Socialist Republic of Vietnam : Draft Decree on Management, Provision and Use of Internet Services and Information on the Network

GOVERNMENT ——— No.: ……/2012/ND-CP

SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom – Happiness ————— Hanoi, date…..month……year 2012

– Pursuant to the Law on Organization of the Government dated December 25, 2001;

– Pursuant to the Law on Telecom dated November 23, 2009;

– Pursuant to the Law on Telecom dated June 29, 2006;

– Pursuant to the Law on Press dated December 28, 1989, Law on Amendment of a Number of Articles of Law on Press dated June 12, 1999

– Pursuant to the Decree No. 25/2011/ND-CP dated April 06, 2011, detailing and guiding implementation of a number of Articles of Law on Telecom;

– At the proposal of the Minister of Information and Communiations,

This Decree provides detailed regulations on the management and use of Internet services and information on network, including the provision and use of Internet services, Internet resources, website, online social network services, content service on telecom network, network electronic game service; assurance of Internet information safety and security; rights and obligations of organizations, individuals participating in the management, provision and use of Internet services and information contents on network.

This Decree applies to Vietnamese and foreign organisations and individuals directly participating in or relating to the management, provision and use of Internet services and information content on network.

1. Internet means a global information system using Internet Protocols (IPs) and Internet resources to provide different services and applications to users

2. Internet service means a kind of telecom services, consisting of Internet access service and Internet connection service.

a) Internet access service means a service providing users with the possibility of access to the Internet.

b) Internet connection service means a service providing Internet access service providers (1) with the possibility to connect with one another to transmit Internet traffic.

3. Internet service license means a telecom license for the kind of Internet service.

4. Internet services provider means a telecom enterprise having telecom license with one or both forms of Internet services as defined in Clause 2 of this Article (referred to as Internet service license).

5. Internet eXchange Point – IXP means an Internet equipment network or system, established by an organization or enterprise for the transmission of Internet traffic among organizations, enterprises, offices providing services on Internet.

6. Internet agent means an organization, individual providing Internet access services to Internet users under “Internet agent contract” with Internet access service provider in order to receive commissions or re-trade the Internet access service for earnings from the difference of service prices.

7. Internet access service user means an organization, individual engaging service contract with an Internet access service provider or owner of a public Internet access point for using applications and services on Internet.

8. Public Internet access point means a location where users are provided with possibility to access to Internet, comprising:

(a) Operating locations of Internet agents;

(b) Public Internet access points of Internet access service providers;

(c) Public Internet access points at hotels, restaurants, airports, coach stations, train stations, coffee shops, and other public Internet access points.

9. Internet resources mean sets of names and numbers belong to the management rights of Vietnam, which are uniquely schemed for ensuring the operation of Internet, comprising:

a) Vietnam’s country code domain name “.vn”, IP addresses, autonomous system numbers, and other names and numbers allocated to Vietnam through the Vietnam National Internet Center (VNNIC) by international organizations.

b) International domain names, IP addresses, autonomous system numbers, and other names and numbers allocated to organizations, individuals for the use in Vietnam by international organizations.

10. Domain name “vn” registrar means an enterprise providing services of registration and maintenance of country code domain names “.vn”.

11. International domain name registrar means an enterprise providing services of registration and maintenance of international domain names in Vietnam.

12. Network means, for the purpose of this Degree, mobile telecom network, fixed mobile telecom network, Internet network, and computer network (WAN, LAN).

13. Network electronic game means a game provided on network via server system of network electronic game providers (2), ,and played on the terminal devices of players, such as computer, mobile devices, other control devices and terminal devices. Network electronic games consist of:

a) Games with interaction among players, and at the same time through the game server system of the service provider.

b) Games with only interaction between player and game server system of the service provider.

c) Games with interaction among players, but without interaction between player and games server system of the service provider.

d) Game downloaded from network, with neither interaction among players, nor between player and game server system of the service provider.

14. Provision of network electronic game service means the establishment of equipment system, and application of software of which the service providers have the legal use rights in order to provide users with the possibility of playing network electronic games.

15. Network electronic game provider means an enterprise having network electronic game service license.

16. Network electronic game user (referred to as player) means an individual who plays network electronic game under a contract entered into with a network electronic game provider.

17. Public network electronic game point means a location for providing users with the possibility to access to the network and play network electronic games, comprising

(a) Public network electronic game points of network electronic game providers;

(b) Public network electronic game points of Internet agents;

(c) Public network electronic game points of other organizations, individuals;

18. Awarded points means a form of point equivalent award that a player receives in his/her playing a game.

19. Virtual item means graphic images of an article, a persona generated under certain rules established by the game manufacturer. Virtual items exist only in the game in which they are generated

20. Network Information means information which is provided, transmitted, collected, processed, stored and exchanged via the network.

21. Public information means information of an organization, enterprise or individual, to which many persons can be provided at the same time with the possibility to reach without identifying the particular identification in advance when storing, transmitting such information on network

22. Content service on mobile, fixed telecom networks means service providing public information to mobile, fixed telecom subscribers through the use of telecom number budget given by the Ministry of Information and Communications (MOIC).

23. Official information source means information posted, broadcasted on the Vietnam presses or on the websites of the Party’s and Government bodies in accordance with the regulations on the press and copyright.

24. Legal information source means information of organization, enterprise having the rights to the publication of information and being responsible for such information in accordance with regulations of laws.

25. General information means information collected from many information sources or comprising many forms of information about one or more aspects of politics, economy, culture and society.

26. Re-posting official information means quoting textually, exactly information from an official information source, with no comment, but clearly mentioning author’s name, name of the offices owning such official information sources, posting time, broadcasting time of such information.

27. Website means an webpage or a group of webpage, comprising information presented in forms of signs, numbers, text, images, sound, and other forms of information, serving the provision, use and exchange of information on Internet.

Websites of entities (3) in Vietnam are classified as follows:

a) Electronic presses.

b) General website means a website of entity, providing general information by re-posting official information.

c) Internal website means a website of an entity providing information about functions, competent, duties, organization structure, services, products, business lines and other necessary information serving the operation of such entity, without re-posting official information.

d) Website of individual means a website established by such individual for providing, exchanging his/her own information, not on behalf of any other organization or individual, and without re-posting official information. A website of individual may be the one self established by him/her, or by using social network service (blog).

đ) Specialized application website means a website of office, organization or enterprise providing specialized application services in fields of IT, broadcasting, commerce, finance, bank, culture, healthcare, education and other specialized fields on internet.

28. Social network service means a service providing a wide community of users the possibility to interact, share, storage and exchange of information with one another on the internet, including services of creation of blogs, forums, online conversation (chats), sharing images, and other similar forms of services.

29. Information security means properties of information, characterized in the ability of assurance of confidentiality, integrality and availability of information.

a) Assurance of information confidentiality means the assurance of individuality (information is used for proper subjects) and confidentiality (protection of information from disclosure).

b) Assurance of information integrality means the assurance of the accuracy (prevention the unauthorized destruction or modification of information) and assurance of the truthfulness (reliability) of the information.

c) Assurance of information availability means the assurance of the usability (timely and reliable use of information) and assurance of the recoverability (recovery of broken or lost information)

30. Assurance of information security on Internet means the management and technicality activities relating to control and protection of information and information systems during the transmission, storage and processing thereof on internet network for the purpose of assurance of information security. The assurance of information security comprises contents of information confidentiality, data safety, computer security and network security.

31. Assurance of national security, and social order and safety on Internet means activities of management, control, precautionary, detection, prevention, struggle against acts of abusing internet to violate the national security, social order and safety, and interests of people; prevention and struggle against the disclosure, loss of state secret via internet; inspection and prosecution of network crimes.

32. Information security incident on Internet means an event already happened, happening or likely will happen, causing the loss of information security on internet, detected through the monitoring, assessing, analyzing by relating offices, organizations, individuals, or warning by experts, organizations specialized in the field of information security in Vietnam at home or in the world (referred to as “information security incident” or “Internet incident”).

1. To promote the use of Internet in the fields of education, training, health and science research. To bring broad band Internet to schools, offices, families, rural areas, remote areas, border and island areas, areas with difficult and specially difficult socio-economic conditions.

2. To encourage the development of contents, applications on Internet, serving Vietnamese.

3. To promote the propaganda, dissemination and guidance of the use of information, utilities and applications on the internet to all people in the society for the purpose of increase of labour productivity, creation of jobs and enhancement of the life quality.

4. To strengthen the propaganda, education of and guidance on Internet legislation. To have measures to protect child from adverse effects of internet, and prevent acts of abusing Internet to cause harm to national security; to violate ethics, fine customs and tradition, and infringe upon the law. To strengthen the management of public Internet access points and public network electronic game points.

5. To encourage and facilitate the wide use of country code domain name “.vn” and the Internet protocol version IPv6.

6. To strengthen the international cooperation in the field of Internet on the principles of respect to the independence, national sovereignty, and multilateral interests, in accordance with the Vietnam laws and international treaties of which Vietnam is a member.

1. Abusing the provision and use of Internet and information on network to:

a) Oppose the State of the Socialist Republic of Vietnam; undermine national security and social order and safety; sabotage national unity; disseminate [information on] wars of aggression; cause feuds and conflicts among nations, ethnic peoples and religions;

b) Disseminate and rouse violence, obscenity, debauchery, crime, social evils and superstition; sabotage national fine custom and tradition;

2. Disclose national secrets or secrets of military, security, economy, external relations and other secrets as defined by law;

3. Disseminate information which distorts, slanders and offends the reputation of any organization, the honour and dignity of any individual;

4. Advertising, disseminate, purchase and sell prohibited goods and services; Disseminate prohibited articles, literary works, art works, and publications.

5. Cause illegally disruption, disturb, undermining server system of country code domain name, equipment system providing Internet services and information on the internet, the access to information and legal use of Internet services on the internet of entities.

6. Counterfeit personal information for providing public information and using network electronic game. Illegally use Internet resources, passwords, cipher keys, personal information of entities.

7. Disseminate information counterfeiting other entities, untrue information, violating legal rights and interest of other entities. Create illegal links for domain names of other entities. Send spam mails or illegal advertisements.

8. Create, install and disseminate computer virus and malware in order to perform any of the acts stipulated in article 71 of the Law on Information Technology. Illegally access to, misappropriate rights to control of information system in order to create harking tools on internet or to perform prohibited acts as stipulated in Articles 70 and 71 of Law on Information Technology.

Enterprises are allowed to provide Internet services to the public where stisfying the following conditions:

1. Having Internet service license

2. Enterprise which provide Internet services, and have network infrastructure, shall have, in addtion to the license regulated in Clause 1 of this Article, a license of establishement of public telecom network.

3. Submitting a 10 working days notification on official provision of Internet services to the MOIC (Telecom Department). Form of the notification and address for submitting such notification are provided in the Annex 1 in this Decree.

Competent, principles, condictions, and procedure for the grant, amendment, supplementation, renewal, revocation and re-grant of Internet service license are regulated in Articles 35, 36, 38 and 39 of Law on Telecom, and Articles 18, 23, 24 and 28 of Decree No. 25/2011/ND-CP dated 06 April 2011, detailing and guiding implementaion of a number of Article of Law on Telecom.

In addition to the rights and obligations of the telecom service provider as regulated in Article 14.1 of Law on Telecom, an Internet service provider shall have the following rights and obligations:

1. To build standard form of Internet agent contract, to register of such standard-form contract with the MOIC (Authority of Telecommunications) for using through entire enterprise after approved. A standard-form Internet agent contract shall comprise at least the following contents:

a) Information about Internet access service provider: Enterprise name, code, contact address, telephone number, and number and grant and expiration dates of the Internet service license; full name of person who is responsible before law;

b) Information about the Internet agent:

– For individual Internet agent: full name, ID card number and issuance place, telephone number, contact details.

– For organization Internet agent: Name of organization, enterprise code, number of business registration certificate or establishment decision, telephone number and contact details;

– addrress of business location.

c) Capacity of transmission lines and connection forms.

d) Rights of obligations of parties in accordance with this Decree.

đ)Circumstances in which Internet service provider ceases the provision of services to, and unilaterally terminate contract with the Internet agent.

2. To hold the training on the Internet laws to owners of Internet agents, and to examine, inspect the implementation of the service contracts by Internet agents at least one time per year.

3. Other rights and obligations under regulations of MOIC

1. An Internet agent is permitted to operate their business when satisfying the following condition

a) Registering the business line of Internet agent;

b) Entering into contract with an Internet access service provider;

c) In case of provision network electronic game service, complying with the regulations on operation conditions of public network electronic game point.

2. Public Internet access points of Internet access service provider shall not be required business registration of Internet agent.

3. An entity being the owner of a hotel, restaurant, office, airport, coach station, coffee shop, etc, when providing free of charge Internet service to users within such areas of such premise shall be neither required entering into Internet agent contract with a Internet service provider nor the business registration of Internet agent. In case collecting service fee, such entity shall satisfy all conditions regulated in Points a, b, Clause 1 of this Article.

1. An Internet agent shall have the following rights and obligations:

a) To establish terminal device system at the location used to provide Internet access service to users at such location;

b) To hang the signboard “Internet agent” with business registration number of the Internet agent;

c) To publicly post regulations on use of Internet service at the relevant places convenient for users to see and implementation thereof, including prohibited conducts as regulated in Article 5 herein; rights and obligations of Internet service user as regulated in Article 7 herein.

d) To open from 8:00AM to 22:00 daily;

đ) To provide Internet access service with quality and tariff specified in Internet agent contract;

e) In case providing network electronic game service, to comply with the regulations on operation conditions of public network electronic game point;

g) Not to hold or allow Internet service users to use the features of computer of the Internet agent for performing prohibited conducts regulated in Article 5 herein

h) To have the rights to request the contractual Internet access service provider to train and provide with information about Internet services, and to be subject to the inspection and supervision of the Internet access service provider.

i) To implement regulations on telecom infrastructure safety, and information security.

2. An public Internet access point of organization shall have the following rights and obligations:

a) To hang the signboard “public Internet access point” with the name and internet service license of the enterprise;

b) As regulated in points a, c, d, e, g, i, Clause 1 of this Article.

3. Entities being owners of hotel, restaurants, offices, airports, coach stations, coffee shops, etc, when providing free of charge Internet service to users shall implement the following provisions:

a) Complying with regulation on the open time;

b) As regulated in points a, c, e, dd, g, i, Clause 1 of this Article.

In addition to the compliance with the regulations on rights and obligations of telecom service user as regulated at Article 16.1 of Law on Telecom, an Internet access service user shall have the following rights and obligations:

1. To observe the regulations on operation time of public Internet access point.

2. Not to re-sell Internet services.

3. To comply with regulations on assurance of information safety, information security and other relating provisions herein

1. Internet service providers are permitted to connect directly with international, with one another, and connect with IXPs.

2. National IXP (VNIX) is an IXP established by the MOIC for transmitting Internet traffic among Internet service providers, and between an Internet service provider and other domestic and international IXPs, facilitating the development of the Internet protocol version IPv6, and applying new Internet technology and Internet service, and enhancing the abilities of response reservation for allowing Internet service providers and other Internet organizations to connect with one another in case there is incident for the enterprises’ domestic and international connections .

3. The MOIC (the Vietnam National Internet Center – VNNIC) maintains the operation of the VNIX in accordance with the principles that incomes shall cover costs, and the surplus amount are accumulated for developing of the public administration unit that shall ensure entire regular operation costs as provided at the Decree No. 43/2006/ND-CP dated 25 April 2006.

