- The importance of data centers for businesses and IT operations nowadays is undeniable, especially in this age of digitation, e-commerce and digital banking.
- For foreign companies doing business in Vietnam, it is worth noting the data localization requirement under Vietnam’s Law on Cybersecurity, whereby both local and foreign companies collecting, exploiting, analyzing and processing personal data, data about relationship of users or data generated by users in Vietnam must store such data in Vietnam. The data localization requirement, plus the need for better processing speed to assist Vietnamese users are the main rationales to have a data center in Vietnam.
- According to Cloud and Data Center Growth in Emerging Markets report, 2021- 2025, of Research and markets, Vietnam was rated as one of 10 emerging markets in global DC, with impressive growth, international standard service delivery capacity, and large capacity of organizations and enterprises1.
- According to the Research And Markets, Vietnamese data center market stood at 858 million USD last year and is forecast to grow at a compounded annual growth rate of over 14.64 percent until 2026. The growth in the Vietnamese data center market was driven by government projects and initiatives.
- However, Vietnam needs to make certain improvements to be able to catch up with other countries in field of data center market, especially to develop clear regulations to manage and develop this field.
B. VIETNAM LEGISLATION ON DATA CENTER SERVICES
- In Vietnam legislation, it should be noted that data center service is a conditional business in the Law on Investment 2020 of Vietnam, which take effect on 01 January 2021, even though the detailed conditions to provide data center service are still unknown.
- Last year, Vietnamese Government issued a draft outline of a decree amending Decree No. 72/2013/ND-CP, and on 5 July 2021, the Ministry of Information and Communications (MIC) released an updated draft decree amending Decree No. 72/2013/ND-CP on management, provision, and use of internet services and online information (“Draft Decree“). For the first time, this new Draft Amendment has also presented precise definitions of the data center services, including dedicated server, co-location, data storage services, and cloud computing. Specifically, cloud computing was established to include Infrastructure as a service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
- The MIC is still collecting comments on this Draft Decree until 5 September 2021.
C. DRAFT DECREE2
(i) The Draft Decree proposed a new set of definitions regarding data center services as follows:
- Data center is a combination consisting of: technical infrastructure system, information infrastructure and ancillary equipment installed therein to carry out the centralized storage, processing, exchange and management of the data of one or more organizations and/or individuals.
- Data center service business is a commercial activity including: server rental services, colocation services, data storage space rental services and cloud computing services.
(ii) In which, the listed services are defined as follows:
- Server rental services are services that provide customers with a server, equipment and information infrastructure belonging to the data center that are available for their own use.
- Colocation services are services that provide customers with space allowing them to design and install their own server and/or other storage devices.
- Data storage space rental services are services that provide organizations and individuals with storage space.
- Cloud computing services are services that distribute information technology resources (information infrastructure, platform, software) in the form of services in the network environment, including: providing server resources, storage capacity and network connectivity (Infrastructure as a service (IaaS)); providing users with the ability to create, manage and operate applications (platform as a service (PaaS); and leasing specific applications to users (software as a service (SaaS).
(iii) The Draft Decree claims that the providers of data center services need to apply for a Business License for offering data center services with the Ministry of Information and Communication (“MIC”) and retain customer profile information at least five years after the end/cancelation of their use of services.
(iv) In addition, the provision of data center services to clients abroad must also be properly notified to the MIC. Precisely, the providers must:
- Comprehend the relevant technical standards in designing, building, and operating the data center;
- Obtain software and applications that have the capabilities to manage and store customer information;
- Establish a procedure that has the capabilities to verify the information and protect customers’ data.
In the circumstance that there has been clear evidence establishing the connection between their clients and the actions of illegal activities, the providers of data center services have the responsibility to stop serving and to report their clients to the authorities. Additionally, the related authorities can request them to stop serving the violating clients.