Law on Digital Data 60/2024/QH15 stipulates the construction, development, protection, management, processing, and use of digital data; the National Data Center; the National Integrated Database. The Law applies to agencies, organizations, and individuals in Vietnam and foreigners operating in Vietnam.
Đối tượng áp dụng
Agencies, organizations, and individuals in Vietnam; foreign agencies, organizations, and individuals operating in Vietnam; foreign agencies, organizations, and individuals directly participating or related to digital data activities in Vietnam.
Các điểm cốt lõi
- Agencies, organizations, and individuals collecting, creating, managing, and using data in accordance with the provisions of the law;
- The National Data Center is responsible for integrating, storing, analyzing, and exploiting data from state agencies;
- The National Integrated Database is constructed and centrally managed at the National Data Center to serve various purposes;
- Data owners have the responsibility to protect, manage, process, use, and share data in accordance with the provisions of the law;
- The transfer and processing of cross-border data must comply with regulations concerning national defense, security, and national interests;
🌐 Tác động xã hội từ văn bản này
- Creating a foundation for building a digital government, digital economy, and digital society through the integration and sharing of data among state agencies;
- Reducing administrative burdens through the use of the National Integrated Database;
- Strengthening cybersecurity and individual privacy protection;
- Significant investment in resources is required to build and operate the National Data Center and the National Integrated Database;
- The cost burden may include businesses that must pay fees for exploiting and using data in the database;
❓ Câu hỏi thường gặp
Which agency is responsible for state management of data?
The Government uniformly manages state affairs regarding data; the Ministry of Public Security is the lead agency implementing state management, except for areas under the purview of the Ministry of Defense;
What purposes does the National Integrated Database serve?
The National Integrated Database is built to serve the common exploitation and use of information for the operation of Party agencies, state agencies, the Vietnam Fatherland Front Committee, and political-social organizations; to facilitate administrative procedures, public services, and government directives and management;
Are there any regulations regarding fees for exploiting and using data in the National Integrated Database?
Party agencies, state agencies, the Vietnam Fatherland Front Committee, and political-social organizations exploiting and using information in the National Integrated Database do not need to pay fees. Other organizations and individuals exploiting and using data in this database must pay fees in accordance with the law on fees and charges;
What requirements are there for transferring and processing cross-border data?
The transfer and processing of core data and important data across borders must ensure national defense, security, and national interests. These databases shall not be stored in systems located outside the territory of Vietnam;
Are there any regulations regarding intermediary data products and services?
Organizations providing intermediary data products and services must register their operations and be managed in accordance with the law on investment. Such organizations may enjoy incentives similar to those provided to high-tech enterprises.
Toàn văn
LAW
DATA
On the basis of the Constitution of the Socialist Republic of Vietnam;
The National Assembly enacts the Data Law.
PART I
GENERAL PROVISIONS
Article 1. Scope of Regulation
This Law regulates digital data; construction, development, protection, management, processing, and use of digital data; the National Data Center; the National Integrated Database; products and services related to digital data; state management of digital data; rights, obligations, and responsibilities of agencies, organizations, and individuals related to digital data activities.
Article 2. Applicability
1. Agencies, organizations, and individuals of Vietnam.
2. Agencies, organizations, and individuals from foreign countries operating in Vietnam.
3. Agencies, organizations, and individuals from foreign countries directly participating or being involved in digital data activities in Vietnam.
Article 3. Explanation of Terms
In this Law, the following terms shall be understood as follows:
1. Digital data refers to information about objects, phenomena, events, including one or a combination of sound, image, number, writing, symbol represented in digital form (hereinafter referred to as data).
2. Shared data refers to data that can be accessed, shared, exploited, and used jointly among Party agencies, State agencies, Vietnam Fatherland Front Committees, and political-social organizations.
3. Exclusive data refers to data that can be accessed, shared, exploited, and used within the internal scope of Party agencies, State agencies, Vietnam Fatherland Front Committees, and political-social organizations.
4. Open data refers to data that all agencies, organizations, and individuals with needs can access, share, exploit, and use.
5. Original data refers to data created during the operation of agencies, organizations, and individuals or collected and created through digitization of original paper documents, materials, and other physical forms.
6. Important data refers to data that may affect national defense, security, diplomacy, macroeconomics, social stability, public health, and community safety listed in the catalog.
7. Core data refers to important data directly affecting national defense, security, diplomacy, macroeconomics, social stability, public health, and community safety listed in the catalog.
8. Data processing refers to the process of receiving, transforming, organizing data, and other activities related to data to serve the operations of agencies, organizations, and individuals.
9. Database refers to a collection of data organized for access, exploitation, sharing, management, and updating.
10. National Integrated Database refers to a database compiled from the national database, specialized databases, and other databases.
11. Data Sharing and Coordination Platform refers to infrastructure connecting, integrating, sharing, and coordinating data between the National Data Center and agencies, organizations, and individuals.
12. Data Subject refers to agencies, organizations, and individuals reflected by the data.
13. Data Manager refers to agencies, organizations, and individuals implementing activities of building, managing, operating, exploiting data according to the requirements of the data owner.
14. Data Owner refers to agencies, organizations, and individuals having the right to decide on the construction, development, protection, management, processing, use, and exchange of value of data they own.
15. Rights of the data owner over data are property rights as prescribed by civil law.
16. Data encryption is the application of methods, algorithms, or technical solutions to convert data from recognizable format to unrecognizable format.
17. Data decryption is the application of methods, algorithms, or technical solutions to convert encrypted data from unrecognizable format to recognizable format.
18. Data coordination is the activity of organizing and distributing data, managing, monitoring, and optimizing the flow of shared data between information systems and databases.
Article 4. Application of the Data Law
1. In cases where other laws promulgated before the effective date of the Data Law contain provisions on activities related to building, developing, protecting, managing, processing, and using data; products and services related to data; state management of data, and responsibilities of agencies, organizations, and individuals related to data activities that do not conflict with the principles of this Law, such provisions shall be implemented according to those laws.
2. In cases where other laws promulgated after the effective date of the Data Law contain provisions different from those of the Data Law, specific contents must be determined regarding whether to implement according to the provisions of the Data Law or the other law.
Article 5. Principles for Building, Developing, Protecting, Managing, Processing, and Using Data
1. Compliance with the Constitution, provisions of this Law, and relevant legal regulations; ensuring human rights, citizens' rights, and legitimate rights and interests of agencies, organizations, and individuals.
2. Ensuring transparency, equality, and fair access to, exploitation, and use of data as prescribed by law.
3. Collecting, updating, and adjusting data accurately and consistently; ensuring integrity, reliability, security, and safety.
4. Data protection must be carried out concurrently and rigorously with data building and development.
5. Storing, connecting, coordinating, sharing, exploiting, and using data must ensure efficiency, simplicity, and convenience for agencies, organizations, and individuals in providing public services, administrative procedures, and other activities.
Article 6. State Policy on Data
1. Data is a resource; the State has policies to mobilize all resources to enrich data, develop data into assets.
2. Prioritize building and developing data in economic and social fields to serve national digital transformation and digital economy development while ensuring national defense, security, diplomacy, and cryptographic communications.
3. Invest in building and developing the National Comprehensive Database and the National Data Center to meet the requirements of building a digital government, digital economy, and digital society.
4. Focus on training and enhancing the capabilities and qualifications of personnel working with data; establish mechanisms to attract high-level talent to build and develop the national database.
5. Encourage and create conditions for domestic and foreign agencies, organizations, and individuals to invest in research and development of technology, products, services, innovation, and application in the field of data; build data storage and processing centers in Vietnam; develop the data market.
6. The operation of the national database, specialized databases, and other databases managed by Party agencies, state agencies, the Vietnam Fatherland Front Committee, and political-social organizations is guaranteed from state resources and other lawful sources. The State encourages domestic and foreign organizations and individuals to sponsor and support the construction, management, and operation of databases.
Article 7. International Cooperation on Data
1. Adhere to Vietnamese laws, international treaties to which the Socialist Republic of Vietnam is a member, and international agreements on data based on equality, mutual benefit, respect for independence, sovereignty, and territorial integrity.
2. The content of international cooperation on data includes: training human resources; scientific research, application of science and technology in building, developing, protecting, managing, processing, and using data; transferring advanced technology, investing in constructing data center infrastructure; participating in establishing international rules and standards on data and other cross-border data exchange activities.
3. The resolution of requests from foreign law enforcement or judicial agencies for data of organizations and individuals in Vietnam shall be examined and decided by the competent authority of Vietnam.
Article 8. State Management of Data
1. The content of state management of data includes:
a) Developing, promulgating, and implementing the National Data Strategy; legal instruments on data; technical standards, economic-technical norms, and data quality;
b) Propagating and disseminating policies and laws on data; guiding data management agencies and information systems in building, developing, protecting, managing, processing, and using data;
c) Managing and supervising activities related to building, developing, protecting, managing, processing, and using data, ensuring data security and safety;
d) Reporting and statistics on data; researching and applying science and technology on data; products and services related to data; managing, supervising, and developing the data market;
đ) Inspecting, auditing, resolving complaints and accusations, and handling violations of laws on data;
e) Training, nurturing, developing human resources, and international cooperation on data.
2. Responsibilities for state management of data are stipulated as follows:
a) The Government uniformly manages state affairs concerning data;
b) The Ministry of Public Security is the lead agency responsible before the Government for managing state affairs concerning data, except for the provisions set out in point c of this clause;
c) The Ministry of Defense is responsible before the Government for managing state affairs concerning data within its scope of management;
The Minister of Defense is responsible before the Government for managing state affairs concerning classified data within its scope of management in accordance with the laws on classified matters;
d) Ministries, ministerial-level agencies, and government agencies within their functions, tasks, and authorities build and develop databases; coordinate with the Ministry of Public Security to manage state affairs concerning data;
đ) Provincial People's Committees build and develop databases; manage state affairs concerning data at the local level.
