With traditional brick-and-mortar economic activities rapidly transformed by the Internet and advanced technologies, there is a respective growing demand for legislative amendments to adapt to current changes, and Vietnam is by no means an exception to this rule. In 2005, Vietnam enacted its E-transaction Law, which reflected several provisions of the UNCITRAL Model Law on Electronic Commerce (1996) and Electronic Signature (2001), serving as the country’s legal framework for transactions carried out by electronic data exchange and other means of communication. After nearly two decades of implementation, the Law, however, gradually proved to be ineffective in dealing with emerging issues of the digital economy related to, for instance, the operation of digital platforms or the utilization of sophisticated technologies like AI, blockchain, targeted marketing techniques, etc. This prompted the development of a new legal regime – the draft Law on E-transactions (“Draft Law“).
The Draft Law was first formulated in 2021, and there have been five draft versions up until now. This month observes the first time the 15th National Assembly (“NA“) discusses the Draft Law in its fourth session, which is set to be officially promulgated in May 2023. Notable provisions under the latest publicly available version of the Draft Law (i.e., Version 5 submitted to the NA recently) revolve around electronic contracts and signatures, digital platforms, data privacy, and cybersecurity. Such issues leave plenty of concerns about the rationale and enforceability of the Draft Law over the businesses’ operations.
1. Electronic contracts and electronic signatures
Electronic contracts and signatures are vital elements of electronic commerce. In its explanatory note, the lead drafting Agency – Ministry of Information and Communication “MIC” – analyzed that since UNCITRAL Model Laws remained quite generic by nature and seemed to be tailored for developed countries, the internalization of which into Vietnamese laws raised the question of enforceability, especially regarding the assurance of e-transactions’ legal validity. It should be noted, among others, that Vietnam only has legislative guidelines on the use and legal recognition of secured digital signatures, leaving businesses struggling to adopt other types of e-signatures that are vulnerable to a dispute over their validity. In this regard, the Draft Law first introduces the concept of a “private electronic signature” (“PES“), which satisfies the following conditions:
- The signature confirms the signatory and their approval of the data message;
- The signature’s creation data is exclusively associated with the approved content;
- The signature’s creation data is under the sole control of the signatory at the time of signing; and
- The validity of the signature can be examined under the conditions as agreed upon by the parties.
Accordingly, a secured PES will guarantee the legal validity of an electronic signature. Although the “security” of a PES used by organizations can be verified upon registration with the MIC, that of a PES used by individuals remains unclear, causing deep concerns from businesses, especially importers, exporters, and the banking industry about the actual practical implementation of the Draft Law’s amendments on e-signatures.
Other newly proposed provisions on e-contracts include the legal validity of e-contracts executed through automated information systems, the right to withdraw transaction information in case of an error in typing contract information, or the principles and requirements in concluding and performing e-contracts in cyberspace. Companies that actively engage in the use of e-contracts should closely monitor the development of these legal provisions to ensure adequate compliance with laws.
2. Digital platforms
Besides traditional e-transaction-related issues such as e-contracts and e-signatures, the drafting agency incorporated a special section regulating digital platforms into the Draft Law. Indeed, digital platforms are among the key drivers of innovation and digitalization. Statistics have shown that Vietnam’s e-commerce industry maintained a stable growth rate even during the Covid-19 pandemic, which is foreseen to boom in the coming years. Attempting to regulate this sector, the Draft Law takes great inspiration from the European Union’s Digital Markets Act and Digital Services Act in developing certain obligations for digital platforms. However, the proposed scope and definition of digital platforms under the Draft Law are still relatively broad and obscure, resulting in online stakeholders’ uncertainty regarding whether their operations would be classified as digital platforms and subsequently be subject to the corresponding requirements.
Furthermore, certain obligations under the Draft Law imposed on digital platforms, as varied by platforms’ scale, are expressed by industry stakeholders to be onerous or ambiguous, notable among which is the obligation to ensure the readiness to implement technical connection with state agencies’ systems, or that to proactively and annually review and assess situations, suggest solutions and report to the MIC on past incidents or risks of the information systems being abused to conduct infringing acts. On the other hand, there have also been positive changes reflected under the fifth version of the Draft Law as a result of effective policy advocacy, such as the replacement of platform administrators’ duty to publicize algorithms used in targeted advertising with that to disclose general purposes and parameters/criteria utilized in such a process.
Vietnam’s special efforts in administering digital platforms can also be seen via platform-wise provisions under the draft Law on Consumer Rights’ Protection, which contain obligations of platform administrators relatively similar to that of the Draft Law, such as the communication of real-time data to authorities for state supervision purposes or other obligations related to targeted advertising and content moderation, inevitably triggering the concern of legislative contradictions and overlapping. In a different context, heated debates have been sparked as to whether digital platforms should be solely regulated by e-transaction laws instead of consumer protection laws or, in a more extreme manner, whether they should not fall under the purview of either of the two laws at all. To date, it seems that they still remain as unsettling questions.
3. Data safety and cybersecurity
Transmission of data undoubtedly facilitates the operation of e-commerce, rendering data security among top priorities in governments’ legislative agenda in the current trend of global digitalization. The Draft Law dedicates one chapter to govern matters related to data safety and cybersecurity in e-transactions. Accordingly, data processors bear the following responsibilities:
- Establish a system to ensure the security of data messages throughout the process, [and to] apply technical measures to ensure the security of data messages per laws;
- Promptly notify users of security incidents concerning data messages and report to the MIC per laws;
- Comply with the Law on data processing, [and] appoint an officer and department for data message security protection.
Since data messages in this context can encompass both personal and non-personal data, the stipulation of the above requirements possibly overlaps with the upcoming Personal Data Protection Decree and, to a lesser extent, the draft Law on Consumer Rights’ Protection. Prudent revision of the Draft Law is essential to guarantee consistency throughout legislative documents.
E-commerce is, and will be, constantly evolving, making legislation gradually outdated. To this end, it is fascinating to see how the Draft Law will materialize into a regulation that can strike a fair balance between ensuring state management duties and promoting a business-facilitative environment in this Fourth Industrial Revolution era.