The new Law on Electronic Transactions passed by the 15th National Assembly on June 22, 2023, will replace Law on Electronic Transactions No. 51/2005/QH11. This Law shall take effect from July 1, 2024, and provides detailed regulations on various aspects of electronic transactions, including state management, certification of digital signatures, trusted services, technical infrastructure, technical standards, and technical specifications. It also addresses the transition from the old law to the new law.
Đối tượng áp dụng
This Law applies to organizations and individuals participating in electronic transactions in Vietnam.
Các điểm cốt lõi
- This Law shall take effect from July 1, 2024.
- Regulations on state management of electronic transactions
- Establishing technical standards and specifications for electronic transactions
- Determining the responsibilities of the Ministry of Information and Communications in implementing state management of electronic transactions
- Regulations on the transition from Law on Electronic Transactions No. 51/2005/QH11 to the new Law
🌐 Tác động xã hội từ văn bản này
- Developing a legal system for electronic transactions to facilitate the development of e-commerce and other business activities in the digital environment
- Strengthening state management of the field of electronic transactions to ensure cybersecurity and user rights
❓ Câu hỏi thường gặp
When does the new Law on Electronic Transactions take effect?
This Law shall take effect from July 1, 2024.
What are the transitional provisions of the new Law on Electronic Transactions?
Electronic transactions established before this Law takes effect and not yet completed may continue under the previous regulations, except where the parties agree to apply the new regulations. Digital certificates and licenses already issued and still valid shall continue to be used according to the previous regulations until their expiration date.
Which Law does the new Law on Electronic Transactions replace?
This Law replaces Law on Electronic Transactions No. 51/2005/QH11 upon its entry into force.
Toàn văn
LAW
ELECTRONIC TRANSACTIONS
On the basis of the Constitution of the Socialist Republic of Vietnam;
The National Assembly promulgates the Law on Electronic Transactions.
PART I
GENERAL PROVISIONS
Article 1. Scope of Regulation
1. This Law regulates the conduct of transactions using electronic means.
2. This Law does not regulate the content, conditions, or form of transactions.
3. In cases where other laws provide for or do not provide for transactions conducted through electronic means, this Law shall apply. Where other laws prohibit transactions conducted through electronic means, such prohibitions shall be followed.
Article 2. Applicability
This Law applies to agencies, organizations, and individuals directly participating in electronic transactions or related to electronic transactions.
Article 3. Explanation of Terms
In this Law, the following terms shall be understood as follows:
1. An electronic transaction is a transaction conducted through electronic means.
2. Electronic means are hardware, software, information systems, or other devices operating based on information technology, electrical, electronic, digital, magnetic, wireless transmission, optical, electromagnetic, or similar technologies.
3. An electronic environment is a telecommunication network, Internet, computer network, or information system.
4. Data message is information created, sent, received, stored through electronic means.
5. Electronic certificate is a license, certification, certificate, confirmation document, approval document issued by authorized agencies or organizations in electronic data form.
6. Data is a symbol, writing, number, image, sound, or similar form.
7. Electronic data is data created, processed, stored through electronic means.
9. Master data is data containing the most basic information to describe a specific object, serving as a reference basis for synchronization between different databases or data sets.
10. Database is a collection of electronic data organized for access, exploitation, sharing, management, and updating through electronic means.
11. Electronic signature is a signature in electronic data form logically attached or combined with a data message to confirm the subject's signature and affirm the subject's consent to the data message.
12. Digital signature is an electronic signature using asymmetric key algorithm, including a private key and a public key, wherein the private key is used for signing and the public key is used for verifying the digital signature. A digital signature ensures authenticity, integrity, and non-repudiation but does not ensure the confidentiality of the data message.
13. Electronic signature certificate is a data message confirming that an agency, organization, or individual has been certified as the signer of an electronic signature. An electronic signature certificate for a digital signature is called a digital signature certificate.
14. Digital signature verification service is a service provided by organizations offering digital signature verification services to authenticate the signatory on a data message, ensuring the non-repudiation of the signatory with the data message and the integrity of the signed data message.
15. Timestamp is electronic data attached to a data message allowing the determination of the time at which the data message existed at a specific point in time.
16. Electronic contract is a contract established in the form of a data message.
17. Intermediary is an agency, organization, or individual representing another agency, organization, or individual in sending, receiving, or storing data messages or providing other services related to those data messages.
Article 4. Policy for Developing Electronic Transactions
1. Protecting the interests of the State, public interests, rights and legitimate interests of agencies, organizations, and individuals.
2. Ensuring voluntary selection to implement electronic transactions; freely negotiating on the choice of types of technology, electronic means, electronic signatures, and other forms of confirmation by electronic means to conduct electronic transactions, except where otherwise provided by law.
3. Promoting comprehensive and full-cycle development of electronic transactions to fully implement the entire process electronically, driving digital transformation; optimizing processes, shortening processing time, and making it more convenient than other transaction methods.
4. Applying synchronized mechanisms and measures to encourage, provide incentives, and create conditions for developing electronic transactions; prioritizing investment in developing technological infrastructure, applying new technologies, and training human resources in electronic transactions, especially in mountainous areas, border regions, islands, ethnic minority regions, and economically disadvantaged areas.
Article 5. Ensuring Information Security and Cybersecurity in Electronic Transactions
1. Agencies, organizations, and individuals must comply with laws on electronic transactions, laws on information security, laws on cybersecurity, and other relevant laws when conducting electronic transactions.
2. Information in data messages that fall within the scope of state secrets must comply with laws on protecting state secrets and laws on cryptography.
Article 6. Prohibited Acts in Electronic Transactions
1. Exploiting electronic transactions to infringe upon national interests, ethnic interests, national security, social order and safety, public interests, rights, and legitimate interests of agencies, organizations, and individuals.
2. Obstructing or illegally preventing the creation, sending, receiving, storing of data messages or engaging in other acts aimed at destroying information systems serving electronic transactions.
3. Illegally collecting, providing, using, disclosing, displaying, disseminating, or trading data messages.
4. Illegally forging, altering, deleting, destroying, copying, or moving part or all of data messages.
5. Creating data messages to commit illegal acts.
6. Fraudulently, falsely, appropriating, or illegally using electronic transaction accounts, electronic certificates, electronic signature certificates, and electronic signatures.
7. Obstructing the selection to conduct electronic transactions.
8. Other prohibited acts as prescribed by law.
Chapter II
DATA MESSAGE
Section 1
LEGAL VALUE OF DATA MESSAGE
Article 7. Forms of Expression of Data Messages
1. Data messages are expressed in the form of electronic texts, electronic documents, electronic certificates, electronic vouchers, electronic contracts, emails, telegrams, telexes, faxes, and other forms of electronic data exchange as prescribed by law.
2. Data messages are created, generated during transactions, or converted from paper documents.
Article 8. Legal Value of Data Messages
Information in data messages shall not be denied their legal value solely because such information is expressed in the form of a data message.
Article 9. Data messages have the same value as written documents
1. In cases where laws require information to be expressed in writing, a data message shall be deemed to meet such requirements if the information contained therein can be accessed and used for reference.
2. Where laws require written documents to be notarized or certified, a data message shall be deemed to meet such requirements if it is notarized in accordance with the provisions of the Notarization Law; certified in accordance with this Law and the Certification Law.
Article 10. Data messages have the same value as original documents
A data message shall be used and have the same value as an original document when it meets the following requirements:
1. The information in the data message is ensured to be complete and unaltered from the time it was first created as a complete data message. Information in the data message is considered complete when it has not been changed, except for changes in form arising during the process of sending, storing, or displaying the data message;
2. The information in the data message can be accessed and used in its complete form.
Article 11. Data messages may be used as evidence
1. Data messages may be used as evidence in accordance with the provisions of this Law and the procedural laws.
2. The evidentiary value of a data message is determined based on the reliability of the methods of creation, sending, receiving, or storing the data message; the methods of ensuring and maintaining the integrity of the data message; the methods of identifying the creator, sender, or recipient of the data message, and other relevant factors.
Article 12. Conversion between paper documents and data messages
1. A data message converted from a paper document must meet the following requirements:
a) The information in the data message is ensured to be complete and unaltered like a paper document;
b) The information in the data message can be accessed and used for reference;
c) There is a specific mark confirming that it has been converted from a paper document to a data message and the information of the agency, organization, or individual performing the conversion;
d) In cases where the paper document is a permit, certificate, license, confirmation document, or other approval issued by an authorized agency or organization, the conversion must comply with the requirements set out in points a, b, and c of this clause and must include the digital signature of the agency or organization performing the conversion, unless otherwise provided by law. The information system serving the conversion must have the capability to convert from a paper document to a data message.
2. A paper document converted from a data message must meet the following requirements:
a) The information in the paper document is ensured to be complete and unaltered like a data message;
b) There is information to identify the information system and the administrator of the information system that created, sent, received, and stored the original data message for retrieval;
c) There is a specific mark confirming that it has been converted from a data message to a paper document and the information of the agency, organization, or individual performing the conversion;
d) In cases where the data message is an electronic certificate, the conversion must comply with the requirements set out in points a, b, and c of this clause and must include the signature and seal (if applicable) of the agency or organization performing the conversion in accordance with the law. The information system serving the conversion must have the capability to convert from a data message to a paper document.
3. The legal value of the document converted shall be governed by the relevant laws.
4. The Government shall provide detailed regulations on this matter.
Article 13. Forms of storing data messages
1. In cases where laws require that documents, certificates, files, materials, or information be stored, such documents, certificates, files, materials, or information may be stored in the form of data messages when they meet the following requirements:
a) The information within the data message can be accessed and used for reference purposes;
b) The information within the data message is stored in its original format as created, sent, or received, or in a format that accurately represents the information;
c) The data message is stored in a manner that allows the originator, sender, recipient, and time of sending and receiving the data message to be identified.
2. Unless otherwise provided by law, agencies, organizations, or individuals may choose to store documents, certificates, files, materials, or information on paper or in the form of data messages if the data message meets the requirements stipulated in Clause 1 of this Article.
3. The content and duration of storage for data messages shall be carried out in accordance with the provisions of the Law on Archives and other relevant laws. Storing data messages has the same effect as storing paper documents.
Section 2 TRANSMISSION AND RECEIPT OF DATA MESSAGES
Article 14. Originator of Data Messages
1. The originator of a data message is an agency, organization, or individual who creates or sends a data message before it is stored, excluding intermediaries who merely transmit the data message.
2. In the absence of an agreement between the parties involved in a transaction, the determination of the originator of a data message is governed as follows:
a) A data message is considered to be from the originator if it is sent by the originator of the data message, their representative, or by an automated information system established to operate automatically at the direction of the originator;
b) The recipient may consider a data message to be from the originator if they have applied verification methods approved by the originator and these methods confirm that the data message is from the originator;
c) From the moment the recipient becomes aware of a technical error or receives notification from the originator that the data message was sent due to a technical error and has used verification methods approved by the originator, the provisions of points a and b of this clause shall not apply.
3. Where one party makes an error in entering information through an automated information system which does not provide that party with an opportunity to correct the error, the party making the error in entering information has the right to withdraw the entered information if the following conditions are met:
a) The originator who made the error in entering information has notified the relevant parties about the error immediately upon becoming aware of it;
b) The originator who made the error in entering information has not used or received any benefit (if any) from the other parties.
