(2023.08.07-ны өдрийн орчуулга)                                                     Unofficial translation

LAW OF MONGOLIA

December 17, 2021                                                                                   Ulaanbaatar city

ON ELECTRONIC SIGNATURES

/Revised edition/

cHApTER ONE

GENERAL PROVISIONS

Article 1.Purpose of the Law

1.1.The purpose of this Law is to determine the legal basis of using electronic signatures by individuals and legal entities in the digital environment, the legal and technical requirements for it, and the operation of the public key.

Article 2.Legislation on the electronic signature

2.1.The legislation on electronic signature shall consist of the Constitution of Mongolia, the Civil Code, the Law on Transparency of Public Information, the Law on the Protection of Personal Information, this Law and other legislative acts issued in conformity with them.

2.2.If an international treaty, to which Mongolia is a party, stipulates otherwise than this Law, then the provisions of the international treaty shall prevail.

Article 3.Scope of the application of the Law

3.1.Relations in connection with the use of electronic signatures in electronic information other than state secrets shall be regulated by this Law.

3.2.Relations in connection with electronic transactions other than those regulated by this Law shall be governed by the Civil Code and other laws.

Article 4.Definition of the terms of the Law

4.1.The following terms used in this Law shall be understood in the following meanings:

4.1.1."certification organization" shall mean a state registration organization, and a legal entity that holds a special permit to engage in activities to issue digital signature certificates;

4.1.2."public key infrastructure" shall mean the system related to creating, organizing, distributing, using, storing, revoking the private and public keys of digital signatures, introducing and using them in electronic communication, and ensuring security thereto;

4.1.3."digital signature" shall mean a digital signature that meets the requirements specified in paragraph 6.2 of this Law;

4.1.4."digital signature certificate" shall mean an electronic document that grants a right to use a digital signature to a person or legal entity uniquely connected to the public key of a digital signature;

4.1.5."digital signature certificate holder" shall mean a person or legal entity who is holding a private key of a digital signature to use the digital signature or a digital seal in accordance with this Law;

4.1.6."public key of a digital signature" shall mean a sequence of characters mathematically related to the private key of a digital signature, used for data confidentiality and verification of a digital signature;

4.1.7."private key of a digital signature" shall mean a unique sequence of characters used to create a digital signature and decrypt data;

4.1.8."digital signature tool" shall mean hardware and software that can create a digital signature using a private key of a digital signature and verify a digital signature using a public key;

4.1.9."electronic document" shall mean a definition specified in sub-paragraph 4.1.9 of the Law on Transparency of Public Information;

4.1.10."electronic signature" shall mean electronic data attached to or combined with the information in order to identify the person who signed the electronic information and/or used the electronic seal.

CHAPTER TWO

USE OF ELECTRONIC SIGNATURES

Article 5.Use of electronic signatures

5.1.Unless otherwise specified by law, electronic signatures shall be applied to electronic information created, sent, received, stored, or accessible in an electronic environment or the information in paper form that was converted into electronic form with the help of the information system.

5.2.No limit shall be set on the number and form of electronic signatures to be used by individuals and legal entities.

5.3.If a legal entity uses a public key infrastructure for its internal operations, it is not necessary to obtain a special permit.

Article 6.Application of digital signature

6.1.The person who reached 16 years old who is holding the private key of the digital signature specified in the certificate of digital signature /hereinafter referred to as "certificate"/ can use the digital signature.  

6.2.The digital signature shall meet the following requirements:

6.2.1.to encrypt and convert information using the private key of digital signature /hereinafter referred to as "private key"/;

6.2.2.to be able to identify and verify the digital signature certificate holder /hereinafter referred to as "certificate holder"/ using the public key of the digital signature /hereinafter referred to as "public key"/;

6.2.3.to be possible to know whether or not the changes have been made to the information or the information is complete after a digital signature has been attached or merged to the information.

6.3.Digital signatures have the same validity as signatures signed on information in paper form.

6.4.A public servant may use a digital signature when holding a public position and exercising his/her rights and duties.

6.5.The digital signature to be issued to a legal entity shall be in the form of an electronic seal.

6.6.Digital signatures can be used to identify and verify individuals and legal entities in the information system.

Article 7.Use of electronic seal

7.1.The electronic seal can be used by the legal entity that is holding the private key specified in the certificate.

7.2.The electronic seal shall be held by the competent person authorized to represent the legal entity without its power of attorney.

