Vietnam’s controversial new cybersecurity law took effect Tuesday, alarming free speech advocates.
While the law has not been officially published, a copy of the draft, which was passed by the National Assembly on June 12, has been released by VNEconomy. This text indicates the provisions of the law, outlining the scope and the information that will be affected by it.
Under the new law, the Ministry of Public Service (MPS) will have the authority to audit information systems following a written notice issued 12 hours before. The MPS can conduct such an audit on information systems that are not included in the “list of information systems critical to national security” if there has been an act violating the cybersecurity laws, or if the owner requests an audit. These audits include hardware, software and digital devices used by the information system, as well as information that is stored, processed and transmitted by the information system.
The law defines “illegal content” as propaganda against the state, instigating violence, disrupting security or public order, slander, or something in violation of the economic management order. Also included is the protection of secrets including state, trade, personal, or family secrets, and the protection of children. Providers of information systems are required to prevent the sharing of the illegal content as outlined above, to record system information, and to stop providing services to individuals or organizations that post illegal content.
Included in the law is Article 32, a section on “network security protection forces,” which will include citizens who meet specific criteria and may be recruited into the force. Their role would be to work alongside Network Security Guards to manage important information systems on national security.
In Article 40, this law also disseminates legal power to the ministries and localities:
Responsibilities of ministries, branches and provincial People’s Committees
Within their scope, tasks and powers, the ministries, branches and provincial-level People’s Committees shall have to perform network security protection for information and information systems under their management; coordinate with the Ministry of Public Security in performing the state management of network security of the ministries, branches and localities.
Information system providers have been given 12 months to conform to this law unless the Prime Minister grants them an extension.