4. The right to withdraw erroneous information provided for in Clause 3 of this Article does not affect the liability to address consequences arising from errors in electronic transactions as provided by other relevant laws.
5. The originator shall bear legal responsibility for the content of the data message they originate.
Article 15. Time and Place of Sending Data Messages
In the absence of other agreements between the parties involved in the transaction, the time and place of sending data messages shall be determined as follows:
1. The time of sending a data message is the moment when the data message leaves the information system under the control of the sender or the representative of the sender. If the information system is outside the control of the sender or the representative of the sender, the time of sending a data message is the moment when the data message enters the information system.
2. Regardless of where the data message is sent from, the place of sending the data message shall be considered the principal office of the sender if the sender is an agency or organization, or the residence of the sender if the sender is an individual. Where the sender has multiple offices, the place of sending the data message shall be the main office or the office most closely related to the transaction.
Article 16. Receiving Data Messages
1. The recipient of a data message is an agency, organization, individual, or the representative of such agency, organization, or individual designated to receive the data message from the sender of the data message, but does not include intermediaries who transmit the data message.
2. In the absence of other agreements between the parties involved in the transaction, the receipt of data messages shall be governed as follows:
a) The recipient is deemed to have received the data message if it enters the information system designated by them and is accessible;
b) The recipient may treat each received data message as an independent data message, except where the data message is a copy of another data message and the recipient knows or must know that the data message is a copy;
c) If before or during the sending of the data message, the sender requests or agrees with the recipient that the recipient must send a confirmation notice upon receipt of the data message, the recipient must comply with this request or agreement;
d) If before or during the sending of the data message, the sender declares that the data message only has value when a confirmation notice is given, the data message shall be deemed not to have been sent until the sender receives a confirmation notice from the recipient confirming receipt of the data message;
đ) If the sender sends the data message without declaring that the recipient must send a confirmation notice and has not yet received such a confirmation notice, except in the case specified in point a of this clause, the sender may notify the recipient that they have not received a confirmation notice and set a reasonable period for the recipient to send a confirmation notice; if the sender still does not receive a confirmation notice within the set period, the sender has the right to consider the data message not to have been sent.
Article 17. Time and Place of Receiving Data Messages
In the absence of other agreements between the parties involved in the transaction, the time and place of receiving data messages shall be determined as follows:
1. If the recipient designates an information system to receive the data message, the time of receipt is the moment when the data message enters the designated information system and becomes accessible; if the recipient does not designate an information system to receive the data message, the time of receipt of the data message is the moment when the data message enters any information system of the recipient and becomes accessible;
2. Regardless of where the data message is received, the place of receiving the data message shall be considered the principal office of the recipient if the recipient is an agency or organization, or the residence of the recipient if the recipient is an individual. Where the recipient has multiple offices, the place of receiving the data message shall be the main office or the office most closely related to the transaction.
Article 18. Automatic Sending and Receiving of Data Messages
Where the originator or recipient designates one or more automatic information systems to send or receive data messages, the sending and receiving of data messages shall be carried out in accordance with the provisions of Articles 14, 15, 16, and 17 of this Law.
Section 3
ELECTRONIC CERTIFICATES
Article 19. Legal Effect of Electronic Certificates
1. Information in an electronic certificate has legal effect when it meets the following requirements:
a) The electronic certificate is signed with a digital signature of the issuing agency or organization in accordance with the provisions of this Law;
b) The information in the electronic certificate can be accessed and used in its complete form;
c) In cases where the law requires the indication of time related to the electronic certificate, the electronic certificate must have a timestamp.
2. An electronic certificate issued by a foreign competent authority for recognition and use in Vietnam must be apostilled, except in cases exempted under Vietnamese law.
Article 20. Transfer of Electronic Certificates
1. Where the law permits the transfer of ownership rights over an electronic certificate, the transfer must meet the following requirements:
a) The electronic certificate identifies the owner and only that owner controls the electronic certificate;
b) The requirement stipulated in Article 10 of this Law;
c) The information system serving the transfer of the electronic certificate must meet the minimum cybersecurity protection level 3 requirements as prescribed by the law on cybersecurity;
d) Other requirements as prescribed by relevant laws.
2. Where the law requires or allows the conversion from paper form to electronic certificate for types of documents that the law permits the transfer of ownership rights and which exist solely in one form, the paper document loses its legal effect immediately upon completion of the conversion and meeting the requirements stipulated in point d, Clause 1, Article 12 of this Law.
3. Where the law requires or allows the conversion from electronic certificate to paper form for types of electronic certificates that the law permits the transfer of ownership rights and which exist solely in one form, the electronic certificate loses its legal effect immediately upon completion of the conversion and meeting the requirements stipulated in point d, Clause 2, Article 12 of this Law.
Article 21. Requirements for Storing and Processing Electronic Certificates
1. The storage of electronic certificates must comply with the provisions on storing data messages set forth in Article 13 of this Law.
2. The information system serving the storage and processing of electronic certificates must meet the minimum cybersecurity protection level 3 requirements as prescribed by the law on cybersecurity.
Chapter III
ELECTRONIC SIGNATURES AND RELIABLE SERVICES
Section 1
ELECTRONIC SIGNATURES
Article 22. Electronic Signatures
1. Electronic signatures are classified according to their scope of use as follows:
a) Specialized electronic signature is an electronic signature created and used exclusively by agencies or organizations for their own activities in accordance with their functions and responsibilities;
b) Public digital signature is a digital signature used in public activities and guaranteed by a public key certificate;
c) Specialized official digital signature is a digital signature used in official activities and guaranteed by a specialized official key certificate.
