Decree No. 91/2020/ND-CP fighting spam messages, spam emails and spam calls

DECREE

On fighting spam messages, spam emails and spam calls^[1]

Pursuant to the June 19, 2015 Law on Organization of the Government;

Pursuant to the November 29, 2005 Law on E-Transactions;

Pursuant to the June 29, 2006 Law on Information Technology;

Pursuant to the November 23, 2009 Law on Telecommunications;

Pursuant to the June 20, 2012 Law on Handling of Administrative Violations;

Pursuant to the June 21, 2012 Law on Advertising;

Pursuant to the November 19, 2015 Law on Cyberinformation Security;

Pursuant to the June 12, 2018 Law on Cyber Security; 

At the proposal of the Minister of Information and Communications;

The Government promulgates the Decree on fighting spam messages, spam emails and spam calls.

Chapter I

GENERAL PROVISIONS

Article 1. Scope of regulation

This Decree provides for the fight against spam messages, spam emails and spam calls; advertising via messages (SMS, MMS, USSD), emails and calls; and rights and obligations of agencies, organizations and individuals, and adds provisions on handling of administrative violations related to spam messages, spam emails and spam calls.

Article 2. Subjects of application

This Decree applies to organizations and individuals involved in the fight against spam messages, spam emails and spam calls, and sending of advertising messages, advertising emails and advertising calls in Vietnam, including:

1. Telecommunications service and Internet service providers.

2. Private telecommunications network developers.

3. Email service providers.

4. Advertisers by messages, emails and calls (below referred to as advertisers).

5. Advertisement-related message, email and call users (below referred to as users).

6. Other related organizations and individuals.

Article 3. Interpretation of terms

1. Advertising message, advertising email or advertising call means a message, email or call aiming to introduce to the public a product, goods or service for the profit-making purpose; or a product or service not for the profit-making purpose; organization or individual trading in an introduced product or goods or providing an introduced service, except daily news; social policies; personal information; and customer service messages of telecommunications businesses.

2. Customer service message of a telecommunications business means a message sent by such telecommunications business to its customers who are using telecommunications services only for the purpose of notification of activities and utilities of such telecommunications services.

3. Spam messages include:

a/ Advertising messages sent without prior consent of users or those in violation of this Decree’s provisions on sending of advertising messages;

b/ Messages containing prohibited contents specified in Article 9 of the Law on E-Transactions, Article 12 of the Law on Information Technology, Article 12 of the Law on Telecommunications, Article 8 of the Law on Advertising, Article 7 of the Law on Cyberinformation Security, and Article 8 of the Law on Cyber Security.

4. Spam emails include:

a/ Advertising emails sent without prior consent of users or those in violation of this Decree’s provisions on sending of advertising emails;

b/ Emails containing prohibited contents specified in Article 9 of the Law on E-Transactions, Article 12 of the Law on Information Technology, Article 12 of the Law on Telecommunications, Article 8 of the Law on Advertising, Article 7 of the Law on Cyberinformation Security, and Article 8 of the Law on Cyber Security.

5. Spam calls include:

a/ Advertising calls made without prior consent of users or those in violation of this Decree’s provisions on making of advertising calls;

b/ Calls containing prohibited contents specified in Article 9 of the Law on E-Transactions, Article 12 of the Law on Information Technology, Article 12 of the Law on Telecommunications, Article 8 of the Law on Advertising, Article 7 of the Law on Cyberinformation Security, and Article 8 of the Law on Cyber Security.

6. Black list of IP addresses/domain names means a list of IPs/IP bands or domain names marked as sources of spam emails drawn up by organizations that make statistics on servers sending spam emails under regulations of the Ministry of Information and Communications in each period.

7. Person entitled to use an e-address means a person that creates or is granted such e-address.

8. Email header means information attached to contents of an email, including information on origin, destination, route, and subject, and other information on such email.

9. Email subject means part of an email header aiming to refer to principal contents of an email.

Chapter II

FIGHTING SPAM MESSAGES, SPAM EMAILS AND SPAM CALLS

Section 1

MEASURES TO FIGHT AND PREVENT SPAM MESSAGES, SPAM EMAILS AND SPAM CALLS

Article 4. Measures to fight and prevent spam messages, spam emails and spam calls

1. Building and deploying systems to fight and prevent spam messages, spam emails and spam calls

2. Elaborating a set of criteria for identifying spam messages, spam emails and spam calls.

3. Monitoring, supervising and sharing information and data on sources of spam messages, spam emails and spam calls.

4. Receiving and settling reports on spam messages, spam emails and spam calls.

5. Supervising the provision of services of advertising via messages, emails and calls.

6. Blocking and recovering e-addresses delivering spam messages, spam emails and spam calls.

7. Intensifying domestic and international cooperation in fighting and preventing spam messages, spam emails and spam calls.

8. Carrying out public communication to improve public awareness about the fight against spam messages, spam emails and spam calls.

Article 5. System for receipt of reports on spam messages, spam emails and spam calls

1. The Ministry of Information and Communications (the Authority of Information Security) shall build and operate the system for receipt of reports on spam messages and spam calls (via number 5656) and spam emails.

2. When running advertising programs, via-message advertisers shall concurrently send copies of advertising messages to the system for receipt of reports on spam messages and spam calls (via number 5656) specified in Clause 1 of this Article.

3. Telecommunications service, Internet service and email service users may report and provide evidences to the system for receipt of reports on spam messages, spam emails and spam calls specified in Clause 1 of this Article.

Article 6. Coordination of prevention and handling of spam messages, spam emails and spam calls

1. Information and data from the system for receipt of reports on spam messages, spam emails and spam calls and other information and data sources may be used for coordinating the prevention and handling of spam messages, spam emails and spam calls.

2. The Ministry of Information and Communications (the Authority of Information Security) shall act as the coordinator in prevention and handling of spam messages, spam emails and spam calls.

3. Telecommunications service, Internet service and email service providers and advertisers shall fulfill requests of the Ministry of Information and Communications (the Authority of Information Security) for coordination in prevention and handling of spam messages, spam emails and spam calls.

Article 7. DoNotCall list

1. DoNotCall list means a list of telephone numbers which are registered by entitled users of such numbers for non-acceptance of any messages for advertising registration, advertising messages or advertising calls.

2. Telecommunications service users may register the inclusion of telephone numbers under their lawful use right in or withdraw them from the DoNotCall list.  

3. Advertisers and telecommunications service and Internet service providers may neither make advertising calls nor send messages for advertising registration or advertising messages to any telephone numbers on the DoNotCall list.

4. The Ministry of Information and Communications (the Authority of Information Security) shall build, maintain and operate a system for management of the DoNotCall list, guide users how to register the inclusion of their telephone numbers in or withdraw them from the DoNotCall list, and publicize, and permit the search for, such list on its Portal/Website.

Article 8. Blacklist of IP addresses sending spam emails

1. The Ministry of Information and Communications (the Authority of Information Security) shall draw up, regularly update and publicize on its Portal/Website the blacklist of IP addresses/domain names sending spam emails.

2. Organizations, enterprises and individuals may use the blacklist of IP addresses/domain names sending spam emails to prevent such spam emails from being sent.

Section 2 

RESPONSIBILITIES OF ORGANIZATIONS, ENTERPRISES AND USERS

Article 9. Responsibilities of telecommunications service and Internet service providers and private telecommunications network developers

1. To guide service users how to fight spam messages and spam calls.

2. To guide and provide users with tools and applications to report spam messages and spam  calls, and permit users to block spam messages and spam  calls at their own will.

3. To resolutely implement measures to prevent advertising messages and advertising calls to telephone numbers on the DoNotCall list specified in Clause 1, Article 7 of this Decree.

4. To block or recover e-addresses used for sending spam messages and spam emails or making spam calls at the request of competent state agencies.

5. To take the initiative in setting out a frequency threshold and adjust frequencies for identifying subscribers suspected of sending spam messages and for achieving an effect of blocking spam messages, depending on the nature, scope and time of blockage.

6. To build and operate a technical system for fighting and preventing spam messages, spam emails and spam calls with the application of artificial intelligence and big data technologies and advanced technological solutions.

7. To provide, update and share common-use sample spam messages to the Ministry of Information and Communications (the Authority of Information Security) and other telecommunications service providers.

8. To build and connect their technical systems for management of brandnames to the National System for Management of Brandnames; to prevent advertisers from sending messages using brandnames other than those granted by the Ministry of Information and Communications (the Authority of Information Security).

9. To store for at least 1 year users’ information on advertising registration, information on opt-out requests and information on opt-out certification in case the users take actions of registering, opting out or certifying their opt-out of via-message advertisements via systems of telecommunications service providers.

10. To build, update, provide and share the blacklist of IP addresses/domain names sending common-use spam emails to/with the Ministry of Information and Communications (the Authority of Information Security) and other telecommunications service and Internet service providers.

11. To base themselves on the set of criteria for identification of spam messages and spam calls to take measures to fight and prevent spam messages and spam  calls.

12. To block and filter IP addresses/domain names sending spam emails or used for sending spam emails under their management.

13. To coordinate with advertisers and domestic and international telecommunications service and Internet service providers in preventing spam messages, spam emails and spam calls.

14. To take measures to assess the situation of spam messages and spam calls on their own telecommunications networks, and make regular reports and statistics under guidance of the Ministry of Information and Communications (the Authority of Information Security).

15. To refrain from collecting messaging charges when:

a/ Messaging users refuse to receive advertisements;

b/ Advertising messages are erroneous;

c/ Messages have contents or provide charge rates untrue to those announced by advertisers.

16. To make regular reports and statistics under regulations of competent state agencies.

Article 10. Responsibilities of email service providers

1. To guide users how to fight spam emails.

2. To guide and provide tools and applications that enable users to block spam emails at their own will and report on spam emails.

3. To take measures to block and filter, and update the list of, sources of sending spam emails, and devise solutions to help users avoid loss and mistaken blockage of emails.

4. To supervise, control and screen their email servers in order to prevent them from becoming sources of sending spam emails.

5. To base themselves on the set of criteria for identification of spam emails to take measures to fight and prevent spam emails.

6. To store email headers for at least 180 days to serve the settlement of complaints and denunciations about advertising emails.

7. To make regular reports and statistics under regulations of competent state agencies.

Article 11. Responsibilities of advertisers

1. To check the DoNotCall list specified in Clause 1, Article 7 of this Decree in order to prevent the sending of messages for advertising registration or advertising messages or the making of advertising  calls to telephone numbers on such list.

2. To send advertising messages or advertising emails or make advertising  calls to users only when the users express their prior consent to receive advertisements in one of the following forms:

a/ Receiving advertising messages after advertisers send messages for advertising registration once for all;

b/ Filling and giving certification in printed registration forms or registration forms on portals/websites, online applications or social networks of advertisers;

c/ Making  calls or sending messages to call centers of advertisers for registration;

d/ Using support software to register receipt of advertisements.

3. To provide users with tools to search or store agreements on registration or opt-out of advertising messages, advertising emails and advertising  calls on their portals/websites or social networks in order to serve the inspection, examination, and settlement of complaints and denunciations.

4. To take responsibility for, and take measures to check clear prior consent of users when, sending advertising messages or advertising emails or making advertising calls.

5. To take reasonable solutions to enable users to opt out advertising messages or advertising emails under Article 16 or 20 of this Decree, respectively.

6. To coordinate with telecommunications service, Internet service and email service providers and other related agencies and organizations in making advertisements via messages, emails and calls.

7. To store for at least 1 year information on registration to receive advertisements, information on opt-out requests and information on opt-out certification of users to serve inspection, examination and supervision.

Article 12. Rights and obligations of users   

1. To forward information on spam messages, spam emails and spam calls to the system for receipt of reports on spam messages, spam emails and spam  calls of the Ministry of Information and Communications (the Authority of Information Security) or similar systems of telecommunications service, Internet service and email service providers.

2. To receive or refuse to receive advertisements.

3. To coordinate with telecommunications service, Internet service and email service providers, advertisers and competent state agencies in fighting spam messages, spam emails and spam calls.

Chapter III

ADVERTISING VIA MESSAGES, EMAILS AND CALLS

Section 1

PROVISIONS ON ADVERTISING BY SENDING MESSAGES OR EMAILS OR MAKING CALLS

Article 13. Principles of sending advertising messages or advertising emails or making advertising calls

1. It is not permitted to send advertising messages or make advertising calls to telephone numbers on the DoNotCall list specified in Clause 1, Article 7 of this Decree or to users that do not express their prior consent to receive advertisements.

2. For via-message advertisements and telephone numbers not on the DoNotCall list, advertisers may only send messages for advertising registration once for all. The Ministry of Information and Communications shall provide in detail the sending of messages for advertising registration.

3. In case users refuse to receive advertisements or make no reply after receiving first messages for advertising registration, advertisers may not continue sending any messages for advertising registration or advertising messages to such users’ telephone numbers.

4. The sending of advertising messages or advertising emails or the making of advertising calls to users must be stopped immediately after the receipt of opt-out requests of users.

5. An advertiser may neither send more than 3 advertising messages to a telephone number or more than 3 advertising emails to an email address nor make more than 1 advertising call to a telephone number within 24 hours, unless otherwise agreed upon by the advertiser and the user.     

6. Every day, messages may only be sent from 7:00 hours to 22:00 hours while calls may be made from 8:00 hours to 17:00 hours, unless otherwise agreed upon by advertisers and users.  

7. Advertising contents must comply with the law on advertising.

8. Advertising messages may only be sent and advertising calls may only be made when brandnames have been granted and telephone numbers may not be used to send advertising messages or to make advertising  calls.

Article 14. Requirements on advertising messages

1. Advertising messages must be marked under Article 15 of this Decree.

2. In case of advertising charged services, sufficient information on charge rates must be provided.

3. There must be an opt-out function under Article 16 of this Decree.

Article 15. Requirements on marking of advertising messages 

1. Every advertising message must be marked.

2. A mark must be placed at the top position in the content of an advertising message.

3. A mark may take the form of [QC] or [AD].

Article 16. Requirements on the function to opt out advertising messages

1. Opt-out information that allows users to opt out advertising messages must meet the following conditions:

a/ It is placed at the end of an advertising message and clearly expressed;

b/ There must be instructions for users to opt out advertising messages they have previously registered;

c/ When necessary, a via-message advertiser may provide an additional opt-out ability, such as refusing a product or a group of products;

d/ There must be clear instructions on the opt-out function referred to at Points b and c, Clause 1, and opt-out forms referred to in Clause 2, of this Article.

2. Forms of opting out advertising messages must include:

a/ Opting out via message;

b/ Opting out via call.

3. Upon receiving an opt-out request, an advertiser shall immediately send information confirming the receipt of such request and stop sending the opted-out advertising messages to the requesting user.

4. Confirmation information must meet the following requirements:

a/ Notifying the receipt of an opt-out request, time of receipt of the request and time of stopping the sending of advertising messages;

b/ Being successfully sent only once and containing no advertising information.

Article 17. Requirements on advertising emails

1. Having subjects matching their contents which must comply with the law on advertising.

2. Being marked under Article 18 of this Decree.

3. Having information on advertisers under Article 19 of this Decree.

4. In case of advertising charged services, sufficient information on charge rates must be provided.

5. There must be an opt-out function under Article 20 of this Decree.

Article 18. Requirements on marking of advertising emails

1. Every advertising email must be marked.

2. A mark must be placed at the top position of the subject line.

3. A mark may take the form of [QC] or [AD].

Article 19. Requirements on information on via-email advertisers

1. Information on a via-email advertiser includes name, telephone number, email address, geographical address and portal/website and social network addresses (if any).

2. Information on a via-email advertiser must be clearly shown and placed immediately before the opt-out information that allows users to opt out advertising emails.