7.3.The electronic seal can be used by a person representing a legal entity on the basis of a power of attorney within the scope of the powers granted by the power of attorney.

7.4.The electronic seal shall meet the requirements specified in paragraph 6.2 of this Law.

7.5.If the legal entity does not have an electronic seal, the digital signature of the person specified in paragraphs 7.2 and 7.3 of this Law may be used.

7.6.The electronic seal can be used together with the digital signature of the person specified in paragraphs 7.2 and 7.3 of this Law.

Article 8.Digital signature tool and its requirements

8.1.When creating a digital signature and storing and using a private key, the digital signature tool that meets the following requirements shall be used:

8.1.1.to create conditions to prevent illegal use of private keys;

8.1.2.to ensure its authenticity and security when creating a private key and transmitting a public key.

8.2.The digital signature tool shall be held by the certificate holder.

8.3.The certificate information and private key shall be uploaded to the digital signature tool.

8.4.The identity card can be used as a digital signature device, and the information specified in paragraph 8.3 of this Law shall be stored in its memory.

8.5.There shall be no limit on the types of digital signature tools, and the list of the types of digital signature devices that meet the requirements shall be issued by the state central administrative body in charge of digital development and communication matters and announced to the public.

Article 9.Time registration

9.1.Time records shall be kept for the purpose of establishing digital signature period and data integrity.

9.2.The information system used for digital signature shall be connected to the time registration system.

9.3.The activity of keeping time records shall be independent and external.

9.4.The time registration system shall be connected to the network time server defined by the Communications Regulatory Commission.

9.5.Requirements for keeping time records and ensuring security shall be approved by the state central administrative body in charge of digital development and communication matters.

9.6.The information system used for electronic signature other than the digital signature can be connected to the time registration system.

CHAPTER THREE

CERTIFICATE AND CERTIFICATE HOLDER

Article 10.Certificate

10.1.The digital signature shall have a certificate issued by the certification body.

10.2.The following information shall be included in the certificate:

10.2.1.name of the organization that issued the certificate;

10.2.2.if the holder of the certificate is a person, his or her surname and given name, if he/she is a citizen of Mongolia, his/her citizen's registration number, if he/she is a foreign citizen or stateless person, his/her registration number, if the holder of the certificate is a legal entity, the name and registration number assigned by the legal entity, e-mail address specified in paragraph 23.3 of the Law on Transparency of Public Information;

10.2.3.certificate number, date of certificate issuance;

10.2.4.period of validity of the certificate;

10.2.5.public key related information.

10.3.At the request of the certificate holder, in addition to the provisions specified in paragraph 10.2 of this Law, the certification body may add the following information to the certificate:

/This paragraph was amended by the law as of January 6, 2023/

10.3.1.restrictions on the right to use digital signatures and electronic seals;

10.3.2.restrictions on the value of transactions/contracts using digital signatures and electronic seals.

Article 11.Validity period of the certificate

11.1.Certificates shall be issued for five years to Mongolian citizens and legal entities, and to foreign citizens and stateless persons for the duration of their stay, or for three years if they stay longer than three years.

11.2.The validity period of the certificate shall be calculated from the date of issuance by the certification body specified in the certificate to the expiration date.

Article 12.Price of certificate

12.1.The price of the certificate shall consist of the following prices:

12.1.1.price of digital signatures and electronic seals issued to individuals and legal entities;

12.1.2.price of digital signature tool.

12.2.Paragraph 12.1 of this Law shall not apply to the placement of the digital signature certificate and private key issued to the citizen by the state registration body in the memory of the identity card.

12.3.The price of the digital signature certificate to be issued by the holder of the special permit shall be determined by the special permit holder him/herself in accordance with the method of setting the tariff for certification services established by the Communications Regulatory Commission.

Article 13.Certificate database

13.1.The certification body has a database containing information on issued, suspended, restored, revoked and other certificates.

13.2.The following information shall be included in the database:

13.2.1.if the holder of the certificate is a person, his or her surname and given name, if he/she is a citizen of Mongolia, his/her citizen's registration number, if he/she is a foreign citizen or stateless person, his/her registration number, if the holder of the certificate is a legal entity, the name and registration number assigned by the legal entity, e-mail address specified in paragraph 23.3 of the Law on Transparency of Public Information;

13.2.2.certificate number;

13.2.3.date of certificate issuance;

13.2.4.period of validity of the certificate;

13.2.5.period and grounds for suspension, restoration or revocation of certificates;

13.2.6.others.

