On 1 January 2026, the Data Law (No. 2025/QH15), including cybersecurity requirements, enters into force. The law includes provisions establishing a National Data Centre, which is required to have an infrastructure that can withstand cyberattacks, prevent unauthorised access and ensure data integrity. The law also requires the implementation of security protocols across data storage and transmission, ensuring that data remains secure at all stages of handling. This includes encryption, monitoring for network intrusions and the use of firewalls and anti-virus software to protect against malware. It emphasises risk management practices, requiring data controllers to assess and mitigate the risks associated with data handling. This includes regular data backups, security audits and the adoption of data breach prevention strategies.
Original source