LAW OF THE REPUBLIC OF KAZAKHSTAN

of November 24, 2015 No. 418-V ZRK

About informatization

This Law governs the public relations in the field of informatization arising in the territory of the Republic of Kazakhstan between state bodies, physical persons and legal entities during creation, development and operation of objects of informatization and also with the state support of development of industry of information and communication technologies.

Section 1. Bases of regulation of the relations in the field of informatization

Chapter 1. General provisions

Article 1. The basic concepts used in this Law

In this Law the following basic concepts are used:

1) automation - process of use of means of information and communication technologies for optimization of creation, search, collection, accumulating, storage, processing, obtaining, use, transformation, display, distribution and provision of information;

2) informatization - the organizational, social and economic and scientific and technical process directed to automation of activities of subjects of informatization;

3) service model of informatization - automation of the state functions and rendering the state services following from them by acquisition of information and communication services;

3-1) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

3-2) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

4) objects of informatization - electronic information resources, the software, Internet resource and information and communication infrastructure;

5) the owner of objects of informatization - subject to which the owner of objects of informatization granted rights of possession and uses of objects of informatization in the limits determined by the law or the agreement and procedure;

5-1) integration of objects of informatization - action for the organization and ensuring information exchange between objects of informatization based on the standard protocols of data transmission used in the Republic of Kazakhstan;

6) the qualifier of objects of informatization (further - the qualifier) - the systematized list of categories directed to identification and the description of objects of informatization;

6-1) development of object of informatization - stage of lifecycle of object of informatization throughout which the complex of actions for implementation of additional functional requirements, and also upgrades of the object of informatization put into commercial operation for the purpose of optimization of its functioning and (or) expansion of functionality is performed;

6-2) implementation of object of informatization - the stage of creation or development of object of informatization directed to carrying out complex of the actions for commissioning of object of informatization including preparation of object of automation and personnel, carrying out commissioning, preliminary and acceptance tests;

6-3) maintenance of object of informatization - the ensuring use of the object of informatization put into commercial operation according to its appointment including actions for carrying out adjustment, modification and elimination of defects of the software without carrying out upgrade and implementation of additional functional requirements and on condition of preserving its integrity;

6-4) creation of object of informatization - stage of lifecycle of object of informatization throughout which the realization of complex of the organizational and technical actions directed to development, trial operation, implementation of object of informatization, and also acquisition and (or) property employment (lease) of complex of technical means, necessary for its functioning, and the software is enabled;

6-5) commercial operation of object of informatization - stage of lifecycle of object of informatization throughout which use of object of informatization in the normal mode according to the purposes, tasks and requirements stated in technical documentation and the specifications and technical documentation is performed;

6-6) trial operation of object of informatization - the operation of object of informatization in pilot zone which is carried out for the purpose of identification and remedial action of its functioning and determination of compliance to requirements of technical documentation;

6-7) lifecycle of object of informatization - set of stages of creation, commercial operation, development and termination of commercial operation of object of informatization;

7) information security in the field of informatization (further - information security) - condition of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

8)  No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

9) advisory council in the field of informatization (further - advisory council) - the interdepartmental commission under authorized body considering questions on informatization of activities of state bodies, except for special state bodies;

10) authorized body in the field of informatization (further - authorized body) - the central executive body performing management and cross-industry coordination in the field of informatization and "the electronic government";

11) subjects of informatization - the state bodies, physical persons and legal entities performing activities or entering legal relationship in the field of informatization;

12) information system - organizationally the arranged set of the information and communication technologies, service personnel and technical documentation realizing certain technological actions by means of information exchange and intended for the solution of specific functional objectives;

13) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

14)  No. 128-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 28.12.2017;

15) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

16) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

17) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

18) audit of information system - independent inspection of information system for the purpose of increase in efficiency of its use;

19) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

20) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

21) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

22) No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

23) information and communication infrastructure - set of the objects of information and communication infrastructure intended for ensuring functioning of the technological circle for the purpose of forming of electronic information resources and provision of access to them;

Crucial objects of information and communication infrastructure - objects of information and communication infrastructure, violation or the termination of functioning of which leads 24) to illegal collection and processing of personal data of limited access and other data containing the mystery of emergency situation of social and (or) technogenic nature protected by the law or to considerable negative effects for defense, safety, the international relations, economy, certain spheres of economy or for life activity of the population living in the corresponding territory including infrastructure: heat supplies, electric utility services, gas supply, water supply, industry, health care, communication, bank sphere, transport, hydraulic engineering constructions, law-enforcement activities, "the electronic government";

25) objects of information and communication infrastructure - information systems, technological frameworks, the hardware and software, server rooms, data-processing centers, networks of telecommunications, and also systems of ensuring information security and smooth functioning of technical means;

26) information and communication service - service or set of services in property hiring (lease, temporary use) and (or) to placement of computing resources, provision of the software, software products, technical means in use, including communication services by means of which functioning of these services is provided;

26-1) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

27) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

28) information and communication technologies - set of methods of work with electronic information resources and the methods of information exchange performed using the hardware and software and network of telecommunications;

29) industry of information and communication technologies - the economy industry connected with designing, production and implementation of the software, technical means, consumer electronics and its components, and also with provision of information and communication services;

29-1) threat of information security - set of the conditions and factors creating premises to emergence of incident of information security;

29-2) monitoring of events of information security - permanent observation of object of informatization for the purpose of identification and identification of events of information security;

30) event of information security - the condition of objects of informatization testimonial of possible violation of the existing security policy or about before unknown situation which can be related to safety of objects of informatization;

30-1) researcher of information security - the specialist in the field of ensuring information security and (or) information and communication technologies registered in the program of interaction with researchers of information security, researching the objects of informatization connected to the program of interaction with researchers of information security for detection of vulnerabilities;

30-2) program of interaction with researchers of information security (further - the program of interaction) - the object of informatization intended for registration of researchers of information security, registration of the revealed vulnerabilities, and also for ensuring interaction of researchers of information security with objects of informatization;

30-3) monitoring system of ensuring information security - the organizational and technical actions directed to carrying out monitoring of safe use of information and communication technologies;

30-4) authorized body in the field of ensuring information security - the central executive body performing management and cross-industry coordination in the field of ensuring information security;

30-5) national institute of development in the field of ensuring information security - the legal entity determined by the Government of the Republic of Kazakhstan for the purpose of development of the sphere of information security and the electronic industry;

30-6) operational center of information security - the legal entity or structural division of the legal entity performing activities for protection of electronic information resources, information systems, networks of telecommunications and other objects of informatization;

30-7) service of response to incidents of information security - the legal entity or structural division of the legal entity performing activities according to the competence established by this Law;

31) incident of information security - separately or serially arising failures in work of information and communication infrastructure or its separate objects creating threat to their proper functioning and (or) conditions for illegal obtaining, copying, distribution, modification, destruction or blocking of electronic information resources;

31-1) industry centers of information security - the legal entity or structural division of the central executive body, authorized body on regulation, control and supervision of the financial market and the financial organizations performing the organization and coordination of actions for ensuring information security from unauthorized access or impact concerning the subordinated organizations and (or) the regulated sphere of management;

32) information remedy - the software, technical and other means intended and used for ensuring information security;

32-1) hardware and software - set of the software and the technical means jointly applied to the solution of tasks of certain type;

33) special advisory council - the commission of special state bodies of the Republic of Kazakhstan considering questions of informatization of activities of special state bodies of the Republic of Kazakhstan;

33-1) No. 220-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 27.09.2025;

33-2) No. 220-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 27.09.2025;

34)  No. 237-VI ZRK is excluded according to the Law of the Republic of Kazakhstan of 18.03.2019;

35) open data - the data presented in the machine-readable form and intended for further use, the repeated publication in invariable type;

36) the Internet portal of open data - the object of informatization providing centralized storage of descriptive and reference information on open data;

37) the software - set of programs, program codes, and also software products with the technical documentation necessary for their operation;

38) software product - the independent program or part of the software which is goods which irrespective of her developers can be used in the provided purposes according to the system requirements established by technical documentation;

38-1) biometric authentication - package of measures, identifying the personality based on physiological and biological invariable signs;

38-2) блокчейн - the information and communication technology providing information invariance in the distributed platform of the interconnected blocks of data, the set algorithms of confirmation of integrity and means of enciphering this based on chain;

38-3) cloud computing - the information and communication technology providing provision of network access on demand to pools of computing resources via the Internet;

39) the one-time password - the password valid only for one session of authentication of subjects of receipt of services electronically;

39-1) distributed platform of data - technological framework which components are connected among themselves by the set algorithms take place on different nodes of network, can have one or more owners, and also can have the different level of identity of data;

39-2) No. 115-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 05.07.2024;

39-3) data-processing center - the object of information and communication infrastructure providing fault-tolerant and smooth functioning of computing resources and the telecommunication equipment, and also storage systems and data processing;

39-4) national technical audit of data-processing center - voluntary assessment of reliability of data-processing centers;

39-5) analytics of data - processing of data with the purpose of receipt of information and conclusions for decision making;

40) domain name - the symbolical (alphanumeric) designation created according to rules of addressing of the Internet, corresponding to certain network address and intended for the named appeal to the Internet object;

41) the free software - the software with open source code concerning which the owner grants to the user the right to unrestricted installation, start and copying, and also free use, studying, development and distribution;

42) local network - the part of network of telecommunications having the closed infrastructure to point of connection to other networks of telecommunications and providing information transfer and the organization of joint access to network devices in territorially limited space of object (the room, the building, construction and its complex);

43) system maintenance - actions for ensuring smooth functioning of the hardware and software and networks of telecommunications;

43-1) intelligent robot - the automated device making certain action or idle taking into account the apprehended and distinguished external environment;

44) the Internet - the world system of the joint networks of telecommunications and computing resources for transfer of electronic information resources;

45) single lock of Internet access - the hardware and software intended for protection of objects of informatization in case of Internet access and (or) to the communication networks having Internet connection;

46) Internet resource - information (in text, graphical, audiovisual or other type) placed on the hardware and software having the unique network address and (or) domain name and functioning on the Internet;

46-1) space of the Kazakhstan segment of the Internet - set of the Internet resources placed on the hardware and software located in the territory of the Republic of Kazakhstan;

46-2) multifactorial authentication - method of check of authenticity of the user by means of combination of different parameters, including generation and input of passwords or authentication signs (digital certificates, tokens, smart cards, generators of one-time passwords and means of biometric identification);

47) national lock of the Republic of Kazakhstan - the information system intended for ensuring interstate information exchange of information systems and electronic information resources of the states;

47-1) profile of protection - the list of the minimum requirements to safety of the program and technical means which are components of objects of informatization;

47-2) No. 19-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 10.07.2023

48) single platform of Internet resources of state bodies - the technological framework intended for placement of Internet resources of state bodies;

49) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

50) the public technical service - the joint-stock company created according to the decision of the Government of the Republic of Kazakhstan;

51) the specifications and technical documentation - set of the documents determining general tasks, the principles and requirements to creation and use (operation) of objects of informatization, and also control of their compliance to the established requirements in the field of informatization;

51-1) No. 19-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 10.07.2023

51-2) No. 19-VIII ZRK is excluded according to the Law of the Republic of Kazakhstan of 10.07.2023

51-3) vulnerabilities - lack of object of informatization which use can lead to violation of integrity and (or) confidentiality, and (or) availability of object of informatization;

52) the user - the subject of informatization using objects of informatization for accomplishment of specific function and (or) task;

52-1) register of the confidential software and products of the electronic industry - the list of the software and products of the electronic industry conforming to requirements of information security, created for the purposes of ensuring defense of the country and safety of the state;

53) No. 141-VII ZRK is excluded according to the Law of the Republic of Kazakhstan of 14.07.2022

53-1) technical support - rendering consulting, information and technological and other services in support of operability of licensed software and technical means;

53-2) technical documentation - documentation set on object of informatization based on which creation and development of object of informatization, and also its trial and commercial operation is performed;

54) national platform of artificial intelligence - the technological framework intended for collection, processing, storage and distribution of data sets and provision of services in the field of artificial intelligence;

55) the operator of national platform of artificial intelligence - the legal entity determined by the Government of the Republic of Kazakhstan to which ensuring development and functioning of the National platform of artificial intelligence assigned to it is assigned;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info