Article 1. The basic concepts used in this Law of the Law on Informatization

Home / RLA / Article 1. The basic concepts used in this Law of the Law on Informatization

The following basic concepts are used in this Law:

1) automation is the process of using information and communication technology tools to optimize the creation, search, collection, accumulation, storage, processing, receipt, use, transformation, display, dissemination and provision of information;

2) informatization is an organizational, socio-economic, scientific and technical process aimed at automating the activities of subjects of informatization;

3) the service model of informatization is the automation of government functions and the provision of public services resulting from them through the acquisition of information and communication services;

3-1) Is excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

3-2) Is excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

4) objects of informatization – electronic information resources, software, Internet resource and information and communication infrastructure;

5) the owner of informatization facilities is a subject to whom the owner of informatization facilities has granted the rights to own and use informatization facilities within the limits and in accordance with the procedure established by law or agreement;

5-1) integration of informatization facilities – measures to organize and ensure information interaction between informatization facilities based on standard data transmission protocols used in the Republic of Kazakhstan;

6) the classifier of objects of informatization (hereinafter referred to as the classifier) is a systematic list of categories aimed at identifying and describing objects of informatization.;

6-1) the development of an informatization facility is a stage in the life cycle of an informatization facility, during which a set of measures is carried out to implement additional functional requirements, as well as modernize an informatization facility put into commercial operation in order to optimize its functioning and (or) expand its functionality.;

6-2) the introduction of an informatization facility is a stage of creation or development of an informatization facility aimed at carrying out a set of measures for the commissioning of an informatization facility, including the preparation of an automation facility and personnel, commissioning, preliminary and acceptance tests.;

6-3) maintenance of an informatization facility – ensuring the use of an informatization facility put into commercial operation in accordance with its purpose, including measures to correct, modify and eliminate software defects, without upgrading and implementing additional functional requirements and subject to maintaining its integrity;

6-4) the creation of an informatization facility is a stage in the life cycle of an informatization facility, during which a set of organizational and technical measures is implemented aimed at the development, trial operation, implementation of an informatization facility, as well as the acquisition and (or) property lease (lease) of a complex of technical means and software necessary for its operation.;

6-5) industrial operation of an informatization facility is a stage of the life cycle of an informatization facility, during which the informatization facility is used normally in accordance with the goals, objectives and requirements set out in the technical documentation and regulatory and technical documentation.;

6-6) pilot operation of an informatization facility – operation of an informatization facility in a pilot zone, carried out in order to identify and eliminate deficiencies in its functioning and determine compliance with the requirements of technical documentation;

6-7) the life cycle of an informatization facility is a set of stages of creation, industrial operation, development and termination of industrial operation of an informatization facility;

7) information security in the field of informatization (hereinafter referred to as information security) – the state of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

8) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

9) the expert council in the field of informatization (hereinafter referred to as the expert council) is an interdepartmental commission under an authorized body that considers issues related to the informatization of the activities of government agencies, with the exception of special government agencies;

10) the authorized body in the field of informatization (hereinafter referred to as the authorized body) is the central executive body responsible for the management and intersectoral coordination in the field of informatization and e-government;

11) subjects of informatization – government agencies, individuals and legal entities engaged in activities or entering into legal relations in the field of informatization;

12) information system – an organizationally ordered set of information and communication technologies, service personnel and technical documentation that implement certain technological actions through information interaction and are designed to solve specific functional tasks;

13) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

14) excluded by the Law of the Republic of Kazakhstan dated December 28, 2017 No. 128-VI (effective ten calendar days after the date of its first official publication;

15) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

16) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

17) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

18) information system audit – an independent examination of an information system in order to improve the efficiency of its use;

19) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

20) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);  

21) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);  

22) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

23) information and communication infrastructure – a set of information and communication infrastructure facilities designed to ensure the functioning of the technological environment in order to form electronic information resources and provide access to them;

24) critical information and communication infrastructure facilities – information and communication infrastructure facilities, the disruption or termination of which leads to the illegal collection and processing of personal data with limited access and other information containing legally protected secrets, a social and (or) man-made emergency, or significant negative consequences for defense, security, international relations, the economy, certain areas of the economy, or for life the population living in the relevant territory, including infrastructure: heat supply, electricity, gas supply, water supply, industry, healthcare, communications, banking, transport, hydraulic structures, law enforcement, "electronic government";

25) information and communication infrastructure facilities - information systems, technological platforms, hardware and software complexes, server rooms (data processing centers), telecommunications networks, as well as information security and uninterrupted operation systems for technical facilities;

26) information and communication service - a service or a set of services for property rental (lease, temporary use) and (or) placement of computing resources, provision of software, software products, technical means for use, including communication services through which the operation of these services is ensured;

26-1) Is excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

27) Excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

28) information and communication technologies – a set of methods of working with electronic information resources and methods of information interaction carried out using a hardware and software complex and a telecommunications network;

29) information and communication technology industry is a branch of the economy related to the design, production and sale of software, hardware, consumer electronics and its components, as well as the provision of information and communication services;

29-1) information security threat – a set of conditions and factors that create prerequisites for an information security incident;

29-2) monitoring of information security events – continuous monitoring of the object of informatization in order to identify and identify information security events;

30) information security event – the state of informatization facilities, indicating a possible violation of the existing security policy or a previously unknown situation that may be related to the security of informatization facilities;

30-1) information security researcher – a specialist in the field of information security and (or) information and communication technologies, registered in the program of interaction with information security researchers, who studies information objects connected to the program of interaction with information security researchers to identify vulnerabilities;

30-2) the program of interaction with information security researchers (hereinafter referred to as the program of interaction) is an informatization object designed to register information security researchers, register identified vulnerabilities, as well as to ensure the interaction of information security researchers with information security facilities;

30-3) information security monitoring system – organizational and technical measures aimed at monitoring the safe use of information and communication technologies;

30-4) authorized body in the field of information security – the central executive body responsible for the management and intersectoral coordination in the field of information security;

30-5) the National Institute for Information Security Development is a legal entity designated by the Government of the Republic of Kazakhstan for the development of information security and the electronic industry.;

30-6) operational information security center – a legal entity or a structural subdivision of a legal entity engaged in the protection of electronic information resources, information systems, telecommunications networks and other informatization facilities;

30-7) information security incident response service – a legal entity or a structural subdivision of a legal entity operating in accordance with the competence established by this Law;

31) information security incident – separately or serially occurring failures in the operation of the information and communication infrastructure or its individual facilities, endangering their proper functioning and (or) conditions for the illegal receipt, copying, distribution, modification, destruction or blocking of electronic information resources;

31-1) information security industry center is a legal entity or a structural subdivision of the central executive body, the authorized body for regulation, control and supervision of the financial market and financial organizations, which organizes and coordinates measures to ensure information protection from unauthorized access or impact in relation to subordinate organizations and (or) the regulated sphere of management.;

32) information protection means – software, technical and other means designed and used to ensure information protection;

32-1) hardware and software complex - a set of software and hardware tools jointly used to solve problems of a certain type.;

33) special expert council – a commission of special state bodies of the Republic of Kazakhstan, which considers issues of informatization of the activities of special state bodies of the Republic of Kazakhstan;

33-1) Astana Hub International Technology Park is a legal entity designated by an authorized body that owns, by right of ownership or on other legal grounds, a single material and technical complex, which creates favorable conditions for the implementation of innovative activities in the field of information and communication technologies.; - Excluded by the Law of the Republic of Kazakhstan dated September 27, 2025 No. 220-VIII SAM

33-2) acceleration of participants of the Astana Hub International Technology Park is the process of preparing and educating participants of the Astana Hub International Technology Park to implement their innovative projects in the field of information and communication technologies; - Excluded by the Law of the Republic of Kazakhstan dated September 27, 2025 No. 220-VIII SAM

34) excluded by the Law of the Republic of Kazakhstan dated 18.03.2019 No. 237-VI (effective ten calendar days after the date of its first official publication);

35) open data – data presented in machine-readable form and intended for further use, re-publication in unchanged form;

36) the Internet portal of open data is an object of informatization that provides centralized storage of descriptive and reference information on open data;

37) software – a set of programs, program codes, as well as software products with technical documentation necessary for their operation;

38) a software product is an independent program or a piece of software that is a commodity that, regardless of its developers, can be used for the intended purposes in accordance with the system requirements established by the technical documentation.;

38-1) biometric authentication is a set of measures that identify a person based on physiological and biological immutable characteristics.;

38-2) blockchain is an information and communication technology that ensures the immutability of information in a distributed data platform based on a chain of interconnected data blocks, specified integrity verification algorithms and encryption tools;

38-3) cloud computing is an information and communication technology that provides on–demand network access to pools of computing resources via the Internet;

39) one–time password is a password valid only for one session of authentication of subjects receiving services in electronic form.;

39-1) distributed data platform – a technological platform, the components of which are interconnected by specified algorithms, are located on different network nodes, may have one or more owners, and may also have different levels of data identity.;

39-2) data analytics – the process of processing data in order to obtain information and conclusions for decision-making; - Excluded by the Law of the Republic of Kazakhstan.

39-3) data processing center is an object of information and communication infrastructure that ensures fault–tolerant and uninterrupted operation of computing resources and telecommunication equipment, as well as data storage and processing systems;

39-4) national technical audit of the data processing center – a voluntary assessment of the reliability of data processing centers;

39-5) data analytics – the process of processing data in order to obtain information and conclusions for decision-making;

40) a domain name is a symbolic (alphanumeric) designation formed in accordance with the rules of Internet addressing, corresponding to a specific network address and intended for named access to an Internet object.;

41) free software – open source software, in respect of which the copyright holder grants the user the right to unlimited installation, launch and copying, as well as free use, study, development and distribution;

42) a local area network is a part of a telecommunications network that has a closed infrastructure up to the point of connection to other telecommunications networks and provides information transmission and organization of shared access to network devices in a geographically limited space of an object (room, building, structure and its complex);

43) system maintenance – measures to ensure the smooth functioning of the hardware and software complex and telecommunications networks;

43-1) an intelligent robot is an automated device that performs a certain action or is inactive, taking into account the perceived and recognized external environment.;

44) The Internet is a worldwide system of integrated telecommunications networks and computing resources for the transmission of electronic information resources;

45) a single Internet access gateway is a hardware and software complex designed to protect information objects when accessing the Internet and (or) communication networks with Internet access;

46) Internet resource – information (in text, graphic, audiovisual or other form) hosted on a hardware and software complex with a unique network address and (or) domain name and operating on the Internet;

46-1) the space of the Kazakhstan segment of the Internet is a set of Internet resources hosted on hardware and software complexes located on the territory of the Republic of Kazakhstan;

46-2) Multifactor authentication is a method of verifying user authentication using a combination of various parameters, including the generation and input of passwords or authentication features (digital certificates, tokens, smart cards, one–time password generators and biometric identification tools);

47) the national gateway of the Republic of Kazakhstan is an information system designed to ensure interstate information interaction between information systems and electronic information resources of states;

47-1) protection profile – a list of minimum security requirements for software and hardware that are components of information technology facilities;

47-2) Is excluded by the Law of the Republic of Kazakhstan dated 07/10/2023 No. 19-VIII (effective sixty calendar days after the date of its first official publication).

48) the unified platform of Internet resources of government agencies is a technological platform designed to host Internet resources of government agencies;

49) Excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

50) state technical service – a joint-stock company established by decision of the Government of the Republic of Kazakhstan;

51) regulatory and technical documentation – a set of documents defining common tasks, principles and requirements for the creation and use (operation) of informatization facilities, as well as monitoring their compliance with established requirements in the field of informatization;

51-1) Excluded by the Law of the Republic of Kazakhstan dated 07/10/2023 No. 19-VIII (effective sixty calendar days after the date of its first official publication). 51-2) Excluded by the Law of the Republic of Kazakhstan dated 07/10/2023 No. 19-VIII (effective sixty calendar days after the date of its first official publication).

51-3) vulnerability is a flaw in an informatization object, the use of which may lead to a violation of the integrity and (or) confidentiality, and (or) accessibility of the informatization object.;

52) user is a subject of informatization who uses informatization objects to perform a specific function and (or) task.;

52-1) register of trusted software and products of the electronic industry – a list of software and products of the electronic industry that meet the requirements of information security, created for the purpose of ensuring national defense and state security;

53) Excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

53-1) technical support – provision of consulting, information technology and other services to support the operability of licensed software and hardware;

53-2) technical documentation – a set of documentation for an informatization facility, on the basis of which the creation and development of an informatization facility, as well as its pilot and industrial operation, is carried out.;

54) National Artificial Intelligence platform – a technology platform designed to collect, process, store and distribute datasets and provide services in the field of artificial intelligence;

55) the operator of the national artificial intelligence platform is a legal entity designated by the Government of the Republic of Kazakhstan, which is responsible for ensuring the development and functioning of the National Artificial Intelligence Platform assigned to it.;

55-1) Is excluded by the Law of the Republic of Kazakhstan dated 02/06/2023 No. 194-VII (effective from 04/01/2023).

55-2) The "Single Window" of the national innovation system is an information system that ensures accessibility to measures to support innovation and innovation through a single portal. The organization authorized to ensure the creation, development and maintenance of the "Single Window" of the national innovation system is the autonomous cluster fund; - Excluded by the Law of the Republic of Kazakhstan dated September 27, 2025 No. 220-VIII SAM

55-3) Is excluded by the Law of the Republic of Kazakhstan dated 02/06/2023 No. 194-VII (effective from 04/01/2023).

55-4) digital document service is an object of the information and communication infrastructure of the "electronic government", assigned to the operator and designed to display and use documents in electronic form based on information from information objects.

Documents in the digital document service used and submitted to government agencies, individuals and legal entities are equivalent to paper documents.;

56) Digital literacy is a person's knowledge and ability to use information and communication technologies in their daily and professional activities;

56-1) Is excluded by the Law of the Republic of Kazakhstan dated 02/06/2023 No. 194-VII (effective from 04/01/2023).

57) electronic information resources – data in electronic and digital form, contained on electronic media and in objects of informatization;

57-1) security survey of the processes of storage, processing and dissemination of restricted personal data contained in electronic information resources – assessment of applied security measures and protective actions during the processing, storage, dissemination and protection of restricted personal data contained in electronic information resources;

58) "electronic akimat" is a system of information interaction between local executive bodies and government agencies, individuals and legal entities, based on automation and optimization of government functions, as well as designed to provide services in electronic form, which is part of the "electronic government";

59) Excluded by the Law of the Republic of Kazakhstan dated 07/14/2022 No. 141-VII (effective from 01/01/2023).

60) electronic media – a material medium intended for storing information in electronic form, as well as recording or reproducing it using technical means;

61) the subject of receiving services in electronic form is a natural or legal person who has applied for receiving a state or other service in electronic form.;

62) the subject of the provision of services in electronic form is a natural or legal person providing a public or other service in electronic form.;

62-1) Electronic industry – an industry that includes the development, assembly, testing and manufacture of devices such as computers, computer peripherals, communication equipment, electronic devices for consumers, measuring, testing and aviation, radiation-resistant components for space, electromedical and electrotherapeutic equipment, optical devices and equipment, equipment for the study of magnetic and optical environment, as well as the production of components (integrated circuits, electronic components ("active" and "passive") and spare parts for electronic industry products;

62-2) electronic industry products – electronic components and articles made from them for various purposes;

62-3) authorized body in the field of electronic industry – the central executive body responsible for state regulation in the field of electronic industry;

63) "electronic government" is a system of information interaction between government agencies and with individuals and legal entities based on automation and optimization of government functions, as well as designed to provide services in electronic form.;

64) objects of informatization of "electronic government" – state electronic information resources, software of state bodies, an Internet resource of a state body, objects of information and communication infrastructure of "electronic government", including objects of informatization of other persons intended for the formation of state electronic information resources, the implementation of state functions and the provision of public services;

65) excluded by the Law of the Republic of Kazakhstan dated 06/25/2020 No. 347-VI (effective ten calendar days after the date of its first official publication);

66) information and communication infrastructure of "electronic government" – information and communication infrastructure that ensures the functioning of "electronic government";

67) the operator of the electronic government information and communication infrastructure (hereinafter referred to as the operator) is a legal entity designated by the Government of the Republic of Kazakhstan, which is responsible for ensuring the functioning of the electronic government information and communication infrastructure assigned to it;

68) the electronic government information and communication platform is a technological platform designed to automate the activities of a government agency, including the automation of government functions and the provision of public services resulting therefrom, as well as the centralized collection, processing, and storage of government electronic information resources;

68-1) the software product of the electronic government information and communication platform (hereinafter referred to as the platform software product) is software developed and hosted on the electronic government information and communication platform;

69) the architecture of "electronic government" is a description of the objects of informatization of "electronic government", including tasks and functions of public administration in the context of relevant industries (spheres), in digital form;

69-1) the unified repository of "electronic government" is a repository of source codes and executable codes of "electronic government" informatization objects compiled from them;

70) the user's account on the e-government web portal is a component of the e–government web portal intended for official information interaction of individuals and legal entities with government agencies on the provision of services in electronic form, issues of contacting entities considering the appeals of these persons, as well as the use of personal data;

71) the e–government service integrator is a legal entity designated by the Government of the Republic of Kazakhstan, which is responsible for the methodological support of the development of the e-government architecture, as well as other functions provided for by this Law.;

71-1) the external gateway of the "electronic government" is a subsystem of the gateway of the "electronic government", designed to ensure the interaction of information systems located in the unified transport environment of government agencies with information systems located outside the unified transport environment of government agencies;

72) the unified electronic government e–mail gateway is a hardware and software package that provides e-government e-mail protection in accordance with information security requirements.

The Law of the Republic of Kazakhstan dated November 24, 2015 No. 418-V SAM.

This Law regulates public relations in the field of informatization that arise in the territory of the Republic of Kazakhstan between government agencies, individuals and legal entities during the creation, development and operation of informatization facilities, as well as with state support for the development of the information and communication technology industry.

President

Republic of Kazakhstan

Constitution Law Code Standard Decree Order Decision Resolution Lawyer Almaty Lawyer Legal service Legal advice Civil Criminal Administrative cases Disputes Defense Arbitration Law Company Kazakhstan Law Firm Court Cases