What are the conditions for eligibility to provide electronic authentication services in Vietnam?
What are electronic authentication services in Vietnam?
Pursuant to Clause 1, Article 26 of Decree 59/2022/ND-CP, electronic authentication services are classified as a conditional industry.
Specifically, according to the provisions of Clause 8, Article 3 of Decree 59/2022/ND-CP, “electronic authentication” refers to an act of confirming or asserting identities attached to an eID holder by accessing, discovering and examining those identities existing in the national population, citizen ID, entry/exit and other database and electronic identification and authentication system, or verifying an eID account created by the electronic identification and authentication system with the help of an electronic authentication service provider in order to affirm value of that eID account (hereinafter referred to as e-authentication).
What are the conditions for eligibility to provide electronic authentication services in Vietnam?
What are the conditions for eligibility to provide electronic authentication services in Vietnam?
According to the provisions of Article 27 of Decree 59/2022/ND-CP stipulating as follows:
(1) Organization and business conditions
In order to be eligible to provide e-authentication services, e-authentication service providers must be state-owned public or government service units; businesses under the control of People’s Public Security forces.
(2) Personnel conditions
- As an e-authentication service provider, the head of a non-person entity or the legal representative of a business must be a Vietnamese national permanently residing in Vietnam.
- As an e-authentication service provider, the non-person entity or business must employ personnel holding at least undergraduate degrees in information security or information technology or telecommunication electronics majors to be in charge of providing services; running and administering their system; maintaining security for the entire system.
(3) Conditions related to technical expertise, processes for management of services and security or emergency response plans
In order to apply for certificates of eligibility provide e-authentication services, non-person entities and businesses must have their service scheme including the following documents:
- Action plan and process for provision of e-authentication services, including explanations about the information technology system; interpretation of the technical plan in the technological solution aspect; the plan for storage, assurance of data integrity, security and safety of the service providing system;
The plan for protection of data of individuals and non-person entities; the security plan; the plan for fire safety, response to emergencies, maintenance of stable and smooth working condition of e-authentication services;
- Introduction brochures about their machinery and devices in Vietnam satisfying regulatory fire safety requirements; resistant to flood, inundation, earthquake, electronic interference or unauthorized human access.
What are the responsibilities of e-authentication service providers?
Pursuant to Clause 1, Article 34 of Decree 59/2022/ND-CP stipulating the responsibilities of e-authentication service providers as follows:
Responsibilities of e-authentication service providers and agencies, non-person entities and individuals self-creating accounts
1. Responsibilities of e-authentication service providers
a) Render e-authentication services to non-person entities or individuals after entering into service agreements;
b) Ensure that information receiving channels are up and access to services is continuous 24 hours in 7 days a week;
c) Comply with the regulatory provisions of law on information, network security, cybersecurity, electronic transactions, technical standards and regulations in electronic authentication activities.
d) Adhere to the plan and process for providing electronic authentication services that have been reviewed by the Ministry of Public Security;
dd) Send six-monthly and annual performance reports on e-authentication services to the electronic identification and authentication regulator, or as requested by the electronic identification and authentication regulator.
Thus, e-authentication service providers shall:
- Render e-authentication services to non-person entities or individuals after entering into service agreements;
- Ensure that information receiving channels are up and access to services is continuous 24 hours in 7 days a week;
- Comply with the regulatory provisions of law on information, network security, cybersecurity, electronic transactions, technical standards and regulations in electronic authentication activities.
- Adhere to the plan and process for providing electronic authentication services that have been reviewed by the Ministry of Public Security;
- Send six-monthly and annual performance reports on e-authentication services to the electronic identification and authentication regulator, or as requested by the electronic identification and authentication regulator.
LawNet