Article 20. Requirements on the function to opt out advertising emails

1. Opt-out information that allows users to opt out advertising emails must meet the following conditions:

a/ It is placed at the end of an advertising email and clearly expressed;

b/ There must be confirmation that users have the right to opt out all products from the advertiser;

c/ When necessary, a via-email advertiser shall provide an additional opt-out ability, such as refusing a product or a group of products;

d/ There must be clear instructions on the opt-out function referred to at Points b and c, Clause 1, and opt-out forms referred to in Clause 2, of this Article.

2. Forms of opting out advertising emails must include:

a/ Opting out via portal/website or social network;

b/ Opting out via email;

c/ Opting out via call.

3. Upon receiving an opt-out request, an advertiser shall immediately send information confirming the receipt of such request and stop sending the opted-out advertising emails to the requesting user.

4. Confirmation information must meet the following requirements:

a/ Having a confirmation of the receipt of an opt-out request, time of receipt of the request and time of stopping the sending of advertising emails;

b/ Being successfully sent only once and containing no advertising information.

Article 21. Requirements on advertising calls

1. Every advertising call must have sufficient information on the caller (name and address) which must be introduced before advertising contents are provided. In case of advertising charged services, sufficient information on charge rates must be provided.

2. In case users opt out advertising calls, advertisers shall immediately stop making such calls to such users.

Section 2

SYSTEM FOR MANAGEMENT OF BRANDNAMES

Article 22. The National System for Management of Brandnames

1. The National System for Management of Brandnames is a system having the function of managing and storing brandnames nationwide.

2. All organizations and individuals may search information on brandnames on the National System for Management of Brandnames available online at tendinhdanh.ais.gov.vn.

3. The Ministry of Information and Communications (the Authority of Information Security) shall build and operate the National System for Management of Brandnames.

Article 23. Provisions on use of brandnames

1. A brandname used by a sender in advertising activities via message or call (below referred to as brandname) must consist of up to 11 sequential characters, including Latin alphabet letters and numerals (from 0 to 9) or symbols (-), (_), (.) or space; in uppercase or lowercase; must not be a sequence of only numerals, and may be used to denote or identify information on the sender.

2. All organizations and individuals may register and use unlimited brandnames for the purpose of advertising via message or call.

3. A brandname granted by the Ministry of Information and Communications (the Authority of Information Security) to an organization or individual is unique in the National System for Management of Brandnames and valid for use for 3 years from the date of grant.

4. Brandnames shall be registered and used on the principles of equality, non-discriminatory treatment, and first registration-first use; and must ensure avoidance of misunderstanding or distortion due to polysyllabic and polysemic characteristics of Vietnamese language or due to use of tone marks of Vietnamese language.

5. Organizations and individuals that register for use of brandnames shall take responsibility before law for use purposes and accuracy of registration information and authenticity of documents and information in their registration dossiers.

6. Organizations and individuals may not use brandnames other than those granted by the Ministry of Information and Communications (the Authority of Information Security) or brandnames already granted by the Ministry of Information and Communications (the Authority of Information Security) to others, unless they are permitted by such organizations or individuals, and shall refrain from infringing upon lawful rights and interests of organizations and individuals that have registered brandnames.

7. Organizations and individuals may not use the revoked brandnames.

8. Organizations and individuals that are granted brandnames shall pay fees in accordance with the law on charges and fees and pay expenses for maintenance of such brandnames under regulations of the Ministry of Information and Communications.

Article 24. Dossiers of registration for grant of brandnames 

A dossier of registration for grant of a brandname(s) must comprise:

1. For an organization:

a/ A certified copy of the organization establishment decision or enterprise registration certificate. In case an organization or enterprise registers more than one brandname at the same time, it shall provide only 1 certified copy of the enterprise registration certificate or organization establishment decision;

b/ A written declaration of a brandname(s), made according to Form No. 01 provided in the Appendix to this Decree;

c/ Other papers related to its intellectual property rights or trademark registration (if any).

2. For an individual: 

a/ A certified copy of his/her people’s identity card or citizen identity card or passport;

b/ A written declaration for registration of a brandname(s), made according to Form No. 01 provided in the Appendix to this Decree;

c/ Other papers related to his/her intellectual property rights or trademark registration (if any).

Article 25. Methods of submission of dossiers of registration for grant of brandnames

A dossier of registration for grant of a brandname(s) may be submitted by one of the following methods:

1. Submitting paper dossiers by post to the Ministry of Information and Communications (the Authority of Information Security).

2. Submitting dossiers online at tendinhdanh.ais.gov.vn of the National System for Management of Brandnames.

Article 26. Grant of brandname certificates

1. Upon receiving a registration dossier, the Ministry of Information and Communications (the Authority of Information Security) shall certify the dossier receipt by sending an email or a message to the dossier submitter, specifically stating the date and time of dossier receipt.

2. Within 1 working day after receiving a dossier of an organization or individual, the Ministry of Information and Communications (the Authority of Information Security) shall examine the validity of the dossier and decide:

a/ To grant a brandname(s) and notify the grant to the organization or individual via email or message. After the organization or individual pays a fee under regulations, to send via email a brandname certificate, made according to Form No. 02 provided in the Appendix to this Decree; or,

b/ To refuse to grant a brandname(s) to the organization or individual in case the dossier is incomplete or needs clarification, requiring the organization or individual to supplement, explain or complete and resubmit the dossier under Article 25 of this Decree, and notify the reason for refusal to the organization or individual via email or message.

Article 27. Re-grant of brandname certificates

1. In case a brandname certificate sees a change in the information related to a granted brandname or is lost, the certificate holder shall send a written declaration of a brandname(s) with updated information, made according to Form No. 01 provided in the Appendix to this Decree, to the Ministry of Information and Communications (the Authority of Information Security) under Article 25 of this Decree.

2. The Ministry of Information and Communications (the Authority of Information Security) shall re-grant a brandname certificate under Article 26 of this Decree with the same validity duration as that of the previous certificate.

Article 28. Extension of validity duration of brandname certificates

1. Extension of the validity duration of a brandname certificate means the grant of a brandname certificate with a new validity duration to an organization or individual that has been granted such certificate.

2. At least 15 days before the expiration of the validity duration of its/his/her brandname certificate, an organization or individual shall send a written declaration of a brandname(s) with updated information, made according to Form No. 01 provided in the Appendix to this Decree, and relevant documents to the Ministry of Information and Communications (the Authority of Information Security) under Article 25 of this Decree.

3. The Ministry of Information and Communications (the Authority of Information Security) may extend the validity duration of a brandname certificate under Article 26 of this Decree several times, with each extension of 3 years.

Article 29. Revocation of brandnames

1. A brandname shall be revoked in the following cases:

a/ It has been used to send spam messages or make spam calls or provide services in violation of regulations as concluded by a competent state agency;

b/ Expenses for maintenance of its operation are paid more than 30 days after the payment deadline;

c/ Its validity duration has expired without any extension;

d/ As requested by its user;

dd/ As requested by a competent state agency.

2. The Ministry of Information and Communications (the Authority of Information Security) shall notify the revocation of brandnames to their holders via email or message and publicize it on www.ais.gov.vn.

Section 3

REPORTING REGIME

Article 30. Reporting regime    

1. Organizations and individuals granted brandnames shall make annual reports according to Form No. 04 provided in the Appendix to this Decree or extraordinary reports at the request of the Ministry of Information and Communications (the Authority of Information Security).

2. Telecommunications businesses granted brandnames shall make annual reports according to Form No. 05 provided in the Appendix to this Decree or extraordinary reports at the request of the Ministry of Information and Communications (the Authority of Information Security).

3. Telecommunications businesses providing messaging services shall make annual reports according to Form No. 06 provided in the Appendix to this Decree or extraordinary reports at the request of the Ministry of Information and Communications (the Authority of Information Security).

Article 31. Reporting time and form

1. Reporting time: An annual report shall be made before December 31 of the reporting year, with data cut off from December 15 of the year preceding the reporting period to December 14 of the reporting period.

2. Reports (detailed information on reporting method is publicized on the portal/website of the Ministry of Information and Communications (the Authority of Information Security)) shall be sent in the form of authenticated computer files to [email protected] and updated to the National System for Management of Brandnames.

Chapter IV

SANCTIONING OF ADMINISTRATIVE VIOLATIONS

Article 32. To supplement Points c, d and dd, Clause 2; Points p, q, r and s, Clause 4; Points e and g, Clause 6; Clause 7a; and Point c, Clause 10, Article 94 of the Government’s Decree No. 15/2020/ND-CP of February 3, 2020, on sanctioning of administrative violations in the fields of post, telecommunications, radio frequencies, information technology and e-transactions

“Article 94. For violations of regulations on emails, messages and calls providing information on products and services

2. A fine of between VND 5,000,000 and VND 10,000,000 shall be imposed for one of the following acts:

c/ Making an advertising  call to a user without his/her clear consent;

d/ Making an advertising  call to a user who has refused to receive advertising calls;

dd/ Sending a message for advertising registration to a user who has refused to receive or made no reply to advertising messages.

4. A fine of between VND 20,000,000 and VND 30,000,000 shall be imposed for one of the following acts:

p/ Making more than 1 advertising call to 1 telephone number within 24 hours without any other agreement with the user;

q/ Making advertising calls before 8:00 hours or after 17:00 hours every day without any other agreement with the user;

r/ Failing to take measures to check the user’s clear prior consent upon sending advertising messages or advertising emails or making advertising calls;

s/ Failing to provide the user with tools to search or store agreements on registration or opt-out of advertising  calls or advertising messages for advertising registration on their portals/websites or social networks to serve the inspection, examination, and settlement of complaints and denunciations.

6. A fine of between VND 60,000,000 and VND 80,000,000 shall be imposed for one of the following acts:

e/ Sending a message for advertising registration in contravention of regulations of the Ministry of Information and Communications;

g/ Sending any message for advertising registration to a telephone number on the DoNotCall list.

7a. A fine of between VND 80,000,000 and VND 100,000,000 shall be imposed for an act of sending an advertising message or making an advertising call to a telephone number on the DoNotCall list.    

10. Remedial measures:

c/ Forcible revocation of telephone numbers for commission of the violations specified in Clause 1 of this Article.”.

Article 33. To supplement Points c, d, dd and e, Clause 1; Point e, Clause 2; Points l, m, n and o, Clause 3; and Clauses 3a, 3b and 4a, Article 95 of the Government’s Decree No. 15/2020/ND-CP of February 3, 2020, on sanctioning of administrative violations in the fields of post, telecommunications, radio frequencies, information technology and e-transactions

“Article 95. For violations of regulations on provision of advertising email, advertising message and advertising call services and via-message content services

1. A fine of between VND 10,000,000 and VND 20,000,000 shall be imposed for one of the following acts:

c/ Failing to provide tools and applications enabling users to block spam emails at their own will and report on spam emails;

d/ Failing to take measures to block, filter and update the list of sources of sending spam emails or measures to prevent loss and mistaken blockage of emails of users;

dd/ Failing to supervise, control and screen their own email servers in order to prevent them from becoming sources of sending spam emails;

e/ Failing to make regular reports and statistics under regulations of competent state agencies.

2. A fine of between VND 20,000,000 and VND 30,000,000 shall be imposed for one of the following acts:

e/ Failing to draw up, update, provide and share the blacklist of IP addresses/domain names sending common-use spam emails to/with the Ministry of Information and Communications (the Authority of Information Security) and other telecommunications businesses and Internet service providers.

3. A fine of between VND 50,000,000 and VND 70,000,000 shall be imposed for one of the following acts:

l/ Failing to provide users with tools and applications for them to report on spam messages and spam calls and to enable users to block spam messages and spam calls at their own will;

m/ Failing to provide, update and share common-use sample spam messages to/with the Ministry of Information and Communications (the Authority of Information Security) and other telecommunications businesses;

n/ Failing to block and filter IP addresses/domain names sending or used for sending spam emails under one’s management;

o/ Failing to take measures to evaluate the situation of spam messages and spam  calls on one’s telecommunications networks.

3a. A fine of between VND 50,000,000 and VND 70,000,000 shall be imposed for an act of using a brandname other than that granted by the Ministry of Information and Communications (the Authority of Information Security) or a brandname already granted by the Ministry of Information and Communications (the Authority of Information Security) to another organization or individual without being permitted by such organization or individual, or using the revoked brandname.

3b. A fine of between VND 70,000,000 and VND 100,000,000 shall be imposed for an act of using a brandname to send spam messages or provide services in violation of regulations as concluded by a competent state agency.

4a. A fine of between VND 140,000,000 and VND 170,000,000 shall be imposed for the following acts:

a/ Failing to take measures to block advertising messages and advertising calls to telephone numbers of the DoNotCall list;

b/ Failing to block or revoke e-addresses used to send spam messages and spam emails or make spam calls at the request of a competent state agency;

c/ Failing to build and operate one’s technical system to prevent and fight spam messages, spam emails and spam calls;

d/ Failing to build and connect one’s technical system to manage brandnames with the National System for Management of Brandnames;

dd/ Failing to perform tasks of coordinating the prevention and handling of spam emails and spam  calls and take other professional measures at the request of the Ministry of Information and Communications (the Authority of Information Security).”.

Article 34. To supplement Points e and g, Clause 2, Article 120 of the Government’s Decree No. 15/2020/ND-CP of February 3, 2020, on sanctioning of administrative violations in the fields of post, telecommunications, radio frequencies, information technology and e-transactions

“Article 120. Assignment of sanctioning competence

2. People’s Public Security Forces:

a/ Directors of provincial-level Departments of Public Security may sanction administrative violations specified in Clause 7a, Article 32 of this Decree;

g/ The Directors of the Department of Cyber Security and Hi-Tech Crime Prevention; the Social Order-related Crime Investigation Police Department; the Corruption, Economic and Smuggling Crime Investigation Police Department; the Police Department for Administrative Management of Social Order; the Drug-related Crime Investigation Police Department; the Internal Political Security Department; and the Economic Security Department may sanction administrative violations specified in Clause 7a, Article 32 of this Decree.”.

Chapter V

IMPLEMENTATION PROVISIONS

Article 35. Effect

1. This Decree takes effect on October 1, 2020.

2. This Decree replaces the Government’s Decree No. 90/2008/ND-CP of August 13, 2008, on fighting spam mails, and Decree No. 77/2012/ND-CP of October 5, 2012, amending and supplementing a number of articles of Decree No. 90/2008/ND-CP.

Article 36. Transitional provisions

Within 90 days after this Decree takes effect, telecommunications businesses shall transmit electronic files of declared brandnames to the Ministry of Information and Communications (the Authority of Information Security).

Within 180 days after this Decree takes effect, the Ministry of Information and Communications (the Authority of Information Security) shall announce the list of lawful brandnames after examining dossiers provided by telecommunications businesses. For declared brandnames not on the list of lawful brandnames, procedures for registration for grant of new brandnames shall be carried out under Articles 24, 25 and 26 of this Decree.

Within 90 days after this Decree takes effect, the Ministry of Information and Communications (the Authority of Information Security) shall switch the system for receipt of reports on spam messages via number 456 to new number 5656.

The provisions of Article 33 on supplementation of Clauses 3a and 3b, Article 95 of the Government’s Decree No. 15/2020/ND-CP of February 3, 2020, on sanctioning of administrative violations in the fields of post, telecommunications, radio frequencies, information technology and e-transactions, apply as of March 1, 2021.

Article 37. Organization of implementation

1. The Ministry of Information and Communications shall, within the ambit of its functions and powers, guide the implementation of this Decree.

2. The Ministry of Public Security shall coordinate with the Ministry of Information and Communications in preventing and fighting activities of sending messages and emails and making calls for the purpose of deception, disturbance or distribution of malware and ransomware, or committing acts prohibited by law.

Article 38. Implementation responsibility

Ministers, heads of ministerial-level agencies, heads of government-attached agencies, chairpersons of provincial-level People’s Committees, and related organizations and individuals shall implement this Decree.-

On behalf of the Government
Prime Minister
NGUYEN XUAN PHUC

* The Appendix to this Decree is not translated.