LAW

ELECTRONIC TRANSACTIONS

Pursuant to Constitution of the Socialist Republic of Vietnam;

The National Assembly hereby promulgates the Law on Electronic Transactions.

Chapter I

GENERAL PROVISIONS

Article 1. Scope

1. For the purpose of this Law, provision is made for conducting transactions by electronic means.

...

...

...

3. If other laws permit or does not specify whether a transaction can be carried out electronically, this Law shall be applied. If another law does not permit a transaction to be carried out electronically, such law shall be applied.

Article 2. Regulated entities

This Law applies to agencies, organizations and individuals directly involved in electronic transactions or relating to electronic transactions.

Article 3. Definitions

For the purposes of this Law, the terms below shall be construed as follows:

1. “Electronic transaction (e-transaction)” means a transaction which is conducted using electronic means.

2. “Electronic means" includes hardware, software, information system, or other means designed using information technology, electrical technology, electronic technology, digital technology, magnetic technology, wireless transmission technology, optical technology, electromagnetic technology or other similar technologies.

3. “Electronic environment" includes telecommunications networks, internet, computer networks and information systems.

4. “data message" means information generated, sent, received or stored by electronic means.

...

...

...

6. “data” means a symbol, script, numeral, image, sound or another similar type.

7. “electronic data" means the data generated, processed or stored by electronic means.

8. “digital data” means electronic data generated through the use of digital signals.

9. “master data" represents data containing the core information that is used to describe a specific object, serve as a basis for reference and uniformity between different databases or data sets.

10. “database" means an organized collection of electronic data accessed, exploited, shared, managed and updated by electronic means.

11. “electronic signature” means data in electronic form that are attached to or logically associated with a data message to identify the signatory and authenticate his/her approval for the data message.

12. “digital signature” means an electronic signature using asymmetric algorithm consisting of a private key and a public key. The private key is used to add the digital signature and the public key is used to verify the digital signature. The digital signature ensures the authenticity, integrity and undeniability but fails to ensure the secrecy of the data message.

13. “electronic signature certificate" means a data message for authentication of the signatory’s electronic signature. An electronic signature certificate for digital signatures is called a digital signature certificate.

14. “digital signature authentication service” means a service provided by a digital signature authentication service provider to authenticate the signatory on a data message and ensure the undeniability of the signatory to the data message and ensures the integrity of the associated data message.

...

...

...

16. “electronic contract” means a contract that is made in the form of a data message.

17. “intermediary” means an agency, organization or individual who sends, receives or stores a data message or provides other services related to the data message for another agency, organization or individual.

Article 4. E-transaction development policy

1. Protect the interests of the State, interests of the community, legal rights and interests of agencies, organizations and individuals.

2. Ensure that the selection of e-transactions is voluntary; and the parties agree on which types of technology, electronic means, electronic signatures, other forms of authentication by electronic means will be used to conduct e-transactions, unless otherwise provided for by law.

3. Develop e-transactions in all aspects to ensure completion of all stages of the procedure by electronic means and promote digital transformation; optimize the procedure, thereby shortening time for processing and being more convenient in comparison with other transaction methods.

4. Synchronously apply regulations and measures to encourage, give incentives and facilitate the development of e-transactions; take priority over investment in developing technology infrastructure, developing and applying new technologies, training human resources for e-transactions, especially in mountainous areas, border areas, islands, ethnic minority areas, areas with difficult socio-economic conditions and areas with extremely difficult socio-economic conditions.

Article 5. Assurance about cybersecuriy and information security in e-transactions

1. Agencies, organizations and individuals shall comply with regulations of law on e-transactions, law on information security, law on cybersecurity and other regulations of relevant laws upon carrying out e-transactions.

...

...

...

Article 6. Prohibited acts in e-transactions

1. Taking advantage of e-transactions to commit offences against the national interests, national security, social order and safety, public interests, legal rights and interests of agencies, organizations and individuals.

2. Illegally obstructing or preventing the process of generating, sending, receiving and storing data messages or committing other acts to destroy information systems serving e-transactions.

3. Illegally collecting, providing, using, disclosing, displaying, spreading, trading data messages.

4. Counterfeiting, falsifying, or illegally deleting, canceling, copying, moving the part or whole of a data message.

5. Creating data messages in order to commit illegal acts.

6. Cheating, counterfeiting, appropriating or illegally using e-transaction accounts, electronic certificates, electronic signature certificates, and electronic signatures.

7. Obstructing the selection of carrying out e-transactions.

8. Committing other prohibited acts in accordance with regulations of law.

...

...

...

DATA MESSAGE

Section 1. Legal value of data messages

Article 7. Formats of data messages

1. Data messages may be shown in the form of electronic documents, electronic certificates, electronic records, electronic contracts, e-mails, telegrams, telegraphs, facsimiles and other electronic data interchange (EDI) forms according to regulations of law.

