Decree 137/2024/ND-CP e-transactions of state agencies, information systems serving e-transactions

DECREE

Defining e-transactions of state agencies and information systems
serving e-transactions

^{_____________}

Pursuant to the Law on Organization of the Government dated June 19, 2015; Law on Amending and Supplementing a Number of Articles of the Law on Organization of the Government and the Law on Organization of Local Administration dated November 22, 2019;

Pursuant to the Law on E-Transactions dated June 22, 2023;

At the request of the Minister of Information and Communications;

The Government promulgates the Decree defining e-transactions of state agencies and information systems serving e-transactions.

Chapter I
GENERAL PROVISIONS

Article 1. Scope of regulation

This Decree defines e-transactions of state agencies and information systems serving e-transactions, including conversion between paper documents and data messages; activities of state agencies in the electronic environment; information systems serving e-transactions; responsibilities of administrators of particularly large-scale and large-scale intermediary digital platforms serving e-transactions; and cyber credibility criteria for information systems serving e-transactions.

Article 2. Subjects of application

This Decree applies to agencies, organizations and individuals directly engaged in or related to e-transactions of state agencies and information systems serving e-transactions.

Article 3. Interpretation of terms

In this Decree, the terms below are construed as follows:

1. Internal administration in the electronic environment means a state agency's act of performing part or all of its internal administration activities according to its functions and tasks by electronic means.

2. Direction and operation in the electronic environment means a state agency's act of performing part or all of its direction and operation activities according to its functions and tasks by electronic means.

3. Monitoring and inspection in the electronic environment means a competent state agency's act of performing part or all of its monitoring and inspection activities in fields or areas within the ambit of their assigned tasks and powers by electronic means.

4. The document management and administration system is an information system built with the main function of managing and processing documents and records, supporting direction, administration, operations and monitoring the implementation of tasks in state agencies in the electronic environment.

5. The information system serving the direction and operation of a state agency is an information system built to collect, create, synthesize, analyze, store, connect, share, and provide information and data to support leadership and management during the internal administration process and decision making based on digital data.

Chapter II
CONVERSION BETWEEN PAPER DOCUMENTS AND DATA MESSAGES

Article 4. Conversion from paper documents to data messages

Data messages converted from paper documents must meet all requirements specified in Clause 1 Article 12 of the Law on E-Transactions.

1. The requirements for distinct symbols and other information defined at Point c Clause 1 Article 12 of the Law on E-Transactions shall be detailed as follows:

a) Information in a data message converted from a paper document includes: A letter distinct symbol representing the data message converted from the paper document and the time of conversion; the information including the full name of the agency, organization or individual performing the conversion.

In the data message converted from the paper document, agencies, organizations and individuals can choose to display additionally a quick response (QR) code or other encryption forms containing the above-mentioned information to serve the purpose of looking up and using information by electronic means.

Contents of the distinct symbol representing the data message converted from the paper document shall be prescribed in accordance with relevant law regulations.

b) In case of conversion serving notarization, certification, making of true copies, certified copies and extracts, the information in the data message shall be comply with laws on notarization, certification, and clerical work;

c) In case the document conversion is the result of administrative procedure settlement, the distinct symbol confirming that the information has been converted from paper to electronic version as prescribed at Point c Clause 3 Article 25 of Decree 45/2020/ND-CP dated April 8, 2020 shall comply with Point a of this Clause.

2. An information system serving the conversion from paper documents to data messages must ensure the following features:

a) Complete conversion of contents from paper documents to data messages;

b) Creation of distinct symbols and other information in data messages in accordance with Clause 1 of this Article;

c) Storage of data messages;

d) Assurance of cyberinformation security and cyber security in accordance with law regulations;

dd) In case of converting from paper documents to data messages prescribed at Point d Clause 1 Article 12 of the Law on E-Transactions, the information system serving the conversion must have digital signature feature.

Article 5. Conversion from data messages to paper documents

Paper documents converted from data messages must meet all requirements specified in Clause 2 Article 12 of the Law on E-Transactions.

1. The information available for identifying the information system and its administrator who created, sent, received and stored the data message for searching defined at Point b, Clause 2, Article 12 of the Law on E-Transactions is specifically regulated as follows:

a) The minimum information identifying the information system and its administrator who created, sent, received and stored the data message for searching includes: name of the information system, name of the information system's administrator;

b) Information to access the data message in the information system that creates and stores the data message can be a full path of the data message in the information system, or a unique code to access the data message through a search interface.

2. The requirements for distinct symbols and other information defined at Point c Clause 2 Article 12 of the Law on E-Transactions shall be detailed as follows:

a) Information in a paper document converted from a data message at least includes: A letter distinct symbol representing the paper document converted from the data message and the time of conversion; the information about the full name of the agency, organization or individual performing the conversion.

In the the paper document converted from the data message, agencies, organizations and individuals can choose to display additionally a quick response (QR) code or other encryption forms containing the above-mentioned information to serve the purpose of looking up by electronic means data messages generated on the information system.

Contents of the distinct symbol representing the paper document converted from the data message shall be prescribed in accordance with relevant specialized law regulations.

b) In case of conversion serving notarization, certification, making of true copies, certified copies and extracts, the information in the paper document shall be comply with laws on notarization, certification, and clerical work;

c) In case of conversion of electronic administrative procedure dossiers and electronic result sheets into paper documents defined in Article 18 of the Government’s Decree 45/2020/ND-CP dated April 8, 2020, the distinct symbols and information on the paper documents shall comply with Point a of this Clause.

3. An information system serving the conversion from data messages to paper documents must ensure the following features:

a) Retrieval from the storage system and display of the original data message to be converted in complete form;

b) Creation of distinct symbols and other information in paper documents in accordance with Clause 2 of this Article;

c) Complete conversion of contents from original data messages to paper documents.

Chapter III
ACTIVITIES OF STATE AGENCIES IN THE ELECTRONIC ENVIRONMENT

Article 6. Conversion of activities of state agencies to the electronic environment

1. State agencies’ activities prioritized for being wholly carried out in the electronic environment include provision of public-duty services; internal administration; direction; supervision, examination and inspection according to appropriate roadmaps and plans.

The activities related to state secrets must comply with law on protection of state secrets and cipher law.

2. Development of a plan to apply information technology and digital transformation to serve state agencies’ activities in the electronic environment

a) Ministries, ministerial-level agencies, government-attached agencies (hereinafter referred to as ministries and branches), People's Committees of provinces and centrally run cities (hereinafter referred to as provincial-level People's Committees) shall be responsible for developing, approving and organizing the implementation of 5-year plans and annual plans on application of information technology and digital transformation; with goals, tasks and solutions to strive for state agencies’ activities being wholly carried out in the electronic environment, and including at least the following areas of activity: provision of public-duty services; internal administration; direction; supervision, examination and inspection;

b) The Ministry of Information and Communications shall be responsible for guiding ministries, branches, and provincial-level People's Committees to develop 5-year plans and annual plans on application of information technology and digital transformation.

3. Fundamental requirements for information systems and digital platform serving state agencies’ activities in the electronic environment:

a) To ensure compliance with the Vietnam e-Government Architecture Framework and the Government Architecture Frameworks at ministerial and provincial levels;

b) To ensure the ability to to integrate, interconnect, share, use and reuse information and data;

c) Ensure authenticity, reliability, integrity, accessibility, continuous and stable access and use;

d) Allow checking and verifying information and data to serve reporting, professional interoperability and satisfaction of other requirements of competent agencies, organizations and individuals according to the their competence upon request;

dd) Ensure the ability to develop, upgrade and expand according to practical needs;

e) Ensure the requirements under the laws on cyberinformation security and cyber security;

g) Ensure other requirements according to relevant law regulations.

4. The implementation of application of information system and digital transformation serving state agencies’ activities in the electronic environment must be accompanied by administrative reform of state agencies to innovate methods of working, direction and operation based on data, enhance the processing of documents and records in the electronic environment, improve the performance and efficiency of state agencies; reduce costs and time for processing work.
 

Article 7. Receipt and resettlement of requests from organizations and individuals in the electronic environment

1. Responsibilities of state agencies in receipt and resettlement of requests from organizations and individuals in the electronic environment:

a) Receive and resolve requests from organizations or individuals in the electronic environment, except otherwise defined by law. In case of refusal of receipt or resettlement, the reason must be clearly notified to the organizations or individuals;

b) Establish communication channels in the electronic environment and issue operating regulations for receipt and resettlement of requests from organizations and individuals, except otherwise provided by law;

c) Notify the results of handling requests of organizations and individuals in the electronic environment via electronic means and communication channels, except otherwise provided by law or at the request of an organization or individual.

2. State agencies' communication channels in the electronic environment include the following channels:

a) Information provision channels and channels for provision of online public services in accordance with the Government’s regulations on online public service and information provision of state agencies in the electronic environment;

b) National Public Service Portal;

c) Other communication channels according to relevant law regulations.

3. Channels for provision of online public services and the National Public Service Portal must ensure their connectivity and integration to use services using e-identification accounts created by the electronic identification and authentication system.

The use of accounts to log in state agencies’ communication channels in the electronic environment shall comply with relevant law regulations.

Article 8. Provision of online public services, administrative procedures in the electronic environment

1. The implementation of administrative procedures and public administrative services of which the performance by electronic means is defined or not defined shall comply with the Government’s regulations on performance of administrative procedures in the electronic environment and the Government’s regulations on online public service and information provision of state agencies in the electronic environment, except cases where another law specify that it cannot be carried out by electronic means.

2. Public administrative services are provided wholly online based on reviewing and restructuring of processes, meeting quality requirements in accordance with the Government's regulations on performance of administrative procedures in the electronic environment, implementation of the single-window and inter-agency single-window mechanisms in performance of administrative procedures and provision of information and online public services in the cyber environment.

3. State agencies shall be responsible for handling administrative procedures and providing wholly online public services when they are qualified to perform the entire process by electronic means. In case the entire process has not been performed by electronic means, state agencies must notify it to organizations and individuals.

4. Dossiers and results of administrative procedure settlement are digitalized according to the Government’s regulations on performance of administrative procedures in the electronic environment, implementation of the single-window and inter-agency single-window mechanisms in performance of administrative procedures.

The results of administrative procedure settlement for organizations and individuals are returned in accordance with relevant law regulations, and at the same time, the results of administrative procedure settlement are returned electronically at the electronic data management warehouse of organizations and individuals, at the national identification application as needed. In case organizations or individuals performs administrative procedures by authorization, the storage of electronic results shall comply with their agreements on authorization.

In case of returning paper-based results, the competent agency shall convert them to data messages in accordance with Article 4 of this Decree and store them in relevant information systems and databases according to its management competence; the conversion results must be shared among state agencies and used as a component of the dossier of administrative procedure settlement to facilitate organizations and individuals upon performance of other administrative procedures and public services.

5. Reviewing and restructuring of processes of public non-business services and public services shall be carried out in order to provide online public services to organizations and individuals on the National Public Service Portal, the information systems for handling administrative procedures at ministerial or provincial levels and portals of public service providers in accordance with the Government's regulations on performance of administrative procedures in the electronic environment, implementation of the single-window and inter-agency single-window mechanisms in performance of administrative procedures and provision of information and online public services in the cyber environment.

6. Ministries, ministerial-level agencies, government-attached agencies, provincial-level People's Committees shall review, promulgate, and organize the implementation of plans to provide public non-business services and online public services within their scope of management.

7. The Ministry of Information and Communications shall be responsible for maintaining, operating, upgrading and ensuring information security for the system for monitoring and measuring the level of provision and use of digital Government services to monitor and measure the provision of online public services; inspect and evaluate the implementation of interactive electronic forms of online public services and the connection and sharing of data between state agencies providing online public services.

8. The Government Office shall provide the guidance on review and restructuring of procedural processes to provide wholly online public services;  assess the quality of services provided to organizations and individuals in performance of administrative procedures and provision of public services by ministries, branches, and provincial-level People's Committees; maintain, operate, upgrade, and ensure information security for the system for assessing indicators of citizen- and enterprise-centric public service delivery of the National Public Service Portal.

Article 9. Internal administration in the electronic environment

1. Internal administration in the electronic environment includes the following main activities:

a) Resolve internal administrative procedures in the electronic environment for the following areas: Planning; strategy; human resources; finance - accounting; archives; assets; emulation - commendation; administration, synthesis and other fields as prescribed by law or as decided by the heads of the agencies;

b) Carry out the information and reporting regime in the electronic environment;

c) Process work records and documents in the electronic environment;

d) Organize remote work and meetings in the electronic environment.

2. Handling of administrative procedures in the electronic environment

State agencies shall be responsible for reviewing and restructuring the processes of internal administrative procedures in the fields specified at Point a, Clause 1 of this Article, ensuring that the basic components of administrative procedures are fully, clearly, specifically and reasonably defined in accordance with Clause 2, Article 8 of Decree No. 63/2010/ND-CP dated June 8, 2010 of the Government, on control of administrative procedures, as amended and supplemented by Decree No. 92/2017/ND-CP dated August 7, 2017 of the Government, amending and supplementing a number of articles of the decrees concerning control of administrative procedures, and meeting the quality requirements under the Government’s regulations on performing administrative procedures wholly in the electronic environment.

Dossiers and results of internal administrative procedure settlement shall be digitized in accordance with the Government’s regulations on performance of administrative procedures in the electronic environment. In case the results of internal administrative procedure settlement serving administration work are paper documents, state agencies shall convert them into data messages in accordance with Article 4 of this Decree and store them in relevant information systems and databases according to their management competence; the conversion results must be shared among units within such state agencies, and shared with relevant state agencies and used to settle other internal administrative procedures serving internal administration work in the agencies or units.

3. Performance of information and reporting regime in the electronic environment

State agencies shall responsible for reviewing and standardizing reporting regimes, building and developing reporting information systems in accordance with the Government’s regulations on reporting regimes of state administrative agencies; implementing electronic reporting for reporting regimes within the agencies; gradually shifting to automatic, data-based and real-time reporting.

4. Handling of documents and records in the electronic environment

a) State agencies shall prioritize the entire handling of documents and records in the electronic environment, except for documents and records containing state secrets; do not simultaneously process documents and records in the electronic environment and paper documents and records, except for cases where the law requires paper copies;

b) The process of handling documents and records in the electronic environment is designed in conformity with the requirements, functions, tasks, and organizational structure of each agency, ensuring the principles of monitoring, inspection, and evaluation may be conducted; at the same time, all stages in the process of handling documents and records (receiving documents, transferring for processing, creating records, request for coordination opinions, submitting them to competent authorities for approval, guiding opinion from leaders at all levels, implementing digital signature of documents, issuing documents, etc.) must all be performed on the document management and administration system.

c) Information and data on the status of handling and results of handling documents and records of ministries, branches and localities according to the tasks assigned by the Government and the Prime Minister are synchronized with information systems serving the direction and operation of the Government and the Prime Minister through the National E-Document Exchange Platform to serve the work of reviewing, inspection and evaluation according to their competence;

d) Electronic documents being the results of administrative procedure settlement under law regulations on performance of administrative procedures in the electronic environment must be synchronized from the document management and administration system with the information systems for handling administrative procedures at ministerial or provincial levels;

dd) Sending and receipt of electronic documents containing state secret-related contents shall comply with law regulations on cipher and protection of state secrets.

