Vietnam’s current Law on E-Transactions was passed in 2005 and has been effective since March 1, 2006. This law is considered a framework law, developed based on the Model Law on E-Commerce of the United Nations Commission on International Trade Law (UNCITRAL).
According to the Ministry of Information and Communications (MIC), over the past 17 years, the implementation and application of e-transactions have shown significant evolution in certain areas demanding high levels of international integration, such as banking and e-commerce, but has faced difficulties in other areas due to a lack of detailed guidance. In addition, with the strong growth and breakthrough development of digital technologies such as artificial intelligence, big data, biometrics, and blockchain, and in the context of the ongoing Industrial Revolution 4.0 and the development of digital government, digital economy, and digital society, the 2005 Law on E-Transactions has revealed its shortcomings. Therefore, the government of Vietnam has entrusted the MIC to take the lead in drafting a new Law on E-Transactions, which will replace the old 2005 law in order to meet the country’s development needs.
Accordingly, the MIC published a Draft Law on E-Transactions (“Draft Law”) for public consultation from May 4 to July 4, 2022. The latest accessible version of the Draft Law at the time of writing is Version 4.
The effective date of the Draft Law is still not yet determined, though this law is expected to be submitted to the National Assembly for its review and comments in October 2022 and approval in May 2023.
The following are some key contents of the Draft Law:
1. Scope of Application
Unlike the current law, which explicitly excludes certain areas such as the issuance of certificates of land use rights and marriage certificates from the scope of application, the Draft Law attempts to cover all areas. The MIC’s ambition is to develop a unified law which enables activities in all sectors carried out in traditional ways to be carried out in the digital environment. However, retaining a key principle of the current law, the Draft Law will not interfere with the regulations of substantive laws which stipulate the content, conditions, and forms of transactions in their respective areas.
The Ministry of Justice expressed its concerns about this expansion of coverage to embrace all sectors in an appraisal of the Draft Law. However, according to the MIC, the reason for excluding certain areas in the old law was because the technology was not ready and did not meet the requirements of safety and reliability at that time. Now, technology has advanced, and e-transactions in all sectors are an international trend. Digital signatures have become harder to forge than handwritten signatures; facial recognition by machine is more accurate than facial recognition by humans; execution of transactions electronically saves time, costs, and human resources and at the same time still ensures security, confidentiality, and reliability compared to transaction execution in the traditional way. In addition, the Draft Law adds a section on trust services, which will help previously excluded activities to be carried out electronically while ensuring they meet the necessary legal requirements.
Importantly, this coverage expansion allows all sectors to adopt e-transactions on a voluntary basis. It is up to the relevant substantive law to decide to adopt e-transactions partly or wholly, or not at all.
2. E-Transactions in All Sectors
The Draft Law retains the key principles of the current law, while providing more comprehensive regulations in order to facilitate e-transactions in all sectors, especially sectors in which the relevant substantive laws require certification/notarization when executing transactions in the traditional way, such as those related to housing and land, inheritance, marriage/divorce, etc.
The Draft Law retains the main content of provisions under the current law on the legal validity of data messages; recognition of data messages being valid as written documents, as original copies, and as evidence; and rules for sending and receiving data messages.
The Draft Law also supplements regulations to recognize the legal validity of data messages as written documents in cases where the respective substantive laws require documents executed in the traditional way to be verified/affirmed (i.e., signed, or signed and sealed), certified, or notarized. In other words, the Draft Law recognizes the legal validity of e-transactions in areas with stricter requirements for transaction execution which require certification or notarization. The Draft Law also provides for conversion from written documents to data messages and vice versa so that parties can use data messages instead of written documents and vice versa where appropriate or allowed by law.
The Draft Law continues to recognize the legal validity of e-signatures (see below) and e-contracts, retaining the current law’s rules for signing and performance of e-contracts; rules for sending or receiving data messages in signing and performance of e-contracts; and legal validity of notice in signing and performance of e-contracts. In addition, the Draft Law adds regulations to enable the signing and performance of e-contracts through automatic information systems.
3. E- Signatures and Digital Signatures
The Draft Law provides clearly that the use of electronic means to conduct transactions is voluntary unless otherwise provided for by law. In addition, as in the current law, the Draft Law clearly regulates that parties to transactions are free to agree on the selection of technology to execute the transactions—no specific technology should be mandated in transactions. This important policy has been emphasized in order to facilitate the innovation of technology.
An “e-signature” denotes a technology-neutral concept while a “digital signature” is a type of more secure e-signature which uses the specific technology of asymmetric cryptography. Digital signatures have long and commonly been used in Vietnam (and in the world) in e-transactions, and digital signature certification services have also been in operation in Vietnam for many years.