2. Data messages are created and generated during the transactions or converted from printed documents.

Article 8. Legal value of data messages

Information stated in data messages cannot have its legal value disclaimed for the sole reason that it is expressed in the form of data messages.

Article 9. Data messages being as valid as documents

1. Where any law requires information to be in writing, the requirement of the law is fulfilled if the information is contained in a data message that is accessible and usable for subsequent reference.

...

...

...

Article 10. Data messages being as valid as originals

A data message shall be used and be as valid as its original if:

1. There exists an assurance as to the integrity of the information contained in the data message from the time it is first generated in its final form; and

The information contained in the data message is assessed as integrity if it has remained complete and unaltered, apart from the addition of any change which arises in the normal course of communication, storage or display; and

2. Information contained in the data message is accessible and usable in its final form.

Article 11. Data messages being as valid as evidence

1. Data messages shall be used as the evidence according to regulations of this Law and law on procedure.

2. A data message is valued as the evidence on the basis of the reliability of the manner in which the data message is generated, sent, received or stored; the manner in which the integrity of the data message is ensured and remained; the manner in which originators, addressees of the data message and other appropriate factors are determined.

Article 12. Conversion between printed documents and data messages

...

...

...

a) There exists an assurance as to the integrity of the information contained in the data message in comparison with that in the printed document; and

b) Information contained in the data message is accessible and usable for reference;

c) There is a special sign special signs of certifying the conversation from the printed document to the data message and information of the agency, organization or individual carrying out the conversion;

d) If the printed document is a license, certificate, confirmation or another approval document issued by a competent authority or organization, the conversion requires a fulfillment of the requirements in points a, b and c of this Clause and a digital signature of the agency or organization carrying out the conversion, unless otherwise prescribed by law. Information system serving the conversion must be able to convert printed documents into data messages.

2. Requirements for conversion from a data message to a printed document:

a) There exists an assurance as to the integrity of the information contained in the printed document in comparison with that in the data message; and

b) There is information to determine information system and governing body of the information system that generate, send, receive and store the original data message for searching;

c) There is a special sign certifying the conversation from the data message to the printed document and information of the agency, organization or individual carrying out the conversion;

d) If the data message is an electronic certificate, the conversion requires a fulfillment of the requirements in points a, b and c of this Clause and a signature and a stamp (if any) of the agency or organization carrying out the conversion in accordance with regulations of law. Information system serving the conversion must have the feature of conversion from data messages to printed documents.

...

...

...

4. The Government of Vietnam shall elaborate this Article.

Article 13. Storage of data messages

1. Where any law requires a document, record, dossier or information to be stored, the document, record, dossier or information may be stored in the form of a data message if the following requirements are satisfied:

a) Information contained in the data message is accessible and usable for reference;

b) Information contained in the data message is stored in the very format in which it is generated, sent or received, or in a format which can be demonstrated to represent accurately its contents;

c) The data message is stored in a given manner to enable the identification of its origin, originator, addressee, date and time when it was sent or received.

2. Unless otherwise prescribed by law, agencies, organizations or individuals may select to store their documents, records, dossiers and information in the form of printed documents or in the form of data messages if they meet the requirements in Clause 1 of this Article.

3. Contents and time limits for storage of data messages shall comply with regulations of law on storage and other regulations of relevant laws. The storage of data messages is as valid as the storage of printed documents.

Section 2. Sending and receipt of data messages

...

...

...

1. An originator of a data message is an agency, organization or individual who generates or sends the data message before such message is stored, excluding any intermediary transmitting the data message.

2. Where the parties to a transaction do not agree otherwise, the identification of the originator of a data message shall be as follows:

a) A data message is considered as that of an originator if it is sent by, or on behalf of, the originator, or by an information system which is programmed by the originator to operate automatically;

b) The addressee is entitled to regard a data message as being that of the originator if he/she has applied authentication methods approved by the originator for ascertaining whether the data message was that of the originator;

c) As from the time the addressee becomes aware of technical errors or receives a notice from the originator of the data message in the transmission of a data message or has applied, regulations in Point a and Point b shall not apply.

3. If a party commits an error in inputting information via an automated information system and the system fails to provide an opportunity to correct the error to the party, the party is entitled to remove the entered information if the following requirements are met:

a) Originator who commits an error in the process of feeding information has sent a notification of his/her error to the relevant parties immediately after he/she becomes aware of the error;

b) Originator who commits an error in the process of feeding information has not used or received any benefits (if any) from the parties.

4. The right to retrieve false information prescribed in Clause 3 of this Article shall not affect the responsibility for settlement of consequences arising from errors in e-transactions according to other regulations of relevant laws.

...

...

...

Article 15. Time and place of dispatching a data message

Unless otherwise agreed upon by the parties to a transaction, the time and place of dispatching a data message is provided for as follows:

1. The time of dispatching a data message is the point of time when such data message is delivered from an information system under the control of the originator or the originator’s representative. If the information system is outside the control of the originator or the originator’s representative, time of dispatching the data message is the point of time when such data message is entered into the information system;

2. A data message, even if it is sent from any place, is deemed to be sent from the originator's place of business if the originator is an agency, organization or from the originator’s place of residence if the originator is an individual. Where the originator has more than one place of business, the data message shall be sent from the originator’s principal place of business or from the place of business that has the closest relationship with the transaction.

Article 16. Receipt of data messages

1. An addressee of a data message shall be an agency, organization, individual or its representative designated to receive the data message from an originator of the data message, excluding any intermediary transmitting the data message.

2. Where the parties to a transaction do not agree otherwise, the receipt of a data message shall be as follows:

a) The addressee is considered to have had received the data message if the data message is entered into an information system designated by the addressee and it is accessible;

b) The addressee is entitled to regard each data message received as a separate data message, unless the data message is a duplicate of another data message of which the addressee knew or has to know that such data message was a duplicate;

...

...

...

d) On or before sending a data message, if the originator has declared that such data message was only valuable when there is an acknowledgement, such data message is treated as though it has never been sent until the acknowledgement is received;

dd) In case the originator had sent a data message but he/she has not declared that the addressee must resend an acknowledgement and he/she has not received any acknowledgement, except cases prescribed in Point a of this Clause, the originator may give notice to the addressee stating that no acknowledgement has been received and specifying a reasonable time by which the acknowledgement must be received; if the acknowledgement is not received within the specified time, the originator is entitled to consider the data message unsent.

Article 17. Time and place of receiving a data message

Unless otherwise agreed upon by the parties to a transaction, the time and place of receiving a data message is provided for as follows:

1. If an addressee had designated an information system to receive a data message, the time of receipt is the point of time when such data message is entered into the designated information system and the data message is accessible; if the originator had not designated an information system to receive the data message, the time of receipt is the point of time when such data message is entered into any information system of the originator and the data message is accessible;

2. A data message, even if it is received from any place, is deemed to be received from the addressee's place of business if the addressee is an agency, organization or from the addressee’s place of residence if the addressee is an individual. Where the addressee has more than one place of business, the data message shall be sent from the addressee’s principal place of business or from the place of business that has the closest relationship with the transaction.

Article 18. Dispatch and receipt of a data message

If an originator or an addressee designates one or more information systems to automatically dispatch or receive a data message, the receipt and dispatch of the data message shall comply with the regulations in Articles 14, 15, 16 and 17 of this Law.

Section 3. Electronic Certificate

...

...

...

1. Information contained in an e-certificate shall have legal value if:

a) The e-certificate is signed by a digital signature of an issuing agency or organization according to regulations herein;

b) Information contained in the e-certificate is accessible and intelligible so as to be usable in its final form.

c) If any law requires a determination of time related to the e-certificate, the e-certificate shall contain a timestamp.

2. An e-certificate issued by a foreign competent agency or organization, in order to be recognized and used in Vietnam, must be granted consular legalization, unless the consular legalization is exempted according to regulations of Vietnamese law.

Article 20. Transfer of e-certificates

1. Where permission has been given by law for the transfer of ownership of an e-certificate to take place, the following requirements must be met:

a) The e-certificate clearly indicates the owner and that such owner has the sole control over the e-certificate; b) Requirements in Article 10 of this Law must be met;

c) The information system serving the transfer of the e-certificate must satisfy at least information security level 3 requirements according to regulations of law on information security;

...

...

...

2. Where any law requires or permits the conversion from printed documents to e-certificates for documents that are permitted by law to have their ownership transferred and may only exist in one form, the printed documents shall immediately lose their legal value when the conversion is completed and requirements prescribed in Point d Clause 1 Article 12 of this Law are met.

3. Where any law requires or permits the conversion from e-certificates to printed documents for e-certificates that are permitted by law to have their ownership transferred and may only exist in one form, the e-certificates shall immediately lose their legal value when the conversion is completed and requirements prescribed in Point d Clause 2 Article 12 of this Law are met.

Article 21. Requirements for storage and processing of e-certificates

1. The storage of e-certificates shall comply with regulations on storage of data messages in Article 13 of this Law.

2. The information systems serving the storage and processing of e-certificates must satisfy at least information security level 3 requirements according to regulations of law on information security;

Chapter III

ELECTRONIC SIGNATURES AND TRUST SERVICES

Section 1. E-SIGNATURES

Article 22. E-signatures

...

...

...

a) Special-use e-signatures are e-signatures designated and used by agencies and organizations for their particular purposes according with their functions and tasks;

b) Public digital signatures are digital signatures used in public activities and secured by public digital signature certificates;

c) Civil service digital signatures are digital signatures used in civil services and secured by civil service digital signature certificates;

2. Each special-use e-signature must fully satisfy the following requirements:

a) The signature must be added to recognize the signatory and assert the signatory’s approval for the data message;

b) Data used to generate the special-use e-signature must solely accompany the approved data message;

c) Data use to generate the special-use e-signature must be under the sole control of the signatory at the point of time when the signature is added.

d) Effect of the special-use e-signature can be checked under certain conditions agreed by the parties.

