The revised Regulations on the Administration of Commercial Passwords came into effect on July 1st.

　　CCTV News:According to the news of the Chinese government website on May 24th, the Regulation on the Administration of Commercial Passwords was revised and passed at the 4th executive meeting in the State Council on April 14th, 2023, and is hereby promulgated and shall come into force as of July 1st, 2023. The "Regulations" propose that the state encourages commercial cryptographic technology cooperation based on the principle of voluntariness and commercial rules in the process of foreign investment. Administrative organs and their staff shall not use administrative means to force the transfer of commercial cipher technology.

Regulations on the administration of commercial passwords

(Decree No.273 of the State Council of the People’s Republic of China was promulgated on October 7, 1999 and Decree No.760 of the State Council of the People’s Republic of China was revised on April 27, 2023)

　　Chapter I General Principles

　　Article 1 In order to standardize the application and management of commercial passwords, encourage and promote the development of commercial password industry, ensure the security of network and information, safeguard national security and social public interests, and protect the legitimate rights and interests of citizens, legal persons and other organizations, these Regulations are formulated in accordance with the People’s Republic of China (PRC) Encryption Law and other laws.

　　Article 2 These Regulations shall apply to the scientific research, production, sales, service, testing, certification, import and export, application and other activities in People’s Republic of China (PRC).

　　The term "commercial passwords" as mentioned in these Regulations refers to technologies, products and services that use specific transformation methods to encrypt and protect information that is not a state secret.

　　Article 3 Adhere to the Communist Party of China (CPC)’s leadership over the work of commercial passwords and implement the overall concept of national security. The national password management department is responsible for the management of commercial passwords throughout the country. Local password management departments at or above the county level are responsible for the management of commercial passwords in their respective administrative areas.

　　The relevant departments such as network information, commerce, customs, market supervision and management are responsible for the management of commercial passwords within their respective responsibilities.

　　Article 4 The State shall strengthen the training of commercial cryptographers, establish and improve the system and mechanism for the development of commercial cryptographers and the talent evaluation system, encourage and support the construction of cryptographers and specialties, standardize the socialized training of commercial cryptographers, and promote the exchange of commercial cryptographers.

　　Article 5 People’s governments at all levels and their relevant departments shall strengthen publicity and education on commercial passwords in various forms, so as to enhance the password safety awareness of citizens, legal persons and other organizations.

　　Article 6 Societies, trade associations and other social organizations in the field of commercial cryptography shall, in accordance with the provisions of laws, administrative regulations and their articles of association, carry out academic exchanges, policy research, public services and other activities, strengthen academic and industry self-discipline, promote the construction of integrity, and promote the healthy development of the industry.

　　The password management department shall strengthen the guidance and support for social organizations in the field of commercial passwords.

　　Chapter II Scientific and Technological Innovation and Standardization

　　Article 7 The State shall establish and improve the innovation promotion mechanism of commercial cipher science and technology, support the independent innovation of commercial cipher science and technology, and commend and reward organizations and individuals who have made outstanding contributions in accordance with the relevant provisions of the State.

　　The state protects intellectual property rights in the field of commercial passwords according to law. To engage in commercial password activities, we should enhance our awareness of intellectual property rights and improve our ability to use, protect and manage intellectual property rights.

　　The state encourages the cooperation in commercial cryptography technology based on the principle of voluntariness and commercial rules in the process of foreign investment. Administrative organs and their staff shall not use administrative means to force the transfer of commercial cipher technology.

　　Article 8 The State encourages and supports the transformation and industrial application of scientific and technological achievements in commercial cryptography, and establishes and improves the feedback mechanism of information collection, release and application of scientific and technological achievements in commercial cryptography.

　　Article 9 The national password management department shall organize the examination and appraisal of commercial password technologies such as cryptographic algorithms, cryptographic protocols, and key management mechanisms used in networks and information systems that require the use of commercial passwords in accordance with laws, administrative regulations, and relevant state regulations.

　　Article 10 The standardization administrative department of the State Council and the national password management department shall, according to their respective responsibilities, organize the formulation of national and industrial standards for commercial passwords, and regulate, guide and supervise the formulation of corporate standards for commercial passwords. The national password management department shall, according to its responsibilities, establish a feedback and evaluation mechanism for the implementation of commercial password standards, and supervise and inspect the implementation of commercial password standards.

