In August 2022, the Government issued Decree 53/2022 to implement various provisions of the Law on Cyber Security 2018 (LCS 2018). We summarise below certain key points of Decree 53/2022:

• Data localization: Decree 53/2022 provides more detailed guidance on data localization in Vietnam. Please see our separate blog on this issue Here.

• Using cryptography (“mật mã”) to protect network information: If necessary for the national security, safety and order of society or protecting legitimate rights and benefit of others, the authority could request related individuals/organizations to encrypt information not considered as State secret before storing, transmitting on the Internet;

• Take down of illegal or false information in cyberspace: Information required to be removed include: among others, information on cyberspace determined by the authority as having contents that infringe upon national security, propagandize against the State, incite violence, disrupt security or public order; information based on legal grounds that is humiliating or slanderous, infringes upon economic management order, fabricates and falsifies leading to confusion among people, causes severe damage to social-economic activities. The procedure to apply this measure comprises key steps, among others, the Head of the Department of Cyber Security and Hi-tech Crime Prevention issues a decision on applying this measure and then sends a written request to the service provider on the telecommunication network, Internet to delete the related information. This guideline will provide a clear basis for the Government to control the unverified information spreading over yberspace (e.g., social networks such as Facebook).

• Collecting the electronic data related to illegal acts in cyberspace: – If necessary for investigation, handling infringement upon national security, social order and safety, rights and benefits of others in cyberspace, the Head of the Department of Cyber Security and Hi-tech Crime Prevention will determine to apply this measure. The collection of electronic data must ensure certain principles including, among others, the status of digital devices and data must be maintained.

• Suspension or cessation of operation of the information system; withdrawal of domain names: If (i) there is evidence that the operation of the information system violates laws on cybersecurity, national security, or (ii) the information system is used for infringement upon national security, social order and safety, the Minister of Ministry of Public Security will directly determine to apply this measure. In urgent cases, the Department of Cyber Security and Hi-tech Crime Prevention may directly request the related individuals/organizations to suspend or cessation of operation of the information system.

• Decree 53/2022 provides procedures on cybersecurity inspection applicable to the information system not falling into the list of national security information systems.

• Decree 53/2022 provides the establishment and appraisal, assessment, inspection, remedying incidents of national security information system.

This post is written by Trinh Phuong Thao and edited by Nguyen Quang Vu.