Vietnamese Cybersecurity Law Implementation

PrintMailRate-it
Following the adoption of Vietnam's Cybersecurity Law on 15 August 2022, the Government issued Decree No. 53/2022/ND-CP to provide Guidance on the Implementation of the Cybersecurity Law, with an effective date of October 1, 2022. With no grace period, the new regulations will have wide-reaching implications for all domestic entities (including subsidiaries of foreign companies) and also certain non-Vietnamese entities doing business in Vietnam. 
  

Range of application

The Decree applies to: 
  • all domestic enterprises regardless the business they conduct; 
  • foreign enterprises engaged in (i) telecom services; (ii) data storage and sharing in cyberspace (cloud storage); and (iii) provision of national or international domain names to service users in Vietnam; (iv) e-commerce; (v) online payment; (vi) intermediary payment; (vii) transportation connection service via cyberspace; (viii) social networking and social media; and (ix) online electronic games; (x) services involving the provision, management, or operation of other information in cyberspace via messages, phone calls, video calls, email, or online chat. 
and therefore effectively has an extraterritorial reach in respect of the data localisation requirements.
  

Data Storage

One of the key elements of the Decree is also the local storage requirement for certain data:
  • personal information of service users in Vietnam; 
  • data generated by service users in Vietnam: data reflecting service users' participation in, operation of, and/or use of cyberspace, as well as information about network equipment and services used to connect to cyberspace on Vietnamese territory - this includes the account name for service use, the duration of service use, credit card information, email address, IP addresses for the most recent login and logout, and the registered phone number associated with the account or data;
  • data on service user relationships in Vietnam: Information reflecting and determining the relationship between a service user and other people in cyberspace.
   

Illegal content

Furthermore, the Decree defines illegal online content that is subject to removal e.g. content that violates national security, propagandises against the state, incites violence, disrupts security or public order, causing confusion among the people or serious harm to socioeconomic activities. Illegal cyberspace activities are those that jeopardise national security, social order, and safety, as well as the lawful rights and interests of agencies, organisations, and individuals. 
  
Enterprises that violate Cybersecurity Law regulations will face administration sanctions, as well as compensation for damages for other entities' losses and damages due to such violations. 

From The Newsletter

Contact

Contact Person Picture

Michael Wekezer

Partner

+84 28 7307 2788

Send inquiry

Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu