On informatization

Law of the Republic of Kazakhstan dated 24 November 2015 № 418-V.

      Unofficial translation

      This Law regulates public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in creation, development and operation of informatization facilities, as well as with state support for the development of information and communication technologies industry.

SECTION 1. BASICS OF REGULATION OF RELATIONS IN THE FIELD OF INFORMATIZATION
Chapter 1. GENERAL PROVISIONS

1. General provisions, used in this Law

      The following basic concepts are used in this Law:

      1) automation - the process of using means of information and communication technologies to optimize the creation, search, collection, storage, processing, receipt, use, transformation, display, distribution and provision of information;

      2) informatization - organizational, socio-economic and scientific and technical process aimed at automating the activities of subjects of informatization;

      3) service model of informatization – implementation of the centralized approach in informatization of state functions and state services based on creation or development of information and communication services, and also their provision;

      3-1) project of state-private partnership on the service model of informatization – a set of sequential measures for creation or development, as well as provision of information and communication services;

      3-2) contract of state-private partnership on the service model of informatization – a service contract, determining the rights, duties and responsibilities of the parties and other conditions when creating, developing and providing information and communication services, the sides of which are state-owned partner, the operator of information and communication infrastructure of "electronic government" and the private partner, being the supplier of service software products or objects of information and communication infrastructure;

      4) objects of informatization – electronic information resources, software, Internet resource and information and communication infrastructure;

      5) owner of objects of informatization - a subject to whom the owner of objects of informatization has provided the rights to own and use objects of informatization in the limits and order determined by law or agreement;

      5-1) integration of objects of informatization -measures for organization and provision of information interaction between the objects of informatization on the basis of standard protocols of data transfer used in the Republic of Kazakhstan;

      6) classifier of objects of informatization (hereinafter - classifier) - a systemized list of categories aimed at identification and description of objects of informatization;

      6-1) development of the object of informatization – a stage of life cycle of the object of informatization, during which a set of measures for implementation of additional functional requirements, as well as modernization of the object of informatization put into industrial operation in order to optimize its functioning and (or) expansion of functionality shall be carried out;

      6-2) introduction of the object of informatization – stage of creation or development of the object of informatization, aimed at conducting a complex of actions for commissioning of the object of informatization, including preparation of the automation object and personnel, pre- commissioning, preliminary and acceptance tests;

      6-3) maintenance of the object of informatization – ensuring the use of the object of informatization, put into industrial operation in accordance with its purpose, including measures on conducting corrections, modifications and elimination of software defects, without modernization and implementation of additional functional requirements and subject to maintaining its integrity;

      6-4) creation of the object of informatization - a stage in the life cycle of informatization, during which implementation of a complex of organizational and technical measures aimed at development, trial operation, introduction of the object of informatization are carried out, as well as acquisition and (or) property rent (lease) of hardware and software complex necessary for its functioning;

      6-5) industrial operation of the object of informatization - a stage in the life cycle of the object of informatization, during which the use of an object of informatization in the normal mode is carried out in accordance with the goals, objectives and requirements set forth in technical documentation and normative-technical documentation;

      6-6) trial operation of the object of informatization - operation of the object of informatization in the pilot zone, aimed at identifying and eliminating defects of its functioning and determining compliance with the requirements of technical documentation;

      6-7) life cycle of the object of informatization - a set of stages for creation, industrial operation, development and termination of industrial operation of the object of informatization;

      7) information security in the field of informatization (hereinafter - information security) - the condition of protection of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

      8)is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      9) expert council in the field of informatization (hereinafter - expert council) - an interdepartmental commission under an authorized body, which considers issues related to the informatization of the activities of state bodies;

      10) authorized body in the field of informatization (hereinafter - authorized body) - central executive body exercising management and intersectoral coordination in the field of informatization and "electronic government";

      11) subjects of informatization - state bodies, individuals and legal entities exercising activities or entering into legal relations in the field of informatization;

      12) information system - an organizationally ordered set of information and communication technologies, maintenance personnel and technical documentation that implement certain technological activities through information interaction and specific functional tasks designed to solve;

      13) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      14) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      15) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
     
      16) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
     
      17) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      18) audit of the information system - an independent survey of the information system in order to improve the efficiency of its use;

      19) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      20) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      21) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      22) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      23) information and communication infrastructure - a set of objects of information and communication infrastructure designed to ensure the functioning of the technological environment in order to generate electronic information resources and provide access to them;


      24) critically important objects of the information and communication infrastructure - objects of the information and communication infrastructure, including the information and communication infrastructure of the "electronic government", the violation or termination of functioning which leads to an emergency situation of social and (or) technogenic nature or to significant negative consequences for defense, security, international relations, economy, certain spheres of economy, infrastructure of the Republic of Kazakhstan, or for vital activity of population residing in the respective territory;

      25) objects of information and communication infrastructure – information systems, technological platforms, hardware and software complexes, server rooms (data processing centers), telecommunications networks, as well as systems for ensuring information security and uninterrupted operation of technical means;

      26) information and communication service - a service or a set of services for property hiring (leasing) and (or) placing of computing resources, providing software, software products, service software products and technical means for use, including communication services, through which functioning of these services are provided;

      26-1) task for the design of information and communication service-a document reflecting technical, organizational and other requirements for information and communication service, as well as the marginal cost of information and communication service;

      27) catalog of information and communication services - a single directory of information and communication services provided to state bodies by the operator of the information and communication infrastructure of "electronic government";

      28) information and communication technologies - a set of methods of working with electronic information resources and methods of information interaction, implemented with the use of hardware and software complex and telecommunication network;

      29) branch of information and communication technologies - a branch of the economy connected with the design, production and sale of software, technical means, domestic electronics and its components, as well as providing information and communication services;

      29-1) monitoring of information security events – continuous monitoring of the object of informatization in order to reveal and identify information security events;

      30) an information security occasion - a state of objects of informatization, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of objects of informatization;

      30-1) authorized body in the field of information security – central executive body carrying out management and inter-sectorial coordination in the field of information security;


      30-2) national institute of development in the sphere of ensuring information security – a legal entity determined by the Government of the Republic of Kazakhstan for the development of information security sphere and electronic industry;

      30-3) operational center of information security – a legal entity or structural division of a legal entity carrying out activity on protection of electronic information resources, information systems, telecommunications networks and other objects of informatization;

      30-4) information security incident response service – a legal entity or a structural division of a legal entity providing information analysis on information security events in order to render consultative and technical assistance in eliminating the consequences of information security incidents;

      31) information security incident - separately or serially occurring failures in the operation of the information and communication infrastructure or its individual objects, which threaten their proper functioning and (or) the conditions for illegally obtaining, copying, distributing, modifying, destroying or blocking electronic information resources;

      32) means of information security - software, technical and other means designed and used to ensure the protection of information;

      33) hardware-software complex - a set of software and technical means that are jointly used to solve problems of a certain type;

      33-1) international technological park "Astana Hub" – a legal entity determined by the Government of the Republic of Kazakhstan, owning on the right of ownership or other legal grounds a single material and technical complex, which creates favorable conditions for implementation of industrial and innovative activities in the field of information and communication technologies;

      33-2) acceleration of participants of the international technological park "Astana Hub" – process of preparation and training of participants of the international technological park "Astana Hub" to implementation of their industrial and innovative projects in the field of information and communication technologies;

      34) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      35) open data - public electronic information resources, presented in a machine-readable form and designed for further use, re-publication in an unchanged form;

      36) the Internet portal of open data - a component of web portal of “electronic government” that provides centralized storage of descriptive and reference information on open data;

      37) software - a set of programs, software codes, as well as software products with technical documentation necessary for their operation;

      38) software product - an independent program or part of the software which is a product that regardless of its developers can be used for the intended purposes in accordance with the system requirements established by the technical documentation;

      39) one-time password - a password that is valid only for one session for authentication of subjects of receipt services in electronic form;

      40) domain name - a symbolic (alphanumeric) designation, formed in accordance with the rules of addressing the Internet, corresponding to a specific network address and intended for a named reference to the Internet object;

      41) free software - an open source software for which the copyright holder provides to the user the right in unlimited installation, launching and copying, as well as free using, studying, developing and distributing;

      42) a local network - part of a telecommunication network that has a closed infrastructure to the point of connection to other telecommunication networks and provides information transfer and organization of joint access to network devices in the territorially limited space of the facility (premises, building, structure and its complex);

      43) system maintenance - measures to ensure the uninterrupted functioning of the hardware and software complex and telecommunication networks;

      44) Internet - a worldwide system of integrated networks of telecommunications and computing resources for the transmission of electronic information resources;

      45) a unified gateway to Internet access - a hardware and software complex designed to protect telecommunication networks in accessing the Internet and (or) communication networks that have access to the Internet;

      46) Internet resource-information (in text, graphic, audiovisual or other form) placed on the hardware and software complex having a unique network address and (or) domain name and functioning on the Internet;

      47) national gateway of the Republic of Kazakhstan - an information system designed to provide interstate information interaction of information systems and electronic information resources of states;

      47-1) protection profile-a list of minimum requirements for the security of software and hardware that are the components of information objects;

      48) a unified platform of Internet resources of state bodies - a technological platform designed for placing of Internet resources of state agencies;

      49) architecture of the state agency - a description of the current and planned condition of the state agency, including its tasks, functions, organizational structure, electronic information resources, information and communication infrastructure and their interconnection;

      50) state technical service - republican state enterprise on the right of economic management, created by the decision of the Government of the Republic of Kazakhstan;

      51) normative and technical documentation - a set of documents that define common tasks, principles and requirements for the creation and using (operation) of objects of informatization, as well as controlling over their compliance with established requirements in the field of informatization;

      52) the user - a subject of informatization using objects of informatization for execution of specific function and (or) task;

      52-1) register of trusted software and products of electronic industry – a list of software and products of electronic industry meeting the requirements of information security, created for the purposes of national defense and state security;

      53) service software product - software product designed for the implementation of information and communication service;

      54) technical support - provide consulting, information technology and other services to support the efficiency of licensed software;

      55) technical documentation - a set of documentation for the information system, information and communication platform of "electronic government" and software product, including a service software product that includes technical task, task for design, operational and other documentation;

      56) digital literacy - the knowledge and ability of a person to use information and communication technologies in daily and professional activities;

      57) electronic information resources - information provided in electronic-digital form and contained on an electronic medium, Internet resource and (or) in the information system;

      58) "electronic akimat" - a system of information interaction of local executive bodies with state bodies, individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form that is part of "electronic government";

      59) standard architecture of "electronic akimat" – a description of standard components and requirements for the implementation of functions and services, organizational structure, information flows, information and communication infrastructure of local executive bodies, taking into account the system of administrative and territorial structure of the Republic of Kazakhstan;

      60) electronic media - a material media designed for storage of information in electronic form, as well as recording or its reproduction through technical means;

      61) subject of receiving the services in electronic form – an individual or legal entity who applied for a state or another service in electronic form;

      62) subject of rendering services in electronic form - an individual or legal entity rendering a state or another service in electronic form;

      62-1) products of electronic industry – electronic components and products made of them for various purposes;

      63) "electronic government" - a system of information interaction of state bodies among themselves and with individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form;

      64) objects of informatization of "electronic government" – state electronic information resources, software of state bodies, the Internet resource of the state body, objects of information-communication infrastructure of "electronic government", including the service software product, software and information systems of other persons, intended for formation of the state electronic information resources in the frame of implementation of state functions and rendering state services;

      65) a monitoring system of ensuring the information security for objects of informatization of “electronic government” (hereinafter - a monitoring system of ensuring the information security) - organizational and technical measures aimed at conducting monitoring of safe use of information and communication technologies, including monitoring of information security events and responding to information security incidents;

      66) information and communication infrastructure of "electronic government" - information and communication infrastructure that ensures the functioning of "electronic government";

      67) operator of the information and communication infrastructure of "electronic government" (hereinafter - operator) - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the functioning of the information and communication infrastructure of "electronic government" assigned to it;

      68) information and communication platform of “electronic government” – technological platform designed for automation of the activities of a state body, including automation of state functions and rendering state services arising from them;

      69) architecture of "electronic government" - a description of the objects of informatization of "electronic government", as well as a set of normative and technical requirements used to manage and coordinate the processes of creation and development of objects of informatization of "electronic government";

      70) the user's cabinet on the web portal of "electronic government" - a component of the web portal of "electronic government", designed for official information interaction of individuals and legal entities with state agencies on the issues of provision of services in electronic form, the issues of appeal to subjects considering the appeals of these individuals, as well as the use of personal data;

      71) service integrator of "electronic government" - a legal entity determined by the Government of the Republic of Kazakhstan, which is responsible for functions on methodological support of the development of architecture of "electronic government" and the standard architecture of "electronic akimat", as well as other functions provided by this Law;

      71-1) external gateway of "electronic government" - subsystem of the "electronic government" gateway, designed for ensuring interaction of information systems located in a single transport environment of state bodies with information systems, located outside the single transport environment of state bodies;

      72) a unified gateway of electronic mail of "electronic government" - a hardware and software complex that provides protection of electronic mail of "electronic government" in accordance with information security requirements.

      Footnote. Article 1 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

2. Legislation of the Republic of Kazakhstan on informatization

      1. Legislation of the Republic of Kazakhstan on informatization is based on the Constitution of the Republic of Kazakhstan, consists of this Law and other normative legal acts of the Republic of Kazakhstan.

      2. If an international treaty ratified by the Republic of Kazakhstan establishes other rules than those contained in this Law, the rules of the international treaty are applied.

3. Aims and principles of state regulation of public relations in the field of informatization

      1. The aims of state regulation of public relations in the field of informatization are formation and maintenance of the development of information and communication infrastructure, creation of conditions for the development of local content in the production of goods, works and services in the information and communication technologies industry for information support of the social and economic development and competitiveness of the Republic of Kazakhstan.

      2. State regulation of public relations in the field of informatization is based on the following principles:

      1) legality;

      2) observance of rights, freedoms and legal interests of individuals, as well as the rights and legal interests of legal entities;

      3) equality of rights of individuals and legal entities to participate in activities in the field of informatization and the use of its results;

      4) ensuring free access to electronic information resources containing information on the activities of state bodies (presumption of openness), and their compulsory provision, except electronic information resources access to which is restricted in accordance with the laws of the Republic of Kazakhstan;

      5) timeliness of the provision, objectivity, completeness and reliability of electronic information resources in respect of which the laws of the Republic of Kazakhstan establish the mandatory nature of their public distribution or provision by state bodies;

      6) freedom to search, form and transmit any electronic information resources, access to which is not restricted in accordance with the laws of the Republic of Kazakhstan;

      7) ensuring the security of the individual, society and state in the application of information and communication technologies;

      8) creation of conditions for development of the industry of information and communication technologies and conscientious competition;

      9) ensuring centralized management of objects of “electronic government” informatization;

      10) implementation of activities on informatization in the territory of the Republic of Kazakhstan on the basis of unified standards that ensure the reliability and manageability of informatization objects.

4. Scope of action of this Law

      1. A scope of action of this Law is public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in the creation, development, maintenance, operation of informatization objects, as well as in state support for development of the industry of information and communication technologies.

      2. The act of this Law does not apply to:

      1) content and ways of distribution of information;

      2) relations arising from the implementation of work on the creation or development of Internet resources, information systems that are not integrated with the objects of information and communication infrastructure of “electronic government”, as well as when purchasing goods, works and services in the field of informatization by the National Bank of the Republic of Kazakhstan and organizations within its structure.

Chapter 2. STATE ADMINISTRATION IN THE FIELD OF INFORMATIZATION

5. The main tasks of state administration in the field of informatization

      The main tasks of state administration in the field of informatization are:

      1) formation and development of information society;

      2) ensuring the implementation and support of administrative reform of state bodies;

      3) development of "electronic government" and "electronic akimat";

      4) increase digital literacy;

      5) ensuring participants of the educational process with conditions for access to electronic information resources of electronic learning;

      6) ensuring conditions for the development and introduction of modern information and communication technologies in production processes;

      7) assistance in the formation and development of the domestic industry of information and communication technologies;

      8) formation and implementation of a unified scientific, technical, industrial-innovative policy in the field of informatization;

      9) formation, development and protection of state electronic information resources, information systems and telecommunication networks, ensuring their interaction in a unified information space;

      10) monitoring of ensuring information security of state bodies, individuals and legal entities;

      11) prevention and prompt response to incidents of information security, including in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation;

      12) creation of conditions for attracting investments in the industry of information and communication technologies on a systemic basis;

      13) improvement of the legislation of the Republic of Kazakhstan in the field of informatization;

      14) participation in international cooperation in the field of informatization;

      15) creation of conditions for international information exchange and access to information.

6. Competence of the Government of the Republic of Kazakhstan in the field of informatization

      Government of the Republic of Kazakhstan in the field of informatization:

      1) develops the main directions of state policy in the field of informatization and organizes their implementation;

      2) defines the national institute of development in the field of information and communication technologies, service integrator of "electronic government", operator;

      3) approves unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the list of critically important objects of the information and communication infrastructure, as well as the rules and criteria for classifying objects of the information and communication infrastructure as critically important objects of the information and communication infrastructure;

      5) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      6) approves the list of personal data of individuals included in part of state electronic information resources;

      6-1) approve the national anti-crisis plan to respond to information security incidents;

      6-2) determine the international technological park "Astana Hub";

      7) executes other functions entrusted to it by the Constitution of the Republic of Kazakhstan, this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Footnote. Article 6 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

7. Competence of the authorized body

      Authorized body:

      1) provides implementation of state policy in the field of informatization;

      2) approves the composition and position on the activities of expert council;

      3) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      4) approves the rules for implementation of the service model of informatization;

      5) approves the list of Internet resources of state agencies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      6) approves the rules for formation of a list of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      7) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      8) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      9) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      10) approve the requirements for the development of the architecture of "electronic government" in coordination with the authorized body in the sphere of ensuring information security;

      11) approves the rules for classification of objects of informatization and the classifier of objects of informatization;

      12) approves the rules of information interaction of information system for monitoring the provision of state services with information systems;

      13) approve the rules for integration the objects of informatization of "electronic government";

      13-1) approve the rules of functioning and technical requirements for the external gateway of "electronic government";

      14) approves the list of information systems and electronic information resources that carry out interstate information interaction through the national gateway of the Republic of Kazakhstan;

      15) approves the rules for informational content of Internet resources of state bodies and requirements for their content;

      16) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      17) approve the rules for design, implementation, support of implementation, monitoring and development of the architecture of state bodies in coordination with the authorized body in the sphere of ensuring information security;

      18) approve the standard architecture of the "electronic akimat" in coordination with the authorized body for state planning and the authorized body in the sphere of ensuring information security;

      19) approve the rules for conducting expertise in the sphere of informatization of investment proposals, financial and economic justification of budget investments in coordination with the authorized body in the sphere of ensuring information security;

      20) approve the rules for preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government" in coordination with the authorized body in the sphere of ensuring information security;

      21) approves the instruction on drafting, presenting and reviewing the calculation of expenses for public procurement of goods, works, services in the field of informatization in agreement with the authorized agency on state planning;

      22) approve the rules for conducting audit of information systems in coordination with the authorized body in the sphere of ensuring information security;

      23) approve the calculation methodology and standards of costs for creation, development and maintenance of the objects of informatization of state bodies;

      24) approve the calculation methodology of the cost of information and communication services for state bodies in coordination with the central authorized body for budget planning and the authorized body in the sphere of ensuring information security;

      24-1) develop and approve the rules of activity of the international technological park "Astana Hub", including the procedure for provision of services and determining their cost;

      25) develop and approve the methodology for assessing the effectiveness of state bodies activity on the use of information and communication technologies;

      25-1) assess the effectiveness of state bodies activity on the use of information and communication technologies and assess the quality of state services in electronic form;

      26) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      27) approves the checklists, risk assessment criteria, semi-annual audit schedules in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      28) approves the criteria for attributing electronic information resources to open data posted by state bodies on the Internet portal of open data, as well as the procedure and format for their provision;

      29) approves the catalog of information and communication services;

      30) approve the rules for recording information about the objects of informatization of "electronic government" and placing electronic copies of technical documentation of the objects of informatization of "electronic government";

      31) approve the rules for recording and storage of the developed software, source program codes (if available), a set of settings for licensed software of the objects of informatization of "electronic government";

      32) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      33) approve the task for the design of information and communication service, developed by the service integrator of "electronic government";

      34) develops and approves normative legal acts in the field of informatization;

      35) issue an industry conclusion for the tender documentation of the state -private partnership project, a business plan for the state-private partnership project in direct negotiations on determination of a private partner, with the exception of state-private partnership projects on the service model of informatization;

      36) executes activities to improve the system of attracting investments and incentive mechanisms for the development and implementation of investment projects in the field of informatization;

      37) creates conditions for the development of information and communication technologies industry;

      38) develops proposals on improving the legislation of the Republic of Kazakhstan in the field of informatization;

      39) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      40) executes coordination of development of the architecture of state bodies;

      41) executes monitoring of implementation of the architecture of state bodies;

      41-1) coordinate projects of architecture of state bodies;

      41-2) organize support for implementation of the architectures of state bodies;

      42) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      42-1) carry out monitoring of implementation of state-private partnership projects on the service model of informatization, as well as monitoring of fulfillment of obligations during implementation of the state-private partnership project;

      43) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      44) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      45) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      46) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      47) participate in introduction into industrial operation of the objects of informatization of "electronic government";

      48) issue conclusion in the sphere of informatization on investment proposals, financial and economic justifications of budget investments;

      49) consider and issue conclusions on the calculations of expenses for public procurement of goods, works and services in the sphere of informatization submitted by the administrators of budget programs;

      50) coordinate the technical task for creation and development of the object of informatization of "electronic government";

      51) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      52) organize recording of information about the objects of informatization of "electronic government" and placement of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      53) organize recording and storage of the developed software, source program codes (if available), a set of settings for the licensed software of the objects of informatization of " electronic government";

      54) approve the procedure for determination and use of standard solutions subject to repeated use in creation and development of the objects of informatization of "electronic government";

      55) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      56) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      57) participates in works on standardization and confirmation of compliance in the field of informatization;

      58) executes international cooperation in the field of informatization;

      59) executes state control in the field of informatization;

      59-1) coordinate the activities of the international technological park "Astana Hub";

      60) approves the rules for registering and connecting the subscriber number of the subscriber provided by the mobile operator to the account of the web portal of "electronic government" for receiving state and other services in electronic form through the subscriber device of the mobile network;

      61) approves the list of state and other services in electronic form provided through the web portal of "electronic government" and the subscriber device of the mobile network;

      62) approves the rules for the classification of state services in electronic form for determining the method of authentication of a service recipient;

      63) approves the mandatory requisites of the results of rendering state and other services in electronic form received through the subscriber device of the mobile network, as well as the procedure for verifying their reliability;

      63-1) carry out coordination of the list of projects of state-private partnership on the service model of informatization formed by the service integrator;

      63-2) issue instructions upon revealing violations of the requirements of the legislation of the Republic of Kazakhstan on informatization;

      64) executes other authority provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

      Footnote. Article 7 as amended by the laws of the Republic of Kazakhstan dated 30.11.2017 No. 112-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-1. Competence of the authorized body in the sphere of ensuring information security

      Authorized body in the sphere of ensuring information security shall:

      1) ensure implementation of the state policy in the sphere of ensuring information security;

      2) develop unified requirements in the field of information and communication technologies and ensuring information security;

      3) develop a list of critically important objects of information and communication infrastructure, as well as the rules and criteria for classifying the objects of information and communication infrastructure as critically important objects of information and communication infrastructure;

      4) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      5) approve the methodology and rules for conducting tests of the objects of informatization of "electronic government" and information systems, classified as critically important objects of information and communication infrastructure, for compliance with the requirements of information security;

      5-1) approve the rules for monitoring information security events of the objects of informatization of state bodies in coordination with the Committee for national security of the Republic of Kazakhstan;

      6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      7) approve the rules for monitoring information security ensuring of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure in coordination with the national security bodies;

      8) approve the rules for monitoring implementation of the unified requirements in the field of information and communication technologies and ensuring information security;

      9) carry out monitoring of implementation of the unified requirements in the field of information and communication technologies and ensuring information security;

      10) carry out coordination of activity on the development of information security tools in terms of detection, analysis and prevention of threats to information security to ensure the sustainable functioning of information systems and telecommunications networks of state bodies;

      11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      11-1) issue an act on the results of tests for compliance with information security requirements;

      12) exercise state control in the sphere of informatization in terms of ensuring information security;

      13) direct for execution of the instruction at detection of violations of requirements of the legislation of the Republic of Kazakhstan in the sphere of ensuring information security";

      14) carry out coordination of activity on the management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of a state of emergency or martial law;

      14-1) participate in introduction into industrial operation of the objects of informatization of "electronic government";

      14-2) organize assistance to the owners, possessors and users of the objects of informatization on the issues of safe use of information and communication technologies, including prevention of illegal actions to obtain, copy, distribute, modify, destroy or block electronic information resources;

      15) develop a National anti-crisis plan to respond to information security incidents;

      16) determine the administrator and registrar of domain names, approve the rules for registration, use and distribution of domain names in the space of the Kazakhstani segment of the Internet;

      17) approve the rules for creation and ensuring functioning of a unified national backup platform for storage of electronic information resources, the frequency of backup copying of electronic information resources of critically important objects of information and communication infrastructure;

      18) approve protection profiles and methods of development of protection profiles;

      19) approve the rules for exchange of information necessary for information security between the operation centers of ensuring information security and the National coordination center for information security;

      20) approve the rules for formation and keeping the register of trusted software and products of electronic industry, as well as the criteria for inclusion of the software and products of electronic industry into the registry of trusted software and products of electronic industry;

      20-1) issue conclusions in the sphere of ensuring information security on investment proposals and financial and economic justifications of budget investments on the basis of expertises of the state technical service and coordinate technical tasks for creation and development of the object of informatization of "electronic government" on compliance with information security requirements based on the expertises of the state technical service;

      21) carry out other powers provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

      Footnote. Chapter 2 is supplemented by Article 7-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication).

