Fintech Security

Cybersecurity Law Decree Issued – Security

To print this article, all you need is to be registered or login on

Issuance of Decree 53 provides detailed guidelines on a number
of provisions in Cybersecurity Law

The Vietnamese Government has issued Decree No. 53/2022/ND-CP
dated 15 August 2022 guiding the implementation of Cybersecurity
Law 2018 (“Decree 53”). It takes
effect on 1 October 2022 and does not provide a grace period. Given
the Cybersecurity Law’s extra-territorial reach, Decree 53
will impact both onshore and offshore entities.

Decree 53 provides much-awaited rules that will, among other
things, enable regulators to enforce the data localization and
local office (i.e., branch or representative office) requirements
under Article 26 of the Cybersecurity Law. Until now, Article 26
requirements had not been applied due to a lack of needed
guidance/details for implementation. Specifically, primary points
of interest of both onshore and offshore entities had been the
types of data subject to local storage, storage period, relevant
entities, triggering conditions, and operational and procedural
aspects of the local office requirement. Please see below for some
details provided in Decree 53:

  • Types of data subject to local storage:

    • personal data of service users in Vietnam

    • user-generated data in Vietnam (i.e., account name of service
      user, time of service use, credit card information, email address,
      network address (IP) of most recent login/log out, registered phone
      number associated with the account or data)

    • data on the relationship of service users in Vietnam with
      onshore and offshore entities doing business in Vietnam (i.e.,
      friends and groups with which users connect or interact)

  • Data storage period: The time period starts
    from the time an entity receives a request for local storage; the
    minimum period being 24 months.

  • Local storage and local office requirements for
    offshore entities

    • Application scope – Decree 53 specifies
      that these requirements will apply to foreign entities doing
      business in Vietnam involved in telecommunications services;
      storing and sharing data in cyberspace; providing national or
      international domain names to service users in Vietnam; e-commerce;
      service providers of online payments; payment intermediaries;
      transport connectivity services through cyberspace; social networks
      and social media; online video games; services providing, managing
      or operating other information in cyberspace in the form of
      messages, voice calls, video calls, email, online chat.
      The requirements must be fulfilled within 12 months from the
      date the Minister of Public Security issues a decision on the

    • Triggering condition – Failure to
      comply/inadequately complied with written requests made by the
      Department of Cybersecurity and High-Tech Crime Prevention and
      Control under the Ministry of Public Security for Cybersecurity Law

Additionally, Decree 53 also details other issues, among others,
the following:

  • measures for ensuring cybersecurity, which includes, among
    others, requests for takedown of illegal contents, the shutdown of
    information systems

  • establishment and assessment of national security information

  • coordination of competent authorities to implement protection
    measures, handling violations against cybersecurity across

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from Vietnam

Fintech Laws In India – A Primer

Argus Partners

Banks and other financial institutions have always been at the forefront of technology usage for their business purposes.

Source link

Leave a Reply

Your email address will not be published.