NATIONAL
ASSEMBLY
--------
|
SOCIALIST
REPUBLIC OF VIETNAM
Independence - Freedom – Happiness
---------------
|
No. 20/2023/QH15
|
Hanoi, June 22,
2023
|
LAW
ELECTRONIC TRANSACTIONS
Pursuant to Constitution of the Socialist
Republic of Vietnam;
The National Assembly hereby promulgates the Law
on Electronic Transactions.
Chapter I
GENERAL PROVISIONS
Article 1. Scope
1. For the purpose of this Law, provision is made
for conducting transactions by electronic means.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
3. If other laws permit or does not specify whether
a transaction can be carried out electronically, this Law shall be applied. If
another law does not permit a transaction to be carried out electronically,
such law shall be applied.
Article 2. Regulated entities
This Law applies to agencies, organizations and
individuals directly involved in electronic transactions or relating to
electronic transactions.
Article 3. Definitions
For the purposes of this Law, the terms below shall
be construed as follows:
1. “Electronic transaction (e-transaction)” means
a transaction which is conducted using electronic means.
2. “Electronic means" includes
hardware, software, information system, or other means designed using
information technology, electrical technology, electronic technology, digital
technology, magnetic technology, wireless transmission technology, optical
technology, electromagnetic technology or other similar technologies.
3. “Electronic environment" includes
telecommunications networks, internet, computer networks and information
systems.
4. “data message" means information generated,
sent, received or stored by electronic means.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
6. “data” means a symbol, script, numeral,
image, sound or another similar type.
7. “electronic data" means the data
generated, processed or stored by electronic means.
8. “digital data” means electronic data
generated through the use of digital signals.
9. “master data" represents data
containing the core information that is used to describe a specific object,
serve as a basis for reference and uniformity between different databases or
data sets.
10. “database" means an organized
collection of electronic data accessed, exploited, shared, managed and updated
by electronic means.
11. “electronic signature” means data in
electronic form that are attached to or logically associated with a data
message to identify the signatory and authenticate his/her approval for the
data message.
12. “digital signature” means an electronic
signature using asymmetric algorithm consisting of a private key and a public
key. The private key is used to add the digital signature and the public key is
used to verify the digital signature. The digital signature ensures the authenticity,
integrity and undeniability but fails to ensure the secrecy of the data
message.
13. “electronic signature certificate" means
a data message for authentication of the signatory’s electronic signature. An electronic
signature certificate for digital signatures is called a digital signature
certificate.
14. “digital signature authentication service” means
a service provided by a digital signature authentication service
provider to authenticate the signatory on a data message and ensure the
undeniability of the signatory to the data message and ensures the integrity of
the associated data message.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
16. “electronic contract” means a contract
that is made in the form of a data message.
17. “intermediary” means an agency,
organization or individual who sends, receives or stores a data message or
provides other services related to the data message for another agency,
organization or individual.
Article 4. E-transaction development policy
1. Protect the interests of the State, interests of
the community, legal rights and interests of agencies, organizations and
individuals.
2. Ensure that the selection of e-transactions is
voluntary; and the parties agree on which types of technology, electronic
means, electronic signatures, other forms of authentication by electronic means
will be used to conduct e-transactions, unless otherwise provided for by law.
3. Develop e-transactions in all aspects to ensure
completion of all stages of the procedure by electronic means and promote
digital transformation; optimize the procedure, thereby shortening time for
processing and being more convenient in comparison with other transaction
methods.
4. Synchronously apply regulations and measures to
encourage, give incentives and facilitate the development of e-transactions;
take priority over investment in developing technology infrastructure,
developing and applying new technologies, training human resources for
e-transactions, especially in mountainous areas, border areas, islands, ethnic
minority areas, areas with difficult socio-economic conditions and areas with
extremely difficult socio-economic conditions.
Article 5. Assurance about cybersecuriy and
information security in e-transactions
1. Agencies, organizations and individuals shall
comply with regulations of law on e-transactions, law on information security,
law on cybersecurity and other regulations of relevant laws upon carrying out
e-transactions.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 6. Prohibited acts in e-transactions
1. Taking advantage of e-transactions to commit
offences against the national interests, national security, social order and
safety, public interests, legal rights and interests of agencies, organizations
and individuals.
2. Illegally obstructing or preventing the process
of generating, sending, receiving and storing data messages or committing other
acts to destroy information systems serving e-transactions.
3. Illegally collecting, providing, using,
disclosing, displaying, spreading, trading data messages.
4. Counterfeiting, falsifying, or illegally
deleting, canceling, copying, moving the part or whole of a data message.
5. Creating data messages in order to commit
illegal acts.
6. Cheating, counterfeiting, appropriating or
illegally using e-transaction accounts, electronic certificates, electronic
signature certificates, and electronic signatures.
7. Obstructing the selection of carrying out
e-transactions.
8. Committing other prohibited acts in accordance
with regulations of law.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
DATA MESSAGE
Section 1. Legal
value of data messages
Article 7. Formats of data messages
1. Data messages may be shown in the form of
electronic documents, electronic certificates, electronic records, electronic
contracts, e-mails, telegrams, telegraphs, facsimiles and other electronic data
interchange (EDI) forms according to regulations of law.
