Vietnam: Government Decree No. 165/2025/ND-CP detailing a number of articles and measures to implement the Data Law (No. 60/2024/QH15), including data protection authority governance entered into force

On 1 July 2025, the Vietnamese government Decree No. 165/2025/ND-CP, which provides detailed regulations and measures for implementing the Data Law (No. 60/2024/QH15), entered into force. The Decree designates the Ministry of Public Security as the primary regulatory body responsible for overseeing data management, including the operation of the National Data Centre, which serves as the central hub for data storage, processing, and sharing across state agencies. The Decree defines strict criteria for classifying critical and core data based on potential impacts on national security, economic stability, public health, and social order, requiring mandatory risk assessments for cross-border data transfers, with additional oversight for military and defence-related data under the Ministry of National Defence. It enforces technical protocols for data encryption, access control, and authentication, mandates real-time monitoring and logging of data processing activities, and establishes procedures for data deletion, destruction, and emergency response in case of breaches. The National Data Centre is tasked with developing standardised data governance frameworks, ensuring interoperability between databases, and providing cloud computing infrastructure for government use, while ministries such as the Ministry of Science and Technology contribute to setting technical standards and cybersecurity measures. The Decree also outlines responsibilities for data controllers and processors, requiring annual risk assessments, incident reporting, and compliance with data localisation requirements for sensitive datasets, with enforcement mechanisms including audits, penalties for violations, and mandatory cooperation with international data protection authorities under bilateral agreements.