mask
New Cybersecurity Law drafted to regulate information security, cybersecurity
Telecoms and cyber service providers must block or remove unlawful contents within 24 hours upon request from competent authorities, under the latest draft Law on Cybersecurity which consolidates the 2015 Law on Cyber Information Security and the 2018 Law on Cybersecurity.
Visitors explore technology equipment for cybersecurity at the Vietnam Security Summit 2020__Photo: VNA

The Ministry of Public Security (MPS) is currently seeking public consultation on the latest draft Law on Cybersecurity (the draft), which consolidates the 2015 Law on Cyber Information Security and the 2018 Law on Cybersecurity. Scheduled to be passed by the National Assembly in October, the draft is designed to enhance the state management of cybersecurity, strengthen the prevention and combat of cybercrime and technology-enabled offenses, and ensure more comprehensive protection of personal data.

One of the notable provisions of the draft concerns responsibilities of telecommunications enterprises, Internet service providers and value-added digital service providers operating within Vietnam’s cyberspace.

Specifically, Article 13 of the draft requires all service providers, including foreign entities, to verify user identities upon the registration of digital accounts, ensure the confidentiality and integrity of those accounts, and, upon requests, provide user information to the cybersecurity authority under the MPS. Such requests may be made in writing, by email or telephone, or through other legally recognized means.

Notably, service providers would have to immediately remove or disable access to unlawful contents, services or applications within 24 hours of receiving a formal request from competent authorities. They are also obliged to retain system logs and other relevant technical data to support investigations and law enforcement procedures.

The draft also mandates that enterprises offering email, data transmission and storage services implement malware detection and filtering mechanisms during the transmission and retention of digital information. These entities have to regularly report their compliance status to responsible state agencies. Internet service providers would be further required to adopt effective administrative and technical measures to prevent, detect and stop the dissemination of “malicious software”.

Under the draft, “malicious software” is defined as software capable of disrupting normal operations of all or part of an information system or software that can unlawfully replicate, modify or delete data stored therein. Agencies, organizations and individuals would be required to implement anti-malware measures as directed by competent authorities.

According to the MPS, Vietnam is entering a period of rapid digital transformation. The country ranks among the fastest globally in terms of Internet growth. It currently leads the Southeast Asia in the number of national domain registrations and frequently appears among the top ten countries worldwide in terms of cross-border data traffic.

However, this progress encounters practical challenges in ensuring cybersecurity as the country faces mounting threats to national security, social order, and the lawful rights and interest of organizations and individuals. These include cyberattacks, cyber espionage and violations involving the leakage and loss of confidential information and state secrets.

Hackers operating within and beyond Vietnam’s borders are employing increasingly sophisticated techniques, regularly updating their malware to launch coordinated attacks on critical information systems of agencies, organizations and enterprises. Meanwhile, data governance and protection remain inadequate compared to the pace of digital advancement. The widespread exploitation of personal data has led to growing concerns over privacy violations and a surge in cybercrime, particularly online fraud and digital asset theft.

Statistics collected by the MPS's Department of Cybersecurity and Hi-Tech Crime Prevention (MPS's A05) indicate that more than 2,600 “.vn” websites and online portals are compromised annually by cyberattacks, often resulting in website defacement or the injection of malicious code. The MPS has also identified over 7,500 harmful and illegal online content sources that attract more than 83 million user interactions. These sources frequently aim to undermine the Party’s and State’s policies and to incite mass gatherings during politically sensitive periods or public holidays.

Another alarming threat is the increasing relocation of transnational cybercriminal networks to Vietnam. These groups are known to deploy cutting-edge techniques and have carried out operations in Ho Chi Minh City, Hai Phong, Quang Ninh, Nha Trang and Da Nang.- (VLLF)

back to top