Vietnam: Law on Artificial Intelligence including data protection regulation enters into force

On 1 March 2026, the Law on Artificial Intelligence enters into force, making data protection obligations enforceable. Article 7(3) prohibits any collection, processing, or use of data for artificial intelligence systems that violates data protection, intellectual property, or cybersecurity laws. Article 8(3) requires secure disclosure, connection, and sharing of data on the one-stop electronic portal on artificial intelligence and the national database on artificial intelligence systems, with protection of personal data, business secrets, and state secrets. Article 12(1) imposes duties on developers, suppliers, implementers, and users to ensure data safety and to detect and remediate incidents. Article 14(1)(b) and Article 14(2)(b) require secure management and confidentiality of training, testing, and operational data. Article 17(1) to Article 17(4) regulate databases serving artificial intelligence under data protection and intellectual property law. Article 31(1) to Article 31(3) enforce confidentiality, necessity, proportionality, and security for data provided to competent state authorities.