Vietnam: Law on Digital Transformation including cybersecurity regulation enters into force
Description
Law on Digital Transformation including cybersecurity regulation enters into force
On 1 July 2026, the Law on Digital Transformation enters into force. Article 4(5) mandates the implementation of cybersecurity and data protection measures throughout the design, deployment, operation, and use of digital systems, including monitoring, evaluation, risk management, incident response, and resolution. Articles 8(2), 8(4), and 8(5) require mechanisms for monitoring, detection, alerting, response, operational restoration, data storage, backup, recovery, and failover planning. Article 16(1)(c) obliges organisations to ensure cybersecurity and adopt preventive risk measures, while Article 27(1) requires compliance with the Law on Digital Transformation and related legislation when engaging in digital transformation activities.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
platform intermediary: user-generated content, platform intermediary: e-commerce, ML and AI development, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2025-08-12
in consultation
2025-08-15
processing consultation
2025-10-31
under deliberation
2025-12-11
adopted