Decree 59/2022/ND-CP on electronic identification and authentication

  • Summary
  • Content
  • Status
  • Vietnamese
  • Download
Save

Please log in to use this function

Send link to email

Please log in to use this function

Error message
Font size:

ATTRIBUTE

Decree No. 59/2022/ND-CP dated September 05, 2022 of the Government on electronic identification and authentication
Issuing body: GovernmentEffective date:
Known

Please log in to a subscriber account to use this function.

Don’t have an account? Register here

Official number:59/2022/ND-CPSigner:Pham Minh Chinh
Type:DecreeExpiry date:Updating
Issuing date:05/09/2022Effect status:
Known

Please log in to a subscriber account to use this function.

Don’t have an account? Register here

Fields:Justice , Information - Communications

SUMMARY

Electronic identification accounts shall be granted free of charge for Vietnamese citizens

On September 05, 2022, the Government issues the Decree No. 59/2022/ND-CP on electronic identification and authentication.

Specifically, from the date of receiving a complete and valid dossier as prescribed, the public security agency shall grant an electronic identification account within the following time limits:

  • Firstly, for Vietnamese citizens who have been granted with a chip-based citizen’s identity card: Not exceeding 1 working day for the grant of level-1 electronic identification accounts, not exceeding 3 working days for the grant of level-2 electronic identification accounts. 
  • Secondly, for Vietnamese citizens who have not yet been granted with a chip-based citizen’s identity card: Not exceeding 7 working days, etc.

Besides, electronic identity owners that are Vietnamese agencies, organizations or citizens are not required to pay expenses for registration for the grant of electronic identification accounts and expenses for the use of electronic identification accounts created by the electronic identification and authentication system. Organizations and individuals using electronic authentication services shall pay expenses for organizations providing electronic authentication services in accordance with law.

Noticeably, accounts created by the National Public Service Portal and information system for handling administrative procedures at ministerial and provincial levels shall be used to carry out administrative procedures and public administrative services in the electronic environment until July 01, 2024.

This Decree takes effect from October 20, 2022.

For more details, click here.
Download files here.
LuatVietnam.vn is the SOLE distributor of English translations of Official Gazette published by the Vietnam News Agency
Effect status: Known

THE GOVERNMENT

________

No. 59/2022/ND-CP

THE SOCIALIST REPUBLIC OF VIETNAM

Independence - Freedom - Happiness

________________________

Hanoi, September 05, 2022

DECREE

On electronic identification and authentication

________

 

Pursuant to the Law on Organization of the Government dated June 19, 2015; the Law Amending and Supplementing a Number of Articles of the Law on Organization of the Government and the Law on Organization of Local Administration dated November 22, 2019;

Pursuant to the Law on Investment dated June 17, 2020;

Pursuant to the Law on E-Transactions dated November 29, 2005;

Pursuant to the Law on Information Technology dated June 29, 2006;

Pursuant to the Law on Citizen Identification dated November 20, 2014;

Pursuant to the Law on Cyberinformation Security dated November 19, 2015;

Pursuant to the Law on Cyber Security dated June 12, 2018;

At the proposal of the Minister of Public Security;

The Government hereby promulgates the Decree on electronic identification and authentication.

 

Chapter I

GENERAL PROVISIONS

 

Article 1. Scope of regulation

This Decree provides regulations on electronic identity, electronic identification and authentication; electronic identification service; rights and obligations of electronic authentication service users; responsibilities of concerned agencies, organizations and individuals.

Article 2. Subjects of application

This Decree applies to Vietnamese agencies, organizations and individuals; foreign organizations and individuals residing and operating in the territory of Vietnam, that are involved in electronic identification and authentication.

Article 3. Interpretation of terms

In this Decree, the terms below are construed as follows:

1. “Electronic identity” means information of an individual or organization in the electronic identification and authentication system that enables the identification of a single person or organization in the electronic environment.

2. “Electronic identity owner” means an identified person or organization that is attached to an electronic identity.

3. “Electronic identification” means activities of registering, comparing, creating and attaching electronic identities to electronic identity owners.

4. “Agency managing electronic identification and authentication” is the Police Department for Administrative Management of Social Order.

5. “Electronic identification and authentication system” means a system developed and managed by the Ministry of Public Security to register, create and manage electronic identification accounts and carry out electronic authentication.

6. “Electronic identification account” means a collection including log-in name, password or other authentication methods created by the agency managing electronic identification and authentication.

7. “Information synchronized in an electronic identification account” means information of an electronic identity owner which is presented in papers and documents granted by Vietnamese competent agencies and certified through the national database and specialized databases to synchronize in the electronic identification account at the request of the electronic identity owner; including information about health insurance card, motor vehicle registration certificate, driver license, tax identification number or other papers under the management of ministries and ministerial-level agencies as agreed with the Ministry of Public Security.

8. “Electronic authentication” means activities of verifying and confirming information attached to electronic identity owners through the exploitation and comparison of the information of the electronic identity owners in the National Population Database, Citizen Identity Database, National Immigration Database, other databases and the electronic identification and authentication system; or activities of authenticating electronic identification accounts created by the electronic identification and authentication system through organizations providing electronic authentication services to confirm the use value of the electronic identification accounts.

9. “Authentication factor” means information that an electronic identity owner uses or owns.

10. “Authentication means” mean the following factors: Passwords; secret codes; 2-D barcodes; terminal devices, single-use code devices or software; cryptographic device or software, citizen’s identity cards, passports, portrait photos and fingerprints used for electronic authentication purposes.

