Decree No. 106/2011/ND-CP amends and supplements certain articles of Decree No. 26/2007/ND-CP on digital signatures and services for verifying digital signatures. This document provides detailed regulations on management, licensing, operation, inspection, and penalties for organizations providing these services.
Đối tượng áp dụng
Organizations providing public, specialized, and foreign digital signature verification services; Ministry of Information and Communications; competent state agencies.
Các điểm cốt lõi
- Public, specialized, and foreign digital signatures are clearly defined.
- Organizations providing digital signature verification services must meet conditions related to personnel, technology, and licensing application documents.
- Licensing application documents and changes to licenses are detailed according to regulations.
- Digital certificates must include specific contents such as the name of the organization, the subscriber's name, public key, validity period, etc.
- Organizations providing specialized digital signature verification services must meet personnel and technical conditions to be granted a certificate.
🌐 Tác động xã hội từ văn bản này
- Reduce legal risks for organizations providing digital signature verification services.
- Strengthen strict management of the activities of these organizations to protect the rights and interests of citizens and businesses.
- Ensure information security and safety for digital signatures.
❓ Câu hỏi thường gặp
What is a public digital signature?
A public digital signature is a digital signature created by a subscriber using a digital certificate issued by an organization providing public digital signature verification services.
Which organization has the right to request issuance of a certificate meeting the security requirements for specialized digital signatures?
Organizations providing specialized digital signature verification services.
What does the licensing application dossier for public digital signature verification services include?
It includes the application form, business registration certificate, organizational charter and operation plan, financial proof documents, service provision project.
Which organization is responsible for periodic inspections of organizations providing services?
Ministry of Information and Communications.
What violations can result in a fine of VND 10,000,000 to VND 20,000,000?
Altering, deleting content of certificates; buying, selling, transferring, leasing, lending or borrowing certificates; providing false information.
Toàn văn
DECREE
Amending and supplementing some articles of Decree No. 26/2007/NĐ-CP of the Government dated February 15, 2007
detailing the implementation of the Law on Electronic Transactions regarding digital signatures and digital signature certification services
______________________________
THE GOVERNMENT
Pursuant to the Law on Organization of the Government dated December 25, 2001;
Pursuant to the Law on Electronic Transactions dated November 29, 2005;
Pursuant to the Administrative Violations Handling Ordinance dated July 2, 2002;
Considering the proposal of the Minister of Information and Communications,
DECREE:
Article 1. Amending and supplementing some articles of Decree No. 26/2007/NĐ-CP dated February 15, 2007 detailing the implementation of the Law on Electronic Transactions regarding digital signatures and digital signature certification services.
1. Replacing Clause 5 of Article 3 as follows:
“5. Public digital signature is a digital signature created by a subscriber using a digital certificate issued by an organization providing public digital signature certification service. Dedicated digital signature is a digital signature created by a subscriber using a digital certificate issued by an organization providing dedicated digital signature certification service. Foreign digital signature is a digital signature created by a subscriber using a foreign digital certificate.”
2. Amending and supplementing Point d Clause 1 of Article 6 as follows:
“Leading and coordinating with the Ministry of Public Security and the State Cryptographic Agency in managing organizations providing digital signature certification services including issuing licenses, certificates of qualification for ensuring security for dedicated digital signatures, recognition of foreign digital signatures and certificates; inspecting, supervising, and handling violations; and other necessary activities.”
3. Amending and supplementing Clause 2, Article 9 as follows:
“2. A digital signature is created using the private key corresponding to the public key recorded on the digital certificate issued by an organization providing national digital signature certification service, an organization providing public digital signature certification service, an organization providing dedicated digital signature certification service that has been certified as qualified to ensure security for dedicated digital signatures, or an organization providing foreign digital signature certification service recognized in Vietnam.”
4. Replacing Article 10 as follows:
“Article 10. Contents of Digital Certificate
The digital certificate issued by an organization providing national digital signature certification service, an organization providing public digital signature certification service, or an organization providing dedicated digital signature certification service that has been certified as qualified to ensure security for dedicated digital signatures must include the following contents:
1. Name of the organization providing digital signature certification service.
2. Name of the subscriber.
3. Serial number of the digital certificate.
4. Validity period of the digital certificate.
5. Public key of the subscriber.
6. Digital signature of the organization providing digital signature certification service.
7. Restrictions on purpose and scope of use of the digital certificate.
8. Limitations on the legal liability of the organization providing digital signature certification service.
9. Other necessary contents as prescribed by the Ministry of Information and Communications.”
5. Replacing Clause 3 of Article 15 as follows:
“3. Personnel conditions:
Having a technical staff, management staff, operational staff, security management staff, and customer service staff meeting the requirements of expertise and scale of service provision; not having been convicted.”
6. Replacing Article 16 as follows:
“Article 16. Application for License
The application for a license to provide public digital signature certification service shall be prepared in six sets (two original sets and four copies), each set containing the following:
1. The enterprise's application for a license to provide public digital signature certification service.
2. Business registration certificate or investment certificate of the enterprise clearly stating the business of providing electronic signature certification service.
3. Charter of organizational structure and operation of the enterprise.
4. Documents proving compliance with financial conditions stipulated in Clause 2 of Article 15 of this Decree.
5. Service provision plan including the following main contents:
a) Business plan including scope, target customers, quality standards, financial plan;
b) Technical plan to meet the requirements of Clause 4 of Article 15;
c) Certification regulations;
d) Criminal record form No. 2 and qualifications of personnel directly involved in the provision of digital signature certification services by the enterprise.”
7. Amending and supplementing Clause 2 of Article 18 as follows:
“2. The application for amendment of the license shall be prepared in six sets (two original sets and four copies), each set containing: application for amendment of the license content; copy of the current valid license; report on business operations; detailed content of the proposed amendments and reasons for changes in the license content.”
8. Replacing Clause 2 of Article 21 as follows:
“2. Supporting documents include:
a) For individuals: a valid copy of identity card, passport, or other lawful personal identification;
b) For organizations: a valid copy of establishment decision or business registration certificate or equivalent document of the organization; authorization letter and a valid copy of identity card, passport, or other lawful personal identification of the authorized representative of the organization.”
9. Amending and supplementing the name of Section 1 Chapter VI as follows:
“CONDITIONS AND PROCEDURES FOR THE RECOGNITION OF REGISTRATION ACTIVITIES OF ORGANIZATIONS PROVIDING DEDICATED DIGITAL SIGNATURE CERTIFICATION SERVICES”
10. Amending and supplementing the name of Article 46 as follows:
“Article 46. Procedures and formalities for the recognition of registration activities of organizations providing dedicated digital signature certification services.”
11. Amending and supplementing Clause 6 of Article 47 as follows:
“6. An organization providing dedicated digital signature certification services has the right to request the Ministry of Information and Communications to issue a certificate of qualification for ensuring security for dedicated digital signatures as required under Article 9 of this Decree. Conditions and procedures for issuing a certificate of qualification for ensuring security for dedicated digital signatures shall comply with the provisions of Articles 48, 49, and 50 of this Decree.”
12. Amending and supplementing the name of Section 2 Chapter VI as follows:
“CONDITIONS AND PROCEDURES FOR ISSUING A CERTIFICATE OF QUALIFICATION FOR ENSURING SECURITY FOR DEDICATED DIGITAL SIGNATURES”
13. Replacing Article 48 as follows:
“Article 48. Conditions for Issuing a Certificate of Qualification for Ensuring Security for Dedicated Digital Signatures
An organization providing dedicated digital signature certification services may only be issued a certificate of qualification for ensuring security for dedicated digital signatures if it meets the personnel, technical, and other conditions specified in Clauses 3, 4, and 5 of Article 15 of this Decree.”
14. Replacing Article 49 as follows:
“Article 49. Application for Issuance of a Certificate of Qualification for Ensuring Security for Dedicated Digital Signatures
The application for issuing a certificate of compliance with security conditions for specialized digital signatures consists of six sets (two original sets and four copies), each set including:
1. Application for issuing a certificate of compliance with security conditions for specialized digital signatures.
2. Decision on establishment and operational charter of the organization.
3. Service proposal including:
a) Scope and target audience of service provision;
b) Technical solutions to meet the provisions of Article 48 of this Decree;
c) Certification regulations;
d) Criminal record sheet number 2 and qualifications of personnel directly involved in the organization's digital signature certification services.
