirements for data management, with the exception of the State Security Service of the Republic of Kazakhstan;
17-5) transfer data to the information and communication platform of the "electronic government" in accordance with the requirements for data management;
17-6) ensure the implementation of the architecture of the "electronic government", access to it, and participate in the development of the "Single Window" of the national innovation system in accordance with the legislation of the Republic of Kazakhstan;
18) execute other authority provided for by this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.
Competence of central executive bodies is also determined by acts of the Government of the Republic of Kazakhstan.
Footnote. Article 9 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Art. 2).Article 10. Competence of local executive agencies in the field of informatization
Local executive bodies:
1) ensure compliance with uniform requirements in the field of information and communication technologies and information security, data management requirements;
1-1) monitor compliance with uniform requirements in the field of information and communication technologies and information security;
1-2) carry out activities to improve the system of attracting investments and mechanisms for stimulating the development and implementation of investment projects in the field of informatization;
1-3) create conditions for the development of the information and communication technology industry;
2) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);3) create and develop the objects of informatization of "electronic government";
3-1) develop and place platform software products;
4) provide filling, ensure the reliability and relevance of electronic information resources of local executive bodies;
5) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);6) record and update information on the objects of informatization of the "electronic government" and technical documentation of the objects of informatization of the "electronic government" on the architectural portal of the "electronic government";
7) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;
8) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);9) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;
10) carry out the use of standard solutions in creation and development of the objects of informatization of "e-government";
11) organize public access points for individuals and legal entities to state electronic information resources and information systems of state bodies, including by allocating uninhabited premises for the organization of this access;
12) create conditions for increasing digital literacy;
13) place open data in Kazakh and Russian on the Internet portal of open data;
14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;
15) excluded by the Law of the Republic of Kazakhstan dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication);16) purchase information and communication services;
16-1) provide the operator with electronic information resources necessary for the information content of the “e-government” website;
16-2) determine the objects related to the critically important objects of information and communication infrastructure, within their competence;
16-3) provide the operator with access to electronic information resources for data analytics in accordance with the requirements for data management;
16-4) transfer data to the information and communication platform of the "electronic government" in accordance with the requirements for data management;
16-5) exercise state control in the field of informatization in relation to private entrepreneurship entities within the relevant administrative-territorial unit;
17) execute in the interests of local state administration other authority entrusted in local executive bodies by the legislation of the Republic of Kazakhstan.
Footnote. Article 10 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 30.12.2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Art. 2).Article 11. National institute of development in the field of information and communication technologies
1. National institute of development in the field of information and communication technologies is determined by the Government of the Republic of Kazakhstan in order to create favorable conditions for increasing the competitiveness of the information and communication technologies industry, developing industrial and innovative activities in the field of information and communication technologies.
2. National institute of development in the field of information and communication technologies:
1) implements measures of state support for the development of the information and communication technologies industry in accordance with Article 61 of this Law and the Entrepreneurial Code of the Republic of Kazakhstan;
2) provides information, analytical and consulting services in the field of information and communication technologies, as well as issues expert opinions and (or) recommendations in the field of information and communication technologies;
3) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);4) cooperates with international organizations and foreign legal entities in order to attract information, educational, financial and other resources to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan;
5) provides subjects of informatization with access to information on the ongoing industrial and innovative projects in the field of information and communication technologies;
6) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);6-1) invests in industrial and innovative projects, venture funds in the field of information and communication technologies by participating in the authorized capital of industrial and innovative activity entities, creating legal entities, including those with foreign participation, and in other ways provided for by the legislation of the Republic of Kazakhstan;
7) executes collection of information and analysis of effectiveness of measures of state support for development of the industry of information and communication technologies;
8) promote the development of risk investment funds, venture funds and venture financing, as well as development of demand for technology transfer in the field of information and communication technologies;
9) executes the analysis of development of the industry of information and communication technologies;
10) contributes to the development of in-country value in the branch of information and communication technology;
11) develop documents on standardization in the field of information and communication technologies;
12) submits proposals to the authorized body on the formation of state educational order for the training, increasing qualification and retraining of specialists in the field of information and communication technologies in the organizations of technical, professional and higher education, as well as proposals for standard educational plans and standard educational programs in the field of information and communication technologies;
13) issues an expert conclusion for the provision of innovative grants in the field of information and communication technologies.
14) develops proposals to stimulate the development and increase the investment attractiveness of the information and communication technologies industry;
15) performs other functions provided for by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan;
Footnote. Article 11 as amended by the Law of the Republic of Kazakhstan dated 04.07.2018 № 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 05.10.2018 № 184-VI (shall be enforced upon expiry of six months after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 27.12.2021 № 87-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 12. Service integrator of "electronic government"
Service integrator of "electronic government":
1) participates in the implementation of state policy in the field of informatization;
2) ensures the compliance with the uniform requirements in the field of information and communication technologies and provision of information security;
3) provides methodological support for development of the architecture of "electronic government";
4) ensures the formation and development of architecture of “electronic government”;
5) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).5-1) develops the methodology for building "smart" cities (the reference standard for "smart" cities of the Republic of Kazakhstan);
6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);7) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
8) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
8-1) organizes the development of the service model of informatization;
9) organize creation and development of information and communication services on the service model of informatization;
10) carries out an examination of the investment offer, financial and economic justification of budget investments, as well as the technical specifications for the creation and development of the electronic government informatization facility for compliance with the electronic government architecture in the field of informatization;
11) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication);12) supports the assessment of the effectiveness of the state bodies’ activities in the use of information and communication technologies and assessment of the public services automating process;
13) forms and conducts the classifier;
14) manages projects for the creation and development of electronic government informatization facilities, as well as manages projects for the implementation of strategic and program documents;
15) provides consulting, methodological and practical assistance to government bodies in the creation and development of electronic government informatization facilities, data management, project management in the implementation of documents of the State Planning System of the Republic of Kazakhstan;
16) keeps records of information on electronic government informatization facilities and technical documentation of electronic government informatization facilities on the electronic government architectural portal;
17) carry out recording and storage of the developed software, source program codes (if available), a set of settings of the licensed software of the objects of informatization of "electronic government";
18) issue a conclusion on the possibility of using standard solutions for creation and development of the objects of informatization of "e-government";
18-1) issues to the authorized body an expert opinion on the calculation of expenses for public procurement of goods, works and services in the field of informatization;
19) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication);20) is excluded by Law № 272-VI of the Republic of Kazakhstan as of 25.11.2019 (shall be enforced ten calendar days after its first official publication);
20-1) analyzes the integration of the “e-government” objects of informatization in terms of identifying incomplete and irrelevant information contained therein, and develops recommendations for its removal;
21) is excluded by Law № 272-VI of the Republic of Kazakhstan as of 25.11.2019 (shall be enforced ten calendar days after its first official publication);21-1) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication);
22) excluded by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication);
23) analyzes data, including open data, generated by state bodies, state legal entities, legal entities with state participation in the authorized capital.
Footnote. Article 12 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 13. Operator
1. The Operator shall:
1) ensures compliance with uniform requirements in the field of information and communication technologies and information security, data management requirements;
2) carries out system and technical maintenance and maintenance of objects of information and communication infrastructure of "electronic government" in accordance with the list approved by the authorized body;
3) have the right to attract the objects of information and communication infrastructure of other persons for development of information and communication infrastructure of "electronic government", and also other persons for implementation of support and system-technical maintenance of information systems of state bodies;
4) provides information and communication services to government bodies in accordance with the list approved by the authorized body, including through the development of platform software products in accordance with the list approved by the authorized body;
5) ensures the security of storage of state electronic information resources placed on the information and communication infrastructure of "electronic government" assigned to the operator;
6) ensures the safety of storage of state electronic information resources in the provision of information and communication services;
7) provides prompt response to identified defects in the provision of information and communication services, as well as state services in electronic form and taking measures to eliminate them;
8) Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);8-1) renders services for the provision of an information and communication platform of the "electronic government" for the development and placement of informatization objects of the "electronic government";
8-2) renders services for the provision of an information and communication platform of the "electronic government" for the development and placement of platform software products;
9) carries out integration and connection of objects of informatization of "electronic government" to the gateway of "electronic government" and the national gateway of the Republic of Kazakhstan, as well as connection of objects of informatization of state bodies to the information and communication infrastructure of "electronic government";
10) provide communication services to state bodies, their subordinate organizations, local self-government bodies, as well as other subjects of informatization, determined by the authorized body and connected to the unified transport environment of state bodies, for functioning of their electronic information resources and information systems. To provide communication services it shall have the right to attract other persons as subcontractors (co-executors) of services;
11) executes the creation and development of the information and communication platform of "electronic government" and a unified transport environment of state bodies;
12) executes maintenance and system-technical service of the national gateway of the Republic of Kazakhstan;
12-1) carry out support and system-technical maintenance of the root certification center of the Republic of Kazakhstan, certification center of state bodies of the Republic of Kazakhstan, national certification center of the Republic of Kazakhstan and a trusted third party of the Republic of Kazakhstan;
13) provides information content of the “e-government” website using electronic information resources provided by state bodies and other subjects of rendering services in electronic form;
13-1) on the basis of information received from the authorized body in the field of personal data protection, notify the subjects of personal data about a violation of the personal data security or about the processing of personal data by sending information to the user’s account on the “electronic government” web portal or to their mobile phone number in the form of a short text message;
14) provides state bodies with advice how to develop objects of the “e-government” information and communication infrastructure;
15) manages projects for the development of objects of the “e-government” information and communication infrastructure and the national gateway of the Republic of Kazakhstan.
16) collects, processes, stores, and transfers electronic information resources for the implementation of data analytics in accordance with data management requirements;
17) collects, processes, stores, and transfers data on the information and communication platform of the "electronic government" in accordance with data management requirements;
18) provides services for the provision of information and communication infrastructure for the provision of information, reference and consulting services to legal entities;
19) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).2. Prices for the goods (works, services) specified in paragraph 1 of this Article, produced and (or) sold by the operator, shall be established by the authorized body in agreement with the antimonopoly body.
Footnote. Article 13 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 272-VI as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced from 01.07.2024); dated 21.05.2024 № 86-VIII (shall enter into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Article 2).Article 13-1. International technological park "Astana Hub"
1. International technological park “Astana Hub” shall carry out its activity in accordance with the legislation of the Republic of Kazakhstan.
2. The functions of the international technological park "Astana Hub" shall include:
1) rendering acceleration services, technological business incubation to the participants of the international technological park "Astana Hub";
2) provision of services for holding marketing and other events for the participants of the international technological park "Astana Hub";
3) rendering services for consulting, information, analytical, educational activities to stimulate the development of participants of the international technological park "Astana Hub";
4) cooperation with international organizations, foreign partners in order to attract information, educational and financial resources to stimulate the development of the participants of the international technological park "Astana Hub", study of international experience and exchange of knowledge;
5) search for potential investors for the implementation of industrial and innovative projects in the field of information and communication technologies of the participants of International technological park “Astana Hub”;
6) sending invitations, petitions for getting visas by the foreigners and stateless persons to study under the programs of the international technological park "Astana Hub";
7) attracting non-residents and residents of the Republic of Kazakhstan to participate in the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";
8) registration of participants of the international technological park "Astana Hub" and issuance of relevant supporting documents in accordance with the rules of activity of the international technological park "Astana Hub";
9) provision of housing and creation of living conditions for the persons undergoing acceleration in the international technological park "Astana Hub", in accordance with the rules of activity of the international technological park "Astana Hub";
10) assistance in conducting and organizing events aimed at developing innovations in the corporate sector in order to improve interaction between the participants of International technological park “Astana Hub”;
11) organization of training of qualified personnel in the field of information and communication technologies in accordance with the legislation of the Republic of Kazakhstan.