The previous version of the Draft Law was more adherent to technological neutrality, while Version 4 shifted to the predominant use of digital signatures. In particular, Version 4 provides that in cases where a document requires a signature by law, the requirement for a data message is considered fulfilled if that data message is signed with a digital signature as specified in the law; and where the law requires a document to be certified by an organization/agency, that requirement for a data message is considered fulfilled if the data message is signed by the digital signature of that organization/agency.
This specific use of a “digital signature” to recognize the legal validity of e-signatures in transactions that need to be signed or to be certified would violate the important policy of technological neutrality; thus, these regulations should be carefully reconsidered.
As in the current law, the Draft Law recognizes the legal validity of foreign e-signatures and foreign e-signature certificates.
Regulations on e-certificates are introduced in the Draft Law, which provides for recognition of their legal validity. An e-certificate is defined as a data message created by an agency, organization, or individual, the information in which is used to serve as the result of administrative procedures, or as a permit, diploma, certification, certificate, valuable paper, written consent, or other confirmation in electronic form. E-certificates can be transferable or non-transferable. The information system to store and process e-certificates must be ensured to meet at least Level 3 of network information security in accordance with the Law on Network Information Security.
Although the current law uses the term “e-certificates,” it denotes a different meaning, referring to the verification of a signing person/organization, similar to the concept of e-signature certificates under the Draft Law.
5. Trust Services
Trust services in e-transactions, including timestamp services, data message certification services, and digital signature services, are supplemented in the Draft Law. Although this is new content compared to the current Law on E-Transactions, timestamp services and digital signature services are not new services and have been regulated under Decree No. 130/2018/ND-CP. The Draft Law retains and incorporates certain framework regulations of state management of timestamp services and digital signature services regulated in this decree. In particular, the Draft Law provides that these trust services are conditional business services and subject to licensing with a license duration of 10 years.
Data message certification services are used to certify data messages in cases where the corresponding substantive law requires documents to be certified. These services include services of certifying the reliability of data messages and services of sending and receiving secure data messages.
In the previously released draft, the MIC additionally included certification of e-transactions and e-contracts in the trust services, and the broader (and technology-neutral) “e-signature certification services” was used instead of “digital signature services.”
The MIC removed the certification of e-transactions and e-contracts from the trust services and also removed provisions on intermediary services in e-transactions and digital credit rating information services from Version 4 because these regulations would create administrative procedures for organizations and businesses which wished to provide those services. After assessing the current situation, the MIC proposed that it was not appropriate at this time to include these services in the Draft Law. However, this appears to conflict with the MIC’s stated ambition to enable e-transactions in all sectors. With no regulations on e-transaction and e-contract certification services, how can transactions and contracts be certified in the digital environment if the respective substantive laws require such certification? Will this matter be left for a sub-law to regulate? Or will the MIC amend the Law on E-Transactions again, after the new law has taken effect?
6. Information Systems Serving E-Transactions
The Draft Law adds a new section on information systems serving e-transactions, which includes information systems for the provision of trust services and information systems for the provision of services for sending and receiving secure data messages. This section regulates information systems serving e-transactions; e-identification accounts; e-transaction accounts; responsibilities of information system owners; responsibilities of state agencies in state management; and measures to protect e-transactions.
E-identification accounts are used to verify the identity of an individual or an organization to perform administrative procedures, e-government services, and other activities in the network environment.
E-transaction accounts are used to conduct e-transactions, store transaction history and ensure the accuracy of the order/process of transactions of the account holder, and as evidence of the transaction history of the parties to e-transactions. E-transaction accounts could be used in carrying out administrative procedures in the network environment, or in other transactions of account holders’ choice.
The responsibilities of information system owners are classified into three groups, based on the number of users served. Owners serving large numbers of users are subject to additional requirements and obligations, such as having to disclose algorithms used to make recommendations and display ads.
The previous version of the Draft Law provided the concepts of digital platforms, digital services, and online transactions, but in Version 4, the more general and inclusive term “information systems serving e-transactions” is used to simplify understanding and to be consistent with definitions in other relevant substantive laws, according to the MIC.
7. Open Data
The Draft Law adds new content regarding the open data of state agencies, which is defined as data that is published/disclosed by a state agency for other parties to freely use, reuse and share, in order to promote e-transactions, digital transformation, and development of the digital economy and digital society.
Organizations and individuals are free to access and use open data without being requested to provide identification; are allowed to freely copy, share, exchange, and use open data or combine open data with other data, and use open data in their commercial or non-commercial products or services; but are not allowed to sell open data which has been exploited in its original state from state agencies to other organizations and individuals.
Source: CCIPV / Giang Thi Huong Tran / Tilleke & Gibbins