11. “Organization providing electronic authentication services” means a public non-business unit or enterprise in the People’s Public Security that meets the conditions for providing electronic authentication services as prescribed in this Decree.

12. “VNelD” is an application on digital devices; “dinhdanhdientu.gov.vn” and “vneid.gov.vn” are electronic identification information websites created and developed by the Ministry of Public Security to serve activities of electronic identification and electronic authentication in handling administrative procedures, public administrative services and other transactions in the electronic environment; develop applications to serve agencies, organizations and individuals.

13. “Identification number of a foreigner” means a unique sequence of natural numbers established by the electronic identification and authentication system to manage the electronic identity of a foreign person.

14. “Electronic identification code of an organization” is identified by its tax identification number; in case the organization does not have a tax identification number, the electronic identification and authentication system shall establish a unique sequence of natural numbers to manage the electronic identity of such organization.

15. “Electronic identification and authentication platform” means an information system organized, built, operated and managed by the Ministry of Public Security to serve the exchange of information between the electronic identification and authentication system and the information system of state agencies, political organizations, socio-political organizations and organizations and individuals.

Article 4. Principles of electronic identification and authentication

1. Compliance with the Constitution and law; guarantee of the lawful rights and interests of agencies, organizations and individuals.

2. Assurance of the accuracy and uniqueness in electronic identification and authentication; publicity and transparency in management and convenience for agencies, organizations and individuals.

3. Assurance of security, safety of equipment, confidentiality of data when performing electronic identification and authentication.

4. Agencies, organizations and individuals that are allowed to exploit and use electronic identities must keep their electronic identification account information confidential and comply with the provisions of the law on protection of personal data.

5. All acts of violating the law on electronic identification and authentication shall be detected and handled in a timely manner in accordance with law provisions.

6. Compliance with treaties to which Vietnam is a contracting party.

Article 5. Exploitation of information in the electronic identification and authentication system

1. Information systems of state agencies, political organizations, socio-political organizations, and organizations providing public services shall connect to the electronic identification and authentication system to exploit information of electronic identity owners to serve the handling of administrative procedures, public administrative services in the electronic environment and other state management activities according to the functions and tasks assigned through the electronic identification and authentication platform.

2. State agencies, political organizations, socio-political organizations, and organizations providing public services shall exploit information in the electronic identification and authentication system via VNelD, electronic identification websites, chip-based citizen’s identity cards, using devices or software that meet technical requirements guided by the Minister of Public Security.

3. Electronic identity owners may exploit and share electronic identity information (except biometric information) and other information that has been integrated into the electronic identification account in the identification and authentication system with other individuals and organizations via VNelD.

Article 6. Terms of use of electronic identification accounts

Electronic identity owners using electronic identification accounts must comply with the following regulations:

1. Not to use electronic identification accounts for activities or transactions contrary to the law provisions; not to infringe national security or defense, national interests, public interests, and lawful rights and interests of organizations and individuals.

2. Not to illegally interfere with the operation of the electronic identification and authentication system.

 

Chapter II

ELECTRONIC IDENTITY AND ELECTRONIC IDENTIFICATION

Section 1

ELECTRONIC IDENTITY

 

Article 7. Electronic identities of Vietnamese citizens

The electronic identity of a Vietnamese citizen covers:

1. Personal information:

a) Personal identification number;

b) Full name;

c) Date of birth;

d) Gender.

2. Biometric information:

a) Portrait photo;

b) Fingerprint.

Article 8. Electronic identities of foreigners

The electronic identity of a foreigner covers:

1. Personal information:

a) Identification number of a foreigner;

b) Full name;

c) Date of birth;

d) Gender;

dd) Citizenship;

e) Number, symbol, date of issuance, type of document and place of issuance of passport or international travel document.

2. Biometric information:

a) Portrait photo;

b) Fingerprint.

Article 9. Electronic identity of organizations

The electronic identity of an organization covers:

1. Identification code of the organization.

2. The name of the organization includes the Vietnamese name, abbreviated name (if any) and a foreign language name (if any).

3. Date of establishment.

4. Address of head office.

5. Personal identification number or identification number of a foreigner; full name of the at-law representative or head of the organization.

Article 10. Updating electronic identity information

1. If there is a change in electronic identity information of an individual in the National Population Database, Electronic Civil Status Database, Citizen Identity Database and National Immigration Database, such change shall be automatically updated to his/her electronic identification account in the electronic identification and authentication system.

2. If there is a change in electronic identity information of an organization in the National Business Registration Database, national databases, or other specialized databases, such change shall be automatically updated to its electronic identification account in the electronic identification and authentication system.

 

Section 2

ELECTRONIC IDENTIFICATION

 

Article 11. Subjects of grant of electronic identification accounts

1. Vietnamese citizens aged 14 years or older. For Vietnamese citizens who are under 14 years old or are under guardianship, the registration shall be made via electronic identification accounts of their fathers, mothers or guardians.

2. Foreigners aged 14 and older entering Vietnam. For foreigners who are under 14 years old or are under guardianship, the registration shall be made via electronic identification accounts of their fathers, mothers or guardians.

3. Agencies and organizations established or registered to operate in Vietnam.

Article 12. Classification of levels of electronic identification accounts

1. Level-1 electronic identification account of a Vietnamese citizen shall cover the information specified in Clause 1 and Point a Clause 2 Article 7 of this Decree. Level-1 electronic identification account of a foreigner shall cover the information specified in Clause 1 and Point a Clause 2 Article 8 of this Decree.

2. Level-2 electronic identification account of an individual shall cover the information specified in Article 7 or Article 8 of this Decree.

3. The electronic identification account of an organization that covers the information specified in Article 9 of this Decree is level-2 identification account.

Article 13. Use of electronic identification accounts

1. Electronic identity owners may use electronic identification accounts to log in and use the features and utilities on the VNelD and electronic identity websites.

2. Electronic identification accounts created by the electronic identification and authentication system shall be used to carry out administrative procedures, public administrative services in the electronic environment and other activities according to the needs of electronic identity owners.

3. Agencies, organizations and individuals may create accounts to serve their activities and shall take responsibility for authenticating and ensuring the accuracy of the accounts, deciding the level and use value of each account level. Information for creation of accounts shall be provided or agreed upon by account owners for agencies, organizations and individuals to use for creation of accounts.

4. The use of a level-1 electronic identification account created by the electronic identification and authentication system for a Vietnamese electronic identity owner is as valid to prove the information of such person as specified in Clause 1 Article 7 of this Decree. For a foreign owner, such use is as valid to prove the information of the person as specified in Clause 1 Article 8 of this Decree in activities and transactions requiring the provision of personal information of electronic identity owners.

5. The use of a level-2 electronic identification account created by the electronic identification and authentication system for a Vietnamese electronic identity owner is as valid as the use of a citizen’s identity card in performing transactions requiring the presentation of citizen’s identity cards. Such use is as valid to provide information in the citizen's documents that have been synchronized into his/her electronic identification account for comparison by competent agencies and organizations when carrying out transactions requiring the presentation of these documents.

6. The use of a level-2 electronic identification account created by the electronic identification and authentication system for a foreign electronic identity owner is as valid as the use of his/her passport or valid international travel documents in carrying out transactions requiring the presentation of passports or valid international travel documents. Such use is as valid to information in documents of the foreigner that have been synchronized into his/her electronic identification account for comparison by competent agencies and organizations when carrying out transactions requiring the presentation of these documents.

7. The use of an electronic identification account created by the electronic identification and authentication system for an electronic identity owner that is an organization shall be performed by the at-law representative or assigned to an authorized person to use. The use of an electronic identification account of an organization is as valid to prove the electronic identity of the organization when carrying out transactions requiring proof of information about such organization. Such use is as valid to provide information in its documents ư that have been synchronized into its electronic identification account for comparison by competent agencies and organizations when carrying out transactions requiring the presentation of these documents.

8. When an electronic identity owner uses a level-2 electronic identification account in electronic activities or transactions, such account shall be as valid as the presentation of papers and documents to prove the information has been integrated into the electronic identification account.

 

Chapter III

ELECTRONIC IDENTIFICATION ACCOUNTS AND ELECTRONIC AUTHENTICATION

 

Article 14. Order and procedures for registration of electronic identification accounts for Vietnamese citizens

1. Registration for level-1 electronic identification accounts via VNelD for citizens who already have chip-based citizen’s identity cards

a) Citizens shall use mobile devices to download and install VNelD.

b) Citizens shall use VNelD to enter information about personal identification numbers and phone numbers or email addresses; provide information according to instructions on VNelD; take portrait photos by mobile devices and send requests for electronic identification accounts to the agency managing electronic identification and authentication via VNelD.

c) The agency managing electronic identification and authentication shall notify the result of registration via VNelD or SMS or email.

2. Registration for level-2 electronic identification accounts

a) For citizens who have been granted with chip-based citizen’s identity cards:

Citizens shall carry out procedures for grant of electronic identity accounts at the public security agencies of the communes, wards or townships or the places where the procedures for grant of citizen’s identity cards are carried out.  Citizens shall present chip-based citizen’s identity cards, provide information about phone numbers or email addresses and request additional information to be integrated into electronic identity accounts.

Officers shall receive and input the information provided by citizens into the electronic identification and authentication system; take portrait photos and fingerprints of citizens who come to carry out procedures to authenticate with the Citizen Identity Database and confirm consent to register for the creation of electronic identity accounts.

The agency managing electronic identification and authentication shall notify the result of registration via VNelD or SMS or email.

b) Public security agencies shall grant level-2 electronic identification accounts together with the grant of citizen’s identity cards in case citizens have not yet been granted chip-based citizen’s identity cards.

Article 15. Order and procedures for registration of electronic identification accounts for foreigners

1. Registration for level-1 electronic identification accounts

a) Foreigners shall use mobile devices to download and install VNelD.

b) Foreigners shall use VNelD to enter information about their passports or valid international travel documents and email addresses or phone numbers (if any); provide information according to instructions on VNelD; take portrait photos by mobile devices and send requests for electronic identification accounts to the agency managing electronic identification and authentication via VNelD.

c) The agency managing electronic identification shall notify the result of registration via VNelD or SMS or email.

2. Registration for level-2 electronic identification accounts

a) At the immigration management agency of the Ministry of Public Security or the provincial-level Public Security Departments, foreigners shall carry out procedures for registration of electronic identity accounts, present passports or international travel documents, provide email addresses or phone numbers (if any) and request additional information to be integrated into electronic identification accounts.

b) Officers shall receive and input the information provided by foreigners into the electronic identification and authentication system; take portrait photos and fingerprints of the foreigners who come to carry out procedures to authenticate with the Citizen Identity Database and confirm consent to register for the creation of electronic identity accounts.

 c) The immigration management agency shall send a request for grant of electronic identification accounts to the agency managing electronic identification and authentication.

d) The agency managing electronic identification and authentication shall notify the result of registration via VNelD or SMS or email.

Article 16. Order and procedures for registration of electronic identification accounts for organizations

1. The at-law representative or the head of the organization (who has a level-2 electronic identification account) shall log in to VNelD for registration of an electronic identification account for the organization; provide the information according to the instructions on the VNelD and send a request for the grant of an electronic identification account to the agency managing electronic identification and authentication via VNelD.

2. The agency managing electronic identification and authentication shall authenticate information about the organization in the National Business Registration Database, national databases and other specialized databases.  If the information about the organization is not included in the National Business Registration Database, the National Database and other specialized databases, the agency managing electronic identification and authentication shall verify the organization information and notify the result of registration of electronic identification account to the person who comes to carry out the procedures via VNelD or SMS or email.

Article 17. Time limits for grant of electronic identification accounts

From the date of receiving a complete and valid dossier as prescribed in this Decree, the public security agency shall grant an electronic identification account within the following time limits:

1. For Vietnamese citizens who have been granted with a chip-based citizen’s identity card: Not exceeding 1 working day for the grant of level-1 electronic identification accounts, not exceeding 3 working days for the grant of level-2 electronic identification accounts.  For Vietnamese citizens who have not yet been granted with a chip-based citizen’s identity card: Not exceeding 7 working days.

2. For foreigners: Not exceeding 1 working day for the grant of level-1 electronic identification accounts; not exceeding 3 working days for the grant of level-2 electronic identification accounts with information on portrait photos and fingerprints in the National Immigration Database; not exceeding 7 working days for the grant of level-2 electronic identification accounts but there is no information on portrait photos and fingerprints in the National Immigration Database.

3. For organizations:

a) Not exceeding 1 working day in case information to be authenticated about an organization is already included in the national database or specialized database.

b) Not exceeding 1 working day in case the information to be authenticated about the organization is not included in the national database or specialized database.

Article 18. Activation of electronic identification accounts

Electronic identity owners shall activate electronic identification accounts on the VNelD within 7 days from the date of receiving the notification of results of the grant of electronic identification accounts.  After 7 days, if electronic identification accounts are not activated, electronic identity owners shall contact the agency managing electronic identification and authentication via the switchboard receiving and handling requests for electronic identification and authentication for the account activation.

Article 19. Locking and unlocking electronic identification accounts

1. Locking citizens’ electronic identification accounts

a) The electronic identification and authentication system shall record and lock electronic identity accounts when the electronic identity owners request the locking of their electronic identification accounts; or when the electronic identity owners violate the terms of use of the VNelD; or when electronic identity owners have their citizen’s identity cards revoked; or when the electronic identity owners die.  The recording shall be done through the electronic identity owners’ declaration on the VNelD or updating of the electronic identity information into the electronic identification and authentication system in accordance with Article 10 of this Decree.

b) When it is so requested by proceeding-conducting agencies, competent agencies or service users, the request for locking identification accounts shall be sent to the public security agency for consideration and handling.

c) Within 2 working days, the head of the public security agency where the request for the locking identification accounts is received shall approve the locking of identification accounts for the cases specified at Point b Clause 1 of this Article and notify the requesters and electronic identity owners.  In case of refusal, a written reply clearly stating the reason for refusal is required.

2. Locking foreigners’ electronic identification accounts

a) The electronic identification and authentication system shall record and lock electronic identity accounts when the electronic identity owners request the locking of their electronic identification accounts; or when the electronic identity owners violate the terms of use of the VNelD; or when their passports’ or international travel documents’ validity period expires; the electronic identity owners’ residence period in Vietnam expires or when the electronic identity owners die. The recording shall be done through the electronic identity owners’ declaration on the VNelD or updating of the electronic identity information into the electronic identification and authentication system in accordance with Article 10 of this Decree.

b) When it is so requested by proceeding-conducting agencies, competent agencies or service users, the request for locking identification accounts shall be sent to the public security agency for consideration and handling.

c) Within 2 working days, the head of the public security agency where the request for the locking identification accounts is received shall approve the locking of identification accounts for the cases specified at Point b Clause 1 of this Article and notify the requesters and electronic identity owners. In case of refusal, a written reply clearly stating the reason for refusal is required.

3. Locking organizations’ electronic identification accounts

a) The electronic identification and authentication system shall record and lock electronic identity accounts when the electronic identity owners request the locking of their electronic identification accounts; or when the electronic identity owners violate the terms of use of the VNelD; or when the organizations dissolve or have their operations suspended in accordance with law provisions. The recording shall be done through the electronic identity owners’ declaration on the VNelD or updating of the electronic identity information into the electronic identification and authentication system in accordance with Article 10 of this Decree.

b) When it is so requested by proceeding-conducting agencies, competent agencies or service users, the request for locking identification accounts shall be sent to the public security agency for consideration and handling.

c) Within 2 working days, the head of the public security agency where the request for the locking identification accounts is received shall approve the locking of identification accounts for the cases specified at Point b Clause 1 of this Article and notify the requesters and electronic identity owners. In case of refusal, a written reply clearly stating the reason for refusal is required.

4. Unlocking electronic identification accounts

a) The electronic identification and authentication system shall unlock electronic identification accounts immediately when there is no ground for automatically locking electronic identification accounts;

b) When it is so requested by proceeding-conducting agencies, competent agencies or service users, the request for unlocking identification accounts shall be sent to the public security agency for consideration and handling.

c) Within 2 working days, the head of the public security agency where the request for the unlocking identification accounts is received shall approve the unlocking of identification accounts for the cases specified at Point b Clause 2 of this Article and notify the requesters and electronic identity owners. In case of refusal, a written reply clearly stating the reason for refusal is required.

