On informatization

Law of the Republic of Kazakhstan dated 24 November 2015 № 418-V.

      Unofficial translation

      This Law regulates public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in creation, development and operation of informatization facilities, as well as with state support for the development of information and communication technologies industry.

SECTION 1. BASICS OF REGULATION OF RELATIONS IN THE FIELD OF INFORMATIZATION Chapter 1. GENERAL PROVISIONS

Article 1. General provisions, used in this Law

      The following basic concepts are used in this Law:

      1) automation - the process of using means of information and communication technologies to optimize the creation, search, collection, storage, processing, receipt, use, transformation, display, distribution and provision of information;

      2) informatization - organizational, socio-economic and scientific and technical process aimed at automating the activities of subjects of informatization;

      3) service model of informatization - implementation of a centralized approach to the informatization of state bodies, based on rendering information and communication services to state bodies by the operator of information and communication infrastructure of "electronic government" with the involvement of owners of information and communication infrastructure and service software products;

      4) objects of informatization - electronic information resources, software and information and communication infrastructure;

      5) owner of objects of informatization - a subject to whom the owner of objects of informatization has provided the rights to own and use objects of informatization in the limits and order determined by law or agreement;

      6) classifier of objects of informatization (hereinafter - classifier) - a systemized list of categories aimed at identification and description of objects of informatization;

      7) information security in the field of informatization (hereinafter - information security) - the condition of protection of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

      8) services in the field of informatization - services for the creation, development and maintenance of information systems, the creation of electronic information resources;

      9) expert council in the field of informatization (hereinafter - expert council) - an interdepartmental commission under an authorized body, which considers issues related to the informatization of the activities of state bodies;

      10) authorized body in the field of informatization (hereinafter - authorized body) - central executive body exercising management and intersectoral coordination in the field of informatization and "electronic government";

      11) subjects of informatization - state bodies, individuals and legal entities exercising activities or entering into legal relations in the field of informatization;

      12) information system - an organizationally ordered set of information and communication technologies, maintenance personnel and technical documentation that implement certain technological activities through information interaction and specific functional tasks designed to solve;

      13) creation of an information system - the implementation of a set of organizational and technical measures aimed at the development, acquisition, implementation of software, the acquisition and (or) property hiring (leasing) of the necessary set of technical means of the information system;

      14) integration of the information systems - measures for the organization and provision of information interaction between two or more information systems on the basis of standard protocols for data transmission used in the Republic of Kazakhstan;

      15) development of the information system - a set of measures for the implementation of additional functional requirements, modernization of the information system introduced into industrial operation in order to optimize its functioning and (or) expand the functionality;

      16) introduction of the information system – conduct a set of measures on introduction in the action an information system that includes the preparation of an automation facility and personnel, commissioning of start-up operations, preliminary and acceptance tests, and experimental operation;

      17) support of the information system - procuring the use of the information system introduced into industrial operation in accordance with its purpose, including measures on conduction of adjustment, modification and elimination software defects, without conduction of modernization and implementation additional functional requirements and providing that its integrity is maintained;

      18) audit of the information system - an independent survey of the information system in order to improve the efficiency of its use;

      19) life cycle of the information system - a set of stages of creation, industrial operation, maintenance, development and termination of the industrial operation of the information system;

      20) industrial operation of the information system - operation of the information system in the regular mode in accordance with the goals, objectives and requirements set out in the technical documentation and normative and technical documentation;

      21) experimental operation of the information system - operation of the information system in the pilot zone, conducted in order to identify and eliminate the deficiencies in the functioning of software of the information system and determine its compliance with the requirements of technical documentation;

      22) attestation of the information system, information and communication platform of "electronic government" and Internet resource of the state body for compliance with information security requirements (hereinafter - attestation) - organizational and technical measures to determine the state of protection of attestation objects, as well as their compliance with information security requirements;

      23) information and communication infrastructure - a set of objects of information and communication infrastructure designed to ensure the functioning of the technological environment in order to form electronic information resources and providing access to them;

      24) critically important objects of the information and communication infrastructure - objects of the information and communication infrastructure, including the information and communication infrastructure of the "electronic government", the violation or termination of functioning which leads to an emergency situation of social and (or) technogenic nature or to significant negative consequences for defense, security, international relations, economy, certain spheres of economy, infrastructure of the Republic of Kazakhstan, or for vital activity of population residing in the respective territory;

      25) objects of information and communication infrastructure - information systems, technological platforms, hardware-software complexes, telecommunication networks, as well as systems for ensuring the uninterrupted operation of technical facilities and information security;

      26) information and communication service - a service or a set of services for property hiring (leasing) and (or) placing of computing resources, providing software, software products, service software products and technical means for use, including communication services, through which functioning of these services are provided;

      27) catalog of information and communication services - a single directory of information and communication services provided to state bodies by the operator of the information and communication infrastructure of "electronic government";

      28) information and communication technologies - a set of methods of working with electronic information resources and methods of information interaction, implemented with the use of hardware and software complex and telecommunication network;

      29) branch of information and communication technologies - a branch of the economy connected with the design, production and sale of software, technical means, domestic electronics and its components, as well as providing information and communication services;

      30) an information security occasion - a state of objects of informatization, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of objects of informatization;

      31) information security incident - separately or serially occurring failures in the operation of the information and communication infrastructure or its individual objects, which threaten their proper functioning and (or) the conditions for illegally obtaining, copying, distributing, modifying, destroying or blocking electronic information resources;

      32) means of information security - software, technical and other means designed and used to ensure the protection of information;

      33) hardware-software complex - a set of software and technical means that are jointly used to solve problems of a certain type;

      34) attestation survey - a complex of organizational and technical measures aimed at studying, analyzing, evaluating the technical documentation of object of attestation, surveying the state of the organization of work to fulfill information security requirements;

      35) open data - public electronic information resources, presented in a machine-readable form and designed for further use, re-publication in an unchanged form;

      36) the Internet portal of open data - a component of web portal of “electronic government” that provides centralized storage of descriptive and reference information on open data;

      37) software - a set of programs, software codes, as well as software products with technical documentation necessary for their operation;

      38) software product - an independent program or part of the software which is a product that regardless of its developers can be used for the intended purposes in accordance with the system requirements established by the technical documentation;

      39) one-time password - a password that is valid only for one session for authentication of subjects of receipt services in electronic form;

      40) domain name - a symbolic (alphanumeric) designation, formed in accordance with the rules of addressing the Internet, corresponding to a specific network address and intended for a named reference to the Internet object;

      41) free software - an open source software for which the copyright holder provides to the user the right in unlimited installation, launching and copying, as well as free using, studying, developing and distributing;

      42) a local network - part of a telecommunication network that has a closed infrastructure to the point of connection to other telecommunication networks and provides information transfer and organization of joint access to network devices in the territorially limited space of the facility (premises, building, structure and its complex);

      43) system maintenance - measures to ensure the uninterrupted functioning of the hardware and software complex and telecommunication networks;

      44) Internet - a worldwide system of integrated networks of telecommunications and computing resources for the transmission of electronic information resources;

      45) a unified gateway to Internet access - a hardware and software complex designed to protect telecommunication networks in accessing the Internet and (or) communication networks that have access to the Internet;

      46) Internet resource - an electronic information resource displayed in text, graphic, audiovisual or other form, placed on the hardware and software complex, having an unique network address and (or) a domain name and functioning on the Internet;

      47) national gateway of the Republic of Kazakhstan - an information system designed to provide interstate information interaction of information systems and electronic information resources of states;

      48) a unified platform of Internet resources of state bodies - a technological platform designed for placing of Internet resources of state agencies;

      49) architecture of the state agency - a description of the current and planned condition of the state agency, including its tasks, functions, organizational structure, electronic information resources, information and communication infrastructure and their interconnection;

      50) state technical service - republican state enterprise on the right of economic management, created by the decision of the Government of the Republic of Kazakhstan;

      51) normative and technical documentation - a set of documents that define common tasks, principles and requirements for the creation and using (operation) of objects of informatization, as well as controlling over their compliance with established requirements in the field of informatization;

      52) the user - a subject of informatization using objects of informatization for execution of specific function and (or) task;

      53) service software product - software product designed for the implementation of information and communication service;

      54) technical support - provide consulting, information technology and other services to support the efficiency of licensed software;

      55) technical documentation - a set of documentation for the information system, information and communication platform of "electronic government" and software product, including a service software product that includes technical task, task for design, operational and other documentation;

      56) digital literacy - the knowledge and ability of a person to use information and communication technologies in daily and professional activities;

      57) electronic information resources - information provided in electronic-digital form and contained on an electronic medium, Internet resource and (or) in the information system;

      58) "electronic akimat" - a system of information interaction of local executive bodies with state bodies, individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form that is part of "electronic government";

      59) standard architecture of "electronic akimat" – a description of standard components and requirements for the implementation of functions and services, organizational structure, information flows, information and communication infrastructure of local executive bodies, taking into account the system of administrative and territorial structure of the Republic of Kazakhstan;

      60) electronic media - a material media designed for storage of information in electronic form, as well as recording or its reproduction through technical means;

      61) subject of receiving the services in electronic form – an individual or legal entity who applied for a state or another service in electronic form;

      62) subject of rendering services in electronic form - an individual or legal entity rendering a state or another service in electronic form;

      63) "electronic government" - a system of information interaction of state bodies among themselves and with individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form;

      64) objects of informatization of "electronic government" - state electronic information resources, software of state agencies and information and communication infrastructure of "electronic government", including non-state information systems integrated with information systems of state agencies or designed for the formation of state electronic information resources;

      65) a monitoring system of ensuring the information security for objects of informatization of “electronic government” (hereinafter - a monitoring system of ensuring the information security) - organizational and technical measures aimed at conducting monitoring of safe use of information and communication technologies, including monitoring of information security events and responding to information security incidents;

      66) information and communication infrastructure of "electronic government" - information and communication infrastructure that ensures the functioning of "electronic government";

      67) operator of the information and communication infrastructure of "electronic government" (hereinafter - operator) - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the functioning of the information and communication infrastructure of "electronic government" assigned to it;

      68) information and communication platform of "electronic government" - a technological platform designed to implement the service model of informatization;

      69) architecture of "electronic government" - a description of the objects of informatization of "electronic government", as well as a set of normative and technical requirements used to manage and coordinate the processes of creation and development of objects of informatization of "electronic government";

      70) the user's cabinet on the web portal of "electronic government" - a component of the web portal of "electronic government", designed for official information interaction of individuals and legal entities with state agencies on the issues of provision of services in electronic form, the issues of appeal to subjects considering the appeals of these individuals, as well as the use of personal data;

      71) service integrator of "electronic government" - a legal entity determined by the Government of the Republic of Kazakhstan, which is responsible for functions on methodological support of the development of architecture of "electronic government" and the standard architecture of "electronic akimat", as well as other functions provided by this Law;

      72) a unified gateway of electronic mail of "electronic government" - a hardware and software complex that provides protection of electronic mail of "electronic government" in accordance with information security requirements.

Article 2. Legislation of the Republic of Kazakhstan on informatization

      1. Legislation of the Republic of Kazakhstan on informatization is based on the Constitution of the Republic of Kazakhstan, consists of this Law and other normative legal acts of the Republic of Kazakhstan.

      2. If an international treaty ratified by the Republic of Kazakhstan establishes other rules than those contained in this Law, the rules of the international treaty are applied.

Article 3. Aims and principles of state regulation of public relations in the field of informatization

      1. The aims of state regulation of public relations in the field of informatization are formation and maintenance of the development of information and communication infrastructure, creation of conditions for the development of local content in the production of goods, works and services in the information and communication technologies industry for information support of the social and economic development and competitiveness of the Republic of Kazakhstan.

      2. State regulation of public relations in the field of informatization is based on the following principles:

      1) legality;

      2) observance of rights, freedoms and legal interests of individuals, as well as the rights and legal interests of legal entities;

      3) equality of rights of individuals and legal entities to participate in activities in the field of informatization and the use of its results;

      4) ensuring free access to electronic information resources containing information on the activities of state bodies (presumption of openness), and their compulsory provision, except electronic information resources access to which is restricted in accordance with the laws of the Republic of Kazakhstan;

      5) timeliness of the provision, objectivity, completeness and reliability of electronic information resources in respect of which the laws of the Republic of Kazakhstan establish the mandatory nature of their public distribution or provision by state bodies;

      6) freedom to search, form and transmit any electronic information resources, access to which is not restricted in accordance with the laws of the Republic of Kazakhstan;

      7) ensuring the security of the individual, society and state in the application of information and communication technologies;

      8) creation of conditions for development of the industry of information and communication technologies and conscientious competition;

      9) ensuring centralized management of objects of “electronic government” informatization;

      10) implementation of activities on informatization in the territory of the Republic of Kazakhstan on the basis of unified standards that ensure the reliability and manageability of informatization objects.


Article 4. Scope of action of this Law

      1. A scope of action of this Law is public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in the creation, development, maintenance, operation of informatization objects, as well as in state support for development of the industry of information and communication technologies.

      2. The act of this Law does not apply to:

      1) content and ways of distribution of information;

      2) relations arising from the implementation of work on the creation or development of Internet resources, information systems that are not integrated with the objects of information and communication infrastructure of “electronic government”, as well as when purchasing goods, works and services in the field of informatization by the National Bank of the Republic of Kazakhstan and organizations within its structure.

Chapter 2. STATE ADMINISTRATION IN THE FIELD OF INFORMATIZATION

Article 5. The main tasks of state administration in the field of informatization

      The main tasks of state administration in the field of informatization are:

      1) formation and development of information society;

      2) ensuring the implementation and support of administrative reform of state bodies;

      3) development of "electronic government" and "electronic akimat";

      4) increase digital literacy;

      5) ensuring participants of the educational process with conditions for access to electronic information resources of electronic learning;

      6) ensuring conditions for the development and introduction of modern information and communication technologies in production processes;

      7) assistance in the formation and development of the domestic industry of information and communication technologies;

      8) formation and implementation of a unified scientific, technical, industrial-innovative policy in the field of informatization;

      9) formation, development and protection of state electronic information resources, information systems and telecommunication networks, ensuring their interaction in a unified information space;

      10) monitoring of ensuring information security of state bodies, individuals and legal entities;

      11) prevention and prompt response to incidents of information security, including in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation;

      12) creation of conditions for attracting investments in the industry of information and communication technologies on a systemic basis;

      13) improvement of the legislation of the Republic of Kazakhstan in the field of informatization;

      14) participation in international cooperation in the field of informatization;

      15) creation of conditions for international information exchange and access to information.

Article 6. Competence of the Government of the Republic of Kazakhstan in the field of informatization

      Government of the Republic of Kazakhstan in the field of informatization:

      1) develops the main directions of state policy in the field of informatization and organizes their implementation;

      2) defines the national institute of development in the field of information and communication technologies, service integrator of "electronic government", operator;

      3) approves unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the list of critically important objects of the information and communication infrastructure, as well as the rules and criteria for classifying objects of the information and communication infrastructure as critically important objects of the information and communication infrastructure;

      5) approves the rules for conduction the attestation of information system, information and communication platform of "electronic government", Internet resource of the state body for compliance with information security requirements;

      6) approves the list of personal data of individuals included in part of state electronic information resources;

      7) executes other functions entrusted to it by the Constitution of the Republic of Kazakhstan, this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

Article 7. Competence of the authorized body

      Authorized body:

      1) provides implementation of state policy in the field of informatization;

      2) approves the composition and position on the activities of expert council;

      3) develops unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the rules for implementation of the service model of informatization;

      5) approves the list of Internet resources of state agencies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      6) approves the rules for formation of a list of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      7) approves the rules for issuing conclusions on the compliance of hardware and software complex with technical requirements for inclusion in state register of cash control registers;

      8) develops the list of critically important objects of information and communication infrastructure, as well as rules and criteria for classifying objects of information and communication infrastructure as critically important objects of information and communication infrastructure;

      9) develops the rules for conducting attestation of information system, information and communication platform of "electronic government", Internet resource of state body for compliance with information security requirements;

      10) approves the requirements for development of the architecture of "electronic government";

      11) approves the rules for classification of objects of informatization and the classifier of objects of informatization;

      12) approves the rules of information interaction of information system for monitoring the provision of state services with information systems;

      13) approves the rules for integration of the gateway of "electronic government", payment gateway of "electronic government" with information systems;

      14) approves the list of information systems and electronic information resources that carry out interstate information interaction through the national gateway of the Republic of Kazakhstan;

      15) approves the rules for informational content of Internet resources of state bodies and requirements for their content;

      16) approves the method and rules for conducting tests of the service software product, information and communication platform of "electronic government", Internet resource of state body and information system for compliance with information security requirements;

      17) approves the rules for developing, supporting the implementation and development of the architecture of state bodies;

      18) approves the standard architecture of "electronic akimat" upon agreement with authorized body on state planning;

      19) approves the rules for conducting expertise in the field of informatization of investment proposals, technical and economic justifications and financial and economic justifications for budget investments;

      20) approves the rules for drafting and reviewing technical tasks for the creation or development of information systems of state bodies;

      21) approves the instruction on drafting, presenting and reviewing the calculation of expenses for public procurement of goods, works, services in the field of informatization in agreement with the authorized agency on state planning;

      22) approves the rules for conducting audit of information systems;

      23) approves the method of calculation and standards of expenses for the creation, development and maintenance of information systems of state bodies;

      24) approves the method of calculation of the cost of information and communication services for state bodies;

      25) approves the method for assessing the effectiveness of activities of state bodies on the use of information and communication technologies;

      26) approves the method for conducting an attestation survey of information system, information and communication platform of "electronic government", Internet resource of state body for compliance with information security requirements;

      27) approves the checklists, risk assessment criteria, semi-annual audit schedules in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      28) approves the criteria for attributing electronic information resources to open data posted by state bodies on the Internet portal of open data, as well as the procedure and format for their provision;

      29) approves the catalog of information and communication services;

      30) approves the rules for registering information systems of state bodies, recording information about the objects of informatization of "electronic government" and placing electronic copies of technical documentation of the objects of informatization of "electronic government";

      31) approves the rules for recording and storage of developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies;

      32) approves the rules for conduction the monitoring of provision information security, protection and safe operation of the objects of informatization of "electronic government";

      33) approves the design task for creation or development of a service software product for state bodies, developed by the service integrator of "electronic government";

      34) develops and approves normative legal acts in the field of informatization;

      35) issues an industry conclusion on the concept of the project of state-private partnership in the field of informatization;

      36) executes activities to improve the system of attracting investments and incentive mechanisms for the development and implementation of investment projects in the field of informatization;

      37) creates conditions for the development of information and communication technologies industry;

      38) develops proposals on improving the legislation of the Republic of Kazakhstan in the field of informatization;

      39) assists owners, holders and users of the objects of informatization in the issues of safe use of information and communication technologies, including prevention of illegal actions to obtain, copy, distribute, modify, destroy or block electronic information resources;

      40) executes coordination of development of the architecture of state bodies;

      41) executes monitoring of implementation of the architecture of state bodies;

      42) executes monitoring of implementation of unified requirements in the field of information and communication technologies and ensuring information security;

      43) executes interdepartmental coordination on the issues of functioning of a unified access gateway to the Internet;

      44) executes intersectoral coordination on the issues of monitoring of ensuring information security, protection and secure functioning of the objects of informatization of "electronic government", segment of the Internet in Kazakhstan, as well as information systems related to critically important objects of information and communication infrastructure, response to incidents of information security with the implementation of joint measures to ensure information security in the manner established by the legislation of the Republic of Kazakhstan;

      45) executes coordination of activities on development of information protection ways in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies;

      46) executes coordination of activities on the management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, the introduction of an emergency or military situation;

      47) participates in introduction to industrial operation of information systems of state bodies;

      48) issues a conclusion in the field of informatization for investment proposals, technical and economic justifications and financial and economic justifications for budget investments;

      49) reviews and issues conclusions to the expert council on the calculations of expenses submitted by administrators of budget programs for state procurement of goods, works and services in the field of informatization;

      50) coordinates technical tasks for the creation or development of information systems of state bodies;

      51) conducts attestation;

      52) organizes the registration of information systems of state bodies, recording of information about the objects of informatization of "electronic government" and placing of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      53) organizes recording and storage of the developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies;

      54) approves the list of information systems (or parts thereof) subject to multiple use as standard solutions in the creation or development of information systems of state bodies;

      55) executes development of a unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government";

      56) defines the administrator and the registry of domain names, approves the rules for registration, use and distribution of domain names in the space of segment of the Internet in Kazakhstan;

      57) participates in works on standardization and confirmation of compliance in the field of informatization;

      58) executes international cooperation in the field of informatization;

      59) executes state control in the field of informatization;

      60) approves the rules for registering and connecting the subscriber number of the subscriber provided by the mobile operator to the account of the web portal of "electronic government" for receiving state and other services in electronic form through the subscriber device of the mobile network;

      61) approves the list of state and other services in electronic form provided through the web portal of "electronic government" and the subscriber device of the mobile network;

      62) approves the rules for the classification of state services in electronic form for determining the method of authentication of a service recipient;

      63) approves the mandatory requisites of the results of rendering state and other services in electronic form received through the subscriber device of the mobile network, as well as the procedure for verifying their reliability;

      64) executes other authority provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

Article 8. Expert council

      1. Expert council is headed by the head of authorized body and includes officials - heads of state bodies responsible for informatization of the activities of state body, representatives of authorized body, service integrator of "electronic government" and other organizations in the field of informatization by agreement with specified bodies and organizations.

      2. Expert council executes its activities on an ongoing basis.

      3. Expert council:

      1) develops recommendations and proposals on the issues in the field of informatization;

      2) reviews and coordinates projects of architecture of state bodies;

      3) hears the report of the service integrator of "electronic government" on the progress of works on the implementation of architecture of state bodies;

      4) reviews the calculations of expenses submitted by administrators of budget programs for state procurement of goods, works, services in the field of informatization and makes proposals;

      5) executes other authority provided by this Law and the regulation on expert council.

Article 9. Competence of central executive agencies and state agencies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization

      Central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure observation of the requirements for the development of architecture of "electronic government";

      3) create and develop state electronic information resources and information systems of state bodies;

      4) execute filling, ensure the reliability and relevance of electronic information resources;

      5) approve the architecture of state agency in agreement with expert council, ensure its actualization, as well as create the necessary conditions for its implementation;

      6) participate in the development of "electronic government";

      7) provide access to local executive bodies within their competence to information systems of state bodies under the authority of state body;

      8) place open data in Kazakh and Russian on the Internet portal of open data;

      9) provide registration of information systems of state body, record information about the objects of informatization of state body, place electronic copies of technical documentation of objects of informatization of state body, as well as actualization of information on the objects of informatization of state body on the architectural portal of "electronic government";

      10) provide a transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for the licensed software of information systems of state bodies;

      11) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      12) execute the use of standard solutions in the creation or development of information systems;

      13) place publicly available information on the plans and results of the formation of state electronic information resources, the creation of information systems and the development of information systems of state bodies on their Internet resources;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on Internet portal of open data in agreement with the authorized bodies;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) establish the requirements for the level of digital literacy of specialists in relevant fields of activity in developing and approving professional standards;

      18) execute other authority provided for by this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Competence of central executive bodies is also determined by acts of the Government of the Republic of Kazakhstan.


Article 10. Competence of local executive agencies in the field of informatization

      Local executive bodies:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure observance of the requirements for the development of architecture of "electronic government" and the introduction of standard architecture of "electronic akimat" taking into account the directions of activities of local executive body;

      3) create and develop state electronic information resources and information systems of state bodies;

      4) provide filling, ensure the reliability and relevance of electronic information resources of local executive bodies;

      5) local executive bodies of regions, cities of republican meaning, the capital on the basis of standard architecture of "electronic akimat" approve the architecture of state body in agreement with authorized body on state planning and expert council and ensure its implementation;

      6) provide registration of information systems of state body, record information about the objects of informatization of state body, place electronic copies of technical documentation of the objects of informatization of state body, as well as actualization of information on the objects of informatization of state body on the architectural portal of "electronic government";

      7) place publicly available information on the plans and results of the formation of state electronic information resources, the creation of information systems and the development of information systems of state agencies on their Internet resources;

      8) provide a transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for the licensed software of information systems of state bodies;

      9) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      10) execute the use of standard solutions in the creation or development of information systems;

      11) organize public access points for individuals and legal entities to state electronic information resources and information systems of state bodies, including by allocating uninhabited premises for the organization of this access;

      12) create conditions for increasing digital literacy;

      13) place open data in Kazakh and Russian on the Internet portal of open data;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on the Internet portal of open data in agreement with authorized agency;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) execute in the interests of local state administration other authority entrusted in local executive bodies by the legislation of the Republic of Kazakhstan.

Article 11. National institute of development in the field of information and communication technologies

      1. National institute of development in the field of information and communication technologies is determined by the Government of the Republic of Kazakhstan with the aim of creating favorable conditions for increasing the competitiveness of the industry of information and communication technologies and stimulating industrial and innovative activities in the field of information and communication technologies.

      2. National institute of development in the field of information and communication technologies:

      1) executes implementation of measures of state support for development of the industry of information and communication technologies;

      2) provides information and analytical and advisory services in the field of information and communication technologies;

      3) executes investments in industrial-innovative projects in the field of information and communication technologies by participating in authorized capitals of subjects of industrial-innovative activity, creation of legal entities, including foreign participation, and by other means provided by the legislation of the Republic of Kazakhstan;

      4) cooperates with international organizations and foreign legal entities in order to attract information, educational, financial and other resources to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan;

      5) provides subject of informatization with access to information on implemented industrial-innovative projects in the field of information and communication technologies;

      6) issues expert conclusions and (or) recommendations to the authorized body and state bodies in the field of information and communication technologies at no charge;

      7) executes collection of information and analysis of effectiveness of measures of state support for development of the industry of information and communication technologies;

      8) renders assistance in the development of investment funds for risky investment;

      9) executes the analysis of development of the industry of information and communication technologies;

      10) renders assistance in the development of local content in the industry of information and communication technologies;

      11) develops normative documentation on standardization in the field of information and communication technologies;

      12) submits proposals to the authorized body on the formation of state educational order for the training, increasing qualification and retraining of specialists in the field of information and communication technologies in the organizations of technical, professional and higher education, as well as proposals for standard educational plans and standard educational programs in the field of information and communication technologies;

      13) issues an expert conclusion for the provision of innovative grants in the field of information and communication technologies.

Article 12. Service integrator of "electronic government"

      Service integrator of "electronic government":

      1) participates in the implementation of state policy in the field of informatization and the introduction of service model of informatization;

      2) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      3) provides methodological support for development of the architecture of "electronic government";

      4) develops a standard architecture of "electronic akimat";

      5) develops, accompanies the implementation and develops the architecture of state bodies, as well as executes necessary measures for this measure;

      6) reports to the expert council on the progress of work on implementation of the architecture of state bodies;

      7) informs the operator and potential suppliers (contractors) about the needs of state bodies in goods, works, services related to the automation of state functions and state services within the implementation of the service model of informatization;

      8) develops a task for designing the creation or development of a service software product, except service software products created or developed through state-private partnership projects in the field of informatization;

      9) organizes the creation, testing and development of service software products for the implementation of information and communication services provided by the operator to state bodies;

      10) conducts in the field of informatization an expertise of the investment proposal, technical and economic justification and financial and economic justification for budget investments, including a technical task for the creation or development of information systems of state bodies for compliance with the requirements for development of the architecture of "electronic government", approved architecture of state body, standard architecture of "electronic akimat" and for availability of opportunity of the use of information systems of state bodies specified in the list of information systems (or their parts), which are subject to multiple use as standard solutions in creating or developing information systems of state bodies;

      11) conducts in state bodies an assessment of the level of readiness of processes for managing the architecture of a state body in accordance with the rules for development, maintenance of the implementation and development of the architecture of state bodies;

      12) conducts an assessment of the effectiveness of activities of state bodies on the use of information and communication technologies and assessment of the quality of rendering state services in electronic form;

      13) forms and conducts the classifier;

      14) executes the management of projects on creation and development of the objects of informatization of "electronic government";

      15) provides consulting and practical assistance to state bodies in the creation and development of the objects of informatization of "electronic government";

      16) executes registration of information systems of state bodies, recording of information about objects of informatization of "electronic government" and storage of electronic copies of technical documentation of objects of informatization of "electronic government" on the architectural portal of "electronic government";

      17) executes recording and storage of the developed software, initial program codes (if any) and a set of settings of the licensed software of information systems of state bodies;

      18) gives a conclusion on the possibility of using standard solutions in creating or developing information systems of state bodies;

      19) forms and conducts a catalog of information and communication services;

      20) organizes the integration of information systems of state bodies and the national gateway of the Republic of Kazakhstan;

      21) executes the management of project on development of the national gateway of the Republic of Kazakhstan;

      22) makes proposals for the development of information and communication technologies to the national institute of development in the field of information and communication technologies.

Article 13. Operator

      Operator:

      1) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) executes system-technical service and maintenance of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government" in accordance with the list approved by the authorized body;

      3) has the right to attract objects of information and communication infrastructure of other individuals for the development of own information and communication infrastructure;

      4) provides information and communication services to state bodies on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services;

      5) ensures the security of storage of state electronic information resources placed on the information and communication infrastructure of "electronic government" assigned to the operator;

      6) ensures the safety of storage of state electronic information resources in the provision of information and communication services;

      7) provides prompt response to identified defects in the provision of information and communication services, as well as state services in electronic form and taking measures to eliminate them;

      8) provides at no charge basis upon the request of service integrator of "electronic government" an information and communication infrastructure for the development and testing of service software products by potential suppliers;

      9) executes integration and connection of local (except local networks with access to the Internet), departmental and corporate telecommunication networks of state bodies to the information and communication infrastructure of "electronic government";

      10) provides services for the transfer of data to state bodies, their subordinate organizations, local self-government bodies, as well as other subjects of informatization defined by the authorized body and connected to a unified transport environment of state bodies for the operation of their electronic information resources and information systems;

      11) executes the creation and development of the information and communication platform of "electronic government" and a unified transport environment of state bodies;

      12) executes maintenance and system-technical service of the national gateway of the Republic of Kazakhstan;

      13) executes the information content of the web portal of "electronic government".

Article 14. State technical service

      1. State technical service executes the following types of activities in the field of informatization referred to state monopoly:

      1) conducts an attestation survey of the information system, information and communication platform "electronic government" and the Internet resource of state body for their compliance with information security requirements;

      2) executes monitoring of the provision of protection for the objects of informatization of "electronic government";

      3) executes monitoring of the provision of secure operation of the objects of informatization of "electronic government";

      4) executes monitoring of the Internet resources of state bodies for their safe use and response to information security incidents;

      5) executes monitoring of permanence of conditions for the functioning and functionality of the objects of informatization of "electronic government" in accordance with information security requirements;

      6) executes maintenance of a unified access gateway to the Internet and a unified electronic mail gateway of "electronic government";

      7) conducts tests of the service software product, information and communication platform of "electronic government", Internet resource and information system of state body, information system related to critically important objects of information and communication infrastructure, non-state information system integrated with the information system of state body or intended for formation of state electronic information resources, for compliance with information security requirements;

      8) executes coordination of the task for designing on creation or development of the service software product in the part of compliance with information security requirements;

      9) executes monitoring of the provision of information security of the objects of informatization of "electronic government" through the monitoring system of ensuring information security;

      10) conducts an expertise of the investment proposal, technical and economic justification of the budget investment project and technical assignment aimed at creating or developing information systems of state bodies for compliance with information security requirements;

      11) executes organizational and technical maintenance of the monitoring system of ensuring information security;

      12) executes monitoring of the fault tolerance of domain name servers serving top-level domain names of Kazakhstan;

      13) accompanies development of plans for addressing and numbering telecommunication networks of telecom operators executing activities in the territory of the Republic of Kazakhstan;

      14) executes work on the development of information security means in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies.

      2. Prices for goods (works, services) produced and (or) sold by a state monopoly subject are established by the authorized body in agreement with the antimonopoly authority.

Article 15. Single contact center

      Single contact center:

      1) executes round-the-clock advisory support of individuals and legal entities on the issues of provision of state and other services;

      2) executes round-the-clock advisory support of state bodies on the issues of information and communication services rendered to them;

      3) executes round-the-clock advisory support of individuals and legal entities, state bodies on the issues of "electronic government";

      4) sends requests to the operator, state bodies and other organizations to provide explanations on the issues that arose with the recipient of information and communication, state and other services;

      5) on a systematic basis sends information to the operator, state bodies and other organizations on the received appeals of individuals and legal entities.

Chapter 3. RIGHTS AND DUTIES OF SUBJECTS OF INFORMATIZATION

Article 16. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) transfer objects of informatization for rent, trust administration, economic management or operational management and otherwise dispose of them;

      2) establish within its competence the regime and rules of processing, protection and access to electronic information resources;

      3) establish within its competence the regime and rules of protection and access to the objects of information and communication infrastructure;

      4) determine the conditions for disposal of electronic information resources in storing, copying and distributing them;

      5) determine the conditions for owning and using the objects of information and communication infrastructure.

      2. The owner of objects of informatization is obliged to:

      1) take measures to protect objects of informatization;

      2) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other legislative acts of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of the information system has the rights to own, use and dispose of the information system entirely as a property complex.

      4. The owner of the information system has the right, unless otherwise established by the laws of the Republic of Kazakhstan or the owner of electronic information resources, to prohibit or restrict the movement and distribution of electronic information resources contained in this information system.

      5. In case if the owner of the information system is not owner of the electronic information resources located in this information system, as well as the owner of the information and communication infrastructure used for this information system, the operating procedure of the information system and access to electronic information resources and information and communication infrastructure is determined by agreement between the owners.

      6. The owner of the object of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

Article 17. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) own and use objects of informatization on terms determined by the owner;

      2) determine the conditions for access and use of electronic information resources, objects of information and communication infrastructure by third parties in accordance with subparagraph 1) of this paragraph;

      3) determine the processing conditions of electronic information resources in the information system.

      2. The owner of objects of informatization is obliged to:

      1) observe the rights and lawful interests of the owner of objects of informatization and third parties;

      2) execute measures to protect objects of informatization;

      3) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other laws of the Republic of Kazakhstan;

      4) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of objects of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

Article 18. Rights and duties of the user

      1. The user has the right to:

      1) receive, use, distribute, transmit, provide to third parties electronic information resources including public data, use the information system on the terms determined by the legislation of the Republic of Kazakhstan, the owner or holder of electronic information resources, information system;

      2) familiarize with own personal data containing in electronic information resources, information system if other is not established by laws of the Republic of Kazakhstan.

      2. The user is obliged to:

      1) observe the rights and lawful interests of the owner or holder of electronic information resources, information system and third parties;

      2) ensure protection of electronic information resources, information system in accordance with this Law and the legislation of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

Article 19. Types of services provided in electronic form

      1. By the degree of automation, the services provided in electronic form are:

      1) fully automated;

      2) partially automated.

      Fully automated is a service that excludes a paper document circulation in the process of its provision.

      Partially automated service is an electronic service that contains a sequence of paper and electronic document circulation in the process of its provision.

      2. By the way of provision the service in electronic form are:

      1) informative;

      2) interactive;

      3) transactional;

      4) composite.

      Informative service provided in electronic form is the service for providing the user with electronic information resources.

      Interactive service provided in electronic form is the service for providing the user with electronic information resources, upon his request or agreement of parties requiring mutual exchange of information. Certification through an electronic digital signature may be required to provide an interactive service.

      Transactional service provided in electronic form is a service for providing the user with electronic information resources requiring mutual exchange of information and related to the implementation of payments in electronic form. Certification through an electronic digital signature may be required to provide a transactional service.

      Composite service provided in electronic form is a set of interrelated services, for the provision of which a request of the subject of receiving the service in electronic form is enough.

      3. By the nature of compensation for provision of services, provided in electronic form, are:

      1) refundable;

      2) non-refundable.

      Refundable is a service providing the payment of compensation to the subject of providing service in electronic form.

      Non-refundable is a service provided without payment of compensation to the subject of providing service in electronic form.

Article 20. Submission of information in provision of services in electronic form

      1. In provision of services in electronic form, subjects of providing services in electronic form:

      1) receive information in electronic form on the payments of service recipients from the payment gateway of "electronic government" as reliable;

      2) transmit information in electronic form on the existence of debts of individuals and legal entities to the payment gateway of "electronic government".

      2. Banks of the second level and organizations implementing certain types of banking operations, on the request of the subject of providing services in electronic form and the subject of receiving services in electronic form, submit the following information in electronic form on:

      1) belonging of the bank account to the person specified in the request and the existence of a pledge agreement of movable and immovable property - in the provision of state services in electronic form;

      2) amount of money, date of making payment, sender of money and beneficiary - in making payments by individuals and legal entities for services provided in electronic form.

SECTION 2. INFORMATION AND COMMUNICATION INFRASTRUCTURE Chapter 4. "ELECTRONIC GOVERNMENT"

Article 21. The operation of "electronic government"

      1. The aims of the operation of "electronic government" are:

      1) ensure accessibility, quality and efficiency of the provision of state services in electronic form, as well as interaction of individuals and legal entities with state bodies;

      2) increase publicity in the activities of state bodies, ensure accessibility of information, public control and public participation in solving issues of state administration at all levels;

      3) ensure the implementation and support of administrative reform of state administration;

      4) optimization of the activities of state agencies through the use of information and communication technologies;

      5) reduction (exclusion) of the use of documents on paper medium and the requirements for their submission.

      2. In the operation of "electronic government" is provided:

      1) access of individuals and legal entities to publicly available information on the activities of state bodies;

      2) access of state bodies to information contained in information systems of state bodies;

      3) automation of activities of state bodies;

      4) use of electronic document circulation in the activities of state bodies, including in execution of state functions and provision of state services in electronic form;

      5) exclusion of duplication in the collection, accumulation and storage of state electronic information resources;

      6) information security and protection of objects of informatization of "electronic government".

Article 22. Architecture of "electronic government"

      1. Development of the architecture of "electronic government" is executed in accordance with the requirements for development of the architecture of "electronic government", as well as unified requirements in the field of information and communication technologies and ensuring information security.

      2. Requirements for development of the architecture of "electronic government" are determined in accordance with the strategic and program documents of state bodies.

Article 23. Architecture of state agency

      1. The service integrator of "electronic government" designs and develops the architecture of state bodies.

      The architecture of state body for central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan is developed in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies, requirements for development of the architecture of "electronic government", as well as on the basis of aims and objectives of state body.

      The service integrator of "electronic government" develops the architecture of state agency for local executive bodies in accordance with the standard architecture of "electronic akimat", the rules for development, maintenance of implementation and development of the architecture of state bodies and requirements for development of the architecture of "electronic government", as well as on the basis of aims and objectives of state body.

      2. Introducing amendments to the architecture of state body is executed in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies.

      3. State bodies are obliged to take measures on development of strategic indicators of the effectiveness of application of information and communication technologies, taking into account the following requirements:

      1) contribution of information and communication technologies to the implementation of aims and objectives of state body;

      2) optimization and automation of state functions and provision of state services resulting from their implementation;

      3) implementation of electronic information interaction with other subjects of informatization on the issues within the competence of state body;

      4) quality of the provision of state services in electronic form and satisfaction of the service recipients.

      4. State body provides record, description, classification and actualization of falling within its competence tasks and indicators of efficiency of activities, functions and services, documents, data and electronic information resources, information systems and information and communication infrastructure on the architectural portal of "electronic government".

      5. State bodies provide an appropriate level of automation of the subordinate organizations, which is necessary for conducting information interaction and providing state services in electronic form.

      6. State bodies, in case of receiving a request from the service integrator of "electronic government" for conducting integration of information systems of state bodies with objects of the information and communication infrastructure of "electronic government" for the purpose of establishing information exchange, provide the necessary organizational and technical conditions in terms agreed by state bodies with the authorized body.

Article 24. Standard architecture of "electronic akimat"

      1. Standard architecture of "electronic akimat" is developed in accordance with the requirements for development of the architecture of "electronic government", the rules for development, maintenance of implementation and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and ensuring information security.

      2. Local executive bodies create or develop information systems of state bodies, acquire software and (or) objects of information and communication infrastructure taking into account the requirements of the standard architecture of "electronic akimat".

Article 25. Automation of state functions and provision of state services resulting from them

      1. Automation of state functions and provision of state services resulting from them are executed in accordance with the approved architecture of state body, and in case of absence of it - in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and ensuring information security.

      2. State functions by degree of automation are divided into:

      1) fully automated;

      2) partially automated.

      Fully automated is the function of state body, in which all operations of the processes composing it are executed in information systems.

      Partially automated is the function of state body, in which part of operations of the processes composing it are executed in information systems.

Article 26. Information and communication platform of "electronic government"

      1. In implementing the service model of informatization, information systems and service software products are placed on the information and communication platform of "electronic government" located on the territory of the Republic of Kazakhstan.

      2. It is not allowed to use the information and communication platform of "electronic government" for other aims, except the implementation of state functions and the provision of state services resulting from them in electronic form.

Article 27. Web portal and gateway of "electronic government"

      1. Web portal of "electronic government" is an information system that represents a "unified window" for access to all consolidated governmental information, including normative legal base, and to state and other services provided in electronic form.

      Requirements for the maintenance, conduct and information content of the electronic information resources of the web portal of "electronic government" are established by the authorized body.

      Gateway of "electronic government" is an information system designed to integrate state and non-state information systems within "electronic government".

      2. State and other services in electronic form can be provided through the web portal of "electronic government" and the subscriber device of mobile network.

      3. To receive state and other services in electronic form through the web portal of "electronic government" and the subscriber device of mobile network, subjects of receiving services in electronic form can use one-time passwords in accordance with the legislation of the Republic of Kazakhstan.

Article 28. Payment gateway of "electronic government"

      1. Payment gateway of "electronic government" is an information system that automates the processes of transferring information on making payments within provision of refundable services provided in electronic form.

      2. Payment gateway of "electronic government" provides:

      1) transfer of requests for making payments of the subject receiving the service in electronic form;

      2) informing the subject of provision the service in electronic form about the making payment for the provision of the service in electronic form.

      3. Banks of the second level and organizations executing certain types of banking operations, participating in the process of receiving and making payments within the provision of services, ensure the integration of their own information systems involved in these processes with payment gateway of "electronic government" directly or through information system the operator of interbank money transfer system.

Article 29. Unified transport environment of state agencies

      1. Unified transport environment of state bodies is the telecommunication network, which is part of the information and communication infrastructure of "electronic government" and is designed to provide the interaction of local (except local networks with Internet access), departmental and corporate telecommunication networks of state bodies, their subordinate organizations and bodies of local government, as well as other subjects of informatization determined by the authorized body, with observance of the required level of information security.

      2. State bodies, their subordinate organizations and local self-government bodies, as well as other subjects of informatization determined by the authorized body, are obliged to use exclusively a unified transport environment of state bodies for the interaction of local (except local networks with Internet access), departmental and corporate networks.

      3. In order to ensure information security, the connection of local, departmental and corporate networks connected to a unified transport environment of state bodies, to telecommunication networks of common use and other telecommunication networks, is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

Article 30. Unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government"

      1. Connection of local, departmental and corporate telecommunication networks of state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, as well as owners or holders of critically important objects of information and communication infrastructure to the Internet is executed by telecom operators through a unified access gateway to the Internet.

      2. Connection of local, departmental and corporate telecommunication networks of state bodies and local self-government bodies to the Internet is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      3. Specialized state and law enforcement bodies for operational purposes, the National Bank of the Republic of Kazakhstan can organize connection to the Internet without using a unified access gateway to the Internet.

      4. Electronic interaction of electronic mail of state body with external electronic mail is executed by redirection of electronic messages through a unified gateway of electronic mail of "electronic government".

Article 31. Architectural portal of "electronic government"

      1. Architectural portal of "electronic government" is an information system designed to execute registration, record, storage and systematization of information about the objects of informatization of "electronic government" in accordance with the classifier and further use by state bodies for monitoring, analysis and planning in the field of informatization.

      2. State body places on the architectural portal of "electronic government" information about created information system of state body and informs the service integrator of "electronic government" about introduction into trial operation and industrial operation of the information system with submission of copies of confirming documents.

      The basis for registration of the information system on the architectural portal of "electronic government" is the introduction into trial operation of the information system of state body.

      3. The service integrator of "electronic government" conducts an analysis of information systems of state bodies registered on the architectural portal of "electronic government", to use a standard solution in creating or developing information systems of state bodies.

      4. The service integrator of "electronic government" provides the state technical service with access to the architectural portal of "electronic government", including for participation in the formation and maintenance of the classifier in part of definition of requirements for information security.

      5. The owner or the holder of the object of informatization of "electronic government" ensures timely actualization of electronic copies of technical documentation and information about the objects of informatization of "electronic government" placed on the architectural portal of "electronic government" in accordance with the rules for registration of information systems of state bodies, recording of information on the objects of informatization of “electronic government” and placing electronic copies of technical documentation of the objects of informatization of "electronic government".

      6. The service integrator of "electronic government" executes organizational and technical measures on the issues of placement and actualization of information about the objects of informatization of "electronic government" on the architectural portal of "electronic government".

Chapter 5. ELECTRONIC INFORMATION RESOURCES

Article 32. Types of electronic information resources

      1. Electronic information resources on the form of ownership are state and non-state, by degree of access - publicly available and limited access.

      2. Electronic information resources created, acquired and accumulated at the expense of budgetary funds, as well as received by state bodies in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Electronic information resources created, acquired at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      4. Electronic information resources that are provided or distributed by their owner or holder without specifying access conditions or their use, as well as information that is freely accessible and independent of the form of their submission and way of distribution, are publicly available.

      5. Electronic information resources containing information access to which is limited by laws of the Republic of Kazakhstan or their owner or holder in cases established by the legislation of the Republic of Kazakhstan, are electronic information resources of limited access.

      Electronic information resources of limited access are divided into electronic information resources containing information constituting state secrets and confidential.

      6. Reference of electronic information resources to electronic information resources containing information constituting state secrets is executed in accordance with the legislation of the Republic of Kazakhstan on state secrets.

      Creation, acquisition, accumulation, formation, registration, storage, processing, destruction, use, transfer, protection of electronic information resources containing information constituting state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      7. Electronic information resources containing information that do not constitute state secrets, but access to which is limited by laws of the Republic of Kazakhstan or their owner or holder, are confidential electronic information resources

Article 33. Legal regime of electronic information resources

      1. Reasons of origin, change and termination of the right of ownership and other property rights to electronic information resources are established by the civil legislation of the Republic of Kazakhstan.

      2. Electronic information resources that are the property of a legal entity are included in its property in accordance with the civil legislation of the Republic of Kazakhstan.

      3. The owner of state electronic information resources is the state.

      State electronic information resources, which are under the authority of state bodies in accordance with their competence, are subject to recording and protection in the composition of state property.

      4. The right of ownership for software, information systems and Internet resources does not create the right of ownership for electronic information resources created with their assistance and (or) placed therein, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or by agreement between them

      5. Electronic information resources processed in the order of providing services or in the joint use of information systems and Internet resources belong to the owner or holder of electronic information resources. Belonging and using of derivative products created in this case are regulated by an agreement

      6. The owner of electronic information resources containing information constituting state secrets has the right to dispose of them in the manner determined by the legislation of the Republic of Kazakhstan on state secrets

      7. Electronic information resources that are the property of individuals and legal entities in the case of referring them to electronic information resources containing information constituting state secrets are subject to alienation in the manner established by the legislation of the Republic of Kazakhstan on state secrets.

Article 34. Formation and use of electronic information resources

      1. State electronic information resources are formed in order to provide information needs of state bodies, individuals and legal entities, execution of state functions and provision of state services in electronic form.

      2. The activity of state bodies in the formation of state electronic information resources is financed at the expense of budgetary funds, except the formation of electronic information resources by the National Bank of the Republic of Kazakhstan.

      3. The owner or holder of electronic information resources have the right to freely use and distribute them in compliance with the limits established by the laws of the Republic of Kazakhstan.

      4. The use and distribution of electronic information resources by the user are executed in the manner established by the owners or holders of electronic information resources and (or) information systems.

Article 35. Access to electronic information resources

      1. State electronic information resources of the Republic of Kazakhstan are publicly available, except electronic information resources of limited access.

      State agencies ensure the creation of publicly available state electronic information resources in Kazakh and Russian.

      2. Conditions and order of access to electronic information resources of limited access are determined by the legislation of the Republic of Kazakhstan and the owner of these resources, including by concluding agreements between owners of electronic information resources.

      3. The owner of the information system of state agency that is not the owner of state electronic information resources contained in it, provides access to these resources on the basis of an agreement concluded by the owner of electronic information resources with the owners of other state electronic information resources.

      4. Access to electronic information resources is executed by one of the following ways:

      1) by transferring a request to the owner or holder of the information system on access to electronic information resources using electronic mail and indicating the identification number or in the form of an electronic document certified by an electronic digital signature or other means established by the owner or holder of electronic information resources;

      2) by direct appeal of the user to publicly available electronic information resources, information systems.

      5. Access can not be limited to state electronic information resources containing:

      1) normative legal acts, except those containing state secrets or other secret protected by law;

      2) information on emergency situations, natural and technogenic disasters, weather, sanitary-epidemiological and other conditions necessary for vital activity and ensuring the safety of citizens, inhabited localities and production facilities;

      3) official information on the activities of state bodies;

      4) information accumulated in open information systems of state bodies, libraries, archives and other organizations.

      6. State bodies, state legal entities, legal entities with state participation in the authorized capital are obliged to provide individuals and legal entities with open data in Kazakh and Russian languages through the Internet portal of open data.

      Maintenance of functioning of the Internet portal of open data in Kazakh and Russian languages is executed by the service integrator of "electronic government".

      7. In case of distribution via the telecommunication networks of information prohibited entered into legal force by a court decision or laws of the Republic of Kazakhstan, as well as access to which was temporarily suspended by the order of the General Prosecutor of the Republic of Kazakhstan, submitted to the authorized body or his deputies to eliminate violations of the law, authorized bodies, owners or holders of Internet resources are obliged to take immediate measures to limit access to prohibited information.

Article 36. Electronic information resources containing personal data

      1. Electronic information resources containing personal data are subdivided into electronic information resources containing publicly available personal data and electronic information resources containing personal data of limited access.

      Electronic information resources containing publicly available personal data include electronic information resources containing personal data, access to which is free with the consent of the personal data subject or to which observation of requirements do not apply in accordance with the laws of the Republic of Kazakhstan.

      Electronic information resources containing personal data of limited access include electronic information resources, access to which is limited by the personal data subject or laws of the Republic of Kazakhstan.

      2. The owner or holder of electronic information resources containing personal data in transferring electronic information resources containing personal data to the owner or holder of the information system must obtain the consent of the personal data subject or his legal representative to collect and process personal data using information systems, except cases provided by the Law of the Republic of Kazakhstan "On personal data and their protection".

      3. In providing state service in electronic form, the consent of the personal data subject to collect and process personal data through information systems is provided in the form of an electronic document or other way using elements of protective actions that do not contradict the legislation of the Republic of Kazakhstan.

      The personal data subject also has the right to give consent to collect and process personal data through his subscriber's number of mobile communication registered on the web portal of "electronic government" by sending a one-time password or by sending a short text message as a response to the notification of the web portal of "electronic government".

      4. Owners or holders of information systems of state bodies are obliged to notify personal data subjects through the user's cabinet on the web portal of "electronic government" in an automatic mode about all cases of use, changes and additions of personal data within the framework of information interaction provided that personal data subjects are registered on the web portal of "electronic government".

      5. In addition to the reasons established by the Law of the Republic of Kazakhstan "On personal data and their protection", in the event of revealing obvious mistakes and inaccuracies in electronic information resources containing personal data, the state body in providing state services in order to eliminate them may execute their change and addition after receipt of request from the personal data subject or his legal representative.

      6. It is not allowed to use electronic information resources containing personal data on individuals for the purpose of causing property and (or) moral harm, limiting the execution of rights and freedoms guaranteed by the laws of the Republic of Kazakhstan.

Chapter 6. INFORMATION SYSTEMS

Article 37. Types of information systems

      1. Information systems on the form of ownership are state and non- state, by degree of access - publicly available and limited access.

      2. Information systems created or developed at the expense of budgetary funds, as well as received by state legal entities in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Information systems created or developed at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      Non-state information systems, classified as critically important objects of the information and communication infrastructure, as well as integrated with the information systems of state bodies and designed for the formation of state electronic information resources, are equated with information systems of state bodies in part of observance of requirements on ensuring information security.

      4. Information systems containing publicly available electronic information resources are publicly available.

      5. Information systems containing electronic information resources of limited access are information systems of limited access.

      6. Information systems of limited access are divided into:

      1) information systems in secure execution referred to state secrets, the protection of which is executed with the use of state encryption means and (or) other means of protecting information constituting state secrets, in compliance with the requirements of secrecy regime;

      2) confidential information systems.

      7. Creation, operation, maintenance, development, integration, termination of operation and protection of information systems in a protected execution referred to state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      Audit of information systems and attestation of information systems in a protected execution referred to state secrets, are not conducted.

Article 38. Requirements for the information system of state agency

      1. State bodies for the automation of state functions and the provision of state services resulting from them, based on the approved architecture of state body and the proposals of the expert council, create information systems aimed at implementing the functions assigned to them.

      2. Information system of state body is created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, the standards, life cycle of the information system operating in the territory of the Republic of Kazakhstan and taking into account the provision of:

      1) unified requirements in the field of information and communication technologies and ensuring information security;

      2) requirements for development of the architecture of "electronic government" and the standard architecture of "electronic akimat";

      3) approved architecture of state body;

      4) integration (if necessary) with other information systems through gateways;

      5) information interaction of the monitoring system of information security events of the information system of state body with the monitoring system for ensuring information security of state technical service;

      6) priority of free software;

      7) opportunities of repeated use of initial program codes, software products and software transferred to storage;

      8) assigning a class in accordance with the classifier;

      9) access of users with limited capabilities.

      3. The information contained in the electronic information resource, normative and technical documentation, as well as other related documents of the information system of state bodies are created and stored in Kazakh and Russian languages.

      4. The owner or the holder of the information system of state body or the person authorized by him after receiving the certificate of compliance with information security requirements provides the state technical service with access to the information system of state body for executing organizational and technical measures aimed at monitoring the permanence of functioning conditions and functionality of the objects of informatization of "electronic government" in accordance with information security requirements.

Article 39. Creation or development of the information system of state agency

      1. Information system of state agency is created or developed in the following order:

      1) development of an investment proposal for the creation or development of the information system of state body on the basis of an analysis of the object of automation in the order determined by the budget legislation of the Republic of Kazakhstan;

      2) consideration by authorized body of an investment proposal on the creation or development of the information system of state body;

      3) development of technical and economic justification for budget investments, taking into account the assigned class in accordance with the classifier;

      4) obtaining a conclusion of expertise in the field of informatization on technical and economic justification for budget investments;

      5) making decision of the head of state body on the organization of work on the creation or development of the information system of state body;

      6) submission of information about the created information system to the service integrator of "electronic government" for recording on the architectural portal of "electronic government";

      7) development of a technical task for the creation or development of the information system of state body;

      8) development of a technical specification for the acquisition of goods, works and services in the field of informatization;

      9) coordination of technical task with the authorized body for the creation or development of the information system of state body;

      10) execution of state purchases of goods, works and services in the field of informatization;

      11) conduction of trial operation of the information system of state body executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security which includes, among others:

      documentation of procedures for conduction of trial operation;

      testing for compliance with information security requirements;

      optimization and elimination of identified defects and imperfections with their subsequent correction;

      formalization of an act on completion of the trial operation of the information system.

      Period of conduction of trial operation should not be exceed one year;

      12) registration of the information system of state body on the architectural portal of "electronic government";

      13) introduction of the information system of state body in accordance with the current standards on the territory of the Republic of Kazakhstan;

      14) introduction into industrial operation of the information system of state body includes:

      conduction of attestation;

      signing of the act on introduction into industrial operation of the information system by the acceptance commission with participation of representatives of the authorized body, interested state bodies and organizations;

      15) transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies.

      Documentation of the procedures for the creation of the information system of state body is executed at each stage of the life cycle of the information system.

      Introduction of the information system of state body into trial operation of the information system or industrial operation of the information system is executed on the basis of normative documents of the owner or holder of the information system.

      2. Development of the information system of state body is executed after the introduction of the information system into industrial operation of the information system.

      3. In the case of creation or development of the information system of state body within the framework of republican and local projects of state-private partnership in the field of informatization, subparagraphs 1), 2), 3) and 4) of paragraph 1 of this article are not applied.

      In creation or development of the information system of state body within the framework of republican and local projects of state-private partnership in the field of informatization in accordance with the legislation of the Republic of Kazakhstan on state-private partnership with the authorized body, the concept of a project of state-private partnership is agreed upon.

      4. Provision to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings of the licensed software of information systems of state bodies is mandatory and implemented in accordance with the procedure determined by the authorized body.

      Illegal modification, divulging and (or) using of initial program codes software products and software are prohibited.

Article 40. Industrial operation of the information system of state agency

      1. Introduction into industrial operation of the information system of state body is executed in accordance with the requirements of technical documentation, provided that the trial operation of the information system is successfully completed, existence of the act with a positive result of testing for compliance with information security requirements, expertise of technical documentation and a certificate of compliance with information security requirements.

      2. In the industrial operation of the information system of state body, it is ensured:

      1) observance of unified requirements in the field of information and communication technologies and ensuring information security;

      2) preservation, protection, restoration of electronic information resources in case of failure or damage;

      3) backup copying and control over the timely actualization of electronic information resources;

      4) automated record, security and periodic archiving of information on appeals to the information system of state body;

      5) monitoring of information security events of the information system of state body and transfer of its results to the monitoring system for ensuring information security of the state technical service;

      6) maintenance of the information system;

      7) technical support of the used licensed software of the information system;

      8) reduction (exclusion) of the use of documents on paper media, as well as requirements for their submission in execution of state functions and provision of state services;

      9) warranty service by the developer of the information system, including elimination of errors and defects of the information system identified during the warranty period. Warranty service is provided for a period of not less than one year from the date of introduction into the industrial operation of the information system.

Article 41. Termination of industrial operation of the information system of state body

      1. Absence of the need for further use of information systems of state bodies entails the termination of industrial operation and the change of information about the information system on the architectural portal of "electronic government" in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      2. Decision on the absence of the need for further operation of the information system of a state body is taken by the owner or holder with notification to the owners and (or) holders of information systems with which the information system of state body is integrated, as well as the service integrator of "electronic government" about the procedure and terms of the termination of operation.

      3. Electronic information resources, technical documentation and initial program codes of copied information system of state body are subject to transfer to the archive in accordance with the legislation of the Republic of Kazakhstan.

      4. Copying and (or) utilization of technical means of copied information system of state body is executed in accordance with the requirements established by the legislation of the Republic of Kazakhstan on accounting and financial statements.

Article 42. Mandatory requirements for the means of processing, storage and backup copying of electronic information resources in information systems of state agency

      1. To ensure the reliability and security of the operation of information systems of state bodies, the technical means which are used to store, process and transfer electronic information resources must comply with the requirements of the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. The owner or holder of the information system, as well as the operator executes storage and, if necessary, ensure restoration of state electronic information resources contained in the information system and carry responsibility for the loss, modification or other failure to ensure the safety of state electronic information resources in the order established by the laws of the Republic of Kazakhstan and agreement of the parties.

      3. Ensuring the production of backup copying of state electronic information resources is mandatory for the owner of the information system or operator.

      Method of production and storage of backup copying containing state electronic information resources should ensure the safety of electronic information resources before production of the next backup copying.

      Periodicity of backup copying of state electronic information resources is established by normative and technical documentation for the information system.

Article 43. Integration of information systems

      1. Integration of information systems of state bodies is executed in accordance with the rules for integration of gateway of “electronic government”, payment gateway of “electronic government” with information systems.

      Information systems of state bodies designed for implementation of operational-search, counterintelligence activities, ensuring defense capability and national security can be integrated without connection to the gateway of “electronic government”.

      2. State bodies are obliged to ensure the integration of information systems of state bodies through the gateway of “electronic government” in terms and in the order established by the authorized body.

      3. In the case of integration of non-state information system with the information system of state body separately or simultaneously with another information system of state body, the access is provided in accordance with the rules for integration of gateway of “electronic government”, payment gateway of “electronic government” with information systems.

      Footnote. Article 43 with amendment introduced by the Law of the RK from 28.12.2016 № 36-VI (effective after two months after the day of its first official publication).

Article 44. Requirements for non-state information system that is integrated with the information system of state body

      1. Integration of non- state information system with the information system of state body is executed exclusively through gateway of "electronic government" or payment gateway of "electronic government" (for the purposes of making payments) in accordance with the rules for the integration of gateway of "electronic government", payment gateway of "electronic government" with information systems.

      Non-state information system has access to state electronic information resources exclusively in the amount specified in the agreement between the owners.

      2. Electronic information resources, interface, normative and technical documentation and other related documents of non-state information system that are integrated with the information system of state body or designed for the formation of state electronic information resources are created and stored in the Kazakh and Russian languages.

      3. Non-state information system is integrated with the information system of state body, subject to the existence of an act on the acceptance into industrial operation of information system, an act with a positive test result for compliance with information security requirements, expertise of technical documentation and a certificate of compliance with information security requirements.

Chapter 7. SERVICE MODEL OF INFORMATIZATION

Article 45. Service model of informatization

      1. Implementation of service model of informatization is executed in accordance with this Law and the legislation of the Republic of Kazakhstan on state-private partnership.

      2. Service model of informatization is regulated in accordance with the requirements for development of the architecture of "electronic government", unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization.

      3. Service model of informatization is based on the centralized provision of information and communication services to state bodies by operator on the basis of the information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services.

      4. Duties and responsibilities of operator and state bodies in the provision (reception) of information and communication services are established by the legislation of the Republic of Kazakhstan and by agreement of the parties.

Article 46. Provision of information and communication services to state bodies by operator

      1. Implementation of information and communication services provided to state bodies by operator is executed in accordance with the rules for the implementation of service model of informatization.

      2. Creation and development of information and communication services are executed at the expense of budgetary funds, as well as other sources of funding that are not prohibited by the legislation of the Republic of Kazakhstan, including through state-private partnership.

      Calculation of the cost of created and developed information and communication service through the project of state-private partnership in the field of informatization is executed on the basis of the method for calculating the cost of information and communication services and in accordance with the legislation of the Republic of Kazakhstan on state-private partnership.

      3. Operator, owners of the information and communication infrastructure, service software products do not acquire the right to use and dispose of electronic information resources of state bodies placed on the objects belonging to these individuals.

      4. Operator calculates the cost of information and communication service on the basis of the method approved by the authorized body and submits it to the authorized body for coordination.

      Description of information and communication services for state bodies and information about their costs are placed on the operator's Internet resource.

      5. Information and communication services that are included in the catalog of information and communication services are classified by types and subjects of receiving these services.

      6. In order to monitor the quality of information and communication services to state bodies and provide consulting support for the recipients of these services, the authorized body and operator involve the Unified contact center.

      7. Operator in the provision of information and communication services provides and is responsible to state agencies for the security of storing electronic information resources in the order established by the legislation of the Republic of Kazakhstan and by agreement of the parties.

      8. State body concludes a contract with the operator for provision of information and communication services in accordance with the legislation of the Republic of Kazakhstan on state procurement.

Article 47. Interaction of operator with owner of service software product and other individuals

      1. Interaction of operator and individuals who provide him with information and communication infrastructure and service software products for provision of information and communication services is regulated by the rules for the implementation of service model of informatization and the agreement between the operator and these individuals.

      2. Owner of the service software product is obliged to:

      1) transfer the service program product and technical documentation to the service software product to the operator in accordance with the agreement between them;

      2) execute finalization and development of the service software product on the operator's request;

      3) conduct training of the operator's personnel on the operation and maintenance of the service software product, as well as on the use of the information and communication service provided through this service software product.

      3. In case of early termination of the agreement on the initiative of the owner of the service software product, the operator has the right to execute operation of the service software product before replacing it with another service software product.

Chapter 8. TESTS, EXPERTISE, AUDIT, CERTIFICATION OF OBJECTS OF INFORMATIZATION

Article 48. Documentation of electronic information resources and information about information systems

      Documentation of electronic information resources and information about information systems is executed by their owner or holder in accordance with the requirements established by the legislation of the Republic of Kazakhstan on informatization, electronic document and electronic digital signature, on National archival fund and archives.

Article 49. Tests of software, program code, Internet resource, information system and information and communication platform of "electronic government", as well as expertise of technical documentation

      1. Tests of software, program code, Internet resource and information systems are conducted in order to assess their compliance with the requirements of technical documentation, normative legal acts of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan.

      Expertise of technical documentation is conducted in order to assess its compliance with the requirements of normative legal acts of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan.

      Tests of software, program code, Internet resource, information system and expertise of technical documentation are executed on the initiative of the owner or holder and are conducted by testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. Tests of the service software product, information and communication platform of "electronic government", Internet resource and information system of state agency, information system referred to critically important objects of the information and communication infrastructure, non-state information system that is integrated with the information system of state body or designed to form state electronic information resources for compliance with requirements of information security are mandatory and are conducted in accordance with this Law

Article 50. Audit of information systems

      1. At the stage of creation, introduction and operation of information systems on the initiative of the owner or holder of information systems, the audit of information systems can be conducted.

      2. Conduction of the audit of information systems is executed by individual and (or) legal entities possessing special knowledge and experience in the field of information and communication technologies, in the order determined by the authorized body.

Article 51. Attestation

      1. Attestation is conducted in mandatory order or at the initiative of the owner.

      2. Objects of attestation that are the subject of mandatory attestation are:

      1) information system of state body;

      2) non-state information system that is integrated with the information system of state body or designed to form state electronic information resources;

      3) information system referred to critically important objects of information and communication infrastructure;

      4) information and communication platform of "electronic government";

      5) Internet resource of state body.

      3. Objects of attestation that are not the subject of mandatory attestation are:

      1) non-state information system;

      2) non-state Internet resource.

      4. Industrial operation of information system of state body, information system referred to critically important objects of information and communication infrastructure, non-state information system integrated with information system of state body or designed to form state electronic information resources, Internet resource of state body and information and communication platform of "electronic government" is allowed only with existence of certificate of compliance with information security requirements.

      5. The period of attestation survey should not exceed thirty working days from the date of entry into force of the contract for conducting the attestation survey.

      In case if attested information system is territorially distributed, the period of attestation survey is no more than forty working days.

      6. Taking into account the act of attestation survey and on the basis of the protocol of the attestation commission, the authorized body takes one of the following decisions within five working days:

      1) on issuance of a certificate of compliance with information security requirements;

      2) on refusal to issue a certificate of compliance with information security requirements;

      3) on elimination of identified nonconformities by the applicant

      Decision on elimination of identified nonconformities by the applicant can be taken no more than once upon the application for conduction of attestation.

      7. Reason for refusal to issue a certificate of compliance with information security requirements are nonconformities identified in the attestation survey of nonconformities, which can not be eliminated within twenty working days from the date of receipt of the decision copy.

      8. A certificate of compliance with information security requirements is issued for the period of industrial operation of the object of attestation, except information and communication platform of "electronic government", while observing (ensuring) during the specified period the conditions of functioning and functionality of the object of attestation, hardware and software complex and information and communication technologies, providing processing of the protected information and determining the security of information.

      9. A certificate of compliance with information security requirements of the information and communication platform of "electronic government" is issued for one year.

      10. In case of changes in functioning conditions and functionality of the object of attestation, the owner or the holder of the object of attestation after the completion of the work on its development sends to the authorized body a notification on the need to conduct a re-attestation of the object with an appendix describing all the changes made in the order established by this Law.

      Responsibility for the execution of the established conditions for functioning of the object of attestation, technologies for processing the protected information and information security requirements lies with the owner or the holder of the object of attestation.

      11. The authorized body, from the day of receiving the notification within three working days, convokes an attestation commission to make a decision on the conduction of re-attestation of the object of attestation.

      12. The authorized body takes measures to revoke the certificate of compliance with information security requirements of the object of attestation in the following cases:

      1) existence of a written application of the owner or the holder of the object of attestation;

      2) nonconformities of the object of attestation with information security requirements revealed during the audit conducted in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      3) changes in functioning conditions and functionality of the information system;

      4) termination of the operation of the information system.

      13. Introduction of a new service software product, a change in the service software product does not result to revoke of the certificate of compliance with information security requirements of the information and communication platform of "electronic government".

      14. A copy of the decision to revoke the certificate of compliance with information security requirements of the object of attestation is sent to the owner or the holder of the object of attestation, who within three working days from the day a copy of the decision is received returns to the authorized body a certificate of compliance with information security requirements of the object of attestation.

      Attestation of the object of attestation after revoking of the certificate of compliance with information security requirements is executed in the order provided by this Law and the rules approved by the Government of the Republic of Kazakhstan.

      15. The owner or the holder of the object of attestation or the person authorized by him annually not later than March 1, sends to the authorized body a list of objects planned for attestation in the current year.

Article 52. Confirmation of conformity in the field of informatization

      Confirmation of conformity in the field of informatization is executed in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

Chapter 9. PROTECTION OF THE OBJECTS OF INFORMATIZATION

Article 53. Aims of protection of the objects of informatization

      1. Protection of the objects of informatization is the implementation of a set of legal, organizational and technical measures aimed at the preservation of the objects of informatization, preventing unlawful and (or) unintentional access and (or) impact on them.

      2. Protection of the objects of informatization is executed in accordance with the legislation of the Republic of Kazakhstan and current standards in the territory of the Republic of Kazakhstan in order to:

      1) ensure integrity and safety of electronic information resources;

      2) ensure regime of confidentiality of electronic information resources of limited access;

      3) implementation of the right of subjects of informatization for access to electronic information resources;

      4) prevention of unauthorized and (or) unintentional access, leakage and other actions regarding electronic information resources, as well as unauthorized and (or) unintentional impact on objects of information and communication infrastructure;

      5) prevention of violations of the functioning of objects of information and communication infrastructure and critically important objects of information and communication infrastructure.

      3. Other unauthorized and (or) unintentional actions regarding objects of informatization are:

      1) blocking electronic information resources and (or) objects of information and communication infrastructure, that is, committing actions leading to limitation or closure of access to electronic information resources and (or) objects of information and communication infrastructure;

      2) unauthorized and (or) unintentional modification of objects of informatization;

      3) unauthorized and (or) unintentional copying of electronic information resource;

      4) unauthorized and (or) unintentional destruction, loss of electronic information resources;

      5) use of the software without permission of the right holder;

      6) infringement of work of information systems and (or) software or infringement of functioning of telecommunication networks.

      4. Protection of information systems is executed according to the class assigned in accordance with the classifier.

Article 54. Organization of protection of the objects of informatization

      1. Protection of the objects of informatization is executed:

      1) regarding electronic information resources - their owners, holders and users;

      2) regarding objects of information and communication infrastructure and critically important objects of information and communication infrastructure - their owners or holders.

      2. Owners or holders of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure are obliged to take measures ensuring:

      1) prevention of unauthorized access;

      2) timely detection of facts of unauthorized access, if such unauthorized access failed to prevent;

      3) minimization of adverse consequences of violation of the order of access;

      4) prevention of unauthorized influence on the means of processing and transferring of electronic information resources;

      5) prompt restoration of electronic information resources modified or destroyed due to unauthorized access to them;

      6) prompt informing the state technical service about the incident of information security that occurred, except owners and (or) holders of electronic information resources containing information constituting state secrets;

      7) information interaction with the state technical service on the issues of monitoring the provision of information security, protection and safe operation of the objects of informatization of "electronic government";

      8) provision of access to the state technical service to the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure for conduction of organizational and technical measures aimed at implementation of monitoring of ensuring information security.

      3. Provisions of unified requirements in the field of information and communication technologies and ensuring information security related to the sphere of ensuring information security are mandatory for application by state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, owners and holders of non-state information systems integrated with information systems state bodies or designed to form state electronic information resources, as well as by owners and holders of critically important objects of information and communication infrastructure.

      4. Management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation is executed by the authorized body in accordance with the legislation of the Republic of Kazakhstan.

Article 55. Measures to protect electronic information resources, information systems and information and communication infrastructure

      1. Legal measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) requirements of the legislation of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan;

      2) responsibility for violation of the legislation of the Republic of Kazakhstan on informatization;

      3) agreements concluded by the owner or the holder of electronic information resources, information systems, information and communication infrastructure where the conditions of work, access or use of these objects, as well as liability for their violation are established.

      2. Organizational measures to protect electronic information resources, information systems and information and communication infrastructure include the establishment and provision of access regime in the territory (buildings, premises) where access to information, electronic information resources, information systems (electronic media of information); as well as limitation of access to electronic information resources, information systems and information and communication infrastructure can be executed.

      3. Technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) use of information security means, and regarding information constituting state secrets, exclusively with the use of means of protecting information constituting state secrets, developed, produced and (or) taken into operation in accordance with the legislation of the Republic of Kazakhstan;

      2) use of access control systems and registration of facts of access to electronic information resources, information systems and information and communication infrastructure.

      4. Use of technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure should not cause harm or create a threat of harm to life, health and property of individuals, as well as property of legal entities and state property.

Article 56. Protection of electronic information resources containing personal data

      Owners and holders of information systems that have received electronic information resources containing personal data are obliged to take measures to protect them in accordance with this Law and current standards in the territory of the Republic of Kazakhstan.

      This duty arises from the moment of receipt of electronic information resources containing personal data and to their destruction or depersonalization.

SECTION 3. STATE REGULATION IN THE FIELD OF INFORMATIZATION Chapter 10. EXPERTISE AND COORDINATION OF DOCUMENTS BY THE AUTHORIZED AGENCY

Article 57. Conclusion of expertise in the field of informatization on the investment proposal

      1. The investment proposal for creation or development of the information system of state body is submitted by state body to the authorized body for obtaining conclusion of the expertise in the field of informatization on the investment proposal annually until March 15.

      2. The authorized body considers the investment proposal in the field of informatization within a period of no more than twenty working days from the date of receipt.

Article 58. Conclusion of the expertise in the field of informatization for technical and economic justification or financial and economic justification for budget investments

      1. Conclusion of the expertise in the field of informatization for technical and economic justification for budget investments for creation or development of the information system of state body is issued not later than thirty working days from the date of receipt of full package of documents.

      Conclusion of the expertise in the field of informatization for financial and economic justification for budget investments in the field of informatization is issued not later than thirty working days from the date of receipt of full package of documents.

      2. Period for issuing conclusion of the expertise in the field of informatization for technical and economic justification for budget investments for creation or development of the information system of state body is extended to fifty working days in case if the information system of state body is a standard solution or includes interdepartmental or regional components.

Article 59. Coordination of technical task and task for design

      1. Coordination of technical task for creation or development of the information system of state body is executed by the authorized body within a period of not more than thirty working days from the date of receipt of the package of documents.

      In case if the information system of state body is a standard solution or includes interdepartmental or regional components, the period of approval is extended to fifty working days.

      2. Coordination of task for design for creation or development of a service software product developed by the service integrator of "electronic government" is executed by state body supervising the relevant industry (sphere) within a period of not more than thirty working days from the date of receipt of the package of documents.

Article 60. Conclusion of the authorized body on the calculation of costs for state procurement of goods, works and services in the field of informatization

      1. Calculations of costs for state procurement of goods, works and services in the field of informatization are introduced by the administrator of budget programs for consideration to the authorized body annually until March 1.

      2. Calculations of costs for state procurement of goods, works and services in the field of informatization are considered by the authorized body within a period of not more than thirty working days from the date of receipt of documents.

      3. Refusal to consider the calculation of costs for state procurement of goods, works and services in the field of informatization is executed in the following cases:

      1) nonconformities in the form and content of the calculation of costs for state procurement of goods, works and services in the field of informatization to the requirements of this Law and budget legislation of the Republic of Kazakhstan;

      2) non-submission of documents in accordance with established requirements approved by the authorized body.

      4. Administrators of budget programs place calculations of costs for state procurement of goods, works and services in the field of informatization on the architectural portal of "electronic government".

Chapter 11. DEVELOPMENT OF THE INDUSTRY OF INFORMATION AND COMMUNICATION TECHNOLOGIES

Article 61. State support for development of the industry of information and communication technologies

      1. State support for development of the industry of information and communication technologies is executed by the authorized state bodies, national institution of development in the field of information and communication technologies and other national institutions of development in order to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan.

      2. National institute of development in the field of information and communication technologies executes its activities in accordance with this Law and the legislation of the Republic of Kazakhstan on state support of industrial and innovative activities.

      3. The main principles of state support for development of the industry of information and communication technologies:

      1) development of the industry of information and communication technologies on the basis of private entrepreneurship and state-private partnership;

      2) priority of domestic legal entities in obtaining orders for development of information and communication technologies, information systems;

      3) stimulation of development of production of domestic software, software products and production of technical means;

      4) development of the market structure of information and communication technologies;

      5) support conscientious competition in the market of information and communication technologies.

      4. In accordance with the principles of state support, measures to stimulate the growth of the information and communication technologies sector, in addition to measures provided by the legislation of the Republic of Kazakhstan on investments and on state support for industrial and innovative activities, are:

      1) formation and development of the normative and methodological base of activities in the industry of information and communication technologies, including the introduction of international standards;

      2) implementation and improvement of the system of state (quasi-state) orders for development and supply of innovative software, software products with a high share of local content;

      3) extra budgetary refundable and non-refundable financing of projects in the industry of information and communication technologies aimed at increasing the share of local content;

      4) harmonization of the cost structure for informatization of state legal entities and subjects of quasi-state sector aimed at increasing the share of services in the field of informatization;

      5) creation of conditions for venture and other extra budgetary refundable financing of projects in the industry of information and communication technologies;

      6) development of proposals to stimulate development and increase the investment attractiveness of the industry of information and communication technologies.

Article 62. Personnel and scientific provision of the industry of information and communication technologies

      1. The state creates conditions for training and retraining of specialists with technical, professional, higher and postgraduate education on specialties in the industry of information and communication technologies in domestic and foreign higher educational institutions.

      2. Organizations, national companies, their affiliated individuals act as bases of practice for students in organizations of professional, technical, higher and postgraduate education on specialties in the industry of information and communication technologies.

      3. Scientific provision in the industry of information and communication technologies is executed through state support of scientific and scientific-technical activities in the industry of information and communication technologies, including through creation of conditions for the commercialization of technologies.

Chapter 12. INTERNATIONAL COOPERATION IN THE FIELD OF INFORMATIZATION

Article 63. International cooperation in the field of informatization

      1. International cooperation of the Republic of Kazakhstan in the field of informatization is executed in accordance with the international treaties and the legislation of the Republic of Kazakhstan.

      2. Subjects of informatization of the Republic of Kazakhstan have the right to join international organizations and associations, participate in international and foreign projects and programs.

      State bodies in agreement with the authorized body execute interaction in the field of informatization with state bodies of foreign states, international organizations and foreign legal entities.

      3. International cooperation in the field of informatization is executed in the form of:

      1) interaction with state bodies of foreign states, international organizations and foreign legal entities, including participation in the implementation of measures for execution of international treaties of the Republic of Kazakhstan;

      2) rendering assistance in the formation of a stable and secure system of international (interstate) information interaction with the use of information and communication technologies, including through the national gateway of the Republic of Kazakhstan;

      3) interaction with foreign legal entities to ensure the development of information and communication technologies, as well as personnel development and scientific cooperation;

      4) conduction of monitoring and forecasting the development of information and communication technologies on an ongoing basis jointly with foreign legal entities and international organizations;

      5) interaction with state bodies of foreign states and international organizations on the issues of safe use of information and communication technologies, as well as establishment of prohibition for actions that encroach on the information and communication infrastructure of the state and undermine the political, economic, social and other spheres of state activity;

      6) conduction of seminars, conferences and trainings in the Republic of Kazakhstan and abroad;

      7) establishment of prohibition for the use of information and communication technologies to the detriment of man, society and state on the basis of reciprocity;

      8) joint financing and implementation of projects in the field of information with foreign countries, international organizations, foreign legal entities, foreign public organizations and funds.

      4. International cooperation on the issues of development of information and communication technologies, institutional provision and exchange of experience and knowledge is executed with participation of state bodies of foreign states, international organizations and foreign legal entities.

Chapter 13. FINAL AND TRANSITIONAL PROVISIONS

Article 64. State control in the field of informatization

      State control in the field of informatization is executed in the form of audits and other forms.

      The audit is executed in accordance with the Entrepreneurship code of the Republic of Kazakhstan. Other forms of state control are executed in accordance with this Law.

Article 65. Responsibility for violation of the legislation of the Republic of Kazakhstan on informatization

      Violation of the legislation of the Republic of Kazakhstan on informatization entails responsibility in accordance with the laws of the Republic of Kazakhstan.

Article 66. Transitional provisions

      1. State bodies that have information systems of state bodies introduced into industrial operation before the introduction of this Law and do not have a certificate of compliance with information security requirements, conduct attestation of the objects of attestation subject to obligatory attestation within three years from the date of entering into enforce of this Law.

      In case of absence of technical documentation for the information system of state agency and (or) supporting documents on its introduction into industrial operation of the information system, state bodies conduct attestation of such information system within the period established by this paragraph with the provision of restored technical documentation defining common tasks, principles and rules for operation of the objects of informatization and documents regulating the issues of ensuring information security.

      2. Non-state information systems integrated with information systems of state bodies or designed for the formation of state electronic information resources and not having a certificate of compliance with information security requirements pass attestation within three years from the date of entering into enforce of this law.

Article 67. Procedure for the enactment of this Law

      1. This Law enters into enforce from January 1, 2016.

      2. Recognize as invalid the Law of the Republic of Kazakhstan dated January 11, 2007 "On informatization" (Gazette of the Parliament of the Republic of Kazakhstan, 2007, № 2, art. 13; 2009, № 15-16, art. 74; № 18, art. 84; 2010, № 5, art. 23; № 17-18, art. 111; 2011, № 1, art. 2; № 11, art. 102; № 15, art. 118; 2012, № 2, art. 13; № 8, art. 64; № 14, art. 95; № 15, art. 97; 2013, № 5-6, art. 30; № 7, art. 36; № 14, art. 75; 2014, № 1, art. 4; № 19-I, 19-II, art. 96; № 23, art. 143).

     
      President of
the Republic of Kazakhstan
N. NAZARBAYEV


On informatization

Law of the Republic of Kazakhstan dated 24 November 2015 № 418-V.

      Unofficial translation

      This Law regulates public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in creation, development and operation of informatization facilities, as well as with state support for the development of information and communication technologies industry.

