Vietnam: National Assembly adopted Law on Artificial Intelligence including registration requirement

On 10 December 2025, the National Assembly adopted the Law on Artificial Intelligence (AI), which applies to Vietnamese and foreign entities operating in the country, excluding AI used solely for defence, security, or cipher purposes. The Law establishes a risk-based classification framework for AI systems, distinguishing between high-, medium-, and low-risk systems based on their potential impacts. High-risk AI systems are those that may cause significant harm to life or health, infringe legitimate rights and interests, or affect public interests or national security. Medium-risk systems are those that may mislead or manipulate users, particularly where users are unaware that they are interacting with an AI system or AI-generated content, while low-risk systems comprise all other AI systems that do not meet these criteria. The Government is tasked with issuing implementing rules for this classification framework. Under the Law, providers are required to self-classify AI systems prior to use, with medium- and high-risk systems supported by classification dossiers. Deployers are bound by the assigned risk classification and must ensure system safety and integrity throughout operation. Where modifications introduce new or higher risks, deployers must coordinate with providers to reassess and reclassify the system. Providers of medium- and high-risk AI systems must notify the Ministry of Science and Technology through a single AI portal before deployment, whereas developers of low-risk systems are encouraged to disclose basic system information publicly for transparency. Where the applicable risk level is uncertain, providers may seek guidance from the Ministry. Inspection and supervision are calibrated to risk. High-risk AI systems are subject to regular inspections or ad hoc reviews where violations are suspected. Medium-risk systems are monitored through reporting obligations, sampling, or independent evaluation, while low-risk systems are supervised only in response to incidents or safety concerns. Where inconsistencies are identified, authorities may require reclassification, the submission of additional documentation, or the temporary suspension of systems. The Government further regulates the content and procedures for notifications and provides technical guidance on risk classification.