Vietnam: Implemented Law on Cyberinformation Security including operational license requirement (86/2015/QH13)

On 1 July 2016, the Cyberinformation Security Law entered into force. The Law is applicable to both Vietnamese and foreign organisations engaged in activities pertaining to network information security. It provides regulations on the rights and duties of agencies, organisations, and individuals in securing network information security, as well as regulations on the activities themselves. Chapter V delineates the procedure for obtaining a licence to engage in the trading of cyberinformation security products and services. In order to obtain a licence, an enterprise is required to submit an application to a competent state agency, and the licence itself is valid for a period of 10 years. To be eligible for this licence, enterprises must comply with a number of specific requirements. These include conformity with national cyber-information security strategies, the possession of adequate facilities and qualified personnel, and the maintenance of a viable business plan. The Ministry of Information and Communications is responsible for determining whether to approve or reject the request. Enterprises that have been granted a licence are obliged to adhere to all stipulations regarding the trading, management, and reporting of cyberinformation security services and products.