Article 29 of the Cryptography Law of People's Republic of China (PRC) determines the institutions that provide electronic authentication services for e-government by using commercial passwords, and is responsible for the management of electronic signatures and data messages in government activities jointly with relevant departments.
Article 30 Trade associations and other organizations in the field of commercial cryptography shall provide information, technology, training and other services for commercial cryptography practitioners in accordance with laws, administrative regulations and their articles of association, guide and urge commercial cryptography practitioners to carry out commercial cryptography activities according to law, strengthen industry self-discipline, promote the construction of industry integrity and promote the healthy development of the industry.
Article 31 The password management department and relevant departments shall establish a post-event supervision system for commercial passwords that combines daily supervision and spot checks, establish a unified information platform for supervision and management of commercial passwords, promote the connection between post-event supervision and social credit system, and strengthen the self-discipline and social supervision of commercial password practitioners.
Password management departments, relevant departments and their staff shall not require commercial password business units and commercial password testing and certification institutions to disclose password-related proprietary information such as source code to them, and strictly keep confidential the business secrets and personal privacy they know in performing their duties, and shall not disclose or illegally provide them to others.