Vietnam: Implemented Law on Cyberinformation Security including cybersecurity regulation (86/2015/QH13)

On 1 July 2016, the Cyberinformation Security Law entered into force. The Law is applicable to Vietnamese and foreign organisations engaged in network information security activities and provides regulations on network information security activities, rights, and duties of agencies, organisations, and individuals in securing network information security. In Article 7, prohibited acts are outlined. In particular, it is prohibited to block or otherwise interfere with the transmission of information in cyberspace, which could result in the disruption of normal information system operations. In addition, attacks on or the nullification of cyberinformation security measures is prohibited. Furthermore, the dissemination of unsolicited electronic messages, the establishment of deceptive information systems, and the illicit handling of personal data are prohibited. The legislation stipulates that information should be classified according to its level of secrecy, in order that appropriate measures may be taken to protect it. Furthermore, the transmission of messages in the digital domain is subject to regulation, as is the prevention, detection, and handling of malicious software. The response to cyberinformation security incidents is outlined. Finally, the standards and technical regulations are delineated in Chapter IV.