3. International technological park “Astana Hub” has its own budget formed from:
1) voluntary property contributions and donations;
2) revenues (incomes) from the sale of goods, works and services in cases, established by the legislation of the Republic of Kazakhstan;
3) fees and payments made to the international technological park "Astana Hub" by the participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";
4) other sources, not prohibited by the laws of the Republic of Kazakhstan.
4. International technological park “Astana Hub” shall have the right to receive a state task in accordance with the budget legislation of the Republic of Kazakhstan to perform its functions determined by paragraph 2 of this Article, except for the functions of financing industrial and innovative projects in the field of information and communication technologies of the participants of the international technological park" Astana Hub", creation of investment funds or equity participation in investment funds, as well as development of the international technological park "Astana hub", as determined by paragraph 12 of this Article.
5. International technological park “Astana Hub” uses the property formed in accordance with paragraph 3 of this Article to ensure the activity, functioning and development of the international technological park “Astana Hub”.
6. Participants of the international technological park "Astana Hub " are legal entities included in the list of participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub".
The requirements for the participants of the international technological park "Astana Hub" shall be established by the rules of activity of the international technological park "Astana Hub".
7. Foreigners and stateless persons arriving on the territory of the Republic of Kazakhstan to carry out activities in the international technological park "Astana Hub" shall receive a visa to enter at the foreign institutions of the Republic of Kazakhstan or upon arrival at international airports of the Republic of Kazakhstan in coordination with the national security agency of the Republic of Kazakhstan.
8. Foreigners and stateless persons who are the employees of the participants of the international technological park "Astana Hub" or employees of the international technological park "Astana Hub", and their family members (spouses) and their children under the age of eighteen) shall receive a visa for entry valid for up to five years.
9. Extension of the validity period of visas to the persons, specified in paragraphs 7 and 8 of this Article, at the request of the international technological park "Astana Hub" may be carried out without leaving the Republic of Kazakhstan in accordance with the legislation of the Republic of Kazakhstan.
10. International technological park "Astana Hub" and its participants shall be obliged to have and store documents confirming their qualification for each involved employee, and attracted foreigners and persons without citizenship shall be obliged to present them to the international technological park "Astana Hub" or its participants.
11. International technological park "Astana Hub" shall keep a record of foreign labor attracted by it and its participants. Information on the attracted foreigners and stateless persons by the international technological park "Astana Hub" shall be submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan. The composition of information submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan, the frequency and order of their provision shall be determined by the authorized body in the sphere of informatization in coordination with the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan.
12. International technological park “Astana Hub” shall perform other functions stipulated by the legislation of the Republic of Kazakhstan, as well as carry out financing of industrial-innovative projects in the field of information and communication technologies of participants of the international technological park "Astana Hub" and create investment funds or take equity participation in investment funds.
Footnote. Chapter 2 is supplemented by Article 13-1, in accordance with the Law of the Republic of Kazakhstan dated 04.07.2018 № 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 26.12.2018 № 203-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 27.12.2021 № 87-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 23.12.2023 № 50-VIII (shall be enforced from 01.01.2024).Article 13-2. Competence of the operator of the national artificial intelligence platform
Competence of the operator of the national artificial intelligence platform:
1) ensuring the functioning of the national artificial intelligence platform;
2) support and system maintenance of the national artificial intelligence platform;
3) provision of artificial intelligence services based on the national artificial intelligence platform;
4) collection, storage, processing and dissemination of data from open sources, data provided by the operator of the information and communication infrastructure of "electronic government", as well as owners and owners of informatization objects;
5) implementation of other functions in accordance with the legislation of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented by Article 13-2 in accordance with the Law of the Republic of Kazakhstan dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication).Article 13-3. Data processing center
1. The data processing center must be located in a separate building and (or) structure or a specially equipped part of a building, structure.
2. The data processing center must have an infrastructure that ensures its fault-tolerant and uninterrupted functioning.
3. The organization of the data processing center's activities is carried out in accordance with the procedure determined by the authorized body in agreement with the National Security Committee of the Republic of Kazakhstan.
4. Data processing centers may undergo an international or national technical audit in the manner determined by the authorized body in agreement with the National Security Committee of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented by Article 13-3 in accordance with the Law of the Republic of Kazakhstan dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 13-4. Cloud computing
1. Cloud computing is used by government bodies and quasi-public sector entities in accordance with the cloud computing priority policy.
2. Cloud service providers are not responsible for the content of data and (or) other information posted by cloud service users on their resources.
3. In the event of a violation of the rights of third parties by cloud service users by posting data and (or) other information on the resources of cloud service providers, the providers are obliged to take measures to block, suspend and (or) delete them in accordance with the legislation of the Republic of Kazakhstan.
Footnote. Chapter 2 is supplemented with Article 13-4 in accordance with the Law of the Republic of Kazakhstan dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 14. State technical service
1. State technical service executes the following types of activities in the field of informatization and ensuring the information security, referred to state monopoly:
1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);2) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
3) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
4) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
5) is excluded by Law № 237-VI of the Republic of Kazakhstan as of 18.03.2019 (shall be enforced ten calendar days after its first official publication);
6) carry out support of the single gateway of access to the Internet and the single gateway of e-mail of the "electronic government";
7) conduct tests for compliance with information security requirements of informatization objects, the owner (possessor) and (or) customer of which is a state body;
7-1) conducts tests for compliance with the information security requirements of the information and communication platform of the "electronic government", platform software products;
8) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);9) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
10) carry out expertise of the investment proposal and financial and economic justification of budget investments and technical task for creation and development of the object of informatization of "electronic government" for compliance with information security requirements;
11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);12) executes monitoring of the fault tolerance of domain name servers serving top-level domain names of Kazakhstan;
13) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);13-1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
14) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);
15) implement the tasks and functions of the National coordination center for information security;
16) ensure the functioning of the National Video Monitoring System;
17) carries out a survey of ensuring the security of the processes of storage, processing and distribution of personal data of limited access contained in electronic information resources;
18) ensures the functioning of information and communication infrastructure facilities of the National Information Security Coordination Center;
19) ensures the functioning of a single national backup platform for storing electronic information resources, establishes the frequency of backup of electronic information resources of critical information and communication infrastructure facilities in accordance with the procedure determined by the authorized body in the field of information security;
20) at the request of the authorized body in the field of information security, takes part in the implementation of state control in the field of informatization in terms of ensuring information security;
21) ensure the functioning of a unified repository of “electronic government”;
22) conduct an analysis of the immutability of executable codes compiled from the source codes of “electronic government” informatization objects, in accordance with the methodology and rules for testing “electronic government” informatization objects and critically important objects of information and communication infrastructure for compliance with information security requirements.
2. Prices for the goods (works, services) specified in paragraph 1 of this article, produced and (or) sold by the state technical service, are established by the National Security Committee of the Republic of Kazakhstan in agreement with the antimonopoly authority.
Footnote. Article 14 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 14-1. National institute for development in the sphere of ensuring information security
National institute for development in the sphere of ensuring information security shall:
1) participate in implementation of the state policy in the sphere of ensuring information security;
2) develop documents on standardization in the sphere of ensuring information security;
3) carry out scientific and technical activities in the sphere of ensuring information security;
4) carry out scientific and technical expertise of projects in the sphere of ensuring information security;
5) provide training, retraining and advanced training in the sphere of ensuring information security.
Footnote. Chapter 2 is supplemented by Article 14-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 15. Single contact center
Single contact center:
1) executes round-the-clock advisory support of individuals and legal entities on the issues of provision of state and other services;
2) provides round-the-clock consulting support to state bodies on issues of information and communication services provided by the operator;
3) executes round-the-clock advisory support of individuals and legal entities, state bodies on the issues of "electronic government";
4) sends requests to the operator, state bodies and other organizations to provide explanations on the issues that arose with the recipient of information and communication, state and other services;
5) on a systematic basis sends information to the operator, state bodies and other organizations on the received appeals of individuals and legal entities.
Footnote. Article 15 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Chapter 3. RIGHTS AND DUTIES OF SUBJECTS OF INFORMATIZATION
Article 16. Rights and duties of the owner of objects of informatization
1. The owner of objects of informatization has the right to:
1) transfer objects of informatization for rent, trust administration, economic management or operational management and otherwise dispose of them;
2) establish within its competence the regime and rules of processing, protection and access to electronic information resources;
3) establish within its competence the regime and rules of protection and access to the objects of information and communication infrastructure;
4) determine the conditions for disposal of electronic information resources in storing, copying and distributing them;
5) determine the conditions for owning and using the objects of information and communication infrastructure.
2. The owner of objects of informatization is obliged to:
1) take measures to protect objects of informatization;
1-1) create and put into circulation on the territory of the Republic of Kazakhstan objects of informatization of state legal entities, subjects of the quasi-public sector, intended for the formation of state electronic information resources, the performance of state functions and the provision of public services, in the Kazakh, Russian languages and, if necessary, in other languages;
2) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other legislative acts of the Republic of Kazakhstan;
2-1) to record and update information about the objects of informatization of the "electronic government" and technical documentation of the objects of informatization of the "electronic government" on the architectural portal of the "electronic government";
3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.
3. The owner of the information system has the rights to own, use and dispose of the information system entirely as a property complex.
4. The owner of the information system has the right, unless otherwise established by the laws of the Republic of Kazakhstan or the owner of electronic information resources, to prohibit or restrict the movement and distribution of electronic information resources contained in this information system.
5. In case if the owner of the information system is not owner of the electronic information resources located in this information system, as well as the owner of the information and communication infrastructure used for this information system, the operating procedure of the information system and access to electronic information resources and information and communication infrastructure is determined by agreement between the owners.
6. The owner of the object of information and communication infrastructure is responsible to the owner or the holder of electronic information resources for the security of storage and protection of electronic information resources, protection of information systems located on the objects of information and communication infrastructure belonging to him.
7. Subjects of the quasi-public sector transfer to the operator the anonymized information necessary for the implementation of data analytics, in accordance with the requirements for data management.
Footnote. Article 16 as amended by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force ten calendar days after the date of its first official publication).Article 17. Rights and duties of the owner of objects of informatization
1. The owner of objects of informatization has the right to:
1) own and use objects of informatization on terms determined by the owner;
2) determine the conditions for access and use of electronic information resources, objects of information and communication infrastructure by third parties in accordance with subparagraph 1) of this paragraph;
3) determine the processing conditions of electronic information resources in the information system.
2. The owner of objects of informatization is obliged to:
1) observe the rights and lawful interests of the owner of objects of informatization and third parties;
2) execute measures to protect objects of informatization;
3) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other laws of the Republic of Kazakhstan;
3-1) to keep records and update information about the objects of informatization of the "electronic government" and technical documentation of the objects of informatization of the "electronic government" on the architectural portal of the "electronic government";
4) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.
2-1. The owner of critically important objects of information and communication infrastructure shall also be obliged to:
1) create their own operational information security center and ensure its functioning or purchase the services of an operational information security center from third parties in accordance with the Civil Code of the Republic of Kazakhstan;
2) ensure the connection of information security event logging systems to the technical means of the information security monitoring system of the National Information Security Coordination Center, for critically important objects of information and communication infrastructure that are objects of “electronic government” informatization, independently or by acquiring third-party services in accordance with the civil law of the Republic of Kazakhstan;
3) notify the National Information Security Coordinating Center and the Operational Information Security Center, to which critically important objects of information and communication infrastructure are connected, of self-identified information security incidents in according with the procedure and within the time limits determined by the rules for monitoring the information security of information security objects of "electronic government" and critically important objects of information and communication infrastructure, unless otherwise provided by the laws of the Republic of Kazakhstan;
4) to transfer backup copies of electronic information resources to a single national backup platform for storing electronic information resources in the manner and within the time limits determined by the authorized body in the field of information security, unless otherwise established by the laws of the Republic of Kazakhstan.
