THE NATIONAL ASSEMBLY
Law No. 24/2018/QH14 dated June 12, 2018 of the National Assembly on Cybersecurity
Pursuant to the Constitution of Socialist Republic of Vietnam;
The National Assembly promulgates the Cybersecurity Law.
Article 1. Scope of adjustment
This Law provides for protection of national security and public order in cyberspace; responsibility of relevant organizations and individuals.
Article 2. Definitions
For the purpose of this document, the terms below are construed as follows:
1. “cybersecurity” means assurance that activities in cyberspace do not harm national security, public order, the lawful rights and interests of any organization or individual.
2. “cybersecurity protection” includes prevention, discovery, and actions against violations of cybersecurity.
3. “cyberspace” means a network of information technology (IT) infrastructure which includes telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases; cyberspace is where people’s activities are not limited by space and time.
4. “national cyberspace” means a cyberspace established, managed and controlled by the Government.
5. “national cyberspace infrastructure” means a system of infrastructure serving creation, transmission, collection, processing, storage and exchange of in the national cyberspace, including:
a) Transmission system, which includes the national transmission system, international transmission system, satellite system, transmission systems of telecommunications service providers (TSP), Internet service providers (ISP) and providers of value-added services in cyberspace (VAS);
b) Core service systems, including national information channeling and routing system, domain name system (DNS), public key infrastructure/certificate authority (PKI/CA) and Internet connection services by TSPs, ISPs and VAS providers;
c) Services and IT applications including online services, interconnected IT applications serving administration by major business and finance organizations; national database.
Online services including electronic government, electronic commerce, websites, online forums, social networks and blogs;
d) IT infrastructure of smart cities, the Internet of things (IoT), mixed reality systems, cloud computing, big data, rapid data and artificial intelligence.
6. “international internet gateway” means the place through which network data is transmitted between Vietnam and other countries.
7. “cybercrime" means a crime that involves the use of cyberspace, information technology or electronic devices as defined in Criminal Code.
8. “cyberattack” means the use of cyberspace, information technology or electronic devices to sabotage or interrupt the telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases or electronic devices.
9. “cyberterrorism" means an act of terrorism or financing of terrorism which involves the use of cyberspace, information technology or electronic devices.
10. “cyber espionage” means bypassing of warnings, firewalls, use of another person’s administration or otherwise illegally acquiring information or information resources on a telecommunications network, the Internet, computer network or information processing system of an organization or individual.
11. “digital account” means information used for verification and classification of right to use of applications and services in cyberspace.
12. “cybersecurity threat” means any threat in cyberspace to national security, public order, the lawful rights and interests of an organization or individual.
13. “cybersecurity incident” means an unexpected event in cyberspace that threatens national security, public order or the lawful rights and interests of an organization or individual.
14. “cybersecurity emergency” means an event in cyberspace that seriously violates national security, public order or the lawful rights and interests of an organization or individual.
Article 3. State policies on cybersecurity
1. Give priority to assurance of cybersecurity in national defense and security, socio-economic development, science and technology development and diplomacy
2. Develop health cyberspace without jeopardizing national security, public order or the lawful rights and interests of any organization or individual
3. Prioritize resources for development of a professional cybersecurity force; improve capacity of the cybersecurity force and any organization or individual that participate in cybersecurity protection; prioritize investment in research and development of cybersecurity technology.
4. Encourage and enable other organizations and individuals to participate in cybersecurity protection, handle cybersecurity threats; research and develop cybersecurity protection technologies, products, services and applications; cooperate with competent authorities in cybersecurity protection.
5. Increase international cooperation in cybersecurity.
Article 4. Cybersecurity protection principles
1. The Constitution and law must be upheld; interests of the State, the lawful rights and interests of organizations and individuals must be protected.
2. Cybersecurity protection will be carried out under leadership of Vietnam’s Communist Party and management of the State; the entire political system and the people will be mobilized to ensure cybersecurity; emphasize the role of professional cybersecurity forces.
3. Combine cybersecurity protection and protection of national security information system with socio-economic development, protection of human rights and citizenship rights, enable organizations and individuals to operate in cyberspace.
4. Prevent, discover and take actions against the use of cyberspace for the purpose of violating national security, disrupting public order or violating lawful rights and interests of other organizations and individuals; eliminate cybersecurity threats.
5. Ensure cybersecurity of national cyberspace infrastructure; implement various measures to protect national security information systems.
6. National security information systems shall undergo cybersecurity appraisal and certification before being put into operation; undergo regular cybersecurity inspection and supervision in order to respond to and remediate any cybersecurity incident that occurs.
Click download to see the full text