Chương I Luật An ninh mạng 2018: Những quy định chung

Chapter I

GENERAL PROVISIONS

Article 1. Scope

This Law provides for protection of national security and public order in cyberspace; responsibility of relevant organizations and individuals.

Article 2. Definitions

For the purpose of this document, the terms below are construed as follows:

1. “cybersecurity” means assurance that activities in cyberspace do not harm national security, public order, the lawful rights and interests of any organization or individual.

2. “cybersecurity protection” includes prevention, discovery, and actions against violations of cybersecurity.

3. “cyberspace” means a network of information technology (IT) infrastructure which includes telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases; cyberspace is where people’s activities are not limited by space and time.

4. “national cyberspace” means a cyberspace established, managed and controlled by the Government.

5. “national cyberspace infrastructure” means a system of infrastructure serving creation, transmission, collection, processing, storage and exchange of in the national cyberspace, including:

a) Transmission system, which includes the national transmission system, international transmission system, satellite system, transmission systems of telecommunications service providers (TSP), Internet service providers (ISP) and providers of value-added services in cyberspace (VAS);

b) Core service systems, including national information channeling and routing system, domain name system (DNS), public key infrastructure/certificate authority (PKI/CA) and Internet connection services by TSPs, ISPs and VAS providers;

c) Services and IT applications including online services, interconnected IT applications serving administration by major business and finance organizations; national database.

Online services including electronic government, electronic commerce, websites, online forums, social networks and blogs;

d) IT infrastructure of smart cities, the Internet of things (IoT), mixed reality systems, cloud computing, big data, rapid data and artificial intelligence.

6. “international internet gateway” means the place through which network data is transmitted between Vietnam and other countries.

7. “cybercrime" means a crime that involves the use of cyberspace, information technology or electronic devices as defined in Criminal Code.

8. “cyberattack” means the use of cyberspace, information technology or electronic devices to sabotage or interrupt the telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases or electronic devices.

9. “cyberterrorism" means an act of terrorism or financing of terrorism which involves the use of cyberspace, information technology or electronic devices.

10. “cyber espionage” means bypassing of warnings, firewalls, use of another person’s administration or otherwise illegally acquiring information or information resources on a telecommunications network, the Internet, computer network or information processing system of an organization or individual.

11. “digital account” means information used for verification and classification of right to use of applications and services in cyberspace.

12. “cybersecurity threat” means any threat in cyberspace to national security, public order, the lawful rights and interests of an organization or individual.

13. “cybersecurity incident” means an unexpected event in cyberspace that threatens national security, public order or the lawful rights and interests of an organization or individual.

14. “cybersecurity emergency” means an event in cyberspace that seriously violates national security, public order or the lawful rights and interests of an organization or individual.

Article 3. State policies on cybersecurity

1. Give priority to assurance of cybersecurity in national defense and security, socio-economic development, science and technology development and diplomacy

2. Develop health cyberspace without jeopardizing national security, public order or the lawful rights and interests of any organization or individual

3. Prioritize resources for development of a professional cybersecurity force; improve capacity of the cybersecurity force and any organization or individual that participate in cybersecurity protection; prioritize investment in research and development of cybersecurity technology.

4. Encourage and enable other organizations and individuals to participate in cybersecurity protection, handle cybersecurity threats; research and develop cybersecurity protection technologies, products, services and applications; cooperate with competent authorities in cybersecurity protection.

5. Increase international cooperation in cybersecurity.

Article 4. Cybersecurity protection principles

1. The Constitution and law must be upheld; interests of the State, the lawful rights and interests of organizations and individuals must be protected.

2. Cybersecurity protection will be carried out under leadership of Vietnam’s Communist Party and management of the State; the entire political system and the people will be mobilized to ensure cybersecurity; emphasize the role of professional cybersecurity forces.

3. Combine cybersecurity protection and protection of national security information system with socio-economic development, protection of human rights and citizenship rights, enable organizations and individuals to operate in cyberspace.

4. Prevent, discover and take actions against the use of cyberspace for the purpose of violating national security, disrupting public order or violating lawful rights and interests of other organizations and individuals; eliminate cybersecurity threats.

5. Ensure cybersecurity of national cyberspace infrastructure; implement various measures to protect national security information systems.

6. National security information systems shall undergo cybersecurity appraisal and certification before being put into operation; undergo regular cybersecurity inspection and supervision in order to respond to and remediate any cybersecurity incident that occurs.

7. Application violations against regulations of law on cybersecurity shall be promptly and strictly dealt with.

Article 5. Cybersecurity protection measures

1. Cybersecurity protection measures include:

a) Cybersecurity appraisal;

b) Cybersecurity assessment;

c) Cybersecurity inspection;

d) Cybersecurity monitoring;

dd) Cybersecurity incident response and remediation;

e) Cybersecurity protection activities;

g) Use of cryptography for cybersecurity protection;

h) Request for suspension or termination of network information; termination and suspension of establishment, provision and use of telecommunications network, the Internet, production and use of radio transmitters and receivers as prescribed by law;

i) Request for removal of illegal or false information in cyberspace which violates national security, disrupts public order or violates lawful rights and interests of other organizations or individuals.

k) Collection of electronic data relevant to violation of national security, disruption of public order or violation of lawful rights and interests of any organization or individual in cyberspace;

l) Block or restrict activities of certain information system; termination, suspension or request for termination of certain information system; revocation of domain names;

m) Initiation of charges, investigation, prosecution and hearing in accordance with the Criminal Procedure Code;

n) Other measures defined by regulations of law on national security and handling administrative violations.

2. The Government shall specify procedures for application of cybersecurity protection measures, except for those mentioned in Point m and Point n Clause 1 of this Article.

Article 6. Protection of national cyberspace

The State shall implement various measures to protect the national cyberspace; take precautionary and “cybersecurity breach” means an unexpected event in cyberspace that threatens national security, public order or the lawful rights and interests of an organization or individual.

Article 7. International cooperation in cybersecurity

1. International cooperation in cybersecurity is based on maintenance of the parties’ independence and territorial integrity, non-intervention in the internal affairs of the parties, equality and mutual benefits.

2. Contents of international cooperation in cybersecurity:

a) Research and analysis of cybersecurity trends;

b) Establish a mechanism and policies for increasing cooperation between Vietnamese entities and foreign and international cybersecurity organizations;

c) Share information and experience; provide assistance in terms of cybersecurity training, equipment and technology;

d) Prevent and combat cybercrimes and cybersecurity violations; eliminate cybersecurity threats.

dd) Provide cybersecurity-related consultancy and training and develop human resources for cybersecurity;

e) Hold cybersecurity-related conventions and international forums;

g) Enter into and implement cybersecurity-related international treaties and agreements;

h) Execute programs and projects for international cooperation in cybersecurity;

i) Seek international cooperation in other cybersecurity-related activities.

3. The Ministry of Public Security is responsible to the Government for international cooperation in cybersecurity, except for international cooperation carried out by the Ministry of National Defense.

The Ministry of National Defense is responsible to the Government for international cooperation in cybersecurity within its scope.

The Ministry of Foreign Affairs shall cooperate with the Ministry of National Defense and the Ministry of Public Security in international cooperation in cybersecurity.

The Government shall decide international cooperation in cybersecurity that is relevant to more than one ministry.

4. The Ministry of Public Security is responsible to the Government for international cooperation in cybersecurity, except for international cooperation carried out by the Ministry of National Defense.

Article 8. Prohibited acts

1. Use of cyberspace for the following purposes:

a) Conducting the acts mentioned in Clause 1 Article 18 of this Law;

b) Organizing or participating in opposition to Socialist Republic of Vietnam; colluding with other people, persuading, buying off, duping, enticing or training people to oppose the government of Socialist Republic of Vietnam;

c) Distortion of history, denial of revolutionary achievements, undermining national solidarity, blasphemy, discrimination by gender or race;

d) Provision of false information for the purpose of causing public confusion or economic loss, obstructing regulatory bodies or law enforcers, violating lawful rights and interests of other organizations and individuals.

dd) Prostitution, vice, human trafficking; posting pornographic or criminal information; damaging Vietnam’s good traditions, social ethics or public health;

e) Enticing, persuading or tempting others to commits crimes.

2. Any act of cyberattack, cyber terrorism, cyber espionage and cyber crimes; causing breakdown, attacking, infiltrating, overriding, interfering with, disrupting, paralyzing or sabotaging national security information systems.

3. Manufacturing or using tools, equipment, software programs or committing any act that is meant to disrupt a telecommunications network, the Internets, computer network, information systems, information processing systems and electronic control system; spreading malware in a telecommunications network, the Internets, computer network, information systems, information processing and control system; infiltrating a telecommunications network, the Internets, computer network, information systems, information processing system or electronic device control system of another person.

4. Resisting or obstructing the cybersecurity force; attacking or illegally neutralizing cybersecurity measures.

5. Taking advantage of cybersecurity protection activities to violate national security, national interests or sovereignty, disrupt public order, violate lawful rights and interests of another organization or individual or for profiteering purposes.

6. Other acts that violate this Law.

Article 9. Actions against violations against regulations of law on cybersecurity

The person who commits any of the violations mentioned in this Law will be liable to disciplinary penalties, administrative penalties or criminal prosecution depending on the nature and severity of the violation, and pay compensation for any damage caused.