When is an e-signature considered to have fully met conditions to ensure security for digital signatures in Vietnam? - Vu Hoang (Gia Lai, Vietnam)
Vietnam: E-signatures and 05 things you need to know ( Source: Internet)
1. What is an E-signatures?
According to Clause 1, Article 21 of the Law on E-Transactions 2005, an e-signature is established in the form of words, letters, numerals, symbols, sounds or other forms by electronic means, logically attached or associated with a data message and capable of certifying the person who has signed the data message as well as the approval of such person to the content of the signed data message.
An electronic signature can be authenticated by an organization that provides an electronic signature certification service.
2. Conditions to ensure security for digital signatures in Vietnam
The digital signatures are considered as secured electronic signatures if they meet the conditions specified in Article 9 of Decree 130/2018/ND-CP, specifically as follows:
- The digital signatures are created during the valid period of digital certificates and inspected by the public key recorded on such valid digital certificates.
- The digital signatures are created by using the private key corresponding to public key recorded on digital certificates granted by one of the following authorities:
+ Root Certification Authority;
+ Specialized certification authorities of the Government;
+ Public certification authorities;
- Specialized certification authorities of agencies and organizations issued with certificates of eligibility for special-use digital signature security as prescribed in Article 40 of Decree 130/2018/ND-CP.
- Private Key is only under the control of the signer at the time of signing.
3. Legal validity of e-signatures in Vietnam
Specifically, in Article 24 of the Law on E-Transactions 2005, the legal validity of e-signatures in Vietnam is specified as follows:
- Where the law requires a document to be signed, such requirement with respect to a data message shall be considered having been met if an e-signature used for signing such data message satisfies the following conditions:
+ The method of creating the e-signature permits of identifying the signatory and indicating his/her approval of the contents of the data message;
+ Such method is sufficiently reliable and appropriate to the purpose for which the data message was originated and sent.
- Where the law requires a document to be stamped with seal of the concerned agency or organization, such requirement with respect to a data message shall be considered having been met if the data message has an e-signature of the agency or organization that satisfies the conditions and the e-signature is certified.
4. Principles of using e-signatures in Vietnam
Principles of using e-signatures specified in Article 23 of the Law on E-Transactions 2005, including:
- Unless otherwise provided for by law, the parties to a transaction have rights to reach agreement:
+ To use or not to use e-signatures to sign data message in the transaction process;
+ To use or not to use the certified e-signature;
+ To select an e-signature certification service-providing organization in cases where there is an agreement on the use of the certified e-signature.
- E-signatures of state agencies must certified by e-signature certification service providing organizations defined by competent state agencies.
5. Obligations of the signatory of an e-signature in Vietnam
5.1. Obligations of the person signing the e-signature in Vietnam
A signatory of an e-signature or his/her legal representative is the person who controls the electronic signing program and uses such equipment to certify his/her will regarding the signed data message.
According to Clause 2, Article 25 of the Law on E-Transactions 2005, a signatory of an e-signature shall have the following obligations:
- To take measures to avoid unauthorized use of his/her e-signature-creating data;
- To promptly use appropriate means to notify parties that accept the e-signature and the e-signature certification service-providing organization in case the e-signature is certified, when discovering that the e-signature may no longer be under his/her control;
- To apply necessary measures to ensure the accuracy and integrity of information included in the e-certificate in case such certificate is used to certify the e-signature.
A signatory shall take responsibility before law for all consequences of his/her failure to comply with the above provisions.
5.2. Obligations of the party accepting the e-signature in Vietnam
A party accepting e-signatures is the one that has implemented the contents in the received data messages based on the reliability of such e-signatures and e-certificates of the sender.
A party accepting e-signatures shall have the following obligations:
- To take necessary measures to verify the reliability of an e-signature before accepting it;
- To take necessary measures to verify legal validity of an e-certificate and limitations with respect to the e-certificate in case such e-certificate is used to certify an e-signature.
The party accepting e-signatures shall take responsibility before law for consequences of non-compliance with the regulations specified above.
(Clause 2, Article 26 of the Law on E-Transactions 2005)
Thanh Rin