Article 14.Certificate holder

14.1.A person or a legal entity who has received a certificate in accordance with the procedure specified in this Law shall be the holder of the certificate.

14.2.The certificate holder shall have the following rights:

14.2.1.to use digital signature and electronic seal;

14.2.2.to submit a request for suspension, restoration, or revocation of the certificate;

14.2.3.to partially deposit oneself private key with the certification body;

14.2.4.to set restrictions specified in paragraph 10.3 of this Law when using digital signatures and electronic seals;

14.2.5.others prescribed by law.

14.3.The certificate holder shall have the following obligations:

14.3.1.not to transfer the private key to others;

14.3.2.to ensure privacy and security of private keys;

14.3.3.to immediately notify the certification body if the private key is known by another person or if there is reason to know;

14.3.4.not to use the private key related to the certificate in case of invalidation of the certificate;

14.3.5.not to use the private key to confirm or keep confidential the information considered illegal;

14.3.6.others prescribed by law.

14.4.The holder of the certificate shall be responsible for the consequences arising from the transfer of the private key to others due to his/her own wrongdoing and the disclosure of the secret of the private key.

CHAPTER FOUR

ISSUANCE, SUSPENSION AND REVOCATION OF CERTIFICATE

Article 15.Submitting a request for holding of certificates by individuals and legal entities

15.1.The request to hold a certificate shall be submitted in writing to the state registration body by the citizens of Mongolia, to the holder of the special permit by the foreign citizens, stateless persons, and legal entities.

15.2.If a citizen of Mongolia would like to hold certificate in order use digital signature in addition to the certificate issued by the Mongolian State Registration Authority, he/she shall submit a request to the special permit holder.

15.3.The following information shall be included in the request:

15.3.1.surname and given name of the applicant, if it is the legal entity, the proper name of the legal entity, as well as the surname and given name of the person representing the respective legal entity;

15.3.2.if the applicant is a citizen of Mongolia, his/her civil registration number, if he/she is a foreign citizen or stateless person, his/her registration number, if the holder of the certificate is a legal entity, the registration number of the respective legal entity, as well as the civil registration number of the person representing the respective legal entity;

15.3.3.the applicant's contact phone number and e-mail address specified in paragraph 23.3 of the Law on Transparency of Public Information;

15.3.4.whether restrictions have been set on the right to use digital signatures and electronic seals;

15.3.5.whether restrictions have been set on the value of transactions/contracts to be made by using digital signatures and electronic seals;

15.3.6.other information required to be included in the certificate.

Article 16.Resolving requests and issuing certificates

16.1.The certification body shall make one of the following decisions within three working days after receiving a request made by a person or a legal entity in accordance with paragraphs 15.1 and 15.2 of this Law:

16.1.1.to issue a certificate if the request is made in accordance with the procedure specified in this Law and the applicant's information is correct;

16.1.2.to return the request if the applicant's information is inconsistent.

16.2.When making the decision specified in paragraph 16.1 of this Law, the certification body shall check whether the information of a person or a legal entity is correct and the document is valid or not by the numbers of an identity card or foreign passport if the applicant is a citizen of Mongolia, registration number if the applicant is a foreign citizen or a stateless person, state registration certificate of the legal entity, and the right of representation of the person representing the legal entity, his/her identity card or an equivalent document if the applicant is a legal entity.

16.3.Upon obtaining a certificate from a special permit holder, a person or legal entity shall pay the price of the certificate in accordance with paragraph 12.1 of this Law.

16.4.The certification body shall explain to the applicant the following information related to the use of digital signatures and electronic seals when issuing certificates:

16.4.1.unless otherwise specified by law, the use of a digital signature shall result in the same legal consequences as a signature on a paper document;

16.4.2.in regards with the technical and other conditions of possession and use of the certificate;

16.4.3.in regards with measures to ensure privacy and security of private keys;

16.4.4.in regards with taking liability for the loss of the private key due to wrongful actions of the certificate holder and disclosure of the secret of the private key.

16.5.The certificate shall be issued to the holder of the certificate along with the instructions for using the digital signature and electronic seal.

16.6.When issuing a certificate, the special permit holder shall enter into a contract with the certificate holder through mutual agreement.

16.7.The information to be included in the contract specified in paragraph 16.6 of this Law shall be approved by the state central administrative body in charge of digital development and communications issues.

16.8.The state central administrative organization in charge of digital development and communication issues shall approve the procedure for regulating relations in connection with issuing, suspending, restoring, and revoking certificates to civil servants by taking into account of the proposal of the Civil Service Council.

Article 17.Suspension and restoration of certificates

17.1.The certification body shall suspend the certificate in the following cases:

17.1.1.the certificate holder submitted a written request to suspend the certificate;

17.1.2.the certification body believes that the information contained in the certificate is incorrect or that the confidentiality of the private key has been lost;

17.1.3.the decision of the competent authority on the suspension of the certificate was made during the process of adjudicating cases and disputes;

17.1.4.legal incapacity was determined by the decision of the competent authority.

17.2.The certification body shall immediately notify the certificate holder of the suspension of the certificate.

17.3.In urgent cases, the certification body shall provide the certificate holder with the opportunity to suspend the certificate in ways other than those specified in sub-paragraph 17.1.1 of this Law, based on the recognition of the certificate holder.

17.4.Upon submission of a request to restore a certificate on the grounds specified in sub-paragraph 17.1.1 of this Law, the certification body shall restore the certificate immediately.

17.5.The certificate holder shall determine the period of suspension of the certificate based on the grounds specified in sub-paragraph 17.1.1 of this Law by him/herself, and the period shall not exceed the period specified in paragraph 11.1 of this Law.

17.6.Upon removal of the grounds for suspension in accordance with sub-paragraphs 17.1.2 and 17.1.3 of this Law, the certification body shall restore the certificate and notify the certificate holder immediately.

Article 18.Revocation of certificate

18.1.The certification body shall revoke the certificate on the following grounds:

18.1.1.the validity period of the certificate has expired;

18.1.2.the certificate holder informed and requested that the private key has been leaked or there is a possibility of it being leaked;

18.1.3.the certificate holder submitted a written request to revoke the certificate;

18.1.4.the death of the certificate holder person, or a certificate holder person is considered dead, or the liquidation of the certificate holder legal entity;

18.1.5.it was determined that fake documents were prepared when obtaining the certificate;

18.1.6.the holder of the certificate has not fulfilled the obligations stipulated in paragraph 14.3 of this Law.

18.2.The fact that the validity period of the certificate has not expired shall not affect the revocation of the certificate.

Article 19.Recognition of foreign certificates

19.1.The certificate issued according to the laws of a foreign country can be used in the same way as the certificate issued according to the procedure specified in this Law if one of the following conditions is met:

19.1.1.there has been a decision of the state central administrative body in charge of digital development and communication issues that the foreign certification organization meets the requirements specified in the law and relevant procedures;

19.1.2.the certificate of the foreign certification organization has been accepted under the international treaty of Mongolia.

CHAPTER FIVE

CERTIFICATION BODY

Article 20.Rights and obligations of the certification body

20.1.The certification body shall have the following rights:

20.1.1.to issue, suspend, restore, and revoke certificates;

20.1.2.to create a certificate at the request of a person or legal entity;

20.1.3.others prescribed by law.

20.2.The certification body shall have the following obligations:

20.2.1.to fully meet technical and safety requirements and carry out operations;

20.2.2.to comply with the legislation of Mongolia, international and national standards;

20.2.3.to create an organization and system for receiving requests for obtaining, suspending, restoring, or revoking certificates from people and legal entities on regular basis;

20.2.4.to check the accuracy of the information mentioned in the request of a person or legal entity;

20.2.5.to maintain records and keep records related to certificates;

20.2.6. to create conditions for constant operation of the fund specified in paragraph 13.1 of this Law;

20.2.7.to continuously exchange information with the national certificate fund and the database of other certification bodies;

20.2.8.to take measures to prevent forgery of certificates and to ensure confidentiality and security of certificates;

20.2.9.to use of digital signature tools included in the list issued by the state central administrative body in charge of digital development and communication issues;

20.2.10.not to disclose the secret of the certificate holder;

20.2.11.to create an opportunity to verify the certificate in accordance with the procedure prescribed by law, to suspend or cancel it, to take measures to prevent and protect the issuance of false certificates;

20.2.12.to explain information related to the use of digital signatures and electronic seals to the certificate holder;

20.2.13.to inform the certificate holder about the suspension, restoration or revocation of the certificate and immediately enter the information into the certificate database;

20.2.14.to upload and regularly update the information specified in paragraph 22.1 of this Law on its website;

20.2.15.others prescribed by law.

