Experts were invited to share international experiences/best practices in ongoing dialogue as the Government works to finalize Draft Cybersecurity Sanctions Decree.

The Vietnamese Ministry of Public Security (MPS) hosted "Workshop on International Experiences in the Field of Cybersecurity Administrative Sanctions" on 25 November 2022 in Hanoi. The Workshop featured presentations by experts from the public and private sectors that shared experiences on the implementation of administrative violations and penalties in cybersecurity.

The Draft Decree on Sanctions Against Administrative Violations in Cybersecurity (Draft Cybersecurity Administrative Sanctions Decree), which was released on 20 September 2021 and underwent public consultation, remains pending and some provisions (e.g., data localization/local office requirements) in the Law on Cybersecurity and its implementing Decree 53 have not yet been enforced. Also, the Draft Personal Data Protection Decree, which also sits under the Law on Cybersecurity, is still under government review. As such, this Workshop gave diplomatic missions, business organizations, IT and cybersecurity experts a valuable opportunity to share international best practices and advocate before the relevant authorities and drafting/editing team of the Draft Cybersecurity Administrative Sanctions Decree.

Speakers included the U.S. Department of Justice, EuroCham Vietnam, Japanese Chamber of Commerce and Industry in Vietnam, Samsung Electronics Vietnam, Asia Internet Coalition, and the Vietnam Business Forum. They shared perspectives from the US, EU, Japan, South Korea, and Southeast Asia. Recommendations made for building policy/legislation highlighted the importance of regulations consistent with international standards but also reflecting local sensitivities. The private sector offered specific comments on the need for regulations that have actual deterrent effects, incentivizing voluntary compliance, provide for an appeal mechanism, are consistent with existing legal instruments, and can be objectively enforced. Requests for further guidance on unclarities in the Law on Cybersecurity and Draft Cybersecurity Administrative Sanctions Decree (see here and here for details) and implementation roadmaps were also made throughout the Workshop. In response, the MPS said it would carefully review what had been shared at the Workshop as it works to finalize the Draft Cybersecurity Administrative Sanctions Decree.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.