Clarifying the responsibilities of businesses providing social networking platforms and internet services

The National Assembly deputies agreed on the need to promulgate the Law on Cyber ​​Security to create a unified and comprehensive legal framework for protecting national digital sovereignty . At the same time, it meets the practical requirements of the digital transformation process and ensures non-traditional security in the current era of artificial intelligence (AI).

Regarding prohibited acts, the draft Law has added the act of using AI to fake identities and create false audio images.

Affirming that this is very necessary, however, Nguyen Thi Viet Nga ( Hai Phong ) said that some listed acts overlap with the Penal Code such as acts of propaganda against the State or illegal intrusion into information systems. Therefore, the delegate suggested that the draft Law should only list specific acts of cyber security that are not yet regulated by the Penal Code to avoid overlap and ensure the principle of one act, one sanction.

From another perspective, National Assembly Deputy Tran Khanh Thu ( Hung Yen ) suggested that the drafting agency consider and review to fully supplement prohibited acts, especially acts of using AI to create images, spread false information or fake identities to slander, defraud and harm public order and national security.

Regarding information system protection by level, the draft Law stipulates 5 levels to protect information systems but there are no specific criteria to distinguish between the levels, especially the criteria of "serious damage" and "especially serious damage".

Believing that without quantitative standards, it will be difficult for agencies and businesses to determine their own levels, leading to arbitrary application, delegate Nguyen Thi Viet Nga suggested that the Government should specify details in a guiding decree with a system of quantitative criteria to ensure consistency and feasibility.

In addition, the draft Law has expanded the protection scope from children to vulnerable people, including the elderly, people with disabilities, and people with limited civil capacity. Assessing this as a very new and progressive point, however, delegate Nguyen Thi Viet Nga noted that it is necessary to clarify the enforcement mechanism, especially the responsibility of businesses providing social networking platforms and internet services. "Instead of requiring content control, it is necessary to stipulate a mechanism for warning, reporting and coordinating handling when detecting content that harms vulnerable people," the delegate stated.

Regarding the prevention and handling of cyber security violations, delegate Tran Khanh Thu proposed adding protected subjects such as vulnerable people such as the elderly or people with limited or lost civil capacity; adding regulations to prevent, stop and promptly handle acts of using AI to simulate faces to defraud, defame and impersonate the identities of famous people or their relatives, affecting social order.

Regarding the management of business activities of cyber security products and services, some National Assembly deputies said that the draft Law still tends towards "pre-inspection", requiring businesses to have a business license and a practice certificate. This approach can easily increase administrative procedures and compliance costs, especially for startups in the technology sector.

Therefore, delegates suggested that the drafting agency review and have regulations to switch to a "post-inspection" mechanism, meaning that enterprises are free to conduct business if they meet technical standards and regulations and the State inspects after there are signs of violations. Such a regulation also ensures compliance with the requirements set out in Resolution No. 66-NQ/TW of the Politburo on institutional reform and digital economic development.