4. Internet service providers which have network infrastructure occupying dominant market position shall connect to the VNIX

5. The MOIC shall issues detailed regulations on the VNIX’s operation, and mechanisms, policies for providing Internet service providers with favorable conditions in connecting with VNIX

1. All entities shall have the rights to registration of the Vietnam’s country code domain names “.vn” and international domain names.

2. The registration of Vietnam’s country code domain name “.vn” is conducted through domain name “.vn” registrars.

3. The registration of the country code domain name “.vn” is performed in accordance with the following rules:

a) Fairness and non-discrimination;

b) The principle “first come first served”;

c) Compliance with regulations on protection of the Vietnam’s country code domain name “.vn” as stipulated in article 68 of the Law on Information Technology;

d) Compliance with regulations on bidding, transferring telecom resources as stipulated the Law on Telecom and other relating regulations

4. The MOIC regulates detailed process, procedure of registration of domain name “.vn”

1. The country code domain name “.vn” server system means a technical system for ensuring the operation of the country code domain name “.vn” on Internet. The MOIN (VNNIC) establishes, manages and operates the country code domain name “.vn” server system.

2. Internet service providers shall coordinate in assurance of the connection, routing in order for country code domain name “.vn” server system to operate safety and stably.

3. The MOIC regulates specific requirements for the assurance the security and safety for the country code domain name “.vn” server system.

1. A domain name “vn” registrar is permitted to provide the service when satisfying all the following conditions:

a) Being an enterprise established under the Vietnam laws, operating in the field of telecom, information technology, or being a foreign organization which is an accredited registrar of the Internet Corporation for Assigned Names and Numbers (ICANN);

b) Registering the businessline of “domain name registration service”;

c) Entering into service contract with the VNNIC

2. An international domain name registrar in Vietnam is permitted to provide the service when satisfying all the following conditions:

a) Being enterprise established under the Vietnam laws;

b) Registering the business line of “domain name registration service”

c) Having written contract with a accredited registrar of the ICANN for providing international domain name registration service in Vietnam;

d) Registering the activities of international domain name registrar in Vietnam in accordance with regulations of the MOIC.

3. The MOIC regulates detailed technical requirements, procedure for entering contract of domain name “.vn” registrars; procedure for registration of activities of intenational domain name registrars in Vietnam.

1. Domain name “.vn”registrar shall have the following rights and obligations:

a) Establishing DNS, technical system for providing services, and ensuring the safety and security of domain names of enterprises using thier services.

b) Being guided on and provided with information about the domain name registration, and being subject to the inspection and supervision of the MOIC.

c) Rejecting provision of services to entities violating regulations on domain name registration.

d) Suspending operation, revoking domain names at the request of competent state agencies.

đ) Applying measures of assurance of backup of domain name data safety in accordance with regulations of the MOIC (VNNIC).

e) For domestic “.vn” domain name registrars, using the Primary DNS with the Vietnam domain name “.vn” for providing DNS services;

g) Building and public notification of registration forms, orders and procedures for the registration of domain name in accordance with regulations of the MOIC.

h) Performing the report, provision of information, and coordination with the competent authorities as regulated.

2. An international domain name registrar shall have the following rights and obligations:

a) Managing information about name, contact address, telephone number, email account of entities in Vietnam who register international domain name with such registrar..

b) Guiding entities registering international domain name to notify their use of international domain name in accordance with regulations of the MOIC.

c) Performing the report to the MOIC as regulated;

d) Providing information and coordinating with the state competent authorities for handing, resolving cases relating to the international domain names managed by such registrar.

1. Methods of settlement of disputes over domain name

Methods of settlement of disputes over the registration and use of domain name “.vn” are in accordance with Article 76 of Law on Information Technology, comprising:

a) Through the amicable settlement between complainant and respondent;

b) Through arbitration procedure: applied for all disputes;

c) Through court procedure: applied for all disputes

2. In case one party using a registered domain name for the purpose of unfair competition as regulated at points b, c, Clause 3.3 this Article, the unfair competition management office or telecom management office shall perform the inspection, and apply sanctions for administrative violation.

3. Basis for the settlement of a dispute over domain name

3.1 Conditions of dispute settlement

Conditions of settlement of a dispute over domain name comprise four following elements:

a) The complainant shall submit a petition and documents, evidences (if any) relating to the domain name dispute to the one of offices regulated at Clause 1 of this Article.

b) The domain name in dispute is identical or confusingly similar to the domain name of the complainant, or identical or confusingly similar to the trademark or service mark to which the complainant has legal rights or interest.

c) The respondent does not have legal rights or interest to such domain name.

d) The domain name has been used by the respondent with the bad intention against the complainant.

3.2 Acts of using domain name with bad intention

Acts of using a domain name with bad intentions comprise the following circumstances:

a) Lending or transferring such domain name to the complainant who is the owner of the name, trademark, tradename identical or confusingly similar to such domain name; lending or transferring such domain name to competitors of the complainant for individual interests or earning illegal profits.

b) Misappropriating, preventing the owner of a name, trademark, service mark from the registration of domain name corresponding to such name, trademark or service mark for the purpose of unfair competition; or

c) Destroying the reputation of the complainant, hindering business activities of the complainant, or causing misleading or loss of belief to the public in respect of the name, trademark, service mark of the complainant for the purpose of unfair competition; or

d) Other circumstances in which the use of domain name is proved to be for bad intention

3.3 Evidences proving the legal rights and interest to a domain name

A respondent is considered to have legal rights and interest to a domain name where one of the following conditions is satisfied:

a) Have used, or having express evidences proving that the respondent have had the actual preparation to use such domain name, or name corresponding to such domain name in connection to the supply of their goods or services before arising the dispute.

b) Have been known to the public through such domain name although does not have respective trademark, service mark rights; or

c) Be using legally the domain name not in connection with the commerce, or properly using the domain name not for commercial purpose, or causing misleading or confusion to the public, causing affect on the name, trademark, service mark of the complainant.

d) Other evidences having legality as proved.

4. The MOIC regulates details for settling disputes over the country code domain name “.vn”

1. The MOIC (VNNIC) performs the registration of IP addresses and autonomous system numbers with international organizations; allocation and grant IP address and autonomous system numbers directly to Internet access service providers and members having addresses in Vietnam.

2. Internet service providers have the right to sub-allocation or sub-grant of IP addresses to other entities in Vietnam.

3. Entities using IP addresses and autonomous system numbers which are granted directly from international organizations on Vietnam Internet network shall have the consent from the MOIC.

4. The MOIC regulates detailed conditions, order, procedure of registration, allocation, and the grant of IP addresses and autonomous system numbers.

1. IPv6 technology as a high technology in the field of information technology shall have a prior development investment.

2. To apply incentives as regulated in Law on Information Technology to enterprises performing research, manufacture, and importation of devices and software having IPv6 applications.

3. To encourage, provide favorable conditions to enterprises providing Internet services which invest in development of network system in order to perform their plan of convertion into the IPv6 use.

4. To ensure the state bodies’ investment in, purchse of new equipments with Internet connection required the IPv6 support.

5. The MOIC presides, in co-ordination with relevant ministries, branches, to buil support policies and schedules to ensure that all telecom and information technology device and software operating on IP platform, which are manufactured domestic or imported into Vietnam must apply IPv6 technology, so that the manufacture and importation of equipments, software without IPv6 supports are gradually ceased.

1. Entities registering and using country code domain nam “.vn” shall have the following rights and obligations:

a) To take responsibilities before the law for their registration information, including the accuracy, truthfulness of information, and to ensure the non-infringement upon legal interests of other entities;

b) To be responsible for the management and use of their domain names in accordance with laws.

c) To pay fees, charges for the use and maintenance of their domain names

2. Entities using international domain names must notify such uses to the MOIC as regulated in Article 23 of the Law on Information Technology. The MOIC regulates detailed procedure of such notification on use of international domain names.

