Clarifying the responsibilities of businesses providing social networking platforms and internet services

National Assembly deputies agreed on the necessity of enacting a Cybersecurity Law to create a unified and comprehensive legal framework for protecting national digital sovereignty . At the same time, it aims to meet the practical requirements of the digital transformation process and ensure non-traditional security in the current era of artificial intelligence (AI).

Regarding prohibited acts, the draft law has added the act of using AI to impersonate identities and create false images and sounds.

While acknowledging the necessity of this, Nguyen Thi Viet Nga ( Hai Phong ) argued that some of the listed behaviors overlap with those already stipulated in the Criminal Code, such as propaganda against the State or unauthorized access to information systems. Therefore, the representative suggested that the draft Law should only list specific cybersecurity behaviors not covered by the Criminal Code to avoid duplication and ensure the principle of one specific offense, one specific penalty.

From another perspective, National Assembly Deputy Tran Khanh Thu ( Hung Yen ) suggested that the drafting agency should review and supplement the list of prohibited acts, especially those involving the use of AI to create images, spread false information, or impersonate individuals in order to slander, deceive, and harm public order and national security.

Regarding the protection of information systems by level, the draft Law stipulates 5 levels for protecting information systems, but lacks specific criteria to distinguish between these levels, especially the criteria for "serious damage" and "exceptionally serious damage".

Arguing that the lack of quantitative standards would make it difficult for agencies and businesses to determine levels themselves, easily leading to arbitrary application, Representative Nguyen Thi Viet Nga proposed that the Government be tasked with providing detailed regulations through a guiding decree with a system of quantitative criteria to ensure consistency and feasibility.

Furthermore, the draft law has expanded the scope of protection from children to vulnerable groups, including the elderly, people with disabilities, and those with limited civil capacity. While acknowledging this as a very new and progressive point, Representative Nguyen Thi Viet Nga noted the need to clarify the enforcement mechanism, particularly the responsibility of businesses providing social media platforms and internet services. "Instead of requiring content control, there should be regulations establishing a mechanism for warning, reporting, and coordinating the handling of content that harms vulnerable groups," the representative stated.

Regarding the prevention and handling of cyber security breaches, delegate Tran Khanh Thu proposed adding vulnerable groups such as the elderly or those with limited or no civil capacity to be protected; and supplementing regulations to prevent, deter, and promptly handle acts of using AI to simulate faces for fraud, defamation, and impersonation of celebrities or their relatives, affecting social order.

Regarding the management of cybersecurity product and service businesses, some National Assembly deputies believe that the draft law still leans towards "pre-approval," requiring businesses to have business licenses and professional certificates. This approach easily increases administrative procedures and compliance costs, especially for startups in the technology sector.

Therefore, delegates suggested that the drafting agency review and include regulations to shift to a "post-inspection" mechanism, meaning that businesses would be free to operate if they met technical standards and regulations, and the State would conduct inspections only after signs of violations were detected. This regulatory approach would also ensure compliance with the requirements set forth in Resolution No. 66-NQ/TW of the Politburo on institutional reform and the development of the digital economy.