Article 9. Building and Developing Data in Party Agencies, Vietnam Fatherland Front Committee, and Political-Social Organizations
1. The construction, development, protection, management, processing, and use of data in Party agencies, Vietnam Fatherland Front Committee, and political-social organizations shall be decided by the competent authority.
2. Provincial Party Committees directly under the central authority implement the construction, development, protection, management, processing, and use of data according to their tasks and authorities.
Article 10. Prohibited Acts
1. Exploiting data processing, data management, development, business operations, circulation of data products and services to infringe upon national interests, ethnic interests, national defense, security, public order, social safety, public interest, rights and legitimate benefits of agencies, organizations, and individuals.
2. Obstructing or illegally preventing the process of data processing, data management, or attacking, seizing, destroying databases, information systems serving management, processing, administration, and protection of data.
3. Falsifying, intentionally distorting, losing, damaging data in the databases of Party agencies, State agencies, Vietnam Fatherland Front Committees, and political-social organizations.
4. Intentionally providing false data or failing to provide data as prescribed by law.
Chapter II
CONSTRUCTION, DEVELOPMENT, PROTECTION, MANAGEMENT, PROCESSING, USE OF DATA; NATIONAL DATA DEVELOPMENT FUND
DATA; NATIONAL DATA DEVELOPMENT FUND
Article 11. Collection and Creation of Data
1. Data is collected and created from sources including direct creation; digitization of paper documents, materials, and other physical forms. Original data created has the same value for use as the original paper documents, materials, and other physical forms that have been digitized.
2. The collection and creation of data for Party agencies, State agencies, Vietnam Fatherland Front Committees, and political-social organizations shall be regulated as follows:
a) Collecting and creating data to build databases in accordance with the provisions of law or decisions of competent authorities and using unified code directories consistently with the main data in the national database;
b) Data present in interconnected databases shall not be collected again;
c) Data for state management, ensuring national defense, security, diplomacy, confidential matters, administrative procedures, and public service delivery must be created and digitized in accordance with the provisions of law;
d) Collecting from the results of administrative procedure resolution; collecting from the digitization of paper documents, materials, and other physical forms; collecting through electronic means; directly collecting from organizations and individuals;
đ) The implementation of converting paper documents, materials into digital data must comply with the provisions of law on archiving; data can only be collected from original, authentic documents or legally certified copies when the originals are unavailable; collected and created data must ensure traceability back to the digitized version of the documents, materials.
3. Rights and responsibilities of organizations and individuals regarding the activity of collecting and creating data are regulated as follows:
a) Being entitled to collect and create data for their activities in compliance with the provisions of law;
b) Being protected in their rights as data owners according to this Law, civil law provisions, and other relevant legal provisions;
c) Being responsible for the data they collect and create in accordance with the provisions of law.
4. National database management agencies and specialized database management agencies decide on the roadmap for creating and digitizing data to serve digital transformation activities in accordance with the National Data Strategy.
5. The Ministry of Public Security, in collaboration with relevant agencies, compiles and publishes a list of agencies providing data, the directory of provided data, and unified code directories for agencies, organizations, and individuals to search and exploit.
Article 12. Ensuring Data Quality
1. Ensuring data quality means ensuring the accuracy, validity, integrity, completeness, timely updates, and consistency of data.
2. State agencies managing databases shall have the following responsibilities:
a) Directing, implementing, and synchronizing national technical standards and regulations on ensuring data quality, and data quality assurance procedures to apply to databases managed by such agencies.
b) Regularly inspecting, monitoring, and correcting errors; synchronizing data within their scope of work and coordinating with relevant agencies and organizations to regularly update, adjust, and ensure data quality during exploitation and utilization.
Article 13. Categorization of Data
1. State agencies must categorize data based on requirements for data governance, processing, and protection, including:
a) Categorizing according to data sharing characteristics: shared data, exclusive data, open data;
b) Categorizing according to the importance of data: core data, important data, other data;
c) Categorizing according to other criteria determined by the data manager to meet data governance, processing, and protection requirements.
2. Data owners and managers not covered by Clause 1 of this Article must categorize data according to Clause b of Clause 1 of this Article and may categorize data according to other criteria.
3. The Government shall specify criteria for determining core data and important data.
Article 14. Data Storage Activities
1. State agencies are responsible for organizing data storage to ensure safety.
2. Organizations and individuals not covered by Clause 1 of this Article who are data owners have the right to decide on storing data they collect, create, or own; in cases where core data and important data are stored, compliance with the provisions of Clause 3 of Article 27 of this Law must be ensured.
3. National databases must store data on the infrastructure of the National Data Center.
4. Specialized databases and other databases of state agencies may store data on the infrastructure of the National Data Center or that of other agencies and organizations meeting data center standards. For exclusive data and data in defense, security, foreign affairs, and confidential areas, data storage on the infrastructure of the National Data Center shall be implemented upon the consent of the data owner.
Organizations and individuals not covered by Clause 1 of this Article who are data owners have the right to agree to store data on the infrastructure of the National Data Center through service provision contracts between them and organizations providing data exploitation services and infrastructure at the National Data Center.
5. The Government shall provide detailed regulations on this matter.
Article 15. Data Governance and Management
1. Data governance includes establishing policies, plans, programs, processes, and standards about data by data owners and managers to manage data continuously and effectively, ensuring its completeness, accuracy, integrity, consistency, standardization, safety, confidentiality, and timeliness.
2. Data management involves organizing the implementation of data governance as stipulated in Clause 1 of this Article.
3. Data owners and managers who are state agencies shall cooperate with the National Data Center to implement data governance and management as stipulated in Clauses 1 and 2 of this Article.
4. Data owners and managers who are organizations and individuals not covered by Clause 3 of this Article shall base their data governance and management on actual conditions for data they collect, create, or own.
5. The Government shall provide detailed regulations for Clause 3 of this Article.
Article 16. Accessing and Extracting Data
1. Accessing and extracting data must comply with technical regulations and procedures for accessing and extracting data; ensuring security, safety, and appropriate purposes.
2. State agencies must provide tools and grant access permissions to ensure security, safety, and protect data. It is encouraged that data owners and other data managers implement the provision of access tools and data extraction.
3. The Government shall provide detailed regulations on this Article.
Article 17. Connecting, Sharing, and Coordinating Data
1. Data owners and data managers connect and share data with data users according to legal provisions or agreements, directly or through intermediaries.
2. State agencies coordinate data within their management scope, ensuring shared data is secure, synchronized, effective, serving economic and social development, national defense, security, diplomacy; ready to connect, share, and coordinate data for agencies, organizations, and individuals permitted to exploit data under this Law and related legal provisions.
3. The Prime Minister decides on sharing specific-use data managed by Ministries, ministerial-level agencies, government agencies, provincial People's Committees in emergency situations such as natural disasters, epidemics, fires, explosions, or other necessary cases to address practical issues arising.
4. The Government stipulates support for data owners not covered by Clause 2 of this Article when connecting and sharing data with state agencies as prescribed by this Law.
Article 18. Providing Data to State Agencies
1. Encouraging domestic and foreign organizations and individuals to provide data they own to state agencies.
2. Organizations and individuals must provide data to state agencies upon request from competent authorities without needing the data subject's consent in the following cases:
a) Responding to emergencies;
b) When there is a threat to national security but has not reached the level of declaring a state of emergency;
c) Catastrophes;
d) Preventing riots and terrorism.
3. State agencies receiving data have the following responsibilities:
a) Using data for the intended purpose;
b) Ensuring data security, protecting data, and the legitimate interests of the data subject, organizations, and individuals providing data as prescribed by law;
c) Deleting data immediately when it is no longer needed for the requested purpose and notifying the data subject and the organization or individual who provided the data;
d) Notifying the storage and use of data when requested by the organization or individual providing the data, except in cases of protecting state secrets and work-related confidentiality.
4. The Government shall provide detailed regulations on this matter.
Article 19. Analyzing and Synthesizing Data
1. State agencies must analyze and synthesize data from self-generated sources or shared, provided, exploited, and used data to serve leadership, guidance, state management, economic and social development.
2. Organizations and individuals not covered by Clause 1 of this Article may analyze and synthesize data from permitted accessed and used data sources.
3. Encouraging data owners and data managers to develop analytical and synthesis tools and applications to provide to state agencies and other organizations and individuals to serve economic and social development and other activities.
Article 20. Confirmation and Authentication of Data
1. Data confirmation shall be carried out by the data owner, data manager, or organization providing electronic authentication services.
Confirmed data has the value to prove the existence, time, and storage location of the data on cyberspace in accordance with this Law and other relevant laws.
2. Data authentication shall be conducted by the data owner, data manager who creates original data, organizations providing electronic authentication services, and the National Data Center. Authenticated data has equivalent value to original data stored in national databases, specialized databases, and other databases within a specified scope and timeframe.
3. The Government shall provide detailed regulations on this Article.
Article 21. Publicizing Data
1. Publicizing data must accurately reflect the data from the original data source, facilitating organizations and individuals in exploiting, using, and sharing the data.
2. Data that is publicized, conditionally publicized, or not publicized must be based on the information reflected by the data according to the law on access to information.
3. Forms of publicizing data include: posting data on data portals, electronic information portals, electronic information websites, mass media, and other forms prescribed by law.
4. State agencies have the responsibility to publish lists of open data and organize the publicizing of open data as stipulated herein for organizations and individuals to exploit, use, and share. The timing of publicizing data for each field shall be implemented in accordance with the law.
5. The Government shall provide detailed regulations on this matter.
Article 22. Encryption and Decryption of Data
1. Data listed under the category of state secrets must be encrypted using cryptographic keys when storing, transmitting, receiving, and sharing on computer networks.
2. Agencies, organizations, and individuals may use one or more encryption solutions and encryption processes suitable for their data management activities.
3. The data owner and data manager decide on the encryption and decryption of data.
4. Competent state agencies have the right to apply measures to decrypt data without the consent of the data owner or data manager in the following cases:
a) Emergency situations.
b) When there is a threat to national security but has not reached the level of declaring a state of emergency;
c) Catastrophes;
d) Preventing riots and terrorism.
5. The Government shall provide detailed regulations for Clause 2 and Clause 4 of this Article.
Article 23. Transfer and Processing of Cross-Border Data
1. Agencies, organizations, and individuals are free to transfer data from abroad to Vietnam, process foreign data in Vietnam, and enjoy legitimate rights and interests protected by the State in accordance with the law.
2. Transferring and processing core data and important cross-border data includes:
a) Transferring data stored in Vietnam to data storage systems located outside the territory of the Socialist Republic of Vietnam;
b) Vietnamese agencies, organizations, and individuals transferring data to foreign organizations and individuals;
c) Vietnamese agencies, organizations, and individuals using platforms outside the territory of the Socialist Republic of Vietnam to process data.
3. The transfer and processing of data as stipulated in Clause 1 and Clause 2 of this Article must ensure national defense, security, protect national interests, public interests, and the legitimate rights and interests of data subjects and data owners in accordance with Vietnamese law and international treaties to which the Socialist Republic of Vietnam is a party.
4. The Government shall provide detailed regulations on this matter.
Article 24. Scientific, technological, and innovation activities in building, developing, protecting, managing, processing, and using data
1. Scientific, technological, and innovation activities in building, developing, protecting, managing, processing, and using data must be consistent with the national data development strategy; leverage internal capacity in scientific, technological, and innovation activities; comply with principles for building, developing, protecting, managing, processing, and using data as prescribed by this Law.
2. Scientific and technological platforms in building, developing, protecting, managing, processing, and using data include: artificial intelligence, cloud computing, blockchain, data communication, Internet of Things, big data, and other modern technologies.
3. National resources should be concentrated on activities to develop and apply scientific and technological platforms in building, developing, protecting, managing, processing, and using data to serve national digital transformation, ensure national defense and security, and socio-economic development.
4. The Government shall prescribe the management, development, and controlled testing of research, application, and innovation activities in scientific, technological, and innovative activities in building, developing, protecting, managing, processing, and using data.
Article 25. Identification and Management of Risks Arising from Data Processing
1. Risks arising from data processing include: privacy risks, cybersecurity risks, identification and access management risks, and other risks in data processing.
2. State agencies must identify and establish early warning mechanisms for risks arising from data processing, and build measures to protect data.
3. Data managers not covered by Clause 2 of this Article shall self-assess, identify risks, and implement measures to protect data; promptly address arising risks and notify data subjects, relevant agencies, organizations, and individuals.
4. Core data managers and important data managers must regularly conduct risk assessments for their data processing activities according to regulations and report to specialized units under the Ministry of Public Security, the Ministry of Defense, and relevant agencies for coordinated implementation of data security and safety protection.
5. The Government shall provide detailed regulations on this matter.
Article 26. Other Activities in Data Processing
1. Data subjects have the right to request data owners and data managers to retrieve, delete, or destroy their provided data, except where otherwise stipulated by law. Data managers are responsible for establishing procedures and implementing measures and methods to retrieve, delete, or destroy data at the request of data subjects.
2. State agencies organize regular and continuous adjustments and updates to data; decide on the retention of historical records of processes involving integration, adjustment, update, copying, transmission, transfer, retrieval, deletion, and destruction of data they manage.
3. Data owners and data managers not covered by Clause 2 of this Article shall carry out integration, adjustment, updating, copying, transmission, and transfer of data in accordance with this Law and other relevant laws.
4. The Government shall provide detailed regulations on this matter.
Article 27. Data Protection
1. Measures for data protection shall be applied throughout the entire data processing process, including:
a) Establishing and implementing data protection policies and regulations;
b) Managing data processing activities;
c) Developing and deploying technical solutions;
d) Training, nurturing, developing, and managing human resources;
đ) Other data protection measures as prescribed by law.
2. State agencies must protect data within their respective sectors and fields under their management, comply with general policies on national defense and security; establish a unified data protection system to assess data security risks, monitor, and provide early warnings.
3. Data owners and managers of core and important data must comply with data protection regulations.
4. The Government shall provide detailed regulations on this matter.
Article 28. Technical Standards and Specifications for Data
1. Data standards include standards for information systems, hardware, software, management systems, operation, processing, ensuring data quality, and data protection that are published and recognized for application in Vietnam.
2. Technical specifications for data include technical specifications for information systems, hardware, software, management systems, operation, processing, ensuring data quality, and data protection that are developed, promulgated, and applied in Vietnam.
3. The Ministry of Public Security shall take the lead and coordinate with relevant agencies to issue a list of data technical standards and specifications; except for the list of technical standards and specifications for data in the field of national defense and confidential matters.
4. National database management agencies and specialized databases must develop data technical standards and specifications according to the list issued in accordance with Clause 3 of this Article.
Article 29. National Data Development Fund
1. The National Data Development Fund is a state financial fund outside the budget, established at the central level to promote the development, exploitation, application, and management of national data.
2. The National Data Development Fund is formed from the following sources of finance:
a) Support from the state budget;
b) Voluntary contributions from domestic and foreign organizations and individuals;
c) Other lawful sources of finance as prescribed by law.
3. The National Data Development Fund operates based on the following principles:
a) Not for profit purposes;
b) Managing and using for the intended purpose, in compliance with the law, promptly, effectively, ensuring transparency and openness;
c) Supporting activities related to building, developing, protecting, managing, processing, and utilizing data;
d) Being allocated for activities when the state budget allocation does not meet requirements.
4. The Government shall prescribe the establishment, management, and use of the National Data Development Fund.
Chapter III
BUILDING AND DEVELOPING THE NATIONAL DATA CENTER;
THE NATIONAL COMBINED DATABASE
Section 1
BUILDING AND DEVELOPING THE NATIONAL DATA CENTER
Article 30. Infrastructure of the National Data Center
1. The infrastructure of the National Data Center shall be designed, constructed, and utilized to meet the following requirements:
a) Ensuring technical standards and specifications for data centers; meeting international technical requirements; being consistent with information and communication infrastructure planning; ensuring resistance to bombs, terrorism, natural disasters; environmental protection; energy conservation;
b) Having security and confidentiality measures to control, detect, prevent attacks, intrusions, and destruction; ensuring system availability levels; designing the system with redundancy to be ready for expansion when necessary;
c) Ensuring key information technology components of the National Data Center, including: The national combined database; data sharing and coordination platform; national public service portal; data processing technology infrastructure and resource allocation; data analysis systems serving management and operational guidance; systems and software for managing, exploiting, providing data services, open data portals, data service portals; other platforms, software, business systems as prescribed by the Government,
2. National databases must use the infrastructure of the National Data Center.
Depending on needs, national databases in the fields of national defense, security, diplomacy, confidential matters, and specialized databases, and other databases shall use the infrastructure of the National Data Center.
3. The Government shall provide detailed regulations on this Article.
Article 31. Responsibilities of the National Data Center
1. Integrating, synchronizing, storing, analyzing, and exploiting data from state agencies in accordance with the provisions of the law to establish and manage the National Comprehensive Database.
2. Managing and operating technical infrastructure, information technology infrastructure, and data platforms at the National Data Center; providing technical infrastructure and information technology infrastructure for Party agencies, State agencies, Vietnam Fatherland Front Committee, and political-social organizations when there is a need for use.
3. Organizing the operation, management, storage, exploitation, and coordination of data within the National Comprehensive Database for Party agencies, State agencies, Vietnam Fatherland Front Committee, and political-social organizations to perform assigned functions and tasks or according to the requirements of data owners, data managers, and data subjects in compliance with the provisions of the law.
4. Monitoring the quality assurance of data and data coordination activities; building measurement and evaluation systems for data management performance.
5. Implementing measures to protect data.
6. Conducting scientific research on data, applying technology in data processing, providing technological infrastructure, products, and services related to data; supporting organizations and individuals in data processing; establishing innovation centers, supporting innovation in data science; developing innovation activities in data science; developing an ecosystem for innovative startups based on the National Comprehensive Database.
7. Organizing the implementation of international cooperation contents related to data.
8. The Government shall provide detailed regulations on this matter.
Article 32. Ensuring Resources for Building and Developing the National Data Center
1. The State prioritizes investment in infrastructure, physical facilities, land, headquarters, construction projects, technology, ensuring the budget for the construction and state management of data, data governance, establishment, management, and operation of the National Data Center, and the National Comprehensive Database.
2. Activities of the National Data Center utilize the state budget and other legitimate funding sources.
3. The State ensures human resources for the activities of the National Data Center; has mechanisms to attract and reward high-quality human resources.
4. The National Data Center is guaranteed resources to implement upgrades, maintenance, and repairs of infrastructure and equipment invested by the National Data Center.
Section 2
THE NATIONAL COMBINED DATABASE
Article 33. Establishing the National Comprehensive Database
The National Comprehensive Database is established and centrally managed by the Government at the National Data Center and must meet the following requirements:
1. Adhering to technical standards, norms, economic-technical quotas related to data and information technology.
2. Ensuring information security, protecting personal data, facilitating data collection, updating, adjustment, exploitation, and utilization.
3. Ensuring stable, continuous operation, connectivity, and sharing with national databases, specialized databases, other databases, and other information systems.
4. Ensuring the right to exploit data by agencies, organizations, and individuals in accordance with the provisions of the law.