2. A specialized electronic signature must meet the following requirements:
a) Confirming the identity of the signer and affirming the signer's consent to the data message;
b) The data creating the specialized electronic signature is uniquely linked to the content of the accepted data message;
c) The data creating the specialized electronic signature is under the control of the signer at the time of signing;
d) The validity of the specialized electronic signature can be verified according to conditions agreed upon by the parties involved.
3. A digital signature is an electronic signature that meets the following requirements:
a) Confirming the identity of the signer and affirming the signer's consent to the data message;
b) The data creating the digital signature is uniquely linked to the content of the accepted data message;
c) The data creating the digital signature is under the control of the signer at the time of signing;
d) Any changes to the data message after the signing time can be detected;
đ) Must be guaranteed by a digital signature certificate. In the case of a specialized official digital signature, it must be guaranteed by a specialized official digital signature certificate provided by the service provider of specialized official digital signature certification services. In the case of a public digital signature, it must be guaranteed by a public digital signature certificate provided by the service provider of public digital signature certification services;
e) The means of creating a digital signature must ensure that the data creating the digital signature is not disclosed, collected, or used for the purpose of forgery; ensure that the data used to create the digital signature can only be used once; and prevent any alteration of the data to be signed.
4. The use of other forms of electronic confirmation to express the signer's consent to the data message, which are not electronic signatures, shall be carried out in accordance with other relevant laws.
Article 23. Legal Value of Electronic Signature
1. An electronic signature shall not be denied its legal value merely because it is expressed in the form of an electronic signature.
2. An electronic signature specifically designed to ensure security or a digital signature shall have legal value equivalent to that of the individual's signature on paper documents.
3. In cases where laws stipulate that a document must be confirmed by an agency or organization, such requirement shall be deemed fulfilled for a data message if the data message is signed with an electronic signature specifically designed to ensure security or a digital signature of that agency or organization.
Article 24. Service of Authenticating Specialized Digital Signatures for Official Duties
1. The service of authenticating specialized digital signatures for official duties is the service of authenticating digital signatures in official activities.
2. Certificates of specialized digital signatures for official duties shall be managed and provided by organizations providing services of authenticating specialized digital signatures for official duties in accordance with the provisions of the law on electronic transactions and the law on cryptography.
3. Organizations providing services of authenticating specialized digital signatures for official duties shall perform the following activities:
a) Issuing certificates of specialized digital signatures for official duties to confirm and maintain the validity status of the certificate of specialized digital signatures for official duties of the subject signing the data message;
b) Revoking certificates of specialized digital signatures for official duties;
c) Checking the validity of specialized digital signatures for official duties and maintaining the validity status of the certificate of specialized digital signatures for official duties; not using technical barriers or technology to limit the checking of the validity of specialized digital signatures for official duties;
d) Providing necessary information to authenticate specialized digital signatures for official duties;
đ) Connecting with organizations providing national electronic authentication services to ensure the checking of the validity of specialized digital signatures for official duties;
e) Issuing time stamps in official activities.
4. Certificates of specialized digital signatures for official duties and specialized digital signatures for official duties must meet technical standards and technical requirements for digital signatures and services of authenticating digital signatures as prescribed by law.
5. The Government shall provide detailed regulations on this matter.
Article 25. Use of Specialized Electronic Signatures and Electronic Signatures Specifically Designed to Ensure Security
1. Agencies and organizations establishing specialized electronic signatures may not engage in business related to specialized electronic signatures.
2. An electronic signature specifically designed to ensure security is a specialized electronic signature certified by the Ministry of Information and Communications as an electronic signature specifically designed to ensure security.
3. In cases where agencies and organizations use specialized electronic signatures to transact with other organizations or individuals or have a need to recognize electronic signatures specifically designed to ensure security, they shall register with the Ministry of Information and Communications to obtain certification of electronic signatures specifically designed to ensure security.
4. The Government shall provide detailed regulations on this matter.
Article 26. Recognition of Foreign Organizations Providing Services of Authenticating Electronic Signatures; Recognition of Foreign Electronic Signatures, Certificates of Foreign Electronic Signatures
1. Conditions for recognizing foreign organizations providing services of authenticating electronic signatures in Vietnam include:
a) Legally established and operating in the country where they are registered; having a technical audit report of the electronic signature authentication service system from a legally operating auditing organization in the country where they are registered;
b) Foreign electronic signatures, certificates of foreign electronic signatures provided by foreign organizations providing services of authenticating electronic signatures must comply with the technical standards and technical regulations on electronic signatures, certificates of electronic signatures as prescribed by Vietnamese law or internationally recognized standards or international treaties to which the Socialist Republic of Vietnam is a party;
c) Foreign certificates of electronic signatures provided by foreign organizations providing services of authenticating electronic signatures must be based on fully verified identification information of foreign organizations and individuals;
d) Foreign organizations providing services of authenticating electronic signatures must update the status of foreign certificates of electronic signatures in the trusted service authentication system of the competent authority in Vietnam;
đ) Having a representative office in Vietnam.
2. Conditions for recognizing foreign electronic signatures, certificates of foreign electronic signatures in Vietnam include:
a) Foreign electronic signatures, certificates of foreign electronic signatures must comply with the technical standards and technical regulations on electronic signatures, certificates of electronic signatures as prescribed by Vietnamese law or internationally recognized standards or international treaties to which the Socialist Republic of Vietnam is a party;
b) Foreign certificates of electronic signatures must be based on fully verified identification information of foreign organizations and individuals.
3. The users of recognized foreign electronic signatures, certificates of foreign electronic signatures under the provisions of Clause 2 of this Article are foreign organizations and individuals; Vietnamese organizations and individuals who have a need to conduct electronic transactions with foreign organizations and individuals whose service providers' electronic signatures and certificates of electronic signatures have not been recognized in those countries.
4. The Minister of Information and Communications shall provide detailed regulations on recognizing foreign organizations providing services of authenticating electronic signatures in Vietnam; recognizing foreign electronic signatures, certificates of foreign electronic signatures in Vietnam.
