The first draft of the Law on Cybersecurity (“Draft Law”) was released on 6 June 2017 for public consultation taking place between 8 June and 8 August 2017. To date, the latest published version of the Draft Law is the 14th draft. Please follow this link to see our previous client alert for the Draft Law.
Since then, an updated Draft Law has been submitted to the National Assembly for review and consultation during the 4th session of the 14th National Assembly, which opened on 23 October 2017.1 The National Assembly discussed the Draft Law during the session on 23 November 2017.
Mainstream media outlets in Vietnam have reported that on 10 January 2018, the Standing Committee of the National Assembly (“Standing Committee”) discussed various matters regarding the Draft Law. 2
Please find a summary of the key updates to the Draft Law as reported in the news:
1.1. New requirements for offshore telecommunications and Internet service providers
In the updated version of the Draft Law submitted to the Standing Committee the server localization provision has been removed. This provision had required that offshore telecommunications and Internet service providers put servers, in which Vietnamese users' data are administered within the territory of Vietnam.
Nonetheless, Article 27 of the updated Draft Law requires offshore entities, when providing telecommunications and Internet services in Vietnam, to:
- Have headquarters or representative offices in Vietnam if (i) 10,000 or more Vietnamese users use such service, or (ii) the Government so requests;
- Store within the territory of Vietnam (i) data of Vietnamese users, and (ii) other important data collected and/or generated from the use of Vietnam's national cyber infrastructure;
- Fulfill requirements provided by the competent Vietnamese authorities concerning the prevention and removal of information that infringes national security, social order and safety and legitimate rights and interests of organizations and individuals;
- Provide Vietnamese users’ data upon request and deal with matters in violation of the Cybersecurity Law.
1.2. Mixed views on the Draft Law among the National
Assembly's members As reported in the media, the Standing Committee has agreed that it is crucial to promulgate the Law on Cybersecurity. However, the substance of the law must be aligned with the Constitution and the legal system.
It has also been reported that Mr. To Lam, Minister of Public Security, who also serves as representative of the drafting authority, remarked that: “Stakeholders both in and out of the country are more concerned about why the servers must be located in Vietnam, but the basis of this issue is not the servers but that the data of users and other important data created while using cyberspace in Vietnam must stay in Vietnam . . . They are the property and resource of Vietnam that have been created by us and relate to our sovereignty and national security, and thus must be under our supervision".
That said, during the meeting, National Assembly Chairperson Nguyen Thi Kim Ngan and other representatives also expressed their concerns over whether the Draft Law is compatible with international treaties. In August 2017, the Chairperson received a letter regarding the Draft Law from the US, Canadian, and Australian ambassadors, as well as the Head of EU Delegation to Vietnam and the ambassadors of the EU. The letter reportedly stated that while they "support[ed] various parts of the draft with a view to assuring that national security not be threatened", some parts "seem to have violated international commitments".
Mr. Do Ba Ty, Vice Chairman of the National Assembly, requested that the related authorities continue with their research, and draft feasible provisions. In addition, he stated that provisions must also be in line with international treaties, so as to avoid unnecessary conflicts. The Vice Chairman also noted that Article 27 of the Draft Law needs further amendments and more extensive review.