5. Ensuring requirements for integration, synchronization, storage, exploitation, sharing, and coordination of comprehensive data from various databases and conducting in-depth analysis of data to support policy development and serve socio-economic development.
6. Serving the development of data-related products and services.
Article 34. Collection, updating, and synchronization of data into the National Integrated Database
1. Data collected, updated, and synchronized into the National Integrated Database includes:
a) Open data;
b) Shared data of state agencies;
c) Data exclusively for state agencies as decided by
d) Data of Party agencies, Vietnam Fatherland Front Committee, and political-social organizations when consented by the data owner;
đ) Other data provided by organizations and individuals.
2. Sources for collecting, updating, and synchronizing data in the National Integrated Database include:
a) From the process of implementing administrative procedures and public services;
b) Updated, shared, and synchronized from other databases;
c) Digitized, provided, and integrated by individuals and organizations;
d) Other sources as prescribed by law.
3. The National Data Center shall cooperate with relevant agencies, organizations, and individuals to check data when collecting, updating, and synchronizing to ensure accuracy and consistency. In cases where data in the national database, specialized database, or other databases do not match the data in the National Integrated Database, the National Data Center shall cooperate with relevant agencies to verify, reconcile, and update and synchronize data in these databases.
4. The National Data Center is guaranteed resources to carry out upgrades, maintenance, and repairs of infrastructure and equipment invested by the National Data Center.
Article 35. Exploitation and use of the National Integrated Database
1. The National Integrated Database is established to serve common exploitation and use to meet the activities of the Party, State agencies, Vietnam Fatherland Front Committee, and political-social organizations; to implement administrative procedures and public services; to support government directives and management; to serve statistical work, policy planning, development planning, economic and social strategies, defense, security, diplomacy, cryptology, crime prevention and combat, legal violations handling; to serve the needs of data exploitation, use, and application by organizations and individuals.
2. Data in the National Integrated Database has the value of original data for exploitation and use.
3. Subjects exploiting and using data in the National Integrated Database include:
a) Party, State agencies, Vietnam Fatherland Front Committee, and political-social organizations may exploit and use data consistent with their functions and tasks;
b) Data subjects may exploit and use data reflecting themselves;
c) Organizations and individuals not covered under points a and b of this clause may exploit and use data as follows: freely exploit and use open data; exploit and use personal data upon agreement from the National Data Center and the individual being the data subject; exploit and use other data upon agreement from the National Data Center.
4. Data exploitation and use shall be carried out through the following methods:
a) Connecting and sharing data between national databases, specialized databases, other databases, information systems with the National Integrated Database;
b) National Data Portal, National Public Service Portal, electronic information portals, administrative procedure resolution information systems;
c) The electronic identity and authentication platform;
d) The national identity application;
d) Equipment, means, software provided by the National Data Center;
e) Other methods.
5. The Government shall provide detailed regulations on this matter.
Article 36. Connection and Sharing of Data with the National Integrated Database
1. Other national databases, specialized databases, and information systems of the Party, State agencies, Vietnam Fatherland Front Committee, and political-social organizations connect with the National Integrated Database through the Data Sharing and Coordination Platform; National Data Integration and Sharing Platform; departmental, provincial-level data integration and sharing platforms, the Internet, computer networks, information systems.
2. Connections and data sharing between the National Integrated Database and other databases must ensure efficiency, security, and compliance with the functions, tasks, and authorities of agencies, organizations, and individuals as stipulated by law.
3. Connections and data sharing between the National Integrated Database and other information systems shall be implemented based on written agreements between the Ministry of Public Security and the data owners.
4. The Government shall provide detailed regulations on this matter.
Article 37. Supplying data to the National Integrated Database
1. National database management agencies, specialized databases, and other databases shall supply data to the National Integrated Database in accordance with Clause 1 of Article 34 of this Law.
2. The State shall ensure necessary conditions for receiving data supplied by agencies, organizations, and individuals.
3. The Government shall provide detailed regulations on this Article.
Article 38. Fees for Exploitation and Use of Data in the National Integrated Database and Other Databases Managed by State Agencies
1. Party and State agencies, Vietnam Fatherland Front Committees, and political-social organizations shall not pay fees when exploiting and using information in the National Integrated Database and other databases managed by state agencies.
2. Organizations and individuals shall not pay fees when exploiting and using their own data in the National Integrated Database and other databases managed by state agencies.
3. Organizations and individuals not covered by Clauses 1 and 2 of this Article shall pay fees for exploiting and using data in the National Integrated Database and other databases managed by state agencies in accordance with laws on fees and charges.
Chapter IV
DATA PRODUCTS AND SERVICES
Article 39. Data Products and Services
1. Data products and services in intermediary data activities, data analysis and synthesis, electronic authentication, data marketplaces shall be carried out in accordance with this Law and relevant laws.
2. Electronic authentication services shall perform data authentication in national databases, specialized databases, and electronic identification and authentication systems provided by public service units, state-owned enterprises that meet the conditions for providing such services.
3. Organizations supplying intermediary data products and services, data analysis and synthesis shall enjoy incentives similar to high-tech businesses, innovation and creativity startups, digital technology industry startups.
4. Other data products and services in e-commerce, telecommunications, cybersecurity, network information security, digital technology industry, cryptography, defense industry, security, and industrial mobilization shall be implemented in accordance with relevant laws.
5. The Government shall provide detailed regulations on this matter.
Article 40. Intermediary Data Products and Services
1. Intermediary data products and services are products and services aimed at establishing commercial relationships between data subjects, data owners, and users of products and services through agreements for the purpose of exchanging, sharing, accessing data, and exercising rights of data subjects, data owners, and data users.
2. Organizations providing intermediary data products and services must be registered and managed in accordance with laws on investment, except for cases of providing intermediary data products and services within the organization.
3. The Government shall provide detailed regulations on this Article.
Article 41. Data Analysis and Synthesis Products and Services
1. Data analysis and synthesis products are the results of analyzing and synthesizing data into useful deep information at different levels according to the requirements of product users. Data analysis and synthesis services are activities of analyzing and synthesizing data according to the requirements of service users.
2. Business organizations providing data analysis and synthesis products and services that may harm national defense, national security, social order, public safety, social morality, community health must be registered and managed in accordance with laws on investment.
In cases where there is connectivity and sharing with national databases, specialized databases for business operations involving data analysis and synthesis products and services, such operations must be managed in accordance with laws.
3. The Government shall provide detailed regulations on this Article.
Article 42. Data Exchange Platform
1. The data exchange platform is a foundation providing data-related resources for research, startup development, innovation; providing data-related products and services to serve economic and social development; it is an environment for trading, exchanging data and related products and services.
2. Organizations providing data exchange platform services are public service units, state-owned enterprises that meet the conditions for providing services and are licensed to operate in accordance with the provisions of the law.
3. Data not permitted to be traded includes:
a) Data causing harm to national defense, security, diplomacy, and confidential matters;
b) Data without the consent of the data subject, except where otherwise provided by law;
c) Other data prohibited from being traded under the provisions of the law.
4. The Government shall provide detailed regulations on this matter.
Article 43. Responsibilities of organizations providing intermediary data products and services, data analysis and synthesis, and data exchange platforms
1. Provide services to organizations and individuals based on service provision agreements.
2. Ensure smooth and continuous channels for receiving information and using services.
3. Regularly manage, inspect, and monitor data security and confidentiality; prevent, block, and handle data risks; supervise behaviors that may affect data protection.
4. Comply with the provisions of the law on cybersecurity, the law on network security, the law on electronic transactions, and other relevant laws.
5. The Government shall provide detailed regulations on this matter.
Chapter V
IMPLEMENTATION PROVISIONS
Article 44. Amending and Supplementing Certain Articles of Related Laws
1. Amend and supplement Appendix No. 01 on the List of Fees and Charges issued together with the Law on Fees and Charges No. 97/2015/QH13, which has been amended and supplemented by Laws No. 09/2017/QH14, No. 23/2018/QH14, No. 72/2020/QH14, No. 16/2023/QH15, No. 20/2023/QH15, No. 24/2023/QH15, No. 33/2024/QH15, and No. 35/2024/QH15 as follows:
a) Add item number 6 after item number 5, Section IV, Part A as follows:
|
6 |
Fee for Exploitation and Use of Information in the National Integrated Database |
Ministry of Finance |
b) Add item number 5 after item number 4.2, Section XIII, Part A as follows:
|
5 |
Fee for Exploitation and Use of Information in the National Database, and other specialized databases |
Ministry of Finance |
2. Amend, supplement, and abolish certain points, clauses, and articles of the Law on Electronic Transactions No. 20/2023/QH15 as follows:
a) Amend and supplement point a, Clause 4, Article 42 as follows:
"a) Connecting and sharing through intermediary systems including: The National Data Center's data sharing and coordination platform; the National Data Integration and Sharing Platform; the interconnection infrastructure at the ministry and provincial levels according to the overall national architecture framework;"
b) Abolish Clause 8, Article 3 and Article 41.
Article 45. Effective Date
This Law shall take effect from July 1, 2025.
Article 46. Transitional Provisions
1. National database management agencies that have invested in building or leasing data infrastructure services before this Law comes into effect may continue to use the systems and equipment they have invested in or leased until the National Data Center meets the conditions to accept and provide infrastructure for the national database in accordance with this Law.
2. The Prime Minister shall specify the implementation timeline for accepting, transitioning, and using the infrastructure of the National Data Center for the national database as stipulated in Clause 1 of this Article./.
Văn bản gốc (PDF)
Tải văn bản
Bản đồ quan hệ
Bấm vào một văn bản để mở. Viền đỏ = quan hệ làm thay đổi hiệu lực.
Bản dịch
Văn bản này có sẵn ở các ngôn ngữ sau: