Vietnam: Cybersecurity Law including cybersecurity obligations was adopted by National Assembly

On 10 December 2025, the Cybersecurity Law, including cybersecurity obligations, was adopted by the National Assembly. The Law applies to public and private entities that own, operate, or use information systems affecting national security, public order, or lawful rights and interests. It establishes measures including cybersecurity assessments, inspections, surveillance, incident response, technical and password-based protections. Information systems are classified into five levels based on the severity of potential harm, from impacts on individual rights to serious threats to national security. It also provides that the Government will adopt implementing rules on classification criteria, procedures, and level-specific cybersecurity obligations.