12/24/21, 3:59 PM The integrity of data message from a legal perspective (Part 2) - Lexology

Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact [email protected]
Register

The integrity of data message from a legal perspective (Part

Vietnam
December 16 2021

In the previous article, it has been stated that the hidden contents and information is part of a data message and must
also be kept intact from the time such data message is initialized for the first time. However, there are many practical
cases where users may print files and documents that contain the displayable contents of a data message into paper
copies to sign, stamp and then scan such paper copies again, save them in different formats/extensions or simply take
pictures to send to each other. How can we ensure that the content of data messages remains intact during the above-
mentioned conversion process?
1. The data message has the same value as the original
b) The content of the data message is accessible and usable in its complete form as needed.
According to Clause 2 Article 13 of the Law on E-Transactions, one of the requirements to ensure the validity as the
original of a data message is that its content can be accessed and used in its complete form when needed. The
completeness in this case, as analyzed in the previous article, must include both displayable and hidden contents.
However, printing or taking photos or converting a data message into different file formats/extensions can only keep
the visible content and there is no feasible method to entirely extract and attach hidden content of a data message on
the same converted file formats/extensions due to the differences in technology.
Currently, Vietnamese law has not provided any regulations or standards to ensure the integrity of data messages
during or after the conversion process. Therefore, in my opinion, any conversion process shall cause a data message
to lose its integrity compared to the first time it was initialized, and thus the converted data message shall not be
valid as the original. From the above issue, electronic signatures were developed as a method for parties involved in
e-transactions to seal the integrity of the content and information of files, documents and data messages without
having to convert them into paper copies to sign or stamp. The most crucial purpose of an electronic signature is to
authenticate the legitimate access, specific actions of the user after accessing and to secure the electronic document
so that it cannot be tampered with or falsified.
Electronic signatures are created in the form of words, letters, numbers, symbols, sounds or other forms of electronic
means, associated or combined logically with data messages. They have the ability to verify the identity and consent
of an individual who signed a data message, agreeing with the content of such data message. There are three main
types of electronic signatures, in correspondence with three levels of security and trust:

https://www.lexology.com/library/detail.aspx?g=18d4aac0-4b14-4686-9d27-1559b7a86c42 1/3
12/24/21, 3:59 PM The integrity of data message from a legal perspective (Part 2) - Lexology

Simple electronic signatures are electronic words, letters, numbers, symbols, sounds or any other forms to
express the will of the individual who apply such signature onto the data message;
Advanced electronic signatures are the form of electronic signatures with additional requirements like: must
be unique, linked to the signatory, can identify the signatory, solely subjected to the control and management
of the signatory, can assist the signatory in discovering any changes applied to data messages after being
signed;
Standard electronic signatures/ Digital signatures/ Certified electronic signatures are advanced electronic
signatures, using digital certificates issued by competent and licensed organizations to validate the identity of
individuals and organizations who applied such electronic signatures onto the data messages.
In particular, under the provisions of the law of Vietnam, an electronic signature is only considered safe if it is
verified by a security verifying process agreed upon by transacting parties and satisfying the conditions specified in
Clause 1 of Article 22 of the Law on Electronic Transactions in 2005:
a) electronic signature creation data are attached only to the signatory in the context that such data are used;
b) electronic signature creation data are under the control of only the signatory at the time of signing;
c) all changes to the electronic signature after the time of signing are detectable;
d) all changes to the contents of the data message after the time of signing are detectable.
Of which, electronic signatures certified by e-signature certification service-providing organizations shall be
considered having satisfied the above-mentioned security conditions. That means, if the parties involved in e-
transactions cannot agree on an e-signature verifying process or simply do not have the authorities and measures to
identify each other, then the parties may use e-signatures provided by e-signature certification service-providing
organizations, attached with e-certificates which can be easily verified anytime. However, details on the signing
process, identifying mechanism, and other related matters must be left unsolved for those organizations to explain
and guide before providing us with their services.
On the other hand, Vietnamese laws also stipulated that some types of contracts are required to be notarized and
authenticated by notarial practice organizations such as contracts for transferring land-use rights, properties attached
to the land, construction, perennial tree sale and purchase contracts, enterprises renting contracts, etc. With the
development of technology, the above-mentioned types of contracts will also be patched up with a legal framework
to proceed as an e-transaction. However, the verification process currently applied to e-signature can only verify the
personal identity of the signatory, not the legitimacy of the contracts and civil capacity of the involved parties. Thus,
it can be expected that notarial practice organizations may be licensed to use necessary means and technology to
notarize the above-mentioned types of contracts without having to meet the transacting parties face to face.
According to Article 27 of the Law on E-Transactions, the Vietnamese government recognizes the legal validity of
foreign e-signatures and e-certificates if such e-signatures or e-certificates have the same level of reliability as those
provided for by law. But the determination of the reliability of foreign e-signatures and e-certificates must be based
on the assessing and licensing process of the Ministry of Information and Communications and must satisfy some
vague conditions under Article 46 Decree No. 130/2018/ND-CP on guidelines for the Law on E-transactions of
digital signatures and digital signature authentication. In fact, there are not many transacting parties that actually
comply with these regulations on e-signatures and almost always rely on mutual trust and agreements. This means

https://www.lexology.com/library/detail.aspx?g=18d4aac0-4b14-4686-9d27-1559b7a86c42 2/3
12/24/21, 3:59 PM The integrity of data message from a legal perspective (Part 2) - Lexology

when a dispute arises during an e-transaction, the gathering of evidence shall take a lot of time and effort, requiring
deep knowledge and understanding about technology and computers. The next article shall analyze the value of data
messages as evidence from a legal perspective and the common mistakes of transacting parties during e-transactions.
(TO BE CONTINUED)

Asia Legal -
Phong Tran

https://www.lexology.com/library/detail.aspx?g=18d4aac0-4b14-4686-9d27-1559b7a86c42 3/3