The Vietnam Chamber of Commerce and Industry (VCCI) has pointed out discrepancies between some provisions of the draft Law on Cyber Security and the nation’s commitments to the World Trade Organization (WTO) and the Vietnam-EU Free Trade Agreement (EVFTA).
VCCI has written to the National Assembly Security and Defense Committee detailing the incompatibility between the draft law and Vietnam’s commitments to WTO and EVFTA. The draft law, crafted by the Ministry of Public Security, is now on the table of the National Assembly (NA) for discussion.
VCCI said Article 34 of the draft law specifies: “Foreign firms providing telecommunication and Internet services in Vietnam shall comply with Vietnamese regulations, respect national sovereignty, interests and security, user interests, obtain licenses, locate their representative offices and servers in Vietnam, and secure user data and accounts...”
However, according to Vietnam’s WTO and EVFTA commitments, foreign telecommunication and Internet service providers are not required to locate their representative offices in Vietnam.
Besides, Article 14.13 of the Trans-Pacific Partnership (TPP) agreement which Vietnam signed in February 2016 says: “The Parties agreed not to require the use of computing facilities within their territories as a condition for doing business.”
Although the NA has not approved the TPP, Vietnam and 10 other Pacific Rim countries are still conducting negotiations to finalize a deal without the United States. Therefore, VCCI said the draft law should run counter to the TPP.
VCCI said the country’s Cyber Information Security Law crafted by the Ministry of Information and Communications came into effect on July 1, 2016, so there is no need to issue a law on cyber security.
Article 11 of the draft law states the Ministry of Public Security is responsible assessing providers of cyber information security services. However, Article 44 of the Cyber Information Security Law regulates the Ministry of Information and Communications is in charge of coordinating with relevant ministries and agencies to issue licenses for those entities providing cyber information security products and services.
This is a clear indication that the Draft Law on Cyber Security and the Cyber Information Security Law overlap to some extent.
VCCI noted some requirements in the Ministry of Public Security’s draft law would make life difficult for businesses and push up the cost of doing business in the cyber security domain.
VCCI suggested the Ministry of Public Security eliminate Article 49 of the draft law that requires enterprises to ask the ministry for permission before finalizing their contracts because the draft law does not provide the procedures for doing so.
SGT