Vietnam: Government adopted Decree No. 165/2025/ND-CP detailing a number of articles and measures to implement the Data Law (No. 60/2024/QH15), including data localisation requirements

On 30 June 2025, the Vietnamese Government issued Decree No. 165/2025/ND-CP, detailing provisions and measures for the implementation of the Data Law, which includes specific requirements for data localisation under the Data Law (No. 60/2024/QH15). The Decree mandates that core data and important data, defined as information impacting national security, defence, foreign relations, macroeconomic stability or public health, must be stored domestically in Vietnam unless authorised for cross-border transfer following an approved impact assessment. State-managed data must be synchronised with the National Data Centre, while private entities handling such data must comply with prescribed retention periods, encryption standards and access controls. Cross-border transfers of core data require prior approval from the Ministry of Public Security or Ministry of National Defence, whereas important data transfers necessitate 15-day advance notification, with exceptions permitted only for emergencies involving public health, safety or legal obligations subject to retrospective reporting. Organisations must maintain activity logs for a minimum of six months and implement security measures meeting national technical standards, with non-compliance potentially resulting in administrative penalties. The framework establishes Vietnam's data sovereignty requirements while providing limited mechanisms for justified international data flows under regulated conditions.