15. Replace Article 50 as follows:
"Article 50. Examination of applications and issuance of certificates of compliance with security conditions for specialized digital signatures
Within sixty working days from the date of receipt of the application for issuing a certificate of compliance with security conditions for specialized digital signatures, the Ministry of Information and Communications shall take the lead and coordinate with the Ministry of Public Security, the Government Cryptographic Committee, and relevant ministries and sectors to examine the application and conduct on-site inspections. In cases where the conditions for providing services as stipulated in Article 48 are met, the Ministry of Information and Communications will issue a certificate of compliance with security conditions for specialized digital signatures to the organization. If the organization does not meet the required conditions, the Ministry of Information and Communications will notify in writing and specify the reasons."
16. Replace Article 51 as follows:
"Article 51. Rights and obligations of organizations providing specialized digital signature certification services that have been issued a certificate of compliance with security conditions for specialized digital signatures.
Organizations providing specialized digital signature certification services that have been issued a certificate of compliance with security conditions for specialized digital signatures shall have the following rights and obligations:
1. To regulate their activities and the rights and obligations of related parties based on not contravening relevant laws and principles of the Vietnamese legal system.
2. To report periodically and at any time upon request of competent state agencies.
3. To be subject to inspection, audit, and handling of violations by competent state agencies.
4. To provide necessary information to investigative bodies or security agencies to serve the work of ensuring information security, investigation, and crime prevention according to the prescribed legal procedures.
5. In cases of emergency as defined by laws on emergency situations or to ensure national security, organizations providing specialized digital signature certification services that have been issued a certificate of compliance with security conditions for specialized digital signatures must fulfill all necessary support as requested by competent state agencies."
17. Replace Article 53 as follows:
"Article 53. Application for recognition of foreign digital signatures and certificates
The application for recognizing foreign digital signatures and certificates consists of six sets (two original sets and four copies), each set including:
1. Application for recognizing foreign digital signatures and certificates submitted by organizations providing foreign digital signature certification services.
2. Documents proving compliance with the requirements specified in Clause 1 and Clause 2, Article 52 of this Decree."
18. Amend and supplement Clause 1 of Article 61 as follows:
"1. Organizations providing public digital signature certification services and organizations providing specialized digital signature certification services that have been issued a certificate of compliance with security conditions for specialized digital signatures shall be subject to annual inspections by the Ministry of Information and Communications regarding compliance with this Decree. The results of the inspection must be publicly announced on the Ministry of Information and Communications' website."
19. Amend and supplement Article 62 as follows:
1. Amend and supplement Point b of Clause 1 of Article 62 as follows:
"b) Certificate of compliance with security conditions for specialized digital signatures."
2. Amend and supplement Clause 3 of Article 62 as follows:
"3. A fine of VND 10,000,000 to VND 20,000,000 shall be imposed for any of the following acts:
a) Altering or tampering with the content of the certificate of compliance with security conditions for specialized digital signatures;
b) Buying, selling, transferring, leasing, lending, renting, or borrowing the certificate of compliance with security conditions for specialized digital signatures;
c) Providing false information or documents for the purpose of registering activities or applying for a certificate of compliance with security conditions for specialized digital signatures."
20. Amend and supplement Point c of Clause 6 of Article 66 as follows:
"c) Not placing in Vietnam the equipment system for providing digital signature certification services of organizations licensed by the Ministry of Information and Communications to provide public digital signature certification services or issued a certificate of compliance with security conditions for specialized digital signatures."
21. Amend and supplement Clause 2 of Article 69 as follows:
"2. Revocation of licenses for providing public digital signature certification services or certificates of compliance with security conditions for specialized digital signatures or certificates recognizing foreign digital signatures and certificates for any of the following violations as stipulated in Point b, Point c Clause 2 Article 62, Point d Clause 2 Article 63; Article 64; Point b Clause 2, Points a, c, d Clause 3 Article 66 of this Decree."
Article 2. Replace the phrase "Ministry of Posts and Telecommunications" with the phrase "Ministry of Information and Communications" throughout Decree No. 26/2007/NĐ-CP dated February 15, 2007 detailing the implementation of the Law on Electronic Transactions concerning digital signatures and digital signature certification services.
Article 3. Implementation Provisions
This Decree takes effect from February 1, 2012.
Ministers, Heads of ministerial-level agencies, Heads of government-affiliated agencies, Chairpersons of provincial People's Committees directly under the Central Government shall be responsible for implementing this Decree.
Văn bản gốc (PDF)
Bản đồ quan hệ
Bấm vào một văn bản để mở. Viền đỏ = quan hệ làm thay đổi hiệu lực.
Bản dịch
Văn bản này có sẵn ở các ngôn ngữ sau: