The National Assembly has passed the Law on Network Security (amended), this law takes effect from July 1, 2026.
The drafting agency of this Law has devoted a Chapter to stipulate the responsibilities of agencies, organizations, and individuals regarding network security.
In which, the law stipulates that the responsibility of service providers is to comply with the provisions of law on network security.
Warn of the possibility of network security loss in the use of services in the network space provided by them and guide preventive measures for service users; develop emergency response plans to ensure network security to proactively handle weaknesses, risks and network security incidents.
When network security incidents occur, immediately deploy emergency response plans to ensure network security, and immediately report to specialized forces to protect network security according to the provisions of this Law.
Apply measures and technical solutions to ensure network security for data processing activities, personal data processing according to the provisions of this Law, data law, personal data protection law and other relevant legal regulations.
In addition, they are responsible for identifying IP addresses of organizations and individuals using internet services; providing IP address identification information to specialized network security forces to implement network security measures.
Coordinate to implement according to the guidance of the network security protection force under the Ministry of Public Security to establish a connection system, connect technical transmission lines, transmit data and meet other necessary conditions to deploy network security protection solutions and measures when requested to serve the investigation, verification, and handling of violations of the law on network security.
The law also stipulates the responsibilities of agencies, organizations, and individuals using cyberspace. Typically, they must comply with the provisions of law on cybersecurity.
Responsible for ensuring the confidentiality of registration information, opening, managing, and using their digital accounts. In case of using digital accounts to commit illegal acts, the owner of the digital account, the user of the digital account shall be disciplined, administratively sanctioned or prosecuted for criminal liability.
If it causes damage to the interests of the State, the legitimate rights and interests of organizations and individuals, damages must be compensated according to legal regulations.
In addition, promptly provide information related to network security protection, network security threats, and cyber security violations to competent authorities and network security protection forces.
Implement the requirements and guidance of competent authorities in protecting network security; assist and create conditions for agencies, organizations and responsible people to take measures to protect network security...