2. Data messages are created and generated during
the transactions or converted from printed documents.
Article 8. Legal value of data messages
Information stated in data messages cannot have its
legal value disclaimed for the sole reason that it is expressed in the form of
data messages.
Article 9. Data messages being as valid as
documents
1. Where any law requires information to be in
writing, the requirement of the law is fulfilled if the information is
contained in a data message that is accessible and usable for subsequent
reference.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 10. Data messages being as valid as
originals
A data message shall be used and be as valid as its
original if:
1. There exists an assurance as to the integrity of
the information contained in the data message from the time it is first
generated in its final form; and
The information contained in the data message is
assessed as integrity if it has remained complete and unaltered, apart from the
addition of any change which arises in the normal course of communication,
storage or display; and
2. Information contained in the data message is
accessible and usable in its final form.
Article 11. Data messages being as valid as
evidence
1. Data messages shall be used as the evidence
according to regulations of this Law and law on procedure.
2. A data message is valued as the evidence on the
basis of the reliability of the manner in which the data message is generated,
sent, received or stored; the manner in which the integrity of the data message
is ensured and remained; the manner in which originators, addressees of the data
message and other appropriate factors are determined.
Article 12. Conversion between printed documents
and data messages
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
a) There exists an assurance as to the integrity of
the information contained in the data message in comparison with that in the
printed document; and
b) Information contained in the data message is
accessible and usable for reference;
c) There is a special sign special signs of
certifying the conversation from the printed document to the data message and
information of the agency, organization or individual carrying out the
conversion;
d) If the printed document is a license,
certificate, confirmation or another approval document issued by a competent
authority or organization, the conversion requires a fulfillment of the
requirements in points a, b and c of this Clause and a digital signature of the
agency or organization carrying out the conversion, unless otherwise prescribed
by law. Information system serving the conversion must be able to convert
printed documents into data messages.
2. Requirements for conversion from a data message
to a printed document:
a) There exists an assurance as to the integrity of
the information contained in the printed document in comparison with that in
the data message; and
b) There is information to determine information
system and governing body of the information system that generate, send,
receive and store the original data message for searching;
c) There is a special sign certifying the
conversation from the data message to the printed document and information of
the agency, organization or individual carrying out the conversion;
d) If the data message is an electronic
certificate, the conversion requires a fulfillment of the requirements in
points a, b and c of this Clause and a signature and a stamp (if any) of the
agency or organization carrying out the conversion in accordance with
regulations of law. Information system serving the conversion must have the
feature of conversion from data messages to printed documents.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4. The Government of
Vietnam shall elaborate this Article.
Article 13. Storage of data messages
1. Where any law requires a document, record,
dossier or information to be stored, the document, record, dossier or
information may be stored in the form of a data message if the following
requirements are satisfied:
a) Information contained in the data message is
accessible and usable for reference;
b) Information contained in the data message is
stored in the very format in which it is generated, sent or received, or in a
format which can be demonstrated to represent accurately its contents;
c) The data message is stored in a given manner to
enable the identification of its origin, originator, addressee, date and time
when it was sent or received.
2. Unless otherwise prescribed by law, agencies,
organizations or individuals may select to store their documents, records,
dossiers and information in the form of printed documents or in the form of
data messages if they meet the requirements in Clause 1 of this Article.
3. Contents and time limits for storage of data
messages shall comply with regulations of law on storage and other regulations
of relevant laws. The storage of data messages is as valid as the storage of
printed documents.
Section 2. Sending
and receipt of data messages
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. An originator of a data message is an agency,
organization or individual who generates or sends the data message before such
message is stored, excluding any intermediary transmitting the data message.
2. Where the parties to a transaction do not agree otherwise,
the identification of the originator of a data message shall be as follows:
a) A data message is considered as that of an
originator if it is sent by, or on behalf of, the originator, or by an
information system which is programmed by the originator to operate
automatically;
b) The addressee is entitled to regard a data
message as being that of the originator if he/she has applied authentication
methods approved by the originator for ascertaining whether the data message
was that of the originator;
c) As from the time the addressee becomes aware of
technical errors or receives a notice from the originator of the data message
in the transmission of a data message or has applied, regulations in Point a
and Point b shall not apply.
3. If a party commits an error in inputting
information via an automated information system and the system fails to provide
an opportunity to correct the error to the party, the party is entitled to
remove the entered information if the following requirements are met:
a) Originator who commits an error in the process
of feeding information has sent a notification of his/her error to the relevant
parties immediately after he/she becomes aware of the error;
b) Originator who commits an error in the process
of feeding information has not used or received any benefits (if any) from the
parties.
