Chương II Nghị định 165/2018/NĐ-CP : Quy định cụ thể

Chapter II

SPECIFIC PROVISIONS

Article 5. Validity of electronic documents

1. Electronic documents must satisfy all requirements for state management and conform to regulations of specialized law. Format, generation, sending and receipt of electronic documents and validity thereof shall comply with the Law on E-Transactions.

2. An electronic document shall be considered an original if one of the following methods is adopted:

a) The electronic document is digitally signed by an electronic document originator and relevant responsible organization or individual as prescribed by specialized law.

b) The information system provides a method of ensuring integrity of the electronic document in the sending, receiving and storage process; records that an organization or individual has generated an electronic document and relevant responsible organization or individual has engaged in processing the electronic document, and adopts one of the following methods to authenticate whether the organization or individual generates the electronic document and relevant responsible organization or individual engages in processing the electronic document: digital certificate-based authentication, biometric authentication, authentication using two factors or more, including one-time authentication code or random authentication code.

c) Other methods agreed upon by parties, ensuring the integrity of data, authenticity and non-repudiation in accordance with regulations of the Law on E-Transactions.

Article 6. Conversion from physical documents into electronic documents

1. Methods of converting a physical document into an electronic document:

a) Photocopy the physical document or convert it into a file on the information system, or

b) Convert contents of the physical document into data so that it can be stored in the information system.

2. The electronic document converted from a physical document must satisfy the following conditions:

a) It must specify all contents of the physical document;

b) Individual or organization that organizes (or takes responsibility for) the conversion of a physical document into an electronic document shall append his/her/its digital signature to the electronic document after it is converted from the physical document or authenticated using one of the methods specified in Point b Clause 2 Article 5 of this Decree.

3. The electronic document converted from a physical document has the same value as the physical document unless otherwise prescribed by specialized law.

Article 7. Conversion from electronic documents into physical documents

1. Organizations and individuals may print electronic documents generated by such organizations and individuals and information system administrators may print electronic documents of organizations or individuals under their management from the information system to store or compare information or present them to authorities that have the power to check documents or provide them to organizations and individuals that wish to retrieve or verify information within the scope permitted by the law.

2. Organizations and individuals may request information system administrators to confirm e-transactions in writing so that written confirmation can be presented to authorities that have the power to check documents or provided to other organizations and individuals that wish to retrieve or verify information within the scope permitted by the law. When initiated at a regulatory authority, such request and confirmation shall comply with regulations and procedures for providing information in accordance with regulations of the law on access to information.

3. The physical document converted from an electronic document must satisfy the following conditions:

a) It sufficiently and accurately specifies contents of the electronic document;

b) There is information showing that the document has been processed on the information system and showing name of the information system or name of the information system administrator;

c) An identification code for the electronic document is available to serve the retrieval or verification of information or full name and signature of the person carrying out the conversion are available;

d) There must be seal of the organization carrying out the conversion in the cases where the conversion is required to be carried out under regulations of law or agreement between parties.

dd) Information is retrieved at any time during the normal operation of the information system.

4. The physical document converted from an electronic document has the same value as the electronic document unless otherwise prescribed by specialized law.

Article 8. Amendments to electronic documents

1. The amendment to an unapproved or unsent electronic document shall comply with the management procedure of the document originator or information system administrator.

2. The amendment to an approved or sent electronic document shall be carried out again from the beginning of the stage of generation and comply with regulations of specialized law.

3. The information system must record the person in charge, time of amendment and other information relating to the amendment to the electronic document.

Article 9. Storage of electronic documents

1. Electronic documents shall be stored in accordance with regulations of specialized law, environmental requirements, electronic records management requirements and relevant regulations of the law on archives.

2. Authorities and units in charge of storing electronic documents shall satisfy all conditions prescribed in Clause 1 Article 15 of the Law on E-Transactions.

Article 10. Invalidation of electronic documents

1. An electronic document shall be invalidated under any one of the following conditions:

a) It is invalidated in compliance with procedures and regulations of the unit in charge of generating and processing the document according to regulations of specialized law.

b) It is invalidated by consensus between parties. The consensus is achieved using one of the following methods: a document bearing signatures of parties or authorized representatives of parties (if it is an electronic document, regulations on validity specified in Article 5 of this Decree shall be complied with); a party’s request for document invalidation and the other party (parties)'s consent to document invalidation, which are made in the form of an email or data message generated on the same information system serving generation or storage of electronic documents and authenticated using one of the methods specified in Article 5 of this Decree.

2. The invalidated electronic document shall be marked and the time and person in charge of invalidation shall be recorded in the information system and notified to relevant parties.

3. The invalidated electronic document shall be stored to serve retrieval by competent authorities within the time limit prescribed by specialized law.