20.3.In addition to paragraph 20.2 of this Law, the special permit holder shall have the following obligations:

20.3.1.to timely fulfill the legal requirements set by the state central administrative body in charge of digital development and communications issues, and the state inspector of communications, inform the response thereto, and take measures to eliminate the detected violations;

20.3.2.to provide true and accurate information about registration and control related to certificates as required by the state central administrative body in charge of digital development and communications issues;

20.3.3.in case of changes made in the information specified in the special permit or the documents prepared for obtaining it, to notify the state central administrative body in charge of digital development and communication issues in writing within three working days.

20.4.Unless otherwise provided by law, the certification body shall not be liable to the certificate holder in case the certificate holder damages the certificate, does not accept a valid certificate, or uses a revoked certificate.

Article 21.Registration related to issuing, suspending, restoring, and revoking certificates

21.1.The certification body shall receive the request of the applicant for issuing, suspending, restoring or revoking the certificate, and maintain and keep a record on checking the relevant information in accordance with sub-paragraph 20.2.4 of this Law.

21.2.The special permit holder shall have the structure, organization and human resources to perform the following duties:

21.2.1.to receive requests from people and legal entities, and check the accuracy of information;

21.2.2.to enter information about certificates issued, suspended, restored or revoked in the certificate database, and continuously operate the database;

21.2.3.to perform the duties specified in sub-paragraph 20.2.12 of this Law;

21.2.4.to make information open in accordance with paragraph 22.1 of this Law;

21.2.5.not to copy the applicant's private key.

21.3.On the basis of the contract, the special permit holder may have other persons perform the duties specified in paragraph 21.2 of this Law.

21.4.Violation of the duties, directives, and assignments given by the special permit holder in connection with conducting the registration by the person who received the duties on conducting registration on the basis of the contract according to paragraph 21.3 of this Law shall not the ground to exempt the special permit holder from the obligations and liabilities undertaken by law.

Article 22.Making information open

22.1.The certification body shall upload the following information in a clear manner on its website and in the integrated system of public services and update it regularly:

22.1.1.certificate issuance procedure;

22.1.2.number of the certificate issued, suspended or revoked.

CHAPTER SIX

SPECIAL PERMIT FOR CERTIFICATE ISSUING ACTIVITIES

Article 23.Special permit for certificate issuing activities

23.1.Certificate issuing activities by the person other than the state registration organization shall be carried out with a special permit on engaging in activities to issue a certificate /hereinafter referred to as "special permit"/ issued by the state central administrative body in charge of digital development and communications issues.

23.2.The special permit shall be granted to a company established in accordance with the legislation of Mongolia.

23.3.In case of reorganization of the company through merger, consolidation, division, separation, or transformation, the right to hold a special permit may be transferred to the newly created company, and the transferred company shall undertake the rights and obligations specified in paragraphs 20.1, 20.2, and 20.3 of this Law.

/This paragraph was added by the law as of January 6, 2023/

Article 24.Requirements for special permit applicants

24.1.The special permit applicant shall meet the following requirements:

24.1.1.to have developed and approved certificate issuing procedures;

24.1.2.to fully meet the financial, human resources, technical, technological and information security requirements set by the state central administrative body in charge of electronic development and communication issues.

24.2.When developing the procedures for certificate issuing activities specified in sub-paragraph 24.1.1 of this Law, the requirements for the activities of the certification body and measures to ensure security shall be determined.

Article 25.Documents to be submitted for obtaining a special permit

/This article was modified by the law as of January 6, 2023/

25.1.The special permit applicant shall prepare the following documents and submit a request to the state central administrative body in charge of digital development and communication issues:

25.1.1.a copy of the state registration certificate of the legal entity;

25.1.2.certificate issuing procedure;

25.1.3.reference of the correspondent bank;

25.1.4.certified financial statements with audit conclusions;

25.1.5.report on cyber security risk assessment and information security audit;

25.1.6.report on meeting the requirements of international professional associations and standards organizations;

25.1.7.copy of the permit if another type of permit is held.

Article 26.Issuing a special permit

26.1.The state central administrative body in charge of digital development and communications issues shall review the request specified in Article 25 of this Law and other relevant documents, and make a decision within 17 working days from the date of receipt of the request.