　　The State promotes participation in the international standardization of commercial passwords, participates in the formulation of international standards for commercial passwords, promotes the transformation and application between China standards and foreign standards for commercial passwords, and encourages enterprises, social organizations, educational and scientific research institutions to participate in the international standardization of commercial passwords.

　　Where standards in other fields involve commercial passwords, they shall be coordinated with national standards and industry standards for commercial passwords.

　　Article 11 To engage in commercial password activities, the technical requirements of relevant laws, administrative regulations, national standards for mandatory commercial passwords and standards for self-disclosure shall be met.

　　The state encourages the adoption of recommended national standards and industry standards for commercial passwords in commercial password activities, so as to enhance the protection ability of commercial passwords and safeguard the legitimate rights and interests of users.

　　Chapter III Testing and Certification

　　Article 12 The State promotes the construction of commercial password detection and certification system, and encourages voluntary acceptance of commercial password detection and certification in commercial password activities.

　　Article 13 Institutions engaged in commercial password detection activities, such as detection of commercial password products, safety assessment of commercial password application in networks and information systems, and issuing data and results with proof to the society shall be recognized by the national password administration department and obtain the qualification of commercial password detection institutions according to law.

　　Article 14 To obtain the qualification of a commercial password detection institution, the following conditions shall be met:

　　(1) Having the qualification of a legal person;

　　(2) Having the capital, place, equipment, facilities, professionals and professional ability suitable for engaging in commercial password detection activities;

　　(3) It has a management system to ensure the effective operation of commercial password detection activities.

　　Fifteenth to apply for the qualification of commercial password testing institutions, it shall submit a written application to the national password management department, and submit the materials that meet the conditions stipulated in Article fourteenth of these regulations.

　　The national password management department shall, within 20 working days from the date of accepting the application, review the application and make a decision on whether to approve the identification according to law.

　　Where it is necessary to conduct a technical review of the applicant, the time required for the technical review shall not be counted within the time limit specified in this article. The national password management department shall inform the applicant in writing of the required time.

　　Article 16 Commercial password detection institutions shall independently, fairly, scientifically and honestly carry out commercial password detection within the approved scope in accordance with laws, administrative regulations and technical specifications and rules for commercial password detection, be responsible for the detection data and results issued, and regularly submit the detection implementation to the national password management department.

　　Technical specifications and rules for commercial password detection shall be formulated and promulgated by the national password management department.

　　Article 17 The market supervision and management department of the State Council shall, jointly with the national password management department, establish a unified national commercial password authentication system, implement the authentication of commercial password products, services and management systems, and formulate and publish the authentication catalogue, technical specifications and rules.

　　Eighteenth institutions engaged in commercial password authentication activities shall obtain the qualification of commercial password authentication institutions according to law.

　　To apply for the qualification of a commercial password certification body, a written application shall be submitted to the the State Council Municipal Market Supervision and Administration Department. In addition to meeting the basic requirements of certification bodies required by laws, administrative regulations and relevant provisions of the state, applicants should also have technical capabilities such as detection and inspection that are suitable for engaging in commercial password certification activities.

　　The market supervision and management department of the State Council shall solicit the opinions of the national password management department when examining the application for the qualification of commercial password certification institutions.

　　Article 19 A commercial password authentication institution shall independently, fairly, scientifically and honestly conduct commercial password authentication within the approved scope in accordance with laws, administrative regulations and technical specifications and rules for commercial password authentication, and be responsible for the authentication conclusions issued.

　　A commercial password certification institution shall conduct effective follow-up investigation on its certified commercial password products, services and management systems to ensure that the certified commercial password products, services and management systems continue to meet the certification requirements.

　　Article 20 Commercial password products involving national security, national economy, people’s livelihood and social public interests shall be listed in the catalogue of key network equipment and special products for network security according to law, and can only be sold or provided after being tested and certified by qualified commercial password testing and certification institutions.

　　Twenty-first commercial password services that use key network equipment and special products for network security shall be certified by commercial password certification institutions.

　　Chapter IV Electronic Authentication

　　Article 22 To provide electronic authentication services by using commercial password technology, it shall have a place, equipment and facilities, professionals, professional ability and management system that are suitable for the use of passwords, and obtain the certification documents that the national password management department agrees to use passwords according to law.

　　Twenty-third electronic authentication service institutions shall provide electronic authentication services by using passwords in accordance with laws, administrative regulations and technical specifications and rules for the use of passwords in electronic authentication services, so as to ensure that the use of passwords in their electronic authentication services continues to meet the requirements.

