Decree 69/2024/ND-CP on electronic identification and authentication

DECREE

On electronic identification and authentication

^{_________________}

Pursuant to the Law on Organization of the Government dated June 19, 2015; Law on Amending and Supplementing a Number of Articles of the Law on Organization of the Government and the Law on Organization of Local Administration dated November 22, 2019;

Pursuant to the Law on Cyberinformation Security dated November 19, 2015;

Pursuant to the Law on Cyber Security dated June 12, 2018;

Pursuant to the Law on E-Transactions dated June 22, 2023;

Pursuant to the Law on Identity dated November 27, 2023;

Pursuant to the Law on Investment dated June 17, 2020, amended and supplemented by the Laws No. 72/2020/QH14, 03/2022/QH15, 05/2022/QH15, 08/2022/QH15, 09/2022/QH15, 20/2023/QH15; 26/2023/QH15;

At the request of Minister of Public Security;

The Government promulgates the Decree on electronic identification and authentication.

Chapter I
GENERAL PROVISIONS

Article 1. Scope of regulation

This Decree provides for e-identity; grant, management and use of e-identification accounts; update and storage of information in the electronic identification and authentication system; conditions and orders of connection with the electronic identification and authentication system; e-authentication services; order and procedures for grant, locking and unlocking of electronic identity cards; and responsibilities of relevant agencies, organizations and individuals for e-identification, e-authentication and electronic identity cards.

Article 2. Subjects of application

This Decree applies to Vietnamese agencies, organizations and citizens; foreign organizations and individuals residing and operating in Vietnam’s territory that directly participate or are involved in electronic identification and authentication, electronic identity cards.

Article 3. Interpretation of terms

In this Decree, the terms below are construed as follows:

1. E-identity means information of an agency, organization or individual in the electronic identification and authentication system that allows identification of only such agency, organization or individual in the electronic environment.

2. E-identity subject means an agency, organization or individual identified in association with its/his/her e-identity.

3. E-identification means the registration, collation, creation and association of an e-identity with its subject.

4. Electronic identification and authentication management agency means the Police Department for Administrative Management of Social Order of the Ministry of Public Security.

5. E-identification account means a combination consisting of username, password or another means of authentication which is created by the electronic identification and authentication management agency, that is used for accessing and using features, utilities and application of the electronic identification and authentication system and information systems that have been connected and shared in accordance with laws.

6. E-authentication means authentication, certification, confirmation and provision of e-identities, e-identification accounts or other information in the National Population Database, the Identity Database, the National Immigration Database via the electronic identification and authentication system or the electronic identification and authentication platform.

7. Authentication factor is means of authentication used for accurate certification and confirmation of an e-identity subject before access to and exploitation of information in the electronic identification and authentication system.

8. Means of authentication means a number of permissible methods used by users for e-authentication, including: Password, secret code, barcode, terminal, one-time password device or software, cryptographic device or software, identity card, citizen identity card, passport, face photo, fingerprints, voice, iris or tools or methods used for the purpose of e-authentication.

9. Organization providing e-authentication services means a public non-business unit or an enterprise in the People’s Public Security forces that satisfies the conditions for providing e-authentication services specified in this Decree.

10. The e-identification website: created and developed from the electronic identification and authentication system by the Ministry of Public Security to serve the implementation of e-identification and e-authentication activities in settling administrative procedures and public administrative services and carrying out other transactions in the electronic environment; and develop features, utilities, applications to serve agencies, organizations and individuals.

11. Electronic identification and authentication platform means an information system to serve the exchange of information between the electronic identification and authentication system and information systems of state agencies, political organizations, socio-political organizations, organization providing e-authentication services, and organizations and individuals.

Article 4. Principles of electronic identification and authentication

1. To comply with the Constitution and laws, and guarantee the lawful rights and interests of agencies, organizations and individuals.

2. To ensure accuracy, publicity and transparency in management and convenience for agencies, organizations and individuals.

3. To ensure security and safety of equipment and data security upon the performance of electronic identification and authentication.

4. Agencies, organizations and individuals that are entitled to exploit and use e-identities shall secure confidentiality of e-identification account information and comply with the law on personal data protection.

5. All violations of the law on electronic identification and authentication shall be promptly detected and handled in accordance with law.

6. To ensure conformity with treaties to which Vietnam is a contracting party.

7. To refrain from using e-identification accounts in activities or transactions that are against the law or infringe upon security, national defense, national interests, public interests, or lawful rights and interests of organizations and individuals.

8. No agency, organization or individual is permitted to illegally intervene in operation of the electronic identification and authentication system.

Chapter II

E-IDENTITIES, E-IDENTIFICATION,

E-IDENTIFICATION ACCOUNTS AND E-AUTHENTICATION

Article 5. E-identities of foreigners

1. E-identities of a foreigner include:

a) Alien identification number;

b) Family name, middle name and first name;

c) Date of birth;

d) Gender;

dd) Citizenship;

e) Serial number, symbol, date and place of issuance of passport or international travel document;

g) Face photo;

h) Fingerprints.

2. Alien identification number means a unique sequence of natural numbers created by the electronic identification and authentication system to manage the e-identity of an individual foreigner.

Article 6. E-identities of agencies or organizations

1. E-identities of an agency or organization include:

a) Identification number of the agency or organization;

b) Name of the agency or organization, including Vietnamese name, abbreviated name (if any) and foreign-language name (if any);

c) Date of establishment of the agency or organization;

d) Head office address;

dd) Tax identification number (if any);

e) Identification number of the enterprise (if any);

g) E-identification number of the agency or organization (if any);

h) Family name, middle name and first name, personal identification number (or alien identification number) of the at-law representative or the head of the agency or organization that carries out the procedures for request for grant of e-identification account to the agency or organization.

2. Identification number of an agency or organization means a unique sequence of natural numbers created by the electronic identification and authentication system to manage the e-identity of the agency or organization.