SECTION 1. BASICS OF REGULATION OF RELATIONS IN THE FIELD OF INFORMATIZATION Chapter 1. GENERAL PROVISIONS

Article 1. General provisions, used in this Law

      The following basic concepts are used in this Law:

      1) automation - the process of using means of information and communication technologies to optimize the creation, search, collection, storage, processing, receipt, use, transformation, display, distribution and provision of information;

      2) informatization - organizational, socio-economic and scientific and technical process aimed at automating the activities of subjects of informatization;

      3) service model of informatization - implementation of a centralized approach to the informatization of state bodies, based on rendering information and communication services to state bodies by the operator of information and communication infrastructure of "electronic government" with the involvement of owners of information and communication infrastructure and service software products;

      4) objects of informatization - electronic information resources, software and information and communication infrastructure;

      5) owner of objects of informatization - a subject to whom the owner of objects of informatization has provided the rights to own and use objects of informatization in the limits and order determined by law or agreement;

      6) classifier of objects of informatization (hereinafter - classifier) - a systemized list of categories aimed at identification and description of objects of informatization;

      7) information security in the field of informatization (hereinafter - information security) - the condition of protection of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

      8) services in the field of informatization - services for the creation, development and maintenance of information systems, the creation of electronic information resources;

      9) expert council in the field of informatization (hereinafter - expert council) - an interdepartmental commission under an authorized body, which considers issues related to the informatization of the activities of state bodies;

      10) authorized body in the field of informatization (hereinafter - authorized body) - central executive body exercising management and intersectoral coordination in the field of informatization and "electronic government";

      11) subjects of informatization - state bodies, individuals and legal entities exercising activities or entering into legal relations in the field of informatization;

      12) information system - an organizationally ordered set of information and communication technologies, maintenance personnel and technical documentation that implement certain technological activities through information interaction and specific functional tasks designed to solve;

      13) creation of an information system - the implementation of a set of organizational and technical measures aimed at the development, acquisition, implementation of software, the acquisition and (or) property hiring (leasing) of the necessary set of technical means of the information system;

      14) integration of the information systems - measures for the organization and provision of information interaction between two or more information systems on the basis of standard protocols for data transmission used in the Republic of Kazakhstan;

      15) development of the information system - a set of measures for the implementation of additional functional requirements, modernization of the information system introduced into industrial operation in order to optimize its functioning and (or) expand the functionality;

      16) introduction of the information system – conduct a set of measures on introduction in the action an information system that includes the preparation of an automation facility and personnel, commissioning of start-up operations, preliminary and acceptance tests, and experimental operation;

      17) support of the information system - procuring the use of the information system introduced into industrial operation in accordance with its purpose, including measures on conduction of adjustment, modification and elimination software defects, without conduction of modernization and implementation additional functional requirements and providing that its integrity is maintained;

      18) audit of the information system - an independent survey of the information system in order to improve the efficiency of its use;

      19) life cycle of the information system - a set of stages of creation, industrial operation, maintenance, development and termination of the industrial operation of the information system;

      20) industrial operation of the information system - operation of the information system in the regular mode in accordance with the goals, objectives and requirements set out in the technical documentation and normative and technical documentation;

      21) experimental operation of the information system - operation of the information system in the pilot zone, conducted in order to identify and eliminate the deficiencies in the functioning of software of the information system and determine its compliance with the requirements of technical documentation;

      22) attestation of the information system, information and communication platform of "electronic government" and Internet resource of the state body for compliance with information security requirements (hereinafter - attestation) - organizational and technical measures to determine the state of protection of attestation objects, as well as their compliance with information security requirements;

      23) information and communication infrastructure - a set of objects of information and communication infrastructure designed to ensure the functioning of the technological environment in order to form electronic information resources and providing access to them;

      24) critically important objects of the information and communication infrastructure - objects of the information and communication infrastructure, including the information and communication infrastructure of the "electronic government", the violation or termination of functioning which leads to an emergency situation of social and (or) technogenic nature or to significant negative consequences for defense, security, international relations, economy, certain spheres of economy, infrastructure of the Republic of Kazakhstan, or for vital activity of population residing in the respective territory;

      25) objects of information and communication infrastructure - information systems, technological platforms, hardware-software complexes, telecommunication networks, as well as systems for ensuring the uninterrupted operation of technical facilities and information security;

      26) information and communication service - a service or a set of services for property hiring (leasing) and (or) placing of computing resources, providing software, software products, service software products and technical means for use, including communication services, through which functioning of these services are provided;

      27) catalog of information and communication services - a single directory of information and communication services provided to state bodies by the operator of the information and communication infrastructure of "electronic government";

      28) information and communication technologies - a set of methods of working with electronic information resources and methods of information interaction, implemented with the use of hardware and software complex and telecommunication network;

      29) branch of information and communication technologies - a branch of the economy connected with the design, production and sale of software, technical means, domestic electronics and its components, as well as providing information and communication services;

      30) an information security occasion - a state of objects of informatization, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of objects of informatization;

      31) information security incident - separately or serially occurring failures in the operation of the information and communication infrastructure or its individual objects, which threaten their proper functioning and (or) the conditions for illegally obtaining, copying, distributing, modifying, destroying or blocking electronic information resources;

      32) means of information security - software, technical and other means designed and used to ensure the protection of information;

      33) hardware-software complex - a set of software and technical means that are jointly used to solve problems of a certain type;

      34) attestation survey - a complex of organizational and technical measures aimed at studying, analyzing, evaluating the technical documentation of object of attestation, surveying the state of the organization of work to fulfill information security requirements;

      35) open data - public electronic information resources, presented in a machine-readable form and designed for further use, re-publication in an unchanged form;

      36) the Internet portal of open data - a component of web portal of “electronic government” that provides centralized storage of descriptive and reference information on open data;

      37) software - a set of programs, software codes, as well as software products with technical documentation necessary for their operation;

      38) software product - an independent program or part of the software which is a product that regardless of its developers can be used for the intended purposes in accordance with the system requirements established by the technical documentation;

      39) one-time password - a password that is valid only for one session for authentication of subjects of receipt services in electronic form;

      40) domain name - a symbolic (alphanumeric) designation, formed in accordance with the rules of addressing the Internet, corresponding to a specific network address and intended for a named reference to the Internet object;

      41) free software - an open source software for which the copyright holder provides to the user the right in unlimited installation, launching and copying, as well as free using, studying, developing and distributing;

      42) a local network - part of a telecommunication network that has a closed infrastructure to the point of connection to other telecommunication networks and provides information transfer and organization of joint access to network devices in the territorially limited space of the facility (premises, building, structure and its complex);

      43) system maintenance - measures to ensure the uninterrupted functioning of the hardware and software complex and telecommunication networks;

      44) Internet - a worldwide system of integrated networks of telecommunications and computing resources for the transmission of electronic information resources;

      45) a unified gateway to Internet access - a hardware and software complex designed to protect telecommunication networks in accessing the Internet and (or) communication networks that have access to the Internet;

      46) Internet resource - an electronic information resource displayed in text, graphic, audiovisual or other form, placed on the hardware and software complex, having an unique network address and (or) a domain name and functioning on the Internet;

      47) national gateway of the Republic of Kazakhstan - an information system designed to provide interstate information interaction of information systems and electronic information resources of states;

      48) a unified platform of Internet resources of state bodies - a technological platform designed for placing of Internet resources of state agencies;

      49) architecture of the state agency - a description of the current and planned condition of the state agency, including its tasks, functions, organizational structure, electronic information resources, information and communication infrastructure and their interconnection;

      50) state technical service - republican state enterprise on the right of economic management, created by the decision of the Government of the Republic of Kazakhstan;

      51) normative and technical documentation - a set of documents that define common tasks, principles and requirements for the creation and using (operation) of objects of informatization, as well as controlling over their compliance with established requirements in the field of informatization;

      52) the user - a subject of informatization using objects of informatization for execution of specific function and (or) task;

      53) service software product - software product designed for the implementation of information and communication service;

      54) technical support - provide consulting, information technology and other services to support the efficiency of licensed software;

      55) technical documentation - a set of documentation for the information system, information and communication platform of "electronic government" and software product, including a service software product that includes technical task, task for design, operational and other documentation;

      56) digital literacy - the knowledge and ability of a person to use information and communication technologies in daily and professional activities;

      57) electronic information resources - information provided in electronic-digital form and contained on an electronic medium, Internet resource and (or) in the information system;

      58) "electronic akimat" - a system of information interaction of local executive bodies with state bodies, individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form that is part of "electronic government";

      59) standard architecture of "electronic akimat" – a description of standard components and requirements for the implementation of functions and services, organizational structure, information flows, information and communication infrastructure of local executive bodies, taking into account the system of administrative and territorial structure of the Republic of Kazakhstan;

      60) electronic media - a material media designed for storage of information in electronic form, as well as recording or its reproduction through technical means;

      61) subject of receiving the services in electronic form – an individual or legal entity who applied for a state or another service in electronic form;

      62) subject of rendering services in electronic form - an individual or legal entity rendering a state or another service in electronic form;

      63) "electronic government" - a system of information interaction of state bodies among themselves and with individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form;

      64) objects of informatization of "electronic government" - state electronic information resources, software of state agencies and information and communication infrastructure of "electronic government", including non-state information systems integrated with information systems of state agencies or designed for the formation of state electronic information resources;

      65) a monitoring system of ensuring the information security for objects of informatization of “electronic government” (hereinafter - a monitoring system of ensuring the information security) - organizational and technical measures aimed at conducting monitoring of safe use of information and communication technologies, including monitoring of information security events and responding to information security incidents;

      66) information and communication infrastructure of "electronic government" - information and communication infrastructure that ensures the functioning of "electronic government";

      67) operator of the information and communication infrastructure of "electronic government" (hereinafter - operator) - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the functioning of the information and communication infrastructure of "electronic government" assigned to it;

      68) information and communication platform of "electronic government" - a technological platform designed to implement the service model of informatization;

      69) architecture of "electronic government" - a description of the objects of informatization of "electronic government", as well as a set of normative and technical requirements used to manage and coordinate the processes of creation and development of objects of informatization of "electronic government";

      70) the user's cabinet on the web portal of "electronic government" - a component of the web portal of "electronic government", designed for official information interaction of individuals and legal entities with state agencies on the issues of provision of services in electronic form, the issues of appeal to subjects considering the appeals of these individuals, as well as the use of personal data;

      71) service integrator of "electronic government" - a legal entity determined by the Government of the Republic of Kazakhstan, which is responsible for functions on methodological support of the development of architecture of "electronic government" and the standard architecture of "electronic akimat", as well as other functions provided by this Law;

      72) a unified gateway of electronic mail of "electronic government" - a hardware and software complex that provides protection of electronic mail of "electronic government" in accordance with information security requirements.

Article 2. Legislation of the Republic of Kazakhstan on informatization

      1. Legislation of the Republic of Kazakhstan on informatization is based on the Constitution of the Republic of Kazakhstan, consists of this Law and other normative legal acts of the Republic of Kazakhstan.

      2. If an international treaty ratified by the Republic of Kazakhstan establishes other rules than those contained in this Law, the rules of the international treaty are applied.

Article 3. Aims and principles of state regulation of public relations in the field of informatization

      1. The aims of state regulation of public relations in the field of informatization are formation and maintenance of the development of information and communication infrastructure, creation of conditions for the development of local content in the production of goods, works and services in the information and communication technologies industry for information support of the social and economic development and competitiveness of the Republic of Kazakhstan.

      2. State regulation of public relations in the field of informatization is based on the following principles:

      1) legality;

      2) observance of rights, freedoms and legal interests of individuals, as well as the rights and legal interests of legal entities;

      3) equality of rights of individuals and legal entities to participate in activities in the field of informatization and the use of its results;

      4) ensuring free access to electronic information resources containing information on the activities of state bodies (presumption of openness), and their compulsory provision, except electronic information resources access to which is restricted in accordance with the laws of the Republic of Kazakhstan;

      5) timeliness of the provision, objectivity, completeness and reliability of electronic information resources in respect of which the laws of the Republic of Kazakhstan establish the mandatory nature of their public distribution or provision by state bodies;

      6) freedom to search, form and transmit any electronic information resources, access to which is not restricted in accordance with the laws of the Republic of Kazakhstan;

      7) ensuring the security of the individual, society and state in the application of information and communication technologies;

      8) creation of conditions for development of the industry of information and communication technologies and conscientious competition;

      9) ensuring centralized management of objects of “electronic government” informatization;

      10) implementation of activities on informatization in the territory of the Republic of Kazakhstan on the basis of unified standards that ensure the reliability and manageability of informatization objects.


Article 4. Scope of action of this Law

      1. A scope of action of this Law is public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in the creation, development, maintenance, operation of informatization objects, as well as in state support for development of the industry of information and communication technologies.

      2. The act of this Law does not apply to:

      1) content and ways of distribution of information;

      2) relations arising from the implementation of work on the creation or development of Internet resources, information systems that are not integrated with the objects of information and communication infrastructure of “electronic government”, as well as when purchasing goods, works and services in the field of informatization by the National Bank of the Republic of Kazakhstan and organizations within its structure.

Chapter 2. STATE ADMINISTRATION IN THE FIELD OF INFORMATIZATION

Article 5. The main tasks of state administration in the field of informatization

      The main tasks of state administration in the field of informatization are:

      1) formation and development of information society;

      2) ensuring the implementation and support of administrative reform of state bodies;

      3) development of "electronic government" and "electronic akimat";

      4) increase digital literacy;

      5) ensuring participants of the educational process with conditions for access to electronic information resources of electronic learning;

      6) ensuring conditions for the development and introduction of modern information and communication technologies in production processes;

      7) assistance in the formation and development of the domestic industry of information and communication technologies;

      8) formation and implementation of a unified scientific, technical, industrial-innovative policy in the field of informatization;

      9) formation, development and protection of state electronic information resources, information systems and telecommunication networks, ensuring their interaction in a unified information space;

      10) monitoring of ensuring information security of state bodies, individuals and legal entities;

      11) prevention and prompt response to incidents of information security, including in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation;

      12) creation of conditions for attracting investments in the industry of information and communication technologies on a systemic basis;

      13) improvement of the legislation of the Republic of Kazakhstan in the field of informatization;

      14) participation in international cooperation in the field of informatization;

      15) creation of conditions for international information exchange and access to information.

Article 6. Competence of the Government of the Republic of Kazakhstan in the field of informatization

      Government of the Republic of Kazakhstan in the field of informatization:

      1) develops the main directions of state policy in the field of informatization and organizes their implementation;

      2) defines the national institute of development in the field of information and communication technologies, service integrator of "electronic government", operator;

      3) approves unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the list of critically important objects of the information and communication infrastructure, as well as the rules and criteria for classifying objects of the information and communication infrastructure as critically important objects of the information and communication infrastructure;

      5) approves the rules for conduction the attestation of information system, information and communication platform of "electronic government", Internet resource of the state body for compliance with information security requirements;

      6) approves the list of personal data of individuals included in part of state electronic information resources;

      7) executes other functions entrusted to it by the Constitution of the Republic of Kazakhstan, this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

Article 7. Competence of the authorized body

      Authorized body:

      1) provides implementation of state policy in the field of informatization;

      2) approves the composition and position on the activities of expert council;

      3) develops unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the rules for implementation of the service model of informatization;

      5) approves the list of Internet resources of state agencies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      6) approves the rules for formation of a list of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      7) approves the rules for issuing conclusions on the compliance of hardware and software complex with technical requirements for inclusion in state register of cash control registers;

      8) develops the list of critically important objects of information and communication infrastructure, as well as rules and criteria for classifying objects of information and communication infrastructure as critically important objects of information and communication infrastructure;

      9) develops the rules for conducting attestation of information system, information and communication platform of "electronic government", Internet resource of state body for compliance with information security requirements;

      10) approves the requirements for development of the architecture of "electronic government";

      11) approves the rules for classification of objects of informatization and the classifier of objects of informatization;

      12) approves the rules of information interaction of information system for monitoring the provision of state services with information systems;

      13) approves the rules for integration of the gateway of "electronic government", payment gateway of "electronic government" with information systems;

      14) approves the list of information systems and electronic information resources that carry out interstate information interaction through the national gateway of the Republic of Kazakhstan;

      15) approves the rules for informational content of Internet resources of state bodies and requirements for their content;

      16) approves the method and rules for conducting tests of the service software product, information and communication platform of "electronic government", Internet resource of state body and information system for compliance with information security requirements;

      17) approves the rules for developing, supporting the implementation and development of the architecture of state bodies;

      18) approves the standard architecture of "electronic akimat" upon agreement with authorized body on state planning;

      19) approves the rules for conducting expertise in the field of informatization of investment proposals, technical and economic justifications and financial and economic justifications for budget investments;

      20) approves the rules for drafting and reviewing technical tasks for the creation or development of information systems of state bodies;

      21) approves the instruction on drafting, presenting and reviewing the calculation of expenses for public procurement of goods, works, services in the field of informatization in agreement with the authorized agency on state planning;

      22) approves the rules for conducting audit of information systems;

      23) approves the method of calculation and standards of expenses for the creation, development and maintenance of information systems of state bodies;

      24) approves the method of calculation of the cost of information and communication services for state bodies;

      25) approves the method for assessing the effectiveness of activities of state bodies on the use of information and communication technologies;

      26) approves the method for conducting an attestation survey of information system, information and communication platform of "electronic government", Internet resource of state body for compliance with information security requirements;

      27) approves the checklists, risk assessment criteria, semi-annual audit schedules in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      28) approves the criteria for attributing electronic information resources to open data posted by state bodies on the Internet portal of open data, as well as the procedure and format for their provision;

      29) approves the catalog of information and communication services;

      30) approves the rules for registering information systems of state bodies, recording information about the objects of informatization of "electronic government" and placing electronic copies of technical documentation of the objects of informatization of "electronic government";

      31) approves the rules for recording and storage of developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies;

      32) approves the rules for conduction the monitoring of provision information security, protection and safe operation of the objects of informatization of "electronic government";

      33) approves the design task for creation or development of a service software product for state bodies, developed by the service integrator of "electronic government";

      34) develops and approves normative legal acts in the field of informatization;

      35) issues an industry conclusion on the concept of the project of state-private partnership in the field of informatization;

      36) executes activities to improve the system of attracting investments and incentive mechanisms for the development and implementation of investment projects in the field of informatization;

      37) creates conditions for the development of information and communication technologies industry;

      38) develops proposals on improving the legislation of the Republic of Kazakhstan in the field of informatization;

      39) assists owners, holders and users of the objects of informatization in the issues of safe use of information and communication technologies, including prevention of illegal actions to obtain, copy, distribute, modify, destroy or block electronic information resources;

      40) executes coordination of development of the architecture of state bodies;

      41) executes monitoring of implementation of the architecture of state bodies;

      42) executes monitoring of implementation of unified requirements in the field of information and communication technologies and ensuring information security;

      43) executes interdepartmental coordination on the issues of functioning of a unified access gateway to the Internet;

      44) executes intersectoral coordination on the issues of monitoring of ensuring information security, protection and secure functioning of the objects of informatization of "electronic government", segment of the Internet in Kazakhstan, as well as information systems related to critically important objects of information and communication infrastructure, response to incidents of information security with the implementation of joint measures to ensure information security in the manner established by the legislation of the Republic of Kazakhstan;

      45) executes coordination of activities on development of information protection ways in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies;

      46) executes coordination of activities on the management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, the introduction of an emergency or military situation;

      47) participates in introduction to industrial operation of information systems of state bodies;

      48) issues a conclusion in the field of informatization for investment proposals, technical and economic justifications and financial and economic justifications for budget investments;

      49) reviews and issues conclusions to the expert council on the calculations of expenses submitted by administrators of budget programs for state procurement of goods, works and services in the field of informatization;

      50) coordinates technical tasks for the creation or development of information systems of state bodies;

      51) conducts attestation;

      52) organizes the registration of information systems of state bodies, recording of information about the objects of informatization of "electronic government" and placing of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      53) organizes recording and storage of the developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies;

      54) approves the list of information systems (or parts thereof) subject to multiple use as standard solutions in the creation or development of information systems of state bodies;

      55) executes development of a unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government";

      56) defines the administrator and the registry of domain names, approves the rules for registration, use and distribution of domain names in the space of segment of the Internet in Kazakhstan;

      57) participates in works on standardization and confirmation of compliance in the field of informatization;

      58) executes international cooperation in the field of informatization;

      59) executes state control in the field of informatization;

      60) approves the rules for registering and connecting the subscriber number of the subscriber provided by the mobile operator to the account of the web portal of "electronic government" for receiving state and other services in electronic form through the subscriber device of the mobile network;

      61) approves the list of state and other services in electronic form provided through the web portal of "electronic government" and the subscriber device of the mobile network;

      62) approves the rules for the classification of state services in electronic form for determining the method of authentication of a service recipient;

      63) approves the mandatory requisites of the results of rendering state and other services in electronic form received through the subscriber device of the mobile network, as well as the procedure for verifying their reliability;

      64) executes other authority provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

Article 8. Expert council

      1. Expert council is headed by the head of authorized body and includes officials - heads of state bodies responsible for informatization of the activities of state body, representatives of authorized body, service integrator of "electronic government" and other organizations in the field of informatization by agreement with specified bodies and organizations.

