Experts were invited to share international
experiences/best practices in ongoing dialogue as the Government
works to finalize Draft Cybersecurity Sanctions
Decree.
The Vietnamese Ministry of Public Security (MPS) hosted
"Workshop on International Experiences in the Field of
Cybersecurity Administrative Sanctions" on 25 November 2022 in
Hanoi. The Workshop featured presentations by experts from the
public and private sectors that shared experiences on the
implementation of administrative violations and penalties in
cybersecurity.
The Draft Decree on Sanctions Against Administrative
Violations in Cybersecurity (Draft Cybersecurity
Administrative Sanctions Decree), which was released on 20
September 2021 and underwent public consultation, remains pending
and some provisions (e.g., data localization/local office
requirements) in the Law on Cybersecurity and its implementing
Decree 53 have not yet been enforced. Also, the Draft Personal Data
Protection Decree, which also sits under the Law on Cybersecurity,
is still under government review. As such, this Workshop gave
diplomatic missions, business organizations, IT and cybersecurity
experts a valuable opportunity to share international best
practices and advocate before the relevant authorities and
drafting/editing team of the Draft Cybersecurity Administrative
Sanctions Decree.
Speakers included the U.S. Department of Justice, EuroCham
Vietnam, Japanese Chamber of Commerce and Industry in Vietnam,
Samsung Electronics Vietnam, Asia Internet Coalition, and the
Vietnam Business Forum. They shared perspectives from the US, EU,
Japan, South Korea, and Southeast Asia. Recommendations made for
building policy/legislation highlighted the importance of
regulations consistent with international standards but also
reflecting local sensitivities. The private sector offered specific
comments on the need for regulations that have actual deterrent
effects, incentivizing voluntary compliance, provide for an appeal
mechanism, are consistent with existing legal instruments, and can
be objectively enforced. Requests for further guidance on
unclarities in the Law on Cybersecurity and Draft Cybersecurity
Administrative Sanctions Decree (see here and here for details) and implementation roadmaps
were also made throughout the Workshop. In response, the MPS said
it would carefully review what had been shared at the Workshop as
it works to finalize the Draft Cybersecurity Administrative
Sanctions Decree.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Gloss