Article 27. Foreign electronic signatures and foreign electronic signature certificates are accepted in international transactions
1. Foreign electronic signatures and foreign electronic signature certificates accepted in international transactions refer to foreign electronic signatures and foreign electronic signature certificates of organizations and individuals from abroad who are not present in Vietnam, which are valid for data messages sent to Vietnamese organizations and individuals.
2. Organizations and individuals select and are responsible for accepting foreign electronic signatures and foreign electronic signature certificates on data messages in international transactions.
Section 2
RELIABLE SERVICES
Article 28. Reliable services
1. Reliable services include:
a) Time stamping service;
b) Data message authentication service;
c) Public key infrastructure certification service.
2. Reliable services are conditional business sectors.
3. Organizations providing reliable services must have a business license issued by the Ministry of Information and Communications, except for the electronic contract authentication service in e-commerce. The organization has the right to register one or more services specified in Clause 1 of this Article. The validity period of the business license for reliable services is ten years. An organization providing the electronic contract authentication service in e-commerce must meet the conditions for operating the electronic contract authentication service as stipulated by the law on e-commerce and the conditions for conducting reliable services as provided in Article 29 of this Law.
4. The Government shall provide detailed regulations on the operation of organizations providing reliable services; procedures, formalities, files for issuing, extending, changing, reissuing, temporarily suspending, and revoking business licenses for reliable services, and other contents prescribed in this Article.
Article 29. Conditions for conducting reliable services
1. Conditions for conducting reliable services include:
a) Being a business entity established and legally operating within the territory of Vietnam;
b) Meeting financial, management personnel, and technical conditions appropriate to each type of reliable service as specified in Clause 1 of Article 28 of this Law;
c) The information system providing reliable services must meet the minimum cybersecurity level 3 requirements as stipulated by the law on cybersecurity;
d) Having technical solutions serving the provision of services suitable to each type of reliable service as specified in Clause 1 of Article 28 of this Law;
đ) Having technical connection plans ready to serve supervision, inspection, and electronic reporting of data to meet state management requirements for reliable services.
2. The Government shall specify details of Clause 1 of this Article.
Article 30. Responsibilities of organizations providing reliable services
1. Publicly announce the registration process for using services, forms, and related costs.
2. Ensure continuous channels for receiving information and providing services 24 hours a day, seven days a week.
3. Implement record-keeping systems for files and documents, and connect and provide electronic information and data reports according to the provisions of the law.
4. Ensure that equipment in the information system is managed with codes and ready for technical connections to serve state management of reliable services.
5. Implement operational measures, suspend, or terminate service provision or other operational measures at the request of competent authorities as stipulated by the law.
6. Fulfill the responsibilities of the head of the information system serving the provision of reliable services to meet the minimum cybersecurity level 3 requirements as stipulated by the law on cybersecurity.
7. Annually report on the provision of reliable services according to the regulations of competent authorities.
8. Pay service fees for maintaining the status check system of electronic signature certificates according to the law on fees and charges.
Article 31. Time stamping service
1. The time stamping service is a service for embedding time information into data messages.
2. The time stamp is created in the form of a digital signature.
3. The time embedded into the data message is the time when the organization providing the time stamping service receives the data message and is certified by that organization.
4. The source of time of the organization providing the time stamping service must comply with the provisions of the law on national standard time sources.
Article 32. Data message authentication service
The data message authentication service includes:
1. Service for storing and confirming the integrity of data messages;
2. Service for sending and receiving secure data messages.
Article 33. Public digital signature certification service
1. The public digital signature certification service is a service for certifying digital signatures in public activities.
2. Public digital signature certificates are provided by organizations providing public digital signature certification services in accordance with this Law.
3. Organizations providing public digital signature certification services shall perform the following activities:
a) Issuing public digital signature certificates to confirm and maintain the validity status of public digital signature certificates of subjects signing data messages;
b) Revoking public digital signature certificates;
c) Checking the validity of public digital signatures and maintaining the validity status of public digital signature certificates; not using technical barriers to limit the checking of the validity of public digital signatures;
d) Providing necessary information to authenticate public digital signatures;
đ) Connecting with organizations providing national electronic authentication services to ensure the checking of the validity of public digital signatures.
4. Public digital signature certificates and public digital signatures must meet technical standards and technical requirements for digital signatures and digital signature certification services as prescribed by law.
5. The Government shall provide detailed regulations on this matter.
Chapter IV
ELECTRONIC CONTRACTS AND PERFORMANCE
Article 34. Electronic Contracts
1. An electronic contract concluded or performed through interaction between an automatic information system and a person or between automatic information systems without being denied legal value solely because there is no human verification or intervention in specific actions carried out by the automatic information systems or in the contract.
2. The Minister, Head of a ministerial-level agency shall issue regulations within their authority or submit to the competent authority for issuance of regulations on the conclusion and performance of electronic contracts in fields under their assigned tasks and powers, in accordance with practical conditions.
Article 35. Conclusion of Electronic Contracts
1. The conclusion of an electronic contract involves the use of data messages to conduct part or all of the transaction during the process of concluding the electronic contract.
2. Proposals for concluding and acceptance of electronic contracts are made through data messages, except where the parties have agreed otherwise.
Article 36. Principles for Concluding and Performing Electronic Contracts
1. The parties have the right to agree to use data messages and electronic means partially or entirely in the conclusion and performance of electronic contracts.
2. When concluding and performing electronic contracts, the parties have the right to agree on technical requirements and conditions ensuring the integrity and confidentiality related to the electronic contract.
3. The conclusion and performance of electronic contracts must comply with the provisions of this Law, the provisions of the Contract Law, and other relevant laws.
Article 37. Receipt, transmission, time and place of receipt and transmission of data messages in the formation and performance of electronic contracts
The receipt, transmission, time and place of receipt and transmission of data messages in the formation and performance of electronic contracts shall be carried out in accordance with the provisions of Articles 15, 16, 17, and 18 of this Law.
Article 38. Legal value of notifications in the formation and performance of electronic contracts
In the formation and performance of electronic contracts, notifications in the form of data messages have the same legal value as notifications on paper.
Chapter V
ELECTRONIC TRANSACTIONS OF STATE AGENCIES
Article 39. Types of electronic transactions of state agencies
1. Electronic transactions within state agencies.
2. Electronic transactions between state agencies.
3. Electronic transactions between state agencies and organizations, individuals.
Article 40. Management of data, shared databases
1. Data in state agencies are organized uniformly, managed hierarchically according to the management responsibility of state agencies to promote electronic transactions; shared for the activities of state agencies, citizens, businesses in accordance with the provisions of the law.
2. Shared databases in state agencies include national databases, databases of ministries, sectors, localities.
3. The management of national databases is regulated as follows:
a) National databases contain primary data serving as reference bases for data synchronization among databases of ministries, sectors, and localities;
b) Primary data in national databases have official usage value, equivalent to paper documents provided by competent authorities, except where otherwise stipulated by law;
c) Data in national databases are shared with ministries, sectors, and localities to serve administrative procedure resolution, administrative reform, simplification of administrative procedures for citizens and businesses, and socio-economic development goals;
d) The Prime Minister approves the list of national databases. The list of national databases must reflect the following basic contents: name of the national database; objectives of building the national database; scope of data in the national database; information about primary data stored and shared in the national database; subjects and purposes of using and exploiting the national database; sources of information built and updated into the national database; methods of sharing data from the national database;
đ) The Government regulates the construction, updating, maintenance, exploitation, and use of national databases; regulates the sharing of national databases with other state agency databases.
4. The management of databases of ministries, sectors, and localities is regulated as follows:
a) Databases of ministries, sectors, and localities are collections of shared information of ministries, sectors, and localities;
b) Primary data in databases of ministries, sectors, and localities have official usage value, equivalent to paper documents provided by ministries, sectors, and localities, except where otherwise stipulated by law;
c) Ministries, ministerial-level agencies, government agencies, provincial People's Committees regulate the list of databases; construction, updating, maintenance, and exploitation and use of their own databases of ministries, sectors, and localities. The list of databases of ministries, sectors, and localities must reflect the following basic contents: name of the database; description of the purpose, scope, and content of each database; mechanisms for collecting, updating, and sources of data collected for each database; listing of data categories including open data and shared data.
5. The State ensures part or all of the funding for the construction and maintenance of national databases, databases of ministries, sectors, localities, and other state agencies.
1. The creation and collection of data, the development of digital data shall be prioritized at the highest level to develop the Digital Government and digital transformation in the operations of state agencies.
2. When creating data in the database of state agencies, a unified common directory code table issued by the competent state agency must be used, consistent with the master data in the national database.
3. State agencies shall not collect, organize the re-collection of data, or request organizations or individuals to provide again data that they are managing or data that other state agencies are ready to connect and share, except in cases where data provision is required to serve updates or for purposes of verifying or auditing data, or if such data does not meet quality requirements according to technical standards or other laws.
4. The Ministry of Information and Communications shall compile and publish a list of agencies providing data, the categories of data provided, and the common directory code tables for agencies, organizations, and individuals to search and exploit.
Article 42. Connection and Sharing of Data
1. State agencies have the responsibility to ensure the readiness for connecting and sharing data with agencies, organizations, and individuals, serving electronic transactions including:
a) Human resources for implementing connections and data sharing, including local human resources currently managing and operating information systems or other related personnel within state agencies; in cases where local human resources cannot meet the requirements, experts may be hired;
b) Investment projects applying information technology using state budget funds to build information systems and databases in state agencies must include components serving connection and data sharing. In cases where there is no such component, a detailed explanation must be provided proving the absence of connection and data sharing activities during operation and exploitation;
c) Issuing and publicly announcing regulations on the exploitation and use of data for databases under their management;
d) Applying measures to ensure cybersecurity, network security, and data confidentiality during the process of connecting and sharing data in accordance with the provisions of the law.
2. Except where otherwise provided by law, state agencies have the responsibility to connect and share data with other agencies and organizations; they shall not provide information through paper documents for information already obtained through system connections and sharing; they shall not charge fees for data sharing between state agencies.
3. State agencies must apply online connection and data sharing methods between information systems of data-providing agencies and agencies or organizations exploiting data, except in cases involving state secrets or national defense and security requirements. If online connection and data sharing methods are not applied, the reasons must be clearly stated in writing.
4. State agencies shall apply the following priority models for data connection and sharing:
b) Direct connection between information systems and databases when intermediary systems are not yet ready or the main managing agency of intermediary systems determines that intermediary systems cannot meet the requirements for data connection and sharing.
5. The overall national digital architecture framework specified in point a, Clause 4 of this Article includes the e-Government and Digital Government architecture frameworks; the digital architecture frameworks of agencies and organizations.
6. The Government shall specify details regarding data connection and sharing; the overall national digital architecture framework.
Article 43. Open Data of State Agencies
1. Open data of state agencies is data published widely by authorized state agencies for organizations, individuals to freely use, reuse, and share. State agencies publish open data to enable organizations, individuals to freely use, reuse, and share in order to promote electronic transactions, digital transformation, and the development of digital economy and society.
2. Open data must be complete and fully reflect the information provided by state agencies, updated to the latest version, accessible and usable on the Internet, ensuring that digital devices can send, receive, store, and process it, adhering to open formats and being free of charge.