Article 7. Classification and subjects eligible for grant of e-identification accounts

Vietnamese agencies, organizations and citizens; and foreign organizations and individuals residing in Vietnam’s territory shall be granted e-identification accounts as follows:

1. A Vietnamese citizen who is full 14 years of age or older and possesses a valid citizen identification card or identification card shall be granted a level-1 e-identification account or level-2 e-identification account.

A Vietnamese citizen who is between full 6 years of age and under 14 years of age and possesses an identification card shall be granted a level-1 e-identification account or level-2 e-identification account upon request. A Vietnamese citizen who is under 6 years of age and possesses an identification card shall be granted a level-1 e-identification account upon request.

2. A foreigner who is full 06 years of age or older and possesses a permanent residence card or temporary residence card for residence in Vietnam shall be granted a level-1 e-identification account or level-2 e-identification account upon request. A foreigner who is under 6 years of age and possesses a permanent residence card or temporary residence card for residence in Vietnam shall be granted a level-1 e-identification account upon request.

3. Agencies and organizations established or registered to operate in Vietnam shall be granted e-identification accounts regardless of level.

Article 8. Updating of information in the electronic identification and authentication system

1. Information of individuals in the national population database, electronic civil status database, identity database, national immigration database, national databases, other specialized databases related to e-identity, information integrated into e-identification accounts that is modified shall be automatically updated into the electronic identity and authentication system.

2. The information of agencies and organizations in the national business registration database, national databases, other specialized databases related to e-identity shall be automatically updated into the electronic identity and authentication system for creating their identification numbers and e-identification accounts to serve the electronic identification and authentication.

Article 9. Use of e-identification accounts and other e-transaction accounts created by agencies, organizations and individuals

1. Level-1 e-identification accounts of Vietnamese citizens and foreigners shall be used for accessing, exploiting and using the information on e-identities and some features, utilities, and applications of the electronic identity and authentication system and information systems that have been connected and shared in accordance with laws.

2. Level-2 e-identification accounts of Vietnamese citizens shall be used for accessing, exploiting and using their electronic identity cards and other information not been integrated into their electronic identity cards that is shared, integrated and updated from national databases, other specialized databases and all features, utilities, and applications of the electronic identity and authentication system and information systems that have been connected and shared in accordance with laws.

3. Level-2 e-identification accounts of foreigners and e-identification accounts of agencies and organizations shall be used for accessing, exploiting and using their e-identity information and other information shared, integrated and updated from national databases, other specialized databases and all features, utilities, and applications of the electronic identity and authentication system and information systems that have been connected and shared in accordance with laws.

4. E-identity subjects may use their e-identification accounts to access, authenticate and use features and utilities in the Vietnam electronic identification application, e-identification website dinhdanhdientu.gov.vn or vneid.gov.vn or other utilities in applications and softwares of other agencies, organizations and individuals that have been connected to the electronic identity and authentication system.

5. E-identification accounts may be used to perform administrative procedures and public administrative services in the electronic environment and carry out other activities to meet the needs of e-identity subjects.

6. Information on e-identities and information integrated in electronic identity cards, e-identification accounts is valid to prove the information, equivalent to the provision of information, or use or production of papers or documents with such information upon performance of administrative procedures, public services, transactions and other activities.

7. Agencies, organizations and individuals may create their electronic transaction accounts in accordance with the law on electronic transactions to serve their transactions and activities and shall be responsible for authenticating their accounts and ensuring the accuracy of the accounts they have created, and decide on the level and use value of each level of accounts. Information used to create the account of a subject shall be provided by such subject or allowed for use by an agency, organization or individual to create the account.

Article 10. Order and procedures for grant of e-identification accounts for Vietnamese citizens

1. Grant of level-1 e-identification accounts

a) Citizens shall use digital devices to download and install the Vietnam electronic identification application.

b) Citizens shall use the Vietnam electronic identification application to enter information about their personal identification numbers and mobile subscriber numbers or email addresses (if any); declare information according to provided instructions on the Vietnam electronic identification application; take face photos by digital devices and send requests for grant of e-identification accounts to the electronic identification and authentication management agency.

c) The electronic identification and authentication management agency shall check and authenticate the requesters’ information and notify the account registration result via the Vietnam electronic identification application or their mobile subscriber numbers or email addresses;

d) Representatives or guardians shall use their mobile subscriber numbers and level-2 e-identification accounts to declare and register for grant of level-1 e-identification accounts for persons under 14, wards or represented persons via the Vietnam electronic identification application.

2. Grant of level-2 e-identification accounts

a) Citizens shall produce their valid citizen identity cards or identity cards at the police offices of communes, wards or townships, or the identity management agency, regardless of their place of residence, and carry out procedures for grant of their level-2 e-identification accounts;

b) Citizens shall provide complete and accurate information on the written request for grant of e-identification account, using the form TK01 issued together with this Decree; clearly declaring their mobile subscriber numbers and email addresses (if any), and other information proposed to be integrated into electronic identity cards (if needed) to the dossier-receiving officer;

c) The dossier-receiving officer shall enter the provided information into the electronic identification and authentication system for authentication; authenticate face photos and fingerprints of citizens for taking procedures with the identity database;

d) The electronic identification and authentication management agency shall check and authenticate the requesters’ information and notify the level-2 e-identification account registration result via the Vietnam electronic identification application or their mobile subscriber numbers or email addresses;

dd) Persons under 14, wards or represented persons and their representatives or guardians shall come to the police offices of communes, wards or townships, or places for performance of procedures for grant of identity cards to carry out procedures for grant of their level-2 e-identification accounts;

Representatives or guardians shall use their mobile subscriber numbers to declare and register for grant of level-2 e-identification accounts for Vietnamese citizens being persons under 14, wards or represented persons.

3. For citizens that have not been granted citizen identity cards or identity cards, the request for grant of e-identification accounts and the grant of identity cards shall be performed simultaneously, complying with the order and procedures defined in Clause 1 and 2 of this Article.

Article 11. Order and procedures for grant of e-identification accounts for foreigners

1. Grant of level-1 e-identification accounts

a) Foreigners shall use digital devices to download and install the Vietnam electronic identification application.

b) Foreigners shall use the Vietnam electronic identification application to enter information about serial numbers of their passports or international travel documents and email addresses or mobile subscriber numbers (if any); declare information according to provided instructions on the Vietnam electronic identification application; take face photos by digital devices and send requests for grant of e-identification accounts to the electronic identification and authentication management agency via the Vietnam electronic identification application;

c) The electronic identification and authentication management agency shall notify the account registration result via the Vietnam electronic identification application or their mobile subscriber numbers or email addresses;

d) Representatives or guardians shall use their mobile subscriber numbers and level-2 e-identification accounts to declare and register for grant of level-1 e-identification accounts for persons under 14, wards or represented persons being foreigners via the Vietnam electronic identification application.

2. Grant of level-2 e-identification accounts

a) Foreigners shall come to the immigration agency under the Ministry of Public Security or immigration agencies of provincial-level Police Departments, produce passports or international travel documents and carry out procedures for registration of level-2 e-identification accounts;

b) Foreigners shall provide complete and accurate information on the written request for grant of e-identification account, using the form TK01 issued together with this Decree; clearly declaring their mobile subscriber numbers and email addresses (if any), and other information proposed to be integrated into the Vietnam electronic identification application to the dossier-receiving officer;

c) The dossier-receiving officer shall enter the foreigner-provided information into the electronic identification and authentication system; take face photos and fingerprints of citizens for taking authentication with the national immigration database;

d) The immigration agency shall send requests for grant of e-identification accounts to the electronic identification and authentication management agency;

dd) The electronic identification and authentication management agency shall notify the account registration result via the Vietnam electronic identification application or their mobile subscriber numbers or email addresses;

e) Foreigners being persons under 14, wards or represented persons and their representatives or guardians shall come to the immigration agency under the Ministry of Public Security or immigration agencies of provincial-level Police Departments to carry out procedures for grant of their level-2 e-identification accounts;

Representatives or guardians shall use their mobile subscriber numbers to declare and register for grant of level-2 e-identification accounts for foreigners being persons between full 6 to under 14 years, wards or represented persons.

Article 12. Order and procedures for grant of e-identification accounts for agencies and organizations

1. The at-law representative or the head of an agency or organization, or a person authorized by the at-law representative or the head of an agency or organization shall use his/her level-2 e-identification account to access the Vietnam electronic identification application, provide information as guided and send a request for grant of e-identification account to the agency or organization after possessing the consent of all other at-law representatives of the organization (if any).

In case of direct submission of the written request, the at-law representative or the head of the agency or organization, or the authorized person shall declare and submit the written request for grant of e-identification account used for agency or organization, using the Form TK02 issued together with this Decree, to the convenient electronic identification and authentication management agency or the identity management agency.

2. The electronic identification and authentication management agency shall check and authenticate the information on the agency or organization in the national business registration database, national databases and other specialized databases.

In case the information on the agency or organization is not yet available on the national business registration database, national databases and other specialized databases, to verify the information on the agency or organization.

3. The electronic identification and authentication management agency shall notify the registration result for grant of e-identification accounts to the at-law representative or the head of the agency or organization via the Vietnam electronic identification application or his/her mobile subscriber number or email address.

In case of ineligibility for grant of e-identification accounts, the electronic identification and authentication management agency shall notify in writing, text message or via the e-identification account of the registering person.

Article 13. Time limits for grant of e-identification accounts

After receiving a complete and valid dossier as specified in this Decree, the electronic identification and authentication management agency shall grant e-identification accounts within:

1. For Vietnamese citizens who have been granted valid citizen identity cards or identity cards:

a) One working day, in case of grant of level-1 e-identification accounts;

b) 3 working days, in case of grant of level-2 e-identification accounts.

2. 7 working days, for Vietnamese citizens who have invalid citizen identity cards or have not had identity cards.

3. For foreigners:

a) One working day, in case of grant of level-1 e-identification accounts;

b) 3 working days, in case of grant of level-2 e-identification accounts for persons whose information on face photos and fingerprints is available on the national immigration database;

c) 7 working days, in case of grant of level-2 e-identification accounts for persons whose information on face photos and fingerprints is not yet available on the national immigration database.

4. For organizations:

a) 3 working day, in case to-be-authenticated information on organizations is available on relevant national databases or specialized databases;

b) 15 days, in case to-be-authenticated information on organizations is not available on relevant national databases or specialized databases.

Article 14. Activation and use of e-identification accounts

1. E-identity subjects shall activate their e-identification accounts of individuals, agencies and organizations on the Vietnam electronic identification application within 7 days after receiving a notice of the result of grant of their e-identification accounts. After 7 days, if the e-identification accounts remain inactivated, e-identity subjects shall contact the electronic identification and authentication management agency through the call center for receiving and settling requests on electronic identification and authentication in order to activate their accounts.

2. Upon use of e-identification accounts, persons under 14, wards or represented persons must obtain the consent and confirmation of their representatives or guardians via the Vietnam electronic identification application. Representatives or guardians may use e-identification accounts of persons under 14, wards or represented persons to implement transactions and other activities to serve rights and interests of such persons under 14, wards or represented persons.

3. Use of e-identification accounts and e-authentication services is legally valid to prove that e-identity subjects have implemented and approved transactions.

4. The electronic identification and authentication management agency shall connect, share and authenticate the data so that e-identity subjects may use their e-identification accounts in other countries under treaties to which Vietnam is a contracting party.

Article 15. Order and procedures for locking and unlocking of e-identification accounts

1. Locking and unlocking of e-identification accounts of Vietnamese citizens

The electronic identification and authentication system shall automatically lock and unlock an e-identification account of a citizen in case his/her electronic identity card is locked or unlocked, or his/her citizen identity card or identity card expires.

2. Locking of e-identification accounts of foreigners or organizations

a) The electronic identification and authentication system shall automatically record, check, authenticate and lock an e-identification account in case the foreigner requests locking of his/her e-identification account, or violates terms on use of services of the Vietnam electronic identification application, or dies, or his/her passport or international travel document expires, or his/her residence duration in Vietnam expires.  The recording shall be made through the foreigner’s declaration on the Vietnam electronic identification application or by the updating of information specified in Article 8 of this Decree;

b) The electronic identification and authentication system shall automatically record, check, authenticate and lock an e-identification account in case the organization requests locking of its e-identification account, violates terms on use of the Vietnam electronic identification, is dissolved, goes bankrupt, ceases operation or terminates operation in accordance with law. The recording shall be made through the organization’s declaration on the Vietnam electronic identification application or by the updating of information specified in Article 8 of this Decree;

c) A proceeding-conducting agency or another competent agency shall send a written request for locking or unlocking of e-identification account, electronic identity card, using form TK03 issued together with this Decree to the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office for receipt and settlement;

d) Within 1 working day after receiving the written request for locking or unlocking of e-identification account, electronic identity card by a proceeding-conducting agency or another competent agency, the receiving police office of commune, ward or township, or the receiving identity management agency of provincial-level police office or district-level police office shall check and transfer the written request for locking of e-identification account to the head of the Ministry of Public Security’s identity management agency for consideration and approval via the electronic identification and authentication system;

dd) Within 2 working day after receiving the written request transferred by the police office of commune, ward or township, or the identity management agency of provincial-level police office or district-level police office, the head of the Ministry of Public Security’s identity management agency shall consider and approve the locking of e-identification account defined in Clause 2 of this Article and notify the agency requesting the locking of e-identification account and the concerned subject. In case of refusal to lock the e-identification account, the agency shall reply such in writing to the requester, clearly stating the reason.

3. Unlocking of e-identification accounts

a) The electronic identification and authentication system shall automatically unlock e-identification accounts when bases for locking of e-identification accounts no longer exist;

b) A proceeding-conducting agency or another competent agency shall send a written request for locking or unlocking of e-identification account, electronic identity card to the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office for receipt and settlement;

c) Within 1 working day after receiving the written request for locking or unlocking of e-identification account, electronic identity card by a proceeding-conducting agency or another competent agency, the receiving police office of commune, ward or township, or the receiving identity management agency of provincial-level police office or district-level police office shall check and transfer the written request for unlocking of e-identification account to the head of the Ministry of Public Security’s identity management agency for consideration and approval via the electronic identification and authentication system;

d) Within 2 working day after receiving the written request transferred by the police office of commune, ward or township, or the identity management agency of provincial-level police office or district-level police office, the head of the Ministry of Public Security’s identity management agency shall consider and approve the unlocking of e-identification account defined in Clause 2 of this Article and notify the agency requesting the unlocking of e-identification account and the concerned subject. In case of refusal to unlock the e-identification account, the agency shall reply such in writing to the requester, clearly stating the reason.

Article 16. Competence to grant, lock and unlock e-identification accounts for Vietnamese citizens, foreigners, agencies and organizations

The Director of the Police Department for Administrative Management of Social Order of the Ministry of Public Security has the competence to grant, lock and unlock e-identification accounts for Vietnamese citizens, foreigners, agencies and organizations.

Article 17. Storage of information in the electronic identification and authentication system

1. Information on e-identity and other information integrated into e-identification accounts shall be permanently stored in the electronic identification and authentication system.

2. Information on the history of access of e-identification accounts shall be stored in the electronic identification and authentication system for at least 5 years from the time of access. An e-identification account holder may exploit the information on the history of access of his/her e-identification account; the agency managing the electronic identification and authentication system may exploit the information on the history of access of e-identification accounts to serve its state management; other cases shall comply with the law.

Article 18. Conditions and orders of connection to the electronic identification and authentication system

1. State agencies, political organizations, socio-political organizations and public service organizations that are allowed to connect information systems under their management to the electronic identification and authentication system must ensure that information systems under their management meet requirements for securing information system at level 3 or higher under the law on securing information system according to security levels.

2. The connection and sharing of information defined in Clause 1 of this Article shall be carried out on the basis of written agreement between the electronic identification and authentication management agency and the agency or organization governing the database, information system to be connected, clearly stating the scope and purpose of the connection.

3. Within no more than 30 days from the date of written agreement specified in Clause 3 of this Article, the electronic identification and authentication management agency shall conduct appraisal and actual inspection of the database and information system of the agency or organization requesting connection; In case such database or information system has been connected to the national population database, the time limit for consideration and approval of connection is no more than 07 working days.

In case of approval of connection, the electronic identification and authentication management agency shall notify the agency or organization in writing and the connection shall be carried out under the written agreement. In case of refusal, it shall issue a written reply, clearly stating the reason.

4. The agencies and organizations other than those defined in Clause 1 of this Article shall connect to the electronic identification and authentication system via organizations providing e-authentication services.

5. Organizations providing e-authentication services allowed to connect to the electronic identification and authentication system to provide e-authentication services are not required to carry out the procedures specified in this Article.

Article 19. E-authentication

1. E-authentication applicable to e-identities and e-identification accounts shall be carried out via the electronic identification and authentication system and the electronic identification and authentication platform in accordance with this Decree.

2. State agencies, political organizations, socio-political organizations and public service organizations may request the e-authentication via the connection and sharing of information with the electronic identification and authentication system or the connection and sharing of information with national databases and specialized databases having the information subject to e-authentication.

3. Organizations or individuals other than those defined in Clause 2 of this Article may request the e-authentication via organizations providing e-authentication services; the e-authentication of e-identities, e-identification accounts at the request of the organizations or individuals defined in this Clause must be approved by e-identity subjects via the confirmation on the Vietnam electronic identification application, SMS sent to mobile subscriber numbers or another form of confirmation as prescribed.

4. Organizations and individuals are not allowed to provide or share e-authentication results with other organizations or individuals, unless otherwise prescribed by the law on personal data protection; The e-authentication results are not valid as an authentication factor in other transactions.

Article 20. Levels of authentication of e-identification accounts

1. The electronic identification and authentication system provides the following levels of authentication of e-identification accounts:

a) Level 1: The authentication of e-identification accounts shall be performed based on one authentication factor specified in Clause 7, Article 3 and the means of authentication specified in Clause 8, Article 3 of this Decree, without any biometric information.

b) Level 2: The authentication of e-identification accounts shall be performed based on two different authentication factors specified in Clause 7, Article 3 and the corresponding means of authentication specified in Clause 8, Article 3 of this Decree, without any biometric information.

c) Level 3: The authentication of e-identification accounts shall be performed based on two or more different authentication factors specified in Clause 7, Article 3 and the corresponding means of authentication specified in Clause 8, Article 3 of the Decree, including one biometric information item.

d) Level 4: The authentication of e-identification accounts shall be performed in the basis of authentication factors, including at least 01 biometric factor (face photo, fingerprint, voice, iris), at least 01 factor owned by the e-identity subject (identity card, digital device, software), and 01 factor known by the e-identity subject (password; secret code; 2-dimensional barcode).

2. For other electronic transaction accounts created by an agency, organization or individual, to refer to Clause 1 of this Article to classify and determine levels corresponding to each operation and process of such agency, organization or individual or comply with specialized laws and guidance of competent state management agencies in each field.

Article 21. Methods of e-authentication in performance of transactions via the electronic identification and authentication system

1. For online transactions, e-authentication shall be performed via means of authentication suitable to the level of authentication required by the concerned online service providers.

2. For the cases in which the authentication of account information is performed at the place of transaction, the authentication shall be performed via the authentication solution provided on the Vietnam electronic identification application.

Chapter III

E-AUTHENTICATION SERVICES

Article 22. E-authentication services

1. E-authentication services constitute a conditional business line.

2. Organizations providing e-authentication services must satisfy the conditions specified in Article 23 of this Decree and obtain a certificate of eligibility for provision of e-authentication services granted by the Ministry of Public Security.

3. Organizations providing e-authentication services shall be responsible for posting the list of their e-authentication services and products in the e-identification website.

Article 23. Conditions for provision of e-authentication services

1. Conditions on an organization/enterprise

Being a public non-business unit or an enterprise of the People’s Public Security forces.

2. Conditions on personnel

a) The head of the organization or the at-law representative of the enterprise is a Vietnamese citizen permanently residing in Vietnam;

b) The organization/enterprise must have personnel who possess university or higher degree in information security or information technology or electronics and telecommunications to take charge of service provision, system administration, system operation, and assurance of information security for its system.

3. Conditions on facilities, technical equipment and processes for management of the provision of e-authentication services and security and order assurance plans

The organization/enterprise applying for a certificate of eligibility for provision of e-authentication services must have a Scheme on provision of e-authentication services, comprising the following contents: Plans and processes of provision of e-authentication services, including commentaries on the information technology system; commentaries on the technical plan of technological solutions; plan on data storage and assurance of data integrity and information security for the e-authentication service system; plan on protection of personal data of related individuals and organizations; plan on assurance of security and order; plan on fire prevention and fighting, disaster prevention and assurance of stable and smooth operation of the e-authentication service system; technical equipment based in Vietnam and inspected for information security in accordance with laws.

4. Organizations providing e-authentication services may entrust other organizations to perform a number of activities including: Consulting, introducing and answering questions about e-authentication services; seeking partners, negotiating and reaching an agreement on contents related to provided activities and utilities of authentication services; providing customer services and carrying out other trade promotion activities according to the law. The entrusting must comply with the provisions of law.

Article 24. Dossier and procedures for grant of a certificate of eligibility for provision of e-authentication services

1. Components of a dossier:

a) A request for grant of a certificate of eligibility for provision of e-authentication services, made using Form XT01 provided in the Appendix to this Decree;

b) The Scheme and documents proving the satisfaction of conditions specified in Clauses 2 and 3, Article 23 of this Decree.

2. Order and time limit of settlement:

a) An organization or enterprise shall submit 1 set of dossier specified in Clause 1 of this Article directly or by post to the Ministry of Public Security or via the National Public Service Portal or the Ministry of Public Security’s Public Service Portal;

b) In case the dossier is not complete or valid, within 3 working days after receiving it, the Ministry of Public Security shall notify thereof in writing to the organization or enterprise for the latter to supplement the dossier;

c) Within 3 working days after receiving a valid dossier, the Ministry of Public Security shall collect written opinions of related ministries and ministerial-level agencies;

d) Within 10 days after receiving the consultation document from the Ministry of Public Security, the consulted ministries and ministerial-level agencies shall give their written replies;

dd) Within 30 days after receiving a complete and valid dossier, the Ministry of Public Security shall carry out the appraisal and physical examination at the organization or enterprise and grant a certificate of eligibility for provision of e-authentication services, made using Form XT03 provided in the Appendix to this Decree, to the organization/enterprise if the latter is qualified; in case of refusal to grant the certificate, the Ministry of Public Security shall issue a written notice clearly stating the reason.

Article 25. Re-grant and modification of certificates of eligibility for provision of e-authentication services

1. A certificate of eligibility for provision of e-authentication services may have its contents modified in case the concerned organization or enterprise changes one of the following information items: at-law representative, address of head office, transaction name, and plan and process already appraised by the Ministry of Public Security according to Clause 3, Article 23 of this Decree.

