Public digital signature authentication contract between the service provider and the subscriber in Vietnam

Public digital signature authentication contract between the service provider and the subscriber in Vietnam (Image from the Internet)

In Appendix II issued with Circular 31/2020/TT-BTTTT (Effective from 25/12/2020) regulating the Template Contract between providers providing public digital signature authentication services and subscribers, specifically:

SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
--------------

CONTRACT

PROVISION AND USE OF PUBLIC DIGITAL SIGNATURE CERTIFICATION SERVICES

Number:........

[PART 1. REFERENCES]

Based on the Civil Code dated November 24, 2015;

Based on the Commercial Law dated June 14, 2005;

Based on the Law on Electronic Transactions dated November 29, 2005;

Based on Decree No. 130/2018/ND-CP dated September 27, 2018 of the Government detailing the implementation of the Law on Electronic Transactions regarding digital signatures and public digital signature certification services;

Other relevant legal bases;

[PART 2. MANDATORY CONTENT]

I. INFORMATION OF THE PARTIES

1. Service user (Party A):

1.1. For organizations

Representative:........................................ Position:.........................................................

Address:...........................................................................................................................

Phone:.............................................. Fax:.................................................................

Account:.......................................................................................................................

Tax code:.....................................................................................................................

Other information (if any).

1.2. For individuals

Full name:.......................................................................................................................

ID card/Passport/Citizen identity card:...............................................................................

Address:...........................................................................................................................

Phone:............................................. Fax:..................................................................

Account:.......................................................................................................................

Tax code:.....................................................................................................................

Other information (if any).

2. Service provider (Party B):

Organization providing public digital signature certification services............................................

Legal representative:.........................................................................................

Address:...........................................................................................................................

Phone:............................................. Fax:..................................................................

Account:.......................................................................................................................

Tax code:.....................................................................................................................

Other information (if any).

The agency contract is made in writing with agreed contents...

After negotiation, the parties agree to sign a contract for the provision and use of public digital signature certification services with the following contents:

II. CONTRACT CONTENT

Article. Scope, limitations of use

(applicable to digital signature certification services)

Article. Security level

- The key distribution system for subscribers (Party A) must ensure the integrity and security of the key pair. In case of key distribution through computer networks, the key distribution system must use secure protocols to ensure that no information is leaked during transmission.

- Party A is responsible for storing and using its secret key safely and confidentially during the validity period of its digital certificate and when it is temporarily suspended.

Article. Conditions for ensuring the security of digital signatures

- Digital signatures are generated during the validity period of the digital certificate and can be verified using the public key recorded on that digital certificate;

- Digital signatures are generated using the corresponding private key to the public key recorded on the digital certificate issued by the organization providing public digital signature certification services;

- The private key is under the control of the signer at the time of signing.

Article. Costs related to the issuance and use of subscriber's digital certificate

(Costs related to the issuance and use of subscriber's digital certificate as agreed by both parties)

Article. Suspension, revocation of subscriber's digital certificate

(Content related to the temporary suspension, revocation of subscriber's digital certificate as prescribed in Articles 28, 29 of Decree No. 130/2018/ND-CP).

Article. Rights and obligations

1. Rights and obligations of Party A

a) Fully understand the rights and responsibilities when conducting transactions using the services provided herein, and be responsible for ensuring the safety of storage and use of the private key.

b) Provide complete documentation for the application for a digital certificate, including:

- Application for a digital certificate according to the template of the organization providing the public key authentication service.

- Supporting documents:

+ For individuals: Identity card or Citizen identity card or passport;

+ For organizations: Establishment decision or decision on functions, tasks, powers, organizational structure, or business registration certificate or investment certificate; identity card or Citizen identity card or passport of the legal representative according to the law of the organization.

c) Have the right to request the organization providing the public key authentication service to temporarily suspend and revoke the issued digital certificate, and take responsibility for such request.

d) Provide information truthfully and accurately to the organization providing the public key authentication service.

e) In case of self-generating key pairs, the subscriber must ensure that the key pair generation device complies with the required technical standards and mandatory standards. This provision does not apply to cases where the subscriber rents key pair generation devices from the organization providing the public key authentication service.

f) Safely and confidentially store and use their private key during the validity period of their digital certificate and when the certificate is temporarily suspended.

g) Notify the organization providing the public key authentication service within 24 hours if they discover any signs that their private key has been compromised, stolen, or used unlawfully, in order to take appropriate measures.

2. Rights and obligations of Party B

a) Ensure the provision of the digital certificate authentication service... (type of digital certificate) after verifying the information in the subscriber's application for a digital certificate is accurate.

b) Ensure the provision of the digital certificate authentication service to Party A that meets the security requirements for digital signatures as specified in Article 9 of Decree 130/2018/ND-CP.

c) Generate and distribute keys to subscribers

- Organizations or individuals applying for a digital certificate may self-generate key pairs or request in writing that the organization providing the public key authentication service generate key pairs for them.

- Ensure the use of secure methods to transfer the private key to subscribers and only keep a copy of the private key when requested in writing by the organization or individual applying for a digital certificate.

- Ensure security during the process of generating and transferring digital certificates to subscribers.

- Use devices and software in accordance with the prescribed standards for key pair generation and storage.

d) Ensure uninterrupted use of the subscriber's service throughout the validity period of the digital certificate and continuously check the status of the subscriber's digital certificate.

e) Resolve risks and compensate for damages incurred by subscribers and recipients in case of identified errors by the organization providing the public key authentication service.

f) Ensure the security of personal information, private information, and storage devices for digital certificates of subscribers in accordance with the provisions of laws on information security and other relevant laws.

g) Receive information:

Ensure a channel for receiving information is available 24 hours a day and 7 days a week from subscribers regarding the use of digital certificates.

h) Regarding key management activities:

- Immediately notify the subscriber and take timely preventive and remedial measures in case signs are detected that the subscriber's private key has been compromised, is no longer intact, or any other errors that may adversely affect the subscriber's rights and interests.

- Advise subscribers to change key pairs when necessary to ensure the highest level of reliability and security for the key pair.

i) In case of temporary suspension of issuing new digital certificates:

During the suspension period, the organization providing the public key authentication service is responsible for maintaining the related database of issued digital certificates.

j) When the license is revoked, the organization providing the public key authentication service must immediately notify the subscriber of the termination of its services and provide information about the organization that will receive its database to ensure the subscriber's rights to use the service.

Article. Dispute resolution and complaint procedures

(Both parties agree to comply with the laws on commerce and civil matters)

[PART 3. OTHER AGREEMENTS (in accordance with the provisions of civil and commercial laws)]

…................................................................................................................................

....................................................................................................................................

Best regards!