On 22 June 2023, the Vietnam National Assembly officially passed the new Law on Electronic Transactions No. 20/2023/QH15 (the “2023 ET Law”), which will supersede the current Law on Electronic Transactions No. 51/2005/QH11 dated 29 November 2005 (the “2005 ET Law”) and take effect from 1 July 2024.
The 2005 ET Law has been built based on the UNCITRAL’s Model Law on Electronic Commerce (MLEC) which is especially suitable for developing countries with legal systems that are different in certain extent from the current Vietnam’s one. In addition, at the time of building the 2005 ET Law, plenty of issues were not anticipated, such as the rapid development of digital technology (AI, massive data, biometrics, and blockchain) creates new transactions, or how to protect the rights and interests of participating parties in e-transactions, etc. Therefore, over 17 years of implementation, the 2005 ET Law revealed numerous existing and shortages which need to be remedied, such as (i) lack of provisions or provisions irrelevant for application in Vietnam, particularly those that do not ensure the validity of e-transactions; (ii) limited scope of application which does not include important fields of economy and society with many changes in technology and legalization, leading to challenges in implementation thereof; and (iii) inconsistencies with specialized legal documentations which have been issued relating to emerging e-transaction practices, for example, in the field of communication and media (digital signature), bank (e-payment), finance (security transaction, e-invoice, e-tax declaration and payment, e-custom) and e-commerce, as well as with applicable laws that have been newly issued, such as Civil Code No. 91/2015/QH13 dated 24 November 2015, Law on Cyberinformation Security No. 86/2015/QH13 dated 19 November 2015, and Law on Cybersecurity No. 24/2018/QH14 dated 12 June 2018, etc.
With such necessity for amendments and supplementations to the 2005 ET Law, the 2023 ET Law has been promulgated in its place. This article discusses some key amendments and supplementations of the 2023 ET Law in comparison with the 2005 ET Law.
Expanded Application Scope
The 2023 ET Law has expanded the scope of application by erasing the specific exclusions of application as prescribed in the 2005 ET Law, i.e., “issuance of certificates of land use rights, house ownership, and other real estates, inheritance-related documents, marriage certificates, divorce decisions, birth certificates, death certificates, bills of exchange, and other valuable papers”, and provides a general scope of application, comprising all transactions performed via e-means, regardless of the contents, conditions, and forms thereof. However, the 2023 ET Law shall not govern transactions that are not allowed to be performed via e-means, and in such case, the specialized laws shall be applied.
Revised and Added Key Definitions
In comparison with the 2005 ET Law, definitions of “electronic environment” (“môi trường điện tử”), “electronic data” (“dữ liệu điện tử”), “digital data” (“dữ liệu số”), “electronic signature” (“chữ ký điện tử”), “digital signature” (“chữ ký số”), “electronic contract” (“hợp đồng điện tử”), etc. have been added in the 2023 ET Law. Meanwhile, other definitions , such as “electronic means” (“phương tiện điện tử”), “electronic certificate” (“chứng thư điện tử”), “database” (“cơ sở dữ liệu”), “electronic signature certificate” (“chứng thư chữ ký điện tử”), “digital signature certification service” (“dịch vụ chứng thực chữ ký số”), and others have been amended to better align with current practices and relevant definitions in other legal documents, such as Decree No. 130/2018/ND-CP dated 27 September 2018 on guidelines for the implementation of the 2005 ET Law as to a digital signature and digital signature authentication. It is worth noting that as specified in the 2023 ET Law, a digital signature guarantees authenticity, integrity, and non-repudiation, but does not guarantee the confidentiality of the data message.
Data Message and Its Legal Validity
The 2023 ET Law, meanwhile, retains the respective provision on validity of the data message of the 2005 ET Law, i.e. “information stated in data message cannot have its legal validity disclaimed for the sole reason that it is expressed in the form of data message”. It specifies that data message is created and generated during the transactions or converted from printed documents and may be shown in the forms of electronic documents, electronic certificates, electronic records, electronic contracts, e-mails, telegrams, telegraphs, facsimiles, and other electronic data interchange (EDI) forms according to regulations of the law.
The data message shall be as valuable as the original one if the information contained in a data message (i) shall be ensured regarding its integrity (not being changed, except for changes in form arising during the sending, storage or display of it) from the time it is first initiated in the form of a complete data message; and (ii) may be accessible and usable in complete form. Data message can be used as evidence under the 2023 ET Law and procedural law with the evidence value being specified on the basis of the reliability of the manner in which the data message is generated, sent, received or stored; the manner in which the integrity of the data message is ensured and remained; the manner in which originators, addressees of the data message and other appropriate factors are determined.
In case where data message is converted from printed document, under the 2023 ET Law, the following conditions shall be met:
- Ensuring the same integrity of information in a printed document;
- The contained information could be accessible and usable for reference;
- Having a special signal confirming the conversion and the converting party’s information;
- If the printed document is a license, certificate, certification, or other written approval issued by a competent agency, the conversion must have the digital signature of the converting entity; and
- The information system is functional to serve the conversion.
In the opposite direction of conversion, printed document converted from data message must follow the requirements as follows:
- Ensuring the same integrity of information in data message;
- There is full information to identify the information system and its administrator for searching;
- Having a special signal confirming the conversion and the converting party’s information;
- If the data message is an electronic certificate, the conversion must have the signature, stamp (if any) of the converting party; and
- The information system is functional to serve the conversion.
The legal validity of the converted document shall be in accordance with the relevant regulations and will be specified by the Government.
E-signatures and Digital Signatures
As defined in the 2023 ET Law, e-signature is created in the form of electronic data that is attached to or logically associated with a data message to identify the signatory and authenticate his/her consent to the data message. The digital signature is an e-signature that uses an asymmetric algorithm consisting of a private key and a public key, wherein the private key is used to digitally sign, and the public key is used to verify the digital signature. That means digital signatures are specific forms of e-signatures.
Based on the scope of use, e-signatures are classified into three types comprising: (i) specialized e-signatures (chữ ký điện tử chuyên dùng) which are e-signatures designated and used by agencies and organizations for their particular purposes according to their functions and tasks; (ii) public digital signatures (chữ ký số công cộng) which are digital signatures used in public activities and secured by public digital signature certificates; and (iii) specialized digital signature for public services (chữ ký số chuyên dùng công vụ) which are digital signatures used in civil services and secured by civil service digital signature certificates.
Secured conditions for specialized e-signatures comprise:
- It must confirm the signatory and affirm the signatory’s consent to the data message;
- Data used to create the specialized e-signature must solely accompany the approved data message;
- Data used to create a specialized e-signature must only be under the control of the signatory at the time of signing; and
- The validity of the specialized e-signature could be examined under the conditions agreed upon by the parties.
For digital signatures, in addition to the secured conditions for specialized e-signatures, such signatures shall satisfy the following conditions:
- It must confirm the signatory and affirm the signatory’s consent to the data message;
- Data used to create the specialized digital signature must solely accompany the approved data message;
- Data used to create a specialized digital signature must only be under the control of the signatory at the time of signing;
- Any changes to the data message after the time of signing are detectable;
- It must be secured by a suitable digital signature certificate for each type of digital signature; and
- Signature creation device must ensure that the data used to create digital signature is confidential, unique, protected from forgery; used only once; and does not alter the data to be signed.
E-signature cannot have their legal validity disclaimed for the sole reason that they are expressed in the form of e-signatures, and the secured specialized e-signature or digital signature shall have legal validity equivalent to handwritten signatures of individuals on printed documents. It is worth noting that where any law requires a document to be authenticated by a specific agency or organization, it will be considered that a data message has fulfilled such requirement if it is signed by a special-use qualified e-signature or a digital signature of such agency or organization.
For the purpose of authentication and the confirmation of trust in professional e-transaction activities, the trust services have been released under the 2023 ET Law. Accordingly, the trust services have been divided into three types, including:
- Timestamp services to attach time information to a data message;
- Data message certification service includes the storing and certifying integrity data message service, and the sending and receiving service of secured data message; and
- Public digital signature certification services are digital signature certification services be used in public activities.
In transactions between a Vietnamese party and a foreign party, using foreign signatures/ e-signature certificates issued by foreign e-signature authentication service providers, such foreign e-signature authentication service providers and such foreign e-signatures/ e-signature certificates shall be recognized in accordance with the 2023 ET Law, so that foreign signatures/ e-signature certificates have legal validity in Vietnam. Accordingly, recognition requirements for such foreign e-signature authentication service providers are as follows:
- It is legally established and operated in country where its operation has been registered; and has technical audit reports of e-signature authentication service systems from auditing organizations legally operated in the country in which it is registered;
- Foreign e-signatures, and foreign e-signature certificates provided by it must satisfy technical standards and regulations on e-signatures and e-signature certificates according to regulations of Vietnamese laws or international standards that have been asserted or international treaties to which Vietnam is a signatory;
- Foreign e-signature certificates granted by it are created on the basis of authenticated personal identifiable information (PII) of foreign organizations and individuals;
- It must update current status of foreign e-signature certificates on trust service authentication systems of competent authorities of Vietnam; and
- It must have representative office in Vietnam.
Meanwhile, conditions for recognition of foreign e-signatures and foreign e-signature certificates in Vietnam comprise: (i) such foreign e-signatures and foreign e-signature certificates shall conform to standards and technical regulations under the laws of Vietnam, recognized international standards, or international treaties to which Vietnam is a contracting party; and (ii) the foreign e-signature certificates must also be established based on the fully authenticated identification information of foreign organizations and individuals.
For implementation of the mentioned regulations relating to recognition of foreign e-signature authentication service providers, foreign e-signatures, and foreign e-signature certificates, it hopes that the detailed and specific guidelines may be issued soon by the Ministry of Information and Communications (MIC).
Entry into and Execution of E-Contracts
As provided in the 2023 ET Law, an e-contract shall be concluded or executed through the interaction between an automated information system and a person or among automated information systems. Its legal validity cannot be denied for the sole reason that any inspection or intervention by humans in each specific action performed by the automated information systems or in the contract is not made. Unless otherwise agreed upon by contractual parties, an offer and acceptance of the offer to enter into the e-contract may be carried out through data message, and entry into e-contracts means the use of data message to execute part or whole of transactions in the process of entering into e-contracts.
In addition to complying with the provisions of the 2023 ET Law, the entry into and execution of e-contracts shall comply with contract laws and relevant regulations. Wherein, the 2023 ET Law clarifies that during the entry into and execution of an e-contract, parties shall have the right to agree with each other on the use of data message, e-means in a part or entire of the entry and implementation of an e-contract. In addition, parties can agree with each other on technical requirements, conditions for ensuring the integrity and confidentiality in association with such e-contract.
Conclusion
By remedying the identified shortages and existing ones, the 2023 ET Law provides a comprehensive legal framework for e-transactions in Vietnam, which is expected to enhance and facilitate the national digital transformation. However, certain regulations of the 2023 ET Law need specific guidance from competent authorities for practical implementation.