3. Organizations, individuals have the freedom to access and use open data without requiring identity declaration when exploiting or using open data.
4. Organizations, individuals are permitted to freely copy, share, exchange, use open data or combine open data with other data; use open data in their commercial or non-commercial products and services, except where otherwise provided by law.
5. Organizations, individuals must cite and record the information on the use of open data in related products, services, documents that use open data.
6. State agencies are not liable for any damage incurred by organizations, individuals arising from the use of open data.
7. The Government shall provide detailed regulations on open data and conditions to ensure the implementation of the provisions stipulated in this Article.
Article 44. Activities of State Agencies in Electronic Environment
1. State agencies must ensure that the results of administrative procedures or other public service activities not within the scope of state secrets are available in electronic form with legal validity equivalent to paper documents, and can be accessed and used in a complete format. State agencies must accept and resolve requests from organizations, individuals in the electronic environment, except where otherwise provided by law.
2. Priority areas for state agency activities to be fully implemented in the electronic environment include: provision of public services; internal management work; direction and operation; supervision, inspection, and audit.
3. State agencies must prepare contingency plans for emergency situations, in cases of interruptions in online network operations, and plans for rescue, remediation of incidents, and maintenance of normal transaction operations.
4. State agencies may hire experts from the state budget annually according to legal provisions to advise on database construction; carry out specialized technical activities related to management, operation, and ensuring cybersecurity for systems serving electronic transactions of state agencies.
5. The Government shall provide detailed regulations on this matter.
Chapter VI
INFORMATION SYSTEMS SERVING ELECTRONIC TRANSACTIONS
Article 45. Information Systems Serving Electronic Transactions
1. Information systems serving electronic transactions are a set of hardware, software, and databases established with primary functions and features to serve electronic transactions, ensuring authentication and reliability in electronic transactions. Information systems serving electronic transactions are classified based on the system's owner; the functions and features of the information system serving electronic transactions; scale, number of users in Vietnam or monthly access volume from users in Vietnam.
2. Digital platforms serving electronic transactions are information systems as defined in Clause 1 of this Article that create an electronic environment allowing parties to conduct transactions or provide, use products and services or use them to develop products and services.
3. Intermediary digital platforms serving electronic transactions are digital platforms as defined in Clause 2 of this Article whose owners are independent from the parties conducting transactions.
4. The Government shall provide detailed regulations on this matter.
Article 46. Electronic Transaction Account
1. The electronic transaction account shall be issued by the system administrator serving electronic transactions and managed and used in accordance with the provisions of this Law.
2. The electronic transaction account shall be used to conduct electronic transactions, to store transaction history, and ensure the accuracy of the transaction sequence of the account holder, having legal value to prove the transaction history of the parties involved as stipulated in Clause 4 of this Article.
3. Organizations, individuals have the right to choose to use an appropriate electronic transaction account based on their needs, except where otherwise provided by law.
4. The transaction history of the electronic transaction account has legal value to prove transactions when meeting the following requirements:
a) The information system serving electronic transactions must ensure security in accordance with the laws on cybersecurity and information protection.
b) It must be uniquely linked to one organization, individual who is the account holder of the electronic transaction account.
c) Ensure accurate transaction time from the source time according to the regulations of the law on national standard time sources.
Article 47. Responsibilities of the System Administrator Serving Electronic Transactions
1. The system administrator serving electronic transactions shall have the following responsibilities:
a) Comply with the provisions of this Law and laws on cybersecurity, network security, personal information protection, personal data protection, and other relevant laws;
b) Provide information through electronic means as prescribed by law to serve measurement, statistics, supervision, inspection, and reporting activities at the request of state management agencies for electronic transactions; share data to serve state management of electronic transactions;
c) Monitor the safety of the information system serving electronic transactions in accordance with the laws on cybersecurity.
2. The platform administrator of large-scale intermediary platforms serving electronic transactions shall have the following responsibilities:
a) Comply with the provisions of Clause 1 of this Article;
b) Publicly announce and disseminate mechanisms for reporting and resolving issues arising during electronic transactions;
c) Publicly announce and disseminate mechanisms for reporting and handling violations of Vietnamese law on intermediary digital platforms from reliable sources;
d) Annually report, in accordance with guidelines from the Ministry of Information and Communications, incidents that have occurred or show signs or risks of exploiting the information system to commit acts violating Vietnamese law.
3. The platform administrator of very large-scale intermediary platforms serving electronic transactions shall have the following responsibilities:
a) Comply with the provisions of Clause 2 of this Article;
b) Publicly announce general principles, parameters, or criteria used to provide recommendations for displaying content and advertisements to users and allow users to opt-out of such recommendations based on user data analysis;
c) Allow users to uninstall any pre-installed applications without affecting the basic technical functions necessary for normal system operation;
d) Publicly announce and disseminate a code of conduct applicable to all parties participating in using the system.
4. The Government shall specify in detail the responsibilities of the platform administrators under Clauses 2 and 3 of this Article in accordance with the scale and number of users in Vietnam or the number of accesses from users in Vietnam.
Article 48. Reporting, Aggregating, and Sharing Data for State Management of Electronic Transactions
1. State agencies manage reporting, aggregating, and sharing data for state management of electronic transactions in accordance with the provisions of the law, consistent with their functions, tasks, and assigned authorities.
2. The Ministry of Information and Communications establishes and operates a system to receive and aggregate data for state management of electronic transactions of state agencies as stipulated in Clause 1 of this Article in accordance with the Government's regulations; takes the lead in building, promulgating, or proposing competent state agencies to promulgate technical regulations regarding the reference model for connection services to facilitate electronic data sharing, device identification, and network trust criteria of information systems serving electronic transactions.
