电子签名示范法.doc

贸易法委员会电子签名示范法2008-10-13 08:49 文章来源：对外经贸大学部分教师翻译文章类型：编译 内容分类：其它(2001年6月25日至7月13日在维也纳举行的联合国国际贸易法委员会第三十四届会议的工作报告摘录。贸易法委员会电子签名示范法于2001年7月5日通过)注：示范法颁布指南的最后文本将于2001年下半年出版）第1条 适用范围本规则适用于商务活动过程中电子签名的使用，并不优于旨在保护消费者的任何法律规则。第2条 定 义在本法中：(a)“电子签名”系指在数据电文中，以电子形式所含、所附或在逻辑上与数据电文有联系的数据，它可用于鉴别与数据电文相关的签名人和表明签名人认可数据电文所含信息；(b)“证书”系指确认签名人与签名制作数据之间关系的某一数据电文或其他记录；(c)“数据电文”系指经由电子手段、光学手段或类似手段生成、发送、接收或储存的信息，这些手段包括但不限于电子数据交换(EDl)、电子邮件、电报、用户电报或传真；(d)“签名人”系指持有签名制作数据、代表其本人或代表他人行事的人；(e)“认证服务提供人”系指签发证书和可能提供与电子签名有关的其他服务的人。(f)“依赖方”系指可能根据某一证书或电子签名行事的人。第3条 谷名技术钓平等对待除第5条外，本法任何条款的适用概不排除、限制或剥夺满足第6条第1款所述要求或者符合适用法律要求的制作电子签名的任何方法的法律效力。第4条 解 释1.对本法作出解释时，应考虑到其国际渊源以及促进其统一适用和遵守诚信的必要性。2.由本法管辖的事项而在本法内未明文规定解决办法的问题，应按本法所依据的一般原则解决。第5条 经由协义的改动本法的规定可经由协议加以删减或改变其效力，除非根据适用法律，该协议无效或不产生效力。第6条 符合签名要求1.凡法律规定要求有一人的签名时，如果根据各种情况，包括根据任何有关协议，所用电子签名既适合生成或传送数据电文所要达到的目的，而且也同样可靠，则对于该数据电文而言，即满足了该项签名要求。2.无论第1款所述要求是否作为一项义务，或者无论法律是否只规定了无签名的后果，第1款均适用。3.就满足第1款所述要求而言，符合下列条件的电子签名视作可靠的电子签名：(a)签名制作数据在其使用的范围内与签名人而不是还与其他任何人相关联；(b)签名制作数据在签名时处于签名人而不是还处于其他任何人的控制之中；(c)凡在签名后对电子签名的任何更改均可被觉察；以及(d)如果签名的法律要求目的是对签名涉及的信息的完整性提供保证，凡在签名后对该信息的任何更改均可被觉察。4.第3款并不限制任何人在下列任何方面的能力：(a)为满足第1款所述要求的目的，以任何其他方式确立某一电子签名的可靠性；或(b)举出某一电子签名不可靠的证据。5.本条规定不适用于下列情形：。第7条 第6条的满足1.颁布国指定的任何主管个人、公共或私人机关或机构可确定哪些电子签名满足本法第6条的规定。2.依照第1款作出的任何决定应与公认的国际标准相一致。3.本条中任何规定概不影响国际私法规则的适用。第8条 签名人的行为1.签名制作数据可用于制作具有法律效力签名的，各签名人应当做到如下：(a)采取合理的谨慎措施，避免他人未经授权使用其签名制作数据；(b)在发生下列情况时，毫无不应有的迟延，利用认证服务提供人依照本法第9条提供的手段，或作出合理的努力，向签名人可以合理预计的依赖电子签名或提供支持电子签名服务的任何人发出通知：(1)签名人知悉签名制作数据已经失密；或(2)签名人知悉导致签名制作数据可能已经失密的重大风险情况；(c)在使用证书支持电子签名时，采取合理的谨慎措施，确保签名人作出的关于证书整个寿命周期的或需要列入证书内容的所有实质性表述均精确无误和完整无缺。2.签名人应当对其未能满足第1款的要求承担法律后果。第9条 认证服务提供人的行为1.认证服务提供人提供服务，以支持可用作具有法律效力的签名而使用的电子签名的，应当做到如下：(a)按其所作出的关于其政策和做法的表述行事；(b)采取合理的谨慎措施，确保其作出的关于证书整个寿命周期的或需要列人证书内容的所有实质性表述均精确无误和完整无缺；(c)提供合理可及的手段，使依赖方得以从证书中证实下列内容；(1)认证服务提供人的身份；(2)证书中所指明的签名人在签发证书时拥有对签名制作数据的控制；(3)在证书签发之时或之前签名制作数据有效；(d)提供合理可及的手段，使依赖方得以在适当情况下从证书或其他方面证实下列内容：(1)用以鉴别签名人的方法；(2)签名制作数据或证书的可能用途或使用金额上的任何限制；(3)签名制作数据有效，且未发生失密；(4)认证服务提供人规定的责任范围或程度上的任何限制；(5)是否存在签名人依照本法第8条第1(b)款发出通知的途径；(6)是否开设及时的撤销服务；(e)在开设(d)(5)项所述服务的情况下，提供签名人依照第8条第1(b)款发出通知的途径；在开设d(6)项所述服务的情况下，确保提供及时的撤销服务；(f)使用可信赖的系统、程序和人力资源提供其服务。2.认证服务提供人应当对其未能满足第1款的要求承担法律后果。第10条 可信赖性就本法第9条第1(f)款而言，在确定认证服务提供人使用的任何系统、程序和人力资源是否可信赖以及在何种程度上可信赖时，可以注意下列因素：(a)财力和人力资源，包括是否存在资产；(b)硬件和软件系统的质量；(c)证书及其申请书的处理程序和记录的保留；(d)是否可向证书中指明的签名人和潜在的依赖方提供信息；(e)由独立机构进行审计的经常性和审计的范围；(f)是否存在国家、资格鉴定机构或认证服务提供人作出的关于上述条件遵守情况或上述条件是否存在的声明；或(g)其他任何有关因素。第11条 依赖方的行为依赖方应当对其未能做到如下承担法律后果：(a)采取合理的步骤查验电子签名的可靠性；或(b)在电子签名有证书支持时，采取合理的步骤：(1)查验证书的有效性、证书的暂停或撤销；以及(2)遵守对证书的任何限制。第12条 对外国证书和电子签名的承认1.在确定某一证书或某一电子签名是否具有法律效力或在多大程度上具有法律效力时，不应考虑：(a)签发证书或制作或使用电子签名的地理位置；或(b)签发人或签名人营业地的地理位置。2.在颁布国境外签发的证书，具有实质上同等可靠性的，在该颁布国境内具有与在该颁布国境内签发的证书同样的法律效力。3.在颁布国境外制作或使用的电子签名，具有实质上同等可靠性的，在该颁布国境内具有与在该颁布国境内制作或使用的电子签名同样的法律效力。4.在确定某一证书或某一电子签名是否为第2款或第3款之目的而具有实质上同等的可靠性时，应当考虑到公认的国际标准或其他任何有关的因素。5.当事务方之间约定使用某些类别的电子签名或证书的，即使有第2款、第3款和第4款的规定，仍应承认该协议足以成为跨国境承认的依据，除非根据适用法律该协议无效或不产生效力。UNCITRAL MODEL LAW ON ELECTRONIC SIGNATURES2001(Excerpt from the report of the United Nations Commission on International TradeLaw on the work of its thirty-fourth session, held at Vienna, from 25 June to 13 July2001. The text of the UNCITRAL Model Law on Electronic Signatures wasadopted on 5 July 2001 Note: the final version of the Guide to Enactment of theModel Law will be published during the second semester of the year 2001)Annex IIUNCITRAL Model Law on Electronic Signatures (2001)Article 1Sphere of applicationThis Law applies where electronic signatures are used in the context* ofcommercial* activities. It does not override any rule of law intended for theprotection of consumers._* The Commission suggests the following text for States that might wish to extend theapplicability of this Law:“This Law applies where electronic signatures are used, except in the followingsituations: .”* The term “commercial” should be given a wide interpretation so as to cover matters arising fromall relationships of a commercial nature, whether contractual or not. Relationships of acommercial nature include, but are not limited, to the following transactions: any tradetransaction for the supply or exchange of goods or services; distribution agreement; commercialrepresentation or agency; factoring; leasing; construction of works; consulting; engineering;licensing; investment; financing; banking; insurance; exploitation agreement or concession;joint venture and other forms of industrial or business cooperation; carriage of goods orpassengers by air, sea, rail or road.Article 2DefinitionsFor the purposes of this Law:(a) “Electronic signature” means data in electronic form in, affixed to orlogically associated with, a data message, which may be used to identify thesignatory in relation to the data message and to indicate the signatorys approval ofthe information contained in the data message;(b) “Certificate” means a data message or other record confirming the linkbetween a signatory and signature creation data;(c) “Data message” means information generated, sent, received or stored byelectronic, optical or similar means including, but not limited to, electronic datainterchange (EDI), electronic mail, telegram, telex or telecopy;2(d) “Signatory” means a person that holds signature creation data and actseither on its own behalf or on behalf of the person it represents;(e) “Certification service provider” means a person that issues certificatesand may provide other services related to electronic signatures;(f) “Relying party” means a person that may act on the basis of a certificateor an electronic signature.Article 3Equal treatment of signature technologiesNothing in this Law, except article 5, shall be applied so as to exclude, restrictor deprive of legal effect any method of creating an electronic signature thatsatisfies the requirements referred to in article 6, paragraph 1, or otherwise meetsthe requirements of applicable law.Article 4Interpretation1. In the interpretation of this Law, regard is to be had to its international originand to the need to promote uniformity in its application and the observance of goodfaith.2. Questions concerning matters governed by this Law which are not expresslysettled in it are to be settled in conformity with the general principles on which thisLaw is based.Article 5Variation by agreementThe provisions of this Law may be derogated from or their effect may bevaried by agreement, unless that agreement would not be valid or effective underapplicable law.Article 6Compliance with a requirement for a signature1. Where the law requires a signature of a person, that requirement is met inrelation to a data message if an electronic signature is used that is as reliable as wasappropriate for the purpose for which the data message was generated orcommunicated, in the light of all the circumstances, including any relevantagreement.2. Paragraph 1 applies whether the requirement referred to therein is in the formof an obligation or whether the law simply provides consequences for the absence ofa signature.3. An electronic signature is considered to be reliable for the purpose ofsatisfying the requirement referred to in paragraph 1 if:(a) The signature creation data are, within the context in which they areused, linked to the signatory and to no other person;3(b) The signature creation data were, at the time of signing, under the controlof the signatory and of no other person;(c) Any alteration to the electronic signature, made after the time of signing,is detectable; and(d) Where a purpose of the legal requirement for a signature is to provideassurance as to the integrity of the information to which it relates, any alterationmade to that information after the time of signing is detectable.4. Paragraph 3 does not limit the ability of any person:(a) To establish in any other way, for the purpose of satisfying therequirement referred to in paragraph 1, the reliability of an electronic signature; or(b) To adduce evidence of the non-reliability of an electronic signature.5. The provisions of this article do not apply to the following: .Article 7Satisfaction of article 61. Any person, organ or authority, whether public or private, specified by theenacting State as competent may determine which electronic signatures satisfy theprovisions of article 6 of this Law.2. Any determination made under paragraph 1 shall be consistent with recognizedinternational standards.3. Nothing in this article affects the operation of the rules of private internationallaw.Article 8Conduct of the signatory1. Where signature creation data can be used to create a signature that has legaleffect, each signatory shall:(a) Exercise reasonable care to avoid unauthorized use of its signaturecreation data;(b) Without undue delay, utilize means made available by the certificationservice provider pursuant to article 9 of this Law, or otherwise use reasonableefforts, to notify any person that may reasonably be expected by the signatory torely on or to provide services in support of the electronic signature if:(i) The signatory knows that the signature creation data have beencompromised; or(ii) The circumstances known to the signatory give rise to a substantial riskthat the signature creation data may have been compromised;(c) Where a certificate is used to support the electronic signature, exercisereasonable care to ensure the accuracy and completeness of all materialrepresentations made by the signatory that are relevant to the certificate throughoutits life cycle or that are to be included in the certificate.42. A signatory shall bear the legal consequences of its failure to satisfy therequirements of paragraph 1.Article 9Conduct of the certification service provider1. Where a certification service provider provides services to support anelectronic signature that may be used for legal effect as a signature, that certificationservice provider shall:(a) Act in accordance with representations made by it with respect to itspolicies and practices;(b) Exercise reasonable care to ensure the accuracy and completeness of allmaterial representations made by it that are relevant to the certificate throughout itslife cycle or that are included in the certificate;(c) Provide reasonably accessible means that enable a relying party toascertain from the certificate:(i) The identity of the certification service provider;(ii) That the signatory that is identified in the certificate had control of thesignature creation data at the time when the certificate was issued;(iii) That signature creation data were valid at or before the time when thecertificate was issued;(d) Provide reasonably accessible means that enable a relying party toascertain, where relevant, from the certificate or otherwise:(i) The method used to identify the signatory;(ii) Any limitation on the purpose or value for which the signature creationdata or the certificate may be used;(iii) That the signature creation data are valid and have not beencompromised;(iv) Any limitation on the scope or extent of liability stipulated by thecertification service provider;(v) Whether means exist for the signatory to give notice pursuant to article 8,paragraph 1 (b), of this Law;(vi) Whether a timely revocation service is offered;(e) Where services under subparagraph (d) (v) are offered, provide a meansfor a signatory to give notice pursuant to article 8, paragraph 1 (b), of this Law and,where services under subparagraph (d) (vi) are offered, ensure the availability of atimely revocation service;(f) Utilize trustworthy systems, procedures and human resources inperforming its services.2. A certification service provider shall bear the legal consequences of its failureto satisfy the requirements of paragraph 1.5Article 10TrustworthinessFor the purposes of article 9, paragraph 1 (f), of this Law in determiningwhether, or to what extent, any systems, procedures and human resources utilized bya certification service provider are trustworthy, regard may be had to the followingfactors:(a) Financial and human resources, including existence of assets;(b) Quality of hardware and software systems;(c) Procedures for processing of certificates and applications for certificatesand retention of records;(d) Availability of information to signatories identified in certificates and topotential relying parties;(e) Regularity and extent of audit by an independent body;(f) The existence of a declaration by the State, an accreditation body or thecertification service provider regarding compliance with or existence of theforegoing; or(g) Any other relevant factor.Article 11Conduct of the relying partyA relying party shall bear the legal consequences of its failure:(a) To take reasonable steps to verify the reliability of an electronicsignature;or(b) Where an electronic signature is supported by a certificate, to takereasonable steps:(i) To verify the validity, suspension or revocation of the certificate; and(ii) To observe any limitation with respect to the certifi