We have seen a ramp up in the e-commerce and online activities (online meetings, signing e-contracts, signing e-resolutions) in the covid-19 pandemic all over the world and Vietnam is no exception. This blog is to discuss some features of digital signature and authentication of digital signature under Vietnamese law.
1) In general, Vietnamese law recognizes the legal validity of e-contract and e-signature which satisfy the requirements at law. However, in certain cases, as a matter of practice digital signature (as opposed to other types of e-signature in general) may be specifically required since it is secured. Digital signature (chữ ký số) is a type of e-signature which is created by transformation of a data message using an asymmetric cryptosystem whereby the person having the initial data message and public key of the signatory may accurately verify (a) whether such transformation is created with a private key corresponding to the public key in the same key pair, and (b) whether the data message has been altered since the transformation (Article 3.6 of Decree 130 of the Government dated 27 September 2018 guiding the Law on E-transaction on digital signature and digital signature providing services (Decree 130/2018)).
2) Article 24.2 of the Law on E-Transaction, where the law requires a document to be affixed with the corporate seal, such requirement with respect to a data message is deemed to be satisfied if the data message is signed with an e-signature which satisfies the requirements as discussed above and such e-signature is certified. A digital signature satisfies Article 24.2 of the Law on E-Transaction and can be used as the corporate seal. The Law on Enterprise 2020 (which will become effect from 1 January 2021) also confirms this view by providing at Article 43.1 that a corporate seal can be in the form of a digital signature in accordance with the laws on e-transaction.
3) A digital signature must be created by using a private key matching with the public key recorded on digital certificates granted by one of the following certificate authentication service providers (Certification Authority):
a) the Root Certification Authority which is a public unit under the Ministry of Information and Communication;
b) the Governmental specialized Certification Authority;
c) a public Certification Authority; and
d) a specialized Certification Authority of a qualified agency or organizations which is not for business purpose.
4) “Authentication of digital signatures” means a type of authentication services in respect of digital signatures supplied by a Certification Authority to subscribers to authenticate that such subscribers digitally signed the data message. Authentication of digital signatures includes:
a) creation or support for creation of a key pair including public key and private key for subscribers;
b) issuance, renewal, suspension, revalidation and revocation of the subscribers’ digital certificates;
c) online maintenance of database of digital certificates; and
d) provision of necessary information to authenticate digital signatures digitally signed in data message by subscribers.
5) A public Certification Authority can provide the authentication of digital signatures if it satisfies the following conditions (Article 11 of Decree 130/2018):
a) having a license to provide public authentication of digital signatures granted by the Ministry of Information and Communication (MIC); and
b) having a digital certificate granted by the Root Certification Authority.
6) One of the methods to provide the authentication of digital signatures is through USB token which needs to be plugged into the USB port of the device, whether directly or via an extension cable. Given using digital signature is subject to the authentication of digital signature in Vietnam supplied by the licensed Certification Authorities charged with the service fees which are not cheap, digital signature has not been an economically viable option for individual users (except for individual legal representative/authorized representatives of enterprises and organizations).
7) According to the website of the MIC as at 13 June 2019, there are 12 public Certification Authorities who are licensed to provide the authentication of digital signatures including:
a) Military Industry and Telecoms Group (Viettel-CA);
b) Nacencomm Smartcard Technology Joint Stock Company (CA2);
c) BKAV Corporation (BKAV-CA);
d) Vietnam Posts and Telecommunications Group (VNPT-CA);
e) FPT Information System Corporation (FPT-CA);
f) New-telecom Telecommunication Joint Stock Company (NEWTEL-CA);
g) Safety Certify Corporation (SAFE-CA);
h) Vi Na Digital Signature Joint Stock Company (Smartsign);
i) Vietnam EFY Informatics Technology Joint Stock Company (EFY-CA);
j) SAVIS Technology Joint Stock Company (TrustCA);
k) MISA joint stock company (MISA-CA); and
l) CMC Technology Cooperation (CMC-CA).
8) Vietnamese law recognizes the validity of foreign digital certificate. Foreign individuals and organizations can use a foreign digital certificate of foreign subscriber which is valid on data messages sent to Vietnamese partners (Article 51 of Decree 130/2018).