3. Entities using domain names and autonomous system numbers shall take the following responsibilities:

a) To route and use IP addresses and autonomous system numbers in accordance with guidelines of the MOIC;

b) To pay fees and charges for the use and maintenance of thier IP addresses and autonomous system numbers as regulated;

4. Entities using internet resources shall provide information to, coordinate with state competents bodies as requested.

1. Revocation of Internet resources means a competent state authority to decide to revoke the use rights to Internet resources already allocated to an entity.

2. In addition to circumstances as regulated at Clause 2, Article 50 of Law on Telecom, the revocation of Internet resources are applied in the following circumstances:

a) At the written request of state competent bodies in cases the use of Internet resources violate provision in Article 5 this Decree and other legal regulations;

b) In accordance with the result of the settlement of dispute [over the domain name] as stipulated by laws;

c) Based on the valid decision on sanction for administrative vilation with the supplemental penalty of revocation of Internet resources;

d) Not bring IP address, autonomous system number to the use after 06 months as from the allocation date;

e) Not to pay fees, charges as regulated.

3. The MOIC regulates detailed order and procedure for revocation of Internet resources.

Activities of providing public information on network shall comply with the following provisions:

1. Establishment and operation of electronic presses shall be in accordance with laws on press;

2. Establishment of general websites and social networks shall be in accordance with provisions in Section 2 Chapter 3 and other relating provisions in this Decree.

3. Establishment of websites for providing specialized application services on network shall be in accordance with provisions of specialized laws and relating provisions in this Decree.

Ministries, ministerial equivalent bodies and bodies attached to the Government shall take responsibilities to manage activities of providing specialized application services on network within their scope of competent and duties.

4. Advertising on network is performed in accordance with the regulations of laws on advertising and relating regulations in this Decree.

5. Providing content services on telecom network shall be in accordance with regulations in the Section 3, Chapter 3 and other relating regulations herein.

1. To be responsible for information self provided, stored, transmitted by them on the network, including the information under direct links, to ensure not to violate provisions in Article 5 herein, and to comply with legal regulations on copyrights and intellectual property and other relating regulations.

2. For entities being owners of a internal websites, blogs, to be responsible for information provided, stored on the entity’s website, including public information posted by other persons or information under direct links, to ensure not violate provisions in Article 5 herein.

3. To use of internet services and information on network in accordance with the regulations of laws. To perform the registration of personal information when providing public information and using network electronic game services as regulated in this Decree and other relating legal regulations.

The Ministry of Public Security (MPS) regulates details of registration, management and use of personal information on internet.

1. Provision of cross-border public information to users in Vietnam means a provision of public information by a foreign entity from a server located in a foreign country, with Vietnamese interface

2. Foreign entity providing cross-border public information to users in Vietnam shall have the following responsibilities:

a) To apply measures to protect personal information of users in Vietnam; to notify users in Vietnam, in Vietnamese, risks, and responsibilities to self protect their personal information in their posting and exchanging information on the internet;

b) To ensure the rights of users in Vietnam in respect of the grant of consent to foreign entity to use their personal information;

c) To ensure the possibility for users in Vietnam to remove entire their personal information from the foreign entity’s data;

d) Not to provide public information violating provisions in Article 5 herein. In case such violating information is provided by other entities, to coordinate with state administration bodies of Vietnam to remove such information;

3. For a foreign entity providing cross-border public information to a large number of users in Vietnam, in addition to the obligation to comply with the provisions in Clause 2 of this Article, to have the following responsibilities:

a) To maintain their authorized representative in Vietnam;

b) To have written commitment on ready coordination with state administration bodies of Vietnam in filtering information violating provisions in Article 5 herein, so that users in Vietnam cannot access, use such information;

c) To notify the MOIC information about name, address, contact telephone number, email address of their authorized representative in Vietnam for the purpose of implementation of commitments mentioned in point b, this Clause 3.

4. Foreign entity providing cross-border public information, having their equipments for supporting the provision of services in Vietnam located in Vietnam shall perform the notification in accordance with regulations of the MOIC.

5. The MOIC regulates particular criteria for evaluating, and publishes the list of website of foreign entities providing cross-border public information, which have a large number of users in Vietnam from time to time; procedures for coordinating with state administration bodies of Vietnam for removing information violating provisions in Article 5 herein

1. The assurance of the safety of information access on internet comprises the following contents:

a) Applying measures to filter the prohibited information on internet, which are regulated in Article 5;

b) Applying measures for protecting child and teenagers from harmful information and applications on internet;

2. The MOIC coordinates with the MPS and relevant ministries and branches to apply measures to filter website having prohibited information as regulated in Article 5 herein.

3. Ministry of Education & Training (MET), Ministry of Labor, War Invalids, & Social Welfare (Molisa)

a) Preside, coordinate with the MOIC to hold the dissemination and guidance as to Internet legislation to students, pupils at all levels.

b) Guide and facilitate, encourage students and pupils to use Internet in useful and practical activities in their studying and life.

c) Apply measures to warn, instruct and supervise students to avoid negative effects of the harmful information and applications on Internet.

d) Arrange the implementation of measures for protecting child and students from the harmful information and applications on the Internet.

4. Entities providing, using Internet services shall have responsibilities to apply measures for ensuring the safety of information access on Internet in accordance with guidelines of the MOIC, the Ministry of Culture, Sports & Tourism, MET and MOLISA and other state competent bodies.

An organization, enterprise is permitted to establish a general website, provide social network service when satisfying the following conditions:

1. Being organization, enterprise established under the Vietnam laws.

2. Having legal rights to the use of the domain name;

3. Using server located in Vietnam for providing services.

4. Having a general website establishment license (for general website) or social network service license (for the provision of social network service) granted by the competent state administration bodies in accordance with regulations at Clause 6, Article 27 herein.

1. Enterprise, organization shall be licensed when satisfying all the following conditions:

a) Having registered business line, functions or duties appropriate with the information on general website or social network applied for the license;

b) Meeting requirements for information contents, specialized technical facilities, human force, and the management as regulated by the MOIC.

2. Conditions of license renewal:

A license will be renewed if all following conditions are satisfied:

a) The renewal procedure are conducted by the entity 60 days prior to the expiration thereof;

b) There is no change in respect of legal entity, and such entity is in normal business.

3. Conditions of license amendment, supplementation

During the valid duration of a license, licensed enterprise, organization shall be required to conduct procedure for the amendment, supplementation of their license when the following changes happen:

a) Change of entity’s name;

b) Change of entity’s authorized representative;

c) Change of entity’s registered address;

d) Change of domain name;

e) Other changes regulated by the MOIC

4. Revocation of license

a) Enterprise, organization shall have their license revoked in the following circumstances

– Providing information seriously violating provisions in Article 5 herein and other provisions on management of information on network as hold in writing by a competent state administration body.

– Abusing license to make swindle, conduct illegal business.

– Having fraudulent conducts, or providing the counterfeit information for the purpose of obtaining license.

– Not deploying in practice the contents regulated in the license after 90 days from the issuance date of the license.

b) Enterprise, organization having their license revoked shall not be re-licensed in 01 year counting from the revocation date of the license.

5. Duration of license

a) A general website establishment license shall have the duration as claimed in the application for the license, but not longer than 5 years;

b) A social network service license shall have the duration as claimed in the application for the license, but not longer than 10 years;

6. Licensing competent

6.1 For social network service: The Authority of Broadcasting and Electronic Information (ABEI) (attached to the MOIC)

6.2 For general website:

a) The ABEI grants license to the following subjects:

– Central organizations;

– Press agencies;

– Religious organizations legally operating in Vietnam;

– Organizations having foreign element, other than enterprise;

– Department of Information and Communications (DOIC);

b) The DOIC grants license to subjects other than ones referred in point a of Clause 6.2 of this Article, comprising:

– Domestic organizations, enterprises having business license granted by local licensing authorities;

– Foreign entities having registered address in the local area;

7. The MOIC regulates particular requirements for information contents, specialized technical facilities, human force and management of general website, social network, procedures of grant, amendment, supplementation, renewal, revocation, and re-grant of the license.

1. To build management process of public information appropriate to the scope of operation of the general website, social network.

2. To apply relevant measures to immediately remove public information violating provisions in Article 5 herein upon self-detecting or as requested by the competent state bodies.

3. For general websites, to implement properly provisions on re-posting official information in this Decree, provisions on copyrights and intellectual property of the prevailing laws.

4. For social network, to implement provisions on registration of personal information as regulated in this Decree and MPS’s regulations on registration, management and use of personal information.

5. To store public information for at least ninety (90) days from the moment that information being posted on the website, the social network.

6. To perform the reporting regime, and to be subject to the inspection, search of competent administration bodies.

Person using Vietnam and foreign social network service shall have the obligation to comply with provisions in Articles 11 and 23 in this Decree, and the following regulations:

1. To observe regulations on exchange of public information of the social network;

2. To be responsible for information self posted, transmitted by him/her on the social network, including information under directs link provided by himself/herself, to ensure that such information does not violate provisions in Article 5 herein.

3. To be responsible for information posted, stored on his/her blog established on social network, including public information posted by others or information under direct links, to ensure that such information does not violate provisions in Article 5 herein.

4. To register personal information where providing public information as regulated by the MPS; to make his/her own decision on grant of consent to the owner of social network to use his/ her personal information when registering his/her use of services.

An organization, enterprise is permitted to provide content services on telecom network when satisfying the following conditions:

1. Being organization, enterprise established under the Vietnam laws.

2. Meeting requirements for information contents, specialized technical facilities, and management as regulated by the MOIC;

3. Having the legal rights to the use of telecom numbers budget granted by the MOIC for providing content services on telecom network;

4. Registering their provision of content service on telecom network as regulated by the MOIC.

5. The MOIC regulates particular requirements for information contents, specialized technical facilities, and management in respect of providing content services on telecom network; procedures for registering the provision of content services on fixed, mobile telecom network; conditions and procedure of allocation of telecom numbers budget for providing content services on telecom network and other relevant regulations.

1. To build equipment system, to rent telecom transmission lines for the connection to telecom enterprises.

2. To be provided with telecom number budget in accordance with the plan and regulations on management of telecom resources.

3. To observe regulations on management, storage and transmission of digital information as regulated in Law on Information Technology;

4. To provide only legal information as regulated in the laws;

5. When advertising of service on media (radio, television, press, internet and other media means) and advertising by message via mobile, fixed telecom network, to comply with laws on advertising, and mention clearly and fully the following information:

a) Name of the entity;

b) Name of service and use guide;

c) Tariff and payment methods;

d) Customer care telephone number;

e) Terms and conditions of service (if any).

6. To ensure the service quality as announced, to count exactly and sufficiently fees in respect of each service.

7. To perform the reporting regime, and to be subject to the inspection, search of competent administration bodies in accordance with laws.

1. To guide as to technical aspects, and to perform the connection to entities providing content services on telecom network, which have been registered with the MOIC.

2. To refuse the connection with enterprise providing content services on telecom network, which do not meet conditions regulated in Article 30.1 in this Decree.

3. To suspend or cease at the request of competent administration bodies the connection with entities providing content services on telecom network, which violate regulations on the provision of service.

4. To conduct the negotiation, agreement, and engagement of contract with entities providing content services on telecom network in respect of tariff, revenue sharing ratio, time periods for cross check and collection of tariff, rights and obligations of parties and other relevant contents based on the compliance with regulations on telecom service tariff and relating regulations in this Decree, so that facilitate the development of content service on telecom network.

5. In case collecting fees on behalf of entities providing content services on telecom network, the invoice issued to user must comprise the following information:

a) Name of entity providing content services on telecom network;

b) Name of the content service used by the user and respective fees;

c) Total fee;

d) Customer care telephone number.

6. To coordinate with entities providing content services on telecom network to settle complaints on, dispute over the service tariff, quality service provided to users.

7. To perform the reporting regime, and to be subject to the inspection, search of competent administration bodies in accordance with laws.

1. To observe regulations on use of content services regulated by entities providing content services on telecom network.

2. To self examine, and be responsible for his/her own decision on using the content services.

3. To have the rights to making complaint where the service provided is not proper to his/her request or not proper to the contents published or agreed by entities providing content services on telecom network.

4. The MOIC regulate details of procedure for making complaints by service users and responsibilities of relating parties in respect of dealing with the users’ complaints.

1. Network electronic games in Vietnam are classified based on the contents and scripts appropriate with the age of players;

2. The MOIC regulates details for the classification of network electronic games appropriate to age of player.

1. An enterprise is permitted to provide network electronic game service where satisfying the following conditions:

a) Being enterprise established and operating under the Vietnam laws;

b) Having network electronic game service license granted by the MOIC.

2. When providing new game specified at point 1 Clause 13 of Article 3 herein, the enterprise must conduct the procedure of amendment, supplementation of network electronic game license as regulated at Clause 3, Article 38 in this Decree.

3. Where providing a new game specified in points a, c, d, Clause 13 Article 13 in this Decree, the enterprise must conduct the registration with the MOIC (ABEI).

4. Foreign organization, enterprise is only permitted to provide network electronic game service to users in Vietnam under the form of business cooperation contract or joint venture with a Vietnam enterprise already licensed to provide service. The maximum capital contribution of foreign party is 49% of chatter capital of the joint venture. Activities of the joint venture shall meet conditions, rights and obligations of an enterprise providing network electronic game service.

1. A network electronic game service license comprises the following main information:

a) Enterprise’s name and code, registered address, addresses of branches, transaction offices;

b) Number of license, granting date and expiration date;

c) Name and origin of games specified at point a, Clause 13 of Article 3 herein;

d) Scope of service;

đ) Website providing service;

e) Location of server providing service;

f) Regulations that the enterprise must observe in providing service.

1. An enterprise shall be licensed when satisfying all the following conditions:

a) Having business registration certificate or investment certificate include the business line of “providing network electronic game service”

b) Meeting requirements for script contents, specialized technical facilities for providing network electronic game service as regulated by the MOIC.

2. Renewal of license

a) Renewal procedure of a license shall be conducted by enterprise at least 60 days prior to the expiration thereof;

b) The total time of renewed duration and initial duration of a license shall not exceed 10 years; in case a license has initial duration of 10 years, it will be considered to be renewed for further period of not longer than 1 year.

3. Amendment, supplementation of license

a) During the valid duration of a license, licensed enterprise, organization shall be required to conduct procedure for the amendment, supplementation of their license when the following changes happen:

– Change of licensed enterprise’s name;

– Providing further new game specified in point a, Clause 13, Article 3 herein;

– Ceasing provision of licensed games or not deploying licensed new game within 06 months as from the licensing date of such new game

– Change of licensed game’s name;

– Change of the location of server providing service;

– Other changes regulated by the MOIC.

b) In case of changing the registered address, legal representative, it is not required to conduct the procedure for amending the license, but required to notify in writing to the MOIC within 30 days from the date of the change.

c) In case of changing the script, contents of the licensed game, the enterprise must notify to the MOIC the changes in details, and will only be permitted to provide changed game to the public after having written approval of the MOIC for such changes.

4. Revocation of license

a) Enterprise shall have their license revoked in the following circumstances

– seriously violating legal regulations on contents, script of game.

– Abusing license to make swindle, conduct illegal business.

– Locating server abroad for providing service to users in Vietnam.

– Having fraudulent conducts or providing the counterfeit information for the purpose of obtaining license.

– Ceasing completely in fact the provision of network electronic game service.

b) Enterprise having their license revoked shall not be re-licensed in 01 year counting from the revocation date of the license.

5. Re-grant of license

In case a license is lost, torn, burned or destroyed in other forms, licensed enterprise will be re-grant of the license, subject to the payment of prescribed granting fee.

6. The MOIC regulates details of the following contents:

a) Requirements for content, scripts, technicality for providing network electronic game;

b) Procedures of examination, grant, renewal, amendment, supplementation, revocation and re-grant of the network electronic game service license.

c) Procedure of grant of registration in respect of the provision of network electronic game service.

d) Other necessary regulations.

7. MOF presides, in coordination with the MOIC, to regulate fees for grant of registration, collection and use of such fees; fees for grant, renewal, amendment, supplementation and re-grant of the network electronic game service license.

Network electronic game service provider has the following rights and obligations:

1. Rights to rental of the transmission lines of telecom enterprises to connect equipment system providing service to the public telecom network.

2. Providing games specified at point a, Clause 13, Article 3 in this Decree only after receiving license for such games.

3. Providing games specified in points b, c and d, Clause 13, Article 3 in this Decree only after receiving network electronic game service license for the first time to provide network electronic game, and have already registered such games.

4. Providing games with proper scripts as licensed or registered.

5. Establishing website for providing network electronic game, which comprises the following information:

– Classification of games corresponding to ages of players;

– Regulations on management of game information and activities.

– Rules for settling disputes over the interests, occurring between players and service provider, and among players;

– Clearly warning players about unexpected effects that may happen to the physicality and spirit of players.

6. Providing information about classification of games in advertising programs, service provider’s website and in each game.

7. Ensuring the rights of players, including:

a) Appling the necessary technical measures and appropriate management solutions for ensuring players’ proper rights in accordance with the game rules published, and suitable with the approved game script; to take responsibilities before players for the service quality, information safety, tariff; handling arisen disputes within the regulated scope and suitable to game rules.

b) Not amending information, data in order to increase the value of virtual items in the game in comparison with the original value determined at the moment that game script is registered or licensed. Not converting virtual items, awarded points to money or property in any form.

c) In case of willing to cease the provision of online game, the service provider must mention clearly reasons of such ceasing on the website providing the game at least 3 months prior to proposed moment of ceasing, and have solutions for ensuring the proper rights of players; and report in writing to the MOIC on the ceasing 15 days prior to the officially ceasing the provision of service.

8. Complying with the provisions on the assurance of information security in accordance with the MPS’s guidelines.

9. Not locating server providing online game services to players in Vietnam in foreign country.

10. In case it is necessary to establish a forum for the exchange of information among players, complying with regulations in this Decree on management of activities of social network.

11. For games specified at Clause 13, Article 3 in this Decree, applying technicality measures for the concentrated management of players’ accounts, ensuring all total time playing games of each player doesn’t exceed 180 minutes per day.

12. Not to advertise online games which have not yet licensed or registered in accordance with this Decree.

13. To pay fees for obtaining license or registration as regulated.

14. To submit periodically report every 06 months or extraordinary report at the request of the MOIC. Contents of regular reports shall be in standard form regulated by the MOIC.

15. To be subject to the inspection, search of competent State bodies.

Entities shall be permitted to establish public network electronic game points when satisfying all the following conditions:

1. Registering business line of “public network electronic game point”.

2. Having Certificate of eligibility of operation of public network electronic game point granted by the competent authority regulated at Clause 6, Article 41 hereof.

3. For public network electronic game points specified at points a, b, Clause 17, Article 3 hereof, entering into Internet agent contract with Internet service providers.

A certificate of eligibility of operation of a public network electronic game point shall comprise the following main information:

1. Information about the point’s owner;

a) For the point owned by an individual: full name and ID card number, contact telephone number of such owner;

b) For the point of organization providing network electronic game service:

– Company name and code;

– Number, granting date, expiration date of the network electronic game service license;

– Full name and ID card number, contact telephone number of person who directly mange the point;

c) For the point of other service providers

– Name of enterprise, organization;

– Full name and ID card number, contact telephone number of person who directly mange the point;

– Enterprise code or number of investment license or number of decision on establishment thereof.

2. Information about a public network electronic game point shall comprise:

a) Address;

b) Total area;

c) Maximum number of computers;

d) Information about signboard, anti-fire equipments, rules on use of network electronic game

3. Number and granting date of the certificate;

4. Service terms and conditions that the owner of the point has to comply during operation of the point.

1. An entity will be granted certificate of eligibility of operation of public network electronic game point when satisfying the following conditions:

a) Spacing to any primary schools, secondary schools and high schools at least 200m.

b) Having commitments on having signboard “public network electronic game point”, including information about name, address, contact telephone number, business registration number, number of certificate of eligibility of business conditions

c) Ensuring the total area of computer room of at least 50m2, and arranging 1m2 per computer.

d) Ensuring adequate lights, and having emergency light sources activated automatically upon the main light source is brocken.

đ) Having anti-fire devices and rules on anti-fire in accordance with regulations on anti-fire regulated by the MPS.

e) Being suitble with the local plan of points providing public network electroninc game service.

f) Paying prescribed fee for granting certificate.

2. Conditions of amendment, supplementation of certificate of eligibility of operation of public network electroninc game service point.

Owner of a public network electroninc game service point shall conduct procedures of amendment, supplementation of certificate of eligibility of operation of public network electroninc game service point when having the following changes:

– The owner’s name;

– Maximum number of computers;

– Other changes regulated by the MOIC

3. Revocation of certificate of eligibility of operation of public network electroninc game service point:

a) Owner of the point has its certificate of eligibility of operation of public network electroninc game service point revoked in the following circumstances:

– Not implementing one of any operation conditions regulated in Clause 1 of this Article;

– Having serious breach of the provisions at Clauses 2, 3, Article 42 in this Decree.

– Abusing the acts of providing public network electroninc game service to make swindle, to conduct illegal business.

– Having fraudulent conducts or providing the counterfeit information for the purpose of obtaining certificate of eligibility of operation of public network electroninc game service point.

b) Owner of the point having the license revoked shall not be re-licensed in 01 year counting from the revocation date of the license.

4. Re-issuance of certificate of eligibility of operation of public network electroninc game service point.

In case a license is lost, torn, burned or destroyed in other forms, licensed enterprise shall submit an application dossier for re-issuance of the license to the MOIC. Within 10 working days from the receiving date of the application dossier, the MOIC shall consider re-issuing the license, and the enterprise that is re-issued the license shall pay regulated fees for re-granting the license.

5. The MOIC regulates details of procedures of grant, amendment, supplementation, revocation, re-grant of certificate of eligibility of operation of public network electronic game point, template of the certificate for applying throuhg the nation and other relating contents.

6. People’s committees of cities and provinces regulate details of number, arrangement of network electronic game service points; assign, based on the actual conditions of the location, the local DOICs or district people’s committees to preside the grant, amendment, supplementation, revocation, re-grant of certificate of eligibility of operation of public network electronic game point, and direct the inspection, search and handle the violations in operating of public network electronic game points within local areas.

Owner of a public network electronic game point shall have the following rights and obligations

1. To establish equipment system in order to provide network electronic game service at the business location specified in the granted certificate of eligibility of public network electronic game point.

2. To hang the signboard “public network electronic game point” having contents as mentioned in the commitments mentioned in point b, Clause 1, Article 41.

To publicly post the regulations on use of network electronic game at the places convenient for players to see, including prohibited conducts regulated in Article 5 herein; the newest list of games as specified in point a, Clause 13, Article 3 in this Decree along with the classification thereof corresponding to the age of players; rights and obligations of players as stipulated in Article 43 herein.

3. To open the public network electronic game point only from 8:00 AM to 22:00 per day.

4. To regularly access to the website of the MOIC (www.mic.gov.vn) to download, print and post the enterprises’ newest list of games corresponding to the ages of players.

5. To notify and remind players their rights and obligations, and list of classified network electronic game as regulated in Article 3 in this Decree.

6. To observe regulations on assurance of information security as regulated by the MPS.

7. To be subject to the inspection, search of the competent authorities;

8. For public network electronic game points specified at points a, b, Clause 17, Article 3 in this Decree, in addition to the rights and obligations regulated in this Article, to observe regulations on rights and obligations of Internet agent regulated at Clause 1, Article 10 in this Decree.

9. To be subject to the inspection, search of competent state bodies.

Game player shall have the following rights and obligations

1. To observe legal regulations relating to Internet access service user as regulated in Article 11 herein.

2. To chose the network electronic game appropriate with his/her age;

3. Not to play game which has not yet registered or licensed as regulated in this Decree.

4. Not to abuse the network electronic game to commit conducts violating law, causing harm to social orders and safety, and national security.

5. To comply strictly with regulations on playing time and operation time of public network electronic game point.

6. To have player’s rights ensured by the network electronic game provider in accordance with the game rules and principles for settlement of dispute, complaints as published on the website providing game of the service provider.

1. All entities participating in the provision and use of Internet services shall actively perform activities of assurance of information security, preparation of breakdown happened in the equipment system thereof, which are appropriate to the actual need thereof, and in accordance with regulations of competent authorities.

2. All entities participating in the provision and use of Internet services shall arrange personnel responsible for the management of information security; actively detect conducts causing harm to information security, violating the regulations in Article 5 herein, and notify incidents to competent authorities; coordinate with other organizations, individuals and with competent authorities in monitoring, preventing, remedying and handling conducts and facts causing harm to information security on internet, and implement relating regulations of the MOIC.

3. The building and applying of measures, technicality system for the assurance of information security on the network shall comply with guidelines of the MOIC in order to minimize affects on the efficiency and network information traffic, ensure the legal rights and interests of organizations, individuals; not prevent or limit illegally the capacity of provision, use of Internet services and quality of Internet access service.

4. All organizations and individuals participating in the provision and use of Internet services shall specify levels of information system in accordance with regulations of the MOIC. Such classification is for the purpose of determination of the importance of information system for the security, politics and economy.

5. Contents of state administration of information security on internet comprise:

a) Building and organizing the implementation of strategies, masterplan, plan and policies.

b) Building, issuing, propagandizing, disseminating, organizing the implementation of legal documents, national standards, technical regulations on information security.

c) Building mechanism, policies, and regulations relating to the R&D, provision of products, services of ensuring information security.

d) Organizing the management, training, improving and developing the human resources in respect of information security.

đ) Managing organizations providing services of information security assurance.

e) Managing activities of international cooperation, and performing commitments in International treaties relating to the information security, of which Vietnam is a member.

g) Regulating the response to information security incident, opposing against attacks and terrorism on network.

h) Managing the use and development of application of secret codes.

i) Inspecting, searching and dealing with complaints, denunciation relating to information security.

Organizations and individuals participating in the provision and use of Internet services, performing activities of assurance of information security on internet shall establish a permanently working process suitable with the de facto situation, based on the following contents:

1. Building security policies, process and contents of information security management:

a) Establishing and building, issuing documents of security policies appropriate to standards, technical regulations, legal regulations, and based on the evaluation of risk, danger and de facto requirements.

b) Applying policies and measures of information security assurance;

c) Establishing and operating organization and system of information security management.

2. Deploying measures of information security assurance:

a) Classification of internet information property of organization, comprising hardware, software, data, system documents, other internet property. Applying suitable management measures.

b) Information security officials shall be selected, trained and cultivated regularly as to technicality appropriate to the assigned duties, and shall be provided with suitable working conditions; officials using network shall have thorough grasp of legal regulations and internal regulations on information security.

c) Assuring security in exploiting and operating system, including measures of system control, network control, data backup, management of connection equipments, management of information exchange, supervision of information access, network access and network applications access;

d) Control of security, encoding information in the system and on transmission lines.

đ) Management of incidents, soon warning dangers and weak points that may cause the loss of information security, and control of security holes.

e) Other measures.

3. Inspecting, supervising and evaluating information security by method of self evaluation or outsourcing to other organization for their objective evaluation:

a) Inspection and evaluation of compliance level of information system in comparison with the standards, technical regulations and information security management regulations;

b) Infrastructure shall be regularly checked, evaluated or examined as to information security in accordance with standards, technical regulations, and rules.

4. Maintaining and updating information security management system.

a) Proposal of methods of adjusting management policies, upgrading information security system.

b) Assurance the compliance with issued regulations.

5. Handling, repairing information security incident

When detecting information security incident, organizations, offices providing or using Internet service shall

a) Apply all measures in order to repair and limit the damages caused by the incident, promptly report and make minutes and send them to the direct management office;

b) In case of serious incident beyond their capacity of repairment, immediately report to the incident response network designated by the competent authority.

c) Provide full information about evidences, log-files and harmful source code (if any), and facilitate the competent authorities in research, analysis and repairmen of the incident.

d) Report on the incident through prescribed hot lines or in writing to the state information security administration authority.

1. The MOIC is responsible for the regulation of activities of Internet incident response; shall build and issue particular regulations on activities of Internet incident response.

2. All organizations, enterprises and individuals participating in management, provision and use of Internet services shall participate in activities of Internet incident response, and obey the regulating request of the MOIC in respect of the Internet incident response.

1. All entities participating in management, provision and use of Internet services, having the need of supervision or evaluation of assurance level of information security on internet of their systems shall have the rights to self perform such activities for their own internal system or to use respective services provided by licensed service providers.

2. Supervision of information security of an information system on Internet means activities of collection and analysis of information circulated inside and on output, and input of the system with the consent of the person managing the system or of the competent authority in order to detect Internet attacks, find out the signs of wrong operation of the system, and find out the potential dangers that may attack and cause damage to such system or other system on Internet network.

3. Evaluation of assurance level of information security of an information system on Internet means checking the arrangement and operation of the system, measuring and certifying the conformity thereof with standards, technical regulations and other regulations on information security.

4. Organizations providing and using Internet services shall perform the supervision and evaluation of assurance level of information security for their system in accordance with regulations of the MOIC.

1. Service providers providing services of supervision and evaluation of assurance level of information security (referred to as supervision service and evaluation service) shall satisfy the following conditions:

a) Being organization, enterprise established under the Vietnam law;

b) Having supervision service license and/or evaluation service license granted by the MOIC.

2. Conditions of supervision service license, and evaluation service license

a) Already operated in field of information security for at least 1 year;

b) Meeting requirements for technicality, human resource as regulated by the MOIC.

3. A supervision service license, and evaluation service license shall have maximum duration of 3 years.

4. Renewal of supervision service license, and evaluation service license

a) Service provider willing to have their supervision service license and/or evaluation service license renewed shall conduct the renewal procedure at least 60 days prior to the expiration date of the license.

b) Meeting requirements for technicality, human resource as regulated by the MOIC.

5. When there is any change relating to contents of a license, the service provider shall inform such change to the MOIC.

6. Circumstances of revocation of supervision service license and/or evaluation service license

a) Service provider is applied an administrative sanction with the content of revocation of license

b) Service provider violates regulations on information security, regulations on service managements, or has breach of agreements with service users.

7. The MOIC regulate particular requirements for technicality, human force of organization, enterprise providing information security evaluation service; procedure for grant of information security evaluation service license.

8. The MOF presides, in coordination with the MOIC, to regulate the particular fees, charges, collection and use of fees for the grant, renewal, amendment of information security evaluation service license.

1. To provide information security supervision service, and information security evaluation service appropriate to contents of the license and contents of documents applied for license.

2. To comply with technical regulations of the information security evaluation service.

3. To provide service objectively, equally; to ensure the quality and efficiency of the information security evaluation.

4. To assure the information confidentiality in accordance with the legal regulations and agreements with the service user;

5. To regulate rights and obligations of their staff who directly perfume the evaluation of information security;

6. To arrange the training all their staff and officials on information security;

7. To make regular report and extraordinary report at the request of the MOIC.

1. The MOIC shall take the following responsibilities:

a) Building and submitting to the Government for promulgation or promulgating within the scope of its authority, guidelines on implementation of legal instruments on information security on Internet; issuing policies, guidelines and technical regulations of information security on Internet; establishing and submitting to competent authorities for publish the technical regulations on information security on Internet in accordance with regulations of the law.

b) Directing, guiding the establishment of technical management system of information security; regulating, arranging, checking the establishment of systems for supervision and protection of national information security on Internet.

c) Managing network information security, regulating the protection of national information security, regulating activities of emergency response to network security incident; supervising and reminding the works of assurance of network important information security of Party’s bodies, state bodies and main enterprises.

d) Presiding over the collection, analysis, processing of information, evaluation and forecast of the tendency of the information security; Presiding over the international cooperation and coordination in respect of information security on Internet.

đ) Propagandizing the consciousness and responsibilities of assurance of information security on Internet to organizations, individuals providing and using Internet services.

e) Presiding over the arrangement of activities of training, cultivating specialized skills on management and evaluation of information security, assurance of information security on Internet, by regulating the frame specialized training and cultivating programs, regulating the conditions of specialized training and cultivating establishments; regulating conditions of grant of specialized training, cultivating certificate, duration of the certificate; regulating rights and obligations of specialized training establishments; synthesizing the training, cultivating situation of specialized training establishments on the evaluation and management of information security evaluation on Internet.

f) Presiding, in co-ordination with relevant bodies, over the inspection, search and dealing with administration violations of entities violating provisions on assurance of information security on Internet.

2. The MPS shall take the following responsibilities:

a) Coordinating with the MOIC in activities of assurance of information security in accordance with its competent.

b) Directing police force to strictly coordinate with the offices, organizations of the MOIC to perform the inspection, search, and handle violations to provisions on assurance of information security in Internet activities of entities.

c) Directing units in charge of the MPS to preside over, and coordinate with functional units of the MOIC in the consideration and evaluations of danger from foreign to the important information network, quickly finding out the internet terrorism source in order to have timely and suitable response.

3. The MOF presides, in coordination with the MOIC, to regulate the particular fees, charges, collection and use of fees for the grant, renewal, amendment of information security evaluation service license.

4. The Government Committee of Cipher, the Ministry of National Defence preside over the management of cipher application, and standard conformity of products using information safety and confidentiality assurance cipher.

5. Ministries and ministerial equivalent bodies, People’s committees at all levels shall have coordinate with the MOIC to perform the administration as to information security on Internet in accordance with their functions, duties and competent.

1. The MPS presides, co-ordinate with relevant ministries and branches to perform works of assurance of national security and social order on internet, including

a) To preside, co-operate with the relevant Ministries and Branches to build and submit to the Government for promulgation, or and promulgate within the scope of its authority, guidelines for the implementation of regulations on opposing acts of abusing network to infringe over the national security, social order and people’s interest, and protection of the state secret.

b) To direct, deploy the performance of missions of prevention, opposition against crimes; to organize the inspection, prosecution of network crimes, and other violations in field of Internet.

c) To inspect, check and deal with, within their competent, acts violating legal regulations on assurance of national security in Internet activities.

d) To preside, co-operate with the MOIC, the relevant Ministries and Branches, local administration bodies, and telecom enterprises, internet enterprise to arrange application of specialized technical measures for ensuring national security, prevention and struggle against crimes on Internet, and prevention of prohibited conducts stipulated in Article 5 herein

e) To preside over the participation in international cooperation activities in respect of the assurance of information security on internet.

2. The MOIC shall take the following responsibilities

a) To coordinate with the MPS in building legal instruments, technical system of the assurance of information security, sharing information about network security; to participate in the activities of inspection, check and dealing with violations within their competent and suitable with requirements for the assurance of national security and social order in Internet activities.

b) To participate in propagandizing consciousness and responsibilities for the assurance of national security social order to organizations and individuals providing and using Internet service;

3. Ministries and ministerial equivalent bodies, People’s committees at all levels shall have coordinate with the MOIC to perform the state administration of information security on Internet in accordance with their functions, duties and competent

1. To build reservation options of transmission lines, server system, network equipments, data backup, electric sources in order to ensure the provision of Internet services continuously and thoroughly.

2. When establishing, modifying, upgrading, expanding the Internet network, Internet service providers shall build, apply and operate system of assurance of infomation security appropriate to the scale of network, and comprise at least the follwing systems: system detecting and opposing against the entry into network; system opposing against the attach refusing clients services; system controling access; and system managing log file.

3. To apply measures for actively preventing, mornitoring, blocking resources which may cause the loss information security on Internet in order to protect their network system; to share information about network security, and to prevent resources which may cause the loss of information security on Internet at the request of competent authorities.

4. To install the connection gates, reservation connection interface available at the important Internet connection points in order for competent authorities to monitor, detect attacks or dispersing, spreading malware in accordance with guidance of the MOIC.

5. To annually organize the rehearsal, checking the efficiency of measures of protection of information security, and to participate to rehearsal hold by the MOIC.

6. To perform measures for improving the awareness of users in respect of the assurance of information security in accordance with the guidance of the MOIC.

7. To perform the regular report and extraodinary report at the reguests of the MOIC and MPS.

8. To directly perform or to coordinate in performance of specialized technical measures in respect of assurance of national security and social order as guided by the MPS.

1. Organizations, individuals using Internet services shall ensure that thier equipment, system connecting to Internet do not cause harm to the information security on Internet.

2. Organizations, individuals shall have responsibility to provide information, and coordinate to remove the danger for information security on their equipment system at the request of the competent authorities or Internet service provider;

3. Organizations, individuals using Internet services shall have responsibility to apply or coordinate in application of specialized technical measures of assurance of information security in acccordance with regulations of competent authority.

1. This Law shall be of full force and effect as from ……. June 2012.

2. This Decree replaces the Decree No. 97/2008/ND-CP dated 28 August 2008 of Government, on management, provision and use of internet services and electronic information on the internet.

3. Within the time limit of 6 months as from the effective date in this Decree, the MOIC shall issue circulars guiding the implementation thereof within the competent of the MOIC.

4. Within the time limit of 9 months as from the effective date in this Decree, People’s committees of city and provinces under the central authority shall issue the following documents:

a) Plans of network electronic game service points;

b) Guidelines the grant of certificate of eligibility of operation of public network electronic game point; statistics, report on the operation situation of public Internet access points and public network electronic game points at the local areas;

5. Within the time limit of 12 months as from the effective date in this Decree, People’s committees of city and provinces under the central authority shall complete the grant of certificates of eligibility of operation of public network electronic game point to all such points in the local area, and report the implementation result thereof to the MOIC.

1. The Minister of Information and Communications is responsible to guide and inspect the implementation herein.

2. Ministers, heads of ministerial equivalent bodies and Government bodies, and chairmen of provinces and cities under central authority, and relevant entities shall be responsible for implementation in this Decree.

Annex 1: Notification on official provision of Internet services

(Unofficial Translation by Indochine Counsel)

---

(1) Enterprise providing Internet access services

(2) Enterprise providing network electronic game services

(3) Organizations, enterprises or individuals