Access to a copy of an electronic information resource stored on a single national backup platform for storing electronic information resources is prohibited, except for the owner of the electronic information resource.
2-2. The owner of the informatization object containing personal data is obliged to implement the measures provided for by the legislation of the Republic of Kazakhstan on personal data and their protection.
3. The owner of objects of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.
4. The owner of critically important objects of information and communication infrastructure, processing data containing secrets protected by law, conducts an information security audit at least once a year. The information security audit of second-tier banks is carried out in accordance with the requirements of the banking legislation of the Republic of Kazakhstan.
Footnote. Article 17 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 18. Rights and duties of the user
1. The user has the right to:
1) receive, use, distribute, transmit, provide to third parties electronic information resources including public data, use the information system on the terms determined by the legislation of the Republic of Kazakhstan, the owner or holder of electronic information resources, information system;
2) familiarize with own personal data containing in electronic information resources, information system if other is not established by laws of the Republic of Kazakhstan.
2. The user is obliged to:
1) observe the rights and lawful interests of the owner or holder of electronic information resources, information system and third parties;
2) ensure protection of electronic information resources, information system in accordance with this Law and the legislation of the Republic of Kazakhstan;
3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.
Article 18-1. Rights and obligations of the owner and possessor of an intelligent robot
Legal relations between the owner and owner of an intelligent robot are governed by the civil legislation of the Republic of Kazakhstan.
Owners and holders of an intelligent robot shall be obliged to inform the subject of personal data about automated processing in accordance with paragraph 6 of Article 36 of this Law.
Footnote. Chapter 3 is supplemented by Article 18-1 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 18-2. Activities of a foreign online platform and instant messaging service on the territory of the Republic of Kazakhstan
Footnote. Chapter 3 as amended by Article 18-2 in accordance with the Law of the Republic of Kazakhstan dated 03.05.2022 № 118-VII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); is excluded by the Law of the Republic of Kazakhstan dated 10.07.2023 № 19-VIII (shall be enforced sixty calendar days after the date of its first official publication).
Article 19. Types of services provided in electronic form
1. By the degree of automation, the services provided in electronic form are:
1) fully automated;
2) partially automated.
Fully automated is a service that excludes a paper document circulation in the process of its provision.
A fully automated service is a service that excludes paper workflow and the participation of the subject of the provision of services in the process of its provision.
2. By the way of provision the service in electronic form are:
1) informative;
2) interactive;
3) transactional;
4) composite.
5) proactive.
Informative service provided in electronic form is the service for providing the user with electronic information resources.
Interactive service provided in electronic form is the service for providing the user with electronic information resources, upon his request or agreement of parties requiring mutual exchange of information. Certification through an electronic digital signature may be required to provide an interactive service.
Transactional service provided in electronic form is a service for providing the user with electronic information resources requiring mutual exchange of information and related to the implementation of payments in electronic form. Certification through an electronic digital signature may be required to provide a transactional service.
Composite service provided in electronic form is a set of interrelated services, for the provision of which a request of the subject of receiving the service in electronic form is enough.
A proactive service provided in electronic form is a service provided without a statement from the subject of receiving services at the initiative of the subject of providing services.
3. By the nature of compensation for provision of services, provided in electronic form, are:
1) refundable;
2) non-refundable.
Refundable is a service providing the payment of compensation to the subject of providing service in electronic form.
Non-refundable is a service provided without payment of compensation to the subject of providing service in electronic form.
Footnote. Article 19 is as amended by Law № 272-VI of the Republic of Kazakhstan as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 20. Submission of information in provision of services in electronic form
1. When providing services in electronic form, the subjects of rendering services shall accept information in electronic form about the payments of service recipients from the payment gateway of "electronic government" as reliable.
2. Banks of the second level and organizations implementing certain types of banking operations, on the request of the subject of providing services in electronic form and the subject of receiving services in electronic form, submit the following information in electronic form on:
1) belonging of the bank account to the person specified in the request and the existence of a pledge agreement of movable and immovable property - in the provision of state services in electronic form;
2) amount of money, date of making payment, sender of money and beneficiary - in making payments by individuals and legal entities for services provided in electronic form.
Footnote. Article 20 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 20-1. Use of a simple electronic signature
1. A simple electronic signature is an electronic digital form of confirmation of a person's signature through the use of codes, passwords or other means of identification.
2. Entities of private entrepreneurship, when interacting with foreigners, foreign legal entities, legal entities with foreign participation, have the right to use a simple electronic signature.
3. Transactions certified by a simple electronic signature of a person authorized to sign them, are equivalent to signed documents on paper, with the exception of transactions subject to notarization or mandatory state registration in accordance with the legislation of the Republic of Kazakhstan, and transactions, the list of which is approved by the authorized body, subject to the following conditions:
1) the parties to the transaction have reached an agreement in writing on the use of a simple electronic signature when concluding transactions between them;
2) the parties to the transaction, by an agreement between them in writing, recognize the authenticity and validity of the transactions concluded between them by means of a simple electronic signature.
The requirements of this article shall be valid within the framework of the pilot project until July 1, 2026.
Footnote. Chapter 3 is supplemented by Article 20-1 in accordance with the Law of the Republic of Kazakhstan dated May 21, 2024 № 86-VIII (shall come into force sixty calendar days after the day of its first official publication). SECTION 2. INFORMATION AND COMMUNICATION INFRASTRUCTURE
Chapter 4. "ELECTRONIC GOVERNMENT"
Article 21. The operation of "electronic government"
1. The aims of the operation of "electronic government" are:
1) ensure accessibility, quality and efficiency of the provision of state services in electronic form, as well as interaction of individuals and legal entities with state bodies;
2) increase publicity in the activities of state bodies, ensure accessibility of information, public control and public participation in solving issues of state administration at all levels;
3) ensure the implementation and support of administrative reform of state administration;
4) optimization of the activities of state agencies through the use of information and communication technologies;
5) reduction (exclusion) of the use of documents on paper medium and the requirements for their submission.
2. In the operation of "electronic government" is provided:
1) access of individuals and legal entities to publicly available information on the activities of state bodies;
2) access of state bodies to information contained in information systems of state bodies;
3) automation of activities of state bodies;
4) use of electronic document circulation in the activities of state bodies, including in execution of state functions and provision of state services in electronic form;
5) exclusion of duplication in the collection, accumulation and storage of state electronic information resources;
6) information security and protection of objects of informatization of "electronic government".
Article 22. Architecture of the "electronic government"
The formation, monitoring of implementation and development of the architecture of the "electronic government" are carried out in accordance with the rules for the formation and monitoring of the implementation of the architecture of the "electronic government".
The development of the architecture of the "electronic government" is ensured taking into account the uniform requirements in the field of information and communication technologies and information security.
Footnote. Article 22 - as amended by the Law of the Republic of Kazakhstan dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication).Article 23. Architecture of state agency
Footnote. Article 23 excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).
Article 24. Standard architecture of "electronic akimat"
Footnote. Article 24 excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).
Article 25. Automation of state functions and provision of state services resulting from them
1. Automation of the activities of a government body, including government functions and the provision of government services arising from them, is carried out through the creation and development of "electronic government" information technology objects or through the acquisition of "electronic government" information technology objects or information and communication services, platform software products in accordance with the "electronic government" architecture and taking into account the reengineering carried out.
Government agencies shall ensure public discussion of the planned automation of activities in order to attract potential suppliers, clarify the technical, economic, operational and other characteristics of the "electronic government" information technology object, platform software products.
2. State functions by degree of automation are divided into:
1) fully automated;
2) partially automated.
Fully automated shall be the function of the state body, in which all operations of the processes that make up it are performed in the objects of informatization of "electronic government".
Partially automated shall be the function of the state body, in which part of operations of the processes that make up it is performed in the objects of informatization of "electronic government".
Footnote. Article 25 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 26. Information and communication platform of "electronic government"
1. Automation of the activities of a government agency, government functions and the provision of government services arising from them is carried out on the information and communication platform of the "electronic government" located on the territory of the Republic of Kazakhstan.
The operator has the right to provide a platform software product by providing information and communication services.
The right to ownership of the information and communication platform of "electronic government" shall not create the right to ownership of the data created with its help and (or) placed in it, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or an agreement between them.
When automating the activities of a state body, including state functions and the provision of public services arising from them, as well as data analytics, the use of data posted on the information and communication platform of "electronic government" shall be carried out without the consent of the owners or data owners.
2. It is not allowed to use the information and communication platform of "electronic government" for other aims, except the implementation of state functions and the provision of state services resulting from them in electronic form.
3. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).4. The implementation of automation of government functions and the provision of government services arising from them by developing and placing platform software products is carried out in accordance with the procedure determined by the authorized body.
5. Qualification requirements for specialists and the procedure for their admission to work on the information and communication platform of the "electronic government" are determined by the authorized body.
Footnote. Article 26 as amended by the laws of the Republic of Kazakhstan dated 12.28.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication); dated March 18, 2019 № 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 27. Web portal of “electronic government”
Footnote. The heading of Article 27 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
1. Web portal of "electronic government" is an object of informatization that represents a “unified window” for access to all consolidated governmental information, including normative legal base, and to state and other services provided in electronic form.
Requirements for the maintenance, conduct and information content of the electronic information resources of the web portal of "electronic government" are established by the authorized body.
2. State and other services in electronic form can be provided through the web portal of "electronic government" and a subscriber device of cellular communication.
3. To receive public and other services in electronic form through the web portal of "electronic government" and the subscriber device of cellular communication, the subjects of receiving services in electronic form can use one-time passwords or biometric authentication in accordance with the legislation of the Republic of Kazakhstan.
Footnote. Article 27 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated November 25, 2019 № 272-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 28. Payment gateway of "electronic government"
1. Payment gateway of "electronic government" is an object of informatization that automates the processes of transferring information on making payments within provision of refundable services provided in electronic form.
2. Payment gateway of "electronic government" provides:
1) transfer of requests for making payments of the subject receiving the service in electronic form;
2) informing the subject of provision the service in electronic form about the making payment for the provision of the service in electronic form.
3. Banks of the second level and organizations executing certain types of banking operations, participating in the process of receiving and making payments within the provision of services, ensure the integration of their own information systems involved in these processes with payment gateway of "electronic government" directly or through information system the operator of interbank money transfer system.
Footnote. Article 28 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 29. Unified transport environment of state agencies
1. Unified transport environment of state bodies is the telecommunication network, which is part of the information and communication infrastructure of "electronic government" and is designed to provide the interaction of local (except local networks with Internet access), departmental and corporate telecommunication networks of state bodies, their subordinate organizations and bodies of local government, as well as other subjects of informatization determined by the authorized body, with observance of the required level of information security.
2. State bodies, their subordinate organizations and local self-government bodies, as well as other subjects of informatization determined by the authorized body, are obliged to use exclusively a unified transport environment of state bodies for the interaction of local (except local networks with Internet access), departmental and corporate networks.
3. In order to ensure information security, the connection of local, departmental and corporate networks connected to a unified transport environment of state bodies, to telecommunication networks of common use and other telecommunication networks, is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.
Article 30. Unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government"
1. Connection of the objects of informatization of state bodies, bodies of local self-government, state legal bodies, subjects of quasi-public sector, as well as owners or holders of critically important objects of information and communication infrastructure to the Internet is executed by telecom operators through a unified access gateway to the Internet.
1-1. Excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).2. Connection of the objects of informatization of state bodies and local governments to the Internet is carried out in accordance with uniform requirements in the field of information and communication technologies and information security.
3. Specialized state and law enforcement bodies for operational purposes, the National Bank of the Republic of Kazakhstan can organize connection to the Internet without using a unified access gateway to the Internet.
The authorized body for the regulation, control and supervision of the financial market and financial organizations can organize connections to the Internet without using the single gateway of access to the Internet, taking into account the performance of functions by the industry center for information security.
4. Electronic interaction of electronic mail of state body with external electronic mail is executed by redirection of electronic messages through a unified gateway of electronic mail of "electronic government".
Footnote. Article 30 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); № 262-VI as of 03.07.2019 (shall be enforced from 01.01.2020); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 30-1. National video monitoring system
1. The national video monitoring system is an information system, which is a set of software and hardware that collects, processes and stores video images to solve the problems of ensuring national security and public law and order.
2. It is not allowed to use the information received by the National Video Monitoring System for solving problems not provided for in paragraph 1 of this article.
3. The categories of objects subject to mandatory connection to the National Video Monitoring System are:
1) video surveillance systems of central state and local executive bodies;
2) video surveillance systems for facilities vulnerable to terrorists;
3) video surveillance systems for public and road safety.
The list of objects subject to mandatory connection to the National Video Monitoring System is determined by the National Security Committee of the Republic of Kazakhstan in agreement with the State Security Service of the Republic of Kazakhstan.
4. Users of the National Video Monitoring System are special state bodies and internal affairs bodies of the Republic of Kazakhstan.
The list of services, divisions and categories of employees entitled to use the National Video Monitoring System is determined by the heads of special state bodies and internal affairs bodies of the Republic of Kazakhstan.
Information obtained as a result of the functioning of the National Video Monitoring System may be submitted to other state bodies in cases established by the laws of the Republic of Kazakhstan.
5. The rules for the functioning of the National Video Monitoring System are approved by the National Security Committee of the Republic of Kazakhstan.
Footnote. Chapter 4 is supplemented by Article 30-1 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Article 31. Architectural portal of "electronic government"
1. The architectural portal of the "electronic government" is an information technology object designed to record, store and systematize information about the objects of information technology of the "electronic government", the architecture of the "electronic government", platform software products for the purpose of further use by government agencies for monitoring, analysis and planning in the field of information technology.
2. Government agencies, state legal entities, entities of the quasi-public sector post information about the objects of information technology and technical documentation for them on the architectural portal of the "electronic government" in accordance with the rules for the formation and monitoring of the implementation of the architecture of the "electronic government".
The list of technical documentation for the object of information technology required for posting is determined by the rules for the formation and monitoring of the implementation of the architecture of the "electronic government".
3. Service integrator of "electronic government" shall conduct analysis of information about the objects of informatization of "electronic government", placed on the architectural portal of "electronic government", to use a standard solution for creation and development of the objects of informatization of "electronic government".
4. The service integrator of "electronic government" provides the state technical service with access to the architectural portal of "electronic government", including for participation in the formation and maintenance of the classifier in part of definition of requirements for information security.
5. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).6. The service integrator of "electronic government" executes organizational and technical measures on the issues of placement and actualization of information about the objects of informatization of "electronic government" on the architectural portal of "electronic government".
Footnote. Article 31 as amended by the Law of the Republic of Kazakhstan dated March 18, 2019 № 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Chapter 5. ELECTRONIC INFORMATION RESOURCES
Article 32. Types of electronic information resources
1. Electronic information resources on the form of ownership are state and non-state, by degree of access - publicly available and limited access.
2. Electronic information resources created, acquired and accumulated at the expense of budgetary funds, as well as received by state bodies in other ways established by the laws of the Republic of Kazakhstan, are state.
3. Electronic information resources created, acquired at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.
4. Electronic information resources that are provided or distributed by their owner or holder without specifying access conditions or their use, as well as information that is freely accessible and independent of the form of their submission and way of distribution, are publicly available.
5. Electronic information resources containing information access to which is limited by laws of the Republic of Kazakhstan or their owner or holder in cases established by the legislation of the Republic of Kazakhstan, are electronic information resources of limited access.
Electronic information resources of limited access are divided into electronic information resources containing information constituting state secrets and confidential.
6. Reference of electronic information resources to electronic information resources containing information constituting state secrets is executed in accordance with the legislation of the Republic of Kazakhstan on state secrets.
Creation, acquisition, accumulation, formation, registration, storage, processing, destruction, use, transfer, protection of electronic information resources containing information constituting state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.
7. Electronic information resources containing information that do not constitute state secrets, but access to which is limited by laws of the Republic of Kazakhstan or their owner or holder, are confidential electronic information resources
Article 33. Legal regime of electronic information resources
1. Reasons of origin, change and termination of the right of ownership and other property rights to electronic information resources are established by the civil legislation of the Republic of Kazakhstan.
2. Electronic information resources that are the property of a legal entity are included in its property in accordance with the civil legislation of the Republic of Kazakhstan.
3. The owner of state electronic information resources is the state.
State electronic information resources, which are under the authority of state bodies in accordance with their competence, are subject to recording and protection in the composition of state property.
4. The right of ownership for software, information systems and Internet resources does not create the right of ownership for electronic information resources created with their assistance and (or) placed therein, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or by agreement between them.
The owner or the holder of an electronic information resource shall have the right to withdraw his electronic information resources, created and (or) placed in informatization objects owned by another person, in a structured, machine-readable format, if it is technically feasible, in order to transfer them to another person, unless otherwise provided by the legislation of the Republic of Kazakhstan or an agreement between them.
5. Electronic information resources processed in the order of providing services or in the joint use of information systems and Internet resources belong to the owner or holder of electronic information resources. Belonging and using of derivative products created in this case are regulated by an agreement
6. The owner of electronic information resources containing information constituting state secrets has the right to dispose of them in the manner determined by the legislation of the Republic of Kazakhstan on state secrets
7. Electronic information resources that are the property of individuals and legal entities in the case of referring them to electronic information resources containing information constituting state secrets are subject to alienation in the manner established by the legislation of the Republic of Kazakhstan on state secrets.
Footnote. Article 33 as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 33-1. Legal regime of circulation of digital assets
Footnote. Chapter 5 is supplemented by Article 33-1 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); excluded by the Law of the Republic of Kazakhstan dated 06.02.2023 № 194-VII (shall be enforced from 01.04.2023).
Article 34. Formation and use of electronic information resources
1. State electronic information resources are formed in order to provide information needs of state bodies, individuals and legal entities, execution of state functions and provision of state services in electronic form.
1-1. The management of data contained in electronic information resources within the framework of the implementation of state functions and the provision of public services arising from their implementation is carried out in accordance with the requirements for data management.
2. The activities of state bodies on the formation of state electronic information resources are financed from budgetary funds, with the exception of the formation of electronic information resources by the National Bank of the Republic of Kazakhstan and the authorized body for regulation, control and supervision of the financial market and financial organizations.
3. The owner or holder of electronic information resources have the right to freely use and distribute them in compliance with the limits established by the laws of the Republic of Kazakhstan.
4. The use and distribution of electronic information resources by the user are executed in the manner established by the owners or holders of electronic information resources and (or) information systems.
5. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).6. Electronic documents are generated in the digital document service based on information from information systems of state bodies and other information systems.
7. A request to display electronic documents through the digital document service and obtain the results of processing the request shall be carried out using a cellular subscriber device.
8. Access of third parties to electronic documents through the service of digital documents shall be carried out with the consent of the user in accordance with the procedure, determined by the authorized body.
When receiving payment and financial services, identification documents shall be used by financial and payment organizations and presented to them through the digital document service in the personal contact (presence) of individuals.
Footnote. Article 34 as amended by the Law of the Republic of Kazakhstan dated June 25, 2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 19.06.2024 № 97-VIII (shall enter into force on 01.07.2024); dated 05.07.2024 № 115-VIII (shall enter into force ten calendar days after the date of its first official publication).Article 35. Access to electronic information resources
1. State electronic information resources of the Republic of Kazakhstan are publicly available, except electronic information resources of limited access.
State agencies ensure the creation of publicly available state electronic information resources in Kazakh and Russian.
2. Conditions and order of access to electronic information resources of limited access are determined by the legislation of the Republic of Kazakhstan and the owner of these resources, including by concluding agreements between owners of electronic information resources.
2-1. Access to electronic information resources that are confidential for the purpose of data analytics is carried out taking into account the anonymization of electronic information resources. Data is provided to the operator in accordance with data management requirements.
3. The owner of the information system of state agency that is not the owner of state electronic information resources contained in it, provides access to these resources on the basis of an agreement concluded by the owner of electronic information resources with the owners of other state electronic information resources.
4. Access to electronic information resources is executed by one of the following ways:
1) by transferring a request to the owner or holder of the information system on access to electronic information resources using electronic mail and indicating the identification number or in the form of an electronic document certified by an electronic digital signature or other means established by the owner or holder of electronic information resources;
2) by direct appeal of the user to publicly available electronic information resources, information systems.
5. Access can not be limited to state electronic information resources containing:
1) normative legal acts, except those containing state secrets or other secret protected by law;
2) information on emergency situations, natural and technogenic disasters, weather, sanitary-epidemiological and other conditions necessary for vital activity and ensuring the safety of citizens, inhabited localities and production facilities;
3) official information on the activities of state bodies;
4) information accumulated in open information systems of state bodies, libraries, archives and other organizations.
6. State bodies, state legal entities, legal entities with state participation in the authorized capital are obliged to provide individuals and legal entities with open data in Kazakh and Russian languages through the Internet portal of open data.
Ensuring the functioning of Internet portals of open data, open budgets, open regulatory legal acts, open dialogue and evaluation of the effectiveness of government bodies in the Kazakh and Russian languages is carried out by the operator.
7. In the event of dissemination via telecommunication networks of information prohibited by a court decision that has entered into legal force or by the laws of the Republic of Kazakhstan, as well as access to which was temporarily suspended by an order of the Prosecutor General of the Republic of Kazakhstan or his deputies submitted to the authorized body in the field of mass media to eliminate violations of the law, the authorized bodies, owners or holders of Internet resources are obliged to take immediate measures to restrict access to the prohibited information.
Footnote. Article 35 is as amended by Law № 272-VI of the Republic of Kazakhstan as of 25.11.2019 (shall be enforced ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated December 30, 2020 № 394-VI (shall be enforced ten calendar days after the day of its first official publication); dated 03.05.2022 № 118-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 19.06.2024 № 94-VIII (shall come into force sixty calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force ten calendar days after the date of its first official publication).Article 36. Electronic information resources containing personal data
1. Electronic information resources containing personal data are subdivided into electronic information resources containing publicly available personal data and electronic information resources containing personal data of limited access.
Electronic information resources containing publicly available personal data include electronic information resources containing personal data that, in accordance with the laws of the Republic of Kazakhstan, are not subject to confidentiality requirements, access to which is free with the consent of the subject of personal data.
Electronic information resources containing personal data of limited access include electronic information resources, access to which is limited by the personal data subject or laws of the Republic of Kazakhstan.
When accessing electronic information resources containing personal data of limited access, multi-factor authentication shall be applied.
2. The owner or holder of electronic information resources containing personal data in transferring electronic information resources containing personal data to the owner or holder of the information system must obtain the consent of the personal data subject or his legal representative to collect and process personal data using information systems, except cases provided by the Law of the Republic of Kazakhstan "On personal data and their protection".
3. When providing a state service in electronic form, the consent of the subject of personal data or his legal representative to the collection and processing of personal data through information systems shall be provided through the state service for controlling access to personal data.
4. Owners or holders of information systems of state bodies shall be obliged to notify the subjects of personal data or their legal representatives through the state service for controlling access to personal data in automatic mode about all cases of using, changing and supplementing personal data in the framework of information interaction, except for the activities of law enforcement, special state bodies of the Republic of Kazakhstan and courts, enforcement proceedings, subject to registration of subjects of personal data or their legal representatives on the web portal of "electronic government".
5. In addition to the reasons established by the Law of the Republic of Kazakhstan "On personal data and their protection", in the event of revealing obvious mistakes and inaccuracies in electronic information resources containing personal data, the state body in providing state services in order to eliminate them may execute their change and addition after receipt of request from the personal data subject or his legal representative.
5-1. The provision by the owner or the holder of a publicly accessible electronic information resource of a service for placing information by a user shall be carried out on the basis of an agreement concluded in writing (including electronic form), with identification on the portal of "electronic government" by using the user's cellular subscriber number registered on a public information electronic resource with sending a short text message or using Internet services, information and communication infrastructure of which is located on the territory of the Republic of Kazakhstan, containing a one-time password for concluding an agreement. Information is posted by the user under his own name or a pseudonym (false name). Depersonalization of personal data is carried out on the basis of and in accordance with the procedure, which are determined by the agreement. The owner or holder of an electronic information resource shall be obliged to store the information used in concluding an agreement for the entire period of validity, as well as for three months after termination of the agreement.
6. It is not allowed to use electronic information resources containing personal data on individuals for the purpose of causing property and (or) moral harm, limiting the execution of rights and freedoms guaranteed by the laws of the Republic of Kazakhstan.
Owners or holders of electronic information resources shall be prohibited from making decisions based solely on automated processing of electronic information resources, including by means of an intelligent robot, as a result of which rights, legitimate interests arise, change or terminate for personal data subjects, except when the said decision is made with the consent of the subject of personal data or in cases provided for by the legislation of the Republic of Kazakhstan.
Owners or holders of electronic information resources shall be obliged to inform the subject of personal data about the use of automated processing, as a result of which the subject of personal data has, changes or terminates the rights, legitimate interests.
The subject of personal data shall have the right to appeal against the actions (inaction) of the owners or holders of electronic information resources in accordance with the procedure established by the laws of the Republic of Kazakhstan.
7. Electronic information resources are used to carry out data analytics for the purpose of implementing functions by government agencies, subject to their depersonalization in accordance with data management requirements.
8. Personal data contained in electronic information resources is stored by the owner and (or) operator, as well as a third party in an electronic database located in a server room or data processing center located in the territory of the Republic of Kazakhstan, with the adoption of the necessary measures to protect personal data in accordance with the procedure determined by the authorized body.
Footnote. Article 36 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication); dated 30.12.2021 № 96-VII (shall be enforced upon the expiration of sixty calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 19.04.2023 № 223-VII (shall be enforced ten calendar days after the date of its first official publication); dated 05.07.2024 № 115-VIII (for the procedure for entry into force, see Art. 2).Chapter 6. INFORMATION SYSTEMS. LIFE CYCLE OF THE OBJECT OF INFORMATIZATION OF "ELECTRONIC GOVERNMENT"
Footnote. The title of chapter 6 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Article 37. Types of information systems
1. Information systems on the form of ownership are state and non- state, by degree of access - publicly available and limited access.
2. Information systems created or developed at the expense of budgetary funds, as well as received by state legal entities in other ways established by the laws of the Republic of Kazakhstan, are state.
3. Information systems created or developed at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.
Non-state information systems classified as critically important objects of information and communication infrastructure, as well as intended for formation of state electronic information resources, shall be equated with information systems of state bodies in terms of compliance with information security requirements.
4. Information systems containing publicly available electronic information resources are publicly available.
5. Information systems containing electronic information resources of limited access are information systems of limited access.
6. Information systems of limited access are divided into:
1) information systems in secure execution referred to state secrets, the protection of which is executed with the use of state encryption means and (or) other means of protecting information constituting state secrets, in compliance with the requirements of secrecy regime;
2) confidential information systems.
7. Creation, industrial operation, maintenance, development, integration, termination of industrial operation and protection of information systems in protected execution, classified as state secrets, shall be carried out in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.
Audit of information systems in protected execution, classified as state secrets, shall not be carried out.
Footnote. Article 37 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 38. Requirements for the information system of state agency
1. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
2. Information system of state body is created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, the standards, life cycle of the information system operating in the territory of the Republic of Kazakhstan and taking into account the provision of:
1) unified requirements in the field of information and communication technologies and ensuring information security;
2) of the architecture of the "electronic government", as well as data management requirements;
3) excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023);4) integration (if necessary) with other objects of informatization of "electronic government";
5) information interaction of the information system of the state body with the system of monitoring of information security events of the National coordination center for information security;
5-1) creating your own information security operational center and its functioning or acquiring the services of an information security operational center from third parties in accordance with the Civil Code of the Republic of Kazakhstan;
6) priority of free software;
7) is excluded by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication);8) assigning a class in accordance with the classifier;
9) access of users with limited capabilities.
2-1. Information system of a state legal entity and non-state information system intended for formation of state electronic information resources shall be created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, standards, operating on the territory of the Republic of Kazakhstan, the life cycle of the information system and provided that the following requirements are performed:
1) agreed with the authorized body and the authorized body in the sphere of ensuring information security of technical task;
2) test reports with positive test results for compliance with information security requirements;
3) integration of the information system of the state body with the non-state information system only through the external gateway of "electronic government", put into industrial operation;
4) unified requirements of information and communication technologies and ensuring information security.
3. The information contained in the electronic information resource, normative and technical documentation, as well as other related documents of the information system of state bodies are created and stored in Kazakh and Russian languages.
4. The owner or holder of the information system of the state body or a person authorized by him shall provide the National Information Security Coordination Center with access to the information system of the state body at its location for monitoring information security.
Footnote. Article 38 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the date of its first official publication).Article 39. Creation and development of the objects of informatization of "electronic government"
1. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
2. When creating and developing the objects of informatization of "electronic government" in the cases provided by this Law and the budget legislation of the Republic of Kazakhstan, it is necessary to obtain conclusions in the sphere of informatization and ensuring information security.
3. Creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with technical tasks for creation and development of the objects of informatization of "electronic government".
Preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".
4. Creation and development of the object of informatization of "electronic government" shall include:
1) design of the object of informatization of "electronic government";
2) conducting trial operation of the object of informatization of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security, including:
documenting of procedures for conducting trial operation;
optimization and elimination of the revealed defects and shortcomings with their subsequent correction;
execution of the act on completion of trial operation.
The period of trial operation shall not exceed one year;
3) testing of the object of informatization of "electronic government" for compliance with information security requirements in accordance with this Law;
4) implementation of the object of informatization of "electronic government" in accordance with standards acting on the territory of the Republic of Kazakhstan;
5) commissioning of the informatization object of “electronic government” in accordance with the requirements of technical documentation, subject to the positive completion of the trial operation of the “electronic government” informatization object, as well as the availability of test reports with positive test results for compliance with information security requirements.
5. Development of the object of informatization of "electronic government" shall be carried out after its introduction into industrial operation in accordance with this Article.
6. The creation and development of objects of informatization of "electronic government" within the framework of the implementation of the service model of informatization shall be carried out in accordance with this Law, the legislation of the Republic of Kazakhstan on public procurement and the rules for the creation, development, operation, acquisition of objects of informatization of "electronic government", as well as information and communication services.
Footnote. Article 39 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 39-1. The order of creation and development of the information system of special state bodies of the Republic of Kazakhstan
An information system designed to implement the tasks of special state bodies is created or developed in the following order:
1) making a decision on the creation or development of an information system;
2) development of terms of reference for the creation or development of an information system;
3) development of technical specifications and calculations for the purchase of goods, works and services in the field of informatization or for the implementation of works without allocation of budgetary funds;
4) implementation of public procurement of goods, works and services in the field of informatization or implementation of works without allocation of budgetary funds;
5) development, trial operation, implementation and commissioning of the information system into commercial operation in accordance with the standards in force on the territory of the Republic of Kazakhstan.
In cases of creation or development of an information system of special state bodies of the Republic of Kazakhstan, integrated with the objects of informatization of "electronic government", the norms provided for in Article 39 of this Law are applied, taking into account the requirements of this Article.
The costs for the creation and development of information systems of special state bodies are planned on the basis of the conclusion of a special expert council (independently by the administrator of the budget program).
Footnote. Chapter 6 is supplemented by Article 39-1 in accordance with the Law of the Republic of Kazakhstan dated 02.01.2021 № 399-VI (shall be enforced ten calendar days after the day of its first official publication).Article 40. Industrial operation of the object of informatization of "electronic government"
Footnote. The title of Article 40 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
1. Commissioning of an “electronic government” informatization object into commercial operation shall be carried out in accordance with the requirements of technical documentation, subject to the positive completion of the trial operation of the “electronic government” informatization object, the availability of test reports with positive test results for compliance with information security requirements.
Commissioning of an “electronic government” informatization object into commercial operation shall be carried out by its owner or possessor only using executable codes compiled from the source codes of “electronic government” informatization objects transferred to it by the state technical service in accordance with the rules of operation of the unified “electronic government” repository.
2. At industrial operation of the object of informatization of "electronic government" shall be provided:
1) compliance with unified requirements in the field of information and communication technologies and ensuring information security;
2) safety, protection, restoration of electronic information resources in case of failure or damage;
3) backup copying and control for timely updating of electronic information resources;
4) automated recording, safety and periodic archiving of information on the applications to the information system of the state body;
5) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);6) maintenance of the object of informatization;
7) technical support of the used licensed software of the informatization object;
7-1) system-technical maintenance;
8) reduction (exclusion) of the use of documents on paper, as well as the requirements for their presentation in carrying out state functions and rendering state services;
9) warranty service by the supplier of the object of informatization of "electronic government", including elimination of errors and defects, identified during the warranty period. Warranty service shall be provided for a period of not less than a year from the date of introduction into industrial operation of the object of informatization of "electronic government".
Footnote. Article 40 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 41. Termination of industrial operation of the object of informatization of "electronic government"
Footnote. The title of Article 41 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
1. The absence of need for further use of the object of informatization of "electronic government" shall entail termination of industrial operation and change of information about the object of informatization of "electronic government" at the architectural portal of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security.
2. The decision on the absence of the need for further operation of the “electronic government” informatization object shall be made by the owner or possessor with notification of the owners and (or) holders of the “electronic government” informatization objects with which the “electronic government” informatization object is integrated, as well as the operator and the state technical service on the procedure and terms of operation termination.
3. Electronic information resources, technical documentation and source codes of the decommissioned “electronic government” informatization object shall be subject to transfer to the archive in accordance with the legislation of the Republic of Kazakhstan.
4. Excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Footnote. Article 41 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).
Article 41-1. Write-off of objects of informatization of "electronic government"
1. Withdrawal of the objects of informatization of "electronic government" shall be carried out in accordance with the requirements established by the legislation of the Republic of Kazakhstan on accounting and financial reporting, according to a decision made by the owner on the basis of the architecture of "electronic government".
2. Write-off of non-state information systems intended for the formation of state electronic information resources is carried out by the owner of non-state information systems.
Footnote. Chapter 6 is supplemented by Article 41-1 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); as amended by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).Article 42. Mandatory requirements for the means of processing, storage and backup copying of electronic information resources in the objects of information and communication infrastructure of "electronic government"
Footnote. The title of Article 42 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
1. To ensure the reliability and safety of functioning of the objects of information and communication infrastructure of the "electronic government", technical means that are used for storage, processing and transfer of electronic information resources must comply with the requirements of the legislation of the Republic of Kazakhstan in the field of technical regulation.
2. The owner or the possessor of the object of information and communication infrastructure of "electronic government", as well as the operator shall carry out the storage and, if necessary, ensure restoration of the state electronic information resources contained in the objects of information-communication infrastructure of "electronic government", and shall be responsible for the loss, modification, or otherwise failing to ensure the safety of state electronic information resources in the manner established by the laws of the Republic of Kazakhstan and the agreement of the parties.
3. Ensuring the production of a backup copy of the state electronic information resources shall be mandatory for the owner of the object of information and communication infrastructure of the "electronic government" or the operator.
A method of production and storage of backup copy containing state electronic information resources, should ensure the preservation of electronic information resources until the next backup copy is made.
The frequency of backup copying of state electronic information resources shall be established by technical documentation on the object of informatization of "electronic government".
Footnote. Article 42 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 43. Integration of the objects of informatization of “e-government”
Footnote. The title of Article 43 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
1. The integration of the objects of informatization of “electronic government” shall be carried out in accordance with the rules for integration of the objects of informatization of “electronic government” and in compliance with the requirements of information safety determined by the security profile and drawn up by agreement of joint works on information security of state and non-state information systems.
2. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).3. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
4. Excluded by the Law of the Republic of Kazakhstan dated June 25, 2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).
Footnote. Article 43 with amendment introduced by the Law of the RK from 28.12.2016 № 36-VI (effective after two months after the day of its first official publication); dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
Article 44. Requirements for non-state information system that is integrated with the information system of state body
1. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
2. Electronic information resources, interface, technical documentation and other related documents of non-state information system, integrated with information system of the state body or intended for formation of state electronic information resources shall be created and stored in the Kazakh and Russian languages.
3. Excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Footnote. Article 44 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication).
Chapter 7. SERVICE MODEL OF INFORMATIZATION
Footnote. Chapter 7 excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).
Chapter 8. TESTS AND AUDIT OF THE OBJECTS OF INFORMATIZATION
Footnote. The title of chapter 8 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Article 48. Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government"
Footnote. The title of Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government" shall be carried out by their owner or possessor in accordance with the requirements established by the legislation of the Republic of Kazakhstan on informatization, electronic document and electronic digital signature, on the National archival fund and archives.
Footnote. Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 49. Tests for compliance with information security requirements, as well as tests for quality assessment
Footnote. The title of Article 49 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
1. Tests for compliance with information security requirements shall be conducted mandatorily or at the initiative of the owner or possessor.
2. The test objects subject to mandatory testing for compliance with information security requirements shall include:
1) platform software product;
2) information and communication platform of "electronic government";
3) Internet resource of a state body, state legal entity, subject of the quasi-public sector;
4) information system of a state body, state legal entity, subject of the quasi-public sector;
5) critically important objects of information and communication infrastructure;
6) non-state information system intended for the formation of state electronic information resources, the implementation of state functions and rendering state services.
3. The information system of the state body and the non-state information system for the use of the services of the national certification center of the Republic of Kazakhstan for authentication of electronic digital signature, passing tests for compliance with the requirements of information security is not required.
4. Testings of informatization objects (except for informatization objects, the owner (possessor) and (or) customer of which is a state body) for compliance with information security requirements shall be carried out by accredited testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.
5. Tests of objects of informatization in order to assess their quality shall be carried out in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.
Footnote. Article 49 is in the wording оf the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 14.07.2022 № 141-VII (for the procedure of enactment see Art. 2); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 05.07.2024 № 115-VIII (shall come into force six months after the date of its first official publication).Article 50. Audit of information systems
1. At the stage of creation, introduction and operation of information systems on the initiative of the owner or holder of information systems, the audit of information systems can be conducted.
2. Conduction of the audit of information systems is executed by individual and (or) legal entities possessing special knowledge and experience in the field of information and communication technologies, in the order determined by the authorized body.
Article 51. Attestation
Footnote. Article 51 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Article 52. Confirmation of conformity in the field of informatization
Confirmation of conformity in the field of informatization is executed in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.
Chapter 9. PROTECTION OF THE OBJECTS OF INFORMATIZATION
Article 53. Aims of protection of the objects of informatization
1. Protection of the objects of informatization is the implementation of a set of legal, organizational and technical measures aimed at the preservation of the objects of informatization, preventing unlawful and (or) unintentional access and (or) impact on them.
2. Protection of the objects of informatization is executed in accordance with the legislation of the Republic of Kazakhstan and current standards in the territory of the Republic of Kazakhstan in order to:
1) ensure integrity and safety of electronic information resources;
2) ensure regime of confidentiality of electronic information resources of limited access;
3) implementation of the right of subjects of informatization for access to electronic information resources;
4) prevention of unauthorized and (or) unintentional access, leakage and other actions regarding electronic information resources, as well as unauthorized and (or) unintentional impact on objects of information and communication infrastructure;
5) prevention of violations of the functioning of objects of information and communication infrastructure and critically important objects of information and communication infrastructure;
6) preventing unauthorized and (or) unintentional access to official information about subscribers of telecommunications networks and telecommunications messages;
7) prevention of unauthorized and (or) unintentional blocking of the operation of subscriber devices of telecommunications networks.
3. Other unauthorized and (or) unintentional actions regarding objects of informatization are:
1) blocking electronic information resources and (or) objects of information and communication infrastructure, that is, committing actions leading to limitation or closure of access to electronic information resources and (or) objects of information and communication infrastructure;
2) unauthorized and (or) unintentional modification of objects of informatization;
3) unauthorized and (or) unintentional copying of electronic information resource;
4) unauthorized and (or) unintentional destruction, loss of electronic information resources;
5) use of the software without permission of the right holder;
6) infringement of work of information systems and (or) software or infringement of functioning of telecommunication networks;
7) unauthorized and (or) unintentional access to official information about subscribers of telecommunications networks and telecommunications messages;
8) unauthorized and (or) unintentional blocking of the operation of subscriber devices of telecommunications networks.
4. Protection of information systems is executed according to the class assigned in accordance with the classifier.
Footnote. Article 53 as amended by the Law of the Republic of Kazakhstan dated June 25, 2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Article 54. Organization of protection of the objects of informatization
1. Protection of the objects of informatization is executed:
1) regarding electronic information resources - their owners, holders and users;
2) regarding objects of information and communication infrastructure and critically important objects of information and communication infrastructure - their owners or holders.
2. Owners or holders of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure are obliged to take measures ensuring:
1) prevention of unauthorized access;
2) timely detection of facts of unauthorized access, if such unauthorized access failed to prevent;
3) minimization of adverse consequences of violation of the order of access;
4) prevention of unauthorized influence on the means of processing and transferring of electronic information resources;
5) prompt restoration of electronic information resources modified or destroyed due to unauthorized access to them;
6) immediate informing of the National coordination center for information security about the incident of information security, except for the owners and (or) possessors of electronic information resources containing information constituting state secrets;
7) information interaction with the National coordination center for information security on the issues of monitoring information security ensuring of the objects of informatization of "electronic government";
8) providing access to the National coordination center for information security to the objects of informatization of "electronic government" and operational centers of information security to the critically important objects of information and communication infrastructure for conducting organizational and technical measures, aimed at the implementation of monitoring of information security ensuring in accordance with the rules of monitoring of information security ensuring of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure.
2-1. Owners or possessors of informatization objects of state bodies shall be obliged to take measures to ensure:
1) connecting informatization objects to the interaction program, with the exception of informatization objects that do not have access to the Internet;
2) elimination of identified vulnerabilities registered in the interaction program for informatization objects of state bodies;
3) connection to the service of the State operational information security center or operational information security center.
3. Provisions of unified requirements in the field of information and communication technologies and ensuring information security related to the sphere of ensuring information security are mandatory for application by state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, owners and holders of non-state information systems integrated with information systems state bodies or designed to form state electronic information resources, as well as by owners and holders of critically important objects of information and communication infrastructure.
3-1. In order to meet the requirements of ensuring information security for the defense of the country and the security of the state the purchase of software and products of electronic industry carried out in kind of goods and information and communication service from the register of trusted software and products of the electronic industry in accordance with this Law and the legislation of the Republic of Kazakhstan on public procurement, procurement of certain subjects of the quasi-public sector.
At the same time, in the absence of the necessary products in the register of trusted software and products of the electronic industry, it shall be allowed to purchase them in accordance with the legislation of the Republic of Kazakhstan on public procurement, procurement of individual entities of the quasi-public sector.
3-2. The owners or the holders of non-state information systems intended for the formation of state electronic information resources, the implementation of state functions and the provision of public services, before integration with information systems of state bodies shall:
take measures to comply with uniform requirements in the field of information and communication technologies and information security;
create their own information security operations center and ensure its operation or acquire the services of an information security operations center from third parties in accordance with the Civil Code of the Republic of Kazakhstan, as well as ensure its interaction with the National Coordinating Center for Information Security.
3-3. Owners or owners of critically important objects of information and communication infrastructure, with the exception of state bodies, local authorities, state legal entities, subjects of the quasi-public sector, within a year from the date of inclusion in the list of critically important objects of information and communication infrastructure:
take measures to comply with uniform requirements in the field of information and communication technologies and ensuring information security related to the field of information security;
create their own information security operational center and ensure its functioning or acquire the services of an information security operational center from third parties in accordance with the Civil Code of the Republic of Kazakhstan, and also ensure its interaction with the National Information Security Coordination Center.
4. Management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation is executed by the authorized body in accordance with the legislation of the Republic of Kazakhstan.
Footnote. Article 54 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication) ; dated 08.06.2021 № 48-VII (shall be enforced from 01.01.2022); dated 14.07.2022 № 141-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 55. Measures to protect electronic information resources, information systems and information and communication infrastructure
1. Legal measures to protect electronic information resources, information systems and information and communication infrastructure include:
1) requirements of the legislation of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan;
2) responsibility for violation of the legislation of the Republic of Kazakhstan on informatization;
3) agreements concluded by the owner or the holder of electronic information resources, information systems, information and communication infrastructure where the conditions of work, access or use of these objects, as well as liability for their violation are established.
2. Organizational measures to protect electronic information resources, information systems and information and communication infrastructure include the establishment and provision of access regime in the territory (buildings, premises) where access to information, electronic information resources, information systems (electronic media of information); as well as limitation of access to electronic information resources, information systems and information and communication infrastructure can be executed.
3. Technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure include:
1) use of information security means, and regarding information constituting state secrets, exclusively with the use of means of protecting information constituting state secrets, developed, produced and (or) taken into operation in accordance with the legislation of the Republic of Kazakhstan;
2) use of access control systems and registration of facts of access to electronic information resources, information systems and information and communication infrastructure;
3) development of a security task based on the approved protection profiles to determine the protection measures by the owners or by the possessors of the objects of informatization.
4. Use of technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure should not cause harm or create a threat of harm to life, health and property of individuals, as well as property of legal entities and state property.
Footnote. Article 55 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 56. Protection of electronic information resources containing personal data
Owners and possessors of information systems containing personal data, the owner and (or) operator of the database containing personal data, as well as third parties shall be obliged to take measures to protect them in accordance with this Law and the legislation of the Republic of Kazakhstan on personal data and their protection.
This obligation arises from the moment of receipt of electronic information resources containing personal data, or collection of personal data until their destruction or depersonalization.
Footnote. Article 56 as amended by the Law of the Republic of Kazakhstan dated June 25, 2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 56-1. Protection of domain names in the space of the Kazakhstan segment of the Internet
1. Internet resource with registered domain names. KZ and (or) .ҚAZ is placed in the space of the Kazakhstan segment of the Internet.
2. The use of .KZ and (or) .ҚAZ domain names in the space of the Kazakhstan segment of the Internet when transmitting data by Internet resources is carried out using security certificates.
Footnote. Chapter 9 is supplemented by Article 56-1 in accordance with the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication). SECTION 3. STATE REGULATION IN THE FIELD OF INFORMATIZATION
Chapter 10. EXPERTISE AND COORDINATION OF DOCUMENTS
Footnote. The title of chapter 10 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Article 57. Conclusions in the sphere of informatization and information security ensuring
1. The investment proposal of the state investment project, financial and economic justification of budget investments shall be made by the state body to the authorized body and the authorized body in the sphere of information security ensuring to obtain conclusions in the spheres of informatization and ensuring information security.
Expertise in the sphere of informatization of investment proposals, financial and economic justification shall be carried out in accordance with the rules of conducting expertise in the sphere of informatization of investment proposals, financial and economic justification of budget investments.
2. For budget investment projects aimed at creation and development of the objects of informatization of "electronic government", the investment proposal shall be submitted to the conclusion with attachment of the technical task for creation and development of the object of informatization of "electronic government".
Assessment on the reasonableness of costs calculation, determining feasibility and efficiency of the budgetary investment project aimed at creation and development of the objects of informatization of “electronic government”, shall be carried out by the authorized body and specified in the conclusion in the sphere of informatization.
3. The investment proposal shall be considered by the authorized body and the authorized body in the sphere of ensuring information security within the term of not more than twenty working days from the date of receipt.
4. Conclusions in the spheres of informatization and ensuring information security for financial and economic justification of budget investments shall be issued no later than thirty working days from the date of receipt of the full package of documents.
Footnote. Article 57 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).Article 58. Conclusion of the expertise in the field of informatization for technical and economic justification or financial and economic justification for budget investments
Footnote. Article 58 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
Article 59. Coordination of technical documentation and documentation on state-private partnership projects in the spheres of informatization and ensuring information security
1. Coordination of a technical task for creation and development of the object of informatization of "electronic government" shall be carried out by the authorized body and the authorized body in the sphere of ensuring information security in the manner and terms, which are determined by the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".
2. Excluded by the Law of the Republic of Kazakhstan dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).3. When creating and developing objects of informatization of "electronic government" within the framework of republican and local projects of public-private partnership in the field of informatization in accordance with the legislation of the Republic of Kazakhstan in the field of public-private partnership with the authorized body and the authorized body in the field of information security, a competitive documentation of a public-private partnership project, a business plan for a public-private partnership project in direct negotiations to determine a private partner.
Footnote. Article 59 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 № 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication); dated 14.07.2022 № 141-VII (shall be enforced from 01.01.2023).Article 60. Conclusion of the authorized body on the calculation of costs for state procurement of goods, works and services in the field of informatization
1. Calculations of expenses for public procurement of goods, works and services in the field of informatization shall be submitted by the administrator of budget programs, with the exception of a special state body of the Republic of Kazakhstan, for consideration by the authorized body annually before March 1.
2. Calculations of costs for state procurement of goods, works and services in the field of informatization are considered by the authorized body within a period of not more than thirty working days from the date of receipt of documents.
3. Refusal to consider the calculation of costs for state procurement of goods, works and services in the field of informatization is executed in the following cases:
1) nonconformities in the form and content of the calculation of costs for state procurement of goods, works and services in the field of informatization to the requirements of this Law and budget legislation of the Republic of Kazakhstan;
2) non-submission of documents in accordance with established requirements approved by the authorized body.
4. Administrators of budget programs, with the exception of a special state body of the Republic of Kazakhstan, post calculations of expenses for state purchases of goods, works and services in the field of information technology in the state planning information system.
Footnote. Article 60 as amended by the Law of the Republic of Kazakhstan dated 11.12.2023 № 44-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication); dated 21.05.2024 № 86-VIII (shall come into force sixty calendar days after the day of its first official publication).Chapter 11. DEVELOPMENT OF THE INDUSTRY OF INFORMATION AND COMMUNICATION TECHNOLOGIES
Article 61. State support for development of the industry of information and communication technologies
1. State support for development of the industry of information and communication technologies is executed by the authorized state bodies, national institution of development in the field of information and communication technologies and other national institutions of development in order to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan.
2. The National Institute for Development in the field of information and communication technologies shall carry out its activities in accordance with this Law and the Entrepreneurial Code of the Republic of Kazakhstan.
3. The main principles of state support for development of the industry of information and communication technologies:
1) development of the industry of information and communication technologies on the basis of private entrepreneurship and state-private partnership;
2) priority of domestic legal entities in obtaining orders for development of information and communication technologies, information systems;
3) stimulation of development of production of domestic software, software products and production of technical means;
4) development of the market structure of information and communication technologies;
5) support conscientious competition in the market of information and communication technologies.
4. In accordance with the principles of state support, measures for the development of the information and communication technologies industry, in addition to the measures provided for by the Entrepreneurial Code of the Republic of Kazakhstan, are:
1) formation and development of the normative and methodological base of activities in the industry of information and communication technologies, including the introduction of international standards;
2) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);3) financing of projects in the field of information and communication technologies;
4) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);5) creation of conditions for venture and other extra budgetary refundable financing of projects in the industry of information and communication technologies;
6) excluded by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication);7) investment in projects in the field of information and communication technologies through participation in the authorized capital of legal entities, the creation of legal entities, including those with foreign participation, and in other ways provided for by the legislation of the Republic of Kazakhstan.
Footnote. Article 61 as amended by the Law of the Republic of Kazakhstan dated 25.06.2020 № 347-VI (shall be enforced ten calendar days after the day of its first official publication).Article 62. Personnel and scientific provision of the industry of information and communication technologies
1. The state creates conditions for training and retraining of specialists with technical, professional, higher and postgraduate education on specialties in the industry of information and communication technologies in domestic and foreign higher educational institutions.
2. Organizations, national companies, their affiliated individuals act as bases of practice for students in organizations of professional, technical, higher and postgraduate education on specialties in the industry of information and communication technologies.
3. Scientific provision in the industry of information and communication technologies is executed through state support of scientific and scientific-technical activities in the industry of information and communication technologies, including through creation of conditions for the commercialization of technologies.
Chapter 12. INTERNATIONAL COOPERATION IN THE FIELD OF INFORMATIZATION
Article 63. International cooperation in the field of informatization
1. International cooperation of the Republic of Kazakhstan in the field of informatization is executed in accordance with the international treaties and the legislation of the Republic of Kazakhstan.
2. Subjects of informatization of the Republic of Kazakhstan have the right to join international organizations and associations, participate in international and foreign projects and programs.
State bodies in agreement with the authorized body execute interaction in the field of informatization with state bodies of foreign states, international organizations and foreign legal entities.
3. International cooperation in the field of informatization is executed in the form of:
1) interaction with state bodies of foreign states, international organizations and foreign legal entities, including participation in the implementation of measures for execution of international treaties of the Republic of Kazakhstan;
2) rendering assistance in the formation of a stable and secure system of international (interstate) information interaction with the use of information and communication technologies, including through the national gateway of the Republic of Kazakhstan;
3) interaction with foreign legal entities to ensure the development of information and communication technologies, as well as personnel development and scientific cooperation;
4) conduction of monitoring and forecasting the development of information and communication technologies on an ongoing basis jointly with foreign legal entities and international organizations;
5) interaction with state bodies of foreign states and international organizations on the issues of safe use of information and communication technologies, as well as establishment of prohibition for actions that encroach on the information and communication infrastructure of the state and undermine the political, economic, social and other spheres of state activity;
6) conduction of seminars, conferences and trainings in the Republic of Kazakhstan and abroad;
7) establishment of prohibition for the use of information and communication technologies to the detriment of man, society and state on the basis of reciprocity;
8) joint financing and implementation of projects in the field of information with foreign countries, international organizations, foreign legal entities, foreign public organizations and funds.
4. International cooperation on the issues of development of information and communication technologies, institutional provision and exchange of experience and knowledge is executed with participation of state bodies of foreign states, international organizations and foreign legal entities.
Chapter 13. FINAL AND TRANSITIONAL PROVISIONS
Article 64. State control in the field of informatization
State control in the field of informatization shall be carried out in the form of inspections, preventive control with a visit to the subject (object) of control and preventive control without visiting the subject (object) of control.
Inspection and preventive control with a visit to the subject (object) of control shall be carried out in accordance with the Entrepreneurial Code of the Republic of Kazakhstan.
Preventive control without visiting the subject (object) of control shall be carried out in accordance with this Law and the Entrepreneurial Code of the Republic of Kazakhstan.
State control over compliance with the legislation of the Republic of Kazakhstan on informatization in relation to state bodies shall be carried out in accordance with Article 64-2 of this Law.
The requirements of this Article shall not apply to the National Bank of the Republic of Kazakhstan and organizations included in its structure, as well as special state bodies of the Republic of Kazakhstan, unless otherwise provided by the laws of the Republic of Kazakhstan.
Footnote. Article 64 is in the wording of the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 64-1. The procedure for conducting preventive control without visiting the subject (object) of control
1. Preventive control without visiting the subject (object) of control shall be carried out by the authorized body in the field of ensuring information security without visiting the subjects (objects) of control based on analysis and data from information systems, open sources, the media, as well as other information about the activities of the subject (object) of control.
2. The goals of preventive control without visiting the subject (object) of control shall be timely suppression and prevention of violations, providing the subject of control with the right to independently eliminate violations identified as a result of preventive control without visiting the subject (object) of control, and reducing the administrative burden on the subject of control.
3. For granting the right to the subjects of control to eliminate violations independently, preventive control without visiting the subject (object) of control shall be carried out only for those violations, the consequences of which can be eliminated in accordance with the legislation of the Republic of Kazakhstan.
4. Based on the results of preventive control without visiting the subject (object) of control, a recommendation shall be drawn up to eliminate the identified violations without initiating a case of an administrative offense with a mandatory explanation to the subject of control of the procedure for their elimination.
5. The recommendation to eliminate the identified violations must be handed over to the subject of control personally under signature or in another way confirming the fact of sending and receiving.
6. A recommendation to eliminate identified violations, sent in one of the following ways, shall be considered to be handed over in the following cases:
1) personal delivery – from the date of the note in the recommendation for receipt;
2) by mail – registered mail with notification;
3) electronically - from the date of sending by the authorized body in the field of information security to the e-mail address of the subject of control specified in the letter upon request by the authorized body in the field of information security.
7. The recommendation to eliminate the identified violations must be executed within thirty working days from the day following the day of its delivery.
8. The subject of control, in case of disagreement with the violations specified in the recommendation to eliminate the identified violations, shall have the right to send an objection to the authorized body in the field of information security that sent the recommendation to eliminate the identified violations within five working days from the day following the day of its delivery.
9. Failure to comply within the prescribed period with the recommendation to eliminate identified violations shall entail the inclusion of the subject (object) of control in the semi-annual list of preventive control with a visit to the subject (object) of control.
10. Preventive control without visiting the subject (object) of control shall be carried out no more than once a quarter.