2. The organization or enterprise shall submit 1 set of dossier of request for modification of the certificate of eligibility for provision of e-authentication services to the Ministry of Public Security as specified at Point a, Clause 2, Article 28 of this Decree. Such a dossier must comprise:

a) A request for re-grant, modification of the certificate of eligibility for provision of e-authentication services, made according to Form XT02 provided in the Appendix to this Decree;

b) Legally valid papers and documents proving the changed information defined in Clause 1 of this Article.

3. In case the organization or enterprise has one of the following information items of at-law representative, address of head office, transaction name changed, within 10 days from the date of receiving a complete and valid dossier, the Ministry of Public Security shall implement the appraisal and grant a certificate of eligibility for provision of e-authentication services to the organization or enterprise; in case of refusal of the change, the Ministry of Public Security shall issue a written notice, clearly stating the reason.

4. In case the organization or enterprise has one of the following information items of plans and processes of provision of e-authentication services defined Clause 3 Article 23 of this Decree changed, within 30 days from the date of receiving a complete and valid dossier, the Ministry of Public Security shall implement the appraisal, consult related ministries and ministerial-level agencies, carry out physical examination and grant a certificate of eligibility for provision of e-authentication services to the organization or enterprise; in case of refusal of the change, the Ministry of Public Security shall issue a written notice, clearly stating the reason.

5. A certificate of eligibility for provision of e-authentication services shall be re-granted in case it is lost, or damaged and unusable. Order and procedures for re-grant of a certificate of eligibility for provision of e-authentication services shall be as follows:

a) The organization or enterprise shall submit 1 set of dossier of request for re-grant of the certificate of eligibility for provision of e-authentication services to the Ministry of Public Security as specified at Point a, Clause 2, Article 24 of this Decree. A dossier of request for re-grant of the certificate must comprise: A request for re-grant, modification of the certificate of eligibility for provision of e-authentication services, made according to this Decree; Scheme and documents proving the satisfaction of conditions specified in Clauses 2 and 3, Article 23 of this Decree;

b) Within 3 working days after receiving a valid dossier, the Ministry of Public Security shall consider and re-grant the certificate of eligibility for provision of e-authentication services to the organization providing e-authentication services; in case of refusal to re-grant the certificate, it shall issue a written notice clearly stating the reason.

Article 26. Revocation of certificates of eligibility for provision of e-authentication services

1. An organization providing e-authentication services shall have its certificate of eligibility for provision of e-authentication services revoked in the following cases:

a) The organization has not been operating continuously for 6 months or more;

b) The organization is dissolved or goes bankrupt in accordance with law;

c) The organization does not remedy violations related to protection of personal data, information security or cyber security at a competent state agency’s request.

2. The Ministry of Public Security shall issue decisions on revocation of certificates of eligibility for provision of e-authentication services, made according to Form XT04 provided in the Appendix to this Decree.

3. Organizations providing e-authentication services whose certificates are revoked shall be responsible for guaranteeing the lawful rights and interests of e-identity subjects and related parties in accordance with law.

Article 27. Expenses for grant and use of e-identification accounts and use of e-authentication services

1. E-identity subjects that are Vietnamese agencies, organizations or citizens, or foreigners are not required to pay expenses for registration for grant of e-identification accounts created by the electronic identification and authentication system and expenses for use of their e-identification accounts in electronic transactions.

2. Organizations and individuals exploiting e-authentication services shall pay expenses to organizations providing e-authentication services in accordance with law on prices.

3. State agencies, political organizations, socio-political organizations are not required to pay expenses for use of e-authentication services.

Chapter IV
ELECTRONIC IDENTITY CARDS

Article 28. Grant of electronic identity cards

1. Electronic identity cards are shown in a feature or utility of the Vietnam electronic identification application upon access to citizens’ electronic identity accounts.

2. Electronic identity cards shall be granted together with level-2 e-identification accounts for Vietnamese citizens and are in accordance with the order and procedures specified in Article 10 of this Decree.

3. The use of electronic identity cards via the access to level-2 e-identification accounts of citizens is equivalent to the use of valid citizen identity cards or identity cards upon performance of administrative procedures, public services, transactions and other activities.

4. Electronic identity cards shall be permanently stored in the electronic identification and authentication system. Information on the history of use of electronic identity cards shall be stored in the electronic identification and authentication system for 5 years from the time such a card is used.

5. The Minister of Public Security shall prescribe the form of electronic identity cards in the Vietnam electronic identification application.

Article 29. Order and procedures for locking of electronic identity cards

1. The electronic identification and authentication system shall automatically record, check, authenticate and lock electronic identity cards in the cases defined at Point b, Point c and Point d, Clause 1, Article 34 of the Law on Identity. The recording shall be made by updating the information in the electronic identification and authentication system as specified in Article 8 of this Decree.

2. An electronic identity card holder shall submit a request for locking of his/her electronic identity card at the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office or via the Vietnam electronic identification application, using the form TK03 issued together with this Decree. The identity management agency shall record, check, authenticate and lock his/her electronic identity card right after receiving of his/her request for locking of electronic identity card in the electronic identification and authentication system.

3. A proceeding-conducting agency or another competent agency shall send a written request for locking of electronic identity card to the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office for receipt and settlement.

4. Within 1 working day after receiving the written request for locking of electronic identity card by a proceeding-conducting agency or another competent agency, the receiving police office of commune, ward or township, or the receiving identity management agency of provincial-level police office or district-level police office shall check and transfer it to the head of the Ministry of Public Security’s identity management agency for consideration and approval via the electronic identification and authentication system.

5. Within 2 working day after receiving the written request transferred by the police office of commune, ward or township, or the identity management agency of provincial-level police office or district-level police office, the head of the Ministry of Public Security’s identity management agency shall consider and approve the locking of electronic identity card defined in Clause 2 of this Article and notify the agency requesting the locking of electronic identity card and the citizen. In case of refusal to lock electronic identity cards, the agency shall reply such in writing to the requester, clearly stating the reason.

Article 30. Order and procedures for unlocking of electronic identity cards

1. The electronic identification and authentication system shall automatically record, check and unlock electronic identity cards when bases for locking of electronic identity cards no longer exist.

2. An electronic identity card holder shall submit a request for unlocking of his/her electronic identity card at the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office or via the Vietnam electronic identification application, using the form TK03 issued together with this Decree. The identity management agency shall record, check, authenticate and unlock his/her electronic identity card right after receiving of his/her request for unlocking of electronic identity card in the electronic identification and authentication system.

3. A proceeding-conducting agency or another competent agency shall send a written request for unlocking of electronic identity card to the police office of commune, ward or township, or the nearest identity management agency of provincial-level police office or district-level police office for receipt and settlement.

4. Within 1 working day after receiving the written request for unlocking of electronic identity card by a proceeding-conducting agency or another competent agency, the receiving police office of commune, ward or township, or the receiving identity management agency of provincial-level police office or district-level police office shall check and transfer it to the head of the Ministry of Public Security’s identity management agency for consideration and approval via the electronic identification and authentication system.

5. Within 2 working day after receiving the written request transferred by the police office of commune, ward or township, or the identity management agency of provincial-level police office or district-level police office, the head of the Ministry of Public Security’s identity management agency shall consider and approve the unlocking of electronic identity card defined in Clause 2 of this Article and notify the agency requesting the unlocking of electronic identity card and the citizen. In case of refusal to unlock electronic identity cards, the agency shall reply such in writing to the requester, clearly stating the reason.

Chapter V

RESPONSIBILITIES OF AGENCIES, ORGANIZATIONS AND INDIVIDUALS

Article 31. Responsibilities of e-identity subjects

1. To protect e-identity information.

2. To ensure security of authentication factors.

3. To immediately notify organizations providing e-authentication services when losing control of means of authentication or detecting unauthorized users of their e-identities or having other reasons that may cause unsafe use of e-authentication services.

Article 32. Responsibilities of e-authentication service users

1. To abide by technical regulations on electronic identification and authentication.

2. To manage and ensure confidentiality of information on e-identification accounts and ensure safe use of e-identification accounts.

3. To take responsibility for the transactions they have performed and comply with regulations of related parties with regard to e-transactions.

Article 33. Responsibilities of organizations providing e-authentication services and agencies, organizations and individuals creating accounts by themselves

1. Responsibilities of organizations providing e-authentication services

a) To provide e-authentication services to organizations and individuals on the basis of service provision contracts;

b) To manage the operation of organizations entrusted to provide e-authentication services and products in accordance with Clause 4 Article 23 of this Decree;

c) To operate communication channels and provide services around the clock;

d) To comply with the laws on cyberinformation security, cyber security, and e-transactions, and standards and technical regulations in the field of e-authentication, confidentiality of information, ensure accuracy of authentication; promulgate a process of e-authentication with the approval from the electronic identification and authentication management agency;

dd) To comply with plans and processes for provision of e-authentication services appraised by the Ministry of Public Security;

e) To send reports on e-authentication activities, using Form XT05 issued together with this Decree, to the electronic identification and authentication management agency on a biannual basis or an annual basis or at the request of the electronic identification and authentication management agency.

2. Responsibilities of agencies, organizations and individuals that create accounts for their own activities:

a) To take responsibility for the accuracy of the accounts they create;

b) To protect personal data they collect and manage in accordance with law;

c) To obtain the consent of data subjects in all activities related to the management, exploitation and use of data;

d) To delete data they collect and manage at the request of the data subjects, unless otherwise provided for by law.

Article 34. Responsibilities of the Ministry of Public Security

1. To build, manage, protect and operate the electronic identification and authentication system; electronic identification and authentication platform, to apply e-identification accounts in state management, administrative reform, and disaster and epidemic prevention and control.

2. To perform the state management of electronic identification and authentication. To provide regulations on principles and structure of identification numbers of foreigners and identification numbers of agencies and organizations.

3. To assume the prime responsibility for, and coordinate with ministries and ministerial-level agencies in, connecting national databases and specialized databases in service of electronic identification and authentication.

4. To assume the prime responsibility for, and coordinate with the Ministry of Information and Communications, Ministry of Planning and Investment, Ministry of Justice, Ministry of National Defence, Government Office and related ministries and ministerial-level agencies in, inspecting and examining electronic identification and authentication activities.

5. To connect and integrate the electronic identification and authentication system with the e-identity exchange platform of the National Public Service Portal to serve the account inspection, settlement of administrative procedures and provision of online public services in accordance with law.

6. To assume the prime responsibility for, and coordinate with the Ministry of Information and Communications, Ministry of National Defence and Government Cipher Committee in, ensuring information security and confidentiality for the electronic identification and authentication system.

7. To assume the prime responsibility for, and coordinate and reach agreement with ministries, ministerial-level agencies, government-attached agencies, Government Cipher Committee, and People’s Committees of provinces and centrally-run cities in, specifying plans on data connection, sharing and exploitation for use of e-identities, e-identification accounts and electronic identity cards; and in ensuring information confidentiality and security, in conformity with form of performing administrative procedures directly or in the electronic environment.

8. To assume the prime responsibility for, and coordinate and reach agreement with ministries, ministerial-level agencies, government-attached agencies, Government Cipher Committee, and People’s Committees of provinces and centrally-run cities in, specifying plans on connection, sharing and exploitation for use of e-identities, e-identification accounts and electronic identity cards provided or created by the electronic identification and authentication system; and in ensuring information confidentiality and security, in conformity with form of performing administrative procedures directly or in the electronic environment.

9. To assume the prime responsibility for, and coordinate with the Ministry of Justice, Ministry of Planning and Investment, and Ministry of National Defence in, ensuring connection, sharing, and updating information in the national population database, national immigration database, electronic civil status database, national business registration database in service of electronic identification and authentication.