5. Organization of remote work and meetings in the electronic environment

a) State agencies shall decide to choose the option of applying information technology and digital transformation to conduct remote work and meetings in the electronic environment in conformity with the needs and actual conditions of the state agencies;

b) In case of remote work and meetings, state agencies shall be responsible for ensuring that cadres, civil servants and public employees have the necessary conditions and equipment, in conformity with state agencies’ regulations on standards and norms of working equipment.

6. Information systems serving internal administration activities of state agencies must meet the basic technical conditions specified in Clause 3, Article 6 of this Decree, ensuring interoperability, integration, connection and sharing with other information systems within such state agencies to strive for internal administration activities wholly carried out in the electronic environment; identification accounts can be used as one of the methods to log in, exploit and use internal information systems of state agencies if needed.

Article 10. Direction and operation in the electronic environment

1. Heads of state agencies shall be responsible for performing direction and operation activities in the electronic environment, mainly based on digital information and data; directing units and individuals under their management competence to carry out advisory activities and wholly process the work in the electronic environment, except otherwise provided by law.

2. Responsibilities of state agencies being ministries, ministerial-level agencies, and provincial-level People's Committees in organizing the implementation of direction and operation in the electronic environment shall be as follows:

a) Develop and promulgate sets of indicators serving the direction and operation work in the electronic environment in accordance with Clause 3 of this Article, ensuring that it is consistent with the needs, resources and readiness level of the database and information system;

b) Deploy the the information systems serving the direction and operation at the ministerial and provincial levels to ensure the collection, creation, synthesis, analysis, processing, storage, connection and sharing of information and data with the the information systems serving the direction and operation of the Government and the Prime Minister in accordance with the regulations and instructions of the Government Office; connect and share information and data with the information systems serving the direction and operation of other ministries, branches and provincial-level People's Committees upon request; take responsibility for the completeness, integrity, accuracy, timeliness and assurance of cyberinformation security and cyber security of the information and data provided within the competence and meeting the requirements in Clause 6 of this Article;

c) Build and share lists of shared-use data for unified use in information systems and databases to ensure the integration, exchange, sharing, and interoperability of data in the electronic environment in a synchronized manner to serve the direction and operation work;

d) Develop and promulgate regulations on exploitation, use, connection, integration, sharing, and reception of information and data serving the direction and operation in the electronic environment.

3. Sets of indicators serving the direction and operation work of state agencies

a) Set of indicators serving the direction and operation work of the Government and the Prime Minister includes: group of indicators serving daily and monthly direction and operation of socio-economic situation; group of indicators of monitoring and supervision of the implementation of national target programs and important national projects; group of indicators serving direction, operation and online interaction in emergency situations of natural disasters, epidemics, response to natural disasters and search and rescue; groups of indicators upon urgent requests of the Government and Prime Minister;

b) Set of indicators serving the direction and operation work of heads of ministries and branches includes: group of indicators serving daily and monthly direction and operation of leaders of ministries and branches; group of indicators of monitoring and supervision of the implementation of national target programs and important national projects; group of indicators serving direction, operation and online interaction in emergency situations of natural disasters, epidemics, response to natural disasters and search and rescue;

c) Set of indicators serving the direction and operation work of heads of provincial-level People's Committees includes: group of indicators serving daily and monthly direction and operation of socio-economic situation; group of indicators of monitoring and supervision of the implementation of national target programs and important national projects in the provinces or centrally-run cities; group of indicators serving direction, operation and online interaction in emergency situations of natural disasters, epidemics, response to natural disasters and search and rescue and local specific indicators; group of indicators of monitoring and supervision of the implementation of targets assigned in the Resolutions of the provincial-level People's Councils every year and every 5 years; group of indicators of monitoring and supervision of the implementation of tasks assigned by the Government and the Prime Minister every month, quarter and year;

d) The sets of indicators serving direction and operation specified in Points a, b and c of this Clause shall be flexibly adjusted to suit the actual situation in order to promptly and comprehensively respond to the management, direction and operation work in the electronic environment of the Government, the Prime Minister, leaders of ministries, branches and localities. Other state agencies shall, based on practical needs, readiness level of information systems, databases and resources, select and build their set of indicators serving the direction and operation to bring their direction and operation activities to the electronic environment.

4. Principles for formulating indicators serving the direction and operation

a) Be consistent with and accurately reflect the targets and objectives of socio-economic development strategies, programs and plans; national target programs, key national projects and works; tasks assigned by the Government and the Prime Minister and the functions, tasks and powers of state agencies;

b) Information and data related to indicators are regularly updated, ensuring the principle of collection from a single focal point according to state management functions; inherit and make maximum use of information and data from available information systems and databases; connect, share, and reuse uniformly them from central to local levels;

c) Indicators serving the direction and operation must be closely combined with statistical data, information and other reporting regimes to fully and accurately reflect the situation of the issue or field in which they are used for monitoring and evaluation;

d) Each indicator is designed to measure and evaluate the results and effectiveness of work performance of agencies, organizations and individuals; must have calculation methods and measurement units; clearly identify the main attributes, main groupings, data periods, data sources and comparability.