5. Methods of request for locking and unlocking electronic identification accounts

a) Electronic identity owners shall follow the instructions on the VNelD to request the locking of the electronic identification accounts;

b) Electronic identity owners shall contact the switchboard receiving and handling requests for electronic identification and authentication, and provide information about electronic identification account owners to request to lock and unlock electronic identification accounts;

c) Electronic identity owners shall contact the agency managing electronic identification and authentication, and provide information authenticating the electronic identification account owners to request to lock and unlock electronic identification accounts.

6. Locking and unlocking electronic identification accounts at the request of proceeding-conducting agencies and competent agencies

Proceeding-conducting agencies and competent agencies shall send a written request to the agency managing electronic identification and authentication at the same level for locking or unlocking electronic identification accounts, clearly stating the reason and duration of the lock.

Article 20. Competence to grant electronic identification accounts, decide on locking and unlocking electronic identification accounts

1. The Director of the Police Department for Administrative Management of Social Order under the Ministry of Public Security is competent to grant electronic identification accounts, decide on locking and unlocking electronic identification accounts on the electronic identification and authentication system and request to lock or unlock electronic identification accounts of departmental agencies or agencies of equivalent or higher levels.

2. The head of the Police Department for Administrative Management of Social Order under the Public Security of provinces and centrally-run cities shall decide on locking and unlocking electronic identification accounts for the request received at the provincial Public Security Department.

3. The head of the district-level Public Security Department shall decide on locking and unlocking electronic identification accounts for the request received at the district-level Public Security Department.

4. The head of the commune-level Public Security Department shall decide on locking and unlocking electronic identification accounts for the request received at the commune-level Public Security Department.

Article 21. Archive of information in the electronic identification and authentication system

1. Information about electronic identification accounts shall be permanently archived in the electronic identification and authentication system.

2. Historical information on the use of electronic identification accounts shall be archived in the electronic identification and authentication system for a period of 5 years after starting using accounts.

Article 22. Connection and use of electronic identification accounts created by the electronic identification and authentication system

1. Conditions of organizations and individuals connecting to the electronic identification and authentication system:

a) Having infrastructure and information system for connection;

a) Having an information system for connection ensuring the safety according to the criteria for information systems of level 3 or higher as prescribed by law.

2. Order, procedures and dossiers of request for connection:

a) Individuals and organizations wishing to connect to the electronic identification and authentication system shall send a written request for connection to the agency managing electronic identification and authentication, clearly stating the scope and purpose of the connection and papers and documents proving that they meet the requirements for connection as prescribed in Clause 1 of this Article.

b) Based on the connection requirements specified in Clause 1 of this Article and the connection scope and purpose of individuals or organizations requesting the connection, the agency managing electronic identification and authentication shall organize the appraisal, physical inspection and decide on permitting to perform the connection.

c) Within 30 days from the date of receiving the request for connection, the agency managing electronic identification and authentication shall consider and decide in writing to allow the connection to be performed. In case of refusal, it shall issue a written reply clearly stating the reason.

3. Performing the connection:

a) Organizations providing electronic authentication services shall perform the connection through service provision contracts signed with the individuals or organizations that are approved (in writing) by the agency managing electronic identification and authentication to connect their information systems to the electronic identification and authentication system.

b) Organizations providing electronic authentication services shall suspend the connection in case individuals or organizations violate the terms of use under the service contracts. Organizations providing electronic authentication services shall report to the agency managing electronic identification and authentication on the suspension of the connection for the latter to notify individuals or organizations.

Article 23. Electronic authentication

1. Specialized database management agencies, state agencies, political organizations, socio-political organizations or organizations performing public services may authenticate the information of electronic identity owners through agencies managing national database, specialized database, the electronic identification and authentication system; and authenticate electronic identification accounts through the electronic identification and authentication system.

2. Individuals and organizations other than those specified in Clause 1 of this Article may authenticate their electronic identification accounts created by the electronic identification and authentication system through organizations providing electronic authentication services to authenticate that such accounts are created by the electronic identification and authentication system and still valid for use when carrying out administrative procedures, public administrative services and other transactions in the electronic environment. Organizations providing electronic authentication services shall not authenticate the information on identity owners and other information of electronic identification account owners, except for necessary cases decided by the Minister of Public Security.

The authentication of electronic identification accounts at the request of individuals or organizations other than those specified in Clause 1 of this Article shall be performed according to agreements by service provision contracts with organizations providing electronic authentication services. The authentication of electronic identification accounts must obtain the consent of electronic identity owners.

3. Ministers of ministries, ministerial-level agencies, People's Committees of provinces and centrally-run cities managing national databases and specialized databases shall take responsibility for guiding the authentication of electronic identity owners’ information in the database under their management.

Article 24. Authentication levels of electronic identification accounts

1. Level 1: Authentication of electronic identification accounts shall be carried out based on one authentication factor specified in Clause 9 Article 3 and authentication devices specified in Clause 10 Article 3 of this Decree in which there is no biometric information.

2. Level 2: Authentication of electronic identification accounts shall be carried out based on two different authentication factors specified in Clause 9 Article 3 other and corresponding authentication devices specified in Clause 10 Article 3 of this Decree in which there is no biometric information.

3. Level 3: Authentication of electronic identification accounts shall be carried out based on two different authentication factors specified in Clause 9 Article 3 other and corresponding authentication devices specified in Clause 10 Article 3 of this Decree in which there is biometric information.

4. Level 4: Authentication of electronic identification accounts shall be carried out based on authentication factors, including portrait photos and fingerprints and information shown on the citizens’ identity cards or Citizen Identity Database and National Immigration Database.

Article 25. Electronic authentication methods in conducting transactions via the electronic identification and authentication system

1. The electronic authentication for online transactions shall be carried out by appropriate authentication means with safety levels at the requests of the organizations providing such online services.

2. The authentication of account information at the place where the transaction is conducted shall be carried out by the authentication solutions provided in VNeED.

 

Chapter IV
ELECTRONIC AUTHENTICATION

 

Article 26. Electronic authentication service

1. Electronic authentication service is considered a conditional business line.

2. Electronic authentication service providers must meet conditions specified in Article 27 of this Decree and be granted a certificate of eligibility for electronic authentication service provision by the Ministry of Public Security.

3. Agencies, organizations and individuals that create identification accounts under Clause 3 Article 13 of this Decree are not required to follow Articles 27, 28, 29 and 30 of this Decree.

Article 27. Conditions of electronic authentication service provision

1. Conditions for organizations and enterprises

Public non-business units and enterprises in public security forces.

2. Condition of human resources

a) Heads of organizations, at-law representatives of enterprises must be Vietnamese citizens who are permanently residing in Vietnam.

b) Organizations and enterprises must employ employees with a bachelor's degree or higher specializing in information security or information technology or electronic telecommunications to be in charge of providing services, and administering, operating the system and ensuring information security for the system.

3. Conditions in terms of technique, process of service provision management and plans for security and order assurance

Organizations and enterprises requesting the grant of certificates must have a Scheme for service provision, including the following documents:

a) Plans and processes for providing electronic authentication service, including an explanation for the information technology system; explanation for technical plans regarding technological solutions; plans for archiving and ensuring the data integrity, information security of the service provision system; plans for protecting data of organizations and individuals; plans for ensuring security and order; plans for firefighting and natural disaster prevention, and ensuring the stable and non-interruption operation of electronic authentication service;

b) Documents introducing owned machinery and equipment existing in Vietnam in accordance with requirements of the law on fire and explosion prevention and fighting; which are capable to resistant to flood, earthquake, electromagnetic interference and illegal invention by human.

Article 28. Dossiers, order and procedures for granting certificates of eligibility for electronic authentication service provision

1. A dossier must comprise:

a) A declaration for grant of a certificate of eligibility for electronic authentication service provision, made according to From XT01 provided in the Appendix to this Decree;

b) Scheme and description documents as prescribed in Clause 3 Article 27 of this Decree.

2. Order, time limits and methods for grant of certificates:

a) An organization or enterprise shall submit one set of dossiers of request for grant of certificates as prescribed in Clause 1 of this Article directly or by post to the Ministry of Public Security or through the National Public Service Portal or the Ministry of Public Security’s public service portal;

b) In case the dossier is incomplete or invalid according to Clause 1 of this Article, within 3 working days, the Ministry of Public Security shall issue a written notice to such organization or enterprise for supplement;

c) Within 3 working days after receiving a complete and valid dossier, the Ministry of Public Security shall consult concerned ministries and ministerial-level agencies; within 10 days after receiving the Ministry of Public Security's document, ministries and ministerial-level agencies shall issue a written reply;

d) Within 30 days after receiving a complete and valid dossier, the Ministry of Public Security shall conduct the appraisal and physical inspection at such organization or enterprise, and grant a certificate of eligibility for electronic authentication service provision according to Form XT03 provided in the Appendix to this Decree to the qualified organization or enterprise. In case of refusal, it shall issue a written notice clearly stating the reason.

Article 29. Re-grant and modification of certificates of eligibility for electronic authentication service provision

1. Contents of a certificate of eligibility for electronic authentication service provision shall be modified in case the organization or enterprise changes the information about the at-law representative, head office address, trade name, plans or process already appraised by the Ministry of Public Security under Clause 3 Article 27 of this Decree.

An organization or enterprise shall submit one set of dossiers for modification of contents of the certificate of eligibility for electronic authentication service provision to the Ministry of Public Security as prescribed at Point a Clause 2 Article 28 of this Decree.  A dossier of request for modification of the certificate contents must comprise: A declaration for grant of a certificate of eligibility for electronic authentication service provision, made according to From XT02 provided in the Appendix to this Decree, documents proving modified contents in information.

a) In case an organization or enterprise changes the information about the at-law representative, head office address, or trade name, within 10 days from the date of receiving the valid dossier, the Ministry of Public Security shall appraise and grant a certificate of eligibility for electronic authentication service provision to the qualified organization or enterprise. In case of refusal, it shall issue a written reply clearly stating the reason;

b) In case an organization or enterprise changes the information about plans or process of providing electronic authentication services, within 30 days from the date of receiving a valid dossier, the Ministry of Public Security shall appraise, collect opinions from relevant ministries and ministerial-level agencies, conduct physical inspection and grant the certificate of eligibility for electronic authentication service provision to the qualified organization or enterprise. In case of refusal, it shall issue a written reply clearly stating the reason.

2. Re-grant of a certificate of eligibility for electronic authentication service provision in case of loss or damage:

a) An organization or enterprise shall submit one set of dossiers for re-grant of the certificate of eligibility for electronic authentication service provision to the Ministry of Public Security as prescribed at Point a Clause 2 Article 28 of this Decree. Such dossier must comprise: A declaration for re-grant of a certificate of eligibility for electronic authentication service provision, made according to From XT02 provided in the Appendix to this Decree;

b) Within 3 working days from the date of receiving the declaration, the Ministry of Public Security shall consider and re-grant the certificate of eligibility for electronic authentication service provision to an organization providing electronic authentication service. In case of refusal, it shall issue a written reply clearly stating the reason.

Article 30. Revocation of certificates of eligibility for electronic authentication service provision

1. An organization providing electronic authentication service shall have its certificate revoked in the following cases:

a) An organization or enterprise fails to operate for 6 consecutive months or more;

b) It is dissolved or falls bankrupt in accordance with law;

c) It fails to continue providing service;

d) It violates the law on protection of personal data, information security, and cyber security.

2. The Ministry of Public Security shall issue a decision on revocation of the certificate of eligibility for electronic authentication service provision according to Form XT04 provided in the Appendix to this Decree.

3. An organization providing electronic authentication service that has its certificate revoked shall take responsibility for ensuring the lawful rights and interests of electronic identity owners and related parties in accordance with law.

Article 31. Expenses for grant and use of electronic identification accounts and use of electronic authentication services

1. Electronic identity owners that are Vietnamese agencies, organizations or citizens are not required to pay expenses for registration for the grant of electronic identification accounts and expenses for the use of electronic identification accounts created by the electronic identification and authentication system.

2. Organizations and individuals using electronic authentication services shall pay expenses for organizations providing electronic authentication services in accordance with law.

 

Chapter V

RESPONSIBILITIES OF AGENCIES, ORGANIZATIONS AND INDIVIDUALS

 

Article 32. Responsibilities of electronic identity owners

1. Protecting electronic identity information.

2. Ensuring the safety for authentication factors.

3. Immediately notifying organizations providing electronic authentication services when losing control of the authentication means or detecting that there is an unauthorized user of their electronic identity or other reasons that may cause unsafety to the use of services.

Article 33. Responsibilities of service users

1. Complying with technical regulations on electronic identification and authentication.

2. Managing and securing electronic identification account information, ensuring safe use of electronic identification accounts.

3. Taking responsibility for transactions that have been conducted and concerned parties’ regulations relating to electronic transactions.

Article 34. Responsibilities of organizations providing electronic authentication services and agencies, organizations and individuals that self-create accounts

1. Responsibilities of organizations providing electronic authentication services

a) Providing electronic authentication services for organizations and individuals based on the service provision contracts;

b) Ensuring the 24/7 operation and use of channels for receiving information and service;

c) Complying with the law on cyberinformation security, cyber security, electronic transactions, technical regulations and standards on electronic authentication;

d) Complying with plans and procedures for provision of electronic authentication services that have been appraised by the Ministry of Public Security;

dd) Sending biannual and annual reports on electronic authentication activities to the agency managing electronic identification and authentication, or at the request of the agency managing electronic identification and authentication.

2. Responsibilities of agencies, organizations and individuals that self-create accounts to serve their operations:

a) Taking responsibility for the accuracy of their self-created accounts;

b) Protecting personal information collected and managed in accordance with law provisions;

c) Obtaining the consent of data owners in all activities relating to the management, exploitation and use of data;

d) Deleting the collected and managed data at the data owners’ request, unless otherwise prescribed by law;

dd) Sending reports on identification activities for the agency managing electronic identification and authentication upon request.

Article 35. Responsibilities of the Ministry of Public Security

1. Developing, managing, protecting and operating the electronic identification and authentication system; applying electronic identification accounts in state management, administrative reform, natural disaster and epidemic prevention and control.

2. Performing state management in terms of electronic identification and authentication.

3. Promulgating guidance on technical standards, processes and conditions for ensuring the connection with the electronic identification and authentication; electronic authentication procedures of organizations providing electronic authentication services.

4. Assume the prime responsibility for, and coordinate with ministries and ministerial-level agencies in, connecting with the national database and specialized databases in service of electronic identification and authentication.

5. Assume the prime responsibility for, and coordinate with the Ministry of Information and Communications, the Ministry of National Defence, the Ministry of Justice and relevant ministries and ministerial-level agencies in, inspecting and examining electronic identification and authentication activities.

6. Settling complaints and denunciations, providing guidance on registration and management of electronic identification and authentication for agencies, organizations and individuals.

7. Connecting and integrating electronic identification and authentication system to the electronic identification exchange platform of the National Public Service Portal to serve the handling of administrative procedures and provision of online public services in accordance with law provisions.

8. Guiding the application of technical regulations and standards in electronic identification and authentication activities.

9. Assuming the prime responsibility for, and coordinating with the Ministry of Information and Communications, the Ministry of National Defence, and the Government Cipher Committee in, ensuring the safety and confidentiality of information of the electronic identification and authentication system.

10. Assume the prime responsibility for, and coordinate with ministries, ministerial-level agencies and government-attached agencies in, unifying papers, documents and plans for information synchronization into electronic identification accounts.

11. Assuming the prime responsibility for, and coordinating with ministries, ministerial-level agencies, government-attached agencies, the Government Cipher Committee and People’s Committees of provinces and centrally-run cities in, unifying the plans for connection and sharing to use of electronic identities, electronic identification accounts that have been provided and created by the electronic identification and authentication system; ensuring information security and confidentiality.

