Decree No. 72/2013/ND-CP dated 15 July 2013 (“Decree 72”) on Internet services and online information has been one of key legal instruments in the realm of cyberspace, with some coining the decree as “Vietnam Internet Decree”. Despite the amendments made to Decree 72 in 2018, it appeared that many notable issues of the Internet today were still not addressed.
Government oversight of these services has become inevitable .The growing influence of foreign Internet service providers has also certainly played a critical role in pressuring Vietnam’s Government to address these issues quickly. In addition, Vietnam’s data center market is booming and projected to reach US$ 1641 million by 2025 due to the general shift of enterprises to cloud platforms and the growing embrace of IoT, big data and cloud-based solutions.
Last year, Vietnam’s Government issued a draft outline of a decree amending Decree 72, and on 5 July 2021 the draft decree was published. The Draft Amendment is now under public consultation with the phase looking to complete by 5 September 2021.
This article will focus on the proposed provisions on obligations of cross-border information providers and data center services.
Obligations of Cross-Border Information Providers
Current legislation requires organisations and individuals involved in cross-border provision of information via digital platforms (e.g. websites, social networking sites, online applications, search engines) to (1) provide the Ministry of Information and Communications (“MIC”) with their contact information, including name, address, and local contact point, and (2) collaborate with MIC to take down or block access to illegal content on their platforms. These requirements are imposed on those who (i) rent digital information storage facilities in Vietnam, or (ii) are used or accessed by at least one million monthly internet users in Vietnam. The Draft Amendment has proposed to expand the reach of criteria (2) to those who have 100 thousand monthly unique visitors and to impose the following additional obligations of cross-border information providers:
The content of the above-mentioned annual/ad-hoc report to MIC is required to cover, among others, the number of user accounts and unique visitors, revenue in Vietnam, Vietnamese users’ complaints that have been handled, number of illegal contents that have been handled, and contact information upon the time of report.
Notably, the Draft Amendment has proposed that upon MIC’s request, cross-border information providers must establish a mechanism able to take down/restrict content and temporarily lock/remove upon Vietnamese users’ requests in relation to these two types of illegal contents: 
If enacted, this provision under the Amended Decree may become the first to require cross-border information providers to take actions against IP infringing content per users’ requests.
Inspired by the recent Australian new media law and pressure on social media platforms to share revenue with the traditional press, a new requirement to enter into content cooperation agreement with the Vietnamese press when providing information cited from the local media has now also established.
Data center services
The Draft Amendment introduced definitions of the data center services, including dedicated server, co-location, data storage services, and cloud computing. Cloud computing was defined to include Infrastructure as a service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Business license requirement. The Draft Amendment requires providers of data center services to apply for a business license for offering data center services before the MIC. In addition, provision of data center services to clients abroad must also be properly informed to the MIC. Providers must (i) follow the relevant technical standards in designing, building, and operating the data center; (ii) have software and applications to manage and store customer information; and (iii) possess a procedure in place to verify information and protect customers’ data.
Further obligations. On the basis of finding their clients conducting illegal activities, providers of data center services are compelled to stop serving and to report their clients to the authorities. The authorities can also request them to stop serving the violating clients. In addition, the providers cannot transfer their clients’ data abroad and must sufficiently apply measures to protect the data. Records of client information should be kept for at least five years after the services of data center for that client ended.
The Draft Amendment also requires that the contract of data server services include without limitation to information of prohibited activities, agreed level of services and technical standards, and identifiable information of the customers.
The Draft Amendment impacts all major players in the tech industry, including cloud service providers, social media platforms, and cross-border information provider. Both local and overseas tech-based Internet service providers are recommended to keep a close watch on the developments of the Draft Amendment, as relevant changes on Internet regulations will call for timely compliance.
 Vietnam Data Center Market Prospects & Upcoming Trends and Opportunities Analyzed for Coming Years, https://www.marketwatch.com/press-release/vietnam-data-center-market-prospects-upcoming-trends-and-opportunities-analyzed-for-coming-years-2021-06-03?siteid=bigcharts&dist=bigcharts&tesla=y
 Article 1.17 of the Draft Amendment on proposal to amend Article 22 of Decree 72
 The illegal information as prescribed in Clause 1, Article 5 of this Decree
 Article 1.3 of the Draft Amendment on proposal to amend Article 5 of Decree 72
 Article 1.2 of the Draft Amendment on proposal to add Article 3.41 to Decree 72
 Article 1.71 of the Draft Amendment on proposal to add Article 44d to Decree 72
 Article 1.71 of the Draft Amendment on proposal to add Article 44h to Decree 72
 Article 1.71 of the Draft Amendment on proposal to add Article 44e to Decree 72