Cybersecurity from risk prevention to guiding development

The driving force to unleash the nation's digital capabilities

At the National Assembly Party Congress on September 25, General Secretary To Lam directed that “legislation is the “breakthrough of breakthroughs”, not only stopping at overcoming overlaps, contradictions, and bottlenecks, but also having to go ahead, pave the way, lead the country’s development, encourage creativity, liberate all labor, and unleash all resources for development”. National Assembly Chairman Tran Thanh Man also requested “We must innovate legislative thinking”. Thus, the National Assembly must clearly demonstrate its creative role, and the laws enacted must lead the change. Laws need to prepare a “runway” long enough and wide enough for the country to take off. In the field of cyber security, this requirement is even more urgent.

Cyber ​​security has now become the backbone of the digital nation : where citizen data, business data and national data converge. Every commercial transaction, every public service, every social relationship is more or less "set foot" on this platform. If cyber security is weak, the entire digital economy is like walking on "thin ice". If cyber security is strong, it becomes trust, a common denominator for exchange, innovation and integration.

Therefore, a creative National Assembly needs to view cybersecurity as a legal declaration for the digital age: protecting, guiding, encouraging, and deterring. In other words, cybersecurity needs to be legalized with a dual philosophy: risk prevention and development creation . The revised Cybersecurity Law should not only be a protection tool, but also a driving force to unleash the country's digital capabilities.

The 2018 Law on Cyber ​​Security marks an important turning point in the process of building a legal framework for cyberspace in Vietnam. Enacted in the context of increasing high-tech crimes, strong cross-border platforms, and many threats to digital sovereignty, this law has the mission of “laying the first bricks” for a legal rampart to protect the country. In that sense, it can be considered a “preventive wall”, creating a necessary safety belt for a young system.

However, the prevention philosophy also entails many limitations. The structure of the 2018 Law itself is biased towards prevention and control: clearly defining the responsibility of enterprises in removing “bad, toxic” information within 24 hours; requiring foreign companies to store user data in Vietnam; empowering authorities to suspend or stop network services when there are signs of security violations.

The above regulations demonstrate the State’s determination to maintain cyber order, but also indicate an approach that is more about obligations than rights. However, it is also possible to clearly see a weakness of the “prevention wall”, which is: solid but not flexible, erecting a fence but difficult to open the door, strong enough to block direct attacks, but slow to react to new threats creeping in from within.

Therefore, the draft Law on Cyber ​​Security (amended) needs to carry within it a new philosophy – a philosophy that sees cyber security as a runway paving the way for development. And to do that, the draft Law must move towards the mindset of creating a "trust infrastructure".

Cybersecurity linked to civil rights and digital economy

Cyber ​​security must become the foundation, must be transformed into the legal - technical - social infrastructure for the whole country to take off in the digital age. That infrastructure is first and foremost built on trust. Citizens will feel secure when using online public services because they no longer fear personal data being leaked, or information being illegally exploited. Businesses will invest in digital projects if they trust the legal protection mechanism in case of incidents. International investors are no longer afraid to locate their data headquarters in Vietnam when the legal system has shown them transparency and consistency. In other words, cyber security is the "currency of trust" of the digital economy. Without trust, all technology becomes fragile.

The law needs to soon define concepts such as AI, inferred data, IoT devices and establish framework principles for their governance (in line with the spirit of law-making that is thoroughly understood – the National Assembly only makes framework laws).

At the same time, it must be affirmed that cyber security is not only an obligation, but also a right. Every citizen has the right to live in a safe digital space, the right to data protection and the right to complain when violated. Only when cyber security is recognized as a fundamental right, will the law go beyond the logic of control to the logic of human protection - the center of all political and legal activities.

International experience shows that many countries are applying the “sandbox” mechanism – legal testing for new technology. The European Union with the AI ​​Act (AI Act 2023) has introduced a sandbox model for businesses developing artificial intelligence, both encouraging innovation and controlling risks. Vietnam can completely learn from this approach, so that the revised Cybersecurity Law becomes a space for innovation.

At the same time, cybersecurity must be placed in the global value chain. The law needs to recognize and integrate with international standards, such as ISO/IEC 27001 or NIST Cybersecurity Framework, and actively participate in the security information sharing mechanism in the ASEAN region. At that time, Vietnam will also affirm its role in the global digital security network.

The Law on Cyber ​​Security (amended) needs to position cyber security not only as a technical-technological issue, but also as a civil right and at the same time the foundation of the digital economy.

First of all, cybersecurity as a right of citizenship . In the digital world, personal data is the “fingerprint” of each person – an invisible copy that contains the entire social identity. The right to data protection, therefore, is no less than the right to physical protection. We have seen the European Union affirm this in the General Data Protection Regulation (GDPR), which considers personal data as legal property protected as a human right. If the bill moves forward to recognize personal data as a right, we will truly enter the era of “digital citizenship”.

Second, cybersecurity as the infrastructure of the digital economy . The global digital economy in 2023 accounted for 17% of the world's GDP (OECD, 2023). Vietnam also aims to make the digital economy contribute 30% of GDP by 2030. But to achieve this, the digital environment must be safe and transparent. An e-commerce business only develops when customers believe that their transactions are not leaked. A digital bank only expands when customers are assured that their accounts are not hacked. And a digital government only succeeds when citizens trust them with their personal information. It is no coincidence that Singapore has defined cybersecurity as "a prerequisite for national prosperity" in its Cybersecurity Strategy 2021. This is exactly the approach that Vietnam needs to incorporate into the bill: cybersecurity is not just about protecting the state, but also about protecting the foundation of economic development.

The long-term vision also requires the law to be one step ahead of the market. We are witnessing the explosion of artificial intelligence, the Internet of Things (IoT), blockchain and open data models. The law needs to anticipate risks and build legal frameworks for new areas – from algorithmic governance to liability in cyberspace. This is a well-founded optimism, an inevitable requirement because the digital society is always changing faster than the ability of the administrative apparatus to adapt.

Ultimately, the law must create a balance between rights and obligations . Citizens have their data protected, but at the same time they have the obligation to use the Internet responsibly, not to spread fake news, and not to infringe on the rights of others. Businesses benefit from a safe digital environment, but at the same time must invest in security and comply with consumer protection standards. The State plays a constructive role, but must also be transparent, not abusing its power to intrude or monitor excessively. It is this balance that makes the “revolutionary” nature of a law: ensuring that digital development is not only fast, but also sustainable and humane.

The current development context requires a law that unleashes the nation’s digital capabilities: protecting citizens without stifling innovation, ensuring digital sovereignty while still encouraging international cooperation. That is the only way for the law to be both a defensive “rampart” and a driving force for breakthroughs. The Cybersecurity Law must both maintain digital borders and digital sovereignty, and open up new horizons for digital citizens, the digital economy and the digital nation that we are hoping for.