5. Criteria for selecting and determining indicators serving the direction and operation of state agencies

A selected indicator serving the direction and operation must meet one of the following criteria:

a) The indicator plays a decisive role in the implementation results of important and priority goals and tasks of the Government, the Prime Minister, ministries, branches, provincial-level People's Committees;

b) The indicator is capable of supporting the analysis, forecasting of trends, assessment of the level of completion of goals and tasks and proposal of solutions to remove difficulties and obstacles to achieve the set goals and tasks;

c) The indicator specifically reflects the activities or objectives of direction and operation; is quantitative, measurable, has a time limit for measurement; can be observed, recorded and verified, and reflects the progress of the implementation of assigned goals and tasks;

d) The indicator is provided at a short and continuous frequency, daily, weekly, monthly and in conformity with the requirements of the direction and operation activities; connected and shared automatically between information systems and databases related to the implementation of the monitored and supervised goals and tasks;

dd) The indicator is a component for calculating relevant statistical indicators.

6. The information systems serving the direction and operation of state agencies must meet the basic requirements defined in Clause 3, Article 6 of this Decree; connect and interoperate with the National E-Document Exchange Platform, the National Data Exchange Platform, the system for managing and monitoring tasks assigned by the Government and Prime Minister, and other data connection and sharing platforms as prescribed by law regulations; connect and share data with national databases, specialized databases, other information systems (including internal information systems) serving the direction, operation, and decision-making support; have full functions of: collecting, updating, storing, processing, analyzing data; monitoring, supervising, evaluating the implementation of tasks and objectives; supporting interaction in online direction and operation to the field when required; controlling the quality of information and data; basic functions of the reporting information system according to regulations and other functions at the request of direction and operation activities.

Encourage research and gradually apply advanced and modern technological solutions to improve the quality of analysis, decision-making and forecasting in the direction and operation of the Government and the Prime Minister.

Article 11. Responsibility for ensuring information and digital data to serve the leadership, direction and operation of the Government and the Prime Minister

1. Responsibilities of the Government Office

a) Formulate a set of indicators serving the direction and operation of the Government and the Prime Minister in the electronic environment according to the groups of indicators specified at Point a Clause 3, Clause 4, Clause 5 Article 10 of this Decree;

b) Assume the prime responsibility for, coordinate, urge, and guide on, professional matters according to its assigned functions and tasks; establish requirements and features to develop the Government's reporting information system, the information system of direction and operation of the Government and the Prime Minister at the National Data Center to meet the set of indicators specified at Point a, Clause 1 of this Article;

c) Develop a system for monitoring of tasks assigned by the Government and Prime Minister, a system for meetings and handling of work of the Government and Prime Minister to serve the requirements of monitoring, evaluating and supervising tasks based on digital data;

d) Assume the prime responsibility for, and coordinate with ministries, branches, provincial-level People's Committees, relevant agencies and organizations in, coordinating, connecting, interoperating, integrating and sharing information between information systems serving the direction and operation of the Government and the Prime Minister and information systems and databases of ministries, branches and provincial-level People's Committees to serve the leadership, direction and operation of the Government and the Prime Minister in accordance with law regulations; organizing the monitoring and assessment of the quality of information and data connected and integrated to serve the direction and operation of the Government and the Prime Minister;

dd) Assume the prime responsibility for, and coordinate with ministries, branches, and provincial-level People's Committees in, organizing guidance, implementation, and supervision of sending and receipt of electronic documents and processing of work in the electronic environment;

e) Assume the prime responsibility for, and coordinate with the Ministry of Information and Communications, the Ministry of National Defence, and the Ministry of Public Security in, implementation of measures for supervising and ensuring cyberinformation security and cyber security for information systems serving the direction and operation of the Government and the Prime Minister;

g) Develop standards or technical regulations on data structure, data format, regulations, and processes of data sharing to serve the connection, integration, and sharing of data between the information systems serving the direction and operation of the Government and the Prime Minister with information systems serving the direction and operation of ministries, branches, and provincial-level People's Committees to serve the direction and operation process in the electronic environment of state administrative agencies.

2. Responsibilities of the Ministry of Information and Communications

a) Coordinate with the Government Office in guiding ministries, agencies, and provincial-level People's Committees to build their information systems serving the direction and operation, and connection with the information systems serving the direction and operation of the Government and Prime Minister;

b) Coordinate with the Government Office, the Ministry of National Defence, and the Ministry of Public Security in implementing measures to monitor and ensure cyberinformation security for the information systems serving the direction and operation of the Government and the Prime Minister; guiding ministries, ministerial-level agencies, and provincial-level People's Committees to ensure cyberinformation security for information systems serving the direction and operation of ministries, branches, and provincial-level People's Committees.

3. Responsibilities of ministries, branches and provincial-level People’s Committees

a) Deploy the document management and administration system, connect with the National E-Document Exchange Platform and the system for monitoring tasks assigned by the Government and Prime Minister and internal systems of ministries, branches and localities to ensure wholly online direction and operation based on data;

b) Assume the prime responsibility for, and coordinate with the Government Office in, formulate scenarios for the direction and operation of the Government and the Prime Minister according to their assigned tasks; proactively prepare infrastructure, technology, and data to be ready to connect and share data with the information systems serving the direction and operation of state agencies of the Government and the Prime Minister.

Article 12. Monitoring and inspection in the electronic environment

1. Ministries, branches, and provincial-level People's Committees, according to their competence, shall be responsible for:

a) Review and simplify the monitoring and inspection process; develop a monitoring and inspection process in the electronic environment;

b) Guide and implement monitoring and inspection activities in the electronic environment in the fields and areas within their assigned tasks and powers;

c) Develop digital platforms and technical tools to serve monitoring and inspection activities in the electronic environment within their assigned tasks and powers.

2. Organizations and individuals shall be responsible for complying with the monitoring and inspection activities in the electronic environment of competent agencies.

Article 13. Response plans in case of emergencies or upon occurrence of incidents that disrupt operations in the online cyber environment, and plans to respond to incidents in and maintain normal transactions

1. Administrators of information systems serving e-transactions in state agencies must be ready to deploy a response plan in case of emergency or upon occurrence of an incident that disrupts operations in the cyber environment, and a plan to respond to incidents in and maintain normal transactions in accordance with the law on cyberinformation security.

2. Such a plan defined in Clause 1 of this Article includes law regulations on cyberinformation security and a number of contents as follows:

a) Back up data to ensure data maintenance to enable restoration of normal operation of the information system serving e-transactions when a cyber-attack occurs, serving the response and investigation of cyber-attacks;

b) Be ready to quickly restore normal operation of the information system serving e-transactions when an incident occurs as quickly as possible to minimize impact, damage or according to business requirements, commitments between the administrators of information system and the parties participating in the transactions;

c) Timely notify and report to the state management agency in charge of cyberinformation security and users when an emergency or incident occurs that disrupts the operation of the information system serving e-transactions.

Article 14. Hiring of experts by using state budgets

1. For the activities of consulting database establishment; performance of professional and technical activities in management, operation, and assurance of cyberinformation security for information systems serving e-transactions; state agencies may hire experts with appropriate capacity for each job.

2. The hiring of experts must comply with the following principles:

a) Be selected according to specific criteria for each job;

b) Be hired to work under contract;

c) An expert may participate in one or more activities specified in Clause 1 of this Article.

3. A hired expert is entitled to the following regimes and rights:

a) Receive remuneration as agreed in the contract;

b) Be provided with relevant information during the performance of the expert's work as stated in the contract;

c) Be supported with costs for attending domestic scientific conferences and seminars with contents appropriate to the expert's work as stated in the contract at the support level in accordance with current regulations;

d) Have the right to propose methods for performing the expert's work as stated in the contract in conformity with the professional requirements of such work.

4. Remuneration and support paid for experts shall comply with the following regulations:

a) Remuneration and support for experts are paid by the state budget according to decentralization or from other lawfull funding sources (if any);

b) Remuneration for experts is paid according to the level stated in the contract that is agreed with the expert according to the requirements for quality, quantity and time of work performance;

c) Payment and finalization of remuneration and support for experts shall comply with law regulations and on the basis of assessment of the actual results of the expert's activities.

5. The basis for determining the value of contracts on hiring experts to perform the work contents in Clause 1 of this Article shall comply with regulations of the Ministry of Labor, Invalids and Social Affairs on wage rates for domestic consultants, and of the Ministry of Finance on budget expenditure norms for hiring domestic and foreign experts.

Chapter IV

INFORMATION SYSTEMS SERVING E-TRANSACTIONS

Article 15. Classification of information systems serving e-transactions by administrators of information systems

1. Administrators of information systems serving e-transactions are the agencies, organizations or individuals with direct management competence of such information systems. 

2. Information systems serving e-transactions are classified by administrators of information systems, including:

a) Administrators being state agencies and organizations;

b) Administrators being organizations and enterprises;

c) Administrators being individuals.

3. Determination of administrators of information systems serving e-transactions

a) For state agencies and organizations, administrators of information systems serving e-transactions are ministries, ministerial-level agencies, government-attached agencies, provincial-level People’s Committees or competent authorities approving project investment policies or deciding to hire services to establish, upgrade and expand such information systems;

b) For enterprises and other organizations not covered by Point a of this Clause, administrators of information systems serving e-transactions are competent authorities approving project investment policies or deciding to hire services to establish, upgrade and expand such information systems;

c) For individuals, the identification of administrators of information systems serving e-transactions can be based on one or more information including: information on the contract for renting hosting services (web); information on the registration of the domain name of the website or the account for publishing mobile applications on application stores.

Article 16. Classification of information systems serving e-transactions by functions and features

1. Information systems serving e-transactions with main functions and features that allow grant and authentication of e-transaction accounts; conclusion of e-contracts or performance of unilateral legal acts that create, change or terminate the rights and obligations of related parties by electronic means, are classified as follows:

a) Handling of administrative procedures in the electronic environment;

b) E-transactions in commercial activities;

c) E-transactions in financial activities;

d) E-transactions in banking activities;

dd) E-transactions in other activities.

2. Ministers, heads of ministerial-level agencies, and chairpersons of provincial-level People's Committees shall promulgate, within their competence, or submit to competent authorities for promulgation of, regulations on the entry into and performance of e-contracts; on information systems serving e-transactions in the fields within the scope of assigned tasks and powers, in conformity with practical conditions.

Article 17. Classification of information systems serving e-transactions by number of users

1. A user in an information system serving e-transactions when that user has at least one of the following activities:  logging in, accessing information, using services on such information system.

2. A large-scale information system serving e-transactions is an information system with an average monthly number of users in Vietnam of between 3% and 10% of the total population according to the most recent official announcement by a competent agency.

3. A particularly large-scale information system serving e-transactions is an information system with an average monthly number of users in Vietnam of over 10% of the total population according to the most recent official announcement by a competent agency.

4. The data used to determine the scale of the information system serving e-transactions as prescribed in Clause 2 and Clause 3 of this Article is the average number of active users on the platform in the last 12 months.

5. The Ministry of Information and Communications shall evaluate, research, propose amendments and supplements to the classification of information systems serving e-transactions for each period in accordance with practical conditions.

Article 18. Determination of large-scale and particularly large-scale intermediary digital platforms serving e-transactions

1. Classification of intermediary digital platforms serving e-transactions by number of users:

a) A large-scale intermediary digital platform serving e-transactions is an information system prescribed in Clause 2, Article 17 of this Decree that creates an electronic environment allowing parties to conduct transactions or provide and use products, services or to develop products, services whose the administrator is independent of the parties conducting the transactions;

b) A particularly large-scale intermediary digital platform serving e-transactions is an information system prescribed in Clause 3, Article 17 of this Decree that creates an electronic environment allowing parties to conduct transactions or provide and use products, services or to develop products, services whose the administrator is independent of the parties conducting the transactions.

2. An administrator of an intermediary digital platform serving e-transactions shall self-determine the scale of number of users:

a) No later than 12 months from the effective date of this Decree, the administrator of an intermediary digital platform serving e-transactions  that operates for 12 months or more shall be responsible for self-determining the scale of the number of users.

b) After the first self-determination of the scale, the administrator of the intermediary digital platform serving e-transactions shall be responsible for self-determining the scale of the number of users before January 31 of every year.

In case the criteria for determining a large-scale or particularly large-scale intermediary digital platform are satisfied, the administrator of the intermediary digital platform shall report and provide data to the state management agency.

3. State agencies shall be responsible for receiving reports from the administrator of the intermediary digital platform serving e-transactions; synthesizing and sharing of data serving state management of e-transactions in accordance with law regulations, in conformity with assigned functions, tasks and powers.

4. Responsibilities of the Ministry of Information and Communications:

a) Establish and operate the system for receiving and synthesizing data serving state management of e-transactions of state agencies in accordance with regulations. Establishment, operation, functions, features of the system and technical regulations for the reference model of connection to serve data sharing by electronic means shall comply with the Ministry of Information and Communications;

b) Receive and synthesize data serving state management of e-transactions of state agencies as prescribed; publish and update the list of large-scale and particularly large-scale intermediary digital platforms serving e-transactions at www.mic.gov.vn or on the website of the system for receiving and synthesizing data serving state management of e-transactions;

c) Assume the prime responsibility for, and coordinate with relevant ministries, branches and organizations in, develop criteria, evaluate and publish a list of independent measurement and statistical tools of the number of users active on intermediary digital platform serving e-transactions; or a reliable reference source used to determine the size of the intermediary digital platform.

Article 19. Responsibilities of administrators of large-scale intermediary digital platforms serving e-transactions

An administrator of a large-scale intermediary digital platform serving e-transactions shall take responsibilities as defined in Clause 2 Article 47 of the Law on E-Transactions.

1. For the responsibility of publicly announcing and disseminating the mechanism of reporting and handling problems arising in e-transactions defined at Point b, Clause 2, Article 47 is detailed as follows:

a) Publicly announce the mechanism of reporting and handling problems on the intermediary digital platform, ensuring that users can easily approach and access it. The publicly announced information must be presented in Vietnamese and may be in other languages.

The administrator of intermediary digital platform and the user shall agree to choose the method of receiving information through one of the popular communication channels: website, email, mobile application or other communication channels;

b) The mechanism of reporting and handling problems must include at least: receipt of information related to problems from users, including technical problems, complaints, disputes between parties participating in the transaction and other problems; sending of notifications to relevant accounts before processing; provision information to users affected by problems and handling measures; notification of the results of handling problems; provision of the contact focal point in Vietnam of the administrator of intermediary digital platform in charge of handling of problems;

c) The changes in mechanism of reporting and handling problems defined at Point b of this Clause must be notified and updated to users, through one of the common communication channels specified at Point a of this Clause.

2. The responsibility to publicly announce and disseminate the mechanism of reporting and handling contents violating Vietnam’s law on intermediary digital platforms from trustworthy reporting sources prescribed in Point c, Clause 2, Article 47 is stipulated as follows:

a) Publicly announce the mechanism of reporting and handling contents with law violations on intermediary digital platforms, ensuring that users may easily approach and access it. The publicly announced information must be presented in Vietnamese and may be in other languages.