Footnote. Chapter 13 has been supplemented by Article 64-1 in accordance with the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 64-2. The procedure for conducting state control over compliance with the legislation of the Republic of Kazakhstan on informatization in relation to state bodies
1. State control over compliance with the legislation of the Republic of Kazakhstan on informatization in relation to state bodies (hereinafter - the inspected state bodies) shall be carried out by the authorized body in the field of ensuring information security in the form of inspections.
Inspections shall be divided into periodic and unscheduled.
Periodic inspections of inspected state bodies shall be carried out according to the following sources of information:
1) the results of previous inspections;
2) the results of monitoring reporting and information;
3) the results of analysis of the Internet resources of state bodies;
4) information from the state technical service.
2. Periodic inspections shall be carried out at intervals of no more than once a year in accordance with the plan for conducting periodic inspections, approved by the first head of the authorized body in the field of information security.
The authorized body in the field of information security, no later than December 1 of the year preceding the year of inspections, shall approve a plan for conducting periodic inspections.
The plan for conducting periodic inspections shall be posted on the Internet resource of the authorized body in the field of information security no later than December 20 of the year preceding the year of inspections.
The periodic inspection plan includes:
1) number and date of approval of the plan;
2) name of the state body;
3) name of the state body being inspected;
4) location of the state body being inspected;
5) timing of the inspection;
6) subject of inspection;
7) signature of the person authorized to sign the plan.
Amendments and additions to the plan for conducting periodic inspections shall be carried out in cases of liquidation, reorganization of the inspected state body, change of its name, or redistribution of powers between the inspected state bodies.
3. An unscheduled inspection is an inspection appointed by the authorized body in the field of information security in the following cases:
1) the presence of confirmed appeals regarding the inspected state body, received from individuals and legal entities, about violation of the requirements of the legislation of the Republic of Kazakhstan on informatization;
2) appeals from individuals and legal entities whose rights and legitimate interests have been violated;
3) demands of the prosecutor on specific facts of causing or threat of causing harm to the rights and legitimate interests of individuals and legal entities, the state;
4) appeals from state bodies on specific facts of harm to the rights and legitimate interests of individuals and legal entities, the state, as well as on specific facts of violations of the requirements of the legislation of the Republic of Kazakhstan, the failure to eliminate which entails harm to the rights and legitimate interests of individuals and legal entities;
5) instructions from the criminal prosecution body on the grounds provided for by the Criminal Procedure Code of the Republic of Kazakhstan;
6) the need to monitor the execution of the act on the results of the inspection.
4. Officials of the authorized body in the field of information security when conducting an inspection shall have the right to:
1) unhindered access to the territory and premises of the inspected state body in accordance with the subject of the inspection upon presentation of the documents specified in paragraph 8 of this Article;
2) receive documents (information) on paper and electronic media or copies thereof for inclusion in the act on the results of the inspection, as well as access to automated databases (information systems) in accordance with the subject of the inspection;
3) carry out audio, photo and video recording;
4) attract specialists, consultants and experts from state bodies, subordinate and other organizations.
5. When conducting an inspection, the state body being inspected or its authorized representative shall have the right:
1) not to allow officials of the authorized body in the field of information security who arrived to conduct the inspection to be inspected in the following cases:
exceeding or expiration of the deadlines specified in the act on appointment of the inspection (additional act on extension, if any) that do not correspond to the deadlines established by this Article;
absence of documents provided for in paragraph 8 of this Article;
2) to appeal the act on the results of the inspection in the manner established by the legislation of the Republic of Kazakhstan.
6. When conducting an inspection, the state body being inspected or its authorized representative shall be obliged to:
1) ensure unimpeded access for officials of the authorized body in the field of information security to the territory and premises;
2) provide officials of the authorized body in the field of information security with documents (information) on paper and electronic media or copies thereof for inclusion in the act on the results of the inspection, as well as access to automated databases (information systems) in accordance with the subject of the inspection;
3) make a note on the second copy of the act on the appointment of the inspection and the act on the results of the inspection on the day of its completion.
7. The inspection shall be conducted on the basis of an act on appointment of the inspection.
The act on appointment of the inspection shall indicate:
1) date and number of the act;
2) name of the state body;
3) surname, name, patronymic (if it is indicated in the identity document) and position of the person (persons) authorized to conduct the inspection;
4) information about specialists, consultants and experts of state bodies, subordinate and other organizations involved in conducting the inspection;
5) name of the state body being inspected, its location.
In the case of an inspection of a structural unit of a state body, the act on the appointment of the inspection shall indicate its name and location;
6) subject of inspection;
7) type of inspection;
8) the period for conducting the inspection;
9) the grounds for conducting the inspection;
10) period being inspected;
11) rights and obligations of the state body being inspected;
12) signature of the head of the state body being inspected or his authorized person on receipt or refusal to receive the act;
13) signature of the person authorized to sign the act.
When conducting an inspection, the authorized body in the field of information security shall be obliged to notify the state body being inspected about the start of the inspection at least one day before its start, indicating the subject of the inspection.
The beginning of the inspection shall be considered to be the date of delivery of the act on the appointment of inspection to the inspected state body.
8. Officials of the authorized body in the field of information security who arrived at the object for inspection shall be required to present to the inspected state body:
1) an act on the appointment of an inspection;
2) service ID or identification card;
3) if necessary, permission from the competent authority to visit sensitive facilities.
9 The period for conducting the inspection shall be established taking into account the subject of the inspection, as well as the volume of works to be done, and should not exceed ten working days.
The inspection period can be extended only once by no more than fifteen working days. The extension shall be carried out by the decision of the head of the authorized body in the field of information security.
Extension of the inspection period shall be formalized by an additional act on the extension of the inspection period with a notification to the inspected state body, which indicates the date and order number of the previous act on the appointment of the inspection and the reasons for the extension.
A notification on the extension of the inspection period shall be handed over to the inspected state body by the authorized body in the field of information security one working day before the extension with a notification of delivery.
10. Based on the results of the inspection, the officials of the authorized body in the field of information security carrying out the inspection shall draw up an act on the results of the inspection.
The first copy of the act on the results of the inspection in electronic form shall be submitted to the state body carrying out activities in the field of state legal statistics and special records within its competence, the second copy with copies of appendices, with the exception of copies of documents available in the original from the state body being inspected, on paper carrier against signature or in electronic form shall be handed over to the inspected state body (the head or his authorized representative) for review and taking measures to eliminate identified violations and other actions, the third copy remains with the authorized body in the field of information security.
11. An act on the results of the inspection shall indicate:
1) date, time and place of drawing up the act;
2) name of the state body;
3) number and date of the act on the appointment of the inspection (additional act on the extension of the period, if any);
4) surname, name, patronymic (if it is indicated in the identity document) and position of the person (persons) who conducted the inspection;
5) information about specialists, consultants and experts of state bodies, subordinate and other organizations involved in conducting the inspection;
6) name of the state body being inspected, its location;
7) subject of inspection;
8) type of inspection;
9) the date and period of the inspection;
10) information about the results of the inspection, including the violations identified and their nature;
11) requirements to eliminate identified violations of the requirements of the legislation of the Republic of Kazakhstan on informatization, indicating the deadline for their implementation;
12) information about familiarization or refusal to familiarize with the act of the head of the state body being inspected or his authorized person, as well as persons present during the inspection, their signatures or a record of refusal to sign;
13) signature of the officials who conducted the inspection.
Documents related to the results of the inspection (if any) and their copies shall be attached to the act on the results of the inspection.
12. If there are comments and (or) objections based on the results of the inspection, the state body being inspected shall state them in writing. Comments and (or) objections shall be attached to the act on the results of the inspection, about which a corresponding note shall be made.
The authorized body in the field of information security must consider the comments and (or) objections of the inspected state body to the act on the results of the inspection and give a reasoned response within fifteen working days.
In case of refusal to accept an act on the results of the inspection, an act shall be drawn up and signed by the officials carrying out the inspection and the head of the state body being inspected or his authorized representative.
The state body being inspected shall have the right to refuse to sign the act by giving a written explanation of the reason for the refusal.
13. The end of the inspection period shall be considered to be the day of delivery to the inspected state body of an act on the results of the inspection no later than the end date of the inspection specified in the act on the appointment of the inspection or an additional act on the extension of the inspection period.
14. The terms of the execution of the act on the results of the inspection shall be determined taking into account the circumstances influencing the real possibility of its execution, but not less than ten calendar days from the date of delivery of the act on the results of the inspection.
15. When determining the terms of the execution of the act on the results of the inspection, the following shall be taken into account:
1) whether the state body being inspected has the organizational and technical capabilities to eliminate violations;
2) deadlines for obtaining from state bodies of mandatory conclusions, approvals, and other documents established by the laws of the Republic of Kazakhstan.
16. After the expiration of the period for eliminating the identified violations established in the act on the results of the inspection, the inspected state body shall be obliged, within the period established in the act on the results of the inspection, to provide the authorized body in the field of information security with information about the elimination of the identified violations with supporting documents.
In case of failure to provide information on the elimination of identified violations, the authorized body in the field of information security shall have the right to appoint an unscheduled inspection in accordance with subparagraph 6) of paragraph 3 of this Article.
17. In the event of a violation of the rights and legitimate interests of the inspected state body during an inspection, the inspected state body shall have the right to appeal the decisions, actions (inactions) of officials of the authorized body in the field of ensuring information security to a higher official or to court in the manner established by the legislation of the Republic of Kazakhstan.
Footnote. Chapter 13 has been supplemented by Article 64-2 in accordance with the Law of the Republic of Kazakhstan dated 06.04.2024 № 71-VIII (shall be enforced upon expiry of sixty calendar days after the day of its first official publication).Article 65. Responsibility for violation of the legislation of the Republic of Kazakhstan on informatization
Violation of the legislation of the Republic of Kazakhstan on informatization entails responsibility in accordance with the laws of the Republic of Kazakhstan.
Article 66. Transitional provision
1. State bodies that have Internet resources and information systems of state bodies, introduced into industrial operation before the enactment of this Law and not having the protocol of tests for compliance with information security requirements, certificate of compliance with the requirements of information security, shall conduct their tests for compliance with information security requirements and certification within three years from the date of enactment of this Law.
2. Non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and not having the protocol of tests for compliance with information security requirements, the certificate of compliance to information security shall be tested for compliance with information security requirements and certification within three years from the date of enactment of the Law.
3. Excluded by the Law of the Republic of Kazakhstan dated 19.06.2024 № 94-VIII (shall come into force sixty calendar days after the day of its first official publication).Footnote. Article 66 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 № 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 03.05.2022 № 118-VII (shall be enforced upon the expiration of ten calendar days after the day of its first official publication); dated 19.06.2024 № 94-VIII (shall come into force sixty calendar days after the day of its first official publication).
Article 67. Procedure for the enactment of this Law
1. This Law enters into enforce from January 1, 2016.
2. Recognize as invalid the Law of the Republic of Kazakhstan dated January 11, 2007 "On informatization" (Gazette of the Parliament of the Republic of Kazakhstan, 2007, № 2, art. 13; 2009, № 15-16, art. 74; № 18, art. 84; 2010, № 5, art. 23; № 17-18, art. 111; 2011, № 1, art. 2; № 11, art. 102; № 15, art. 118; 2012, № 2, art. 13; № 8, art. 64; № 14, art. 95; № 15, art. 97; 2013, № 5-6, art. 30; № 7, art. 36; № 14, art. 75; 2014, № 1, art. 4; № 19-I, 19-II, art. 96; № 23, art. 143).
President of the Republic of Kazakhstan |
N. NAZARBAYEV |