Strengthening Online Security: New Regulations for Internet Safety

The Authority of Information Security (AIS), part of the Ministry of Information and Communications (MIC), has introduced significant legal frameworks concerning online safety. These include Decree 147, which governs Internet use and online information, and Decree 137, which addresses electronic transactions involving governmental entities and their information systems.

Notably, Decree 137 outlines the concept of ‘network trust’ along with criteria for evaluating it, marking a major development in governmental policy. ‘Network trust’ serves as a certification indicating that electronic transaction systems comply with established regulations.

To qualify for this certification, information systems must adhere to specific security laws and obtain user consent before collecting personal data, unless legally exempt. Additionally, users’ data must be secured through encryption, employing robust algorithms from trusted sources.

Furthermore, the domains of these systems must not be listed among those deemed unsafe by the MIC, which maintains a blacklist at tinnhiemmang.gov.vn.

To achieve network trust certification, systems must also guarantee the absence of harmful content, such as malware or misleading information that could be damaging to users.

System administrators are encouraged to evaluate and publicly affirm their compliance with network trust standards.

AIS points out that these regulations empower citizens to trust websites identified with network trust labels, distinguishing genuine sites from counterfeit ones.

As of the end of October 2024, the National Cyber Security Monitoring Center (NCSC) reports that AIS has issued network trust certifications to 5,942 electronic transaction systems operated by public agencies. In the same month, the NCSC identified 49 fraudulent websites impersonating legitimate organizations.

By late October 2024, the online fraud prevention database had recorded 125,448 counterfeit websites, used by malicious actors to deceive the public and damage the reputations of legitimate agencies.

The national cybersecurity monitoring system has processed over 10.5 billion entries, successfully blocking more than 14,552 harmful websites, which includes approximately 3,300 fraudulent sites, thus safeguarding more than 11.32 million users.