Chapter VII
STATE MANAGEMENT OF ELECTRONIC TRANSACTIONS
Article 49. Contents of State Management of Electronic Transactions
1. Building, promulgating, and implementing strategies, plans, and policies for developing electronic transactions; legal normative documents on electronic transactions; standards, technical norms, technical requirements, economic-technical quotas, product and service quality in electronic transactions.
2. Managing reporting, measuring, and statistical activities of electronic transactions; managing the supervision of information system security serving electronic transactions by the information system managers.
3. Managing reliable services.
4. Managing, organizing the construction, exploitation, and development of national electronic authentication infrastructure; issuing and revoking digital certificates.
5. Specifying interconnection between public digital signature service systems and specialized government digital signature systems.
6. Promoting and disseminating policies and laws in electronic transactions.
7. Managing training, capacity building, and human resource development in electronic transactions.
8. Inspecting, supervising, handling complaints, denunciations, and dealing with violations of laws on electronic transactions.
9. International cooperation on electronic transactions.
Article 50. Responsibilities for State Management of Electronic Transactions
1. The Government exercises unified state management over electronic transactions.
2. The Ministry of Information and Communications is the lead agency responsible to the Government for taking the lead and coordinating with other Ministries and equivalent agencies to implement state management of electronic transactions.
3. Ministries, equivalent agencies, and provincial People's Committees cooperate with the Ministry of Information and Communications to implement state management of electronic transactions within their respective fields and areas based on assigned tasks and authorities.
4. The Minister of National Defense implements state management of electronic transactions in the field of confidential operations and specialized government digital signatures based on national standards and technical norms for digital signatures as prescribed by law.
Chapter VIII
IMPLEMENTING PROVISIONS
Article 51. Amending, Supplementing, Replacing, and Abolishing Certain Provisions of Related Laws
1. Amend and supplement Item 119 under Appendix IV - List of Industries and Businesses Subject to Investment Conditions issued together with the Investment Law No. 61/2020/QH14 which has been amended and supplemented by some articles according to Law No. 72/2020/QH14, Law No. 03/2022/QH15, Law No. 05/2022/QH15, Law No. 08/2022/QH15, and Law No. 09/2022/QH15 as follows:
| 119 | Reliable Service Business |
2. Amend and supplement Item 7 under Part VI - Fees in the Field of Information and Communication in the Fee and Charge List issued together with the Law on Fees and Charges No. 97/2015/QH13 which has been amended and supplemented by some articles according to Law No. 09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14, and Law No. 16/2023/QH15 as follows:
| 7 | Maintenance Fee for Digital Certificate Status Checking System | Ministry of Finance, |
3. Replace the phrase "specialized digital signature certification system" with "specialized government digital signature certification system" at Clause 3 of Article 19 of the Government Organization Law No. 76/2015/QH13 which has been amended and supplemented by some articles according to Law No. 47/2019/QH14.
4. Abolish Article 58 and Article 59 of the Information Technology Law No. 67/2006/QH11 which has been amended and supplemented by some articles according to Law No. 21/2017/QH14.
Article 52. Effective date
1. This Law shall take effect from July 1, 2024.
2. The Law on Electronic Transactions No. 51/2005/QH11 shall cease to be effective from the date this Law takes effect, except as provided for in Article 53 of this Law.
Article 53. Transitional Provisions
1. Electronic transactions established before the date this Law takes effect and not completed by the time this Law takes effect shall continue to be implemented in accordance with the Law on Electronic Transactions No. 51/2005/QH11 and detailed legal normative documents regulating the Law on Electronic Transactions No. 51/2005/QH11, unless the parties agree to apply the provisions of this Law.
2. Digital certificates issued before the date this Law takes effect and still valid on the date this Law takes effect shall continue to be implemented in accordance with the Law on Electronic Transactions No. 51/2005/QH11 and detailed legal normative documents regulating the Law on Electronic Transactions No. 51/2005/QH11 until the expiration date of the digital certificate and have the same value as digital signature certificates under this Law.
3. Licenses for providing public digital signature services, licenses for using foreign digital certificates in Vietnam, certificates of registration for organizations providing specialized digital signature services, and certificates of qualification for ensuring the safety of specialized digital signatures issued before the date this Law takes effect and still valid on the date this Law takes effect shall continue to be used until the expiration date of the license or certificate. Issuance of digital certificates under these licenses and certificates shall be carried out in accordance with the Law on Electronic Transactions No. 51/2005/QH11 and detailed legal normative documents regulating the Law on Electronic Transactions No. 51/2005/QH11.
4. For applications for a Public Digital Signature Certification Service License, a Foreign Digital Certificate Usage License in Vietnam, a Registration Certificate for the Operation of Organizations Providing Specialized Digital Signature Certification Services, and a Certificate of Eligibility for Ensuring the Safety of Specialized Digital Signatures that have been submitted to competent state authorities but have not yet been issued as of the effective date of this Law, the provisions of the Law on Electronic Transactions No. 51/2005/QH11 and detailed regulations under this Law shall continue to apply.
5. Registration confirmations for providing electronic contract certification services in commerce that were granted before the effective date of this Law shall continue to be valid until June 30, 2027.
6. For applications for registration of operations to provide electronic contract certification services in commerce that have been submitted to competent state authorities but have not yet received registration confirmation as of the effective date of this Law, the provisions of the law on e-commerce shall continue to apply.
7. The Government shall provide detailed regulations on this matter.
This Law was passed by the National Assembly of the Socialist Republic of Vietnam, the fifth session of the fifteenth term, on June 22, 2023.
Văn bản gốc (PDF)
Tải văn bản
Bản đồ quan hệ
Bấm vào một văn bản để mở. Viền đỏ = quan hệ làm thay đổi hiệu lực.
Bản dịch
Văn bản này có sẵn ở các ngôn ngữ sau: