Electronic Identification And Authentication – Security

0

To print this article, all you need to do is be registered or log in to Mondaq.com.

On September 5, 2022, the government issued Decree 59/2022/ND-CP (Decree 59) regulating electronic identification and authentication. This decree should facilitate the identification of information in the online environment. Executive Order 59 came into effect on October 20, 2022.

In this update, we’ve laid out some notable points from Decree 59.

1. Electronic Identity

Electronic identity (eID) means the information of a person or organization in the electronic identification and authentication system. This eID, which every individual and organization will receive, enables identification and enables more efficient and systematic management of information in the online environment.

There will be three types of eID, namely an eID for a Vietnamese citizen, an eID for a foreigner and an eID for an organization. The eID of Vietnamese and foreign individuals shows personal and biometric information such as portrait photo and fingerprints, the organization eID only shows company information.

2. Electronic Identity Account

2.1 Scope

Decree 59 also introduces a electronic identity account (eID account) in the form of a set of user names, passwords or other authentication methods created by the electronic identification and authentication regulator. The eID account will be granted to Vietnamese or foreign citizens who are at least 14 years old. Citizens under the age of 14 or neighborhoods1 may share the eID Account with their parents or guardians.

The eID account will also be granted to relevant authorities or organizations that are established or have successfully registered their operation in Vietnam.

2.2 Information display

eID accounts are divided into two types based on the information displayed:

  • Level 1 displays an individual’s personal information and portrait photo.

  • Level 2 shows
    • an individual’s personal information, portrait photo and fingerprint; Where

    • corporate information of an organization.

Thus, an organization can only have the level 2 eID account.

2.3 Purpose

Subject to the types of eID Accounts defined above, the purpose of eID Accounts differs:

  • Level 1 eID accounts can be used to prove personal information for activities and transactions that require personal information; and

  • Level 2 eID accounts can be used to prove:
    • personal information in activities and transactions that require the provision of personal information and will replace
      • the Citizen Identity Card for Vietnamese citizens; Where

      • a passport or other valid travel documents for foreigners; and


    • identity information of organizations in activities and transactions that require the provision of information about the organization.

Considering the above, the application of eID accounts will reduce identification steps and speed up administrative procedures and transactions in the electronic environment.

In addition, Decree 59 regulates the use of eID accounts in VneID which is an application on digital services created by the Ministry of Public Security (MPS). It is used for electronic identification2 and authentication3, as well as the procedures for registering and using electronic services by eID subjects to activate and use their eID Accounts.

3. Electronic Authentication Services

Finally, Decree 59 specifies the conditions for providing electronic authentication services and the related procedures. Note that providing electronic authentication services is a conditional line of business. Service providers are required to obtain the Certificate of Satisfaction with Electronic Authentication Activity Conditions issued by the MPS if the following conditions are met:

  • Be a state-owned utility unit or company under the control of the People’s Public Security Forces;

  • Fulfill requirements on staff qualifications and citizenship; and

  • Respond to technical conditions on information security systems and storage plans, and information on machinery and equipment currently held in Vietnam.

Footnotes

1 According to the Civil Code, a ward is a minor who has no parents or whose parents are unidentifiable or incapable, have limited cognition, behavioral control or exercise capacity, have restricted parental rights by a court or do not have the means to care for or educate a minor and the parents request that the minor be under guardianship. A service can also be an adult who is an incompetent person or a person with limited cognition or behavioral control.

2 Electronic identification refers to an act of registering, verifying, creating and linking an eID to an eID holder.

3 Electronic authentication refers to an act of confirming or asserting the identities attached to an eID holder by accessing, discovering and examining these identities using various information sources or by verifying an account eID.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: Technology from Vietnam

Report on cybersecurity, technology and data risks

Wotton and Kearney

Summary of the month’s news on cybersecurity, technology and data risks for insurers, brokers and their customers doing business in Australia and New Zealand.

RBI Notifies Digital Lending Guidelines

Khaitan & Co LLP

On September 2, 2022, the Reserve Bank of India (RBI) issued the “Digital Lending Guidelines” (Guidelines) to Banks and Non-Banking Financial Companies (NBFCs)…

Share.

Comments are closed.