Vietnam: Ministry of Public Security closes consultation on Draft Decree to implement the Data Law (No. 2025/QH15) including data localisation requirements

On 17 March 2025, the Ministry of Public Security closes its consultation on a Draft Decree to implement the Data Law (No. 2025/QH15). The Data Law, which was adopted on 30 November 2024, is intended to establish a legal framework for data governance, encompassing data classification, protection, processing, and cross-border transfers. This implementing regulation delineates specific compliance measures, including data localisation requirements. The Decree stipulates that critical and important data must be stored within Vietnam, mandating the utilisation of domestic infrastructure for processing, storage, and backup by organisations. The National Data Centre is designated as the primary hub for data storage, with the objective of ensuring compliance with Vietnamese security standards. Organisations that process, store or back up core or sensitive data must obtain government approval before using foreign infrastructure. Furthermore, the Decree stipulates the implementation of redundancy and disaster recovery measures for localised storage, ensuring data resilience and protection against unauthorised foreign access. Government and state-affiliated organisations would be required to store all operational and administrative data in national databases to maintain data sovereignty.