Vietnam: Government adopted Decree No. 165/2025/ND-CP detailing a number of articles and measures to implement the Data Law (No. 60/2024/QH15), including cybersecurity requirements

On 30 June 2025, the Vietnamese Government issued Decree No. 165/2025/ND-CP, detailing provisions and measures for the implementation of the Data Law (No. 60/2024/QH15). This Decree classifies data into critical and core categories based on their potential impact on national defence, security, foreign relations, macroeconomic stability, social order, public health, and community safety, imposing strict controls on their collection, processing, and transfer. Cross-border data transfers of core data require prior approval from the Ministry of Public Security or Ministry of National Defence, supported by detailed risk assessments evaluating potential threats to national security, economic stability, and individual rights. Data owners must implement robust security measures, including encryption, access controls, authentication protocols, and logging mechanisms, while ensuring compliance with technical standards for data storage, transmission, and destruction. The National Data Centre is designated as the central authority for data governance, overseeing secure data sharing, enforcing cybersecurity protocols, and managing incident response. Additional provisions mandate periodic risk evaluations, mandatory breach reporting, and strict penalties for non-compliance, reinforcing Vietnam’s commitment to safeguarding sensitive data against unauthorised access, misuse, or cyber threats.