This Decree regulates in details the Law on Cybersecurity of Vietnam pertaining to
1. Measures to protect cybersecurity; appraise cybersecurity; assess cybersecurity criteria; test cybersecurity; supervise cybersecurity; respond to and remedy cybersecurity incidents; use codes to protect cyber information security; request the removal of illegal information or false information;
2. Procedures for appraisal, assessment, inspection, supervision, response, and remedy to cybersecurity incidents regarding major national security information systems.
3. Cybersecurity criteria for major national security information systems.
4. Contents of the implementation of cybersecurity protection activities in state agencies.
5. Procedures for cybersecurity testing regarding information systems of agencies, organizations, and individuals
6. The storage of data and establishment of branches or representative offices in Vietnam with regard to foreign enterprises
7. The assignment and cooperation in implementing measures to protect cybersecurity, and prevent and handle acts of infringing on cybersecurity in case of state management contents are related to the management scope of many Ministries and central authorities.
Notably, according to Article 26 of this Decree, enterprises conducting business in Vietnam must store personal information of service users, including: account names, service use time, information on credit cards, emails, IP addresses of the last login or logout session, and registered phone numbers in association with accounts or data; data on relationships of service users in Vietnam: friends and groups such users have connected or interacted with, etc.
Foreign enterprises conducting business in Vietnam in one of the following fields are also required to store data according to the aforesaid regulations: telecommunications services; storage and sharing of data in cyberspace; provision of national or international domain names for service users in Vietnam; e-commerce; online payment; payment intermediaries; services of connection and transportation in cyberspace; social media and social communication; online games; services of provision, management, or operation other information in cyberspace in forms of messages, calls, video calls, emails, online chatting.
In addition, foreign enterprises may be required to establish branches or representative offices in Vietnam by the Department of Cyber Security for cooperation in investigation, handling of violations of laws on cybersecurity in case services provided by such foreign enterprises are used for violations of laws
This Decree takes effect from October 1st, 2022.
|Published||Vietlaw's Newsletter No. 576|