/This paragraph was amended by the law as of January 6, 2023/

26.2.The state central administrative body in charge of digital development and communications issues shall receive the documents specified in paragraph 25.1 of this Law and carry out the following actions:

26.2.1.to register the request and give the registered document to the person who made the request;

26.2.2.to review whether the request and the documents attached to it meet the requirements set forth in the law, and if the requirements are met, notify the applicant of the special permit with respect to issuing it;

26.2.3.to issue a special permit after the applicant for a special permit is insured and submits the relevant documents.

26.3.If the state central administrative body in charge of digital development and communication issues refuses to issue a special permit, it shall state the reasons and notify the response in writing.

26.4.The state central administrative body in charge of digital development and communication issues shall inform the public of the decision on granting a special permit within three working days.

26.5.The minimum amount of insurance assessment specified in sub-paragraph 26.2.3 of this Law shall be determined by the state central administrative body in charge of digital development and communication issues.

26.6.The following information shall be included in the special permit:

26.6.1.the name of the organization that issued the special permit;

26.6.2.name and address of the special permit holder;

26.6.3.type of eligible activity;

26.6.4.period of special permit;

26.6.5.conditions and requirements for activities to be carried out with a special permit;

26.6.6.special permit number, date of issuance;

26.6.7.signature and seal /stamp/ of the competent official of the organization that issued the special permit.

26.7.The state central administrative body in charge of digital development and communication issues shall sign a contract with the holder of a special permit when issuing a special permit.

/This paragraph was added by the law as of January 6, 2023/

26.8.The contract shall reflect the relations in connection with the implementation of the conditions and requirements for the operation of the special permit and the establishment of the rights and obligations of the special permit holder.

/This paragraph was added by the law as of January 6, 2023/

Article 27.Term of special permit and its extension

27.1.The term of the special permit shall be five years.

27.2.Three months before the expiration of the special permit, the special permit holder shall submit a request for extension of the special permit to the state central administrative body in charge of digital development and communication issues along with the proof of payment of the state stamp duty.

27.3.The state central administrative body in charge of digital development and communication issues shall make a decision on whether or not to extend the special permit within five working days after receiving the request specified in paragraph 27.2 of this Law, and notify the holder of the special permit.

27.4.The special permit shall be extended for a period of five years.

27.5.If there is no reason to suspend the special permit specified in paragraph 28.1 of this Law, based on the request of the special permit holder, the period of the special permit shall be extended within three working days, and a corresponding entry shall be made in the special permit register.

27.6.The state central administrative body in charge of digital development and communication issues shall inform the public within three working days after the decision to extend the period of the special permit has been made.

27.7.If the term of the special permit does not extend, the special permit holder shall inform the certificate holder thereto one month before the expiration of the term of the special permit.

Article 28.Suspension and restoration of special permits

28.1.In case of violation of the terms, conditions, and requirements of the special permit, the special permit may be suspended for up to three months based on the opinion of the State Communications Inspector, or in case of two or more tax evasions or tax avoidance, it may be suspended based on the request of the tax authorities.

28.2.In case of suspension according to paragraph 28.1 of this Law, the holder of the special permit shall fulfill the conditions for the use of digital signature by the previously issued certificate holder, and no new certificate shall be issued during the suspension period.

28.3.The state central administrative body in charge of digital development and communication issues shall notify the special permit holder and the relevant tax authority in writing with respect to the decision to suspend the effectiveness of the special permit within three working days.

28.4.The state central administrative body in charge of digital development and communication issues shall restore the special permit if the grounds for the suspension of the special permit is removed.

Article 29.Revocation of special permit

29.1.The state central administrative body in charge of digital development and communication issues shall revoke the special permit on the following grounds:

29.1.1.the holder of the special permit has submitted a request;

29.1.2.the legal entity is liquidated;

29.1.3.it was determined that false documents were prepared when obtaining a special permit;

29.1.4.repeatedly violated the conditions and requirements of the special permit;

/This sub-paragraph was amended by the law as of January 6, 2023/

29.1.5.during the period of suspension of the special permit, the special permit holder did not fulfill the requirements for eliminating violations.

29.2.If the validity period of the special permit has expired and the holder of the special permit has not applied for extension, the special permit shall be considered invalid.

29.3.In case of revocation of the special permit, the holder of the special permit shall transfer the database of certificates created in accordance with Article 13 of this Law to the state central administrative body in charge of digital development and communication issues free of charge.

29.4.The state central administrative body in charge of digital development and communication issues shall transfer the database of certificates handed over in accordance with paragraph 29.3 of this Law to another special permit holder on the basis of a contract.

29.5.Regardless of whether or not the special permit is revoked in accordance with paragraphs 29.1 and 29.2 of this Law, the validity period and conditions of the certificate of the certificate holder shall remain the same, and the actual costs related to this shall be borne by the special permit holder who handed over the certificate database.

29.6.If the holder of a special permit does not agree with the decision to revoke the special permit in accordance with sub-paragraphs 29.1.2, 29.1.3, 29.1.4, and 29.1.5 of this Law, it shall have a right to file a complaint in accordance with the procedures specified in the General Administrative Law or to the court.

Article 30.Prohibited items for the special permit holders

30.1.It shall be prohibited to the special permit holder to transfer the information of the certificate holder to others, except as mentioned below:

30.1.1.the holder of the certificate has agreed in writing to transfer the relevant information to others;

30.1.2.the state central administrative body in charge of digital development and communication issues, and the state communications inspector demanded in connection with the implementation of their functions stipulated by law;

30.1.3.in the process of adjudicating cases and disputes, the competent person requested the certificate holder's information.

CHAPTER SEVEN

STATE REGULATION OF PUBLIC KEY INFRASTRUCTURE

Article 31.Functions of the state central administrative body in charge of digital development and communication issues

31.1.The state central administrative body in charge of digital development and communication issues shall implement the following functions in regards with public key infrastructure:

31.1.1.to develop development policy documents on the use of public key infrastructure and organize its implementation;

31.1.2.to approve procedures in connection with certificate issuing of public keys, creation of a national fund of certificates containing information on issued, suspended, restored and revoked certificates;

31.1.3.to cooperate with foreign countries and international organizations in the field of harmonizing the activities of the national public key infrastructure with the activities of the public key infrastructure of foreign countries;

31.1.4.to determine the requirements for the certificate issuing procedure and to approve the document describing the security control;

31.1.5.to approve requirements for public key infrastructure;

31.1.6.according to Articles 26, 27, 28, and 29 of this Law, to issue, extend, suspend, restore, revoke a special permit, or consider it revoked, and keep records in this regard;

31.1.7.to conduct an inspection at least once a year on the activities of the special permit holder specified in this Law and make a conclusion;

31.1.8.in case of necessity, to have an international external expert examined the activities of the certification body and issued a conclusion;

/This sub-paragraph was amended by the law as of January 6, 2023/

31.1.9. to ensure the coordination and organization of activities for introducing the use of digital signatures in public and private sector services;

31.1.10.to determine the percentage and amount of the special permit holder based on the market capacity and the number of users;

/This sub-paragraph was added by the law as of January 6, 2023/

31.1.11.others prescribed by law.

/The numbering of this sub-paragraph was amended by the law as of January 6, 2023/

Article 32.Functions of the Communications Regulatory Committee

32.1.The Telecommunications Regulatory Committee shall perform the following functions in regards with public key infrastructure:

32.1.1.to develop and approve common rules, procedures and instructions related to the use of public key infrastructure, and monitor their implementation;

32.1.2.to develop public key infrastructure standards;

32.1.3.to approve methodology on the setting tariff for certificate issuing services;

32.1.4.to develop documents defining the requirements and safety controls for certificate issuing procedures, and monitor their implementation;

32.1.5.to approve the procedure for creating, using and storing the certificate database, and monitor its implementation;

32.1.6.to approve procedures related to conducting registration activities in accordance with Article 21 of this Law;

32.1.7.others prescribed by law.

chapter EIHGT

MISCELLANEOUS

Article 33.Liabilities to be imposed on violators of the Law

33.1.If the actions of officials who violate this Law are not in criminal nature, they shall be held liable as provided in the Law on Civil Service.

33.2.Any person or legal entity who violates this Law shall be charged with the liability specified in the Criminal Code or the Law on Violations.

Article 34.Regulations during the transitional period

34.1.The holder of a special permit issuing a certificate before the entry into force date of this Law shall submit a request to renew its special permit in accordance with this Law within six months from the entry into force date of this Law.

34.2.The holder of a special permit shall organize the measures to be complied with this Law the certificates issued to individuals and legal entities in the period prior to the entry into force of this Law within six months after the Law enters into force.

Article 35.Entry into force of the Law

35.1.This Law shall enter into force on May 1, 2022.

THE CHAIRMAN OF STATE GREAT KHURAL OF MONGOLIA ZANDANSHATAR.G