　　Technical specifications and rules for the use of passwords for electronic authentication services shall be formulated and promulgated by the national password management department.

　　Twenty-fourth institutions engaged in e-government electronic authentication services by using commercial cryptography technology shall be recognized by the national password management department and obtain the qualification of e-government electronic authentication service institutions according to law.

　　Twenty-fifth to obtain the qualification of e-government electronic certification service institutions, shall meet the following conditions:

　　(1) Having the qualifications of an enterprise legal person or a public institution legal person;

　　(2) Having funds, places, equipment, facilities and professionals suitable for engaging in e-government electronic authentication service activities and using passwords;

　　(three) have the ability to provide long-term e-government electronic authentication services for government activities;

　　(4) It has a management system to ensure the safe operation of e-government electronic authentication service activities and the use of passwords.

　　Twenty-sixth to apply for the qualification of e-government electronic certification service institutions, it shall submit a written application to the national password management department, and submit materials that meet the conditions stipulated in Article 25 of these regulations.

　　The national password management department shall, within 20 working days from the date of accepting the application, review the application and make a decision on whether to approve the identification according to law.

　　Where it is necessary to conduct a technical review of the applicant, the time required for the technical review shall not be counted within the time limit specified in this article. The national password management department shall inform the applicant in writing of the required time.

　　Twenty-seventh foreign investment in e-government electronic authentication services, which affects or may affect national security, shall be subject to foreign investment security review according to law.

　　Twenty-eighth e-government electronic authentication service institutions shall provide e-government electronic authentication services within the approved scope in accordance with laws, administrative regulations and technical specifications and rules of e-government electronic authentication services, and regularly submit the implementation of services to the password management departments of provinces, autonomous regions and municipalities directly under the Central Government where the main offices are located.

　　Technical specifications and rules for e-government electronic authentication services shall be formulated and promulgated by the national password management department.

　　Article 29 The State establishes a unified trust mechanism for electronic authentication. The national password management department is responsible for the planning and management of trust sources of electronic authentication, and promotes mutual trust and recognition of electronic authentication services in conjunction with relevant departments.

　　Thirtieth password management department in conjunction with the relevant departments responsible for the management of the use of electronic signatures and data messages in government activities.

　　Electronic authentication services involving electronic signatures, electronic seals and electronic certificates in government affairs activities shall be provided by legally established e-government electronic authentication service institutions.

　　Chapter V Import and Export

　　Article 31 Commercial passwords that involve national security, social public interests and have encryption protection functions shall be included in the list of import licenses for commercial passwords, and import licenses shall be implemented. Commercial passwords involving national security, social and public interests or China’s international obligations shall be included in the export control list of commercial passwords and subject to export control.

　　The list of commercial password import license and the list of commercial password export control shall be formulated and published by the competent commerce department of the State Council in conjunction with the national password management department and the General Administration of Customs.

　　Commercial passwords used in mass consumer products are not subject to import licensing and export control systems.

　　Article 32 A commercial password for import in the import license list or a commercial password for export in the export control list shall apply to the competent commerce department of the State Council for an import and export license.

　　The provisions of the preceding paragraph shall apply to the transit, transshipment, through transport and re-export of commercial passwords, which enter and exit between overseas and special customs supervision areas such as comprehensive bonded zones, or between overseas and bonded supervision places such as export supervision warehouses and bonded logistics centers.

　　Article 33 When importing commercial passwords, the commercial passwords listed in the import license list or the commercial passwords listed in the export control list are exported, the import and export licenses shall be submitted to the customs, and the customs declaration formalities shall be handled in accordance with the relevant provisions of the state.

　　If the import and export operator fails to submit the import and export license to the customs, and the customs has evidence that the import and export products may fall within the scope of the commercial password import license list or the export control list, it shall question the import and export operator; The Customs may submit an organizational identification to the competent commercial department of the State Council, and dispose of it according to the identification conclusion made by the competent commercial department of the State Council jointly with the national password management department. During the period of identification or questioning, the customs shall not release the import and export products.

　　Article 34 To apply for the import and export license of commercial passwords, a written application shall be submitted to the competent commercial department of the State Council, and the following materials shall be submitted:

　　(a) the identity certificates of the legal representative, main business managers and managers of the applicant;

　　(2) A copy of the contract or agreement;

　　(3) A technical description of the commercial password;

　　(four) the end user and the end use certificate;

　　(five) other documents required by the competent department of commerce of the State Council.

　　The competent department of commerce of the State Council shall, within 45 working days from the date of accepting the application, review the application in conjunction with the national password management department, and make a decision on whether to grant the license according to law.

　　The export of commercial passwords that have a significant impact on national security, social public interests or foreign policy shall be reported to the State Council for approval by the competent department of commerce of the State Council in conjunction with the national password management department and other relevant departments. Approved by the State Council, not subject to the time limit prescribed in the preceding paragraph.

　　Chapter VI Application Promotion

　　Article 35 The State encourages citizens, legal persons and other organizations to use commercial passwords to protect network and information security according to law, and encourages the use of commercial passwords that have passed the test and certification.

　　No organization or individual may steal others’ encrypted information or illegally invade others’ commercial password protection system, and may not use commercial passwords to engage in illegal and criminal activities that endanger national security, social public interests and the legitimate rights and interests of others.

　　Article 36 The State supports the use of commercial passwords for network products and services to enhance security, and supports and regulates the application of commercial passwords in new technologies, new formats and new modes in the information field.

　　Article 37 The State shall establish a mechanism for promoting and coordinating the application of commercial passwords, and strengthen the overall guidance on the application of commercial passwords. State organs and units involved in commercial password work are responsible for the application and security of commercial passwords of their own organs, units or systems within their scope of duties.

　　The password management department shall, jointly with relevant departments, strengthen the information collection, risk assessment, information notification and consultation on major issues of commercial password application, and strengthen the connection with network security monitoring and early warning and information notification.

　　Article 38 The operators of key information infrastructures that are required to be protected by commercial passwords by laws, administrative regulations and relevant provisions of the state shall use commercial passwords for protection, formulate commercial password application schemes, equip necessary funds and professionals, plan, build and operate commercial password protection systems synchronously, and conduct security assessment of commercial password applications by themselves or by entrusting commercial password testing institutions.

　　The key information infrastructure listed in the preceding paragraph can only be put into operation after the security evaluation of commercial password application, and it will be evaluated at least once a year after operation, and the evaluation will be submitted to the national password management department or the password management department of the province, autonomous region or municipality directly under the Central Government where the key information infrastructure is located for the record in accordance with the relevant provisions of the state.

　　Article 39 The key information infrastructure required by laws, administrative regulations and relevant provisions of the state to be protected by commercial passwords shall use commercial password products and services that have passed the inspection and certification, and the commercial password technologies such as cryptographic algorithms, cryptographic protocols and key management mechanisms used shall be examined and appraised by the national password management department.

　　Article 40 Operators of key information infrastructure who purchase network products and services involving commercial passwords may affect national security shall pass the national security review organized by the national network information department in conjunction with the national password management department and other relevant departments according to law.

　　Article 41 Network operators shall use commercial passwords to protect network security in accordance with the requirements of the national network security level protection system. According to the network security protection level, the national password management department determines the requirements for the use, management and application security assessment of commercial passwords, and formulates the standards and specifications for network security level protection passwords.

　　Forty-second commercial password application security evaluation, key information infrastructure security detection evaluation, network security level evaluation should be strengthened to avoid repeated evaluation and evaluation.

　　Chapter VII Supervision and Administration

　　Forty-third password management departments shall organize supervision and inspection of commercial password activities according to law, and guide and supervise the work related to commercial passwords of state organs and units involved in commercial password work.

　　Forty-fourth password management departments and relevant departments to establish a cooperative mechanism for the supervision and management of commercial passwords, and strengthen the coordination and cooperation in the supervision, inspection and guidance of commercial passwords.

　　Forty-fifth password management departments and relevant departments to carry out commercial password supervision and inspection according to law, can exercise the following functions and powers:

　　(a) to enter the commercial password activity site to carry out on-site inspection;

　　(two) to the legal representative of the parties, the main person in charge and other relevant personnel to investigate and understand the relevant situation;

　　(3) consulting and copying relevant contracts, bills, account books and other relevant materials.

　　Article 46 The password management department and relevant departments shall promote the connection between the supervision and management of commercial passwords and the social credit system, and establish and implement mechanisms such as credit records of commercial password business entities, credit classification supervision, punishment for dishonesty and credit repair according to law.

　　Forty-seventh commercial password detection and certification institutions and e-government electronic certification service institutions and their staff shall bear the obligation of confidentiality for the state secrets and business secrets they know in commercial password activities.

　　The password management department, relevant departments and their staff shall not require commercial password research, production, sales, service, import and export units and commercial password testing and certification institutions to disclose password-related proprietary information to them, and keep the business secrets and personal privacy they know in performing their duties strictly confidential, and shall not disclose or illegally provide them to others.

　　Forty-eighth password management departments and relevant departments to carry out supervision and management of commercial passwords according to law, the relevant units and personnel should cooperate, and no unit or individual may illegally interfere or obstruct.

　　Forty-ninth any unit or individual has the right to report violations of these regulations to the password management department and relevant departments. The password management department and the relevant departments shall verify and handle the report in time, and keep the informer confidential.

　　Chapter VIII Legal Liability

　　Article 50 Anyone who, in violation of the provisions of these Regulations, conducts commercial password testing activities to the society without authorization, or engages in e-government electronic authentication services without authorization, shall be ordered by the password management department to correct or stop the illegal act, given a warning, and the illegal products and illegal income shall be confiscated; If the illegal income is more than 300,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 300,000 yuan, a fine ranging from 100,000 yuan to 300,000 yuan may be imposed.

　　In violation of the provisions of these regulations, those who engage in commercial password authentication activities without approval shall be punished by the market supervision and management department in conjunction with the password management department in accordance with the provisions of the preceding paragraph.

　　Fifty-first commercial password testing institutions to carry out commercial password testing, one of the following circumstances, the password management department shall order it to correct or stop the illegal behavior, give a warning, confiscate the illegal income; If the illegal income is more than 300,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 300,000 yuan, a fine ranging from 100,000 yuan to 300,000 yuan may be imposed; If the circumstances are serious, the qualification of commercial password testing institutions shall be revoked according to law:

　　(a) beyond the approved scope;

　　(two) there are acts that affect the independence, impartiality and integrity of testing;

　　(3) The test data and results issued are false or inaccurate;

　　(four) refusing to submit or not truthfully submit the implementation;

　　(5) Failing to perform the obligation of confidentiality;

　　(6) Other circumstances in which commercial password detection is carried out in violation of laws, administrative regulations and technical specifications and rules for commercial password detection.

　　Fifty-second commercial password certification institutions to carry out commercial password certification, one of the following circumstances, the market supervision and management department in conjunction with the password management department shall be ordered to correct or stop the illegal behavior, given a warning, confiscate the illegal income; If the illegal income is more than 300,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 300,000 yuan, a fine ranging from 100,000 yuan to 300,000 yuan may be imposed; If the circumstances are serious, the qualification of commercial password certification institutions shall be revoked according to law:

　　(a) beyond the approved scope;

　　(two) there are acts that affect the independence, impartiality and integrity of certification;

　　(3) The certification conclusion issued is false or inaccurate;

　　(4) Failing to conduct effective follow-up investigation on its certified commercial password products, services and management system;

　　(5) Failing to perform the obligation of confidentiality;

　　(six) other cases of commercial password authentication in violation of laws, administrative regulations and technical specifications and rules for commercial password authentication.

　　Article 53 Whoever, in violation of the provisions of Articles 20 and 21 of these Regulations, sells or provides commercial password products that have not been tested and certified or fail to pass the test and certification, or provides commercial password services that have not been tested and certified or fail to pass the certification, shall be ordered by the market supervision and management department in conjunction with the password management department to correct or stop the illegal act, give a warning and confiscate the illegal products and illegal income; If the illegal income is more than 100,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 100,000 yuan, a fine of not less than 30,000 yuan but not more than 100,000 yuan may be imposed.

　　Article 54 If an electronic authentication service institution uses a password in violation of laws, administrative regulations and technical specifications and rules for the use of passwords in electronic authentication services, the password management department shall order it to correct or stop the illegal act, give it a warning and confiscate its illegal income; If the illegal income is more than 300,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 300,000 yuan, a fine ranging from 100,000 yuan to 300,000 yuan may be imposed; If the circumstances are serious, the certificate of using the password for the electronic authentication service shall be revoked according to law.

　　Fifty-fifth e-government electronic certification service institutions to carry out e-government electronic certification services, one of the following circumstances, the password management department shall order it to correct or stop the illegal behavior, give a warning, confiscate the illegal income; If the illegal income is more than 300,000 yuan, a fine of more than 1 time and less than 3 times the illegal income may be imposed; If there is no illegal income or the illegal income is less than 300,000 yuan, a fine ranging from 100,000 yuan to 300,000 yuan may be imposed; If the circumstances are serious, it shall be ordered to suspend business for rectification until the qualification of e-government electronic certification service institution is revoked:

　　(a) beyond the approved scope;

　　(two) refusing to submit or not truthfully submit the implementation;

　　(3) Failing to perform the obligation of confidentiality;

　　(four) other cases of providing e-government electronic authentication services in violation of laws, administrative regulations and technical specifications and rules of e-government electronic authentication services.

　　Article 56 If an electronic signer or an electronic signature relying party suffers losses in government activities due to the electronic signature authentication service provided by the electronic authentication service institution of e-government, and the electronic authentication service institution of e-government cannot prove that it is innocent, it shall be liable for compensation.

　　Article 57 If electronic authentication services such as electronic signature, electronic seal and electronic license involved in government activities violate the provisions of Article 30 of these regulations and are not provided by legally established electronic authentication service institutions for e-government, the password management department shall order them to make corrections and give them a warning; If it refuses to correct or there are other serious circumstances, the password management department shall advise the relevant state organs and units to punish or deal with the directly responsible person in charge and other directly responsible personnel according to law. The relevant state organs and units shall inform the password management department in writing of the punishment or handling.

　　Article 58 Anyone who violates the import and export commercial passwords stipulated in these Regulations shall be punished by the competent department of commerce of the State Council or the customs according to law.

　　Article 59 Anyone who steals others’ encrypted information, illegally intrudes into others’ commercial password protection system, or uses commercial passwords to engage in illegal activities that endanger national security, social public interests, and legitimate rights and interests of others shall be investigated for legal responsibility by the relevant departments in accordance with the Cyber Security Law of the People’s Republic of China and other relevant laws and administrative regulations.

　　Article 60 If an operator of key information infrastructure violates the provisions of Articles 38 and 39 of these Regulations, fails to use commercial passwords as required, or fails to conduct security assessment of commercial password applications as required, the password management department shall order him to make corrections and give him a warning; Those who refuse to correct or have other serious circumstances shall be fined between 100,000 yuan and 1 million yuan, and those directly in charge shall be fined between 10,000 yuan and 100,000 yuan.

　　Article 61 If an operator of key information infrastructure violates the provisions of Article 40 of these regulations and uses network products or services involving commercial passwords that have not been examined or failed in safety examination, the relevant competent department shall order him to stop using them and impose a fine of more than 1 time and less than 10 times the purchase amount; The directly responsible person in charge and other directly responsible personnel shall be fined between 10,000 yuan and 100,000 yuan.

　　Article 62 If a network operator violates the provisions of Article 41 of these regulations and fails to use commercial passwords to protect network security in accordance with the requirements of the national network security level protection system, the password management department shall order it to make corrections and give it a warning; Those who refuse to correct or lead to the consequences of endangering network security shall be fined between 10,000 yuan and 100,000 yuan, and the directly responsible person in charge shall be fined between 5,000 yuan and 50,000 yuan.

　　Article 63 If anyone refuses to accept, cooperate with or interfere with or obstruct the supervision and management of commercial passwords by the password management department and relevant departments without justifiable reasons, the password management department and relevant departments shall order him to make corrections and give him a warning; Refuses to correct or there are other serious circumstances, a fine of 50,000 yuan to 500,000 yuan, and a fine of 10,000 yuan to 100,000 yuan to the directly responsible person in charge and other directly responsible personnel; If the circumstances are particularly serious, it shall be ordered to suspend business for rectification until the commercial password license is revoked.

　　Sixty-fourth state organs have illegal situations listed in Articles 60, 61, 62 and 63 of these Regulations, and the password management department and relevant departments shall order them to make corrections and give them a warning; Refuses to correct or there are other serious circumstances, the password management department and the relevant departments suggest that the relevant state organs give punishment or treatment to the directly responsible person in charge and other directly responsible personnel according to law. The relevant state organs shall inform the password management department and relevant departments in writing of the punishment or handling.

　　Article 65 If the staff of the password management department and relevant departments abuse their powers, neglect their duties, engage in malpractices for selfish ends, or disclose or illegally provide others with business secrets, personal privacy and informer information they know in performing their duties, they shall be punished according to law.

　　Article 66 Anyone who violates the provisions of these Regulations and constitutes a crime shall be investigated for criminal responsibility according to law; If it causes damage to others, it shall bear civil liability according to law.

　　Chapter IX Supplementary Provisions

　　Article 67 These Regulations shall come into force as of July 1, 2023.