Hanoi, Vietnam: Conditions and Procedures for Connecting to the Electronic Identification and Authentication System

Conditions and Procedures for Connecting to the Electronic Identification and Authentication System in Vietnam (Internet image)

1. Conditions and Procedures for Connecting to the Electronic Identification and Authentication System in Vietnam

Conditions and procedures for connecting to the electronic identification and authentication system according to Article 18 of Decree 69/2024/ND-CP are as follows:

- State agencies, political organizations, socio-political organizations, public service providers who want for connecting their managed information systems to the electronic identification and authentication system must ensure their managed information systems meet the minimum Level 3 information security requirements as prescribed by law on information security at each level.

- The connection and information sharing as stipulated in Clause 1, Article 18 of Decree 69/2024/ND-CP is carried out based on a written agreement between the electronic identification and authentication management agency and the agency, organization managing the database or information system needing the connection, in which the scope and purpose of the connection are clearly stated.

- Within no more than 30 days from the date of the written agreement stipulated in Clause 3, Article 18 of Decree 69/2024/ND-CP, the electronic identification and authentication management agency shall appraise and inspect the databases or information systems of the agencies or organizations requesting the connection. If the database or information system of the agencies or organizations has previously connected to the National Population Database, the review and permission period for connection shall not exceed 7 working days.

In case of agreement to permit connection, the electronic identification and authentication management agency must notify the agency or organization in writing and proceed to implement the connection according to the agreed document. If not agreed to permit connection, there must be a written response stating the reasons.

- Agencies and organizations not stipulated in Clause 1, Article 18 of Decree 69/2024/ND-CP connect to the electronic identification and authentication system through electronic authentication service providers.

- Electronic authentication service providers connecting to the electronic identification and authentication system to provide authentication services do not need to follow the procedures stipulated in Article 18 of Decree 69/2024/ND-CP.

2. General Regulations on Electronic Authentication in Vietnam

General regulations on electronic authentication according to Article 19 of Decree 69/2024/ND-CP are as follows:

- Electronic authentication for electronic identities and electronic identifiers is carried out through the electronic identification and authentication system, and the electronic identification and authentication platform as prescribed by Decree 69/2024/ND-CP.

- State agencies, political organizations, socio-political organizations, and public service providers are required to perform electronic authentication through the connection and information sharing with the electronic identification and authentication system, or through connecting and sharing information with national or specialized databases containing the information that needs to be authenticated electronically.

- Organizations and individuals not stipulated in Clause 2, Article 19 of Decree 69/2024/ND-CP are required to perform electronic authentication through the services of electronic authentication service providers; the electronic authentication for electronic identities and electronic identifiers as required by the organizations or individuals stipulated in this Clause must be approved by the owner of the electronic identity through confirmation on the National Identification Application, SMS via the primary phone number, or other confirmation forms as prescribed.

- Organizations and individuals are not allowed to provide or share electronic authentication results with other organizations or individuals, except for cases where the personal data protection laws provide otherwise; electronic authentication results do not have valid value to become authentication factors in other transactions.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE