Vietnam: Data Law (No. 60/2024/QH15) including cybersecurity requirements entered into force

On 1 July 2025, the Data Law (No. 60/2024/QH15), including its cybersecurity provisions, entered into force, in accordance with the date specified in Article 45 of the Law. The law includes provisions establishing a National Data Centre, which is required to have an infrastructure that can withstand cyberattacks, prevent unauthorised access and ensure data integrity. The law also requires the implementation of security protocols across data storage and transmission, ensuring that data remains secure at all stages of handling. This includes encryption, monitoring for network intrusions and the use of firewalls and anti-virus software to protect against malware. It emphasises risk management practices, requiring data controllers to assess and mitigate the risks associated with data handling. This includes regular data backups, security audits and the adoption of data breach prevention strategies.