Database

According to a draft of the Law on Cybersecurity issued in August 2017, websites or web portals hosting information that would disturb security and order in Vietnam or which act as platforms for anti-government activities may be subject to temporary suspension or withdrawal of operating licenses.

At this stage, since the full text of the law is not yet available, it is unclear whether this provision remains in the final version of the law due to come into force in January 2019.

Vietnam's Law on Cybersecurity includes a 24 hour notice-and-takedown requirement at the request of the Ministry of Information and Communications and the specialized cybersecurity task-force under the Ministry of Public Security.

A draft of the Vietnam's Cybersecurity Law, issued in 2018, stipulates that Internet service providers (ISPs), websites and information systems administrators/owners are responsible for:
- Controlling information content transmitted by users, so that such content will not harm or prejudice children or the children’s rights; and
- Preventing the sharing of content and deleting any content that harms or prejudices children or the children’s rights.

Article 16 requires information system administrators/owners, telecoms and Internet service providers to closely coordinate with the competent authorities to handle illegal content. The ISPs have 24h to remove content after they receive a notice by the government authorities.

At this stage, since the full text of the law is not yet available, it is unclear whether this provision remains in the final version of the law due to come into force in January 2019.

Decree No.72 requires that online social network service suppliers ensure that only individuals who have supplied "accurate and complete personal information as required by law", including the government-issued card number, may create blogs or provide information on online social networks. (Art. 3.16 and 25.9)

As of January 2019, Vietnam's Law on Cybersecurity will ban any online posts deemed as "opposing the State of the Socialist Republic of Vietnam," or which "[offend] the nation, the national flag, the national anthem, great people, leaders, notable people and national heroes." The law might give the authorities wide discretion to determine when expression must be censored as “illegal” because some provisions will make it easier for the government to identify and prosecute people for online activities. Depending on how arbitrarily and how widely this measure is enforced, it could prove a significant burden on websites which host not only political but also non-political content.

According to a draft of the Law issued in August 2017 websites or web portals hosting illegal cyber information may be subject to temporary suspension or withdrawal of operating licenses. At this stage, it is still unclear which sanctions will apply for violations of the law.

According to Joint Circular No.7, internet intermediaries are only liable for infringing content in limited circumstances, e.g. when they initiate the posting, transmission or provision of the infringing content over the Internet; modify or copy the content, deliberately circumvent technology measures applied by rights owners or operate as secondary distributors of the infringing content.

The draft circular also requires that any “general information website” or social network must have a high-level person responsible for content management who must be a Vietnamese national and reside in Vietnam.

Decree No.72 of 2013 requires that online social network service suppliers ensure that only individuals who have supplied "accurate and complete personal information as required by law", including the government-issued card number, may create blogs or provide information on online social networks. (Art. 3.16 and 25.9)

Infringement of privacy laws may lead to fines up to 2,000 USD and criminal penalties of up to two years’ imprisonment. In addition, e-commerce activities may be suspended for six to 12 months.

Decree No. 72 of 2013 states that "organizations and individuals that use Internet resources shall provide information and cooperate with competent state management agencies at the latter’s request".

Vietnam's Law on Cybersecurity, which will enter into force in January 2019, also stipulates that businesses have to provide users’ data to the Ministry of Public Security upon receipt of requests in writing, in cases where any infringement of the cybersecurity law is being investigated.

According to Decree No. 72 of 2013, aggregated information websites are required to store the information for at least 90 days from the date it is posted on the website.

Vietnam's Law on Cybersecurity, which will enter into force in January 2019, requires administrators of information systems critical to national security to store personal data and "critical data" within the national territory of Vietnam. It is unclear when an information system develops to a point that it is critical to national security. Neither is it clear whether the systems cover state-owned systems only or include private systems as well. "Critical data" is also not defined.

A draft of the law issued in 2017 stipulated that the movement of such data outside Vietnam would require an assessment on the level of security according to regulations by the Ministry of Public Security or other existing laws that apply. At this stage, since the full text of the law is not yet available, it is unclear whether this provision remains in the final version of the law due to come into force in January 2019.

Vietnam's Law on Cybersecurity, which will enter into force in January 2019, requires that foreign internet services firms open representative offices or branches in Vietnam, as well as store important user data in Vietnam on local servers. It is reported that the government will decide the duration for which such businesses must store users’ data in the Vietnamese territory, but it is currently unclear which criteria will be used. The concept of "telecom services" and "Internet services" are not yet defined. If the interpretation of "telecom services" and "Internet services" covered by the draft Law were too broad, the Law could be inconsistent with relevant WTO commitments, as the cross border supply of certain telecom services have been liberalised under Vietnam services schedule for WTO accession.

According to the Decree 90 of 2008, advertising service providers that use email advertisements and internet based text messages are required to send emails from a Vietnamese domain name (“.vn”) website which is operated from a server located in Vietnam.

Decree No. 72, which entered info force in September 2013, establishes local server requirements for online social networks, general information websites, mobile telecoms network based content services and online games services. All these organizations are required to establish at least one server inside the country "serving the inspection, storage, and provision of information at the request of competent state management agencies".