3. A digital signature is an e-signature fully satisfying the following requirements:

...

...

...

b) Digital signature creation data must solely accompany the approved data message;

c) Digital signature creation data must be under the sole control of the signatory at the point of time when the signature is added;

d) All changes of the data message after adding the signature are detectable;

dd) The signature must be secured by a digital signature certificate. A civil service digital signature must be secured by a digital signature certificate of a civil service digital signature authentication service provider. A public digital signature must be secured by a digital signature certificate of a public digital signature authentication service provider;

e) Signature creation device is responsible for qualifying that digital signature generation data must remain confidential, unique and protected from forgery; and data used to generate the digital signature is designed to be used only once; and it does not affect the data to be signed.

4. The use of other authentication forms excluding e-signatures by electronic means to show signatories’ approval for data messages shall comply with other regulations of relevant laws.

Article 23. Legal value of e-signatures

1. E-signatures cannot have their legal value disclaimed for the sole reason that they are expressed in the form of e-signatures.

2. Special-use qualified e-signatures or digital signatures have legal value equivalent to handwritten signatures of individuals on printed documents.

...

...

...

Article 24. Civil service digital signature authentication service

1. Civil service digital signature authentication service is a digital signature authentication service in civil services.

2. Civil service digital signature certificates shall be managed and provided by civil service digital signature authentication service providers according to regulations of law on e-transactions and law on cipher.

3. Civil service digital signature authentication service providers shall:

a) Issue civil service digital signature certificates for recognition and maintenance of effect of certificates of signatories to data messages;

b) Revoke civil service digital signature certificates;

c) Inspect and maintain effect of civil service digital signature certificates; do not use technical and technological barriers to limit the effect of civil service digital signatures;

d) Provide essential information to authenticate civil service digital signatures;

dd) Link to national electronic authentication service providers to facilitate inspection of effect of civil service digital signatures;

...

...

...

4. Civil service digital signature certificates and civil service digital signatures must satisfy technical regulations and requirements for digital signatures and digital signature authentication service according to regulations of law.

5. The Government of Vietnam shall elaborate this Article.

Article 25. Use of special-use e-signatures and special-use qualified e-signatures

1. Agencies and organizations that generate special-use e-signatures are not permitted to provide services that involve special-use e-signatures.

2. Special-use qualified e-signatures are special-use e-signatures granted special-use qualified e-signature certificates by the Ministry of Information and Communications.

3. An agency or organization which uses a special-use e-signature to conduct a transaction with another organization or individual or requests recognition of a special-use qualified e-signature shall register with the Ministry of Information and Communications to be grant a special-use qualified e-signature certificate.

4. The Government of Vietnam shall elaborate this Article.

Article 26. Recognition of foreign e-signature authentication service providers; recognition of foreign e-signatures, and e-signature certificates

1. Requirements for recognition of foreign e-signature authentication service providers in Vietnam include:

...

...

...

b) Foreign e-signatures, and foreign e-signature certificates provided by foreign e-signature authentication service providers must satisfy technical standards and regulations on e-signatures and e-signature certificates according to regulations of Vietnamese laws or international standards that have been asserted or international treaties to which Vietnam is a signatory;

c) Foreign e-signature certificates granted by foreign e-signature authentication service providers are created on the basis of authenticated personal identifiable information (PII) of foreign organizations and individuals;

d) Foreign e-signature authentication service providers must update current status of foreign e-signature certificates on trust service authentication systems of competent authorities of Vietnam;

dd) Providers must have representative offices (ROs) in Vietnam.

2. Requirements for recognition of foreign e-signatures, foreign e-signature certificates in Vietnam include:

a) Foreign e-signatures and foreign e-signature certificates must meet technical standards and regulations on e-signatures and e-signature certificates according to regulations of Vietnamese laws or international standards that have been asserted or international treaties to which Vietnam is a signatory;

b) Foreign e-signature certificates are created on the basis of personal identifiable information (PII), which has been verified, of foreign organizations and individuals.

3. Users of foreign e-signatures and foreign e-signature certificates recognized according to Clause 2 of this Article are foreign organizations and individuals; Vietnamese organizations and individuals wishing to enter into transactions with organizations and individuals of foreign countries in which e-signatures and e-signature certificates of Vietnamese service providers have not been recognized.

4. The Ministry of Information and Communications shall elaborate the recognition of foreign e-signature authentication service providers in Vietnam; and the recognition of foreign e-signatures, and foreign e-signature certificates in Vietnam

...

...

...

1. E-signatures and e-signature certificates of foreign nationals are only accepted in international transactions if they belong to foreign organizations and individuals who are not present in Vietnam, and they are effective on data messages sent to Vietnamese organizations and individuals.

2. Organizations and individuals shall select and take responsibility for accepting e-signatures and e-signature certificates of foreign nationals on data messages to be used in international transactions.

Section 2. TRUST SERVICES

Article 28. Trust services

1. A trust service includes:

a) Timestamping service;

b) Data message authentication service;

c) Public digital signature authentication service.

2. Each trust service is a conditional business line.

...

...

...

Electronic contract authentication service providers in commercial transactions must satisfy e-contract authentication service provision requirements according to regulations of law on e-commerce and requirements for trust service provision according to Article 29 of this Law.

4. The Government shall elaborate operation of trust service providers; procedures, applications for issuance, extension, change, re-issuance, suspension, revocation of business licences and other contents according to regulations in this Article.

Article 29. Requirements for trust service provision

1. Requirements for trust service provision include:

a) Being enterprises which are legally established and operated in the territory of Vietnam;

b) Satisfying financial, managerial and technical requirements for each type of trust service specified in Clause 1, Article 28 of this Law;

c) Having information systems serving the trust service provision which satisfy at least information security level 3 requirements according to regulations of law on information security;

d) Having technical plans serving the provision for each type of trust service specified in Clause 1, Article 28 of this Law;

dd) Having plans for technical connections serving supervision, inspection and data reporting by electronic means, which satisfy requirements for state management of trust services.

...

...

...

Article 30. Responsibilities of trust service providers

1. Publicly disclose procedures for registering use of services, forms and relevant costs.

2. Ensure 24/7 collection of information and provision of services.

3. Store applications and documents, connect and provide information and data by electronic means in accordance with regulations of law.

4. Ensure that equipment in information systems is coded and ready for technical connection serving state management of trust services.

5. Implement professional measures, suspend, stop provision of services or other professional measures at the request of competent authorities according to regulations of law.

6. Act as administrators of information system serving trust service provision which satisfy at least information security level 3 requirements according to regulations of law on information security.

7. Annually report the trust service provision according to regulations of competent authorities.

8. Pay service fees for maintaining systems for checking status of digital signature certificates according to regulations of law on fees and charges.

...

...

...

1. Timestamping services are services to attach information on points of time to data messages.

2. Timestamps are created in the form of digital signatures.

3. Points of time attached to data messages are points of time when timestamping service providers receive such data messages and such data messages are authenticated by timestamping service providers.

4. Time source by timestamping service providers must comply with regulations of law on national standard time source.

Article 32. Data message authentication services

A data message authentication service includes:

1. Data message storage and integrity verification service;

2. Qualified data message dispatch and receipt service.

Article 33. Public digital signature authentication service

...

...

...

2. Public digital signature certificates shall be granted by public digital signature authentication service providers according to this Law.

3. Public digital signature authentication service providers shall:

a) Issue public digital signature certificates for recognition and maintenance of effect of certificates of signatories to data messages;

b) Revoke public digital signature certificates;

c) Inspect and maintain effect of public digital signature certificates; do not use technical and technological barriers to limit the effect of public digital signatures;

d) Provide essential information to authenticate public digital signatures;

dd) Link to national electronic authentication service providers to facilitate inspection of effect of public digital signatures;

4. Public digital signature certificates and civil service digital signatures must meet technical regulations and requirements for digital signatures and digital signature authentication service according to regulations of law.

5. The Government of Vietnam shall elaborate this Article.

...

...

...

ENTRY INTO AND EXECUTION OF E-CONTRACTS

Article 34. E-contracts

1. An e-contract shall be concluded or excecuted from the interaction between an automated information system and a person or among automated information systems and its legal value cannot be denied for the sole reason that any inspection or intervention of human in each specific action performed by the automated information systems or in the contract is not made.

2. Ministers and Heads of ministerial agencies shall promulgate or propose promulgation of regulations on conclusion and execution of e-contracts in their fields in conformity with current conditions.

Article 35. Entry into e-contracts

1. Entry into e-contracts means the use of data messages to execute part or whole of transactions in the process of entering into e-contracts.

2. Unless otherwise agreed upon by concerned parties, an offer to enter into an e-contract and acceptance of the offer to enter into the e-contract may be carried out through data messages.

Article 36. Principles of entry into and execution of e-contracts

1. Parties shall have the right to reach agreements on using part or whole of data messages and electronic means in the entry into and execution of e-contracts.

...

...

...

3. The entry into and execution of an e-contract shall comply with the regulations of this Law, law on contracts and relevant laws.

Article 37. Receipt, dispatch, time, location of dispatching or receiving data messages in entry into and execution of e-contracts

Receipt, dispatch, time, location of dispatching or receiving data messages in entry into and execution of e-contracts shall comply with the regulations in Articles 15, 16, 17 and 18 of this Law.

Article 38. Legal value of a notice in conclusion and execution of e-contracts

In the process of concluding and executing an e-contract, a notice in the form of a data message shall have the same legal value as that of a printed notice.

Chapter V

E-TRANSACTIONS OF REGULATORY AGENCIES

Article 39. Types of e-transactions of regulatory agencies

1. E-transactions within a regulatory agency.

...

...

...

3. E-transactions between regulatory agencies and other agencies, organizations and individuals.

Article 40. Management of data and common databases

1. Data in regulatory agencies shall be uniformly and hierarchically organized according to regulatory agencies’ responsibility for management to improve e-transactions; shared to serve the operation of regulatory agencies, people and enterprises according to regulations of law.

2. Common databases in a regulatory agency shall include national databases, databases of Ministries, central and local authorities.

3. Management of national databases shall be as follows:

a) National databases containing master data shall be used for reference and synchronization between databases of Ministries, central and local authorities.

b) Master data in national databases can be officially used and have the same legal value as that of printed documents provided by competent authorities, unless otherwise provided for by law;

c) Data in national databases shall be shared with Ministries, central and local authorities to handle administrative procedures, reform administrative procedures, simplify administrative procedures for people, enterprises and targets for socio-economic development;

d) The Prime Minister shall approve the list of national databases. The list of national databases shall include names of national databases, targets for establishment of national databases, coverage of national databases, information on master data of national databases stored and shared, users and uses, information created and updated on national databases, methods of sharing data from national databases;

...

...

...

4. Management of databases of Ministries, central and local authorities shall be as follows:

a) Databases of Ministries, central and local authorities are common information collections of Ministries, central and local authorities;

b) Master data in databases of Ministries, central and local authorities shall be officially used with the legal value equivalent to that of printed documents provided by Ministries, central and local authorities, unless otherwise provided for by law;

c) Ministries, ministerial agencies and agencies affiliated to the Government and the Provincial People’s Committees shall provide regulations on the list of databases; regulations on establishment, update, maintenance and use of their databases. The list of databases of Ministries, central and local authorities shall include names of databases; description of uses, coverage and contents of each database; how data is collected and updated and sources of data collection of each database; list of items of databases including open data and shared data.

5. The State shall cover part or whole of costs for construction and maintenance of national databases, databases of Ministries, central and local authorities and other agencies of the State.

Article 41. Data creation and collection

1. The first priority shall be given to data creation, collection and digital data development in order to develop digital government, digital transformation in operation of regulatory agencies.

2. The creation of data in databases of regulatory agencies requires the uniform use of a common code list issued by competent regulatory agencies, matching with master data in national databases.

3. Regulatory agencies shall not be entitled to collect and organize re-collection of data or require organizations and individuals to provide data that such agencies has being managed or such data is connected and shared by other regulatory agencies, unless data provision is required for data update or verification or such data fails to meet quality requirements according to technical standards and regulations or law requires otherwise.

...

...

...

Article 42. Data connection and share

1. Regulatory agencies shall be responsible for ensuring the availability of data connection and sharing to agencies, organizations and individuals, thereby serving e-transactions, including:

a) Personnel making data connection and sharing shall include on-site personnel who are managing and operating information systems or other relevant personnel in regulatory agencies; if on-site personnel does not satisfy requirements, experts may be hired;

b) Projects on investment in application of information technology funded by state budget to develop information systems, databases in regulatory agencies must consist of items serving data connection and sharing. If these items are not included in projects, explanations about the exclusion of items serving data connection and sharing during the process of operation and use are required;

c) Regulations on data collection and use for databases under their management shall be promulgated and publicly disclosed;

d) Measures to ensure cybersecuriy, information security and confidentiality in the process of data connection and sharing in accordance with regulations of law.

2. Unless otherwise provided for by law, regulatory agencies shall connect and share data with other agencies and organizations. Do not provide information that can be obtained via connection and sharing between information systems in the form of physical documents. Do not collect fees for sharing data between regulatory agencies.

3. Regulatory agencies shall apply methods of online data connection and sharing on cyberspace between information systems of data providers and data users, excluding the case where information concerning state secret or requiring ensuring national defense and security. In case of rejection, specific reasons for rejection are required.

4. Regulatory agencies shall apply models of data connection and sharing according to the following order of precedence:

...

...

...

b) Direct connection between information systems and databases when intermediate systems are inaccessible or governing bodies of intermediate systems assess that such intermediate systems fail to satisfy requirements for data connection and sharing.

5. National EA framework for digital transformation prescribed in Point a Clause 4 of this Article shall include Architecture framework for e-government and digital government; architecture framework of agencies and organizations.

6. The Government shall elaborate the data connection and sharing; national EA framework for digital transformation.

Article 43. Open data of regulatory agencies

1. Open data of regulatory agencies is data disclosed by competent regulatory agencies to agencies, organizations and individuals to freely use, reuse and share. Regulatory agencies shall disclose open data to agencies, organizations and individuals to freely use, reuse and share in order to improve e-transactions, digital transformation and digital socio-economic development.

2. The open data must be intact and show adequate information provided by regulatory agencies; be up-to-date; can be accessed and used on the Internet; can be sent, received, stored and processed by digital devices; has open file format and free file format.

3. Agencies, organizations and individuals can freely use open data, and are not required to enter personal information when collecting and using open data is not required.

4. Agencies, organizations and individuals can freely copy, share, change and use open data or connect open data with other data; use open data for their commercial or non-commercial products and services, unless otherwise provided for by law.

5. Agencies, organizations and individuals shall include citations and acknowledge the use of open data in products, services and relevant documents using open data.

...

...

...

7. The Government of Vietnam shall elaborate open data and provide requirements for ensuring the implementation of regulations in this Article.

Article 44. Operation of regulatory agencies on electronic media

1. Regulatory agencies shall ensure that all results of handling administrative procedures or results of other civil services that are not state secrets are presented in the form of electronic documents with the same legal value as that of printed documents, are accessible and usable in their final forms. Regulatory agencies shall receive and handle requests from organizations and individuals on electronic media, unless otherwise prescribed by law.

2. The following tasks of regulatory agencies should be performed completely in electronic environment: public service provision, internal affair administration; managerial tasks; supervision and inspection.

3. Regulatory agencies must prepare plans for emergency situations, network issues and contingency plans, thereby troubleshooting and returning transactions to normal.

4. Regulatory agencies may hire experts to provide advice about development of databases using annual state budget according to regulations of law; carry out technical and professional activities of management, operation and assurance of information security for information systems serving e-transactions of regulatory agencies.

5. The Government of Vietnam shall elaborate this Article.

Chapter VI

INFORMATION SYSTEMS SERVING E-TRANSACTIONS

...

...

...

1. An information system serving e-transactions is a collection of hardware, software and databases established with main functions and features of serving e-transactions, ensuring authentication and reliability in e-transactions.

The information system serving electronic transactions is classified according to the information system administrator; functions and features of the information system serving e-transactions; size, number of users in Vietnam or number of monthly visits from users in Vietnam.

2. An digital platform serving electronic transactions means an information system specified in Clause 1 of this Article that creates an electronic medium that allows parties to conduct transactions or provide or use products or services or use it to develop products or services.

3. A digital platform serving an e-transaction is a digital platform specified in Clause 2 of this Article whose administrator is independent of the parties conducting the transaction.

4. The Government shall elaborate this Article.

Article 46. E-transaction account

1. E-transaction accounts shall be issued by administrators of information systems serving e-transactions and managed and used in accordance with this Law.

2. An e-transaction account shall be used to conduct an electronic transaction, in order to store its transaction history and ensure the correct transaction order of the account holder, which is valid for proving the transaction history of the parties as prescribed in Clause 4 of this Article.

3. Agencies, organizations and individuals have the right to choose to use e-transaction accounts in accordance with their needs, unless otherwise provided for by law.

...

...

...

a) The information system serving the e-transaction must ensure its safety in accordance with the law on information security;

b) The transaction history must be uniquely attached with an agency, organization or individual that is the holder of the e-transaction account.

c) The transaction time must be accurate according to regulation of law on national standard time source.

Article 47. Responsibilities of administrators of information systems serving e-transactions

1. Administrators of information systems serving e-transactions shall be responsible for:

a) Complying with the regulations of this Law and laws on information security, cybersecurity, personal information protection, personal data protection and other relevant laws;

b) Providing information by electronic means in accordance with law in service of measurement, statistics, supervision, inspection, examination and reporting at the request of state management agencies in charge of e-transactions; sharing data in service of state management of e-transactions;

c) Supervising the security of information systems serving their e-transactions in accordance with the law on information security.

2. Administrators of large digital platforms serving electronic transactions shall be responsible for:

...

...

...

b) Publicly disclosing and disseminating mechanisms for reporting and handling problems arising in e-transactions;

c) Publicly disclosing and disseminating mechanisms for reporting and handling contents that violate Vietnamese law on digital platforms from reliable feedbacks;

d) Annually making reports, under the guidance of the Ministry of Information and Communications, on incidents that have occurred or incidents that have signs or risks of abusing information systems to commit acts of violating Vietnamese law.

3. Administrators of very large digital platforms serving e-transactions shall be responsible for:

a) Complying with regulations in clause 2 of this Article.

b) Publicly disclosing general principles, parameters or criteria used to make recommendations on displaying contents, advertisements to users and allowing users to choose not to use such recommendations based on analysis of data on users;

c) Allow users to uninstall any pre-installed applications without affecting basic technical features for normal operation of their platforms;

d) Publicly disclosing and disseminating codes of conduct applicable to users of their platforms.

4. The Government shall elaborate responsibilities of the administrators of intermediary digital platforms in Clauses 2 and 3 of this Article in accordance with scales, numbers of users in Vietnam or numbers of visits from users in Vietnam.

...

...

...

1. Regulatory agencies shall manage reporting, consolidation and sharing of data serving state management of e-transactions in accordance with regulations of law, and assigned functions, tasks and powers.

2. The Ministry of Information and Communications shall establish and operate systems for receiving and consolidating data serving state management of e-transactions of regulatory agencies specified in Clause 1 of this Article in accordance with the Government's regulations; assume the prime responsibility for elaborating, promulgating or requesting competent regulatory agencies to promulgate technical regulations on connection reference models serving data sharing by electronic means, device identifiers, reliability of information systems serving e-transactions.

Chapter VII

STATE MANAGEMENT OF E-TRANSACTIONS

Article 49. Contents of state management of e-transactions

1. Elaborating, promulgating and organizing implementation of strategies, plans and policies for the development of e-transactions; legislative documents on e-transactions; technical standards, regulations, technical requirements, economic-technical norms, quality of products and services in e-transactions.

2. Managing the reporting, measurement and statistics of e-transactions; managing the security supervision of information systems serving e-transactions of administrators of information systems.

3. Managing trust services.

4. Managing and organizing the construction, exploitation and development of national electronic authentication infrastructure; the issuance and revocation of digital signature certificates.

...

...

...

6. Disseminating policies and laws in e-transactions.

7. Managing the training, refresher training and development of human resources and experts in e-transactions.

8. Inspecting, examining, settling complaints, denunciations and handling violations of the law on e-transactions.

9. International cooperation on electronic transactions.

Article 50. Responsibilities for state management of e-transactions

1. The Government shall be responsible for the unified state management of e-transactions.

2. The Ministry of Information and Communications shall be the focal point agency responsible to the Government for taking charge and cooperating with ministries and ministerial agencies in performing state management of e-transactions.

3. Ministries, ministerial agencies and provincial People's Committees shall cooperate with the Ministry of Information and Communications in performing state management of e-transactions in domains and geographical areas within the scope of assigned tasks and powers.

4. The Minister of National Defense shall perform state management of e-transactions in cipher and fields related to civil service digital signatures on the basis of national technical standards and regulations on digital signatures in accordance with law.

...

...

...

IMPLEMENTATION CLAUSES

Article 51. Amendments, replacement or annulment of some articles of relevant laws

Section 119 of Appendix IV - List of conditional business lines enclosed with the Law on Investment No. 61/2020/QH14 which has been amended by Law No. 72/2020/QH14, Law No. 03/2022/QH15, Law No. 05/2022/QH15, Law No. 08/2022/QH15 and Law No. 09/2022/QH15 shall be amended as follows:

119

Trust service business

2. Section 7 of Part VI - Fees in the field of information and communications in the List of fees and charges enclosed with the Law on Fees and Charges No. 97/2015/QH13 which has been amended by Law No. 09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14 and Law No. 16/2023/QH15 shall be amended as follows:

7

Service fees for maintaining systems for checking status of digital signature certificates

The Ministry of Finance

...

...

...

4. Articles 58 and 59 of the Law on Information Technology No. 67/2006/QH11 amended by Law No. 21/2017/QH14 shall be annulled.

Article 52. Effect

1. This Law comes into force from July 01, 2024.

2. Law on Electronic Transactions No. 51/2005/QH11 shall be no longer valid from the date on which this Law comes into force, except for the case specified in Article 53 of this Law.

Article 53. Transition provisions

1. E-transactions established before the effective date of this Law and not yet implemented by the effective date of this Law shall continue to comply with the regulations of the Law on Electronic Transactions No. 51/2005/QH11 and legislative documents elaborating the Law on Electronic Transactions No. 51/2005/QH11, unless the parties agree to apply the regulations of this Law.

2. Digital certificates issued before the effective date of this Law and still valid on the effective date of this Law shall continue to comply with the regulations of the Law on Electronic Transactions No. 51/2005/QH11 and legislative documents elaborating Law on Electronic Transactions No. 51/2005/QH11 until the expiry dates of the digital certificates and have the same value as digital signature certificates in accordance with this Law.

3. Licenses for provision of public digital signature authentication services, licenses for using foreign digital certificates in Vietnam, operation registration certificates of special-use digital signature authentication service providers, certificates of safety of special-use digital signatures issued before the effective date of this Law and still in effect until the effective date of this Law, they may continue to be used until the expiry dates of such licenses or certificates.

The issuance of digital certificates under licenses and certificates specified in this Clause shall comply with the regulations of Law on Electronic Transactions No. 51/2005/QH11 and legislative documents elaborating Law on Electronic Transactions No. 51/2005/QH11.

...

...

...

5. Acknowledgements of registration for provision of e-contract authentication services in commercial transaction issued before the effective date of this Law shall continue to be used until June 30, 2027.

6. For applications for provision of e-contract authentication services in commercial transactions which have been submitted to competent regulatory agencies but have not yet acknowledged by the effective date of this Law, regulations of law on e-commerce may continue to apply.

7. The Government shall elaborate this Article.

This law was adopted by the XV National Assembly of the Socialist Republic of Vietnam, 5^th session on June 22, 2023.

CHAIRPERSON OF THE NATIONAL ASSEMBLY




Vuong Dinh Hue