Comments on Draft Law on Telecom in Vietnam

Please click here to download the pdf version with full citations.

In this post, we provide our comments to the draft Law on Telecom provided to us recently. The comments are prepared by Nguyen Quang Vu and Trinh Phuong Thao.

1.        Data center services and cloud computing services should be excluded from Law on Telecom

Position under the draft Law on Telecom

The draft Law on Telecom:

  • considers data center services and cloud computing services to be telecommunication services;

  • requires onshore providers of data center services and cloud computing services to obtain a telecom license; and

  • requires offshore providers of cross-border data center services and cloud computing services to sign a contract with a Vietnamese telecommunication service provider or to set up a representative office in Vietnam.

If adopted as currently drafted, immediately when the amended Law on Telecom becomes effective:

  • all onshore providers of server leasing service will need to obtain a telecom license;

  • all onshore software providers who deliver software over the internet (e.g. Google App Store or Apple App Store) will need to obtain a telecom license;

  • all onshore e-commerce apps or software which operate in the model of client-server will need to obtain a telecom license; and

  • all offshore service providers of cross-border software, software as a services (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) or e-commerce services will need to sign a commercial contract with a Vietnamese telecommunication service provider or establish a representative office in Vietnam.

Our recommendation

We recommend that all data center services and cloud computing services should be removed from the scope of application of the Law on Telecom. Accordingly, all licensing requirements proposed under the draft Law on Telecom should be removed. This is because:

  • Data center services/cloud computing services are not telecommunication services. In particular, From a technical perspective, data center services and cloud computing services are IT/software services or computer-related services, which are delivered to users via telecommunication network (mostly the internet). The fact that those services are delivered users over the internet or telecommunication network should not make them telecommunication services itself. WTO Secretariat also has similar explanation where telecommunication may be used as a “means of delivery” for many other services and suppliers of such services as computer services, which do not own or operate their own networks, are just “user” of telecommunication network and services, not the “supplier” (2)  Under WTO Commitments of Vietnam, Vietnam has agreed that “Computer and Related Services” (CPC 84) includes key functions of cloud computing services (e.g. data processing, data storage, data hosting, and database services). So making cloud computing services telecommunication service is inconsistent with Vietnam’s commitment to the WTO.

  • There are already laws regulating cloud computing service and data center services. The Law on Information Technology 2006 already regulates cloud computing services and data center services in terms of investment or business activities. The Law on Cyber Security 2018 already regulates cloud computing services and data center services in terms of security and safety. Accordingly, expanding the scope of the Law on Telecom to regulate cloud computing services and data center services will result in overlapping and redundant regulations. If the National Assembly considers that additional regulations are necessary, we suggest that amendments should be made to the Law on Information Technology or the Law on Cyber Security.

  • Imposing new conditions and new licensing requirement is in consistent with the Politburo’s Resolution on the 4th Industry Revolution. The Politburo of the Communist Party of Vietnam has issued a Resolution 52-NQ/TW stipulating certain policies to facilitate the 4th Industry Revolution. In particular, the Politburo has decided that the legal framework must be adjusted to create “favourable conditions” for the digital transformation of the nation and for the development of products and services based on digital technology, Internet and cyber space. Cloud computing and data center are among the key elements for the digital transformation of the nation and for the development of products and services based on digital technology, Internet and cyber space. Obviously, requiring every single providers of cloud computing services and data center service to obtain an additional license and to comply with additional obligations is not a favourable condition required by the Politburo’s resolution.

  • The requirements of offshore service providers to sign a contract with a Vietnamese telecommunication service provider is inconsistent the WTO’s Commitment of Vietnam on telecommunication services (see 2).

2.         The market access conditions applicable to the provision of cross-border telecommunication services are inconsistent with WTO Commitments of Vietnam and the CPTPP and should be amended.

Position under the draft Law on Telecom

Except for certain cases, the provision of cross-border telecommunication services (including cloud computing or data center services (see 1)) must be made through commercial agreements signed with Vietnamese telecommunication service providers.

The provisions of:

  • cross-border cloud computing services, or data center services; or

  • cross-border “basic telecommunication service over the internet” in certain cases,

in each case, must be made through a commercial contract with a Vietnamese telecommunication service provider or subject to the establishment of a representative office in Vietnam.

Our recommendation

The requirements to sign a commercial contract with a Vietnamese telecommunication service provider to provide cross border telecommunication services should be limited to wire-based and mobile terrestrial services and satellite-based services. This is because:

  • In the WTO Commitments of Vietnam, Vietnam undertakes not to impose market access conditions to the cross border supply of telecommunication services including basic telecommunication services and value added services except for wire-based and mobile terrestrial services and satellite-based services; and

  • In the CPTPP, Vietnam undertakes to allow the provision of cross-border supply of telecommunication services except that foreign service suppliers are not allowed to supply satellite-based services unless the services are offered through commercial arrangements with Vietnamese international satellite service suppliers duly licensed in Viet Nam.

The requirements to set up a representative office in Vietnam to provide cross border telecommunication services should be removed. This is because:

In the CPTPP, Vietnam undertakes not to require a service supplier of another Party to establish or maintain a representative office or any form of enterprise, or to be resident, in its territory as a condition for the cross-border supply of a service. The exception to this requirement is limited only to Vietnam’s non-conforming measures under Annex I and II of CPTPP including, among others, the “right to adopt or maintain any measure with respect to investment in, building of, operating and exploiting telecommunication networks and services serving ethnic minorities in rural and remote areas of Viet Nam”.

3.         The authority’s right to order providers of cloud computing service or data center services to stop providing services or access to its customers‘ data should follow the Criminal Procedures Code 2015

Position under the draft Law on Telecom

The draft Law on Telecom requires providers of cloud computing service or data center services to stop providing its customers with services or access to the relevant data when requested by the competent State authority.

Our recommendation

Data and information of an enterprise or an individual is essential to their operation and business. If an enterprise is cut off from its data (e.g. a bank losing access to its customers data), it will suffer significant losses and damages. When a Government authority decides to cut off a company’s access to its data and information held by cloud computing service provider or data center services provider, it should follow a due process, which may be similar to the procedure of applying any coercive measures by the authority under the Criminal Procedures Code 2015. For example, to apply the measure of account freezing (phong tỏa tài khoản), the authorities must follow the following procedures:

  • the competent authority determines the specific reasons to apply this measure (e.g., the amount in that account is related to a criminal act of an accused person);

  • the competent authority to issue an order on account freezing and notify the People’s Procuracy of Vietnam of the same level before implementation;

  • the competent authority to deliver the order on account freezing to the credit institution or State Treasury managing the relevant account and such delivery must be recorded in writing; and

  • implementation of the order on account freezing by the credit institution or State Treasury must also be recorded in writing with sufficient copies, including one for the accused person and the person related to the accused person.

Info
Written by Nguyen Quang Vu On In ,