Vietnam Passes Sweeping Cybersecurity Law

On June 12, 2018, Vietnam's National Assembly passed the contentious Law on Cybersecurity ("Law"), which will go into effect on January 1, 2019. The Law has hallmarks similar to China's Cybersecurity Law that took effect in 2017. The Law, however, contains a number of even broader provisions that may adversely impact foreign businesses operating in Vietnam. These provisions include the following.

Content and User Control and Monitoring

The Law introduces prohibitions on the use of cyberspace to conduct any activity that could disrupt national security or public order or adversely impact the reputation of any organization or individual. Telecoms and internet service providers are required to enforce and monitor these prohibitions.

Critical Information Systems Requirements

Operators of Information Systems Critical to National Security ("CIS") will have data localization and other broad obligations with respect to the management of their CIS and related data. CIS sectors include defense, national security, government, news media and national information systems for the economic, energy, finance, banking and transportation, chemical, health, cultural, national resources, and environment sectors.

Localization Requirements

Foreign companies providing telecommunications or internet services in Vietnam must:

• Establish offices in Vietnam;
• Store the personal information of Vietnamese users and "other important data" in Vietnam and perform a security assessment prior to any cross-border data transfer; and
• Bring their technology products involving cyber services into compliance with "quality assurance" standards before they can be released to the market.

There has been widespread international concern over the Law. The U.S. Embassy in Vietnam issued a statement on June 8, 2018, indicating that the draft legislation "may present serious obstacles to Vietnam's cybersecurity and digital innovation future, and may not be consistent with Vietnam's international trade commitments." Currently, there are no regulations relating to implementation of the Law, and many concepts remain undefined. Companies with operations in, or that deal with, Vietnam should continue to monitor developments closely.

Lawyer Contacts

For further information, please contact your principal Firm representative or one of the lawyers listed below. General email messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com/contactus/.

Elizabeth Cole
Singapore / Shanghai
+65.6538.3939 / +86.21.2201.8024
ecole@jonesday.com

Sushma Jobanputra
Singapore
+65.6233.5989
sjobanputra@jonesday.com

Todd S. McClelland
Atlanta
+1.404.581.8326
tmcclelland@jonesday.com

Mauricio F. Paez
New York
+1.212.326.7889
mfpaez@jonesday.com

Michael W. Vella
Shanghai
+86.21.2201.8162
mvella@jonesday.com

Undine von Diemar
Munich
+49.89.20.60.42.200
uvondiemar@jonesday.com

Jörg Hladjk
Brussels
+32.2.645.15.30
jhladjk@jonesday.com

Stephanie Sijie Li
Singapore
+65.6233.5501
stephanieli@jonesday.com

Jennifer C. Everett
Washington
+1.202.879.5494
jeverett@jonesday.com

Special thanks to Christina L. O'Tousa for her assistance with this Alert.

Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our "Contact Us" form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.