10. To operate communication channels and the electronic identification and authentication system around the clock.

Article 35. Responsibilities of the Ministry of Information and Communications

To coordinate with the Ministry of Public Security and Ministry of National Defense in ensuring information security and confidentiality for the electronic identification and authentication system.

Article 36. Responsibilities of the Ministry of Planning and Investment

1. To assume the prime responsibility for, and coordinate and reach agreement with the Ministry of Public Security, relevant ministries and branches in, specifying plans on connection, sharing of information of agencies and organizations in the national business registration database with the electronic identification and authentication system to create identification numbers and e-identification accounts of agencies and organizations in service of electronic identification and authentication; and in ensuring information confidentiality and security.

2. To coordinate with the Ministry of Public Security in granting e-identification accounts to organizations and enterprises and managing such e-identification accounts according to assigned scope, functions and tasks.

3. To ensure the use of e-identities and e-identification accounts for performance of administrative procedures and public administrative services in the electronic environment within its management functions prescribed by law.

Article 37. Responsibilities of the Ministry of National Defence

1. To guide its attached agencies, units, enterprises and individuals to conduct electronic identification and authentication in accordance with regulations on protection of state secrets in the field of national defense.

2. To coordinate and reach agreement with the Ministry of Public Security in specifying plans on connection, sharing to use e-identities, e-identification accounts and electronic identity cards provided or created by the electronic identification and authentication system.

3. To coordinate with the Ministry of Public Security in ensuring information security and cyber security for the electronic identification and authentication system.

Article 38. Responsibilities of the Government Cipher Committee

1. To guide the application of standards and technical regulations on civil cryptography and use of the public duty-specialized digital signature authentication services in electronic identification and authentication activities.

2. To assume the prime responsibility for, and coordinate with the Ministry of Public Security in, assessing cryptographic safety for users of e-authentication services.

3. To coordinate with the Ministry of Public Security in ensuring information security and confidentiality in use of cryptographic products for the electronic identification and authentication system and use of e-identities, e-identification accounts and electronic identity cards in providing the public duty-specialized digital signature services.

Article 39. Responsibilities of other ministries, ministerial-level agencies, government-attached agencies and People’s Committees of provinces and centrally-run cities

1. To ensure the use of e-identities, e-identification accounts and electronic identity cards for performance of administrative procedures and public administrative services in the electronic environment.

2. To coordinate and reach agreement with the Ministry of Public Security in specifying plans on connection, sharing to use e-identities, e-identification accounts and electronic identity cards provided or created by the electronic identification and authentication system; and in ensuring information confidentiality and security.

3. To ensure stable and smooth operation of national databases and specialized databases for authentication at the request of specialized database management agencies, state agencies, political organizations, socio-political organizations and other organizations assigned to perform public services.

Chapter VI

IMPLEMENTATION PROVISIONS

Article 40. Effect

1. This Decree takes effect on July 01, 2024.

2. The Decree No. 59/2022/ND-CP dated September 5, 2022 of Government, on electronic identification and authentication shall cease to be effective from the effective date of this Decree.

3. Accounts created by the National Public Service Portal or ministerial- and provincial-level information systems for settlement of administrative procedures that are granted to individuals shall be used until the end of June 30, 2024.

4. Accounts created by the National Public Service Portal or ministerial- and provincial-level information systems for settlement of administrative procedures that are granted to agencies and organizations shall be used until the end of June 30, 2025.

5. E-identification accounts, certificates of eligibility for provision of e-authentication services that have been granted under the Decree No. 59/2022/ND-CP dated September 5, 2022, on electronic identification and authentication shall be valid until the time limit as defined.

6. From July 01, 2024, the identity management agency of the Ministry of Public Security shall create and display electronic identity cards of citizens possessing a level-2 e-identification account before the effective date of this Decree by using the Vietnam electronic identification application.

7. To amend and supplement Clause 1 Article 7 of Decree No. 45/2020/ND-CP dated April 08, 2020 on performance of administrative procedures in the electronic environment as follows:

“1. Organizations and individuals shall carry out administrative procedures on the National Public Service Portal or provincial- and ministerial-level information systems for settlement of administrative procedures via e-identification accounts which are created by the electronic identification and authentication system and connected and integrated on the National Public Service Portal or ministerial- and provincial-level information systems for settlement of administrative procedures”.

8. To amend and supplement Point a Clause 1 Article 21a of Decree No. 107/2021/ND-CP dated December 6, 2021, amending and supplementing a number of articles of the Government’s Decree No. 61/2018/ND-CP of April 23, 2018, on the implementation of the single-window and inter-agency single-window mechanism in the settlement of administrative procedures as follows:

“a) Checking and authenticating the e-identification accounts of the individual or organization through his/her/its personal identification number, for Vietnamese citizens, or passport (or international travel document) number, for foreigners, or code, for organizations on the National Public Service Portal or ministerial- and provincial-level information systems for settlement of administrative procedures via the data connection and sharing with the electronic identification and authentication system. In case the individual or organization has no e-identification account, dossier-receiving officers at the single-window section shall guide him/her/it to create, or create a level-1 e-identification accounts for him/her/it. In case the individual or organization authorizes another to carry out administrative procedures, the e-identification account shall be the one of the authorizing individual or organization.”

Article 41. Implementation responsibility

1. The Ministry of Public Security shall guide, inspect and urge the implementation of this Decree.

2. In the course of implementation, the Ministry of Public Security shall coordinate with the Ministry of Information and Communications in synthesizing and handling arising issues according to their state management functions and, when necessary, report thereon to the Prime Minister for consideration and decision.

3. Ministers, heads of ministerial-level agencies, heads of government-attached agencies, chairpersons of People’s Committees of provinces, centrally-run cities shall implement this Decree./.

* All Appendices are not translated herein.