4. The physical document (if any) converted from the invalidated electronic document is invalid and no longer usable.

Article 11. Deletion of electronic documents

1. Electronic documents and physical documents converted from electronic documents may be deleted after expiration of the retention period unless otherwise decided by a competent authority.

2. The deletion of electronic documents must not affect the integrity of the documents that have not been deleted and ensure normal operation of the information system.

3. The information system must record the deletion of electronic documents in the form of a list enclosed with information about person in charge and time of deletion. Such list shall be stored on the system to be available for retrieval when necessary.

Article 12. Sealing of electronic documents

1. The power to seal electronic documents is specified by the law on sealing of documents and evidences in service of inspection, audit and investigation.

2. The sealing of electronic documents shall ensure that:

a) Normal operation of organizations and individuals’ information system and business operations is not affected;

b) Sealed electronic documents are completely recovered through organizations and individuals’ information system after the sealing period;

c) Any access or change to contents of sealed electronic documents is identified;

d) The information system shall mark sealed electronic documents and record the person in charge and time of sealing.

3. After the competent authority decides to take sealing measures, organizations and individuals are not allowed to access, exploit, copy, amend or use sealed electronic documents to carry out transactions or for other purposes.

Article 13. Regulations on information system

1. The information system shall ensure time accuracy and be synchronized with Vietnam time (ISO 8601). Time stamping service provided by a licensed time stamping service provider as prescribed by the law on digital signatures and digital signature certification services should be used for documents whose creation time or processing time is limited by relevant legislative documents or is likely to cause disputes among the parties.

2. The information system serving generation and processing of electronic documents must be capable of converting electronic documents into physical documents to serve the purposes specified in Clauses 1 and 2 Article 7 of this Decree.

3. The information system must have the ability to store electronic documents or provide access to electronic documents stored in the storage system separated from the information system. In case the information system is upgraded or has its technology changed, its administrator shall provide access to electronic documents generated or stored in the information system prior to the upgrade or technology change.

4. The information system of finance authorities and relevant regulatory authorities must have the ability to connect and exchange electronic documents in accordance with the Government’s regulations on e-Government. The information system of other authorities must have the ability to connect and exchange electronic documents with that of finance authorities in accordance with regulations of specialized law.

5. Legal representatives of organizations that use the information system to append digital signatures to electronic documents shall be responsible to the law for digitally signed electronic documents.

Article 14. Assurance of safety in electronic financial transactions

1. Every information system administrator that collects personal information of participants in transactions must comply with the Law on Cyberinformation Security, Cybersecurity Law and relevant regulations of law on protection of personal information.

2. Every information system administrator must ensure safety and confidentiality of information system and transactions by participants in accordance with regulations of the law on cyberinformation security and adopt at least the following methods:

a) Classify the security and implement plans for assuring security of information system in accordance with regulations of the Law on Cyberinformation Security and Government’s Decree No. 85/2016/ND-CP dated July 01, 2016. If the information system administrator is an organization not affiliated to the State, only classify security of the system and adopt measures to protect the system in a manner that at least satisfies requirements for the corresponding class in accordance with regulations of the Ministry of Information and Communications. It is not required to follow procedures for appraising and approving proposal for classification.

b) Encrypt the connection between the organization/individual and the information system. Websites or web portals serving electronic financial transactions must be provided with digital certificates to secure information on the transmission line and avoid forgery.

Article 15. Use of intermediary service in electronic financial transactions

1. Providers of information technology services on mobile network and Internet and providers of digital signature certification services are entitled to provide intermediary service in electronic financial transactions.

2. Organizations and individuals are entitled to select an appropriate intermediary service provider to serve their electronic financial transactions.

3. Intermediary service users and intermediary service providers must sign an agreement or contract that specifies responsibilities and rights of each party (within the legal framework).

Article 16. Verification of information about electronic financial transactions

1. In the cases where an inspecting and investigating authority prescribed by specialized lawsoft or an authority in charge of initiating relevant administrative procedures wishes to verify information about an e-transaction by an organization or individual, one of the following methods shall be adopted to carry out the verification:

a) Use the electronic confirmation of e-transaction result provided by the information system administrator to the organization or individual in the form of a file or an email.

b) Carry out on-site observation of information retrieval by the organization and individual on the information system.

c) Use the feature that allows for retrieval of information by an electronic means provided by the information system administrator.

d) Connect, transmit data and exchange information with a finance authority to obtain information about e-transactions by entities following administrative procedures. This Point applies to authorities in charge of initiating relevant administrative procedures.

2. Inspecting and investing authorities and authorities in charge of initiating relevant administrative procedures may only request organizations and individuals present physical documents converted from electronic documents in case of failure to verify information using one of the methods specified in Clause 1 of this Article.