Vietnam: Ministry of Public Security closes consultation on Draft Decree to implement the Data Law (No. 2025/QH15) including cross-border data transfer regulation

On 17 March 2025, the Ministry of Public Security concluded its public consultation on a draft Decree implementing the Data Law (No. 2025/QH15). The Data Law, which was adopted on 30 November 2024, established a legal framework for data governance, encompassing data classification, protection, processing, and cross-border transfers. The Decree would impose regulations on cross-border data transfers, mandating risk assessments for core and important data prior to approval, thereby ensuring adherence to Vietnamese data security legislation. Data controllers would be obliged to document the purpose, scope, method, and security measures for transferring data abroad, while critical data transfers would require explicit approval from the Ministry of Public Security or the Ministry of National Defense, following impact assessments on national security, public interests, and data integrity. Furthermore, legally binding contracts would need to be in place with foreign entities, detailing security obligations, compliance monitoring, and emergency response measures in case of data misuse, breach, or national security concerns.