4. The right to retrieve false information
prescribed in Clause 3 of this Article shall not affect the responsibility for
settlement of consequences arising from errors in e-transactions according to
other regulations of relevant laws.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 15. Time and place of dispatching a data
message
Unless otherwise agreed upon by the parties to a
transaction, the time and place of dispatching a data message is provided for
as follows:
1. The time of dispatching a data message is the
point of time when such data message is delivered from an information system
under the control of the originator or the originator’s representative. If the
information system is outside the control of the originator or the originator’s
representative, time of dispatching the data message is the point of time when
such data message is entered into the information system;
2. A data message, even if it is sent from any
place, is deemed to be sent from the originator's place of business if the
originator is an agency, organization or from the originator’s place of
residence if the originator is an individual. Where the originator has more
than one place of business, the data message shall be sent from the
originator’s principal place of business or from the place of business that has
the closest relationship with the transaction.
Article 16. Receipt of data messages
1. An addressee of a data message shall be an
agency, organization, individual or its representative designated to receive
the data message from an originator of the data message, excluding any
intermediary transmitting the data message.
2. Where the parties to a transaction do not agree
otherwise, the receipt of a data message shall be as follows:
a) The addressee is considered to have had received
the data message if the data message is entered into an information system
designated by the addressee and it is accessible;
b) The addressee is entitled to regard each data
message received as a separate data message, unless the data message is a
duplicate of another data message of which the addressee knew or has to know
that such data message was a duplicate;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
d) On or before sending a data message, if the
originator has declared that such data message was only valuable when there is
an acknowledgement, such data message is treated as though it has never been
sent until the acknowledgement is received;
dd) In case the originator had sent a data message
but he/she has not declared that the addressee must resend an acknowledgement
and he/she has not received any acknowledgement, except cases prescribed in
Point a of this Clause, the originator may give notice to the addressee stating
that no acknowledgement has been received and specifying a reasonable time by
which the acknowledgement must be received; if the acknowledgement is not
received within the specified time, the originator is entitled to consider the
data message unsent.
Article 17. Time and place of receiving a data
message
Unless otherwise agreed upon by the parties to a
transaction, the time and place of receiving a data message is provided for as
follows:
1. If an addressee had designated an information
system to receive a data message, the time of receipt is the point of time when
such data message is entered into the designated information system and the
data message is accessible; if the originator had not designated an information
system to receive the data message, the time of receipt is the point of time
when such data message is entered into any information system of the originator
and the data message is accessible;
2. A data message, even if it is received from any
place, is deemed to be received from the addressee's place of business if the
addressee is an agency, organization or from the addressee’s place of residence
if the addressee is an individual. Where the addressee has more than one place
of business, the data message shall be sent from the addressee’s principal place
of business or from the place of business that has the closest relationship
with the transaction.
Article 18. Dispatch and receipt of a data
message
If an originator or an addressee designates one or
more information systems to automatically dispatch or receive a data message,
the receipt and dispatch of the data message shall comply with the regulations
in Articles 14, 15, 16 and 17 of this Law.
Section 3. Electronic
Certificate
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. Information contained in an e-certificate shall
have legal value if:
a) The e-certificate is signed by a digital
signature of an issuing agency or organization according to regulations herein;
b) Information contained in the e-certificate is
accessible and intelligible so as to be usable in its final form.
c) If any law requires a determination of time
related to the e-certificate, the e-certificate shall contain a timestamp.
2. An e-certificate issued by a foreign competent
agency or organization, in order to be recognized and used in Vietnam, must be
granted consular legalization, unless the consular legalization is exempted
according to regulations of Vietnamese law.
Article 20. Transfer of e-certificates
1. Where permission has been given by law for the
transfer of ownership of an e-certificate to take place, the following
requirements must be met:
a) The e-certificate clearly indicates the owner
and that such owner has the sole control over the e-certificate; b)
Requirements in Article 10 of this Law must be met;
c) The information system serving the transfer of
the e-certificate must satisfy at least information security level 3
requirements according to regulations of law on information security;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2. Where any law requires or permits the conversion
from printed documents to e-certificates for documents that are permitted by
law to have their ownership transferred and may only exist in one form, the
printed documents shall immediately lose their legal value when the conversion
is completed and requirements prescribed in Point d Clause 1 Article 12 of this
Law are met.
3. Where any law requires or permits the conversion
from e-certificates to printed documents for e-certificates that are permitted
by law to have their ownership transferred and may only exist in one form, the
e-certificates shall immediately lose their legal value when the conversion is
completed and requirements prescribed in Point d Clause 2 Article 12 of this
Law are met.
Article 21. Requirements for storage and
processing of e-certificates
1. The storage of e-certificates shall comply with
regulations on storage of data messages in Article 13 of this Law.
2. The information systems serving the storage and
processing of e-certificates must satisfy at least information security level 3
requirements according to regulations of law on information security;
Chapter III
ELECTRONIC SIGNATURES AND
TRUST SERVICES
Section 1. E-SIGNATURES
Article 22. E-signatures
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
a) Special-use e-signatures are e-signatures
designated and used by agencies and organizations for their particular purposes
according with their functions and tasks;
b) Public digital signatures are digital signatures
used in public activities and secured by public digital signature certificates;
c) Civil service digital signatures are digital
signatures used in civil services and secured by civil service digital
signature certificates;
2. Each special-use e-signature must fully satisfy
the following requirements:
a) The signature must be added to recognize the
signatory and assert the signatory’s approval for the data message;
b) Data used to generate the special-use
e-signature must solely accompany the approved data message;
c) Data use to generate the special-use e-signature
must be under the sole control of the signatory at the point of time when the
signature is added.
d) Effect of the special-use e-signature can be
checked under certain conditions agreed by the parties.
3. A digital signature is an e-signature fully
satisfying the following requirements:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
b) Digital signature creation data must solely accompany
the approved data message;
c) Digital signature creation data must be under
the sole control of the signatory at the point of time when the signature is
added;
d) All changes of the data message after adding the
signature are detectable;
dd) The signature must be secured by a digital
signature certificate. A civil service digital signature must be secured by a
digital signature certificate of a civil service digital signature
authentication service provider. A public digital signature must be secured by
a digital signature certificate of a public digital signature authentication
service provider;
e) Signature creation device is responsible for
qualifying that digital signature generation data must remain confidential,
unique and protected from forgery; and data used to generate the digital
signature is designed to be used only once; and it does not affect the data to
be signed.
4. The use of other authentication forms excluding
e-signatures by electronic means to show signatories’ approval for data
messages shall comply with other regulations of relevant laws.
Article 23. Legal value of e-signatures
1. E-signatures cannot have their legal value
disclaimed for the sole reason that they are expressed in the form of
e-signatures.
2. Special-use qualified e-signatures or digital
signatures have legal value equivalent to handwritten signatures of individuals
on printed documents.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 24. Civil service digital signature
authentication service
1. Civil service digital signature authentication
service is a digital signature authentication service in civil services.
2. Civil service digital signature certificates
shall be managed and provided by civil service digital signature authentication
service providers according to regulations of law on e-transactions and law on
cipher.
3. Civil service digital signature authentication
service providers shall:
a) Issue civil service digital signature
certificates for recognition and maintenance of effect of certificates of
signatories to data messages;
b) Revoke civil service digital signature
certificates;
c) Inspect and maintain effect of civil service
digital signature certificates; do not use technical and technological barriers
to limit the effect of civil service digital signatures;
d) Provide essential information to authenticate
civil service digital signatures;
dd) Link to national electronic authentication
service providers to facilitate inspection of effect of civil service digital
signatures;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4. Civil service digital signature certificates and
civil service digital signatures must satisfy technical regulations and
requirements for digital signatures and digital signature authentication
service according to regulations of law.
5. The Government of
Vietnam shall elaborate this Article.
Article 25. Use of special-use e-signatures and
special-use qualified e-signatures
1. Agencies and organizations that generate
special-use e-signatures are not permitted to provide services that involve
special-use e-signatures.
2. Special-use qualified e-signatures are
special-use e-signatures granted special-use qualified e-signature certificates
by the Ministry of Information and Communications.
3. An agency or organization which uses a
special-use e-signature to conduct a transaction with another organization or
individual or requests recognition of a special-use qualified e-signature shall
register with the Ministry of Information and Communications to be grant a
special-use qualified e-signature certificate.
4. The Government of
Vietnam shall elaborate this Article.
Article 26. Recognition of foreign e-signature
authentication service providers; recognition of foreign e-signatures, and
e-signature certificates
1. Requirements for recognition of foreign e-signature
authentication service providers in Vietnam include:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
b) Foreign e-signatures, and foreign e-signature
certificates provided by foreign e-signature authentication service providers
must satisfy technical standards and regulations on e-signatures and
e-signature certificates according to regulations of Vietnamese laws or
international standards that have been asserted or international treaties to
which Vietnam is a signatory;
c) Foreign e-signature certificates granted by foreign
e-signature authentication service providers are created on the basis of
authenticated personal identifiable information (PII) of foreign organizations
and individuals;
d) Foreign e-signature authentication service
providers must update current status of foreign e-signature certificates on
trust service authentication systems of competent authorities of Vietnam;
dd) Providers must have representative offices
(ROs) in Vietnam.
2. Requirements for recognition of foreign
e-signatures, foreign e-signature certificates in Vietnam include:
a) Foreign e-signatures and foreign e-signature
certificates must meet technical standards and regulations on e-signatures and
e-signature certificates according to regulations of Vietnamese laws or
international standards that have been asserted or international treaties to
which Vietnam is a signatory;
b) Foreign e-signature certificates are created on
the basis of personal identifiable information (PII), which has been verified,
of foreign organizations and individuals.
3. Users of foreign e-signatures and foreign
e-signature certificates recognized according to Clause 2 of this Article are
foreign organizations and individuals; Vietnamese organizations and individuals
wishing to enter into transactions with organizations and individuals of
foreign countries in which e-signatures and e-signature certificates of
Vietnamese service providers have not been recognized.
4. The Ministry of
Information and Communications shall elaborate the recognition of foreign
e-signature authentication service providers in Vietnam; and the recognition of
foreign e-signatures, and foreign e-signature certificates in Vietnam
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. E-signatures and e-signature certificates of
foreign nationals are only accepted in international transactions if they
belong to foreign organizations and individuals who are not present in Vietnam,
and they are effective on data messages sent to Vietnamese organizations and
individuals.
