On 12 August 2022, the Ministry of Technologies and Communications ("MTC") issued the Decision on Creating and Developing Secure Applications No.2598/MTC ("Decision"). The Decision, which was published in the Lao Gazette Official on 24 August 2022, came into effect 45 days from the date of its issuance. It aims to encourage individuals, legal entities and organisations that create and develop applications in Lao PDR to ensure that their applications are secure, by complying with the principles set out in the Decision.
Pursuant to the Decision, creating and developing a secure application involves developing and verifying the functionality of the application to make it more secure, including puting in place technical measures such as risk assessment, vulnerability identification, prevention methods and system maintenance. The application shall be reviewed by MTC. It must cover the following aspects and principles:
- Application development and open data for further development;
- Functional testing of applications;
- Use of tools and elements;
- Maintaining personal information in the application; and
- Security maintenance in the application.
The Decision also states that the security testing of the application must follow standardised security inspection principles such as risk assessment, vulnerability identification, prevention methods and remedial measures set out by the relevant security management unit and/or the Department of Cyber Security.
The Decision also stipulates that application creators and developers as well as application owners can submit their apps to the Department of Cyber Security in order for the latter to carry out security checks in accordance with the relevant security standards to ensure the security and reliability of their apps and their services.