Article 7-2. Information security operational center

      1. Information security operational center shall:

      1) carry out activity on detection, assessment, forecasting, localization, neutralization and prevention of threats to information security of information and communication infrastructure, objects of informatization, connected to the operational center of information security;

      2) take measures to minimize threats to information security, immediately inform the owner of the information and communication infrastructure, as well as the National coordination center for information security about the fact of an information security incident;

      3) carry out monitoring of ensuring information security of critically important objects of information and communication infrastructure, objects of informatization, which are not related to the objects of informatization of " electronic government";

      4) carry out exchange of information necessary for ensuring information security of the objects of informatization, connected to the operational center of information security, with the National coordination center for information security and other operational centers of information security;

      5) carry out collection, consolidation, analysis and storage of information about the events and incidents of information security;

      6) provide the owners of critically important objects of information and communication infrastructure with information, necessary to ensure information security of objects of information and communication infrastructure, including information about security threats, vulnerability of software, equipment and technologies, the ways of realization of information security threats, the prerequisites for occurrence of information security incidents and methods for their prevention and liquidation of consequences;

      7) ensure the safety of information of limited distribution, which became known to the operational center of information security in the framework of its activities;

      8) provide connection of systems of logging information security events to the monitoring center of the National coordination center for information security.

      2. The operational center of information security shall carry out its activity on the basis of the license for rendering services on identification of technical channels of information leakage and special technical means intended for operational-search actions.

      3. Employees of the operational center of information security shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      4. The requirement of paragraph 2 of this Article shall not apply to the second-tier banks of the Republic of Kazakhstan, in which the functions of the operational center of information security are carried out by their structural divisions.

      Footnote. Chapter 2 is supplemented by Article 7-2, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-3. Information security incident response service

      1. Information security incident response service shall:

      1) conduct analysis of information on information security events in order to eliminate the causes and conditions of information security incidents;

      2) develop recommendations aimed at countering threats to information security;

      3) inform owners of the objects of informatization about the known incidents and threats to information security.

      2. Information security incident response service shall carry out its activity on the basis of a license for provision of services to identify technical channels of information leakage and special technical means intended for operational-search actions.

      3. Employees of the information security incident response service shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      4. The requirement of paragraph 2 of this Article shall not apply to the second-tier banks of the Republic of Kazakhstan, in which the functions of information security incident response service are carried out by their structural divisions.

      Footnote. Chapter 2 is supplemented by Article 7-3, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-4. National coordination center for information security

      1. National coordination center for information security shall:

      1) assist the owners, possessors and users of the objects of informatization on the issues of safe use of information and communication technologies;

      2) ensure interaction between operational centers of information security on the issues of monitoring information security ensuring of the objects of informatization;

      3) carry out collection, analysis and generalization of information of operational centers of information security on information security incidents at the objects of information and communication infrastructure of "electronic government" and other critically important objects of information and communication infrastructure;

      4) provide technical support of information system of the National coordination center for information security;

      5) participate in the development of the procedure for exchange of information necessary for ensuring information security between the operational centers of information security and the National coordination center for information security;

      6) in cases of receiving information on information security incidents at the objects of informatization, immediately inform the national security bodies of the Republic of Kazakhstan;

      7) carry out inter-sectorial coordination on the issues of monitoring of information security ensuring, protection and safe functioning of the objects of informatization of "electronic government", the Kazakhstani segment of the Internet, as well as of critically important objects of information and communication infrastructure, response to information security incidents with joint measures to ensure information security in the manner determined by the legislation of the Republic of Kazakhstan;

      7-1) carry out monitoring of information security ensuring of the objects of informatization of "electronic government" by means of system of monitoring of information security of the National coordination center for information security;

      7-2) carry out monitoring of information security events of the objects of informatization of state bodies;

      8) create and provide functioning of the unified national backup platform of storage of electronic information resources, establish frequency of backup copying of electronic information resources of critically important objects of information and communication infrastructure in the manner determined by the authorized body in the sphere of ensuring information security;

      9) provide organizational and technical support of the information security monitoring system of the National coordination center for information security;

      10) carry out measures for identification, suppression and research of threats and incidents of information security on the objects of informatization of "electronic government" and form recommendations for their elimination or prevention;

      11) coordinate measures to ensure information security of the objects of informatization of "e-government" and critically important objects of information and communication infrastructure, as well as to respond to information security incidents.

      2. Employees of the National coordination center for information security shall be responsible for disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      Footnote. Chapter 2 is supplemented by Article 7-4, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of six months after its first official publication).

8. Expert council

      1. The expert council is chaired by the head of the authorized body and it includes officials – heads of the state bodies responsible for informatization of activities of the state body, representatives of the authorized body, service integrator of “electronic government”, the authorized body in the sphere of information security and other organizations in the sphere of informatization in coordination with the specified bodies and organizations.

      2. Expert council executes its activities on an ongoing basis.

      3. The expert council shall consider the issues in the field of informatization and develop proposals and (or) recommendations.

      The powers and procedure of the expert council activity shall be determined by the regulations on the activities of the expert council.

      Footnote. Article 8 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

9. Competence of central executive agencies and state agencies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization

      Central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure compliance with the requirements for development of the architecture of "electronic government" and the rules of development, implementation, implementation support, monitoring and development of the architecture of state bodies;

      3) create and develop the objects of informatization of " electronic government";

      4) execute filling, ensure the reliability and relevance of electronic information resources;

      5) approve the architecture of the state body and ensure its implementation and development;

      6) participate in the development of "electronic government";

      7) provide access to local executive bodies within their competence to information systems of state bodies under the authority of state body;

      8) place open data in Kazakh and Russian on the Internet portal of open data;

      9) carry out recording and updating of information about the objects of informatization of "electronic government" and electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of

      "electronic government";

      10) ensure transfer to the service integrator of "e-government" for recording and storage of the developed software, source program codes (if available), a set of settings to the licensed software of the objects of informatization of "e-government";

      11) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      12) carry out the use of standard solutions in creation and development of the objects of informatization of " e-government";

      13) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on Internet portal of open data in agreement with the authorized bodies;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) establish the requirements for the level of digital literacy of specialists in relevant fields of activity in developing and approving professional standards;

      18) execute other authority provided for by this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Competence of central executive bodies is also determined by acts of the Government of the Republic of Kazakhstan.

      Footnote. Article 9 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

10. Competence of local executive agencies in the field of informatization

      Local executive bodies:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure compliance with the requirements for development of the architecture of "electronic government", standard architecture of "electronic akimat", taking into account the activities of the local executive body and the rules for development, implementation, implementation support, monitoring and development of the architecture of state bodies;

      3) create and develop the objects of informatization of "electronic government";

      4) provide filling, ensure the reliability and relevance of electronic information resources of local executive bodies;

      5) local executive bodies of regions, the cities of republican significance, the capital city approve the architecture of the state body and ensure its implementation and development;

      6) carry out recording and updating of information on the objects of informatization of "electronic government" and electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of

      "electronic government";

      7) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;

      8) ensure transfer to the service integrator of "e-government" for recording and storage of the developed software, source program codes (if available), a set of settings to the licensed software of the objects of informatization of "e-government";

      9) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      10) carry out the use of standard solutions in creation and development of the objects of informatization of " e-government";

      11) organize public access points for individuals and legal entities to state electronic information resources and information systems of state bodies, including by allocating uninhabited premises for the organization of this access;

      12) create conditions for increasing digital literacy;

      13) place open data in Kazakh and Russian on the Internet portal of open data;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on the Internet portal of open data in agreement with authorized agency;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) execute in the interests of local state administration other authority entrusted in local executive bodies by the legislation of the Republic of Kazakhstan.

      Footnote. Article 10 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

11. National institute of development in the field of information and communication technologies

      1. National institute of development in the field of information and communication technologies is determined by the Government of the Republic of Kazakhstan with the aim of creating favorable conditions for increasing the competitiveness of the industry of information and communication technologies and stimulating industrial and innovative activities in the field of information and communication technologies.

      2. National institute of development in the field of information and communication technologies:

      1) executes implementation of measures of state support for development of the industry of information and communication technologies;

      2) provides information and analytical and advisory services in the field of information and communication technologies;

      3) carry out investments in industrial and innovative projects, venture funds in the field of information and communication technologies through participation in the charter capitals of the subjects of industrial and innovative activity, creation of legal entities, including those with foreign participation, and in other ways provided by the legislation of the Republic of Kazakhstan;

      4) cooperates with international organizations and foreign legal entities in order to attract information, educational, financial and other resources to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan;

      5) provides subject of informatization with access to information on implemented industrial-innovative projects in the field of information and communication technologies;

      6) issues expert conclusions and (or) recommendations to the authorized body and state bodies in the field of information and communication technologies at no charge;

      7) executes collection of information and analysis of effectiveness of measures of state support for development of the industry of information and communication technologies;

      8) promote the development of risk investment funds, venture funds and venture financing, as well as development of demand for technology transfer in the field of information and communication technologies;

      9) executes the analysis of development of the industry of information and communication technologies;

      10) renders assistance in the development of local content in the industry of information and communication technologies;

      11) develop documents on standardization in the field of information and communication technologies;

      12) submits proposals to the authorized body on the formation of state educational order for the training, increasing qualification and retraining of specialists in the field of information and communication technologies in the organizations of technical, professional and higher education, as well as proposals for standard educational plans and standard educational programs in the field of information and communication technologies;

      13) issues an expert conclusion for the provision of innovative grants in the field of information and communication technologies.

      Footnote. Article 11 as amended by the Law of the Republic of Kazakhstan dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 05.10.2018 No. 184-VI (shall be enforced upon expiry of six months after its first official publication).

12. Service integrator of "electronic government"

      Service integrator of "electronic government":

      1) participates in the implementation of state policy in the field of informatization and the introduction of service model of informatization;

      2) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      3) provides methodological support for development of the architecture of "electronic government";

      4) develop a standard architecture of "electronic akimat" and make proposals for its development;

      5) develops, accompanies the implementation and develops the architecture of state bodies, as well as executes necessary measures for this measure;

      6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      7) informs the operator and potential suppliers (contractors) about the needs of state bodies in goods, works, services related to the automation of state functions and state services within the implementation of the service model of informatization;

      8) develop a task for the design of information and communication services;

      9) organize creation and development of information and communication services on the service model of informatization;

      10) conduct in the sphere of informatization an expertise of the investment proposal, financial and economic justification of budget investments, as well as of the technical task for creation and development of the object of informatization of "e-government" on compliance with the requirements for development of the architecture of "electronic government", approved architecture of the state body, standard architecture of "electronic akimat" and for the presence of possibility to use standard solutions in creation and development of the object of informatization of "e-government";

      11) conduct an assessment in the state bodies of the level of readiness of processes for managing the architecture of the state body in accordance with the rules for development, implementation, support of implementation, monitoring and development of the architecture of state bodies;

      12) support an assessment of the effectiveness of activities of state bodies on the use of information and communication technologies and assessment of the quality of rendering state services in electronic form;

      13) forms and conducts the classifier;

      14) executes the management of projects on creation and development of the objects of informatization of "electronic government";

      15) provides consulting and practical assistance to state bodies in the creation and development of the objects of informatization of "electronic government";

      16) carry out recording of information about the objects of informatization of "electronic government" and storage of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      17) carry out recording and storage of the developed software, source program codes (if available), a set of settings of the licensed software of the objects of informatization of "electronic government";

      18) issue a conclusion on the possibility of using standard solutions for creation and development of the objects of informatization of "e-government";

      19) forms and conducts a catalog of information and communication services;

      20) organize integration of the objects of informatization of "electronic government" and the national gateway of the Republic of Kazakhstan;

      21) executes the management of project on development of the national gateway of the Republic of Kazakhstan;

      21-1) form a list of state-private partnership projects on the service model of informatization;

      22) makes proposals for the development of information and communication technologies to the national institute of development in the field of information and communication technologies.

      Footnote. Article 12 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

13. Operator

      Operator:

      1) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) executes system-technical service and maintenance of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government" in accordance with the list approved by the authorized body;

      3) have the right to attract the objects of information and communication infrastructure of other persons for development of information and communication infrastructure of "electronic government", and also other persons for implementation of support and system-technical maintenance of information systems of state bodies;

      4) provides information and communication services to state bodies on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services;

      5) ensures the security of storage of state electronic information resources placed on the information and communication infrastructure of "electronic government" assigned to the operator;

      6) ensures the safety of storage of state electronic information resources in the provision of information and communication services;

      7) provides prompt response to identified defects in the provision of information and communication services, as well as state services in electronic form and taking measures to eliminate them;

      8) provides at no charge basis upon the request of service integrator of "electronic government" an information and communication infrastructure for the development and testing of service software products by potential suppliers;

      9) executes integration and connection of local (except local networks with access to the Internet), departmental and corporate telecommunication networks of state bodies to the information and communication infrastructure of "electronic government";

      10) provide communication services to state bodies, their subordinate organizations, local self-government bodies, as well as other subjects of informatization, determined by the authorized body and connected to the unified transport environment of state bodies, for functioning of their electronic information resources and information systems. To provide communication services it shall have the right to attract other persons as subcontractors (co-executors) of services;

      11) executes the creation and development of the information and communication platform of "electronic government" and a unified transport environment of state bodies;

      12) executes maintenance and system-technical service of the national gateway of the Republic of Kazakhstan;

      12-1) carry out support and system-technical maintenance of the root certification center of the Republic of Kazakhstan, certification center of state bodies of the Republic of Kazakhstan, national certification center of the Republic of Kazakhstan and a trusted third party of the Republic of Kazakhstan;

      13) executes the information content of the web portal of "electronic government".

      Footnote. Article 13 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 13-1. International technological park "Astana Hub"

      1. International technological park “Astana Hub” shall carry out its activity in accordance with the legislation of the Republic of Kazakhstan.

      2. The functions of the international technological park "Astana Hub" shall include:

      1) rendering acceleration services, technological business incubation to the participants of the international technological park "Astana Hub";

      2) provision of services for holding marketing and other events for the participants of the international technological park "Astana Hub";

      3) rendering services for consulting, information, analytical, educational activities to stimulate the development of participants of the international technological park "Astana Hub";

      4) cooperation with international organizations, foreign partners in order to attract information, educational and financial resources to stimulate the development of the participants of the international technological park "Astana Hub", study of international experience and exchange of knowledge;

      5) search of potential investors for implementation of industrial and innovative projects in the field of information and communication technologies of the participants of the international technological park "Astana Hub";

      6) sending invitations, petitions for getting visas by the foreigners and stateless persons to study under the programs of the international technological park "Astana Hub";

      7) attracting non-residents and residents of the Republic of Kazakhstan to participate in the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";

      8) registration of participants of the international technological park "Astana Hub" and issuance of relevant supporting documents in accordance with the rules of activity of the international technological park "Astana Hub";

      9) provision of housing and creation of living conditions for the persons undergoing acceleration in the international technological park "Astana Hub", in accordance with the rules of activity of the international technological park "Astana Hub".

      3. International technological park “Astana Hub” has its own budget formed from:

      1) voluntary property contributions and donations;

      2) revenues (incomes) from the sale of goods, works and services in cases, established by the legislation of the Republic of Kazakhstan;

      3) fees and payments made to the international technological park "Astana Hub" by the participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";

      4) other sources, not prohibited by the laws of the Republic of Kazakhstan.

      4. International technological park "Astana Hub" shall have the right to receive a state task in accordance with the budget legislation of the Republic of Kazakhstan to perform its functions determined by paragraph 2 of this Article, except for the functions of financing industrial and innovative projects in the field of information and communication technologies of the participants of the international technological park" Astana Hub", creation of investment funds or equity participation in investment funds, as well as development of the international technological park "Astana hub", as determined by paragraph 12 of this Article.

      5. International technological park “Astana Hub” uses the property formed in accordance with paragraph 3 of this Article to ensure the activity, functioning and development of the international technological park “Astana Hub”.

      6. Participants of the international technological park "Astana Hub " are legal entities included in the list of participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub".

      The requirements for the participants of the international technological park "Astana Hub" shall be established by the rules of activity of the international technological park "Astana Hub".

      The participant of the international technological park "Astana Hub "from January 1, 2024 must be at the place of registration of the international technological park "Astana Hub".

      7. Foreigners and stateless persons arriving on the territory of the Republic of Kazakhstan to carry out activities in the international technological park "Astana Hub" shall receive a visa to enter at the foreign institutions of the Republic of Kazakhstan or upon arrival at international airports of the Republic of Kazakhstan in coordination with the national security agency of the Republic of Kazakhstan.

      8. Foreigners and stateless persons who are the employees of the participants of the international technological park "Astana Hub" or employees of the international technological park "Astana Hub", and their family members (spouses) and their children under the age of eighteen) shall receive a visa for entry valid for up to five years.

      9. Extension of the validity period of visas to the persons, specified in paragraphs 7 and 8 of this Article, at the request of the international technological park "Astana Hub" may be carried out without leaving the Republic of Kazakhstan in accordance with the legislation of the Republic of Kazakhstan.

      10. International technological park "Astana Hub" and its participants shall be obliged to have and store documents confirming their qualification for each involved employee, and attracted foreigners and persons without citizenship shall be obliged to present them to the international technological park "Astana Hub" or its participants.

      11. International technological park "Astana Hub" shall keep a record of foreign labor attracted by it and its participants. Information on the attracted foreigners and stateless persons by the international technological park "Astana Hub" shall be submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan. The composition of information submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan, the frequency and order of their provision shall be determined by the authorized body in the sphere of informatization in coordination with the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan.

      12. International technological park "Astana Hub" shall perform other functions stipulated by the legislation of the Republic of Kazakhstan, and also carry out financing of industrial-innovative projects in the field of information and communication technologies of participants of the international technological park "Astana Hub" and create investment funds or take equity participation in investment funds.

      Footnote. Chapter 2 is supplemented by Article 13-1, in accordance with the Law of the Republic of Kazakhstan dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 26.12.2018 No. 203-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

14. State technical service

      1. State technical service executes the following types of activities in the field of informatization referred to state monopoly:

      1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      2) executes monitoring of the provision of protection for the objects of informatization of "electronic government";

      3) executes monitoring of the provision of secure operation of the objects of informatization of "electronic government";

      4) executes monitoring of the Internet resources of state bodies for their safe use and response to information security incidents;

      5) executes monitoring of permanence of conditions for the functioning and functionality of the objects of informatization of "electronic government" in accordance with information security requirements;

      6) carry out support of the single gateway of access to the Internet and the single gateway of e-mail of the "electronic government";

      7) conduct tests of the objects of informatization of "electronic government" for compliance with the requirements of information security;

      8) carry out coordination of the task on design of information and communication service for compliance with the requirements of information security;

      9) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      10) carry out expertise of the investment proposal and financial and economic justification of budget investments and technical task for creation and development of the object of informatization of "electronic government" for compliance with information security requirements;

      11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      12) executes monitoring of the fault tolerance of domain name servers serving top-level domain names of Kazakhstan;

      13) accompanies development of plans for addressing and numbering telecommunication networks of telecom operators executing activities in the territory of the Republic of Kazakhstan;

      13-1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      14) executes work on the development of information security means in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies.

      15) implement the tasks and functions of the National coordination center for information security.

      2. Prices for goods (works, services) produced and (or) sold by the subject of the state monopoly shall be established by the national security Committee of the Republic of Kazakhstan in coordination with the antimonopoly body.

      Footnote. Article 14 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 14-1. National institute for development in the sphere of ensuring information security

      National institute for development in the sphere of ensuring information security shall:

      1) participate in implementation of the state policy in the sphere of ensuring information security;

      2) develop documents on standardization in the sphere of ensuring information security;

      3) carry out scientific and technical activities in the sphere of ensuring information security;

      4) carry out scientific and technical expertise of projects in the sphere of ensuring information security;

      5) provide training, retraining and advanced training in the sphere of ensuring information security.

      Footnote. Chapter 2 is supplemented by Article 14-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

15. Single contact center

      Single contact center:

      1) executes round-the-clock advisory support of individuals and legal entities on the issues of provision of state and other services;

      2) executes round-the-clock advisory support of state bodies on the issues of information and communication services rendered to them;

      3) executes round-the-clock advisory support of individuals and legal entities, state bodies on the issues of "electronic government";

      4) sends requests to the operator, state bodies and other organizations to provide explanations on the issues that arose with the recipient of information and communication, state and other services;

      5) on a systematic basis sends information to the operator, state bodies and other organizations on the received appeals of individuals and legal entities.

Chapter 3. RIGHTS AND DUTIES OF SUBJECTS OF INFORMATIZATION

16. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) transfer objects of informatization for rent, trust administration, economic management or operational management and otherwise dispose of them;

      2) establish within its competence the regime and rules of processing, protection and access to electronic information resources;

      3) establish within its competence the regime and rules of protection and access to the objects of information and communication infrastructure;

      4) determine the conditions for disposal of electronic information resources in storing, copying and distributing them;

      5) determine the conditions for owning and using the objects of information and communication infrastructure.

      2. The owner of objects of informatization is obliged to:

      1) take measures to protect objects of informatization;

      2) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other legislative acts of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of the information system has the rights to own, use and dispose of the information system entirely as a property complex.

      4. The owner of the information system has the right, unless otherwise established by the laws of the Republic of Kazakhstan or the owner of electronic information resources, to prohibit or restrict the movement and distribution of electronic information resources contained in this information system.

      5. In case if the owner of the information system is not owner of the electronic information resources located in this information system, as well as the owner of the information and communication infrastructure used for this information system, the operating procedure of the information system and access to electronic information resources and information and communication infrastructure is determined by agreement between the owners.

      6. The owner of the object of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

17. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) own and use objects of informatization on terms determined by the owner;

      2) determine the conditions for access and use of electronic information resources, objects of information and communication infrastructure by third parties in accordance with subparagraph 1) of this paragraph;

      3) determine the processing conditions of electronic information resources in the information system.

      2. The owner of objects of informatization is obliged to:

      1) observe the rights and lawful interests of the owner of objects of informatization and third parties;

      2) execute measures to protect objects of informatization;

      3) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other laws of the Republic of Kazakhstan;

      4) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      2-1. The owner of critically important objects of information and communication infrastructure shall also be obliged to:

      1) carry out monitoring of ensuring information security of the objects of informatization in the manner determined by the authorized body in the sphere of ensuring information security;

      2) ensure connection of systems for monitoring of ensuring information security to the technical means of the systems for monitoring of ensuring information security of the National coordination center for information security.

      At the same time connection of systems for monitoring of ensuring information security shall be carried out by own division or purchase of services of the third parties in accordance with the civil legislation of the Republic of Kazakhstan;

      3) notify the National coordination center for information security about the incidents of information security in the manner and terms determined by the rules of conducting monitoring of ensuring information security of the objects of informatization of “e-government” and critically important objects of information and communication infrastructure, unless otherwise established by legislative acts of the Republic of Kazakhstan;

      4) carry out transfer of backup copies of electronic information resources to the unified platform of backup storage of electronic information resources in the manner and terms determined by the authorized body in the sphere of ensuring information security, unless otherwise established by legislative acts of the Republic of Kazakhstan.

      Access to the copy of the electronic information resource stored on the unified platform of backup storage of electronic information resources, except for the owner of the electronic information resource shall be prohibited.

      3. The owner of objects of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

      Footnote. Article 17 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

18. Rights and duties of the user

      1. The user has the right to:

      1) receive, use, distribute, transmit, provide to third parties electronic information resources including public data, use the information system on the terms determined by the legislation of the Republic of Kazakhstan, the owner or holder of electronic information resources, information system;

      2) familiarize with own personal data containing in electronic information resources, information system if other is not established by laws of the Republic of Kazakhstan.

      2. The user is obliged to:

      1) observe the rights and lawful interests of the owner or holder of electronic information resources, information system and third parties;

      2) ensure protection of electronic information resources, information system in accordance with this Law and the legislation of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

19. Types of services provided in electronic form

      1. By the degree of automation, the services provided in electronic form are:

      1) fully automated;

      2) partially automated.

      Fully automated is a service that excludes a paper document circulation in the process of its provision.

      Partially automated service is an electronic service that contains a sequence of paper and electronic document circulation in the process of its provision.

      2. By the way of provision the service in electronic form are:

      1) informative;

      2) interactive;

      3) transactional;

      4) composite.

      Informative service provided in electronic form is the service for providing the user with electronic information resources.

      Interactive service provided in electronic form is the service for providing the user with electronic information resources, upon his request or agreement of parties requiring mutual exchange of information. Certification through an electronic digital signature may be required to provide an interactive service.

      Transactional service provided in electronic form is a service for providing the user with electronic information resources requiring mutual exchange of information and related to the implementation of payments in electronic form. Certification through an electronic digital signature may be required to provide a transactional service.

      Composite service provided in electronic form is a set of interrelated services, for the provision of which a request of the subject of receiving the service in electronic form is enough.

      3. By the nature of compensation for provision of services, provided in electronic form, are:

      1) refundable;

      2) non-refundable.

      Refundable is a service providing the payment of compensation to the subject of providing service in electronic form.

      Non-refundable is a service provided without payment of compensation to the subject of providing service in electronic form.

20. Submission of information in provision of services in electronic form

      1. In provision of services in electronic form, subjects of providing services in electronic form:

      1) receive information in electronic form on the payments of service recipients from the payment gateway of "electronic government" as reliable;

      2) transmit information in electronic form on the existence of debts of individuals and legal entities to the payment gateway of "electronic government".

      2. Banks of the second level and organizations implementing certain types of banking operations, on the request of the subject of providing services in electronic form and the subject of receiving services in electronic form, submit the following information in electronic form on:

      1) belonging of the bank account to the person specified in the request and the existence of a pledge agreement of movable and immovable property - in the provision of state services in electronic form;

      2) amount of money, date of making payment, sender of money and beneficiary - in making payments by individuals and legal entities for services provided in electronic form.

SECTION 2. INFORMATION AND COMMUNICATION INFRASTRUCTURE
Chapter 4. "ELECTRONIC GOVERNMENT"

21. The operation of "electronic government"

      1. The aims of the operation of "electronic government" are:

      1) ensure accessibility, quality and efficiency of the provision of state services in electronic form, as well as interaction of individuals and legal entities with state bodies;

      2) increase publicity in the activities of state bodies, ensure accessibility of information, public control and public participation in solving issues of state administration at all levels;

      3) ensure the implementation and support of administrative reform of state administration;

      4) optimization of the activities of state agencies through the use of information and communication technologies;

      5) reduction (exclusion) of the use of documents on paper medium and the requirements for their submission.

      2. In the operation of "electronic government" is provided:

      1) access of individuals and legal entities to publicly available information on the activities of state bodies;

      2) access of state bodies to information contained in information systems of state bodies;

      3) automation of activities of state bodies;

      4) use of electronic document circulation in the activities of state bodies, including in execution of state functions and provision of state services in electronic form;

      5) exclusion of duplication in the collection, accumulation and storage of state electronic information resources;

      6) information security and protection of objects of informatization of "electronic government".

22. Architecture of "electronic government"

      1. Development of the architecture of "electronic government" is executed in accordance with the requirements for development of the architecture of "electronic government", as well as unified requirements in the field of information and communication technologies and ensuring information security.

      2. Requirements for development of the architecture of "electronic government" are determined in accordance with the strategic and program documents of state bodies.

23. Architecture of state agency

      1. Service integrator of "electronic government" shall design and develop the architecture of the state bodies.

      The architecture of the state body for central executive bodies and state bodies, directly subordinate and accountable to the President of the Republic of Kazakhstan shall be designed in accordance with the rules of development, implementation, implementation support, monitoring and development of the architecture of state bodies, the requirements for the development of the architecture of "electronic government", as well as based on the goals and objectives of the state body.

      Service integrator of “electronic government” shall design the architecture of the state body for local executive bodies in compliance with standard architecture of "electronic akimat", the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies and requirements for the development of the architecture of "electronic government", as well as based on the goals and objectives of the state body.

      1-1. State bodies in the course of design, implementation support and development of the architecture of the state body shall create a working group and necessary organizational and technical conditions for the service integrator.

      The state body shall provide public discussion of the architecture project of the state body regarding the plan of its implementation on the architectural portal of "electronic government" in accordance with the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies.

      2. Introduction of changes in the architecture of the state body shall be carried out in accordance with the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies.

      3. State bodies are obliged to take measures on development of strategic indicators of the effectiveness of application of information and communication technologies, taking into account the following requirements:

      1) contribution of information and communication technologies to the implementation of aims and objectives of state body;

      2) optimization and automation of state functions and provision of state services resulting from their implementation;

      3) implementation of electronic information interaction with other subjects of informatization on the issues within the competence of state body;

      4) quality of the provision of state services in electronic form and satisfaction of the service recipients.

      4. State body provides record, description, classification and actualization of falling within its competence tasks and indicators of efficiency of activities, functions and services, documents, data and electronic information resources, information systems and information and communication infrastructure on the architectural portal of "electronic government".

      5. State bodies provide an appropriate level of automation of the subordinate organizations, which is necessary for conducting information interaction and providing state services in electronic form.

      6. The state bodies shall provide the necessary organizational and technical conditions within the terms agreed by the state bodies with the authorized body in case of receiving a request from the owner or the possessor of the object of informatization for integration with the objects of informatization of "electronic government" in order to establish information exchange.

      Footnote. Article 23 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

24. Standard architecture of "electronic akimat"

      1. The standard architecture of "electronic akimat" shall be developed in accordance with the requirements for development of the architecture of "electronic government", the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and information security.

      2. Local executive bodies create or develop information systems of state bodies, acquire software and (or) objects of information and communication infrastructure taking into account the requirements of the standard architecture of "electronic akimat".

      Footnote. Article 24 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

25. Automation of state functions and provision of state services resulting from them

      1. Automation of activities of state body, including state functions and rendering state services arising from them, shall be carried out by creating and development of the objects of informatization of "electronic government" or by purchase of the objects of informatization of "electronic government" or information and communications services in accordance with the approved architecture of the state body, and in case of its absence – on the basis of the decision of the state body about the need of automation, agreed with the authorized body.

      State bodies shall provide public discussion of the planned automation of activities in order to attract potential suppliers, to clarify the technical, economic, operational and other characteristics of the object of informatization of "electronic government".

      2. State functions by degree of automation are divided into:

      1) fully automated;

      2) partially automated.

      Fully automated shall be the function of the state body, in which all operations of the processes that make up it are performed in the objects of informatization of "electronic government".

      Partially automated shall be the function of the state body, in which part of operations of the processes that make up it is performed in the objects of informatization of "electronic government".

      Footnote. Article 25 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

26. Information and communication platform of "electronic government"

      1. Automation of activities of the state body, including state functions and rendering state services arising from them, shall be carried out taking into account ensuring the priority of placement of information systems and service software in accordance with the requirements for development of the architecture of "electronic government" on information-communication platform of "electronic government" on the territory of the Republic of Kazakhstan.

      2. It is not allowed to use the information and communication platform of "electronic government" for other aims, except the implementation of state functions and the provision of state services resulting from them in electronic form.

      3. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
      Footnote. Article 26 as amended by the laws of the Republic of Kazakhstan dated 12.28.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication); dated March 18, 2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication).

27. Web portal and gateway of "electronic government"

      1. Web portal of "electronic government" is an information system that represents a "unified window" for access to all consolidated governmental information, including normative legal base, and to state and other services provided in electronic form.

      Requirements for the maintenance, conduct and information content of the electronic information resources of the web portal of "electronic government" are established by the authorized body.

      The gateway of "electronic government" shall be an information system designed to integrate the objects of informatization of "electronic government" with other objects of informatization.

      2. State and other services in electronic form can be provided through the web portal of "electronic government" and the subscriber device of mobile network.

      3. To receive state and other services in electronic form through the web portal of "electronic government" and the subscriber device of mobile network, subjects of receiving services in electronic form can use one-time passwords in accordance with the legislation of the Republic of Kazakhstan.

      Footnote. Article 27 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

28. Payment gateway of "electronic government"

      1. Payment gateway of "electronic government" is an information system that automates the processes of transferring information on making payments within provision of refundable services provided in electronic form.

      2. Payment gateway of "electronic government" provides:

      1) transfer of requests for making payments of the subject receiving the service in electronic form;

      2) informing the subject of provision the service in electronic form about the making payment for the provision of the service in electronic form.

      3. Banks of the second level and organizations executing certain types of banking operations, participating in the process of receiving and making payments within the provision of services, ensure the integration of their own information systems involved in these processes with payment gateway of "electronic government" directly or through information system the operator of interbank money transfer system.

29. Unified transport environment of state agencies

      1. Unified transport environment of state bodies is the telecommunication network, which is part of the information and communication infrastructure of "electronic government" and is designed to provide the interaction of local (except local networks with Internet access), departmental and corporate telecommunication networks of state bodies, their subordinate organizations and bodies of local government, as well as other subjects of informatization determined by the authorized body, with observance of the required level of information security.

      2. State bodies, their subordinate organizations and local self-government bodies, as well as other subjects of informatization determined by the authorized body, are obliged to use exclusively a unified transport environment of state bodies for the interaction of local (except local networks with Internet access), departmental and corporate networks.

      3. In order to ensure information security, the connection of local, departmental and corporate networks connected to a unified transport environment of state bodies, to telecommunication networks of common use and other telecommunication networks, is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

30. Unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government"

      1. Connection of local, departmental and corporate telecommunication networks of state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, as well as owners or holders of critically important objects of information and communication infrastructure to the Internet is executed by telecom operators through a unified access gateway to the Internet.

      1-1. Connection and transmission of traffic of telecom operators through a unified gateway to the Internet shall be carried out on a contractual basis.

      2. Connection of local, departmental and corporate telecommunication networks of state bodies and local self-government bodies to the Internet is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      3. Specialized state and law enforcement bodies for operational purposes, the National Bank of the Republic of Kazakhstan can organize connection to the Internet without using a unified access gateway to the Internet.

      4. Electronic interaction of electronic mail of state body with external electronic mail is executed by redirection of electronic messages through a unified gateway of electronic mail of "electronic government".

      Footnote. Article 30 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

31. Architectural portal of "electronic government"

      1. Architectural portal "e-government" shall be an information system designed for carrying out recording, storage and systematization of information about the objects of informatization of "e-government" in accordance with the classifier and further use by state bodies for monitoring, analysis and planning in the sphere of informatization.

      2. State bodies shall place on the architectural portal of "electronic government" information about the objects of informatization of "electronic government" and copies of technical documentation to them in accordance with the rules of accounting information about the objects of informatization of "electronic government" and placement of electronic copies of technical documentation of the objects of informatization of "e-government".

      Presentation of information about the created (developed) or purchased object of informatization of "electronic government" to the service integrator of "electronic government" and their actualization shall be compulsory and carried out at each stage of the life cycle of the object of informatization of "electronic government".

      3. Service integrator of "electronic government" shall conduct analysis of information about the objects of informatization of "electronic government", placed on the architectural portal of "electronic government", to use a standard solution for creation and development of the objects of informatization of "electronic government".

      4. The service integrator of "electronic government" provides the state technical service with access to the architectural portal of "electronic government", including for participation in the formation and maintenance of the classifier in part of definition of requirements for information security.

      5. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      6. The service integrator of "electronic government" executes organizational and technical measures on the issues of placement and actualization of information about the objects of informatization of "electronic government" on the architectural portal of "electronic government".

      Footnote. Article 31 as amended by the Law of the Republic of Kazakhstan dated March 18, 2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication).

Chapter 5. ELECTRONIC INFORMATION RESOURCES

32. Types of electronic information resources

      1. Electronic information resources on the form of ownership are state and non-state, by degree of access - publicly available and limited access.

      2. Electronic information resources created, acquired and accumulated at the expense of budgetary funds, as well as received by state bodies in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Electronic information resources created, acquired at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      4. Electronic information resources that are provided or distributed by their owner or holder without specifying access conditions or their use, as well as information that is freely accessible and independent of the form of their submission and way of distribution, are publicly available.

      5. Electronic information resources containing information access to which is limited by laws of the Republic of Kazakhstan or their owner or holder in cases established by the legislation of the Republic of Kazakhstan, are electronic information resources of limited access.

      Electronic information resources of limited access are divided into electronic information resources containing information constituting state secrets and confidential.

      6. Reference of electronic information resources to electronic information resources containing information constituting state secrets is executed in accordance with the legislation of the Republic of Kazakhstan on state secrets.

      Creation, acquisition, accumulation, formation, registration, storage, processing, destruction, use, transfer, protection of electronic information resources containing information constituting state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      7. Electronic information resources containing information that do not constitute state secrets, but access to which is limited by laws of the Republic of Kazakhstan or their owner or holder, are confidential electronic information resources

33. Legal regime of electronic information resources

      1. Reasons of origin, change and termination of the right of ownership and other property rights to electronic information resources are established by the civil legislation of the Republic of Kazakhstan.

      2. Electronic information resources that are the property of a legal entity are included in its property in accordance with the civil legislation of the Republic of Kazakhstan.

      3. The owner of state electronic information resources is the state.

      State electronic information resources, which are under the authority of state bodies in accordance with their competence, are subject to recording and protection in the composition of state property.

      4. The right of ownership for software, information systems and Internet resources does not create the right of ownership for electronic information resources created with their assistance and (or) placed therein, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or by agreement between them

      5. Electronic information resources processed in the order of providing services or in the joint use of information systems and Internet resources belong to the owner or holder of electronic information resources. Belonging and using of derivative products created in this case are regulated by an agreement

      6. The owner of electronic information resources containing information constituting state secrets has the right to dispose of them in the manner determined by the legislation of the Republic of Kazakhstan on state secrets

      7. Electronic information resources that are the property of individuals and legal entities in the case of referring them to electronic information resources containing information constituting state secrets are subject to alienation in the manner established by the legislation of the Republic of Kazakhstan on state secrets.

34. Formation and use of electronic information resources

      1. State electronic information resources are formed in order to provide information needs of state bodies, individuals and legal entities, execution of state functions and provision of state services in electronic form.

      2. The activity of state bodies in the formation of state electronic information resources is financed at the expense of budgetary funds, except the formation of electronic information resources by the National Bank of the Republic of Kazakhstan.

      3. The owner or holder of electronic information resources have the right to freely use and distribute them in compliance with the limits established by the laws of the Republic of Kazakhstan.

      4. The use and distribution of electronic information resources by the user are executed in the manner established by the owners or holders of electronic information resources and (or) information systems.

35. Access to electronic information resources

      1. State electronic information resources of the Republic of Kazakhstan are publicly available, except electronic information resources of limited access.

      State agencies ensure the creation of publicly available state electronic information resources in Kazakh and Russian.

      2. Conditions and order of access to electronic information resources of limited access are determined by the legislation of the Republic of Kazakhstan and the owner of these resources, including by concluding agreements between owners of electronic information resources.

      3. The owner of the information system of state agency that is not the owner of state electronic information resources contained in it, provides access to these resources on the basis of an agreement concluded by the owner of electronic information resources with the owners of other state electronic information resources.

      4. Access to electronic information resources is executed by one of the following ways:

      1) by transferring a request to the owner or holder of the information system on access to electronic information resources using electronic mail and indicating the identification number or in the form of an electronic document certified by an electronic digital signature or other means established by the owner or holder of electronic information resources;

      2) by direct appeal of the user to publicly available electronic information resources, information systems.

      5. Access can not be limited to state electronic information resources containing:

      1) normative legal acts, except those containing state secrets or other secret protected by law;

      2) information on emergency situations, natural and technogenic disasters, weather, sanitary-epidemiological and other conditions necessary for vital activity and ensuring the safety of citizens, inhabited localities and production facilities;

      3) official information on the activities of state bodies;

      4) information accumulated in open information systems of state bodies, libraries, archives and other organizations.

      6. State bodies, state legal entities, legal entities with state participation in the authorized capital are obliged to provide individuals and legal entities with open data in Kazakh and Russian languages through the Internet portal of open data.

      Maintenance of functioning of the Internet portal of open data in Kazakh and Russian languages is executed by the service integrator of "electronic government".

      7. In case of distribution via the telecommunication networks of information prohibited entered into legal force by a court decision or laws of the Republic of Kazakhstan, as well as access to which was temporarily suspended by the order of the General Prosecutor of the Republic of Kazakhstan, submitted to the authorized body or his deputies to eliminate violations of the law, authorized bodies, owners or holders of Internet resources are obliged to take immediate measures to limit access to prohibited information.

36. Electronic information resources containing personal data

      1. Electronic information resources containing personal data are subdivided into electronic information resources containing publicly available personal data and electronic information resources containing personal data of limited access.

      Electronic information resources containing publicly available personal data include electronic information resources containing personal data, access to which is free with the consent of the personal data subject or to which observation of requirements do not apply in accordance with the laws of the Republic of Kazakhstan.

      Electronic information resources containing personal data of limited access include electronic information resources, access to which is limited by the personal data subject or laws of the Republic of Kazakhstan.

      2. The owner or holder of electronic information resources containing personal data in transferring electronic information resources containing personal data to the owner or holder of the information system must obtain the consent of the personal data subject or his legal representative to collect and process personal data using information systems, except cases provided by the Law of the Republic of Kazakhstan "On personal data and their protection".

      3. In providing state service in electronic form, the consent of the personal data subject to collect and process personal data through information systems is provided in the form of an electronic document or other way using elements of protective actions that do not contradict the legislation of the Republic of Kazakhstan.

      The personal data subject also has the right to give consent to collect and process personal data through his subscriber's number of mobile communication registered on the web portal of "electronic government" by sending a one-time password or by sending a short text message as a response to the notification of the web portal of "electronic government".

      4. Owners or holders of information systems of state bodies are obliged to notify personal data subjects through the user's cabinet on the web portal of "electronic government" in an automatic mode about all cases of use, changes and additions of personal data within the framework of information interaction provided that personal data subjects are registered on the web portal of "electronic government".

      5. In addition to the reasons established by the Law of the Republic of Kazakhstan "On personal data and their protection", in the event of revealing obvious mistakes and inaccuracies in electronic information resources containing personal data, the state body in providing state services in order to eliminate them may execute their change and addition after receipt of request from the personal data subject or his legal representative.

      5-1. Provision by the owner or the possessor of publicly available electronic information resource of the service on placement of information by the user shall be carried out on the basis of an agreement concluded in writing (including electronic), with identification on the portal of "electronic government" or by using the subscriber's mobile number registered on the public information electronic resource with sending of a short text message containing a one-time password for the conclusion of the agreement.

      Placement of information by the user shall be carried out under his/her own name or pseudonym (fictional name). Depersonalization of personal data shall be carried out on the basis and in the manner specified in the agreement.

      The owner or possessor of an electronic information resource shall be obliged to store the information used in the agreement, for the entire period of validity and within three months after termination of the agreement.

      6. It is not allowed to use electronic information resources containing personal data on individuals for the purpose of causing property and (or) moral harm, limiting the execution of rights and freedoms guaranteed by the laws of the Republic of Kazakhstan.

      Footnote. Article 36 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 6. INFORMATION SYSTEMS. LIFE CYCLE OF THE OBJECT OF INFORMATIZATION OF "ELECTRONIC GOVERNMENT"

      Footnote. The title of chapter 6 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

37. Types of information systems

      1. Information systems on the form of ownership are state and non- state, by degree of access - publicly available and limited access.


      2. Information systems created or developed at the expense of budgetary funds, as well as received by state legal entities in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Information systems created or developed at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      Non-state information systems classified as critically important objects of information and communication infrastructure, as well as intended for formation of state electronic information resources, shall be equated with information systems of state bodies in terms of compliance with information security requirements.

      4. Information systems containing publicly available electronic information resources are publicly available.

      5. Information systems containing electronic information resources of limited access are information systems of limited access.

      6. Information systems of limited access are divided into:

      1) information systems in secure execution referred to state secrets, the protection of which is executed with the use of state encryption means and (or) other means of protecting information constituting state secrets, in compliance with the requirements of secrecy regime;

      2) confidential information systems.

      7. Creation, industrial operation, maintenance, development, integration, termination of industrial operation and protection of information systems in protected execution, classified as state secrets, shall be carried out in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      Audit of information systems in protected execution, classified as state secrets, shall not be carried out.

      Footnote. Article 37 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

38. Requirements for the information system of state agency

      1. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      2. Information system of state body is created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, the standards, life cycle of the information system operating in the territory of the Republic of Kazakhstan and taking into account the provision of:

      1) unified requirements in the field of information and communication technologies and ensuring information security;

      2) requirements for development of the architecture of "electronic government" and the standard architecture of "electronic akimat";

      3) approved architecture of state body;

      4) integration (if necessary) with other objects of informatization of "electronic government";

      5) information interaction of the information system of the state body with the system of monitoring of information security events of the National coordination center for information security;

      6) priority of free software;

      7) opportunities of repeated use of initial program codes, software products and software transferred to storage;

      8) assigning a class in accordance with the classifier;

      9) access of users with limited capabilities.

      2-1. Information system of a state legal entity and non-state information system intended for formation of state electronic information resources shall be created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, standards, operating on the territory of the Republic of Kazakhstan, the life cycle of the information system and provided that the following requirements are performed:

      1) agreed with the authorized body and the authorized body in the sphere of ensuring information security of technical task;

      2) act of tests with a positive result of tests for compliance with information security requirements;

      3) integration of the information system of the state body with the non-state information system only through the external gateway of "electronic government", put into industrial operation;

      4) unified requirements of information and communication technologies and ensuring information security.

      3. The information contained in the electronic information resource, normative and technical documentation, as well as other related documents of the information system of state bodies are created and stored in Kazakh and Russian languages.

      4. The owner or the possessor of information system of the state body or the person authorized by him after its introduction into industrial operation shall provide to the National coordination center for information security the access to the information system of the state body at its location for conducting monitoring of information security ensuring.

      Footnote. Article 38 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 39. Creation and development of the objects of informatization of "electronic government"

      1. Creation and development of the objects of informatization of "electronic government" shall be carried out by implementation of state investment projects, implementation of the service model of informatization, as well as by other method taking into account the assigned class in accordance with the classification, not prohibited by the legislation of the Republic of Kazakhstan.

      2. When creating and developing the objects of informatization of "electronic government" in the cases provided by this Law and the budget legislation of the Republic of Kazakhstan, it is necessary to obtain conclusions in the sphere of informatization and ensuring information security.

      3. Creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with technical tasks for creation and development of the objects of informatization of "electronic government".

      Preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".

      4. Creation and development of the object of informatization of "electronic government" shall include:

      1) design of the object of informatization of "electronic government";

      2) conducting trial operation of the object of informatization of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security, including:

      documenting of procedures for conducting trial operation;

      optimization and elimination of the revealed defects and shortcomings with their subsequent correction;

      execution of the act on completion of trial operation.

      The period of trial operation shall not exceed one year;

      3) testing of the object of informatization of "electronic government" for compliance with information security requirements in accordance with this Law;

      4) implementation of the object of informatization of "electronic government" in accordance with standards acting on the territory of the Republic of Kazakhstan;

      5) introduction into industrial operation of the object of informatization of "electronic government" in accordance with the requirements of technical documentation, subject to positive completion of trial operation of the object of informatization of "electronic government", as well as existence of an act with a positive tests result for compliance with information security requirements.

      5. Development of the object of informatization of "electronic government" shall be carried out after its introduction into industrial operation in accordance with this Article.

      6. Creation and development of the objects of informatization of "electronic government" in the framework of implementation of the service model of informatization shall be carried out in accordance with this Law and the rules of implementation of the service model of informatization without applying the standards, provided by paragraph 3 of this Article.

      Footnote. Article 39 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

40. Industrial operation of the information system of state agency

      Article 40. Industrial operation of the object of informatization of "electronic government"

      Footnote. The title of Article 40 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Introduction into industrial operation of the object of informatization of "electronic government" shall be carried out in accordance with the requirements of technical documentation, subject to positive completion of trial operation of the object of informatization of "electronic government", the existence of an act with a positive tests result for compliance with information security requirements.

      State authorities from the moment of introduction into industrial operation of the object of informatization of "electronic government" shall provide transfer to the service integrator of “electronic government” to record and store all versions of the developed software, the source program codes (if available), a set of settings to the licensed software of the objects of informatization of "electronic government" in accordance with the rules of recording and storage of the developed software, source program codes (if available), a set of settings of the licensed software of the objects of informatization of "electronic government".

      2. At industrial operation of the object of informatization of "electronic government" shall be provided:

      1) compliance with unified requirements in the field of information and communication technologies and ensuring information security;

      2) safety, protection, restoration of electronic information resources in case of failure or damage;

      3) backup copying and control for timely updating of electronic information resources;

      4) automated recording, safety and periodic archiving of information on the applications to the information system of the state body;

      5) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      6) maintenance of the object of informatization;

      7) technical support of the used licensed software of the informatization object;

      7-1) system-technical maintenance;

      8) reduction (exclusion) of the use of documents on paper, as well as the requirements for their presentation in carrying out state functions and rendering state services;

      9) warranty service by the supplier of the object of informatization of "electronic government", including elimination of errors and defects, identified during the warranty period. Warranty service shall be provided for a period of not less than a year from the date of introduction into industrial operation of the object of informatization of "electronic government".

      Footnote. Article 40 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 41. Termination of industrial operation of the object of informatization of "electronic government"

      Footnote. The title of Article 41 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. The absence of need for further use of the object of informatization of "electronic government" shall entail termination of industrial operation and change of information about the object of informatization of "electronic government" at the architectural portal of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security.

      2. The decision about the absence of need of further operation of the object of informatization of "electronic government" shall be adopted by the owner or by the possessor with notification of the owners and (or) possessors of the objects of informatization of "electronic government", with whom the object of informatization of "electronic government" is integrated, as well as the service integrator of "electronic government" on the procedure and terms of operation termination.

      3. Electronic information resources, technical documentation and source program codes of the written off object of informatization of "electronic government" shall be subject to transfer to the archive in accordance with the legislation of the Republic of Kazakhstan.

      4. Writing off and (or) utilization of technical means of the written-off object of informatization of the state body shall be carried out in accordance with the requirements established by the legislation of the Republic of Kazakhstan on accounting and financial reporting.

      Footnote. Article 41 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 42. Mandatory requirements for the means of processing, storage and backup copying of electronic information resources in the objects of information and communication infrastructure of "electronic government"

      Footnote. The title of Article 42 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. To ensure the reliability and safety of functioning of the objects of information and communication infrastructure of the "electronic government", technical means that are used for storage, processing and transfer of electronic information resources must comply with the requirements of the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. The owner or the possessor of the object of information and communication infrastructure of "electronic government", as well as the operator shall carry out the storage and, if necessary, ensure restoration of the state electronic information resources contained in the objects of information-communication infrastructure of "electronic government", and shall be responsible for the loss, modification, or otherwise failing to ensure the safety of state electronic information resources in the manner established by the laws of the Republic of Kazakhstan and the agreement of the parties.

      3. Ensuring the production of a backup copy of the state electronic information resources shall be mandatory for the owner of the object of information and communication infrastructure of the "electronic government" or the operator.

      A method of production and storage of backup copy containing state electronic information resources, should ensure the preservation of electronic information resources until the next backup copy is made.

      The frequency of backup copying of state electronic information resources shall be established by technical documentation on the object of informatization of "electronic government".

      Footnote. Article 42 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 43. Integration of the objects of informatization of “e-government”

      Footnote. The title of Article 43 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Integration of information systems of state bodies shall be carried out in accordance with the rules of integration of objects of informatization of "electronic government" and in compliance with the requirements of information security, determined by the profile of protection and formalized by the contract of joint works on information security of state and non-state information systems.

      2. State bodies are obliged to ensure the integration of information systems of state bodies through the gateway of “electronic government” in terms and in the order established by the authorized body.

      3. In case of integration of non-state information system with information system of state body separately or simultaneously with other information system of state body or other objects of informatization of "electronic government", organization of access to electronic information resources shall be carried out according to the rules of integration of objects of informatization of "electronic government".

      4. When verifying the authenticity of an electronic digital signature, the information system of state body and non-state information system do not need to connect to the "electronic government" gateway.

      Footnote. Article 43 with amendment introduced by the Law of the RK from 28.12.2016 № 36-VI (effective after two months after the day of its first official publication); dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

44. Requirements for non-state information system that is integrated with the information system of state body

      1. Integration of non-state information system with information system of the state body shall be carried out exclusively through the gateway of "electronic government"or payment gateway of "electronic government" (for the purposes of payments) in accordance with the rules of integration of objects of informatization of "electronic government".

      2. Electronic information resources, interface, technical documentation and other related documents of non-state information system, integrated with information system of the state body or intended for formation of state electronic information resources shall be created and stored in the Kazakh and Russian languages.

      3. Non-state information system is integrated with information system of the state body only through the external gateway of "electronic government", put into industrial operation.

      Footnote. Article 44 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 7. SERVICE MODEL OF INFORMATIZATION

Article 45. Service model of informatization

      1. Implementation of the service model of informatization shall include planning, creation or development of information and communication services, as well as their provision on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services.

      2. Implementation of the service model of informatization shall be carried out in accordance with this Law, the rules of implementation of the service model of informatization and other regulatory legal acts on informatization.

      3. Provision of information and communication services may be carried out by concluding a state-private partnership contract on the service model of informatization or a contract between the operator and a state body concluded in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      4. Obligations and responsibility of the parties in provision (receipt) of information and communication services shall be established by the laws of the Republic of Kazakhstan and the agreement of the parties.

      5. If the project of state-private partnership on service model of informatization provides payments from the budget and measures of the state support, the authorized body shall:

      1) submit a draft list of state-private partnership projects on the service model of informatization, planned for implementation, with the attachment of approved tasks for the design of information and communication services for approval to the authorized body on budget planning to determine the financial security of state-private partnership projects on the service model of informatization;

      2) approve the list of projects of state-private partnership on the service model of informatization, planned for implementation, on the basis of a positive conclusion of the authorized body on budget planning to determine the financial security of state -private partnership projects on the service model of informatization.

      Formation and approval of the list of state -private partnership projects planned for implementation shall be carried out in the manner determined by the rules of implementation of the service model of informatization.

      6. The grounds for inclusion in the draft of republican budget of state-private partnership projects on the service model of informatization, planned for implementation, shall be the presence of:

      1) the positive conclusion of the authorized body on budget planning to the draft list of projects of state -private partnership on the service model of informatization in terms of determining the financial security of these projects;

      2) the task for design of information and communication services approved by the authorized body;

      3) a positive proposal of the Republican budget commission.

      7. Procedures for determining the suppliers of service software products or objects of information and communication infrastructure, conclusion, execution and termination of the state-private partnership contract on the service model of informatization shall be carried out in accordance with this Law and the rules for implementation of the service model of informatization.

      8. Monitoring and evaluation of implementation of state-private partnership projects on the service model of informatization, as well as monitoring of performance of contractual obligations during contractual relations shall be carried out in accordance with the rules of implementation of the service model of informatization.

      Footnote. Article 45 is in the wording of the Law of Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-1. Determination of the supplier of the service software product or object of information and communication infrastructure, including projects of state-private partnership on the service model of informatization

      1. Determination of the supplier of the service software product or object of information and communication infrastructure shall be carried out on a competitive basis.

      2. The tender commission for determining the supplier of the service software product or object of information and communication infrastructure shall be created by the customer of information and communication services.

      3. The chairman of the tender commission shall be the first head of the customer of information and communication services or a person authorized by him/her.

      4. Representatives of the customer of information and communication service, authorized body, service integrator and other interested state bodies and organizations shall be included in the composition of the tender commission.

      5. The competition on determining the supplier of the service software product or object of information and communication infrastructure, including qualification selection, shall be carried out in the manner determined by the rules of implementation of the service model of informatization.

      Footnote. Chapter 7 is supplemented by Article 45-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-2. Qualification requirements for the potential suppliers of service software products or objects of information and communication infrastructure, including at implementation of state-private partnership projects on the service model of informatization

      1. To the potential supplier of service software products or objects of information and communication infrastructure, including implementation of state-private partnership projects on the service model of informatization, the following qualification requirements shall be imposed:

      1) to have legal capacity( for legal entities), civil capacity (for individual entrepreneurs);

      2) to be solvent, have no tax debts;

      3) to have financial and (or) material, and (or) labor resources necessary for performance of obligations under the contract of state-private partnership on the service model of informatization;

      4) not to be subject to bankruptcy or liquidation proceedings, on his/her property, the book value of which exceeds ten percent of the value of the relevant fixed assets, shall not be seized, his/her financial and economic activity shall not be suspended in accordance with the legislation of the Republic of Kazakhstan;

      5) not to be held liable for non-performance and (or) improper performance of obligations under state-private partnership contracts concluded within the last three years on the basis of the court decision, which entered into force, on recognition of him/her as unfair potential private partner.

      2. The potential supplier of service software products or objects of information and communication infrastructure in confirmation of its compliance with the qualification requirements shall submit confirming documents in the manner and scope provided by the rules of implementation of the service model of informatization.

      3. The potential supplier of service software products or objects of information and communication infrastructure - a non-resident of the Republic of Kazakhstan to confirm his/her compliance with qualification requirements, established by paragraph 1 of this Article, shall submit the same documents that the resident of the Republic of Kazakhstan, or documents containing similar information on qualification of a potential supplier of service software products or objects of information and communication infrastructure – a non-resident of the Republic of Kazakhstan.

      4. The potential supplier of service software products or objects of information and communication infrastructure in case of providing false information for compliance with qualification requirements shall not be allowed to participate in the competition on determining the potential supplier of service software products or objects of information and communication infrastructure for the next three years from the date of his/her recognition by the court as an unfair potential supplier of service software products or objects of information and communication infrastructure.

      5. Customers of information and communication services not later than thirty calendar days from the date of establishment of such a fact by the tender commission shall sue the court for recognition of a potential supplier of service software products or objects of information and communication infrastructure, which provided false information on qualification requirements, as an unfair potential private partner.

      6. Reliability of information on qualification requirements provided by the potential supplier of service software products or objects of information and communication infrastructure shall be established by the tender commission at the stage of qualification selection of the suppliers of service software products or objects of information and communication infrastructure.

      7. The customer of information and communication service shall send to the central authorized body for state planning the decisions of the courts entered into legal force, on recognition of the potential supplier of service software products or objects of information and communication infrastructure as unfair potential supplier of service software products or objects of information and communication infrastructure within five working days from receipt of such decisions for inclusion in the list of unfair potential private partners.

      Footnote. Chapter 7 is supplemented by Article 45-2 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-3. Grounds for recognition of a potential supplier of service software products or objects of information and communication infrastructure not meeting the qualification requirements, including in implementation of state-private partnership projects on the service model of informatization

      A potential supplier of service software products or objects of information and communication infrastructure, including in implementation of state-private partnership projects on the service model of informatization, shall be recognized as not meeting the qualification requirements for one of the following grounds:

      1) non-submission of a document (s) to confirm compliance with the qualification requirements of a potential supplier of service software products or objects of information and communication infrastructure;

      2) establishment of the fact of non-conformity to qualification requirements on the basis of the information contained in the documents submitted by the potential supplier of service software products or objects of information and communication infrastructure for confirmation of its compliance;

      3) establishment of the fact of providing false information on qualification requirements.

      Footnote. Chapter 7 is supplemented by Article 45-3 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 46. Provision of information and communication services to state bodies

      1. The operator, owners of the objects of information and communication infrastructure, service software products do not acquire the right to use and dispose electronic information resources of state bodies placed on the objects belonging to these persons.

      2. Calculation of the marginal cost of information and communication service shall be carried out on the basis of the methodology approved by the authorized body.

      3. Description of information and communication services provided to state bodies by the operator, and information about their cost shall be placed on the Internet resource of the operator.

      4. Information and communication services included in the catalog of information and communication services shall be classified by type and subject of receiving these services.

      5. In order to monitor the quality of rendering information and communication services and providing consulting support to the recipients of these services, the authorized body and the operator shall use a single contact center.

      6. The operator in rendering information and communication services shall provide and be responsible for the security of storage of electronic information resources in the manner prescribed by the laws of the Republic of Kazakhstan and the agreement of the parties.

      Footnote. Article 46 is in the wording of the Law of Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

47. Interaction of operator with owner of service software product and other individuals

      1. Interaction of operator and individuals who provide him with information and communication infrastructure and service software products for provision of information and communication services is regulated by the rules for the implementation of service model of informatization and the agreement between the operator and these individuals.

      2. Owner of the service software product is obliged to:

      1) transfer the service program product and technical documentation to the service software product to the operator in accordance with the agreement between them;

      2) execute finalization and development of the service software product on the operator's request;

      3) conduct training of the operator's personnel on the operation and maintenance of the service software product, as well as on the use of the information and communication service provided through this service software product.

      3. In case of early termination of the agreement on the initiative of the owner of the service software product, the operator shall carry out operation of the service software product before replacing it with another service software product.

      Footnote. Article 47 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 8. TESTS AND AUDIT OF THE OBJECTS OF INFORMATIZATION

      Footnote. The title of chapter 8 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 48. Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government"

      Footnote. The title of Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government" shall be carried out by their owner or possessor in accordance with the requirements established by the legislation of the Republic of Kazakhstan on informatization, electronic document and electronic digital signature, on the National archival fund and archives.

      Footnote. Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 49. Tests for compliance with information security requirements, as well as tests for quality assessment

      Footnote. The title of Article 49 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Tests for compliance with information security requirements shall be conducted mandatorily or at the initiative of the owner or possessor.

      2. The test objects subject to mandatory tests for compliance with information security requirements shall include:

      1) service software product;

      2) information and communication platform of “electronic government";

      3) Internet resource of the state body;

      4) information system of the state body;

      5) information system classified as critically important objects of information and communication infrastructure;

      6) non-state information system intended for formation of state electronic information resources, implementation of state functions and rendering state services.

      3. The information system of the state body and the non-state information system for the use of the services of the national certification center of the Republic of Kazakhstan for authentication of electronic digital signature, passing tests for compliance with the requirements of information security is not required.

      4. Tests for compliance with the information security requirements of the information system classified as critically important objects of information and communication infrastructure (with the exception of being objects of informatization of "electronic government") shall be conducted by accredited testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.

      5. Tests of objects of informatization in order to assess their quality shall be carried out in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

      Footnote. Article 49 is in the wording оf the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

50. Audit of information systems

      1. At the stage of creation, introduction and operation of information systems on the initiative of the owner or holder of information systems, the audit of information systems can be conducted.

      2. Conduction of the audit of information systems is executed by individual and (or) legal entities possessing special knowledge and experience in the field of information and communication technologies, in the order determined by the authorized body.

51. Attestation

      Footnote. Article 51 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

52. Confirmation of conformity in the field of informatization

      Confirmation of conformity in the field of informatization is executed in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

Chapter 9. PROTECTION OF THE OBJECTS OF INFORMATIZATION

53. Aims of protection of the objects of informatization

      1. Protection of the objects of informatization is the implementation of a set of legal, organizational and technical measures aimed at the preservation of the objects of informatization, preventing unlawful and (or) unintentional access and (or) impact on them.

      2. Protection of the objects of informatization is executed in accordance with the legislation of the Republic of Kazakhstan and current standards in the territory of the Republic of Kazakhstan in order to:

      1) ensure integrity and safety of electronic information resources;

      2) ensure regime of confidentiality of electronic information resources of limited access;

      3) implementation of the right of subjects of informatization for access to electronic information resources;

      4) prevention of unauthorized and (or) unintentional access, leakage and other actions regarding electronic information resources, as well as unauthorized and (or) unintentional impact on objects of information and communication infrastructure;

      5) prevention of violations of the functioning of objects of information and communication infrastructure and critically important objects of information and communication infrastructure.

      3. Other unauthorized and (or) unintentional actions regarding objects of informatization are:

      1) blocking electronic information resources and (or) objects of information and communication infrastructure, that is, committing actions leading to limitation or closure of access to electronic information resources and (or) objects of information and communication infrastructure;

      2) unauthorized and (or) unintentional modification of objects of informatization;

      3) unauthorized and (or) unintentional copying of electronic information resource;

      4) unauthorized and (or) unintentional destruction, loss of electronic information resources;

      5) use of the software without permission of the right holder;

      6) infringement of work of information systems and (or) software or infringement of functioning of telecommunication networks.

      4. Protection of information systems is executed according to the class assigned in accordance with the classifier.

54. Organization of protection of the objects of informatization

      1. Protection of the objects of informatization is executed:

      1) regarding electronic information resources - their owners, holders and users;

      2) regarding objects of information and communication infrastructure and critically important objects of information and communication infrastructure - their owners or holders.

      2. Owners or holders of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure are obliged to take measures ensuring:

      1) prevention of unauthorized access;

      2) timely detection of facts of unauthorized access, if such unauthorized access failed to prevent;

      3) minimization of adverse consequences of violation of the order of access;

      4) prevention of unauthorized influence on the means of processing and transferring of electronic information resources;

      5) prompt restoration of electronic information resources modified or destroyed due to unauthorized access to them;

      6) immediate informing of the National coordination center for information security about the incident of information security, except for the owners and (or) possessors of electronic information resources containing information constituting state secrets;

      7) information interaction with the National coordination center for information security on the issues of monitoring information security ensuring of the objects of informatization of "electronic government";

      8) providing access to the National coordination center for information security to the objects of informatization of "electronic government" and operational centers of information security to the critically important objects of information and communication infrastructure for conducting organizational and technical measures, aimed at the implementation of monitoring of information security ensuring in accordance with the rules of monitoring of information security ensuring of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure.

      3. Provisions of unified requirements in the field of information and communication technologies and ensuring information security related to the sphere of ensuring information security are mandatory for application by state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, owners and holders of non-state information systems integrated with information systems state bodies or designed to form state electronic information resources, as well as by owners and holders of critically important objects of information and communication infrastructure.

      3-1. Purchase of goods for the purpose of implementation of requirements of information security ensuring for national defense and state security shall be carried out from the registry of trusted software and products of electronic industry in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      In this case, in the absence in the registry of trusted software and products of electronic industry of the necessary products, it is allowed to purchase goods in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      4. Management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation is executed by the authorized body in accordance with the legislation of the Republic of Kazakhstan.

      Footnote. Article 54 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

55. Measures to protect electronic information resources, information systems and information and communication infrastructure

      1. Legal measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) requirements of the legislation of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan;

      2) responsibility for violation of the legislation of the Republic of Kazakhstan on informatization;

      3) agreements concluded by the owner or the holder of electronic information resources, information systems, information and communication infrastructure where the conditions of work, access or use of these objects, as well as liability for their violation are established.

      2. Organizational measures to protect electronic information resources, information systems and information and communication infrastructure include the establishment and provision of access regime in the territory (buildings, premises) where access to information, electronic information resources, information systems (electronic media of information); as well as limitation of access to electronic information resources, information systems and information and communication infrastructure can be executed.

      3. Technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) use of information security means, and regarding information constituting state secrets, exclusively with the use of means of protecting information constituting state secrets, developed, produced and (or) taken into operation in accordance with the legislation of the Republic of Kazakhstan;

      2) use of access control systems and registration of facts of access to electronic information resources, information systems and information and communication infrastructure;

      3) development of a security task based on the approved protection profiles to determine the protection measures by the owners or by the possessors of the objects of informatization.

      4. Use of technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure should not cause harm or create a threat of harm to life, health and property of individuals, as well as property of legal entities and state property.

      Footnote. Article 55 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

56. Protection of electronic information resources containing personal data

      Owners and holders of information systems that have received electronic information resources containing personal data are obliged to take measures to protect them in accordance with this Law and current standards in the territory of the Republic of Kazakhstan.

      This duty arises from the moment of receipt of electronic information resources containing personal data and to their destruction or depersonalization.

SECTION 3. STATE REGULATION IN THE FIELD OF INFORMATIZATION
Chapter 10. EXPERTISE AND COORDINATION OF DOCUMENTS

      Footnote. The title of chapter 10 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 57. Conclusions in the sphere of informatization and information security ensuring

      1. The investment proposal of the state investment project, financial and economic justification of budget investments shall be made by the state body to the authorized body and the authorized body in the sphere of information security ensuring to obtain conclusions in the spheres of informatization and ensuring information security.

      Expertise in the sphere of informatization of investment proposals, financial and economic justification shall be carried out in accordance with the rules of conducting expertise in the sphere of informatization of investment proposals, financial and economic justification of budget investments.

      2. For budget investment projects aimed at creation and development of the objects of informatization of "electronic government", the investment proposal shall be submitted to the conclusion with attachment of the technical task for creation and development of the object of informatization of "electronic government".

      Assessment on the reasonableness of costs calculation, determining feasibility and efficiency of the budgetary investment project aimed at creation and development of the objects of informatization of “electronic government”, shall be carried out by the authorized body and specified in the conclusion in the sphere of informatization.

      3. The investment proposal shall be considered by the authorized body and the authorized body in the sphere of ensuring information security within the term of not more than twenty working days from the date of receipt.

      4. Conclusions in the spheres of informatization and ensuring information security for financial and economic justification of budget investments shall be issued no later than thirty working days from the date of receipt of the full package of documents.

      Footnote. Article 57 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

58. Conclusion of the expertise in the field of informatization for technical and economic justification or financial and economic justification for budget investments

      Footnote. Article 58 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 59. Coordination of technical documentation and documentation on state-private partnership projects in the spheres of informatization and ensuring information security

      1. Coordination of a technical task for creation and development of the object of informatization of "electronic government" shall be carried out by the authorized body and the authorized body in the sphere of ensuring information security in the manner and terms, which are determined by the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".

      2. Coordination of the task for the design of information and communication service, developed by the service integrator of "electronic government", shall be carried out in the manner and terms, which are determined by the rules of implementation of the service model of informatization.

      3. In creation and development of the objects of informatization of "electronic government" in the framework of republican and local projects of state-private partnership in the sphere of informatization in accordance with the legislation of the Republic of Kazakhstan in the field of state-private partnership, the tender documentation of state -private partnership project, business plan for the project of state-private partnership in direct negotiations on determination of the private partner shall be coordinated with the authorized body.

      Footnote. Article 59 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

60. Conclusion of the authorized body on the calculation of costs for state procurement of goods, works and services in the field of informatization

      1. Calculations of costs for state procurement of goods, works and services in the field of informatization are introduced by the administrator of budget programs for consideration to the authorized body annually until March 1.

      2. Calculations of costs for state procurement of goods, works and services in the field of informatization are considered by the authorized body within a period of not more than thirty working days from the date of receipt of documents.

      3. Refusal to consider the calculation of costs for state procurement of goods, works and services in the field of informatization is executed in the following cases:

      1) nonconformities in the form and content of the calculation of costs for state procurement of goods, works and services in the field of informatization to the requirements of this Law and budget legislation of the Republic of Kazakhstan;

      2) non-submission of documents in accordance with established requirements approved by the authorized body.

      4. Administrators of budget programs place calculations of costs for state procurement of goods, works and services in the field of informatization on the architectural portal of "electronic government".

Chapter 11. DEVELOPMENT OF THE INDUSTRY OF INFORMATION AND COMMUNICATION TECHNOLOGIES

61. State support for development of the industry of information and communication technologies

      1. State support for development of the industry of information and communication technologies is executed by the authorized state bodies, national institution of development in the field of information and communication technologies and other national institutions of development in order to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan.

      2. National institute of development in the field of information and communication technologies executes its activities in accordance with this Law and the legislation of the Republic of Kazakhstan on state support of industrial and innovative activities.

      3. The main principles of state support for development of the industry of information and communication technologies:

      1) development of the industry of information and communication technologies on the basis of private entrepreneurship and state-private partnership;

      2) priority of domestic legal entities in obtaining orders for development of information and communication technologies, information systems;

      3) stimulation of development of production of domestic software, software products and production of technical means;

      4) development of the market structure of information and communication technologies;

      5) support conscientious competition in the market of information and communication technologies.

      4. In accordance with the principles of state support, measures to stimulate the growth of the information and communication technologies sector, in addition to measures provided by the legislation of the Republic of Kazakhstan on investments and on state support for industrial and innovative activities, are:

      1) formation and development of the normative and methodological base of activities in the industry of information and communication technologies, including the introduction of international standards;

      2) implementation and improvement of the system of state (quasi-state) orders for development and supply of innovative software, software products with a high share of local content;

      3) extra budgetary refundable and non-refundable financing of projects in the industry of information and communication technologies aimed at increasing the share of local content;

      4) harmonization of the cost structure for informatization of state legal entities and subjects of quasi-state sector aimed at increasing the share of services in the field of informatization;

      5) creation of conditions for venture and other extra budgetary refundable financing of projects in the industry of information and communication technologies;

      6) development of proposals to stimulate development and increase the investment attractiveness of the industry of information and communication technologies.

62. Personnel and scientific provision of the industry of information and communication technologies

      1. The state creates conditions for training and retraining of specialists with technical, professional, higher and postgraduate education on specialties in the industry of information and communication technologies in domestic and foreign higher educational institutions.

      2. Organizations, national companies, their affiliated individuals act as bases of practice for students in organizations of professional, technical, higher and postgraduate education on specialties in the industry of information and communication technologies.

      3. Scientific provision in the industry of information and communication technologies is executed through state support of scientific and scientific-technical activities in the industry of information and communication technologies, including through creation of conditions for the commercialization of technologies.

Chapter 12. INTERNATIONAL COOPERATION IN THE FIELD OF INFORMATIZATION

63. International cooperation in the field of informatization

      1. International cooperation of the Republic of Kazakhstan in the field of informatization is executed in accordance with the international treaties and the legislation of the Republic of Kazakhstan.

      2. Subjects of informatization of the Republic of Kazakhstan have the right to join international organizations and associations, participate in international and foreign projects and programs.

      State bodies in agreement with the authorized body execute interaction in the field of informatization with state bodies of foreign states, international organizations and foreign legal entities.

      3. International cooperation in the field of informatization is executed in the form of:

      1) interaction with state bodies of foreign states, international organizations and foreign legal entities, including participation in the implementation of measures for execution of international treaties of the Republic of Kazakhstan;

      2) rendering assistance in the formation of a stable and secure system of international (interstate) information interaction with the use of information and communication technologies, including through the national gateway of the Republic of Kazakhstan;

      3) interaction with foreign legal entities to ensure the development of information and communication technologies, as well as personnel development and scientific cooperation;

      4) conduction of monitoring and forecasting the development of information and communication technologies on an ongoing basis jointly with foreign legal entities and international organizations;

      5) interaction with state bodies of foreign states and international organizations on the issues of safe use of information and communication technologies, as well as establishment of prohibition for actions that encroach on the information and communication infrastructure of the state and undermine the political, economic, social and other spheres of state activity;

      6) conduction of seminars, conferences and trainings in the Republic of Kazakhstan and abroad;

      7) establishment of prohibition for the use of information and communication technologies to the detriment of man, society and state on the basis of reciprocity;

      8) joint financing and implementation of projects in the field of information with foreign countries, international organizations, foreign legal entities, foreign public organizations and funds.

      4. International cooperation on the issues of development of information and communication technologies, institutional provision and exchange of experience and knowledge is executed with participation of state bodies of foreign states, international organizations and foreign legal entities.

Chapter 13. FINAL AND TRANSITIONAL PROVISIONS

Article 64. State control in the sphere of informatization

      State control in the sphere of informatization shall be carried out in the form of inspections and preventive control in accordance with the Entrepreneurial code of the Republic of Kazakhstan.

      Footnote. Article 64 is in the wording of Law of the Republic of Kazakhstan dated 24.05.2018 No. 156-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

65. Responsibility for violation of the legislation of the Republic of Kazakhstan on informatization

      Violation of the legislation of the Republic of Kazakhstan on informatization entails responsibility in accordance with the laws of the Republic of Kazakhstan.

Article 66. Transitional provision

      1. State bodies that have Internet resources and information systems of state bodies, introduced into industrial operation before the enactment of this Law and not having the protocol of tests for compliance with information security requirements, certificate of compliance with the requirements of information security, shall conduct their tests for compliance with information security requirements and certification within three years from the date of enactment of this Law.

      2 non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and not having the protocol of tests for compliance with information security requirements, the certificate of compliance to information security shall be tested for compliance with information security requirements and certification within three years from the date of enactment of the Law.

      Footnote. Article 66 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

67. Procedure for the enactment of this Law

      1. This Law enters into enforce from January 1, 2016.

      2. Recognize as invalid the Law of the Republic of Kazakhstan dated January 11, 2007 "On informatization" (Gazette of the Parliament of the Republic of Kazakhstan, 2007, № 2, art. 13; 2009, № 15-16, art. 74; № 18, art. 84; 2010, № 5, art. 23; № 17-18, art. 111; 2011, № 1, art. 2; № 11, art. 102; № 15, art. 118; 2012, № 2, art. 13; № 8, art. 64; № 14, art. 95; № 15, art. 97; 2013, № 5-6, art. 30; № 7, art. 36; № 14, art. 75; 2014, № 1, art. 4; № 19-I, 19-II, art. 96; № 23, art. 143).



President of

the Republic of Kazakhstan

N. NAZARBAYEV



On informatization

Law of the Republic of Kazakhstan dated 24 November 2015 № 418-V.

      Unofficial translation

      This Law regulates public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in creation, development and operation of informatization facilities, as well as with state support for the development of information and communication technologies industry.

SECTION 1. BASICS OF REGULATION OF RELATIONS IN THE FIELD OF INFORMATIZATION
Chapter 1. GENERAL PROVISIONS

1. General provisions, used in this Law

      The following basic concepts are used in this Law:

      1) automation - the process of using means of information and communication technologies to optimize the creation, search, collection, storage, processing, receipt, use, transformation, display, distribution and provision of information;

      2) informatization - organizational, socio-economic and scientific and technical process aimed at automating the activities of subjects of informatization;

      3) service model of informatization – implementation of the centralized approach in informatization of state functions and state services based on creation or development of information and communication services, and also their provision;

      3-1) project of state-private partnership on the service model of informatization – a set of sequential measures for creation or development, as well as provision of information and communication services;

      3-2) contract of state-private partnership on the service model of informatization – a service contract, determining the rights, duties and responsibilities of the parties and other conditions when creating, developing and providing information and communication services, the sides of which are state-owned partner, the operator of information and communication infrastructure of "electronic government" and the private partner, being the supplier of service software products or objects of information and communication infrastructure;

      4) objects of informatization – electronic information resources, software, Internet resource and information and communication infrastructure;

      5) owner of objects of informatization - a subject to whom the owner of objects of informatization has provided the rights to own and use objects of informatization in the limits and order determined by law or agreement;

      5-1) integration of objects of informatization -measures for organization and provision of information interaction between the objects of informatization on the basis of standard protocols of data transfer used in the Republic of Kazakhstan;

      6) classifier of objects of informatization (hereinafter - classifier) - a systemized list of categories aimed at identification and description of objects of informatization;

      6-1) development of the object of informatization – a stage of life cycle of the object of informatization, during which a set of measures for implementation of additional functional requirements, as well as modernization of the object of informatization put into industrial operation in order to optimize its functioning and (or) expansion of functionality shall be carried out;

      6-2) introduction of the object of informatization – stage of creation or development of the object of informatization, aimed at conducting a complex of actions for commissioning of the object of informatization, including preparation of the automation object and personnel, pre- commissioning, preliminary and acceptance tests;

      6-3) maintenance of the object of informatization – ensuring the use of the object of informatization, put into industrial operation in accordance with its purpose, including measures on conducting corrections, modifications and elimination of software defects, without modernization and implementation of additional functional requirements and subject to maintaining its integrity;

      6-4) creation of the object of informatization - a stage in the life cycle of informatization, during which implementation of a complex of organizational and technical measures aimed at development, trial operation, introduction of the object of informatization are carried out, as well as acquisition and (or) property rent (lease) of hardware and software complex necessary for its functioning;

      6-5) industrial operation of the object of informatization - a stage in the life cycle of the object of informatization, during which the use of an object of informatization in the normal mode is carried out in accordance with the goals, objectives and requirements set forth in technical documentation and normative-technical documentation;

      6-6) trial operation of the object of informatization - operation of the object of informatization in the pilot zone, aimed at identifying and eliminating defects of its functioning and determining compliance with the requirements of technical documentation;

      6-7) life cycle of the object of informatization - a set of stages for creation, industrial operation, development and termination of industrial operation of the object of informatization;

      7) information security in the field of informatization (hereinafter - information security) - the condition of protection of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

      8)is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      9) expert council in the field of informatization (hereinafter - expert council) - an interdepartmental commission under an authorized body, which considers issues related to the informatization of the activities of state bodies;

      10) authorized body in the field of informatization (hereinafter - authorized body) - central executive body exercising management and intersectoral coordination in the field of informatization and "electronic government";

      11) subjects of informatization - state bodies, individuals and legal entities exercising activities or entering into legal relations in the field of informatization;

      12) information system - an organizationally ordered set of information and communication technologies, maintenance personnel and technical documentation that implement certain technological activities through information interaction and specific functional tasks designed to solve;

      13) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      14) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      15) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
     
      16) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
     
      17) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      18) audit of the information system - an independent survey of the information system in order to improve the efficiency of its use;

      19) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      20) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      21) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      22) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      23) information and communication infrastructure - a set of objects of information and communication infrastructure designed to ensure the functioning of the technological environment in order to generate electronic information resources and provide access to them;


      24) critically important objects of the information and communication infrastructure - objects of the information and communication infrastructure, including the information and communication infrastructure of the "electronic government", the violation or termination of functioning which leads to an emergency situation of social and (or) technogenic nature or to significant negative consequences for defense, security, international relations, economy, certain spheres of economy, infrastructure of the Republic of Kazakhstan, or for vital activity of population residing in the respective territory;

      25) objects of information and communication infrastructure – information systems, technological platforms, hardware and software complexes, server rooms (data processing centers), telecommunications networks, as well as systems for ensuring information security and uninterrupted operation of technical means;

      26) information and communication service - a service or a set of services for property hiring (leasing) and (or) placing of computing resources, providing software, software products, service software products and technical means for use, including communication services, through which functioning of these services are provided;

      26-1) task for the design of information and communication service-a document reflecting technical, organizational and other requirements for information and communication service, as well as the marginal cost of information and communication service;

      27) catalog of information and communication services - a single directory of information and communication services provided to state bodies by the operator of the information and communication infrastructure of "electronic government";

      28) information and communication technologies - a set of methods of working with electronic information resources and methods of information interaction, implemented with the use of hardware and software complex and telecommunication network;

      29) branch of information and communication technologies - a branch of the economy connected with the design, production and sale of software, technical means, domestic electronics and its components, as well as providing information and communication services;

      29-1) monitoring of information security events – continuous monitoring of the object of informatization in order to reveal and identify information security events;

      30) an information security occasion - a state of objects of informatization, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of objects of informatization;

      30-1) authorized body in the field of information security – central executive body carrying out management and inter-sectorial coordination in the field of information security;


      30-2) national institute of development in the sphere of ensuring information security – a legal entity determined by the Government of the Republic of Kazakhstan for the development of information security sphere and electronic industry;

      30-3) operational center of information security – a legal entity or structural division of a legal entity carrying out activity on protection of electronic information resources, information systems, telecommunications networks and other objects of informatization;

      30-4) information security incident response service – a legal entity or a structural division of a legal entity providing information analysis on information security events in order to render consultative and technical assistance in eliminating the consequences of information security incidents;

      31) information security incident - separately or serially occurring failures in the operation of the information and communication infrastructure or its individual objects, which threaten their proper functioning and (or) the conditions for illegally obtaining, copying, distributing, modifying, destroying or blocking electronic information resources;

      32) means of information security - software, technical and other means designed and used to ensure the protection of information;

      33) hardware-software complex - a set of software and technical means that are jointly used to solve problems of a certain type;

      33-1) international technological park "Astana Hub" – a legal entity determined by the Government of the Republic of Kazakhstan, owning on the right of ownership or other legal grounds a single material and technical complex, which creates favorable conditions for implementation of industrial and innovative activities in the field of information and communication technologies;

      33-2) acceleration of participants of the international technological park "Astana Hub" – process of preparation and training of participants of the international technological park "Astana Hub" to implementation of their industrial and innovative projects in the field of information and communication technologies;

      34) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      35) open data - public electronic information resources, presented in a machine-readable form and designed for further use, re-publication in an unchanged form;

      36) the Internet portal of open data - a component of web portal of “electronic government” that provides centralized storage of descriptive and reference information on open data;

      37) software - a set of programs, software codes, as well as software products with technical documentation necessary for their operation;

      38) software product - an independent program or part of the software which is a product that regardless of its developers can be used for the intended purposes in accordance with the system requirements established by the technical documentation;

      39) one-time password - a password that is valid only for one session for authentication of subjects of receipt services in electronic form;

      40) domain name - a symbolic (alphanumeric) designation, formed in accordance with the rules of addressing the Internet, corresponding to a specific network address and intended for a named reference to the Internet object;

      41) free software - an open source software for which the copyright holder provides to the user the right in unlimited installation, launching and copying, as well as free using, studying, developing and distributing;

      42) a local network - part of a telecommunication network that has a closed infrastructure to the point of connection to other telecommunication networks and provides information transfer and organization of joint access to network devices in the territorially limited space of the facility (premises, building, structure and its complex);

      43) system maintenance - measures to ensure the uninterrupted functioning of the hardware and software complex and telecommunication networks;

      44) Internet - a worldwide system of integrated networks of telecommunications and computing resources for the transmission of electronic information resources;

      45) a unified gateway to Internet access - a hardware and software complex designed to protect telecommunication networks in accessing the Internet and (or) communication networks that have access to the Internet;

      46) Internet resource-information (in text, graphic, audiovisual or other form) placed on the hardware and software complex having a unique network address and (or) domain name and functioning on the Internet;

      47) national gateway of the Republic of Kazakhstan - an information system designed to provide interstate information interaction of information systems and electronic information resources of states;

      47-1) protection profile-a list of minimum requirements for the security of software and hardware that are the components of information objects;

      48) a unified platform of Internet resources of state bodies - a technological platform designed for placing of Internet resources of state agencies;

      49) architecture of the state agency - a description of the current and planned condition of the state agency, including its tasks, functions, organizational structure, electronic information resources, information and communication infrastructure and their interconnection;

      50) state technical service - republican state enterprise on the right of economic management, created by the decision of the Government of the Republic of Kazakhstan;

      51) normative and technical documentation - a set of documents that define common tasks, principles and requirements for the creation and using (operation) of objects of informatization, as well as controlling over their compliance with established requirements in the field of informatization;

      52) the user - a subject of informatization using objects of informatization for execution of specific function and (or) task;

      52-1) register of trusted software and products of electronic industry – a list of software and products of electronic industry meeting the requirements of information security, created for the purposes of national defense and state security;

      53) service software product - software product designed for the implementation of information and communication service;

      54) technical support - provide consulting, information technology and other services to support the efficiency of licensed software;

      55) technical documentation - a set of documentation for the information system, information and communication platform of "electronic government" and software product, including a service software product that includes technical task, task for design, operational and other documentation;

      56) digital literacy - the knowledge and ability of a person to use information and communication technologies in daily and professional activities;

      57) electronic information resources - information provided in electronic-digital form and contained on an electronic medium, Internet resource and (or) in the information system;

      58) "electronic akimat" - a system of information interaction of local executive bodies with state bodies, individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form that is part of "electronic government";

      59) standard architecture of "electronic akimat" – a description of standard components and requirements for the implementation of functions and services, organizational structure, information flows, information and communication infrastructure of local executive bodies, taking into account the system of administrative and territorial structure of the Republic of Kazakhstan;

      60) electronic media - a material media designed for storage of information in electronic form, as well as recording or its reproduction through technical means;

      61) subject of receiving the services in electronic form – an individual or legal entity who applied for a state or another service in electronic form;

      62) subject of rendering services in electronic form - an individual or legal entity rendering a state or another service in electronic form;

      62-1) products of electronic industry – electronic components and products made of them for various purposes;

      63) "electronic government" - a system of information interaction of state bodies among themselves and with individuals and legal entities, based on automation and optimization of state functions, as well as designed to provide services in electronic form;

      64) objects of informatization of "electronic government" – state electronic information resources, software of state bodies, the Internet resource of the state body, objects of information-communication infrastructure of "electronic government", including the service software product, software and information systems of other persons, intended for formation of the state electronic information resources in the frame of implementation of state functions and rendering state services;

      65) a monitoring system of ensuring the information security for objects of informatization of “electronic government” (hereinafter - a monitoring system of ensuring the information security) - organizational and technical measures aimed at conducting monitoring of safe use of information and communication technologies, including monitoring of information security events and responding to information security incidents;

      66) information and communication infrastructure of "electronic government" - information and communication infrastructure that ensures the functioning of "electronic government";

      67) operator of the information and communication infrastructure of "electronic government" (hereinafter - operator) - a legal entity determined by the Government of the Republic of Kazakhstan, which is entrusted with ensuring the functioning of the information and communication infrastructure of "electronic government" assigned to it;

      68) information and communication platform of “electronic government” – technological platform designed for automation of the activities of a state body, including automation of state functions and rendering state services arising from them;

      69) architecture of "electronic government" - a description of the objects of informatization of "electronic government", as well as a set of normative and technical requirements used to manage and coordinate the processes of creation and development of objects of informatization of "electronic government";

      70) the user's cabinet on the web portal of "electronic government" - a component of the web portal of "electronic government", designed for official information interaction of individuals and legal entities with state agencies on the issues of provision of services in electronic form, the issues of appeal to subjects considering the appeals of these individuals, as well as the use of personal data;

      71) service integrator of "electronic government" - a legal entity determined by the Government of the Republic of Kazakhstan, which is responsible for functions on methodological support of the development of architecture of "electronic government" and the standard architecture of "electronic akimat", as well as other functions provided by this Law;

      71-1) external gateway of "electronic government" - subsystem of the "electronic government" gateway, designed for ensuring interaction of information systems located in a single transport environment of state bodies with information systems, located outside the single transport environment of state bodies;

      72) a unified gateway of electronic mail of "electronic government" - a hardware and software complex that provides protection of electronic mail of "electronic government" in accordance with information security requirements.

      Footnote. Article 1 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

2. Legislation of the Republic of Kazakhstan on informatization

      1. Legislation of the Republic of Kazakhstan on informatization is based on the Constitution of the Republic of Kazakhstan, consists of this Law and other normative legal acts of the Republic of Kazakhstan.

      2. If an international treaty ratified by the Republic of Kazakhstan establishes other rules than those contained in this Law, the rules of the international treaty are applied.

3. Aims and principles of state regulation of public relations in the field of informatization

      1. The aims of state regulation of public relations in the field of informatization are formation and maintenance of the development of information and communication infrastructure, creation of conditions for the development of local content in the production of goods, works and services in the information and communication technologies industry for information support of the social and economic development and competitiveness of the Republic of Kazakhstan.

      2. State regulation of public relations in the field of informatization is based on the following principles:

      1) legality;

      2) observance of rights, freedoms and legal interests of individuals, as well as the rights and legal interests of legal entities;

      3) equality of rights of individuals and legal entities to participate in activities in the field of informatization and the use of its results;

      4) ensuring free access to electronic information resources containing information on the activities of state bodies (presumption of openness), and their compulsory provision, except electronic information resources access to which is restricted in accordance with the laws of the Republic of Kazakhstan;

      5) timeliness of the provision, objectivity, completeness and reliability of electronic information resources in respect of which the laws of the Republic of Kazakhstan establish the mandatory nature of their public distribution or provision by state bodies;

      6) freedom to search, form and transmit any electronic information resources, access to which is not restricted in accordance with the laws of the Republic of Kazakhstan;

      7) ensuring the security of the individual, society and state in the application of information and communication technologies;

      8) creation of conditions for development of the industry of information and communication technologies and conscientious competition;

      9) ensuring centralized management of objects of “electronic government” informatization;

      10) implementation of activities on informatization in the territory of the Republic of Kazakhstan on the basis of unified standards that ensure the reliability and manageability of informatization objects.

4. Scope of action of this Law

      1. A scope of action of this Law is public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, individuals and legal entities in the creation, development, maintenance, operation of informatization objects, as well as in state support for development of the industry of information and communication technologies.

      2. The act of this Law does not apply to:

      1) content and ways of distribution of information;

      2) relations arising from the implementation of work on the creation or development of Internet resources, information systems that are not integrated with the objects of information and communication infrastructure of “electronic government”, as well as when purchasing goods, works and services in the field of informatization by the National Bank of the Republic of Kazakhstan and organizations within its structure.

Chapter 2. STATE ADMINISTRATION IN THE FIELD OF INFORMATIZATION

5. The main tasks of state administration in the field of informatization

      The main tasks of state administration in the field of informatization are:

      1) formation and development of information society;

      2) ensuring the implementation and support of administrative reform of state bodies;

      3) development of "electronic government" and "electronic akimat";

      4) increase digital literacy;

      5) ensuring participants of the educational process with conditions for access to electronic information resources of electronic learning;

      6) ensuring conditions for the development and introduction of modern information and communication technologies in production processes;

      7) assistance in the formation and development of the domestic industry of information and communication technologies;

      8) formation and implementation of a unified scientific, technical, industrial-innovative policy in the field of informatization;

      9) formation, development and protection of state electronic information resources, information systems and telecommunication networks, ensuring their interaction in a unified information space;

      10) monitoring of ensuring information security of state bodies, individuals and legal entities;

      11) prevention and prompt response to incidents of information security, including in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation;

      12) creation of conditions for attracting investments in the industry of information and communication technologies on a systemic basis;

      13) improvement of the legislation of the Republic of Kazakhstan in the field of informatization;

      14) participation in international cooperation in the field of informatization;

      15) creation of conditions for international information exchange and access to information.

6. Competence of the Government of the Republic of Kazakhstan in the field of informatization

      Government of the Republic of Kazakhstan in the field of informatization:

      1) develops the main directions of state policy in the field of informatization and organizes their implementation;

      2) defines the national institute of development in the field of information and communication technologies, service integrator of "electronic government", operator;

      3) approves unified requirements in the field of information and communication technologies and ensuring information security;

      4) approves the list of critically important objects of the information and communication infrastructure, as well as the rules and criteria for classifying objects of the information and communication infrastructure as critically important objects of the information and communication infrastructure;

      5) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      6) approves the list of personal data of individuals included in part of state electronic information resources;

      6-1) approve the national anti-crisis plan to respond to information security incidents;

      6-2) determine the international technological park "Astana Hub";

      7) executes other functions entrusted to it by the Constitution of the Republic of Kazakhstan, this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Footnote. Article 6 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

7. Competence of the authorized body

      Authorized body:

      1) provides implementation of state policy in the field of informatization;

      2) approves the composition and position on the activities of expert council;

      3) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      4) approves the rules for implementation of the service model of informatization;

      5) approves the list of Internet resources of state agencies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      6) approves the rules for formation of a list of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government", assigned to the operator;

      7) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      8) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      9) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      10) approve the requirements for the development of the architecture of "electronic government" in coordination with the authorized body in the sphere of ensuring information security;

      11) approves the rules for classification of objects of informatization and the classifier of objects of informatization;

      12) approves the rules of information interaction of information system for monitoring the provision of state services with information systems;

      13) approve the rules for integration the objects of informatization of "electronic government";

      13-1) approve the rules of functioning and technical requirements for the external gateway of "electronic government";

      14) approves the list of information systems and electronic information resources that carry out interstate information interaction through the national gateway of the Republic of Kazakhstan;

      15) approves the rules for informational content of Internet resources of state bodies and requirements for their content;

      16) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      17) approve the rules for design, implementation, support of implementation, monitoring and development of the architecture of state bodies in coordination with the authorized body in the sphere of ensuring information security;

      18) approve the standard architecture of the "electronic akimat" in coordination with the authorized body for state planning and the authorized body in the sphere of ensuring information security;

      19) approve the rules for conducting expertise in the sphere of informatization of investment proposals, financial and economic justification of budget investments in coordination with the authorized body in the sphere of ensuring information security;

      20) approve the rules for preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government" in coordination with the authorized body in the sphere of ensuring information security;

      21) approves the instruction on drafting, presenting and reviewing the calculation of expenses for public procurement of goods, works, services in the field of informatization in agreement with the authorized agency on state planning;

      22) approve the rules for conducting audit of information systems in coordination with the authorized body in the sphere of ensuring information security;

      23) approve the calculation methodology and standards of costs for creation, development and maintenance of the objects of informatization of state bodies;

      24) approve the calculation methodology of the cost of information and communication services for state bodies in coordination with the central authorized body for budget planning and the authorized body in the sphere of ensuring information security;

      24-1) develop and approve the rules of activity of the international technological park "Astana Hub", including the procedure for provision of services and determining their cost;

      25) develop and approve the methodology for assessing the effectiveness of state bodies activity on the use of information and communication technologies;

      25-1) assess the effectiveness of state bodies activity on the use of information and communication technologies and assess the quality of state services in electronic form;

      26) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      27) approves the checklists, risk assessment criteria, semi-annual audit schedules in accordance with the Entrepreneurship code of the Republic of Kazakhstan;

      28) approves the criteria for attributing electronic information resources to open data posted by state bodies on the Internet portal of open data, as well as the procedure and format for their provision;

      29) approves the catalog of information and communication services;

      30) approve the rules for recording information about the objects of informatization of "electronic government" and placing electronic copies of technical documentation of the objects of informatization of "electronic government";

      31) approve the rules for recording and storage of the developed software, source program codes (if available), a set of settings for licensed software of the objects of informatization of "electronic government";

      32) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      33) approve the task for the design of information and communication service, developed by the service integrator of "electronic government";

      34) develops and approves normative legal acts in the field of informatization;

      35) issue an industry conclusion for the tender documentation of the state -private partnership project, a business plan for the state-private partnership project in direct negotiations on determination of a private partner, with the exception of state-private partnership projects on the service model of informatization;

      36) executes activities to improve the system of attracting investments and incentive mechanisms for the development and implementation of investment projects in the field of informatization;

      37) creates conditions for the development of information and communication technologies industry;

      38) develops proposals on improving the legislation of the Republic of Kazakhstan in the field of informatization;

      39) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      40) executes coordination of development of the architecture of state bodies;

      41) executes monitoring of implementation of the architecture of state bodies;

      41-1) coordinate projects of architecture of state bodies;

      41-2) organize support for implementation of the architectures of state bodies;

      42) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      42-1) carry out monitoring of implementation of state-private partnership projects on the service model of informatization, as well as monitoring of fulfillment of obligations during implementation of the state-private partnership project;

      43) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      44) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      45) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      46) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      47) participate in introduction into industrial operation of the objects of informatization of "electronic government";

      48) issue conclusion in the sphere of informatization on investment proposals, financial and economic justifications of budget investments;

      49) consider and issue conclusions on the calculations of expenses for public procurement of goods, works and services in the sphere of informatization submitted by the administrators of budget programs;

      50) coordinate the technical task for creation and development of the object of informatization of "electronic government";

      51) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      52) organize recording of information about the objects of informatization of "electronic government" and placement of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      53) organize recording and storage of the developed software, source program codes (if available), a set of settings for the licensed software of the objects of informatization of " electronic government";

      54) approve the procedure for determination and use of standard solutions subject to repeated use in creation and development of the objects of informatization of "electronic government";

      55) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);
      56) is excluded by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      57) participates in works on standardization and confirmation of compliance in the field of informatization;

      58) executes international cooperation in the field of informatization;

      59) executes state control in the field of informatization;

      59-1) coordinate the activities of the international technological park "Astana Hub";

      60) approves the rules for registering and connecting the subscriber number of the subscriber provided by the mobile operator to the account of the web portal of "electronic government" for receiving state and other services in electronic form through the subscriber device of the mobile network;

      61) approves the list of state and other services in electronic form provided through the web portal of "electronic government" and the subscriber device of the mobile network;

      62) approves the rules for the classification of state services in electronic form for determining the method of authentication of a service recipient;

      63) approves the mandatory requisites of the results of rendering state and other services in electronic form received through the subscriber device of the mobile network, as well as the procedure for verifying their reliability;

      63-1) carry out coordination of the list of projects of state-private partnership on the service model of informatization formed by the service integrator;

      63-2) issue instructions upon revealing violations of the requirements of the legislation of the Republic of Kazakhstan on informatization;

      64) executes other authority provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

      Footnote. Article 7 as amended by the laws of the Republic of Kazakhstan dated 30.11.2017 No. 112-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-1. Competence of the authorized body in the sphere of ensuring information security

      Authorized body in the sphere of ensuring information security shall:

      1) ensure implementation of the state policy in the sphere of ensuring information security;

      2) develop unified requirements in the field of information and communication technologies and ensuring information security;

      3) develop a list of critically important objects of information and communication infrastructure, as well as the rules and criteria for classifying the objects of information and communication infrastructure as critically important objects of information and communication infrastructure;

      4) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      5) approve the methodology and rules for conducting tests of the objects of informatization of "electronic government" and information systems, classified as critically important objects of information and communication infrastructure, for compliance with the requirements of information security;

      5-1) approve the rules for monitoring information security events of the objects of informatization of state bodies in coordination with the Committee for national security of the Republic of Kazakhstan;

      6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      7) approve the rules for monitoring information security ensuring of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure in coordination with the national security bodies;

      8) approve the rules for monitoring implementation of the unified requirements in the field of information and communication technologies and ensuring information security;

      9) carry out monitoring of implementation of the unified requirements in the field of information and communication technologies and ensuring information security;

      10) carry out coordination of activity on the development of information security tools in terms of detection, analysis and prevention of threats to information security to ensure the sustainable functioning of information systems and telecommunications networks of state bodies;

      11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication);

      11-1) issue an act on the results of tests for compliance with information security requirements;

      12) exercise state control in the sphere of informatization in terms of ensuring information security;

      13) direct for execution of the instruction at detection of violations of requirements of the legislation of the Republic of Kazakhstan in the sphere of ensuring information security";

      14) carry out coordination of activity on the management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of a state of emergency or martial law;

      14-1) participate in introduction into industrial operation of the objects of informatization of "electronic government";

      14-2) organize assistance to the owners, possessors and users of the objects of informatization on the issues of safe use of information and communication technologies, including prevention of illegal actions to obtain, copy, distribute, modify, destroy or block electronic information resources;

      15) develop a National anti-crisis plan to respond to information security incidents;

      16) determine the administrator and registrar of domain names, approve the rules for registration, use and distribution of domain names in the space of the Kazakhstani segment of the Internet;

      17) approve the rules for creation and ensuring functioning of a unified national backup platform for storage of electronic information resources, the frequency of backup copying of electronic information resources of critically important objects of information and communication infrastructure;

      18) approve protection profiles and methods of development of protection profiles;

      19) approve the rules for exchange of information necessary for information security between the operation centers of ensuring information security and the National coordination center for information security;

      20) approve the rules for formation and keeping the register of trusted software and products of electronic industry, as well as the criteria for inclusion of the software and products of electronic industry into the registry of trusted software and products of electronic industry;

      20-1) issue conclusions in the sphere of ensuring information security on investment proposals and financial and economic justifications of budget investments on the basis of expertises of the state technical service and coordinate technical tasks for creation and development of the object of informatization of "electronic government" on compliance with information security requirements based on the expertises of the state technical service;

      21) carry out other powers provided by this Law, other laws of the Republic of Kazakhstan, acts of the President of the Republic of Kazakhstan and the Government of the Republic of Kazakhstan.

      Footnote. Chapter 2 is supplemented by Article 7-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of twenty-one calendar days after its first official publication).

Article 7-2. Information security operational center

      1. Information security operational center shall:

      1) carry out activity on detection, assessment, forecasting, localization, neutralization and prevention of threats to information security of information and communication infrastructure, objects of informatization, connected to the operational center of information security;

      2) take measures to minimize threats to information security, immediately inform the owner of the information and communication infrastructure, as well as the National coordination center for information security about the fact of an information security incident;

      3) carry out monitoring of ensuring information security of critically important objects of information and communication infrastructure, objects of informatization, which are not related to the objects of informatization of " electronic government";

      4) carry out exchange of information necessary for ensuring information security of the objects of informatization, connected to the operational center of information security, with the National coordination center for information security and other operational centers of information security;

      5) carry out collection, consolidation, analysis and storage of information about the events and incidents of information security;

      6) provide the owners of critically important objects of information and communication infrastructure with information, necessary to ensure information security of objects of information and communication infrastructure, including information about security threats, vulnerability of software, equipment and technologies, the ways of realization of information security threats, the prerequisites for occurrence of information security incidents and methods for their prevention and liquidation of consequences;

      7) ensure the safety of information of limited distribution, which became known to the operational center of information security in the framework of its activities;

      8) provide connection of systems of logging information security events to the monitoring center of the National coordination center for information security.

      2. The operational center of information security shall carry out its activity on the basis of the license for rendering services on identification of technical channels of information leakage and special technical means intended for operational-search actions.

      3. Employees of the operational center of information security shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      4. The requirement of paragraph 2 of this Article shall not apply to the second-tier banks of the Republic of Kazakhstan, in which the functions of the operational center of information security are carried out by their structural divisions.

      Footnote. Chapter 2 is supplemented by Article 7-2, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-3. Information security incident response service

      1. Information security incident response service shall:

      1) conduct analysis of information on information security events in order to eliminate the causes and conditions of information security incidents;

      2) develop recommendations aimed at countering threats to information security;

      3) inform owners of the objects of informatization about the known incidents and threats to information security.

      2. Information security incident response service shall carry out its activity on the basis of a license for provision of services to identify technical channels of information leakage and special technical means intended for operational-search actions.

      3. Employees of the information security incident response service shall be responsible for the disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      4. The requirement of paragraph 2 of this Article shall not apply to the second-tier banks of the Republic of Kazakhstan, in which the functions of information security incident response service are carried out by their structural divisions.

      Footnote. Chapter 2 is supplemented by Article 7-3, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 7-4. National coordination center for information security

      1. National coordination center for information security shall:

      1) assist the owners, possessors and users of the objects of informatization on the issues of safe use of information and communication technologies;

      2) ensure interaction between operational centers of information security on the issues of monitoring information security ensuring of the objects of informatization;

      3) carry out collection, analysis and generalization of information of operational centers of information security on information security incidents at the objects of information and communication infrastructure of "electronic government" and other critically important objects of information and communication infrastructure;

      4) provide technical support of information system of the National coordination center for information security;

      5) participate in the development of the procedure for exchange of information necessary for ensuring information security between the operational centers of information security and the National coordination center for information security;

      6) in cases of receiving information on information security incidents at the objects of informatization, immediately inform the national security bodies of the Republic of Kazakhstan;

      7) carry out inter-sectorial coordination on the issues of monitoring of information security ensuring, protection and safe functioning of the objects of informatization of "electronic government", the Kazakhstani segment of the Internet, as well as of critically important objects of information and communication infrastructure, response to information security incidents with joint measures to ensure information security in the manner determined by the legislation of the Republic of Kazakhstan;

      7-1) carry out monitoring of information security ensuring of the objects of informatization of "electronic government" by means of system of monitoring of information security of the National coordination center for information security;

      7-2) carry out monitoring of information security events of the objects of informatization of state bodies;

      8) create and provide functioning of the unified national backup platform of storage of electronic information resources, establish frequency of backup copying of electronic information resources of critically important objects of information and communication infrastructure in the manner determined by the authorized body in the sphere of ensuring information security;

      9) provide organizational and technical support of the information security monitoring system of the National coordination center for information security;

      10) carry out measures for identification, suppression and research of threats and incidents of information security on the objects of informatization of "electronic government" and form recommendations for their elimination or prevention;

      11) coordinate measures to ensure information security of the objects of informatization of "e-government" and critically important objects of information and communication infrastructure, as well as to respond to information security incidents.

      2. Employees of the National coordination center for information security shall be responsible for disclosure of commercial or other legally protected secrets obtained by them as a result of their activities, in accordance with the laws of the Republic of Kazakhstan.

      Footnote. Chapter 2 is supplemented by Article 7-4, in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of six months after its first official publication).

8. Expert council

      1. The expert council is chaired by the head of the authorized body and it includes officials – heads of the state bodies responsible for informatization of activities of the state body, representatives of the authorized body, service integrator of “electronic government”, the authorized body in the sphere of information security and other organizations in the sphere of informatization in coordination with the specified bodies and organizations.

      2. Expert council executes its activities on an ongoing basis.

      3. The expert council shall consider the issues in the field of informatization and develop proposals and (or) recommendations.

      The powers and procedure of the expert council activity shall be determined by the regulations on the activities of the expert council.

      Footnote. Article 8 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

9. Competence of central executive agencies and state agencies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization

      Central executive bodies and state bodies directly subordinate and accountable to the President of the Republic of Kazakhstan in the field of informatization:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure compliance with the requirements for development of the architecture of "electronic government" and the rules of development, implementation, implementation support, monitoring and development of the architecture of state bodies;

      3) create and develop the objects of informatization of " electronic government";

      4) execute filling, ensure the reliability and relevance of electronic information resources;

      5) approve the architecture of the state body and ensure its implementation and development;

      6) participate in the development of "electronic government";

      7) provide access to local executive bodies within their competence to information systems of state bodies under the authority of state body;

      8) place open data in Kazakh and Russian on the Internet portal of open data;

      9) carry out recording and updating of information about the objects of informatization of "electronic government" and electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of

      "electronic government";

      10) ensure transfer to the service integrator of "e-government" for recording and storage of the developed software, source program codes (if available), a set of settings to the licensed software of the objects of informatization of "e-government";

      11) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      12) carry out the use of standard solutions in creation and development of the objects of informatization of " e-government";

      13) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on Internet portal of open data in agreement with the authorized bodies;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) establish the requirements for the level of digital literacy of specialists in relevant fields of activity in developing and approving professional standards;

      18) execute other authority provided for by this Law, other laws of the Republic of Kazakhstan and acts of the President of the Republic of Kazakhstan.

      Competence of central executive bodies is also determined by acts of the Government of the Republic of Kazakhstan.

      Footnote. Article 9 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

10. Competence of local executive agencies in the field of informatization

      Local executive bodies:

      1) ensure observation of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) ensure compliance with the requirements for development of the architecture of "electronic government", standard architecture of "electronic akimat", taking into account the activities of the local executive body and the rules for development, implementation, implementation support, monitoring and development of the architecture of state bodies;

      3) create and develop the objects of informatization of "electronic government";

      4) provide filling, ensure the reliability and relevance of electronic information resources of local executive bodies;

      5) local executive bodies of regions, the cities of republican significance, the capital city approve the architecture of the state body and ensure its implementation and development;

      6) carry out recording and updating of information on the objects of informatization of "electronic government" and electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of

      "electronic government";

      7) place publicly available information about the plans and results of creation and development of the objects of informatization of state bodies on its Internet resources;

      8) ensure transfer to the service integrator of "e-government" for recording and storage of the developed software, source program codes (if available), a set of settings to the licensed software of the objects of informatization of "e-government";

      9) provide storage of originals of technical documentation on paper media and submit them to the service integrator of "electronic government" at its request;

      10) carry out the use of standard solutions in creation and development of the objects of informatization of " e-government";

      11) organize public access points for individuals and legal entities to state electronic information resources and information systems of state bodies, including by allocating uninhabited premises for the organization of this access;

      12) create conditions for increasing digital literacy;

      13) place open data in Kazakh and Russian on the Internet portal of open data;

      14) place Internet resources on a unified platform of Internet resources of state bodies, as well as ensure their reliability and actualization;

      15) approve the list of open data placed on the Internet portal of open data in agreement with authorized agency;

      16) acquire information and communication services from the operator in accordance with the catalog of information and communication services;

      17) execute in the interests of local state administration other authority entrusted in local executive bodies by the legislation of the Republic of Kazakhstan.

      Footnote. Article 10 as amended by the laws of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

11. National institute of development in the field of information and communication technologies

      1. National institute of development in the field of information and communication technologies is determined by the Government of the Republic of Kazakhstan with the aim of creating favorable conditions for increasing the competitiveness of the industry of information and communication technologies and stimulating industrial and innovative activities in the field of information and communication technologies.

      2. National institute of development in the field of information and communication technologies:

      1) executes implementation of measures of state support for development of the industry of information and communication technologies;

      2) provides information and analytical and advisory services in the field of information and communication technologies;

      3) carry out investments in industrial and innovative projects, venture funds in the field of information and communication technologies through participation in the charter capitals of the subjects of industrial and innovative activity, creation of legal entities, including those with foreign participation, and in other ways provided by the legislation of the Republic of Kazakhstan;

      4) cooperates with international organizations and foreign legal entities in order to attract information, educational, financial and other resources to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan;

      5) provides subject of informatization with access to information on implemented industrial-innovative projects in the field of information and communication technologies;

      6) issues expert conclusions and (or) recommendations to the authorized body and state bodies in the field of information and communication technologies at no charge;

      7) executes collection of information and analysis of effectiveness of measures of state support for development of the industry of information and communication technologies;

      8) promote the development of risk investment funds, venture funds and venture financing, as well as development of demand for technology transfer in the field of information and communication technologies;

      9) executes the analysis of development of the industry of information and communication technologies;

      10) renders assistance in the development of local content in the industry of information and communication technologies;

      11) develop documents on standardization in the field of information and communication technologies;

      12) submits proposals to the authorized body on the formation of state educational order for the training, increasing qualification and retraining of specialists in the field of information and communication technologies in the organizations of technical, professional and higher education, as well as proposals for standard educational plans and standard educational programs in the field of information and communication technologies;

      13) issues an expert conclusion for the provision of innovative grants in the field of information and communication technologies.

      Footnote. Article 11 as amended by the Law of the Republic of Kazakhstan dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 05.10.2018 No. 184-VI (shall be enforced upon expiry of six months after its first official publication).

12. Service integrator of "electronic government"

      Service integrator of "electronic government":

      1) participates in the implementation of state policy in the field of informatization and the introduction of service model of informatization;

      2) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      3) provides methodological support for development of the architecture of "electronic government";

      4) develop a standard architecture of "electronic akimat" and make proposals for its development;

      5) develops, accompanies the implementation and develops the architecture of state bodies, as well as executes necessary measures for this measure;

      6) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      7) informs the operator and potential suppliers (contractors) about the needs of state bodies in goods, works, services related to the automation of state functions and state services within the implementation of the service model of informatization;

      8) develop a task for the design of information and communication services;

      9) organize creation and development of information and communication services on the service model of informatization;

      10) conduct in the sphere of informatization an expertise of the investment proposal, financial and economic justification of budget investments, as well as of the technical task for creation and development of the object of informatization of "e-government" on compliance with the requirements for development of the architecture of "electronic government", approved architecture of the state body, standard architecture of "electronic akimat" and for the presence of possibility to use standard solutions in creation and development of the object of informatization of "e-government";

      11) conduct an assessment in the state bodies of the level of readiness of processes for managing the architecture of the state body in accordance with the rules for development, implementation, support of implementation, monitoring and development of the architecture of state bodies;

      12) support an assessment of the effectiveness of activities of state bodies on the use of information and communication technologies and assessment of the quality of rendering state services in electronic form;

      13) forms and conducts the classifier;

      14) executes the management of projects on creation and development of the objects of informatization of "electronic government";

      15) provides consulting and practical assistance to state bodies in the creation and development of the objects of informatization of "electronic government";

      16) carry out recording of information about the objects of informatization of "electronic government" and storage of electronic copies of technical documentation of the objects of informatization of "electronic government" on the architectural portal of "electronic government";

      17) carry out recording and storage of the developed software, source program codes (if available), a set of settings of the licensed software of the objects of informatization of "electronic government";

      18) issue a conclusion on the possibility of using standard solutions for creation and development of the objects of informatization of "e-government";

      19) forms and conducts a catalog of information and communication services;

      20) organize integration of the objects of informatization of "electronic government" and the national gateway of the Republic of Kazakhstan;

      21) executes the management of project on development of the national gateway of the Republic of Kazakhstan;

      21-1) form a list of state-private partnership projects on the service model of informatization;

      22) makes proposals for the development of information and communication technologies to the national institute of development in the field of information and communication technologies.

      Footnote. Article 12 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

13. Operator

      Operator:

      1) ensures observance of unified requirements in the field of information and communication technologies and ensuring information security, as well as the rules for the implementation of service model of informatization;

      2) executes system-technical service and maintenance of Internet resources of state bodies and objects of information and communication infrastructure of "electronic government" in accordance with the list approved by the authorized body;

      3) have the right to attract the objects of information and communication infrastructure of other persons for development of information and communication infrastructure of "electronic government", and also other persons for implementation of support and system-technical maintenance of information systems of state bodies;

      4) provides information and communication services to state bodies on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services;

      5) ensures the security of storage of state electronic information resources placed on the information and communication infrastructure of "electronic government" assigned to the operator;

      6) ensures the safety of storage of state electronic information resources in the provision of information and communication services;

      7) provides prompt response to identified defects in the provision of information and communication services, as well as state services in electronic form and taking measures to eliminate them;

      8) provides at no charge basis upon the request of service integrator of "electronic government" an information and communication infrastructure for the development and testing of service software products by potential suppliers;

      9) executes integration and connection of local (except local networks with access to the Internet), departmental and corporate telecommunication networks of state bodies to the information and communication infrastructure of "electronic government";

      10) provide communication services to state bodies, their subordinate organizations, local self-government bodies, as well as other subjects of informatization, determined by the authorized body and connected to the unified transport environment of state bodies, for functioning of their electronic information resources and information systems. To provide communication services it shall have the right to attract other persons as subcontractors (co-executors) of services;

      11) executes the creation and development of the information and communication platform of "electronic government" and a unified transport environment of state bodies;

      12) executes maintenance and system-technical service of the national gateway of the Republic of Kazakhstan;

      12-1) carry out support and system-technical maintenance of the root certification center of the Republic of Kazakhstan, certification center of state bodies of the Republic of Kazakhstan, national certification center of the Republic of Kazakhstan and a trusted third party of the Republic of Kazakhstan;

      13) executes the information content of the web portal of "electronic government".

      Footnote. Article 13 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 13-1. International technological park "Astana Hub"

      1. International technological park “Astana Hub” shall carry out its activity in accordance with the legislation of the Republic of Kazakhstan.

      2. The functions of the international technological park "Astana Hub" shall include:

      1) rendering acceleration services, technological business incubation to the participants of the international technological park "Astana Hub";

      2) provision of services for holding marketing and other events for the participants of the international technological park "Astana Hub";

      3) rendering services for consulting, information, analytical, educational activities to stimulate the development of participants of the international technological park "Astana Hub";

      4) cooperation with international organizations, foreign partners in order to attract information, educational and financial resources to stimulate the development of the participants of the international technological park "Astana Hub", study of international experience and exchange of knowledge;

      5) search of potential investors for implementation of industrial and innovative projects in the field of information and communication technologies of the participants of the international technological park "Astana Hub";

      6) sending invitations, petitions for getting visas by the foreigners and stateless persons to study under the programs of the international technological park "Astana Hub";

      7) attracting non-residents and residents of the Republic of Kazakhstan to participate in the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";

      8) registration of participants of the international technological park "Astana Hub" and issuance of relevant supporting documents in accordance with the rules of activity of the international technological park "Astana Hub";

      9) provision of housing and creation of living conditions for the persons undergoing acceleration in the international technological park "Astana Hub", in accordance with the rules of activity of the international technological park "Astana Hub".

      3. International technological park “Astana Hub” has its own budget formed from:

      1) voluntary property contributions and donations;

      2) revenues (incomes) from the sale of goods, works and services in cases, established by the legislation of the Republic of Kazakhstan;

      3) fees and payments made to the international technological park "Astana Hub" by the participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub";

      4) other sources, not prohibited by the laws of the Republic of Kazakhstan.

      4. International technological park "Astana Hub" shall have the right to receive a state task in accordance with the budget legislation of the Republic of Kazakhstan to perform its functions determined by paragraph 2 of this Article, except for the functions of financing industrial and innovative projects in the field of information and communication technologies of the participants of the international technological park" Astana Hub", creation of investment funds or equity participation in investment funds, as well as development of the international technological park "Astana hub", as determined by paragraph 12 of this Article.

      5. International technological park “Astana Hub” uses the property formed in accordance with paragraph 3 of this Article to ensure the activity, functioning and development of the international technological park “Astana Hub”.

      6. Participants of the international technological park "Astana Hub " are legal entities included in the list of participants of the international technological park "Astana Hub" in accordance with the rules of activity of the international technological park "Astana Hub".

      The requirements for the participants of the international technological park "Astana Hub" shall be established by the rules of activity of the international technological park "Astana Hub".

      The participant of the international technological park "Astana Hub "from January 1, 2024 must be at the place of registration of the international technological park "Astana Hub".

      7. Foreigners and stateless persons arriving on the territory of the Republic of Kazakhstan to carry out activities in the international technological park "Astana Hub" shall receive a visa to enter at the foreign institutions of the Republic of Kazakhstan or upon arrival at international airports of the Republic of Kazakhstan in coordination with the national security agency of the Republic of Kazakhstan.

      8. Foreigners and stateless persons who are the employees of the participants of the international technological park "Astana Hub" or employees of the international technological park "Astana Hub", and their family members (spouses) and their children under the age of eighteen) shall receive a visa for entry valid for up to five years.

      9. Extension of the validity period of visas to the persons, specified in paragraphs 7 and 8 of this Article, at the request of the international technological park "Astana Hub" may be carried out without leaving the Republic of Kazakhstan in accordance with the legislation of the Republic of Kazakhstan.

      10. International technological park "Astana Hub" and its participants shall be obliged to have and store documents confirming their qualification for each involved employee, and attracted foreigners and persons without citizenship shall be obliged to present them to the international technological park "Astana Hub" or its participants.

      11. International technological park "Astana Hub" shall keep a record of foreign labor attracted by it and its participants. Information on the attracted foreigners and stateless persons by the international technological park "Astana Hub" shall be submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan. The composition of information submitted to the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan, the frequency and order of their provision shall be determined by the authorized body in the sphere of informatization in coordination with the authorized body on migration issues and the national security Committee of the Republic of Kazakhstan.

      12. International technological park "Astana Hub" shall perform other functions stipulated by the legislation of the Republic of Kazakhstan, and also carry out financing of industrial-innovative projects in the field of information and communication technologies of participants of the international technological park "Astana Hub" and create investment funds or take equity participation in investment funds.

      Footnote. Chapter 2 is supplemented by Article 13-1, in accordance with the Law of the Republic of Kazakhstan dated 04.07.2018 No. 174-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 26.12.2018 No. 203-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

14. State technical service

      1. State technical service executes the following types of activities in the field of informatization referred to state monopoly:

      1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      2) executes monitoring of the provision of protection for the objects of informatization of "electronic government";

      3) executes monitoring of the provision of secure operation of the objects of informatization of "electronic government";

      4) executes monitoring of the Internet resources of state bodies for their safe use and response to information security incidents;

      5) executes monitoring of permanence of conditions for the functioning and functionality of the objects of informatization of "electronic government" in accordance with information security requirements;

      6) carry out support of the single gateway of access to the Internet and the single gateway of e-mail of the "electronic government";

      7) conduct tests of the objects of informatization of "electronic government" for compliance with the requirements of information security;

      8) carry out coordination of the task on design of information and communication service for compliance with the requirements of information security;

      9) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      10) carry out expertise of the investment proposal and financial and economic justification of budget investments and technical task for creation and development of the object of informatization of "electronic government" for compliance with information security requirements;

      11) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      12) executes monitoring of the fault tolerance of domain name servers serving top-level domain names of Kazakhstan;

      13) accompanies development of plans for addressing and numbering telecommunication networks of telecom operators executing activities in the territory of the Republic of Kazakhstan;

      13-1) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      14) executes work on the development of information security means in terms of detection, analysis and prevention of information security threats to ensure the sustainable operation of information systems and telecommunication networks of state bodies.

      15) implement the tasks and functions of the National coordination center for information security.

      2. Prices for goods (works, services) produced and (or) sold by the subject of the state monopoly shall be established by the national security Committee of the Republic of Kazakhstan in coordination with the antimonopoly body.

      Footnote. Article 14 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 14-1. National institute for development in the sphere of ensuring information security

      National institute for development in the sphere of ensuring information security shall:

      1) participate in implementation of the state policy in the sphere of ensuring information security;

      2) develop documents on standardization in the sphere of ensuring information security;

      3) carry out scientific and technical activities in the sphere of ensuring information security;

      4) carry out scientific and technical expertise of projects in the sphere of ensuring information security;

      5) provide training, retraining and advanced training in the sphere of ensuring information security.

      Footnote. Chapter 2 is supplemented by Article 14-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

15. Single contact center

      Single contact center:

      1) executes round-the-clock advisory support of individuals and legal entities on the issues of provision of state and other services;

      2) executes round-the-clock advisory support of state bodies on the issues of information and communication services rendered to them;

      3) executes round-the-clock advisory support of individuals and legal entities, state bodies on the issues of "electronic government";

      4) sends requests to the operator, state bodies and other organizations to provide explanations on the issues that arose with the recipient of information and communication, state and other services;

      5) on a systematic basis sends information to the operator, state bodies and other organizations on the received appeals of individuals and legal entities.

Chapter 3. RIGHTS AND DUTIES OF SUBJECTS OF INFORMATIZATION

16. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) transfer objects of informatization for rent, trust administration, economic management or operational management and otherwise dispose of them;

      2) establish within its competence the regime and rules of processing, protection and access to electronic information resources;

      3) establish within its competence the regime and rules of protection and access to the objects of information and communication infrastructure;

      4) determine the conditions for disposal of electronic information resources in storing, copying and distributing them;

      5) determine the conditions for owning and using the objects of information and communication infrastructure.

      2. The owner of objects of informatization is obliged to:

      1) take measures to protect objects of informatization;

      2) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other legislative acts of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      3. The owner of the information system has the rights to own, use and dispose of the information system entirely as a property complex.

      4. The owner of the information system has the right, unless otherwise established by the laws of the Republic of Kazakhstan or the owner of electronic information resources, to prohibit or restrict the movement and distribution of electronic information resources contained in this information system.

      5. In case if the owner of the information system is not owner of the electronic information resources located in this information system, as well as the owner of the information and communication infrastructure used for this information system, the operating procedure of the information system and access to electronic information resources and information and communication infrastructure is determined by agreement between the owners.

      6. The owner of the object of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

17. Rights and duties of the owner of objects of informatization

      1. The owner of objects of informatization has the right to:

      1) own and use objects of informatization on terms determined by the owner;

      2) determine the conditions for access and use of electronic information resources, objects of information and communication infrastructure by third parties in accordance with subparagraph 1) of this paragraph;

      3) determine the processing conditions of electronic information resources in the information system.

      2. The owner of objects of informatization is obliged to:

      1) observe the rights and lawful interests of the owner of objects of informatization and third parties;

      2) execute measures to protect objects of informatization;

      3) distribute, provide, restrict or prohibit access to electronic information resources and objects of information and communication infrastructure in accordance with this Law and other laws of the Republic of Kazakhstan;

      4) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

      2-1. The owner of critically important objects of information and communication infrastructure shall also be obliged to:

      1) carry out monitoring of ensuring information security of the objects of informatization in the manner determined by the authorized body in the sphere of ensuring information security;

      2) ensure connection of systems for monitoring of ensuring information security to the technical means of the systems for monitoring of ensuring information security of the National coordination center for information security.

      At the same time connection of systems for monitoring of ensuring information security shall be carried out by own division or purchase of services of the third parties in accordance with the civil legislation of the Republic of Kazakhstan;

      3) notify the National coordination center for information security about the incidents of information security in the manner and terms determined by the rules of conducting monitoring of ensuring information security of the objects of informatization of “e-government” and critically important objects of information and communication infrastructure, unless otherwise established by legislative acts of the Republic of Kazakhstan;

      4) carry out transfer of backup copies of electronic information resources to the unified platform of backup storage of electronic information resources in the manner and terms determined by the authorized body in the sphere of ensuring information security, unless otherwise established by legislative acts of the Republic of Kazakhstan.

      Access to the copy of the electronic information resource stored on the unified platform of backup storage of electronic information resources, except for the owner of the electronic information resource shall be prohibited.

      3. The owner of objects of information and communication infrastructure is responsible to the owner or holder of electronic information resources, information system for the security of storage and protection of electronic information resources, protection of information systems placed on the objects belonging to him.

      Footnote. Article 17 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

18. Rights and duties of the user

      1. The user has the right to:

      1) receive, use, distribute, transmit, provide to third parties electronic information resources including public data, use the information system on the terms determined by the legislation of the Republic of Kazakhstan, the owner or holder of electronic information resources, information system;

      2) familiarize with own personal data containing in electronic information resources, information system if other is not established by laws of the Republic of Kazakhstan.

      2. The user is obliged to:

      1) observe the rights and lawful interests of the owner or holder of electronic information resources, information system and third parties;

      2) ensure protection of electronic information resources, information system in accordance with this Law and the legislation of the Republic of Kazakhstan;

      3) execute other duties in accordance with this Law and other laws of the Republic of Kazakhstan.

19. Types of services provided in electronic form

      1. By the degree of automation, the services provided in electronic form are:

      1) fully automated;

      2) partially automated.

      Fully automated is a service that excludes a paper document circulation in the process of its provision.

      Partially automated service is an electronic service that contains a sequence of paper and electronic document circulation in the process of its provision.

      2. By the way of provision the service in electronic form are:

      1) informative;

      2) interactive;

      3) transactional;

      4) composite.

      Informative service provided in electronic form is the service for providing the user with electronic information resources.

      Interactive service provided in electronic form is the service for providing the user with electronic information resources, upon his request or agreement of parties requiring mutual exchange of information. Certification through an electronic digital signature may be required to provide an interactive service.

      Transactional service provided in electronic form is a service for providing the user with electronic information resources requiring mutual exchange of information and related to the implementation of payments in electronic form. Certification through an electronic digital signature may be required to provide a transactional service.

      Composite service provided in electronic form is a set of interrelated services, for the provision of which a request of the subject of receiving the service in electronic form is enough.

      3. By the nature of compensation for provision of services, provided in electronic form, are:

      1) refundable;

      2) non-refundable.

      Refundable is a service providing the payment of compensation to the subject of providing service in electronic form.

      Non-refundable is a service provided without payment of compensation to the subject of providing service in electronic form.

20. Submission of information in provision of services in electronic form

      1. In provision of services in electronic form, subjects of providing services in electronic form:

      1) receive information in electronic form on the payments of service recipients from the payment gateway of "electronic government" as reliable;

      2) transmit information in electronic form on the existence of debts of individuals and legal entities to the payment gateway of "electronic government".

      2. Banks of the second level and organizations implementing certain types of banking operations, on the request of the subject of providing services in electronic form and the subject of receiving services in electronic form, submit the following information in electronic form on:

      1) belonging of the bank account to the person specified in the request and the existence of a pledge agreement of movable and immovable property - in the provision of state services in electronic form;

      2) amount of money, date of making payment, sender of money and beneficiary - in making payments by individuals and legal entities for services provided in electronic form.

SECTION 2. INFORMATION AND COMMUNICATION INFRASTRUCTURE
Chapter 4. "ELECTRONIC GOVERNMENT"

21. The operation of "electronic government"

      1. The aims of the operation of "electronic government" are:

      1) ensure accessibility, quality and efficiency of the provision of state services in electronic form, as well as interaction of individuals and legal entities with state bodies;

      2) increase publicity in the activities of state bodies, ensure accessibility of information, public control and public participation in solving issues of state administration at all levels;

      3) ensure the implementation and support of administrative reform of state administration;

      4) optimization of the activities of state agencies through the use of information and communication technologies;

      5) reduction (exclusion) of the use of documents on paper medium and the requirements for their submission.

      2. In the operation of "electronic government" is provided:

      1) access of individuals and legal entities to publicly available information on the activities of state bodies;

      2) access of state bodies to information contained in information systems of state bodies;

      3) automation of activities of state bodies;

      4) use of electronic document circulation in the activities of state bodies, including in execution of state functions and provision of state services in electronic form;

      5) exclusion of duplication in the collection, accumulation and storage of state electronic information resources;

      6) information security and protection of objects of informatization of "electronic government".

22. Architecture of "electronic government"

      1. Development of the architecture of "electronic government" is executed in accordance with the requirements for development of the architecture of "electronic government", as well as unified requirements in the field of information and communication technologies and ensuring information security.

      2. Requirements for development of the architecture of "electronic government" are determined in accordance with the strategic and program documents of state bodies.

23. Architecture of state agency

      1. Service integrator of "electronic government" shall design and develop the architecture of the state bodies.

      The architecture of the state body for central executive bodies and state bodies, directly subordinate and accountable to the President of the Republic of Kazakhstan shall be designed in accordance with the rules of development, implementation, implementation support, monitoring and development of the architecture of state bodies, the requirements for the development of the architecture of "electronic government", as well as based on the goals and objectives of the state body.

      Service integrator of “electronic government” shall design the architecture of the state body for local executive bodies in compliance with standard architecture of "electronic akimat", the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies and requirements for the development of the architecture of "electronic government", as well as based on the goals and objectives of the state body.

      1-1. State bodies in the course of design, implementation support and development of the architecture of the state body shall create a working group and necessary organizational and technical conditions for the service integrator.

      The state body shall provide public discussion of the architecture project of the state body regarding the plan of its implementation on the architectural portal of "electronic government" in accordance with the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies.

      2. Introduction of changes in the architecture of the state body shall be carried out in accordance with the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies.

      3. State bodies are obliged to take measures on development of strategic indicators of the effectiveness of application of information and communication technologies, taking into account the following requirements:

      1) contribution of information and communication technologies to the implementation of aims and objectives of state body;

      2) optimization and automation of state functions and provision of state services resulting from their implementation;

      3) implementation of electronic information interaction with other subjects of informatization on the issues within the competence of state body;

      4) quality of the provision of state services in electronic form and satisfaction of the service recipients.

      4. State body provides record, description, classification and actualization of falling within its competence tasks and indicators of efficiency of activities, functions and services, documents, data and electronic information resources, information systems and information and communication infrastructure on the architectural portal of "electronic government".

      5. State bodies provide an appropriate level of automation of the subordinate organizations, which is necessary for conducting information interaction and providing state services in electronic form.

      6. The state bodies shall provide the necessary organizational and technical conditions within the terms agreed by the state bodies with the authorized body in case of receiving a request from the owner or the possessor of the object of informatization for integration with the objects of informatization of "electronic government" in order to establish information exchange.

      Footnote. Article 23 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

24. Standard architecture of "electronic akimat"

      1. The standard architecture of "electronic akimat" shall be developed in accordance with the requirements for development of the architecture of "electronic government", the rules of design, implementation, implementation support, monitoring and development of the architecture of state bodies and unified requirements in the field of information and communication technologies and information security.

      2. Local executive bodies create or develop information systems of state bodies, acquire software and (or) objects of information and communication infrastructure taking into account the requirements of the standard architecture of "electronic akimat".

      Footnote. Article 24 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

25. Automation of state functions and provision of state services resulting from them

      1. Automation of activities of state body, including state functions and rendering state services arising from them, shall be carried out by creating and development of the objects of informatization of "electronic government" or by purchase of the objects of informatization of "electronic government" or information and communications services in accordance with the approved architecture of the state body, and in case of its absence – on the basis of the decision of the state body about the need of automation, agreed with the authorized body.

      State bodies shall provide public discussion of the planned automation of activities in order to attract potential suppliers, to clarify the technical, economic, operational and other characteristics of the object of informatization of "electronic government".

      2. State functions by degree of automation are divided into:

      1) fully automated;

      2) partially automated.

      Fully automated shall be the function of the state body, in which all operations of the processes that make up it are performed in the objects of informatization of "electronic government".

      Partially automated shall be the function of the state body, in which part of operations of the processes that make up it is performed in the objects of informatization of "electronic government".

      Footnote. Article 25 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

26. Information and communication platform of "electronic government"

      1. Automation of activities of the state body, including state functions and rendering state services arising from them, shall be carried out taking into account ensuring the priority of placement of information systems and service software in accordance with the requirements for development of the architecture of "electronic government" on information-communication platform of "electronic government" on the territory of the Republic of Kazakhstan.

      2. It is not allowed to use the information and communication platform of "electronic government" for other aims, except the implementation of state functions and the provision of state services resulting from them in electronic form.

      3. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).
      Footnote. Article 26 as amended by the laws of the Republic of Kazakhstan dated 12.28.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication); dated March 18, 2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication).

27. Web portal and gateway of "electronic government"

      1. Web portal of "electronic government" is an information system that represents a "unified window" for access to all consolidated governmental information, including normative legal base, and to state and other services provided in electronic form.

      Requirements for the maintenance, conduct and information content of the electronic information resources of the web portal of "electronic government" are established by the authorized body.

      The gateway of "electronic government" shall be an information system designed to integrate the objects of informatization of "electronic government" with other objects of informatization.

      2. State and other services in electronic form can be provided through the web portal of "electronic government" and the subscriber device of mobile network.

      3. To receive state and other services in electronic form through the web portal of "electronic government" and the subscriber device of mobile network, subjects of receiving services in electronic form can use one-time passwords in accordance with the legislation of the Republic of Kazakhstan.

      Footnote. Article 27 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

28. Payment gateway of "electronic government"

      1. Payment gateway of "electronic government" is an information system that automates the processes of transferring information on making payments within provision of refundable services provided in electronic form.

      2. Payment gateway of "electronic government" provides:

      1) transfer of requests for making payments of the subject receiving the service in electronic form;

      2) informing the subject of provision the service in electronic form about the making payment for the provision of the service in electronic form.

      3. Banks of the second level and organizations executing certain types of banking operations, participating in the process of receiving and making payments within the provision of services, ensure the integration of their own information systems involved in these processes with payment gateway of "electronic government" directly or through information system the operator of interbank money transfer system.

29. Unified transport environment of state agencies

      1. Unified transport environment of state bodies is the telecommunication network, which is part of the information and communication infrastructure of "electronic government" and is designed to provide the interaction of local (except local networks with Internet access), departmental and corporate telecommunication networks of state bodies, their subordinate organizations and bodies of local government, as well as other subjects of informatization determined by the authorized body, with observance of the required level of information security.

      2. State bodies, their subordinate organizations and local self-government bodies, as well as other subjects of informatization determined by the authorized body, are obliged to use exclusively a unified transport environment of state bodies for the interaction of local (except local networks with Internet access), departmental and corporate networks.

      3. In order to ensure information security, the connection of local, departmental and corporate networks connected to a unified transport environment of state bodies, to telecommunication networks of common use and other telecommunication networks, is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

30. Unified access gateway to the Internet and a unified gateway of electronic mail of "electronic government"

      1. Connection of local, departmental and corporate telecommunication networks of state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, as well as owners or holders of critically important objects of information and communication infrastructure to the Internet is executed by telecom operators through a unified access gateway to the Internet.

      1-1. Connection and transmission of traffic of telecom operators through a unified gateway to the Internet shall be carried out on a contractual basis.

      2. Connection of local, departmental and corporate telecommunication networks of state bodies and local self-government bodies to the Internet is executed in accordance with unified requirements in the field of information and communication technologies and ensuring information security.

      3. Specialized state and law enforcement bodies for operational purposes, the National Bank of the Republic of Kazakhstan can organize connection to the Internet without using a unified access gateway to the Internet.

      4. Electronic interaction of electronic mail of state body with external electronic mail is executed by redirection of electronic messages through a unified gateway of electronic mail of "electronic government".

      Footnote. Article 30 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

31. Architectural portal of "electronic government"

      1. Architectural portal "e-government" shall be an information system designed for carrying out recording, storage and systematization of information about the objects of informatization of "e-government" in accordance with the classifier and further use by state bodies for monitoring, analysis and planning in the sphere of informatization.

      2. State bodies shall place on the architectural portal of "electronic government" information about the objects of informatization of "electronic government" and copies of technical documentation to them in accordance with the rules of accounting information about the objects of informatization of "electronic government" and placement of electronic copies of technical documentation of the objects of informatization of "e-government".

      Presentation of information about the created (developed) or purchased object of informatization of "electronic government" to the service integrator of "electronic government" and their actualization shall be compulsory and carried out at each stage of the life cycle of the object of informatization of "electronic government".

      3. Service integrator of "electronic government" shall conduct analysis of information about the objects of informatization of "electronic government", placed on the architectural portal of "electronic government", to use a standard solution for creation and development of the objects of informatization of "electronic government".

      4. The service integrator of "electronic government" provides the state technical service with access to the architectural portal of "electronic government", including for participation in the formation and maintenance of the classifier in part of definition of requirements for information security.

      5. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      6. The service integrator of "electronic government" executes organizational and technical measures on the issues of placement and actualization of information about the objects of informatization of "electronic government" on the architectural portal of "electronic government".

      Footnote. Article 31 as amended by the Law of the Republic of Kazakhstan dated March 18, 2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after the day its first official publication).

Chapter 5. ELECTRONIC INFORMATION RESOURCES

32. Types of electronic information resources

      1. Electronic information resources on the form of ownership are state and non-state, by degree of access - publicly available and limited access.

      2. Electronic information resources created, acquired and accumulated at the expense of budgetary funds, as well as received by state bodies in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Electronic information resources created, acquired at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      4. Electronic information resources that are provided or distributed by their owner or holder without specifying access conditions or their use, as well as information that is freely accessible and independent of the form of their submission and way of distribution, are publicly available.

      5. Electronic information resources containing information access to which is limited by laws of the Republic of Kazakhstan or their owner or holder in cases established by the legislation of the Republic of Kazakhstan, are electronic information resources of limited access.

      Electronic information resources of limited access are divided into electronic information resources containing information constituting state secrets and confidential.

      6. Reference of electronic information resources to electronic information resources containing information constituting state secrets is executed in accordance with the legislation of the Republic of Kazakhstan on state secrets.

      Creation, acquisition, accumulation, formation, registration, storage, processing, destruction, use, transfer, protection of electronic information resources containing information constituting state secrets are executed in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      7. Electronic information resources containing information that do not constitute state secrets, but access to which is limited by laws of the Republic of Kazakhstan or their owner or holder, are confidential electronic information resources

33. Legal regime of electronic information resources

      1. Reasons of origin, change and termination of the right of ownership and other property rights to electronic information resources are established by the civil legislation of the Republic of Kazakhstan.

      2. Electronic information resources that are the property of a legal entity are included in its property in accordance with the civil legislation of the Republic of Kazakhstan.

      3. The owner of state electronic information resources is the state.

      State electronic information resources, which are under the authority of state bodies in accordance with their competence, are subject to recording and protection in the composition of state property.

      4. The right of ownership for software, information systems and Internet resources does not create the right of ownership for electronic information resources created with their assistance and (or) placed therein, belonging to other owners or holders, unless otherwise provided by the legislation of the Republic of Kazakhstan or by agreement between them

      5. Electronic information resources processed in the order of providing services or in the joint use of information systems and Internet resources belong to the owner or holder of electronic information resources. Belonging and using of derivative products created in this case are regulated by an agreement

      6. The owner of electronic information resources containing information constituting state secrets has the right to dispose of them in the manner determined by the legislation of the Republic of Kazakhstan on state secrets

      7. Electronic information resources that are the property of individuals and legal entities in the case of referring them to electronic information resources containing information constituting state secrets are subject to alienation in the manner established by the legislation of the Republic of Kazakhstan on state secrets.

34. Formation and use of electronic information resources

      1. State electronic information resources are formed in order to provide information needs of state bodies, individuals and legal entities, execution of state functions and provision of state services in electronic form.

      2. The activity of state bodies in the formation of state electronic information resources is financed at the expense of budgetary funds, except the formation of electronic information resources by the National Bank of the Republic of Kazakhstan.

      3. The owner or holder of electronic information resources have the right to freely use and distribute them in compliance with the limits established by the laws of the Republic of Kazakhstan.

      4. The use and distribution of electronic information resources by the user are executed in the manner established by the owners or holders of electronic information resources and (or) information systems.

35. Access to electronic information resources

      1. State electronic information resources of the Republic of Kazakhstan are publicly available, except electronic information resources of limited access.

      State agencies ensure the creation of publicly available state electronic information resources in Kazakh and Russian.

      2. Conditions and order of access to electronic information resources of limited access are determined by the legislation of the Republic of Kazakhstan and the owner of these resources, including by concluding agreements between owners of electronic information resources.

      3. The owner of the information system of state agency that is not the owner of state electronic information resources contained in it, provides access to these resources on the basis of an agreement concluded by the owner of electronic information resources with the owners of other state electronic information resources.

      4. Access to electronic information resources is executed by one of the following ways:

      1) by transferring a request to the owner or holder of the information system on access to electronic information resources using electronic mail and indicating the identification number or in the form of an electronic document certified by an electronic digital signature or other means established by the owner or holder of electronic information resources;

      2) by direct appeal of the user to publicly available electronic information resources, information systems.

      5. Access can not be limited to state electronic information resources containing:

      1) normative legal acts, except those containing state secrets or other secret protected by law;

      2) information on emergency situations, natural and technogenic disasters, weather, sanitary-epidemiological and other conditions necessary for vital activity and ensuring the safety of citizens, inhabited localities and production facilities;

      3) official information on the activities of state bodies;

      4) information accumulated in open information systems of state bodies, libraries, archives and other organizations.

      6. State bodies, state legal entities, legal entities with state participation in the authorized capital are obliged to provide individuals and legal entities with open data in Kazakh and Russian languages through the Internet portal of open data.

      Maintenance of functioning of the Internet portal of open data in Kazakh and Russian languages is executed by the service integrator of "electronic government".

      7. In case of distribution via the telecommunication networks of information prohibited entered into legal force by a court decision or laws of the Republic of Kazakhstan, as well as access to which was temporarily suspended by the order of the General Prosecutor of the Republic of Kazakhstan, submitted to the authorized body or his deputies to eliminate violations of the law, authorized bodies, owners or holders of Internet resources are obliged to take immediate measures to limit access to prohibited information.

36. Electronic information resources containing personal data

      1. Electronic information resources containing personal data are subdivided into electronic information resources containing publicly available personal data and electronic information resources containing personal data of limited access.

      Electronic information resources containing publicly available personal data include electronic information resources containing personal data, access to which is free with the consent of the personal data subject or to which observation of requirements do not apply in accordance with the laws of the Republic of Kazakhstan.

      Electronic information resources containing personal data of limited access include electronic information resources, access to which is limited by the personal data subject or laws of the Republic of Kazakhstan.

      2. The owner or holder of electronic information resources containing personal data in transferring electronic information resources containing personal data to the owner or holder of the information system must obtain the consent of the personal data subject or his legal representative to collect and process personal data using information systems, except cases provided by the Law of the Republic of Kazakhstan "On personal data and their protection".

      3. In providing state service in electronic form, the consent of the personal data subject to collect and process personal data through information systems is provided in the form of an electronic document or other way using elements of protective actions that do not contradict the legislation of the Republic of Kazakhstan.

      The personal data subject also has the right to give consent to collect and process personal data through his subscriber's number of mobile communication registered on the web portal of "electronic government" by sending a one-time password or by sending a short text message as a response to the notification of the web portal of "electronic government".

      4. Owners or holders of information systems of state bodies are obliged to notify personal data subjects through the user's cabinet on the web portal of "electronic government" in an automatic mode about all cases of use, changes and additions of personal data within the framework of information interaction provided that personal data subjects are registered on the web portal of "electronic government".

      5. In addition to the reasons established by the Law of the Republic of Kazakhstan "On personal data and their protection", in the event of revealing obvious mistakes and inaccuracies in electronic information resources containing personal data, the state body in providing state services in order to eliminate them may execute their change and addition after receipt of request from the personal data subject or his legal representative.

      5-1. Provision by the owner or the possessor of publicly available electronic information resource of the service on placement of information by the user shall be carried out on the basis of an agreement concluded in writing (including electronic), with identification on the portal of "electronic government" or by using the subscriber's mobile number registered on the public information electronic resource with sending of a short text message containing a one-time password for the conclusion of the agreement.

      Placement of information by the user shall be carried out under his/her own name or pseudonym (fictional name). Depersonalization of personal data shall be carried out on the basis and in the manner specified in the agreement.

      The owner or possessor of an electronic information resource shall be obliged to store the information used in the agreement, for the entire period of validity and within three months after termination of the agreement.

      6. It is not allowed to use electronic information resources containing personal data on individuals for the purpose of causing property and (or) moral harm, limiting the execution of rights and freedoms guaranteed by the laws of the Republic of Kazakhstan.

      Footnote. Article 36 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 6. INFORMATION SYSTEMS. LIFE CYCLE OF THE OBJECT OF INFORMATIZATION OF "ELECTRONIC GOVERNMENT"

      Footnote. The title of chapter 6 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

37. Types of information systems

      1. Information systems on the form of ownership are state and non- state, by degree of access - publicly available and limited access.


      2. Information systems created or developed at the expense of budgetary funds, as well as received by state legal entities in other ways established by the laws of the Republic of Kazakhstan, are state.

      3. Information systems created or developed at the expense of individuals and legal entities, as well as received by them in other ways established by the laws of the Republic of Kazakhstan, are non-state.

      Non-state information systems classified as critically important objects of information and communication infrastructure, as well as intended for formation of state electronic information resources, shall be equated with information systems of state bodies in terms of compliance with information security requirements.

      4. Information systems containing publicly available electronic information resources are publicly available.

      5. Information systems containing electronic information resources of limited access are information systems of limited access.

      6. Information systems of limited access are divided into:

      1) information systems in secure execution referred to state secrets, the protection of which is executed with the use of state encryption means and (or) other means of protecting information constituting state secrets, in compliance with the requirements of secrecy regime;

      2) confidential information systems.

      7. Creation, industrial operation, maintenance, development, integration, termination of industrial operation and protection of information systems in protected execution, classified as state secrets, shall be carried out in accordance with this Law, unless otherwise provided by the legislation of the Republic of Kazakhstan on state secrets.

      Audit of information systems in protected execution, classified as state secrets, shall not be carried out.

      Footnote. Article 37 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

38. Requirements for the information system of state agency

      1. Is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      2. Information system of state body is created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, the standards, life cycle of the information system operating in the territory of the Republic of Kazakhstan and taking into account the provision of:

      1) unified requirements in the field of information and communication technologies and ensuring information security;

      2) requirements for development of the architecture of "electronic government" and the standard architecture of "electronic akimat";

      3) approved architecture of state body;

      4) integration (if necessary) with other objects of informatization of "electronic government";

      5) information interaction of the information system of the state body with the system of monitoring of information security events of the National coordination center for information security;

      6) priority of free software;

      7) opportunities of repeated use of initial program codes, software products and software transferred to storage;

      8) assigning a class in accordance with the classifier;

      9) access of users with limited capabilities.

      2-1. Information system of a state legal entity and non-state information system intended for formation of state electronic information resources shall be created, operated and developed in accordance with the legislation of the Republic of Kazakhstan, standards, operating on the territory of the Republic of Kazakhstan, the life cycle of the information system and provided that the following requirements are performed:

      1) agreed with the authorized body and the authorized body in the sphere of ensuring information security of technical task;

      2) act of tests with a positive result of tests for compliance with information security requirements;

      3) integration of the information system of the state body with the non-state information system only through the external gateway of "electronic government", put into industrial operation;

      4) unified requirements of information and communication technologies and ensuring information security.

      3. The information contained in the electronic information resource, normative and technical documentation, as well as other related documents of the information system of state bodies are created and stored in Kazakh and Russian languages.

      4. The owner or the possessor of information system of the state body or the person authorized by him after its introduction into industrial operation shall provide to the National coordination center for information security the access to the information system of the state body at its location for conducting monitoring of information security ensuring.

      Footnote. Article 38 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 39. Creation and development of the objects of informatization of "electronic government"

      1. Creation and development of the objects of informatization of "electronic government" shall be carried out by implementation of state investment projects, implementation of the service model of informatization, as well as by other method taking into account the assigned class in accordance with the classification, not prohibited by the legislation of the Republic of Kazakhstan.

      2. When creating and developing the objects of informatization of "electronic government" in the cases provided by this Law and the budget legislation of the Republic of Kazakhstan, it is necessary to obtain conclusions in the sphere of informatization and ensuring information security.

      3. Creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with technical tasks for creation and development of the objects of informatization of "electronic government".

      Preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government" shall be carried out in accordance with the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".

      4. Creation and development of the object of informatization of "electronic government" shall include:

      1) design of the object of informatization of "electronic government";

      2) conducting trial operation of the object of informatization of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security, including:

      documenting of procedures for conducting trial operation;

      optimization and elimination of the revealed defects and shortcomings with their subsequent correction;

      execution of the act on completion of trial operation.

      The period of trial operation shall not exceed one year;

      3) testing of the object of informatization of "electronic government" for compliance with information security requirements in accordance with this Law;

      4) implementation of the object of informatization of "electronic government" in accordance with standards acting on the territory of the Republic of Kazakhstan;

      5) introduction into industrial operation of the object of informatization of "electronic government" in accordance with the requirements of technical documentation, subject to positive completion of trial operation of the object of informatization of "electronic government", as well as existence of an act with a positive tests result for compliance with information security requirements.

      5. Development of the object of informatization of "electronic government" shall be carried out after its introduction into industrial operation in accordance with this Article.

      6. Creation and development of the objects of informatization of "electronic government" in the framework of implementation of the service model of informatization shall be carried out in accordance with this Law and the rules of implementation of the service model of informatization without applying the standards, provided by paragraph 3 of this Article.

      Footnote. Article 39 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

40. Industrial operation of the information system of state agency

      Article 40. Industrial operation of the object of informatization of "electronic government"

      Footnote. The title of Article 40 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Introduction into industrial operation of the object of informatization of "electronic government" shall be carried out in accordance with the requirements of technical documentation, subject to positive completion of trial operation of the object of informatization of "electronic government", the existence of an act with a positive tests result for compliance with information security requirements.

      State authorities from the moment of introduction into industrial operation of the object of informatization of "electronic government" shall provide transfer to the service integrator of “electronic government” to record and store all versions of the developed software, the source program codes (if available), a set of settings to the licensed software of the objects of informatization of "electronic government" in accordance with the rules of recording and storage of the developed software, source program codes (if available), a set of settings of the licensed software of the objects of informatization of "electronic government".

      2. At industrial operation of the object of informatization of "electronic government" shall be provided:

      1) compliance with unified requirements in the field of information and communication technologies and ensuring information security;

      2) safety, protection, restoration of electronic information resources in case of failure or damage;

      3) backup copying and control for timely updating of electronic information resources;

      4) automated recording, safety and periodic archiving of information on the applications to the information system of the state body;

      5) is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication);

      6) maintenance of the object of informatization;

      7) technical support of the used licensed software of the informatization object;

      7-1) system-technical maintenance;

      8) reduction (exclusion) of the use of documents on paper, as well as the requirements for their presentation in carrying out state functions and rendering state services;

      9) warranty service by the supplier of the object of informatization of "electronic government", including elimination of errors and defects, identified during the warranty period. Warranty service shall be provided for a period of not less than a year from the date of introduction into industrial operation of the object of informatization of "electronic government".

      Footnote. Article 40 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 41. Termination of industrial operation of the object of informatization of "electronic government"

      Footnote. The title of Article 41 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. The absence of need for further use of the object of informatization of "electronic government" shall entail termination of industrial operation and change of information about the object of informatization of "electronic government" at the architectural portal of "electronic government" in accordance with the unified requirements in the field of information and communication technologies and ensuring information security.

      2. The decision about the absence of need of further operation of the object of informatization of "electronic government" shall be adopted by the owner or by the possessor with notification of the owners and (or) possessors of the objects of informatization of "electronic government", with whom the object of informatization of "electronic government" is integrated, as well as the service integrator of "electronic government" on the procedure and terms of operation termination.

      3. Electronic information resources, technical documentation and source program codes of the written off object of informatization of "electronic government" shall be subject to transfer to the archive in accordance with the legislation of the Republic of Kazakhstan.

      4. Writing off and (or) utilization of technical means of the written-off object of informatization of the state body shall be carried out in accordance with the requirements established by the legislation of the Republic of Kazakhstan on accounting and financial reporting.

      Footnote. Article 41 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 42. Mandatory requirements for the means of processing, storage and backup copying of electronic information resources in the objects of information and communication infrastructure of "electronic government"

      Footnote. The title of Article 42 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. To ensure the reliability and safety of functioning of the objects of information and communication infrastructure of the "electronic government", technical means that are used for storage, processing and transfer of electronic information resources must comply with the requirements of the legislation of the Republic of Kazakhstan in the field of technical regulation.

      2. The owner or the possessor of the object of information and communication infrastructure of "electronic government", as well as the operator shall carry out the storage and, if necessary, ensure restoration of the state electronic information resources contained in the objects of information-communication infrastructure of "electronic government", and shall be responsible for the loss, modification, or otherwise failing to ensure the safety of state electronic information resources in the manner established by the laws of the Republic of Kazakhstan and the agreement of the parties.

      3. Ensuring the production of a backup copy of the state electronic information resources shall be mandatory for the owner of the object of information and communication infrastructure of the "electronic government" or the operator.

      A method of production and storage of backup copy containing state electronic information resources, should ensure the preservation of electronic information resources until the next backup copy is made.

      The frequency of backup copying of state electronic information resources shall be established by technical documentation on the object of informatization of "electronic government".

      Footnote. Article 42 as amended by the laws of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 43. Integration of the objects of informatization of “e-government”

      Footnote. The title of Article 43 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Integration of information systems of state bodies shall be carried out in accordance with the rules of integration of objects of informatization of "electronic government" and in compliance with the requirements of information security, determined by the profile of protection and formalized by the contract of joint works on information security of state and non-state information systems.

      2. State bodies are obliged to ensure the integration of information systems of state bodies through the gateway of “electronic government” in terms and in the order established by the authorized body.

      3. In case of integration of non-state information system with information system of state body separately or simultaneously with other information system of state body or other objects of informatization of "electronic government", organization of access to electronic information resources shall be carried out according to the rules of integration of objects of informatization of "electronic government".

      4. When verifying the authenticity of an electronic digital signature, the information system of state body and non-state information system do not need to connect to the "electronic government" gateway.

      Footnote. Article 43 with amendment introduced by the Law of the RK from 28.12.2016 № 36-VI (effective after two months after the day of its first official publication); dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

44. Requirements for non-state information system that is integrated with the information system of state body

      1. Integration of non-state information system with information system of the state body shall be carried out exclusively through the gateway of "electronic government"or payment gateway of "electronic government" (for the purposes of payments) in accordance with the rules of integration of objects of informatization of "electronic government".

      2. Electronic information resources, interface, technical documentation and other related documents of non-state information system, integrated with information system of the state body or intended for formation of state electronic information resources shall be created and stored in the Kazakh and Russian languages.

      3. Non-state information system is integrated with information system of the state body only through the external gateway of "electronic government", put into industrial operation.

      Footnote. Article 44 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 7. SERVICE MODEL OF INFORMATIZATION

Article 45. Service model of informatization

      1. Implementation of the service model of informatization shall include planning, creation or development of information and communication services, as well as their provision on the basis of information and communication infrastructure of "electronic government" in accordance with the catalog of information and communication services.

      2. Implementation of the service model of informatization shall be carried out in accordance with this Law, the rules of implementation of the service model of informatization and other regulatory legal acts on informatization.

      3. Provision of information and communication services may be carried out by concluding a state-private partnership contract on the service model of informatization or a contract between the operator and a state body concluded in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      4. Obligations and responsibility of the parties in provision (receipt) of information and communication services shall be established by the laws of the Republic of Kazakhstan and the agreement of the parties.

      5. If the project of state-private partnership on service model of informatization provides payments from the budget and measures of the state support, the authorized body shall:

      1) submit a draft list of state-private partnership projects on the service model of informatization, planned for implementation, with the attachment of approved tasks for the design of information and communication services for approval to the authorized body on budget planning to determine the financial security of state-private partnership projects on the service model of informatization;

      2) approve the list of projects of state-private partnership on the service model of informatization, planned for implementation, on the basis of a positive conclusion of the authorized body on budget planning to determine the financial security of state -private partnership projects on the service model of informatization.

      Formation and approval of the list of state -private partnership projects planned for implementation shall be carried out in the manner determined by the rules of implementation of the service model of informatization.

      6. The grounds for inclusion in the draft of republican budget of state-private partnership projects on the service model of informatization, planned for implementation, shall be the presence of:

      1) the positive conclusion of the authorized body on budget planning to the draft list of projects of state -private partnership on the service model of informatization in terms of determining the financial security of these projects;

      2) the task for design of information and communication services approved by the authorized body;

      3) a positive proposal of the Republican budget commission.

      7. Procedures for determining the suppliers of service software products or objects of information and communication infrastructure, conclusion, execution and termination of the state-private partnership contract on the service model of informatization shall be carried out in accordance with this Law and the rules for implementation of the service model of informatization.

      8. Monitoring and evaluation of implementation of state-private partnership projects on the service model of informatization, as well as monitoring of performance of contractual obligations during contractual relations shall be carried out in accordance with the rules of implementation of the service model of informatization.

      Footnote. Article 45 is in the wording of the Law of Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-1. Determination of the supplier of the service software product or object of information and communication infrastructure, including projects of state-private partnership on the service model of informatization

      1. Determination of the supplier of the service software product or object of information and communication infrastructure shall be carried out on a competitive basis.

      2. The tender commission for determining the supplier of the service software product or object of information and communication infrastructure shall be created by the customer of information and communication services.

      3. The chairman of the tender commission shall be the first head of the customer of information and communication services or a person authorized by him/her.

      4. Representatives of the customer of information and communication service, authorized body, service integrator and other interested state bodies and organizations shall be included in the composition of the tender commission.

      5. The competition on determining the supplier of the service software product or object of information and communication infrastructure, including qualification selection, shall be carried out in the manner determined by the rules of implementation of the service model of informatization.

      Footnote. Chapter 7 is supplemented by Article 45-1 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-2. Qualification requirements for the potential suppliers of service software products or objects of information and communication infrastructure, including at implementation of state-private partnership projects on the service model of informatization

      1. To the potential supplier of service software products or objects of information and communication infrastructure, including implementation of state-private partnership projects on the service model of informatization, the following qualification requirements shall be imposed:

      1) to have legal capacity( for legal entities), civil capacity (for individual entrepreneurs);

      2) to be solvent, have no tax debts;

      3) to have financial and (or) material, and (or) labor resources necessary for performance of obligations under the contract of state-private partnership on the service model of informatization;

      4) not to be subject to bankruptcy or liquidation proceedings, on his/her property, the book value of which exceeds ten percent of the value of the relevant fixed assets, shall not be seized, his/her financial and economic activity shall not be suspended in accordance with the legislation of the Republic of Kazakhstan;

      5) not to be held liable for non-performance and (or) improper performance of obligations under state-private partnership contracts concluded within the last three years on the basis of the court decision, which entered into force, on recognition of him/her as unfair potential private partner.

      2. The potential supplier of service software products or objects of information and communication infrastructure in confirmation of its compliance with the qualification requirements shall submit confirming documents in the manner and scope provided by the rules of implementation of the service model of informatization.

      3. The potential supplier of service software products or objects of information and communication infrastructure - a non-resident of the Republic of Kazakhstan to confirm his/her compliance with qualification requirements, established by paragraph 1 of this Article, shall submit the same documents that the resident of the Republic of Kazakhstan, or documents containing similar information on qualification of a potential supplier of service software products or objects of information and communication infrastructure – a non-resident of the Republic of Kazakhstan.

      4. The potential supplier of service software products or objects of information and communication infrastructure in case of providing false information for compliance with qualification requirements shall not be allowed to participate in the competition on determining the potential supplier of service software products or objects of information and communication infrastructure for the next three years from the date of his/her recognition by the court as an unfair potential supplier of service software products or objects of information and communication infrastructure.

      5. Customers of information and communication services not later than thirty calendar days from the date of establishment of such a fact by the tender commission shall sue the court for recognition of a potential supplier of service software products or objects of information and communication infrastructure, which provided false information on qualification requirements, as an unfair potential private partner.

      6. Reliability of information on qualification requirements provided by the potential supplier of service software products or objects of information and communication infrastructure shall be established by the tender commission at the stage of qualification selection of the suppliers of service software products or objects of information and communication infrastructure.

      7. The customer of information and communication service shall send to the central authorized body for state planning the decisions of the courts entered into legal force, on recognition of the potential supplier of service software products or objects of information and communication infrastructure as unfair potential supplier of service software products or objects of information and communication infrastructure within five working days from receipt of such decisions for inclusion in the list of unfair potential private partners.

      Footnote. Chapter 7 is supplemented by Article 45-2 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 45-3. Grounds for recognition of a potential supplier of service software products or objects of information and communication infrastructure not meeting the qualification requirements, including in implementation of state-private partnership projects on the service model of informatization

      A potential supplier of service software products or objects of information and communication infrastructure, including in implementation of state-private partnership projects on the service model of informatization, shall be recognized as not meeting the qualification requirements for one of the following grounds:

      1) non-submission of a document (s) to confirm compliance with the qualification requirements of a potential supplier of service software products or objects of information and communication infrastructure;

      2) establishment of the fact of non-conformity to qualification requirements on the basis of the information contained in the documents submitted by the potential supplier of service software products or objects of information and communication infrastructure for confirmation of its compliance;

      3) establishment of the fact of providing false information on qualification requirements.

      Footnote. Chapter 7 is supplemented by Article 45-3 in accordance with the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 46. Provision of information and communication services to state bodies

      1. The operator, owners of the objects of information and communication infrastructure, service software products do not acquire the right to use and dispose electronic information resources of state bodies placed on the objects belonging to these persons.

      2. Calculation of the marginal cost of information and communication service shall be carried out on the basis of the methodology approved by the authorized body.

      3. Description of information and communication services provided to state bodies by the operator, and information about their cost shall be placed on the Internet resource of the operator.

      4. Information and communication services included in the catalog of information and communication services shall be classified by type and subject of receiving these services.

      5. In order to monitor the quality of rendering information and communication services and providing consulting support to the recipients of these services, the authorized body and the operator shall use a single contact center.

      6. The operator in rendering information and communication services shall provide and be responsible for the security of storage of electronic information resources in the manner prescribed by the laws of the Republic of Kazakhstan and the agreement of the parties.

      Footnote. Article 46 is in the wording of the Law of Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

47. Interaction of operator with owner of service software product and other individuals

      1. Interaction of operator and individuals who provide him with information and communication infrastructure and service software products for provision of information and communication services is regulated by the rules for the implementation of service model of informatization and the agreement between the operator and these individuals.

      2. Owner of the service software product is obliged to:

      1) transfer the service program product and technical documentation to the service software product to the operator in accordance with the agreement between them;

      2) execute finalization and development of the service software product on the operator's request;

      3) conduct training of the operator's personnel on the operation and maintenance of the service software product, as well as on the use of the information and communication service provided through this service software product.

      3. In case of early termination of the agreement on the initiative of the owner of the service software product, the operator shall carry out operation of the service software product before replacing it with another service software product.

      Footnote. Article 47 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Chapter 8. TESTS AND AUDIT OF THE OBJECTS OF INFORMATIZATION

      Footnote. The title of chapter 8 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 48. Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government"

      Footnote. The title of Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      Documentation of electronic information resources and data (information) about the objects of informatization of "electronic government" shall be carried out by their owner or possessor in accordance with the requirements established by the legislation of the Republic of Kazakhstan on informatization, electronic document and electronic digital signature, on the National archival fund and archives.

      Footnote. Article 48 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 49. Tests for compliance with information security requirements, as well as tests for quality assessment

      Footnote. The title of Article 49 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

      1. Tests for compliance with information security requirements shall be conducted mandatorily or at the initiative of the owner or possessor.

      2. The test objects subject to mandatory tests for compliance with information security requirements shall include:

      1) service software product;

      2) information and communication platform of “electronic government";

      3) Internet resource of the state body;

      4) information system of the state body;

      5) information system classified as critically important objects of information and communication infrastructure;

      6) non-state information system intended for formation of state electronic information resources, implementation of state functions and rendering state services.

      3. The information system of the state body and the non-state information system for the use of the services of the national certification center of the Republic of Kazakhstan for authentication of electronic digital signature, passing tests for compliance with the requirements of information security is not required.

      4. Tests for compliance with the information security requirements of the information system classified as critically important objects of information and communication infrastructure (with the exception of being objects of informatization of "electronic government") shall be conducted by accredited testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.

      5. Tests of objects of informatization in order to assess their quality shall be carried out in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

      Footnote. Article 49 is in the wording оf the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

50. Audit of information systems

      1. At the stage of creation, introduction and operation of information systems on the initiative of the owner or holder of information systems, the audit of information systems can be conducted.

      2. Conduction of the audit of information systems is executed by individual and (or) legal entities possessing special knowledge and experience in the field of information and communication technologies, in the order determined by the authorized body.

51. Attestation

      Footnote. Article 51 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

52. Confirmation of conformity in the field of informatization

      Confirmation of conformity in the field of informatization is executed in accordance with the legislation of the Republic of Kazakhstan in the field of technical regulation.

Chapter 9. PROTECTION OF THE OBJECTS OF INFORMATIZATION

53. Aims of protection of the objects of informatization

      1. Protection of the objects of informatization is the implementation of a set of legal, organizational and technical measures aimed at the preservation of the objects of informatization, preventing unlawful and (or) unintentional access and (or) impact on them.

      2. Protection of the objects of informatization is executed in accordance with the legislation of the Republic of Kazakhstan and current standards in the territory of the Republic of Kazakhstan in order to:

      1) ensure integrity and safety of electronic information resources;

      2) ensure regime of confidentiality of electronic information resources of limited access;

      3) implementation of the right of subjects of informatization for access to electronic information resources;

      4) prevention of unauthorized and (or) unintentional access, leakage and other actions regarding electronic information resources, as well as unauthorized and (or) unintentional impact on objects of information and communication infrastructure;

      5) prevention of violations of the functioning of objects of information and communication infrastructure and critically important objects of information and communication infrastructure.

      3. Other unauthorized and (or) unintentional actions regarding objects of informatization are:

      1) blocking electronic information resources and (or) objects of information and communication infrastructure, that is, committing actions leading to limitation or closure of access to electronic information resources and (or) objects of information and communication infrastructure;

      2) unauthorized and (or) unintentional modification of objects of informatization;

      3) unauthorized and (or) unintentional copying of electronic information resource;

      4) unauthorized and (or) unintentional destruction, loss of electronic information resources;

      5) use of the software without permission of the right holder;

      6) infringement of work of information systems and (or) software or infringement of functioning of telecommunication networks.

      4. Protection of information systems is executed according to the class assigned in accordance with the classifier.

54. Organization of protection of the objects of informatization

      1. Protection of the objects of informatization is executed:

      1) regarding electronic information resources - their owners, holders and users;

      2) regarding objects of information and communication infrastructure and critically important objects of information and communication infrastructure - their owners or holders.

      2. Owners or holders of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure are obliged to take measures ensuring:

      1) prevention of unauthorized access;

      2) timely detection of facts of unauthorized access, if such unauthorized access failed to prevent;

      3) minimization of adverse consequences of violation of the order of access;

      4) prevention of unauthorized influence on the means of processing and transferring of electronic information resources;

      5) prompt restoration of electronic information resources modified or destroyed due to unauthorized access to them;

      6) immediate informing of the National coordination center for information security about the incident of information security, except for the owners and (or) possessors of electronic information resources containing information constituting state secrets;

      7) information interaction with the National coordination center for information security on the issues of monitoring information security ensuring of the objects of informatization of "electronic government";

      8) providing access to the National coordination center for information security to the objects of informatization of "electronic government" and operational centers of information security to the critically important objects of information and communication infrastructure for conducting organizational and technical measures, aimed at the implementation of monitoring of information security ensuring in accordance with the rules of monitoring of information security ensuring of the objects of informatization of "electronic government" and critically important objects of information and communication infrastructure.

      3. Provisions of unified requirements in the field of information and communication technologies and ensuring information security related to the sphere of ensuring information security are mandatory for application by state bodies, local self-government bodies, state legal entities, subjects of quasi-state sector, owners and holders of non-state information systems integrated with information systems state bodies or designed to form state electronic information resources, as well as by owners and holders of critically important objects of information and communication infrastructure.

      3-1. Purchase of goods for the purpose of implementation of requirements of information security ensuring for national defense and state security shall be carried out from the registry of trusted software and products of electronic industry in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      In this case, in the absence in the registry of trusted software and products of electronic industry of the necessary products, it is allowed to purchase goods in accordance with the legislation of the Republic of Kazakhstan on public procurement.

      4. Management of Internet resources and objects of information and communication infrastructure in emergency situations of social, natural and technogenic nature, introduction of an emergency or military situation is executed by the authorized body in accordance with the legislation of the Republic of Kazakhstan.

      Footnote. Article 54 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication); dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

55. Measures to protect electronic information resources, information systems and information and communication infrastructure

      1. Legal measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) requirements of the legislation of the Republic of Kazakhstan and current standards in the field of informatization in the territory of the Republic of Kazakhstan;

      2) responsibility for violation of the legislation of the Republic of Kazakhstan on informatization;

      3) agreements concluded by the owner or the holder of electronic information resources, information systems, information and communication infrastructure where the conditions of work, access or use of these objects, as well as liability for their violation are established.

      2. Organizational measures to protect electronic information resources, information systems and information and communication infrastructure include the establishment and provision of access regime in the territory (buildings, premises) where access to information, electronic information resources, information systems (electronic media of information); as well as limitation of access to electronic information resources, information systems and information and communication infrastructure can be executed.

      3. Technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure include:

      1) use of information security means, and regarding information constituting state secrets, exclusively with the use of means of protecting information constituting state secrets, developed, produced and (or) taken into operation in accordance with the legislation of the Republic of Kazakhstan;

      2) use of access control systems and registration of facts of access to electronic information resources, information systems and information and communication infrastructure;

      3) development of a security task based on the approved protection profiles to determine the protection measures by the owners or by the possessors of the objects of informatization.

      4. Use of technical (program-technical) measures to protect electronic information resources, information systems and information and communication infrastructure should not cause harm or create a threat of harm to life, health and property of individuals, as well as property of legal entities and state property.

      Footnote. Article 55 as amended by the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

56. Protection of electronic information resources containing personal data

      Owners and holders of information systems that have received electronic information resources containing personal data are obliged to take measures to protect them in accordance with this Law and current standards in the territory of the Republic of Kazakhstan.

      This duty arises from the moment of receipt of electronic information resources containing personal data and to their destruction or depersonalization.

SECTION 3. STATE REGULATION IN THE FIELD OF INFORMATIZATION
Chapter 10. EXPERTISE AND COORDINATION OF DOCUMENTS

      Footnote. The title of chapter 10 as amended by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 57. Conclusions in the sphere of informatization and information security ensuring

      1. The investment proposal of the state investment project, financial and economic justification of budget investments shall be made by the state body to the authorized body and the authorized body in the sphere of information security ensuring to obtain conclusions in the spheres of informatization and ensuring information security.

      Expertise in the sphere of informatization of investment proposals, financial and economic justification shall be carried out in accordance with the rules of conducting expertise in the sphere of informatization of investment proposals, financial and economic justification of budget investments.

      2. For budget investment projects aimed at creation and development of the objects of informatization of "electronic government", the investment proposal shall be submitted to the conclusion with attachment of the technical task for creation and development of the object of informatization of "electronic government".

      Assessment on the reasonableness of costs calculation, determining feasibility and efficiency of the budgetary investment project aimed at creation and development of the objects of informatization of “electronic government”, shall be carried out by the authorized body and specified in the conclusion in the sphere of informatization.

      3. The investment proposal shall be considered by the authorized body and the authorized body in the sphere of ensuring information security within the term of not more than twenty working days from the date of receipt.

      4. Conclusions in the spheres of informatization and ensuring information security for financial and economic justification of budget investments shall be issued no later than thirty working days from the date of receipt of the full package of documents.

      Footnote. Article 57 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

58. Conclusion of the expertise in the field of informatization for technical and economic justification or financial and economic justification for budget investments

      Footnote. Article 58 is excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

Article 59. Coordination of technical documentation and documentation on state-private partnership projects in the spheres of informatization and ensuring information security

      1. Coordination of a technical task for creation and development of the object of informatization of "electronic government" shall be carried out by the authorized body and the authorized body in the sphere of ensuring information security in the manner and terms, which are determined by the rules of preparation and consideration of technical tasks for creation and development of the objects of informatization of "electronic government".

      2. Coordination of the task for the design of information and communication service, developed by the service integrator of "electronic government", shall be carried out in the manner and terms, which are determined by the rules of implementation of the service model of informatization.

      3. In creation and development of the objects of informatization of "electronic government" in the framework of republican and local projects of state-private partnership in the sphere of informatization in accordance with the legislation of the Republic of Kazakhstan in the field of state-private partnership, the tender documentation of state -private partnership project, business plan for the project of state-private partnership in direct negotiations on determination of the private partner shall be coordinated with the authorized body.

      Footnote. Article 59 is in the wording of the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

60. Conclusion of the authorized body on the calculation of costs for state procurement of goods, works and services in the field of informatization

      1. Calculations of costs for state procurement of goods, works and services in the field of informatization are introduced by the administrator of budget programs for consideration to the authorized body annually until March 1.

      2. Calculations of costs for state procurement of goods, works and services in the field of informatization are considered by the authorized body within a period of not more than thirty working days from the date of receipt of documents.

      3. Refusal to consider the calculation of costs for state procurement of goods, works and services in the field of informatization is executed in the following cases:

      1) nonconformities in the form and content of the calculation of costs for state procurement of goods, works and services in the field of informatization to the requirements of this Law and budget legislation of the Republic of Kazakhstan;

      2) non-submission of documents in accordance with established requirements approved by the authorized body.

      4. Administrators of budget programs place calculations of costs for state procurement of goods, works and services in the field of informatization on the architectural portal of "electronic government".

Chapter 11. DEVELOPMENT OF THE INDUSTRY OF INFORMATION AND COMMUNICATION TECHNOLOGIES

61. State support for development of the industry of information and communication technologies

      1. State support for development of the industry of information and communication technologies is executed by the authorized state bodies, national institution of development in the field of information and communication technologies and other national institutions of development in order to stimulate development of the industry of information and communication technologies in the Republic of Kazakhstan.

      2. National institute of development in the field of information and communication technologies executes its activities in accordance with this Law and the legislation of the Republic of Kazakhstan on state support of industrial and innovative activities.

      3. The main principles of state support for development of the industry of information and communication technologies:

      1) development of the industry of information and communication technologies on the basis of private entrepreneurship and state-private partnership;

      2) priority of domestic legal entities in obtaining orders for development of information and communication technologies, information systems;

      3) stimulation of development of production of domestic software, software products and production of technical means;

      4) development of the market structure of information and communication technologies;

      5) support conscientious competition in the market of information and communication technologies.

      4. In accordance with the principles of state support, measures to stimulate the growth of the information and communication technologies sector, in addition to measures provided by the legislation of the Republic of Kazakhstan on investments and on state support for industrial and innovative activities, are:

      1) formation and development of the normative and methodological base of activities in the industry of information and communication technologies, including the introduction of international standards;

      2) implementation and improvement of the system of state (quasi-state) orders for development and supply of innovative software, software products with a high share of local content;

      3) extra budgetary refundable and non-refundable financing of projects in the industry of information and communication technologies aimed at increasing the share of local content;

      4) harmonization of the cost structure for informatization of state legal entities and subjects of quasi-state sector aimed at increasing the share of services in the field of informatization;

      5) creation of conditions for venture and other extra budgetary refundable financing of projects in the industry of information and communication technologies;

      6) development of proposals to stimulate development and increase the investment attractiveness of the industry of information and communication technologies.

62. Personnel and scientific provision of the industry of information and communication technologies

      1. The state creates conditions for training and retraining of specialists with technical, professional, higher and postgraduate education on specialties in the industry of information and communication technologies in domestic and foreign higher educational institutions.

      2. Organizations, national companies, their affiliated individuals act as bases of practice for students in organizations of professional, technical, higher and postgraduate education on specialties in the industry of information and communication technologies.

      3. Scientific provision in the industry of information and communication technologies is executed through state support of scientific and scientific-technical activities in the industry of information and communication technologies, including through creation of conditions for the commercialization of technologies.

Chapter 12. INTERNATIONAL COOPERATION IN THE FIELD OF INFORMATIZATION

63. International cooperation in the field of informatization

      1. International cooperation of the Republic of Kazakhstan in the field of informatization is executed in accordance with the international treaties and the legislation of the Republic of Kazakhstan.

      2. Subjects of informatization of the Republic of Kazakhstan have the right to join international organizations and associations, participate in international and foreign projects and programs.

      State bodies in agreement with the authorized body execute interaction in the field of informatization with state bodies of foreign states, international organizations and foreign legal entities.

      3. International cooperation in the field of informatization is executed in the form of:

      1) interaction with state bodies of foreign states, international organizations and foreign legal entities, including participation in the implementation of measures for execution of international treaties of the Republic of Kazakhstan;

      2) rendering assistance in the formation of a stable and secure system of international (interstate) information interaction with the use of information and communication technologies, including through the national gateway of the Republic of Kazakhstan;

      3) interaction with foreign legal entities to ensure the development of information and communication technologies, as well as personnel development and scientific cooperation;

      4) conduction of monitoring and forecasting the development of information and communication technologies on an ongoing basis jointly with foreign legal entities and international organizations;

      5) interaction with state bodies of foreign states and international organizations on the issues of safe use of information and communication technologies, as well as establishment of prohibition for actions that encroach on the information and communication infrastructure of the state and undermine the political, economic, social and other spheres of state activity;

      6) conduction of seminars, conferences and trainings in the Republic of Kazakhstan and abroad;

      7) establishment of prohibition for the use of information and communication technologies to the detriment of man, society and state on the basis of reciprocity;

      8) joint financing and implementation of projects in the field of information with foreign countries, international organizations, foreign legal entities, foreign public organizations and funds.

      4. International cooperation on the issues of development of information and communication technologies, institutional provision and exchange of experience and knowledge is executed with participation of state bodies of foreign states, international organizations and foreign legal entities.

Chapter 13. FINAL AND TRANSITIONAL PROVISIONS

Article 64. State control in the sphere of informatization

      State control in the sphere of informatization shall be carried out in the form of inspections and preventive control in accordance with the Entrepreneurial code of the Republic of Kazakhstan.

      Footnote. Article 64 is in the wording of Law of the Republic of Kazakhstan dated 24.05.2018 No. 156-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

65. Responsibility for violation of the legislation of the Republic of Kazakhstan on informatization

      Violation of the legislation of the Republic of Kazakhstan on informatization entails responsibility in accordance with the laws of the Republic of Kazakhstan.

Article 66. Transitional provision

      1. State bodies that have Internet resources and information systems of state bodies, introduced into industrial operation before the enactment of this Law and not having the protocol of tests for compliance with information security requirements, certificate of compliance with the requirements of information security, shall conduct their tests for compliance with information security requirements and certification within three years from the date of enactment of this Law.

      2 non-state information systems integrated with information systems of state bodies or intended for forming of the state electronic information resources and not having the protocol of tests for compliance with information security requirements, the certificate of compliance to information security shall be tested for compliance with information security requirements and certification within three years from the date of enactment of the Law.

      Footnote. Article 66 is in the wording of the Law of the Republic of Kazakhstan dated 28.12.2017 No. 128-VI (shall be enforced upon expiry of ten calendar days after its first official publication).

67. Procedure for the enactment of this Law

      1. This Law enters into enforce from January 1, 2016.

      2. Recognize as invalid the Law of the Republic of Kazakhstan dated January 11, 2007 "On informatization" (Gazette of the Parliament of the Republic of Kazakhstan, 2007, № 2, art. 13; 2009, № 15-16, art. 74; № 18, art. 84; 2010, № 5, art. 23; № 17-18, art. 111; 2011, № 1, art. 2; № 11, art. 102; № 15, art. 118; 2012, № 2, art. 13; № 8, art. 64; № 14, art. 95; № 15, art. 97; 2013, № 5-6, art. 30; № 7, art. 36; № 14, art. 75; 2014, № 1, art. 4; № 19-I, 19-II, art. 96; № 23, art. 143).



President of

the Republic of Kazakhstan

N. NAZARBAYEV