The administrator of intermediary digital platform and the user shall agree to choose the method of receiving information through one of the popular communication channels: website, email, mobile application or other communication channels;

b) Trustworthy reporting sources include information sources from competent agencies at the request of serving the investigation and handling of information with law violations; from other information sources self-determined by the administrator of intermediary digital platform;

c) The mechanism of reporting and handling contents violating law must include at least: Provision of information related to the behavior, content, and subject of the violation to the competent agency upon request; sending of warnings to accounts showing signs of law violations before proceeding with the handling; provision of information to users affected by the illegal information and remedial measures; contact information in Vietnam of the administrator of intermediary digital platform in charge of handling of illegal information;

d) The changes in mechanism of reporting and handling contents violating law defined at Point c of this Clause must be notified and updated to users through one of the common communication channels specified at Point a of this Clause.

3. Make statistics on the number of active users each month; before January 31 of each year, provide information in accordance with Point b, Clause 1, Article 47 of the Law on E-Transactions through the system for receiving and synthesizing data serving state management of e-transactions or through other electronic means in accordance with the guidance by the Ministry of Information and Communications; take responsibility before the law for the accuracy of the provided information.

Article 20. Responsibilities of administrators of particularly large-scale intermediary digital platforms serving e-transactions

Administrators of particularly large-scale intermediary digital platforms serving e-transactions shall take responsibilities as defined in Clause 3 Article 47 of the Law on E-Transactions and Article 19 of this Decree.

1. The responsibility of administrators of particularly large-scale intermediary digital platforms serving e-transactions defined at Point b Clause 3 Article 47 of the Law on E-Transactions is detailed as follows:

a) Public announce the general principles, specifications, or criteria for providing recommendations on displaying contents and advertisements to users on intermediary digital platforms, ensuring that users may easily reach and access them. The publicly announced information must be presented in Vietnamese and may be in other languages. The administrator of intermediary digital platform and the user shall agree to choose the method of receiving information through one of the channels: Website, mobile application or other communication channels.

In case the digital platforms have the feature of search and prioritization of displaying search contents, the public announcement of the criteria for determining the contents to be displayed as a priority is required;

b) Allow users to choose options of not using the feature of recommendations on displaying contents and advertisements based on analysis of user data.

In case the users do not use the feature of recommendations on displaying contents and advertisements, the administrators of the digital platforms must provide information to users about changes to the users’ ability to access content; and must not automatically change their selection without obtaining their consent.

2. The responsibility defined at Point d Clause 3 Article 47 of the Law on E-Transactions for administrators of particularly large-scale intermediary digital platforms serving e-transactions is detailed as follows:

a) To publicly disclose and disseminate the code of conduct applicable to relevant parties, ensuring that users may easily reach and access it. The code of conduct to be publicly announced must be presented in Vietnamese and may be in other languages.

The code of conduct must be disseminated and updated to relevant parties upon change through one of the popular communication channels: email, website, mobile application or other communication channels;

b) A universal code of conduct is the principles on methods of communication and behavior on the intermediary digital platforms serving e-transactions that are developed and issued by an administrator of digital platform in order to maintain a healthy, equal and safe environment for the participating parties, limiting non-standard or illegal behaviors in e-transactions;

c) The development of a code of conduct must comply with relevant law regulations and ensure the rights and interests of the parties involved in the transaction;

d) Encourage particularly large-scale intermediary digital platforms to develop and announce a code of conduct to support people with disabilities and other disadvantaged groups in participation in e-transactions conveniently and equally.

Article 21. Cyber credibility criteria

1. Cyber credibility means a certification code for information systems serving e-transactions satisfying criteria defined in Clause 2 of this Article.

2. Cyber credibility criteria for information systems serving e-transactions include:

a) Comply with the law regulations on ensuring the security of information systems by levels;

b) Commit to only collect and store personal data with the users’ consent, unless otherwise provided by law;

c) Users’ data from the access device to the website is encrypted with a secure algorithm and provided by a reliable third party;

d) The domain name and server address of the website are not in the do-not-access list recommended by the Ministry of Information and Communications at the website www.tinnhiemmang.gov.vn;

dd) The website does not contain any malicious links, malicious codes, fraudulent information, or other law violations that may harm the users;

e) There is public information about the contact focal point for receipt and handling of information security-related issues.

3. Encourage administrators of information systems serving e-transactions to research, evaluate and self-declare the satisfaction of cyber credibility criteria.

Chapter V
IMPLEMENTATION PROVISIONS

Article 22. Effect

1. This Decree takes effect on the signing date, except for cases prescribed in Clause 23 of this Decree.

2. To repeal Article 25 of the Government’s Decree No. 64/2007/ND-CP dated April 10, 2017, on application of information technology in state agencies.

Article 23. Transitional provisions

The information system used for the conversion of documents with legal value in accordance with relevant law regulations must be reviewed and meet the requirements in Clause 2, Article 4 and Clause 3, Article 5 of this Decree within 24 months from the effective date of this Decree.

Article 24. Implementation responsibility

Ministers, Heads of ministerial-level agencies, Heads of government-attached agencies and Chairpersons of People’s Committees of provinces and centrally run cities, related organizations and individuals shall take responsibilities for the implementation of this Decree.