12. Coordinating with ministries, ministerial-level agencies, government-attached agencies, People's Committees of provinces and centrally-run cities in, verifying and synchronizing data of accounts created and used by the National Public Service Portal, and the information system for settling administrative procedures at ministerial and provincial levels with accounts created by the electronic identification and authentication system.

13. Assuming the prime responsibility for, and coordinating with the Ministry of Justice, the Ministry of Planning and Investment and the Ministry of National Defence in, ensuring the connection, sharing and updating of information in the National Population Database, National Immigration Database, Electronic Civil Status Database, National Enterprise Registration Database to serve the electronic identification and authentication.

14. Ensuring the 24/7 operation of the channel for receiving information and the 24/7 use of the electronic identification and authentication system.

Article 36. Responsibilities of the Ministry of Information and Communications

1. Ensuring the use of electronic identities and electronic identification accounts to carry out administrative procedures and public administrative services within the functions in the electronic environment.

2. Assuming the prime responsibility for, and coordinating with the Ministry of Public Security in, technically connecting and ensuring the connection of the integrated platform, sharing national data with the electronic identification and authentication platform and other relevant systems, ensuring information security and confidentiality.

3. Coordinating with the Ministry of Public Security and the Ministry of National Defence in ensuring the safety and confidentiality of information of the electronic identification and authentication system.

Article 37. Responsibilities of the Ministry of Defence

1. Guiding its affiliated agencies, units, enterprises and individuals to perform electronic identification and authentication in conformity with regulations on protecting state secrets in national defense.

2. Ensuring the use of electronic identities and electronic identification accounts to carry out administrative procedures and public administrative services within the functions and management in the electronic environment.

3. Coordinating with the Ministry of Public Security in unifying the plans for connecting and sharing to use of electronic identities, electronic identification accounts that have been created and provided by the electronic identification and authentication system.

4. Coordinating with the Ministry of Public Security in ensuring information safety and cyber security of the electronic identification and authentication system.

Article 38. Responsibilities of the Government Cipher Committee

1. Guiding the application of technical regulations and standards on civil cryptography and use of the Government’s specialized digital signature certification services in electronic identification and authentication activities.

2. Assuming the prime responsibility for, and coordinating with the Ministry of Public Security in, assessing cryptographic safety for users of electronic authentication services.

3. Coordinating with the Ministry of Public Security to ensure the safety and security of information using cipher cryptographic products for electronic identification and authentication systems, using electronic identities and electronic identification accounts in providing the Government’s specialized digital signature certification services.

Article 39. Responsibilities of other ministries, ministerial-level agencies, government-attached agencies and People's Committees of provinces and centrally-run cities

1. Coordinating with the Ministry of Public Security in connecting the electronic identification and authentication system with the National Public Service Portal and the information system for handling administrative procedures at ministerial and provincial levels to serve the handling of public administrative procedures in the electronic environment. The deadline for completion of connection is June 30, 2024.

2. Ensuring the use of electronic identities and electronic identification accounts to carry out administrative procedures and public administrative services in the electronic environment.

3. Coordinating with the Ministry of Public Security in unifying the plans for connecting and sharing to use of electronic identities, electronic identification accounts that have been created and provided by the electronic identification and authentication system; ensuring information security.

4. Ensuring the stability and non-disruption of national databases and specialized databases in authentication at the request of agencies managing specialized databases, state agencies, political organizations, socio-political organizations and other organizations that are assigned to perform public services.

 

Chapter VI

IMPLEMENTATION PROVISIONS

 

Article 40. Effect

1. This Decree takes effect from October 20, 2022.

2. Accounts created by the National Public Service Portal and information system for handling administrative procedures at ministerial and provincial levels shall be used to carry out administrative procedures and public administrative services in the electronic environment until July 01, 2024.

3. To amend and supplement Clause 1 Article 7 of Decree No. 45/2020/ND-CP dated April 08, 2020, on performance of administrative procedures in the electronic environment as follows:

“1. Organizations and individuals shall carry out administrative procedures in the electronic environment, information system for handling administrative procedures at ministerial and provincial levels via electronic identification accounts created by the electronic identification and authentication system that are connected and integrated into the National Public Service Portal”.

Article 41. Responsibility of implementation

1. The Ministry of Public Security shall guide, inspect and urge the implementation of this Decree.

2. In the course of implementation, the Ministry of Public Security shall coordinate with the Ministry of Information and Communications in, summarizing and handling issues under the state management. In case of necessity, it shall report to the Prime Minister for consideration and decision.

3. Ministers, Heads of the ministerial-level agencies, Heads of government-attached agencies, Chairpersons of People's Committees of provinces and centrally-run cities shall be responsible for the implementation of this Decree.

 

 

ON BEHALF OF THE GOVERNMENT

THE PRIME MINISTER

 

 

 

Pham Minh Chinh

 

* All Appendices are not translated herein.

Please log in to a subscriber account to see the full text. Don’t have an account? Register here
Please log in to a subscriber account to see the full text. Don’t have an account? Register here
Processing, please wait...
LuatVietnam.vn is the SOLE distributor of English translations of Official Gazette published by the Vietnam News Agency

ENGLISH DOCUMENTS

LuatVietnam's translation
Decree 59/2022/NĐ-CP DOC (Word)

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

Decree 59/2022/NĐ-CP PDF

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

* Note: To view documents downloaded from LuatVietnam.vn, please install DOC, DOCX and PDF file readers
For further support, please call 19006192

related news

SAME CATEGORY

loading