Conditions for enterprise to provide digital signature authentication service

Currently, the demand for using digital signatures is increasing, many enterprises want to conduct  the digital signature authentication service. According to the provisions of the Law on Investment, the provision of digital signature authentication service is a conditional business activity. In order to provide digital signature authentication service, LMP will support customer in carrying out the following procedures:

Legal basis: Decree 130/2018/ND-CP

A. Having Certificate for providing digital signature authentication service issued by the Ministry of Information and Communication

1. Condition for issuing Certificate for providing digital signature authentication service 

Condition Content
Finance Deposit at a commercial bank operating in Vietnam with an amount of at least VND 05 (five) billion to deal with the risk and compensations arising during the service provision due to the fault of digital signature authentication service provider and pay the cost for receiving and maintaining the enterprise’s database in case of Certificate revocation.
Human resource Having personnel for: System administration, system operation and issuance of digital certificate, ensuring information security of the system. In which, personnel shall have at least university degree, majoring in information security or information technology or electronic telecommunication.
Technical (1) Set up system of technical equipment to ensure the following requirements:

– Fully, accurately filing and updating subscriber’s information for the issuance of digital certificates during the validity period of digital certificate;

– Fully, accurately filing and updating the list of valid, suspended and expired digital certificates and allow, guide the Internet users to access online 24 hours/a day and 7 days/ a week;

– To ensure to generate the pair of keys allowing each pair of keys to be random and exactly generated at once time; having function for ensuring that the private key is not discovered when the corresponding public key is available;

– Having function of warning, preventing and detecting illegal access on the network environment;

– Designed for minimizing the direct exposure to the Internet environment;

– The key distribution system for subscribers shall ensure the integrity and confidentiality of the pair of keys. In the case of key distribution through the computer network environment, the key distribution system must use security protocols to ensure to not disclose information on the transmission.

(2) Having a technical plan which meets the requirements to ensure information system security and the valid applicable technical regulations and standards on digital signatures and digital signature authentication;

(3) Having plans to control the entrance to the office, the right to access the system, the right to access the place where the equipment for providing digital signature authentication services is located;

(4) Having backup plans to ensure safe and continuous operation and remedy when problems occur;

(5) Having plan to provide subscriber information online for the National Digital Signature Authentication Service Provider, serving the state management of digital signature certification services;

(6) The entire system of equipment for providing services is located in Vietnam;

(7) Having head office and place where machinery and equipment are located in accordance with the requirements of the law on fire and explosion prevention and fighting; having the ability to floods, floods, earthquakes, electromagnetic interference, illegal human intrusion fighting;

(8) Having authentication regulation according to the form specified in the certification regulation of the National Digital Signature Authentication Service Provider.

2. Dossier

– An application for obtaining the Certificate to provide public digital signature authentication services;

– Confirmation of deposit from a commercial bank operating in Vietnam. This confirmation must include, but is not limited to, an unconditional and irrevocable commitment to pay the Escrowee any amount within the limits of the deposit to cover the risks and possible compensations during the service provision due to the fault of the public digital signature authentication service provider and payment of the cost of receiving and maintaining the enterprise’s database in the case of license revocation;

– Personnel records include: Curriculum vitae, diplomas and certificates of technical staff participating in the provision of digital signature authentication services of enterprises that meet the above personnel requirements.

– Technical plan to ensure the above technical conditions.

– Authentication regulation according to the form specified in the Authentication Regulation of the National Digital Signature Authentication Service Provider.

  1. Issuing authority: Ministry of Information and Communications
  2. Statutory timeline: 50 days from the date of submission of full and valid dossiers

B. Having digital certificate issued by the National Digital Signature Authentication Service Provider

1. Conditions for issuance of digital certificate 

– Certificate for providing digital signature authentication service issued by the Ministry of Information and Communication.

– Actual technical system complies with the licensing dossier.

– The public key on the digital certificate is the only one and is the same pair with the private key of the public digital signature authentication service provider requesting the digital certificate.

2. Dossier for issuance of digital certificate

– An application for the national digital signature authentication service provider to issue a digital certificate;

– A copy of the Certificate to provide public digital signature authentication services;

– Other documents as prescribed in the authentication regulations of the National Digital Signature Authentication Service Provider.

3. Issuing authority: National digital signature authentication provider

4. Statutory timeline: 30 working days from the date of submission of full and valid dossiers.

Through the support of LMP, customers can consider the conditions and risks when providing public digital signature authentication services and receive solutions to reduce risks accordingly.

Note: The content presented above is for reference only. Subject to the case, the above content may no longer be relevant. For further  advice, please contact LMP Lawyers.

Contact us
0986 123 714