      2. Expert council executes its activities on an ongoing basis.

      3. Expert council:

      1) develops recommendations and proposals on the issues in the field of informatization;

      2) reviews and coordinates projects of architecture of state bodies;

      3) hears the report of the service integrator of "electronic government" on the progress of works on the implementation of architecture of state bodies;

      4) reviews the calculations of expenses submitted by administrators of budget programs for state procurement of goods, works, services in the field of informatization and makes proposals;

      5) executes other authority provided by this Law and the regulation on expert council.

Article 9. Competence of central executive agencies and state agencies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization

      Central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure observation of the requirements for the development of architecture of "electronic government";

      3) create and develop state electronic information resources and information systems of state bodies;

      4) execute filling, ensure the reliability and relevance of electronic information resources;

      5) approve the architecture of state agency in agreement with expert council, ensure its actualization, as well as create the necessary conditions for its implementation;

      6) participate in the development of "electronic government";

      7) provide access to local executive bodies within their competence to information systems of state bodies under the authority of state body;

      8) place open data in Kazakh and Russian on the Internet portal of open data;

      9) provide registration of information systems of state body, record information about the objects of informatization of state body, place electronic copies of technical documentation of objects of informatization of state body, as well as actualization of information on the objects of informatization of state body on the architectural portal of "electronic government";

      10) provide a transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for the licensed software of information systems of state bodies;

      11) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      12) execute the use of standard solutions in the creation or development of information systems;

      13) place publicly available information on the plans and results of the formation of state electronic information resources, the creation of information systems and the development of information systems of state bodies on their Internet resources;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on Internet portal of open data in agreement with the authorized bodies;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) establish the requirements for the level of digital literacy of specialists in relevant fields of activity in developing and approving professional standards;

      18) execute other authority provided for by this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Competence of central executive bodies is also determined by acts of the Government of the Republic of Kazakhstan.


Article 10. Competence of local executive agencies in the field of informatization

      Local executive bodies:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure observance of the requirements for the development of architecture of "electronic government" and the introduction of standard architecture of "electronic akimat" taking into account the directions of activities of local executive body;

      3) create and develop state electronic information resources and information systems of state bodies;

      4) provide filling, ensure the reliability and relevance of electronic information resources of local executive bodies;

      5) local executive bodies of regions, cities of republican meaning, the capital on the basis of standard architecture of "electronic akimat" approve the architecture of state body in agreement with authorized body on state planning and expert council and ensure its implementation;

      6) provide registration of information systems of state body, record information about the objects of informatization of state body, place electronic copies of technical documentation of the objects of informatization of state body, as well as actualization of information on the objects of informatization of state body on the architectural portal of "electronic government";

      7) place publicly available information on the plans and results of the formation of state electronic information resources, the creation of information systems and the development of information systems of state agencies on their Internet resources;

      8) provide a transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for the licensed software of information systems of state bodies;

      9) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      10) execute the use of standard solutions in the creation or development of information systems;

      11) organize public access points for individuals and legal entities to state electronic information resources and information systems of state bodies, including by allocating uninhabited premises for the organization of this access;

      12) create conditions for increasing digital literacy;

      13) place open data in Kazakh and Russian on the Internet portal of open data;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on the Internet portal of open data in agreement with authorized agency;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) execute in the interests of local state administration other authority entrusted in local executive bodies by the legislation of the Republic of Kazakhstan.

Article 11. National institute of development in the field of information and communication technologies

      1. National institute of development in the field of information and communication technologies is determined by the Government of the Republic of Kazakhstan with the aim of creating favorable conditions for increasing the competitiveness of the industry of information and communication technologies and stimulating industrial and innovative activities in the field of information and communication technologies.

      2. National institute of development in the field of information and communication technologies:

      1) executes implementation of measures of state support for development of the industry of information and communication technologies;

      2) provides information and analytical and advisory services in the field of information and communication technologies;

      3) executes investments in industrial-innovative projects in the field of information and communication technologies by participating in authorized capitals of subjects of industrial-innovative activity, creation of legal entities, including foreign participation, and by other means provided by the legislation of the Republic of Kazakhstan;

      4) cooperates with international organizations and foreign legal entities in order to attract information, educational, financial and other resources to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan;

      5) provides subject of informatization with access to information on implemented industrial-innovative projects in the field of information and communication technologies;

      6) issues expert conclusions and (or) recommendations to the authorized body and state bodies in the field of information and communication technologies at no charge;

      7) executes collection of information and analysis of effectiveness of measures of state support for development of the industry of information and communication technologies;

      8) renders assistance in the development of investment funds for risky investment;

      9) executes the analysis of development of the industry of information and communication technologies;

      10) renders assistance in the development of local content in the industry of information and communication technologies;

      11) develops normative documentation on standardization in the field of information and communication technologies;

      12) submits proposals to the authorized body on the formation of state educational order for the training, increasing qualification and retraining of specialists in the field of information and communication technologies in the organizations of technical, professional and higher education, as well as proposals for standard educational plans and standard educational programs in the field of information and communication technologies;

      13) issues an expert conclusion for the provision of innovative grants in the field of information and communication technologies.

Article 12. Service integrator of "electronic government"

      Service integrator of "electronic government":

      1) participates in the implementation of state policy in the field of informatization and the introduction of service model of informatization;

      2) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      3) provides methodological support for development of the architecture of "electronic government";

      4) develops a standard architecture of "electronic akimat";

      5) develops, accompanies the implementation and develops the architecture of state bodies, as well as executes necessary measures for this measure;

      6) reports to the expert council on the progress of work on implementation of the architecture of state bodies;

      7) informs the operator and potential suppliers (contractors) about the needs of state bodies in goods, works, services related to the automation of state functions and state services within the implementation of the service model of informatization;

      8) develops a task for designing the creation or development of a service software product, except service software products created or developed through state-private partnership projects in the field of informatization;

      9) organizes the creation, testing and development of service software products for the implementation of information and communication services provided by the operator to state bodies;

      10) conducts in the field of informatization an expertise of the investment proposal, technical and economic justification and financial and economic justification for budget investments, including a technical task for the creation or development of information systems of state bodies for compliance with the requirements for development of the architecture of "electronic government", approved architecture of state body, standard architecture of "electronic akimat" and for availability of opportunity of the use of information systems of state bodies specified in the list of information systems (or their parts), which are subject to multiple use as standard solutions in creating or developing information systems of state bodies;

      11) conducts in state bodies an assessment of the level of readiness of processes for managing the architecture of a state body in accordance with the rules for development, maintenance of the implementation and development of the architecture of state bodies;

      12) conducts an assessment of the effectiveness of activities of state bodies on the use of information and communication technologies and assessment of the quality of rendering state services in electronic form;

      13) forms and conducts the classifier;

      14) executes the management of projects on creation and development of the objects of informatization of "electronic government";

      15) provides consulting and practical assistance to state bodies in the creation and development of the objects of informatization of "electronic government";

      16) executes registration of information systems of state bodies, recording of information about objects of informatization of "electronic government" and storage of electronic copies of technical documentation of objects of informatization of "electronic government" on the architectural portal of "electronic government";

      17) executes recording and storage of the developed software, initial program codes (if any) and a set of settings of the licensed software of information systems of state bodies;

      18) gives a conclusion on the possibility of using standard solutions in creating or developing information systems of state bodies;

      19) forms and conducts a catalog of information and communication services;

      20) organizes the integration of information systems of state bodies and the national gateway of the Republic of Kazakhstan;

      21) executes the management of project on development of the national gateway of the Republic of Kazakhstan;

      22) makes proposals for the development of information and communication technologies to the national institute of development in the field of information and communication technologies.

Article 13. Operator

      Operator:

      1) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) executes system-technical service and maintenance of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government" in accordance with the list approved by the authorized body;

      3) has the right to attract objects of information and communication infrastructure of other individuals for the development of own information and communication infrastructure;

      4) provides information and communication services to state bodies on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services;

      5) ensures the security of storage of state electronic information resources placed on the information and communication infrastructure of "electronic government" assigned to the operator;

      6) ensures the safety of storage of state electronic information resources in the provision of information and communication services;

      7) provides prompt response to identified defects in the provision of information and communication services, as well as state services in electronic form and taking measures to eliminate them;

      8) provides at no charge basis upon the request of service integrator of "electronic government" an information and communication infrastructure for the development and testing of service software products by potential suppliers;

      9) executes integration and connection of local (except local networks with access to the Internet), departmental and corporate telecommunication networks of state bodies to the information and communication infrastructure of "electronic government";

      10) provides services for the transfer of data to state bodies, their subordinate organizations, local self-government bodies, as well as other subjects of informatization defined by the authorized body and connected to a unified transport environment of state bodies for the operation of their electronic information resources and information systems;

      11) executes the creation and development of the information and communication platform of "electronic government" and a unified transport environment of state bodies;

      12) executes maintenance and system-technical service of the national gateway of the Republic of Kazakhstan;

      13) executes the information content of the web portal of "electronic government".

Article 14. State technical service

      1. State technical service executes the following types of activities in the field of informatization referred to state monopoly:

      1) conducts an attestation survey of the information system, information and communication platform "electronic government" and the Internet resource of state body for their compliance with information security requirements;

      2) executes monitoring of the provision of protection for the objects of informatization of "electronic government";

      3) executes monitoring of the provision of secure operation of the objects of informatization of "electronic government";

      4) executes monitoring of the Internet resources of state bodies for their safe use and response to information security incidents;

      5) executes monitoring of permanence of conditions for the functioning and functionality of the objects of informatization of "electronic government" in accordance with information security requirements;

      6) executes maintenance of a unified access gateway to the Internet and a unified electronic mail gateway of "electronic government";

      7) conducts tests of the service software product, information and communication platform of "electronic government", Internet resource and information system of state body, information system related to critically important objects of information and communication infrastructure, non-state information system integrated with the information system of state body or intended for formation of state electronic information resources, for compliance with information security requirements;

      8) executes coordination of the task for designing on creation or development of the service software product in the part of compliance with information security requirements;

      9) executes monitoring of the provision of information security of the objects of informatization of "electronic government" through the monitoring system of ensuring information security;

      10) conducts an expertise of the investment proposal, technical and economic justification of the budget investment project and technical assignment aimed at creating or developing information systems of state bodies for compliance with information security requirements;

      11) executes organizational and technical maintenance of the monitoring system of ensuring information security;

      12) executes monitoring of the fault tolerance of domain name servers serving top-level domain names of Kazakhstan;

      13) accompanies development of plans for addressing and numbering telecommunication networks of telecom operators executing activities in the territory of the Republic of Kazakhstan;

      14) executes work on the development of information security means in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies.

      2. Prices for goods (works, services) produced and (or) sold by a state monopoly subject are established by the authorized body in agreement with the antimonopoly authority.

Article 15. Single contact center

      Single contact center:

      1) executes round-the-clock advisory support of individuals and legal entities on the issues of provision of state and other services;

      2) executes round-the-clock advisory support of state bodies on the issues of information and communication services rendered to them;

      3) executes round-the-clock advisory support of individuals and legal entities, state bodies on the issues of "electronic government";

      4) sends requests to the operator, state bodies and other organizations to provide explanations on the issues that arose with the recipient of information and communication, state and other services;

      5) on a systematic basis sends information to the operator, state bodies and other organizations on the received appeals of individuals and legal entities.

Chapter 3. RIGHTS AND DUTIES OF SUBJECTS OF INFORMATIZATION

Article 16. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) transfer objects of informatization for rent, trust administration, economic management or operational management and otherwise dispose of them;

      2) establish within its competence the regime and rules of processing, protection and access to electronic information resources;

      3) establish within its competence the regime and rules of protection and access to the objects of information and communication infrastructure;

      4) determine the conditions for disposal of electronic information resources in storing, copying and distributing them;

      5) determine the conditions for owning and using the objects of information and communication infrastructure.

      2. The owner of objects of informatization is obliged to:

      1) take measures to protect objects of informatization;

      2) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other legislative acts of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of the information system has the rights to own, use and dispose of the information system entirely as a property complex.

      4. The owner of the information system has the right, unless otherwise established by the laws of the Republic of Kazakhstan or the owner of electronic information resources, to prohibit or restrict the movement and distribution of electronic information resources contained in this information system.

      5. In case if the owner of the information system is not owner of the electronic information resources located in this information system, as well as the owner of the information and communication infrastructure used for this information system, the operating procedure of the information system and access to electronic information resources and information and communication infrastructure is determined by agreement between the owners.

      6. The owner of the object of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

Article 17. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) own and use objects of informatization on terms determined by the owner;

      2) determine the conditions for access and use of electronic information resources, objects of information and communication infrastructure by third parties in accordance with subparagraph 1) of this paragraph;

      3) determine the processing conditions of electronic information resources in the information system.

      2. The owner of objects of informatization is obliged to:

      1) observe the rights and lawful interests of the owner of objects of informatization and third parties;

      2) execute measures to protect objects of informatization;

      3) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other laws of the Republic of Kazakhstan;

      4) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of objects of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

Article 18. Rights and duties of the user

      1. The user has the right to:

      1) receive, use, distribute, transmit, provide to third parties electronic information resources including public data, use the information system on the terms determined by the legislation of the Republic of Kazakhstan, the owner or holder of electronic information resources, information system;

      2) familiarize with own personal data containing in electronic information resources, information system if other is not established by laws of the Republic of Kazakhstan.

      2. The user is obliged to:

      1) observe the rights and lawful interests of the owner or holder of electronic information resources, information system and third parties;

      2) ensure protection of electronic information resources, information system in accordance with this Law and the legislation of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

Article 19. Types of services provided in electronic form

      1. By the degree of automation, the services provided in electronic form are:

      1) fully automated;

      2) partially automated.

      Fully automated is a service that excludes a paper document circulation in the process of its provision.

      Partially automated service is an electronic service that contains a sequence of paper and electronic document circulation in the process of its provision.

      2. By the way of provision the service in electronic form are:

      1) informative;

      2) interactive;

      3) transactional;

      4) composite.

      Informative service provided in electronic form is the service for providing the user with electronic information resources.

      Interactive service provided in electronic form is the service for providing the user with electronic information resources, upon his request or agreement of parties requiring mutual exchange of information. Certification through an electronic digital signature may be required to provide an interactive service.

      Transactional service provided in electronic form is a service for providing the user with electronic information resources requiring mutual exchange of information and related to the implementation of payments in electronic form. Certification through an electronic digital signature may be required to provide a transactional service.

      Composite service provided in electronic form is a set of interrelated services, for the provision of which a request of the subject of receiving the service in electronic form is enough.

      3. By the nature of compensation for provision of services, provided in electronic form, are:

      1) refundable;

      2) non-refundable.

      Refundable is a service providing the payment of compensation to the subject of providing service in electronic form.

      Non-refundable is a service provided without payment of compensation to the subject of providing service in electronic form.

Article 20. Submission of information in provision of services in electronic form

      1. In provision of services in electronic form, subjects of providing services in electronic form:

      1) receive information in electronic form on the payments of service recipients from the payment gateway of "electronic government" as reliable;

      2) transmit information in electronic form on the existence of debts of individuals and legal entities to the payment gateway of "electronic government".

      2. Banks of the second level and organizations implementing certain types of banking operations, on the request of the subject of providing services in electronic form and the subject of receiving services in electronic form, submit the following information in electronic form on:

      1) belonging of the bank account to the person specified in the request and the existence of a pledge agreement of movable and immovable property - in the provision of state services in electronic form;

      2) amount of money, date of making payment, sender of money and beneficiary - in making payments by individuals and legal entities for services provided in electronic form.

SECTION 2. INFORMATION AND COMMUNICATION INFRASTRUCTURE Chapter 4. "ELECTRONIC GOVERNMENT"

Article 21. The operation of "electronic government"

      1. The aims of the operation of "electronic government" are:

      1) ensure accessibility, quality and efficiency of the provision of state services in electronic form, as well as interaction of individuals and legal entities with state bodies;

      2) increase publicity in the activities of state bodies, ensure accessibility of information, public control and public participation in solving issues of state administration at all levels;

      3) ensure the implementation and support of administrative reform of state administration;

      4) optimization of the activities of state agencies through the use of information and communication technologies;

      5) reduction (exclusion) of the use of documents on paper medium and the requirements for their submission.

      2. In the operation of "electronic government" is provided:

      1) access of individuals and legal entities to publicly available information on the activities of state bodies;

      2) access of state bodies to information contained in information systems of state bodies;

      3) automation of activities of state bodies;

      4) use of electronic document circulation in the activities of state bodies, including in execution of state functions and provision of state services in electronic form;

      5) exclusion of duplication in the collection, accumulation and storage of state electronic information resources;

      6) information security and protection of objects of informatization of "electronic government".

Article 22. Architecture of "electronic government"

      1. Development of the architecture of "electronic government" is executed in accordance with the requirements for development of the architecture of "electronic government", as well as unified requirements in the field of information and communication technologies and ensuring information security.

      2. Requirements for development of the architecture of "electronic government" are determined in accordance with the strategic and program documents of state bodies.

Article 23. Architecture of state agency

      1. The service integrator of "electronic government" designs and develops the architecture of state bodies.

      The architecture of state body for central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan is developed in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies, requirements for development of the architecture of "electronic government", as well as on the basis of aims and objectives of state body.

      The service integrator of "electronic government" develops the architecture of state agency for local executive bodies in accordance with the standard architecture of "electronic akimat", the rules for development, maintenance of implementation and development of the architecture of state bodies and requirements for development of the architecture of "electronic government", as well as on the basis of aims and objectives of state body.

      2. Introducing amendments to the architecture of state body is executed in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies.

      3. State bodies are obliged to take measures on development of strategic indicators of the effectiveness of application of information and communication technologies, taking into account the following requirements:

      1) contribution of information and communication technologies to the implementation of aims and objectives of state body;

      2) optimization and automation of state functions and provision of state services resulting from their implementation;

      3) implementation of electronic information interaction with other subjects of informatization on the issues within the competence of state body;

      4) quality of the provision of state services in electronic form and satisfaction of the service recipients.

      4. State body provides record, description, classification and actualization of falling within its competence tasks and indicators of efficiency of activities, functions and services, documents, data and electronic information resources, information systems and information and communication infrastructure on the architectural portal of "electronic government".

      5. State bodies provide an appropriate level of automation of the subordinate organizations, which is necessary for conducting information interaction and providing state services in electronic form.

      6. State bodies, in case of receiving a request from the service integrator of "electronic government" for conducting integration of information systems of state bodies with objects of the information and communication infrastructure of "electronic government" for the purpose of establishing information exchange, provide the necessary organizational and technical conditions in terms agreed by state bodies with the authorized body.

Article 24. Standard architecture of "electronic akimat"

      1. Standard architecture of "electronic akimat" is developed in accordance with the requirements for development of the architecture of "electronic government", the rules for development, maintenance of implementation and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and ensuring information security.

      2. Local executive bodies create or develop information systems of state bodies, acquire software and (or) objects of information and communication infrastructure taking into account the requirements of the standard architecture of "electronic akimat".

Article 25. Automation of state functions and provision of state services resulting from them

      1. Automation of state functions and provision of state services resulting from them are executed in accordance with the approved architecture of state body, and in case of absence of it - in accordance with the rules for development, maintenance of implementation and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and ensuring information security.

      2. State functions by degree of automation are divided into:

      1) fully automated;

      2) partially automated.

      Fully automated is the function of state body, in which all operations of the processes composing it are executed in information systems.

      Partially automated is the function of state body, in which part of operations of the processes composing it are executed in information systems.

Article 26. Information and communication platform of "electronic government"

      1. In implementing the service model of informatization, information systems and service software products are placed on the information and communication platform of "electronic government" located on the territory of the Republic of Kazakhstan.

      2. It is not allowed to use the information and communication platform of "electronic government" for other aims, except the implementation of state functions and the provision of state services resulting from them in electronic form.

Article 27. Web portal and gateway of "electronic government"

      1. Web portal of "electronic government" is an information system that represents a "unified window" for access to all consolidated governmental information, including normative legal base, and to state and other services provided in electronic form.

      Requirements for the maintenance, conduct and information content of the electronic information resources of the web portal of "electronic government" are established by the authorized body.

      Gateway of "electronic government" is an information system designed to integrate state and non-state information systems within "electronic government".

      2. State and other services in electronic form can be provided through the web portal of "electronic government" and the subscriber device of mobile network.

      3. To receive state and other services in electronic form through the web portal of "electronic government" and the subscriber device of mobile network, subjects of receiving services in electronic form can use one-time passwords in accordance with the legislation of the Republic of Kazakhstan.

Article 28. Payment gateway of "electronic government"

      1. Payment gateway of "electronic government" is an information system that automates the processes of transferring information on making payments within provision of refundable services provided in electronic form.

      2. Payment gateway of "electronic government" provides:

      1) transfer of requests for making payments of the subject receiving the service in electronic form;

      2) informing the subject of provision the service in electronic form about the making payment for the provision of the service in electronic form.

      3. Banks of the second level and organizations executing certain types of banking operations, participating in the process of receiving and making payments within the provision of services, ensure the integration of their own information systems involved in these processes with payment gateway of "electronic government" directly or through information system the operator of interbank money transfer system.

Article 29. Unified transport environment of state agencies

      1. Unified transport environment of state bodies is the telecommunication network, which is part of the information and communication infrastructure of "electronic government" and is designed to provide the interaction of local (except local networks with Internet access), departmental and corporate telecommunication networks of state bodies, their subordinate organizations and bodies of local government, as well as other subjects of informatization determined by the authorized body, with observance of the required level of information security.

      2. State bodies, their subordinate organizations and local self-government bodies, as well as other subjects of informatization determined by the authorized body, are obliged to use exclusively a unified transport environment of state bodies for the interaction of local (except local networks with Internet access), departmental and corporate networks.

      3. In order to ensure information security, the connection of local, departmental and corporate networks connected to a unified transport environment of state bodies, to telecommunication networks of common use and other telecommunication networks, is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

Article 30. Unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government"

      1. Connection of local, departmental and corporate telecommunication networks of state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, as well as owners or holders of critically important objects of information and communication infrastructure to the Internet is executed by telecom operators through a unified access gateway to the Internet.

      2. Connection of local, departmental and corporate telecommunication networks of state bodies and local self-government bodies to the Internet is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      3. Specialized state and law enforcement bodies for operational purposes, the National Bank of the Republic of Kazakhstan can organize connection to the Internet without using a unified access gateway to the Internet.

      4. Electronic interaction of electronic mail of state body with external electronic mail is executed by redirection of electronic messages through a unified gateway of electronic mail of "electronic government".

Article 31. Architectural portal of "electronic government"

      1. Architectural portal of "electronic government" is an information system designed to execute registration, record, storage and systematization of information about the objects of informatization of "electronic government" in accordance with the classifier and further use by state bodies for monitoring, analysis and planning in the field of informatization.

      2. State body places on the architectural portal of "electronic government" information about created information system of state body and informs the service integrator of "electronic government" about introduction into trial operation and industrial operation of the information system with submission of copies of confirming documents.

      The basis for registration of the information system on the architectural portal of "electronic government" is the introduction into trial operation of the information system of state body.

      3. The service integrator of "electronic government" conducts an analysis of information systems of state bodies registered on the architectural portal of "electronic government", to use a standard solution in creating or developing information systems of state bodies.

      4. The service integrator of "electronic government" provides the state technical service with access to the architectural portal of "electronic government", including for participation in the formation and maintenance of the classifier in part of definition of requirements for information security.

      5. The owner or the holder of the object of informatization of "electronic government" ensures timely actualization of electronic copies of technical documentation and information about the objects of informatization of "electronic government" placed on the architectural portal of "electronic government" in accordance with the rules for registration of information systems of state bodies, recording of information on the objects of informatization of “electronic government” and placing electronic copies of technical documentation of the objects of informatization of "electronic government".

      6. The service integrator of "electronic government" executes organizational and technical measures on the issues of placement and actualization of information about the objects of informatization of "electronic government" on the architectural portal of "electronic government".

Chapter 5. ELECTRONIC INFORMATION RESOURCES

Article 32. Types of electronic information resources

      1. Electronic information resources on the form of ownership are state and non-state, by degree of access - publicly available and limited access.

      2. Electronic information resources created, acquired and accumulated at the expense of budgetary funds, as well as received by state bodies in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Electronic information resources created, acquired at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      4. Electronic information resources that are provided or distributed by their owner or holder without specifying access conditions or their use, as well as information that is freely accessible and independent of the form of their submission and way of distribution, are publicly available.

      5. Electronic information resources containing information access to which is limited by laws of the Republic of Kazakhstan or their owner or holder in cases established by the legislation of the Republic of Kazakhstan, are electronic information resources of limited access.

      Electronic information resources of limited access are divided into electronic information resources containing information constituting state secrets and confidential.

      6. Reference of electronic information resources to electronic information resources containing information constituting state secrets is executed in accordance with the legislation of the Republic of Kazakhstan on state secrets.

      Creation, acquisition, accumulation, formation, registration, storage, processing, destruction, use, transfer, protection of electronic information resources containing information constituting state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      7. Electronic information resources containing information that do not constitute state secrets, but access to which is limited by laws of the Republic of Kazakhstan or their owner or holder, are confidential electronic information resources

Article 33. Legal regime of electronic information resources

      1. Reasons of origin, change and termination of the right of ownership and other property rights to electronic information resources are established by the civil legislation of the Republic of Kazakhstan.

      2. Electronic information resources that are the property of a legal entity are included in its property in accordance with the civil legislation of the Republic of Kazakhstan.

      3. The owner of state electronic information resources is the state.

      State electronic information resources, which are under the authority of state bodies in accordance with their competence, are subject to recording and protection in the composition of state property.

      4. The right of ownership for software, information systems and Internet resources does not create the right of ownership for electronic information resources created with their assistance and (or) placed therein, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or by agreement between them

      5. Electronic information resources processed in the order of providing services or in the joint use of information systems and Internet resources belong to the owner or holder of electronic information resources. Belonging and using of derivative products created in this case are regulated by an agreement

      6. The owner of electronic information resources containing information constituting state secrets has the right to dispose of them in the manner determined by the legislation of the Republic of Kazakhstan on state secrets

      7. Electronic information resources that are the property of individuals and legal entities in the case of referring them to electronic information resources containing information constituting state secrets are subject to alienation in the manner established by the legislation of the Republic of Kazakhstan on state secrets.

Article 34. Formation and use of electronic information resources

      1. State electronic information resources are formed in order to provide information needs of state bodies, individuals and legal entities, execution of state functions and provision of state services in electronic form.

      2. The activity of state bodies in the formation of state electronic information resources is financed at the expense of budgetary funds, except the formation of electronic information resources by the National Bank of the Republic of Kazakhstan.

      3. The owner or holder of electronic information resources have the right to freely use and distribute them in compliance with the limits established by the laws of the Republic of Kazakhstan.

      4. The use and distribution of electronic information resources by the user are executed in the manner established by the owners or holders of electronic information resources and (or) information systems.

Article 35. Access to electronic information resources

      1. State electronic information resources of the Republic of Kazakhstan are publicly available, except electronic information resources of limited access.

      State agencies ensure the creation of publicly available state electronic information resources in Kazakh and Russian.

      2. Conditions and order of access to electronic information resources of limited access are determined by the legislation of the Republic of Kazakhstan and the owner of these resources, including by concluding agreements between owners of electronic information resources.

      3. The owner of the information system of state agency that is not the owner of state electronic information resources contained in it, provides access to these resources on the basis of an agreement concluded by the owner of electronic information resources with the owners of other state electronic information resources.

      4. Access to electronic information resources is executed by one of the following ways:

      1) by transferring a request to the owner or holder of the information system on access to electronic information resources using electronic mail and indicating the identification number or in the form of an electronic document certified by an electronic digital signature or other means established by the owner or holder of electronic information resources;

      2) by direct appeal of the user to publicly available electronic information resources, information systems.

      5. Access can not be limited to state electronic information resources containing:

      1) normative legal acts, except those containing state secrets or other secret protected by law;

      2) information on emergency situations, natural and technogenic disasters, weather, sanitary-epidemiological and other conditions necessary for vital activity and ensuring the safety of citizens, inhabited localities and production facilities;

      3) official information on the activities of state bodies;

      4) information accumulated in open information systems of state bodies, libraries, archives and other organizations.

      6. State bodies, state legal entities, legal entities with state participation in the authorized capital are obliged to provide individuals and legal entities with open data in Kazakh and Russian languages through the Internet portal of open data.

      Maintenance of functioning of the Internet portal of open data in Kazakh and Russian languages is executed by the service integrator of "electronic government".

      7. In case of distribution via the telecommunication networks of information prohibited entered into legal force by a court decision or laws of the Republic of Kazakhstan, as well as access to which was temporarily suspended by the order of the General Prosecutor of the Republic of Kazakhstan, submitted to the authorized body or his deputies to eliminate violations of the law, authorized bodies, owners or holders of Internet resources are obliged to take immediate measures to limit access to prohibited information.

Article 36. Electronic information resources containing personal data

      1. Electronic information resources containing personal data are subdivided into electronic information resources containing publicly available personal data and electronic information resources containing personal data of limited access.

      Electronic information resources containing publicly available personal data include electronic information resources containing personal data, access to which is free with the consent of the personal data subject or to which observation of requirements do not apply in accordance with the laws of the Republic of Kazakhstan.

      Electronic information resources containing personal data of limited access include electronic information resources, access to which is limited by the personal data subject or laws of the Republic of Kazakhstan.

      2. The owner or holder of electronic information resources containing personal data in transferring electronic information resources containing personal data to the owner or holder of the information system must obtain the consent of the personal data subject or his legal representative to collect and process personal data using information systems, except cases provided by the Law of the Republic of Kazakhstan "On personal data and their protection".

      3. In providing state service in electronic form, the consent of the personal data subject to collect and process personal data through information systems is provided in the form of an electronic document or other way using elements of protective actions that do not contradict the legislation of the Republic of Kazakhstan.

      The personal data subject also has the right to give consent to collect and process personal data through his subscriber's number of mobile communication registered on the web portal of "electronic government" by sending a one-time password or by sending a short text message as a response to the notification of the web portal of "electronic government".

      4. Owners or holders of information systems of state bodies are obliged to notify personal data subjects through the user's cabinet on the web portal of "electronic government" in an automatic mode about all cases of use, changes and additions of personal data within the framework of information interaction provided that personal data subjects are registered on the web portal of "electronic government".

      5. In addition to the reasons established by the Law of the Republic of Kazakhstan "On personal data and their protection", in the event of revealing obvious mistakes and inaccuracies in electronic information resources containing personal data, the state body in providing state services in order to eliminate them may execute their change and addition after receipt of request from the personal data subject or his legal representative.

      6. It is not allowed to use electronic information resources containing personal data on individuals for the purpose of causing property and (or) moral harm, limiting the execution of rights and freedoms guaranteed by the laws of the Republic of Kazakhstan.

Chapter 6. INFORMATION SYSTEMS

Article 37. Types of information systems

      1. Information systems on the form of ownership are state and non- state, by degree of access - publicly available and limited access.

      2. Information systems created or developed at the expense of budgetary funds, as well as received by state legal entities in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Information systems created or developed at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      Non-state information systems, classified as critically important objects of the information and communication infrastructure, as well as integrated with the information systems of state bodies and designed for the formation of state electronic information resources, are equated with information systems of state bodies in part of observance of requirements on ensuring information security.

      4. Information systems containing publicly available electronic information resources are publicly available.

      5. Information systems containing electronic information resources of limited access are information systems of limited access.

      6. Information systems of limited access are divided into:

      1) information systems in secure execution referred to state secrets, the protection of which is executed with the use of state encryption means and (or) other means of protecting information constituting state secrets, in compliance with the requirements of secrecy regime;

      2) confidential information systems.

      7. Creation, operation, maintenance, development, integration, termination of operation and protection of information systems in a protected execution referred to state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      Audit of information systems and attestation of information systems in a protected execution referred to state secrets, are not conducted.

Article 38. Requirements for the information system of state agency

      1. State bodies for the automation of state functions and the provision of state services resulting from them, based on the approved architecture of state body and the proposals of the expert council, create information systems aimed at implementing the functions assigned to them.

      2. Information system of state body is created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, the standards, life cycle of the information system operating in the territory of the Republic of Kazakhstan and taking into account the provision of:

      1) unified requirements in the field of information and communication technologies and ensuring information security;

      2) requirements for development of the architecture of "electronic government" and the standard architecture of "electronic akimat";

      3) approved architecture of state body;

      4) integration (if necessary) with other information systems through gateways;

      5) information interaction of the monitoring system of information security events of the information system of state body with the monitoring system for ensuring information security of state technical service;

      6) priority of free software;

      7) opportunities of repeated use of initial program codes, software products and software transferred to storage;

      8) assigning a class in accordance with the classifier;

      9) access of users with limited capabilities.

      3. The information contained in the electronic information resource, normative and technical documentation, as well as other related documents of the information system of state bodies are created and stored in Kazakh and Russian languages.

      4. The owner or the holder of the information system of state body or the person authorized by him after receiving the certificate of compliance with information security requirements provides the state technical service with access to the information system of state body for executing organizational and technical measures aimed at monitoring the permanence of functioning conditions and functionality of the objects of informatization of "electronic government" in accordance with information security requirements.

Article 39. Creation or development of the information system of state agency

      1. Information system of state agency is created or developed in the following order:

      1) development of an investment proposal for the creation or development of the information system of state body on the basis of an analysis of the object of automation in the order determined by the budget legislation of the Republic of Kazakhstan;

      2) consideration by authorized body of an investment proposal on the creation or development of the information system of state body;

      3) development of technical and economic justification for budget investments, taking into account the assigned class in accordance with the classifier;

      4) obtaining a conclusion of expertise in the field of informatization on technical and economic justification for budget investments;

      5) making decision of the head of state body on the organization of work on the creation or development of the information system of state body;

      6) submission of information about the created information system to the service integrator of "electronic government" for recording on the architectural portal of "electronic government";

      7) development of a technical task for the creation or development of the information system of state body;

      8) development of a technical specification for the acquisition of goods, works and services in the field of informatization;

      9) coordination of technical task with the authorized body for the creation or development of the information system of state body;

      10) execution of state purchases of goods, works and services in the field of informatization;

      11) conduction of trial operation of the information system of state body executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security which includes, among others:

      documentation of procedures for conduction of trial operation;

      testing for compliance with information security requirements;

      optimization and elimination of identified defects and imperfections with their subsequent correction;

      formalization of an act on completion of the trial operation of the information system.

      Period of conduction of trial operation should not be exceed one year;

      12) registration of the information system of state body on the architectural portal of "electronic government";

      13) introduction of the information system of state body in accordance with the current standards on the territory of the Republic of Kazakhstan;

      14) introduction into industrial operation of the information system of state body includes:

      conduction of attestation;

      signing of the act on introduction into industrial operation of the information system by the acceptance commission with participation of representatives of the authorized body, interested state bodies and organizations;

      15) transfer to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings for licensed software of information systems of state bodies.

      Documentation of the procedures for the creation of the information system of state body is executed at each stage of the life cycle of the information system.

      Introduction of the information system of state body into trial operation of the information system or industrial operation of the information system is executed on the basis of normative documents of the owner or holder of the information system.

      2. Development of the information system of state body is executed after the introduction of the information system into industrial operation of the information system.

      3. In the case of creation or development of the information system of state body within the framework of republican and local projects of state-private partnership in the field of informatization, subparagraphs 1), 2), 3) and 4) of paragraph 1 of this article are not applied.

      In creation or development of the information system of state body within the framework of republican and local projects of state-private partnership in the field of informatization in accordance with the legislation of the Republic of Kazakhstan on state-private partnership with the authorized body, the concept of a project of state-private partnership is agreed upon.

      4. Provision to the service integrator of "electronic government" for recording and storage of the developed software, initial program codes (if any) and a set of settings of the licensed software of information systems of state bodies is mandatory and implemented in accordance with the procedure determined by the authorized body.

      Illegal modification, divulging and (or) using of initial program codes software products and software are prohibited.

Article 40. Industrial operation of the information system of state agency

      1. Introduction into industrial operation of the information system of state body is executed in accordance with the requirements of technical documentation, provided that the trial operation of the information system is successfully completed, existence of the act with a positive result of testing for compliance with information security requirements, expertise of technical documentation and a certificate of compliance with information security requirements.

      2. In the industrial operation of the information system of state body, it is ensured:

      1) observance of unified requirements in the field of information and communication technologies and ensuring information security;

      2) preservation, protection, restoration of electronic information resources in case of failure or damage;

      3) backup copying and control over the timely actualization of electronic information resources;

      4) automated record, security and periodic archiving of information on appeals to the information system of state body;

      5) monitoring of information security events of the information system of state body and transfer of its results to the monitoring system for ensuring information security of the state technical service;

      6) maintenance of the information system;

      7) technical support of the used licensed software of the information system;

      8) reduction (exclusion) of the use of documents on paper media, as well as requirements for their submission in execution of state functions and provision of state services;

      9) warranty service by the developer of the information system, including elimination of errors and defects of the information system identified during the warranty period. Warranty service is provided for a period of not less than one year from the date of introduction into the industrial operation of the information system.

Article 41. Termination of industrial operation of the information system of state body

      1. Absence of the need for further use of information systems of state bodies entails the termination of industrial operation and the change of information about the information system on the architectural portal of "electronic government" in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      2. Decision on the absence of the need for further operation of the information system of a state body is taken by the owner or holder with notification to the owners and (or) holders of information systems with which the information system of state body is integrated, as well as the service integrator of "electronic government" about the procedure and terms of the termination of operation.

      3. Electronic information resources, technical documentation and initial program codes of copied information system of state body are subject to transfer to the archive in accordance with the legislation of the Republic of Kazakhstan.

      4. Copying and (or) utilization of technical means of copied information system of state body is executed in accordance with the requirements established by the legislation of the Republic of Kazakhstan on accounting and financial statements.

Article 42. Mandatory requirements for the means of processing, storage and backup copying of electronic information resources in information systems of state agency

      1. To ensure the reliability and security of the operation of information systems of state bodies, the technical means which are used to store, process and transfer electronic information resources must comply with the requirements of the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. The owner or holder of the information system, as well as the operator executes storage and, if necessary, ensure restoration of state electronic information resources contained in the information system and carry responsibility for the loss, modification or other failure to ensure the safety of state electronic information resources in the order established by the laws of the Republic of Kazakhstan and agreement of the parties.

      3. Ensuring the production of backup copying of state electronic information resources is mandatory for the owner of the information system or operator.

      Method of production and storage of backup copying containing state electronic information resources should ensure the safety of electronic information resources before production of the next backup copying.

      Periodicity of backup copying of state electronic information resources is established by normative and technical documentation for the information system.

Article 43. Integration of information systems

      1. Integration of information systems of state bodies is executed in accordance with the rules for integration of gateway of “electronic government”, payment gateway of “electronic government” with information systems.

      Information systems of state bodies designed for implementation of operational-search, counterintelligence activities, ensuring defense capability and national security can be integrated without connection to the gateway of “electronic government”.

      2. State bodies are obliged to ensure the integration of information systems of state bodies through the gateway of “electronic government” in terms and in the order established by the authorized body.

      3. In the case of integration of non-state information system with the information system of state body separately or simultaneously with another information system of state body, the access is provided in accordance with the rules for integration of gateway of “electronic government”, payment gateway of “electronic government” with information systems.

      Footnote. Article 43 with amendment introduced by the Law of the RK from 28.12.2016 № 36-VI (effective after two months after the day of its first official publication).

Article 44. Requirements for non-state information system that is integrated with the information system of state body

      1. Integration of non- state information system with the information system of state body is executed exclusively through gateway of "electronic government" or payment gateway of "electronic government" (for the purposes of making payments) in accordance with the rules for the integration of gateway of "electronic government", payment gateway of "electronic government" with information systems.

      Non-state information system has access to state electronic information resources exclusively in the amount specified in the agreement between the owners.

      2. Electronic information resources, interface, normative and technical documentation and other related documents of non-state information system that are integrated with the information system of state body or designed for the formation of state electronic information resources are created and stored in the Kazakh and Russian languages.

      3. Non-state information system is integrated with the information system of state body, subject to the existence of an act on the acceptance into industrial operation of information system, an act with a positive test result for compliance with information security requirements, expertise of technical documentation and a certificate of compliance with information security requirements.

Chapter 7. SERVICE MODEL OF INFORMATIZATION

Article 45. Service model of informatization

      1. Implementation of service model of informatization is executed in accordance with this Law and the legislation of the Republic of Kazakhstan on state-private partnership.

      2. Service model of informatization is regulated in accordance with the requirements for development of the architecture of "electronic government", unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization.

      3. Service model of informatization is based on the centralized provision of information and communication services to state bodies by operator on the basis of the information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services.

      4. Duties and responsibilities of operator and state bodies in the provision (reception) of information and communication services are established by the legislation of the Republic of Kazakhstan and by agreement of the parties.

Article 46. Provision of information and communication services to state bodies by operator

      1. Implementation of information and communication services provided to state bodies by operator is executed in accordance with the rules for the implementation of service model of informatization.

      2. Creation and development of information and communication services are executed at the expense of budgetary funds, as well as other sources of funding that are not prohibited by the legislation of the Republic of Kazakhstan, including through state-private partnership.

      Calculation of the cost of created and developed information and communication service through the project of state-private partnership in the field of informatization is executed on the basis of the method for calculating the cost of information and communication services and in accordance with the legislation of the Republic of Kazakhstan on state-private partnership.

      3. Operator, owners of the information and communication infrastructure, service software products do not acquire the right to use and dispose of electronic information resources of state bodies placed on the objects belonging to these individuals.

      4. Operator calculates the cost of information and communication service on the basis of the method approved by the authorized body and submits it to the authorized body for coordination.

      Description of information and communication services for state bodies and information about their costs are placed on the operator's Internet resource.

      5. Information and communication services that are included in the catalog of information and communication services are classified by types and subjects of receiving these services.

      6. In order to monitor the quality of information and communication services to state bodies and provide consulting support for the recipients of these services, the authorized body and operator involve the Unified contact center.

      7. Operator in the provision of information and communication services provides and is responsible to state agencies for the security of storing electronic information resources in the order established by the legislation of the Republic of Kazakhstan and by agreement of the parties.

      8. State body concludes a contract with the operator for provision of information and communication services in accordance with the legislation of the Republic of Kazakhstan on state procurement.

Article 47. Interaction of operator with owner of service software product and other individuals

      1. Interaction of operator and individuals who provide him with information and communication infrastructure and service software products for provision of information and communication services is regulated by the rules for the implementation of service model of informatization and the agreement between the operator and these individuals.

      2. Owner of the service software product is obliged to:

      1) transfer the service program product and technical documentation to the service software product to the operator in accordance with the agreement between them;

      2) execute finalization and development of the service software product on the operator's request;

      3) conduct training of the operator's personnel on the operation and maintenance of the service software product, as well as on the use of the information and communication service provided through this service software product.

      3. In case of early termination of the agreement on the initiative of the owner of the service software product, the operator has the right to execute operation of the service software product before replacing it with another service software product.

Chapter 8. TESTS, EXPERTISE, AUDIT, CERTIFICATION OF OBJECTS OF INFORMATIZATION

Article 48. Documentation of electronic information resources and information about information systems

      Documentation of electronic information resources and information about information systems is executed by their owner or holder in accordance with the requirements established by the legislation of the Republic of Kazakhstan on informatization, electronic document and electronic digital signature, on National archival fund and archives.

Article 49. Tests of software, program code, Internet resource, information system and information and communication platform of "electronic government", as well as expertise of technical documentation

      1. Tests of software, program code, Internet resource and information systems are conducted in order to assess their compliance with the requirements of technical documentation, normative legal acts of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan.

      Expertise of technical documentation is conducted in order to assess its compliance with the requirements of normative legal acts of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan.

      Tests of software, program code, Internet resource, information system and expertise of technical documentation are executed on the initiative of the owner or holder and are conducted by testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. Tests of the service software product, information and communication platform of "electronic government", Internet resource and information system of state agency, information system referred to critically important objects of the information and communication infrastructure, non-state information system that is integrated with the information system of state body or designed to form state electronic information resources for compliance with requirements of information security are mandatory and are conducted in accordance with this Law

Article 50. Audit of information systems

      1. At the stage of creation, introduction and operation of information systems on the initiative of the owner or holder of information systems, the audit of information systems can be conducted.

      2. Conduction of the audit of information systems is executed by individual and (or) legal entities possessing special knowledge and experience in the field of information and communication technologies, in the order determined by the authorized body.

Article 51. Attestation

      1. Attestation is conducted in mandatory order or at the initiative of the owner.

      2. Objects of attestation that are the subject of mandatory attestation are:

      1) information system of state body;

      2) non-state information system that is integrated with the information system of state body or designed to form state electronic information resources;

      3) information system referred to critically important objects of information and communication infrastructure;

      4) information and communication platform of "electronic government";

      5) Internet resource of state body.

      3. Objects of attestation that are not the subject of mandatory attestation are:

      1) non-state information system;

      2) non-state Internet resource.

      4. Industrial operation of information system of state body, information system referred to critically important objects of information and communication infrastructure, non-state information system integrated with information system of state body or designed to form state electronic information resources, Internet resource of state body and information and communication platform of "electronic government" is allowed only with existence of certificate of compliance with information security requirements.

      5. The period of attestation survey should not exceed thirty working days from the date of entry into force of the contract for conducting the attestation survey.

      In case if attested information system is territorially distributed, the period of attestation survey is no more than forty working days.

      6. Taking into account the act of attestation survey and on the basis of the protocol of the attestation commission, the authorized body takes one of the following decisions within five working days:

      1) on issuance of a certificate of compliance with information security requirements;

      2) on refusal to issue a certificate of compliance with information security requirements;

      3) on elimination of identified nonconformities by the applicant

      Decision on elimination of identified nonconformities by the applicant can be taken no more than once upon the application for conduction of attestation.

      7. Reason for refusal to issue a certificate of compliance with information security requirements are nonconformities identified in the attestation survey of nonconformities, which can not be eliminated within twenty working days from the date of receipt of the decision copy.

      8. A certificate of compliance with information security requirements is issued for the period of industrial operation of the object of attestation, except information and communication platform of "electronic government", while observing (ensuring) during the specified period the conditions of functioning and functionality of the object of attestation, hardware and software complex and information and communication technologies, providing processing of the protected information and determining the security of information.

      9. A certificate of compliance with information security requirements of the information and communication platform of "electronic government" is issued for one year.

      10. In case of changes in functioning conditions and functionality of the object of attestation, the owner or the holder of the object of attestation after the completion of the work on its development sends to the authorized body a notification on the need to conduct a re-attestation of the object with an appendix describing all the changes made in the order established by this Law.

      Responsibility for the execution of the established conditions for functioning of the object of attestation, technologies for processing the protected information and information security requirements lies with the owner or the holder of the object of attestation.

      11. The authorized body, from the day of receiving the notification within three working days, convokes an attestation commission to make a decision on the conduction of re-attestation of the object of attestation.

      12. The authorized body takes measures to revoke the certificate of compliance with information security requirements of the object of attestation in the following cases:

      1) existence of a written application of the owner or the holder of the object of attestation;

      2) nonconformities of the object of attestation with information security requirements revealed during the audit conducted in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      3) changes in functioning conditions and functionality of the information system;

      4) termination of the operation of the information system.

      13. Introduction of a new service software product, a change in the service software product does not result to revoke of the certificate of compliance with information security requirements of the information and communication platform of "electronic government".

      14. A copy of the decision to revoke the certificate of compliance with information security requirements of the object of attestation is sent to the owner or the holder of the object of attestation, who within three working days from the day a copy of the decision is received returns to the authorized body a certificate of compliance with information security requirements of the object of attestation.

      Attestation of the object of attestation after revoking of the certificate of compliance with information security requirements is executed in the order provided by this Law and the rules approved by the Government of the Republic of Kazakhstan.

      15. The owner or the holder of the object of attestation or the person authorized by him annually not later than March 1, sends to the authorized body a list of objects planned for attestation in the current year.

Article 52. Confirmation of conformity in the field of informatization

      Confirmation of conformity in the field of informatization is executed in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

Chapter 9. PROTECTION OF THE OBJECTS OF INFORMATIZATION

Article 53. Aims of protection of the objects of informatization

      1. Protection of the objects of informatization is the implementation of a set of legal, organizational and technical measures aimed at the preservation of the objects of informatization, preventing unlawful and (or) unintentional access and (or) impact on them.

      2. Protection of the objects of informatization is executed in accordance with the legislation of the Republic of Kazakhstan and current standards in the territory of the Republic of Kazakhstan in order to:

      1) ensure integrity and safety of electronic information resources;

      2) ensure regime of confidentiality of electronic information resources of limited access;

      3) implementation of the right of subjects of informatization for access to electronic information resources;

      4) prevention of unauthorized and (or) unintentional access, leakage and other actions regarding electronic information resources, as well as unauthorized and (or) unintentional impact on objects of information and communication infrastructure;

      5) prevention of violations of the functioning of objects of information and communication infrastructure and critically important objects of information and communication infrastructure.

      3. Other unauthorized and (or) unintentional actions regarding objects of informatization are:

      1) blocking electronic information resources and (or) objects of information and communication infrastructure, that is, committing actions leading to limitation or closure of access to electronic information resources and (or) objects of information and communication infrastructure;

      2) unauthorized and (or) unintentional modification of objects of informatization;

      3) unauthorized and (or) unintentional copying of electronic information resource;

      4) unauthorized and (or) unintentional destruction, loss of electronic information resources;

      5) use of the software without permission of the right holder;

      6) infringement of work of information systems and (or) software or infringement of functioning of telecommunication networks.

      4. Protection of information systems is executed according to the class assigned in accordance with the classifier.

Article 54. Organization of protection of the objects of informatization

      1. Protection of the objects of informatization is executed:

      1) regarding electronic information resources - their owners, holders and users;

      2) regarding objects of information and communication infrastructure and critically important objects of information and communication infrastructure - their owners or holders.

      2. Owners or holders of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure are obliged to take measures ensuring:

      1) prevention of unauthorized access;

      2) timely detection of facts of unauthorized access, if such unauthorized access failed to prevent;

      3) minimization of adverse consequences of violation of the order of access;

      4) prevention of unauthorized influence on the means of processing and transferring of electronic information resources;

      5) prompt restoration of electronic information resources modified or destroyed due to unauthorized access to them;

      6) prompt informing the state technical service about the incident of information security that occurred, except owners and (or) holders of electronic information resources containing information constituting state secrets;

      7) information interaction with the state technical service on the issues of monitoring the provision of information security, protection and safe operation of the objects of informatization of "electronic government";

      8) provision of access to the state technical service to the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure for conduction of organizational and technical measures aimed at implementation of monitoring of ensuring information security.

      3. Provisions of unified requirements in the field of information and communication technologies and ensuring information security related to the sphere of ensuring information security are mandatory for application by state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, owners and holders of non-state information systems integrated with information systems state bodies or designed to form state electronic information resources, as well as by owners and holders of critically important objects of information and communication infrastructure.

      4. Management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation is executed by the authorized body in accordance with the legislation of the Republic of Kazakhstan.

Article 55. Measures to protect electronic information resources, information systems and information and communication infrastructure

      1. Legal measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) requirements of the legislation of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan;

      2) responsibility for violation of the legislation of the Republic of Kazakhstan on informatization;

      3) agreements concluded by the owner or the holder of electronic information resources, information systems, information and communication infrastructure where the conditions of work, access or use of these objects, as well as liability for their violation are established.

      2. Organizational measures to protect electronic information resources, information systems and information and communication infrastructure include the establishment and provision of access regime in the territory (buildings, premises) where access to information, electronic information resources, information systems (electronic media of information); as well as limitation of access to electronic information resources, information systems and information and communication infrastructure can be executed.

      3. Technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) use of information security means, and regarding information constituting state secrets, exclusively with the use of means of protecting information constituting state secrets, developed, produced and (or) taken into operation in accordance with the legislation of the Republic of Kazakhstan;

      2) use of access control systems and registration of facts of access to electronic information resources, information systems and information and communication infrastructure.

      4. Use of technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure should not cause harm or create a threat of harm to life, health and property of individuals, as well as property of legal entities and state property.

Article 56. Protection of electronic information resources containing personal data

      Owners and holders of information systems that have received electronic information resources containing personal data are obliged to take measures to protect them in accordance with this Law and current standards in the territory of the Republic of Kazakhstan.

      This duty arises from the moment of receipt of electronic information resources containing personal data and to their destruction or depersonalization.

SECTION 3. STATE REGULATION IN THE FIELD OF INFORMATIZATION Chapter 10. EXPERTISE AND COORDINATION OF DOCUMENTS BY THE AUTHORIZED AGENCY

Article 57. Conclusion of expertise in the field of informatization on the investment proposal

      1. The investment proposal for creation or development of the information system of state body is submitted by state body to the authorized body for obtaining conclusion of the expertise in the field of informatization on the investment proposal annually until March 15.

      2. The authorized body considers the investment proposal in the field of informatization within a period of no more than twenty working days from the date of receipt.

Article 58. Conclusion of the expertise in the field of informatization for technical and economic justification or financial and economic justification for budget investments

      1. Conclusion of the expertise in the field of informatization for technical and economic justification for budget investments for creation or development of the information system of state body is issued not later than thirty working days from the date of receipt of full package of documents.

      Conclusion of the expertise in the field of informatization for financial and economic justification for budget investments in the field of informatization is issued not later than thirty working days from the date of receipt of full package of documents.

      2. Period for issuing conclusion of the expertise in the field of informatization for technical and economic justification for budget investments for creation or development of the information system of state body is extended to fifty working days in case if the information system of state body is a standard solution or includes interdepartmental or regional components.

Article 59. Coordination of technical task and task for design

      1. Coordination of technical task for creation or development of the information system of state body is executed by the authorized body within a period of not more than thirty working days from the date of receipt of the package of documents.

      In case if the information system of state body is a standard solution or includes interdepartmental or regional components, the period of approval is extended to fifty working days.

      2. Coordination of task for design for creation or development of a service software product developed by the service integrator of "electronic government" is executed by state body supervising the relevant industry (sphere) within a period of not more than thirty working days from the date of receipt of the package of documents.

Article 60. Conclusion of the authorized body on the calculation of costs for state procurement of goods, works and services in the field of informatization

      1. Calculations of costs for state procurement of goods, works and services in the field of informatization are introduced by the administrator of budget programs for consideration to the authorized body annually until March 1.

      2. Calculations of costs for state procurement of goods, works and services in the field of informatization are considered by the authorized body within a period of not more than thirty working days from the date of receipt of documents.

      3. Refusal to consider the calculation of costs for state procurement of goods, works and services in the field of informatization is executed in the following cases:

      1) nonconformities in the form and content of the calculation of costs for state procurement of goods, works and services in the field of informatization to the requirements of this Law and budget legislation of the Republic of Kazakhstan;

      2) non-submission of documents in accordance with established requirements approved by the authorized body.

      4. Administrators of budget programs place calculations of costs for state procurement of goods, works and services in the field of informatization on the architectural portal of "electronic government".

Chapter 11. DEVELOPMENT OF THE INDUSTRY OF INFORMATION AND COMMUNICATION TECHNOLOGIES

Article 61. State support for development of the industry of information and communication technologies

      1. State support for development of the industry of information and communication technologies is executed by the authorized state bodies, national institution of development in the field of information and communication technologies and other national institutions of development in order to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan.

      2. National institute of development in the field of information and communication technologies executes its activities in accordance with this Law and the legislation of the Republic of Kazakhstan on state support of industrial and innovative activities.

      3. The main principles of state support for development of the industry of information and communication technologies:

      1) development of the industry of information and communication technologies on the basis of private entrepreneurship and state-private partnership;

      2) priority of domestic legal entities in obtaining orders for development of information and communication technologies, information systems;

      3) stimulation of development of production of domestic software, software products and production of technical means;

      4) development of the market structure of information and communication technologies;

      5) support conscientious competition in the market of information and communication technologies.

      4. In accordance with the principles of state support, measures to stimulate the growth of the information and communication technologies sector, in addition to measures provided by the legislation of the Republic of Kazakhstan on investments and on state support for industrial and innovative activities, are:

      1) formation and development of the normative and methodological base of activities in the industry of information and communication technologies, including the introduction of international standards;

      2) implementation and improvement of the system of state (quasi-state) orders for development and supply of innovative software, software products with a high share of local content;

      3) extra budgetary refundable and non-refundable financing of projects in the industry of information and communication technologies aimed at increasing the share of local content;

      4) harmonization of the cost structure for informatization of state legal entities and subjects of quasi-state sector aimed at increasing the share of services in the field of informatization;

      5) creation of conditions for venture and other extra budgetary refundable financing of projects in the industry of information and communication technologies;

      6) development of proposals to stimulate development and increase the investment attractiveness of the industry of information and communication technologies.

Article 62. Personnel and scientific provision of the industry of information and communication technologies

      1. The state creates conditions for training and retraining of specialists with technical, professional, higher and postgraduate education on specialties in the industry of information and communication technologies in domestic and foreign higher educational institutions.

      2. Organizations, national companies, their affiliated individuals act as bases of practice for students in organizations of professional, technical, higher and postgraduate education on specialties in the industry of information and communication technologies.

      3. Scientific provision in the industry of information and communication technologies is executed through state support of scientific and scientific-technical activities in the industry of information and communication technologies, including through creation of conditions for the commercialization of technologies.

Chapter 12. INTERNATIONAL COOPERATION IN THE FIELD OF INFORMATIZATION

Article 63. International cooperation in the field of informatization

      1. International cooperation of the Republic of Kazakhstan in the field of informatization is executed in accordance with the international treaties and the legislation of the Republic of Kazakhstan.

      2. Subjects of informatization of the Republic of Kazakhstan have the right to join international organizations and associations, participate in international and foreign projects and programs.

      State bodies in agreement with the authorized body execute interaction in the field of informatization with state bodies of foreign states, international organizations and foreign legal entities.

      3. International cooperation in the field of informatization is executed in the form of:

      1) interaction with state bodies of foreign states, international organizations and foreign legal entities, including participation in the implementation of measures for execution of international treaties of the Republic of Kazakhstan;

      2) rendering assistance in the formation of a stable and secure system of international (interstate) information interaction with the use of information and communication technologies, including through the national gateway of the Republic of Kazakhstan;

      3) interaction with foreign legal entities to ensure the development of information and communication technologies, as well as personnel development and scientific cooperation;

      4) conduction of monitoring and forecasting the development of information and communication technologies on an ongoing basis jointly with foreign legal entities and international organizations;

      5) interaction with state bodies of foreign states and international organizations on the issues of safe use of information and communication technologies, as well as establishment of prohibition for actions that encroach on the information and communication infrastructure of the state and undermine the political, economic, social and other spheres of state activity;

      6) conduction of seminars, conferences and trainings in the Republic of Kazakhstan and abroad;

      7) establishment of prohibition for the use of information and communication technologies to the detriment of man, society and state on the basis of reciprocity;

      8) joint financing and implementation of projects in the field of information with foreign countries, international organizations, foreign legal entities, foreign public organizations and funds.

      4. International cooperation on the issues of development of information and communication technologies, institutional provision and exchange of experience and knowledge is executed with participation of state bodies of foreign states, international organizations and foreign legal entities.

Chapter 13. FINAL AND TRANSITIONAL PROVISIONS

Article 64. State control in the field of informatization

      State control in the field of informatization is executed in the form of audits and other forms.

      The audit is executed in accordance with the Entrepreneurship code of the Republic of Kazakhstan. Other forms of state control are executed in accordance with this Law.

Article 65. Responsibility for violation of the legislation of the Republic of Kazakhstan on informatization

      Violation of the legislation of the Republic of Kazakhstan on informatization entails responsibility in accordance with the laws of the Republic of Kazakhstan.

Article 66. Transitional provisions

      1. State bodies that have information systems of state bodies introduced into industrial operation before the introduction of this Law and do not have a certificate of compliance with information security requirements, conduct attestation of the objects of attestation subject to obligatory attestation within three years from the date of entering into enforce of this Law.

      In case of absence of technical documentation for the information system of state agency and (or) supporting documents on its introduction into industrial operation of the information system, state bodies conduct attestation of such information system within the period established by this paragraph with the provision of restored technical documentation defining common tasks, principles and rules for operation of the objects of informatization and documents regulating the issues of ensuring information security.

      2. Non-state information systems integrated with information systems of state bodies or designed for the formation of state electronic information resources and not having a certificate of compliance with information security requirements pass attestation within three years from the date of entering into enforce of this law.

Article 67. Procedure for the enactment of this Law

      1. This Law enters into enforce from January 1, 2016.

      2. Recognize as invalid the Law of the Republic of Kazakhstan dated January 11, 2007 "On informatization" (Gazette of the Parliament of the Republic of Kazakhstan, 2007, № 2, art. 13; 2009, № 15-16, art. 74; № 18, art. 84; 2010, № 5, art. 23; № 17-18, art. 111; 2011, № 1, art. 2; № 11, art. 102; № 15, art. 118; 2012, № 2, art. 13; № 8, art. 64; № 14, art. 95; № 15, art. 97; 2013, № 5-6, art. 30; № 7, art. 36; № 14, art. 75; 2014, № 1, art. 4; № 19-I, 19-II, art. 96; № 23, art. 143).

     
      President of
the Republic of Kazakhstan
N. NAZARBAYEV

Database status
  • Total documents 236228
    In Kazakh 118429
    In Russian 117391
    In English 408
    Support
    E-mail: support@rkao.kz
    Phone numbers: +7 7172 58 00 58, 119
    Working hours: 09:00 - 18:30
    (Astana time)
    Off days: Saturday, Sunday

    Laws of Kazakhstan: About the Project