On 30 November 2024, the Parliament adopted the Data Law (No. 2025/QH15), including cybersecurity requirements. The law includes provisions establishing a National Data Centre, which is required to have an infrastructure that can withstand cyberattacks, prevent unauthorised access and ensure data integrity. The law also requires the implementation of security protocols across data storage and transmission, ensuring that data remains secure at all stages of handling. This includes encryption, monitoring for network intrusions and the use of firewalls and anti-virus software to protect against malware. It emphasises risk management practices, requiring data controllers to assess and mitigate the risks associated with data handling. This includes regular data backups, security audits and the adoption of data breach prevention strategies. The cybersecurity regulations in the Data Law will enter into force on 1 January 2026.
Original source