2. Organizations and individuals shall select and
take responsibility for accepting e-signatures and e-signature certificates of
foreign nationals on data messages to be used in international transactions.
Section 2. TRUST SERVICES
Article 28. Trust services
1. A trust service includes:
a) Timestamping service;
b) Data message authentication service;
c) Public digital signature authentication service.
2. Each trust service is a conditional business
line.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Electronic contract authentication service
providers in commercial transactions must satisfy e-contract authentication
service provision requirements according to regulations of law on e-commerce
and requirements for trust service provision according to Article 29 of this
Law.
4. The Government shall elaborate operation of
trust service providers; procedures, applications for issuance, extension,
change, re-issuance, suspension, revocation of business licences and other
contents according to regulations in this Article.
Article 29. Requirements for trust service
provision
1. Requirements for trust service provision
include:
a) Being enterprises which are legally established
and operated in the territory of Vietnam;
b) Satisfying financial, managerial and technical
requirements for each type of trust service specified in Clause 1, Article 28
of this Law;
c) Having information systems serving the trust service
provision which satisfy at least information security level 3 requirements
according to regulations of law on information security;
d) Having technical plans serving the provision for
each type of trust service specified in Clause 1, Article 28 of this Law;
dd) Having plans for technical connections serving
supervision, inspection and data reporting by electronic means, which satisfy
requirements for state management of trust services.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 30. Responsibilities of trust service
providers
1. Publicly disclose procedures for registering use
of services, forms and relevant costs.
2. Ensure 24/7 collection of information and
provision of services.
3. Store applications and documents, connect and
provide information and data by electronic means in accordance with regulations
of law.
4. Ensure that equipment in information systems is
coded and ready for technical connection serving state management of trust
services.
5. Implement professional measures, suspend, stop
provision of services or other professional measures at the request of
competent authorities according to regulations of law.
6. Act as administrators of information system
serving trust service provision which satisfy at least information security
level 3 requirements according to regulations of law on information security.
7. Annually report the trust service provision
according to regulations of competent authorities.
8. Pay service fees for maintaining systems for checking
status of digital signature certificates according to regulations of law on
fees and charges.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. Timestamping services are services to attach
information on points of time to data messages.
2. Timestamps are created in the form of digital
signatures.
3. Points of time attached to data messages are
points of time when timestamping service providers receive such data messages
and such data messages are authenticated by timestamping service providers.
4. Time source by timestamping service providers
must comply with regulations of law on national standard time source.
Article 32. Data message authentication services
A data message authentication service includes:
1. Data message storage and integrity verification
service;
2. Qualified data message dispatch and receipt
service.
Article 33. Public digital signature
authentication service
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
2. Public digital signature certificates shall be
granted by public digital signature authentication service providers according
to this Law.
3. Public digital signature authentication service
providers shall:
a) Issue public digital signature certificates for
recognition and maintenance of effect of certificates of signatories to data
messages;
b) Revoke public digital signature certificates;
c) Inspect and maintain effect of public digital
signature certificates; do not use technical and technological barriers to
limit the effect of public digital signatures;
d) Provide essential information to authenticate
public digital signatures;
dd) Link to national electronic authentication
service providers to facilitate inspection of effect of public digital
signatures;
4. Public digital signature certificates and civil
service digital signatures must meet technical regulations and requirements for
digital signatures and digital signature authentication service according to
regulations of law.
5. The Government of Vietnam shall elaborate this
Article.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
ENTRY INTO AND EXECUTION OF
E-CONTRACTS
Article 34. E-contracts
1. An e-contract shall be concluded or excecuted
from the interaction between an automated information system and a person or among
automated information systems and its legal value cannot be denied for the sole
reason that any inspection or intervention of human in each specific action
performed by the automated information systems or in the contract is not made.
2. Ministers and Heads of ministerial agencies
shall promulgate or propose promulgation of regulations on conclusion and
execution of e-contracts in their fields in conformity with current conditions.
Article 35. Entry into e-contracts
1. Entry into e-contracts means the use of data
messages to execute part or whole of transactions in the process of entering
into e-contracts.
2. Unless otherwise agreed upon by concerned
parties, an offer to enter into an e-contract and acceptance of the offer to
enter into the e-contract may be carried out through data messages.
Article 36. Principles of entry into and
execution of e-contracts
1. Parties shall have the right to reach agreements
on using part or whole of data messages and electronic means in the entry into
and execution of e-contracts.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
3. The entry into and execution of an e-contract
shall comply with the regulations of this Law, law on contracts and relevant
laws.
Article 37. Receipt, dispatch, time, location of
dispatching or receiving data messages in entry into and execution of
e-contracts
Receipt, dispatch, time, location of dispatching or
receiving data messages in entry into and execution of e-contracts shall comply
with the regulations in Articles 15, 16, 17 and 18 of this Law.
Article 38. Legal value of a notice in
conclusion and execution of e-contracts
In the process of concluding and executing an
e-contract, a notice in the form of a data message shall have the same legal
value as that of a printed notice.
Chapter V
E-TRANSACTIONS OF REGULATORY AGENCIES
Article 39. Types of e-transactions of
regulatory agencies
1. E-transactions within a regulatory agency.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
3. E-transactions between regulatory agencies and
other agencies, organizations and individuals.
Article 40. Management of data and common
databases
1. Data in regulatory agencies shall be uniformly
and hierarchically organized according to regulatory agencies’ responsibility
for management to improve e-transactions; shared to serve the operation of
regulatory agencies, people and enterprises according to regulations of law.
2. Common databases in a regulatory agency shall
include national databases, databases of Ministries, central and local
authorities.
3. Management of national databases shall be as
follows:
a) National databases containing master data shall
be used for reference and synchronization between databases of Ministries,
central and local authorities.
b) Master data in national databases can be
officially used and have the same legal value as that of printed documents
provided by competent authorities, unless otherwise provided for by law;
c) Data in national databases shall be shared with
Ministries, central and local authorities to handle administrative procedures,
reform administrative procedures, simplify administrative procedures for
people, enterprises and targets for socio-economic development;
d) The Prime Minister shall approve the list of
national databases. The list of national databases shall include names of
national databases, targets for establishment of national databases, coverage
of national databases, information on master data of national databases stored
and shared, users and uses, information created and updated on national
databases, methods of sharing data from national databases;
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4. Management of databases of Ministries, central
and local authorities shall be as follows:
a) Databases of Ministries, central and local
authorities are common information collections of Ministries, central and local
authorities;
b) Master data in databases of Ministries, central
and local authorities shall be officially used with the legal value equivalent
to that of printed documents provided by Ministries, central and local
authorities, unless otherwise provided for by law;
c) Ministries, ministerial agencies and agencies
affiliated to the Government and the Provincial People’s Committees shall
provide regulations on the list of databases; regulations on establishment,
update, maintenance and use of their databases. The list of databases of
Ministries, central and local authorities shall include names of databases;
description of uses, coverage and contents of each database; how data is
collected and updated and sources of data collection of each database; list of
items of databases including open data and shared data.
5. The State shall cover part or whole of costs for
construction and maintenance of national databases, databases of Ministries,
central and local authorities and other agencies of the State.
Article 41. Data creation and collection
1. The first priority shall be given to data
creation, collection and digital data development in order to develop digital
government, digital transformation in operation of regulatory agencies.
2. The creation of data in databases of regulatory
agencies requires the uniform use of a common code list issued by competent
regulatory agencies, matching with master data in national databases.
3. Regulatory agencies shall not be entitled to
collect and organize re-collection of data or require organizations and
individuals to provide data that such agencies has being managed or such data
is connected and shared by other regulatory agencies, unless data provision is
required for data update or verification or such data fails to meet quality
requirements according to technical standards and regulations or law requires
otherwise.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
Article 42. Data connection and share
1. Regulatory agencies shall be responsible for
ensuring the availability of data connection and sharing to agencies,
organizations and individuals, thereby serving e-transactions, including:
a) Personnel making data connection and sharing shall
include on-site personnel who are managing and operating information systems or
other relevant personnel in regulatory agencies; if on-site personnel does not
satisfy requirements, experts may be hired;
b) Projects on investment in application of information
technology funded by state budget to develop information systems, databases in
regulatory agencies must consist of items serving data connection and sharing.
If these items are not included in projects, explanations about the exclusion
of items serving data connection and sharing during the process of operation
and use are required;
c) Regulations on data collection and use for
databases under their management shall be promulgated and publicly disclosed;
d) Measures to ensure cybersecuriy, information
security and confidentiality in the process of data connection and sharing in
accordance with regulations of law.
2. Unless otherwise provided for by law, regulatory
agencies shall connect and share data with other agencies and organizations. Do
not provide information that can be obtained via connection and sharing between
information systems in the form of physical documents. Do not collect fees for
sharing data between regulatory agencies.
3. Regulatory agencies shall apply methods of
online data connection and sharing on cyberspace between information systems of
data providers and data users, excluding the case where information concerning
state secret or requiring ensuring national defense and security. In case of
rejection, specific reasons for rejection are required.
4. Regulatory agencies shall apply models of data
connection and sharing according to the following order of precedence:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
b) Direct connection between information systems
and databases when intermediate systems are inaccessible or governing bodies of
intermediate systems assess that such intermediate systems fail to satisfy
requirements for data connection and sharing.
5. National EA framework for digital transformation
prescribed in Point a Clause 4 of this Article shall include Architecture
framework for e-government and digital government; architecture framework of
agencies and organizations.
6. The Government shall elaborate the data
connection and sharing; national EA framework for digital transformation.
Article 43. Open data of regulatory agencies
1. Open data of regulatory agencies is data
disclosed by competent regulatory agencies to agencies, organizations and
individuals to freely use, reuse and share. Regulatory agencies shall disclose
open data to agencies, organizations and individuals to freely use, reuse and
share in order to improve e-transactions, digital transformation and digital
socio-economic development.
2. The open data must be intact and show adequate
information provided by regulatory agencies; be up-to-date; can be accessed and
used on the Internet; can be sent, received, stored and processed by digital
devices; has open file format and free file format.
3. Agencies, organizations and individuals can
freely use open data, and are not required to enter personal information when
collecting and using open data is not required.
4. Agencies, organizations and individuals can
freely copy, share, change and use open data or connect open data with other
data; use open data for their commercial or non-commercial products and
services, unless otherwise provided for by law.
5. Agencies, organizations and individuals shall
include citations and acknowledge the use of open data in products, services
and relevant documents using open data.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
7. The Government of Vietnam shall elaborate open
data and provide requirements for ensuring the implementation of regulations in
this Article.
Article 44. Operation of regulatory agencies on
electronic media
1. Regulatory agencies shall ensure that all
results of handling administrative procedures or results of other civil
services that are not state secrets are presented in the form of electronic
documents with the same legal value as that of printed documents, are
accessible and usable in their final forms. Regulatory agencies shall receive
and handle requests from organizations and individuals on electronic media,
unless otherwise prescribed by law.
2. The following tasks of regulatory agencies
should be performed completely in electronic environment: public service
provision, internal affair administration; managerial tasks; supervision and
inspection.
3. Regulatory agencies must prepare plans for
emergency situations, network issues and contingency plans, thereby
troubleshooting and returning transactions to normal.
4. Regulatory agencies may hire experts to provide
advice about development of databases using annual state budget according to
regulations of law; carry out technical and professional activities of
management, operation and assurance of information security for information
systems serving e-transactions of regulatory agencies.
5. The Government of Vietnam shall elaborate this
Article.
Chapter VI
INFORMATION SYSTEMS SERVING
E-TRANSACTIONS
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. An information system serving e-transactions is
a collection of hardware, software and databases established with main
functions and features of serving e-transactions, ensuring authentication and
reliability in e-transactions.
The information system serving electronic
transactions is classified according to the information system administrator;
functions and features of the information system serving e-transactions; size,
number of users in Vietnam or number of monthly visits from users in Vietnam.
2. An digital platform serving electronic
transactions means an information system specified in Clause 1 of this Article
that creates an electronic medium that allows parties to conduct transactions
or provide or use products or services or use it to develop products or
services.
3. A digital platform serving an e-transaction is a
digital platform specified in Clause 2 of this Article whose administrator is
independent of the parties conducting the transaction.
4. The Government shall elaborate this Article.
Article 46. E-transaction account
1. E-transaction accounts shall be issued by
administrators of information systems serving e-transactions and managed and
used in accordance with this Law.
2. An e-transaction account shall be used to
conduct an electronic transaction, in order to store its transaction history
and ensure the correct transaction order of the account holder, which is valid
for proving the transaction history of the parties as prescribed in Clause 4 of
this Article.
3. Agencies, organizations and individuals have the
right to choose to use e-transaction accounts in accordance with their needs,
unless otherwise provided for by law.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
a) The information system serving the e-transaction
must ensure its safety in accordance with the law on information security;
b) The transaction history must be uniquely
attached with an agency, organization or individual that is the holder of the
e-transaction account.
c) The transaction time must be accurate according
to regulation of law on national standard time source.
Article 47. Responsibilities of administrators
of information systems serving e-transactions
1. Administrators of information systems serving
e-transactions shall be responsible for:
a) Complying with the regulations of this Law and
laws on information security, cybersecurity, personal information protection,
personal data protection and other relevant laws;
b) Providing information by electronic means in
accordance with law in service of measurement, statistics, supervision,
inspection, examination and reporting at the request of state management
agencies in charge of e-transactions; sharing data in service of state
management of e-transactions;
c) Supervising the security of information systems
serving their e-transactions in accordance with the law on information
security.
2. Administrators of large digital platforms
serving electronic transactions shall be responsible for:
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
b) Publicly disclosing and disseminating mechanisms
for reporting and handling problems arising in e-transactions;
c) Publicly disclosing and disseminating mechanisms
for reporting and handling contents that violate Vietnamese law on digital
platforms from reliable feedbacks;
d) Annually making reports, under the guidance of
the Ministry of Information and Communications, on incidents that have occurred
or incidents that have signs or risks of abusing information systems to commit
acts of violating Vietnamese law.
3. Administrators of very large digital platforms
serving e-transactions shall be responsible for:
a) Complying with regulations in clause 2 of this
Article.
b) Publicly disclosing general principles,
parameters or criteria used to make recommendations on displaying contents,
advertisements to users and allowing users to choose not to use such
recommendations based on analysis of data on users;
c) Allow users to uninstall any pre-installed
applications without affecting basic technical features for normal operation of
their platforms;
d) Publicly disclosing and disseminating codes of
conduct applicable to users of their platforms.
4. The Government shall
elaborate responsibilities of the administrators of intermediary digital
platforms in Clauses 2 and 3 of this Article in accordance with scales, numbers
of users in Vietnam or numbers of visits from users in Vietnam.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
1. Regulatory agencies shall manage reporting,
consolidation and sharing of data serving state management of e-transactions in
accordance with regulations of law, and assigned functions, tasks and powers.
2. The Ministry of
Information and Communications shall establish and operate systems for receiving
and consolidating data serving state management of e-transactions of regulatory
agencies specified in Clause 1 of this Article in accordance with the
Government's regulations; assume the prime responsibility for elaborating,
promulgating or requesting competent regulatory agencies to promulgate
technical regulations on connection reference models serving data sharing by
electronic means, device identifiers, reliability of information systems
serving e-transactions.
Chapter VII
STATE MANAGEMENT
OF E-TRANSACTIONS
Article 49. Contents of state management of
e-transactions
1. Elaborating, promulgating and organizing
implementation of strategies, plans and policies for the development of
e-transactions; legislative documents on e-transactions; technical standards,
regulations, technical requirements, economic-technical norms, quality of
products and services in e-transactions.
2. Managing the reporting, measurement and
statistics of e-transactions; managing the security supervision of information
systems serving e-transactions of administrators of information systems.
3. Managing trust services.
4. Managing and organizing the construction,
exploitation and development of national electronic authentication infrastructure;
the issuance and revocation of digital signature certificates.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
6. Disseminating policies and laws in
e-transactions.
7. Managing the training, refresher training and
development of human resources and experts in e-transactions.
8. Inspecting, examining, settling complaints,
denunciations and handling violations of the law on e-transactions.
9. International cooperation on electronic
transactions.
Article 50. Responsibilities for state
management of e-transactions
1. The Government shall be responsible for the
unified state management of e-transactions.
2. The Ministry of Information and Communications
shall be the focal point agency responsible to the Government for taking charge
and cooperating with ministries and ministerial agencies in performing state
management of e-transactions.
3. Ministries, ministerial agencies and provincial
People's Committees shall cooperate with the Ministry of Information and
Communications in performing state management of e-transactions in domains and
geographical areas within the scope of assigned tasks and powers.
4. The Minister of National Defense shall perform
state management of e-transactions in cipher and fields related to civil
service digital signatures on the basis of national technical standards and
regulations on digital signatures in accordance with law.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
IMPLEMENTATION CLAUSES
Article 51. Amendments, replacement or annulment
of some articles of relevant laws
Section 119 of Appendix IV - List of conditional
business lines enclosed with the Law on Investment No. 61/2020/QH14 which has
been amended by Law No. 72/2020/QH14, Law No. 03/2022/QH15, Law No.
05/2022/QH15, Law No. 08/2022/QH15 and Law No. 09/2022/QH15 shall be amended as
follows:
119
Trust service business
2. Section 7 of Part VI - Fees in the field of
information and communications in the List of fees and charges enclosed with the
Law on Fees and Charges No. 97/2015/QH13 which has been amended by Law No.
09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14 and Law No.
16/2023/QH15 shall be amended as follows:
7
Service fees for maintaining systems for
checking status of digital signature certificates
The Ministry of
Finance
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
4. Articles 58 and 59 of the Law on Information
Technology No. 67/2006/QH11 amended by Law No. 21/2017/QH14 shall be annulled.
Article 52. Effect
1. This Law comes into force from July 01, 2024.
2. Law on Electronic Transactions No. 51/2005/QH11
shall be no longer valid from the date on which this Law comes into force,
except for the case specified in Article 53 of this Law.
Article 53. Transition provisions
1. E-transactions established before the effective
date of this Law and not yet implemented by the effective date of this Law
shall continue to comply with the regulations of the Law on Electronic
Transactions No. 51/2005/QH11 and legislative documents elaborating the Law on
Electronic Transactions No. 51/2005/QH11, unless the parties agree to apply the
regulations of this Law.
2. Digital certificates issued before the effective
date of this Law and still valid on the effective date of this Law shall
continue to comply with the regulations of the Law on Electronic Transactions
No. 51/2005/QH11 and legislative documents elaborating Law on Electronic
Transactions No. 51/2005/QH11 until the expiry dates of the digital
certificates and have the same value as digital signature certificates in
accordance with this Law.
3. Licenses for provision of public digital
signature authentication services, licenses for using foreign digital
certificates in Vietnam, operation registration certificates of special-use
digital signature authentication service providers, certificates of safety of
special-use digital signatures issued before the effective date of this Law and
still in effect until the effective date of this Law, they may continue to be
used until the expiry dates of such licenses or certificates.
The issuance of digital certificates under licenses
and certificates specified in this Clause shall comply with the regulations of
Law on Electronic Transactions No. 51/2005/QH11 and legislative documents
elaborating Law on Electronic Transactions No. 51/2005/QH11.
...
...
...
Please sign up or sign in to your
TVPL Pro Membership to see English documents.
5. Acknowledgements of registration for provision
of e-contract authentication services in commercial transaction issued before
the effective date of this Law shall continue to be used until June 30, 2027.
6. For applications for provision of e-contract
authentication services in commercial transactions which have been submitted to
competent regulatory agencies but have not yet acknowledged by the effective
date of this Law, regulations of law on e-commerce may continue to apply.
7. The Government shall elaborate this Article.
This law was adopted by the XV National Assembly
of the Socialist Republic of Vietnam, 5th session on June 22, 2023.
CHAIRPERSON OF
THE NATIONAL ASSEMBLY
Vuong Dinh Hue