Vietnam: Cybersecurity Law including cybersecurity obligations enters into force
Description
Cybersecurity Law including cybersecurity obligations enters into force
On 1 July 2026, the Cybersecurity Law, including cybersecurity obligations, enters into force. The Law applies to public and private entities that own, operate, or use information systems affecting national security, public order, or lawful rights and interests. It establishes measures including cybersecurity assessments, inspections, surveillance, incident response, and technical and password-based protections. Information systems are classified into five levels based on the severity of potential harm, from impacts on individual rights to serious threats to national security. It also provides that the Government will adopt implementing rules on classification criteria, procedures, and level-specific cybersecurity obligations.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2025-06-26
in consultation
2025-07-16
processing consultation
2025-10-31
under deliberation
2025-12-10
adopted