Contact our offices
April 10, 2025

VIETNAM’S NEW DATA LAW: WHAT DO COMPANIES NEED TO KNOW?

APFL Partners > News > VIETNAM’S NEW DATA LAW: WHAT DO COMPANIES NEED TO KNOW?

Vietnam’s New Data Law: What Do Companies Need to Know?

Vietnam’s first-ever Data Law enters into force on 1 July. Designed to modernise the legal framework, harmonise regulations, and improve data protection, the law will also impose new obligations on domestic and foreign companies operating in the market.

On 1 July, Vietnam’s first-ever Data Law will enter into force. Ratified by the National Assembly on 30 November 2024, the law (No. 60/2024/QH15) will impose a new set of obligations on domestic and foreign individuals and enterprises collecting, storing, processing, managing, and transferring digital data, and other subjects relevant to digital data operations in Vietnam.

The Data Law is the latest in a series of regulatory reforms designed to modernise the legal framework around data in Vietnam. It comes after the Personal Data Protection Decree (No. 13/2023/ND-CP) and ahead of a forthcoming Personal Data Protection Law and will have important implications for foreign companies doing business in Vietnam. 

The Data Law at a glance

The Data Law outlines four core policies that underpin the entire legislation, including:

  • Regulations on the development, management, and processing of data; the application of science and technology in data processing; and state management of data.
  • Regulations on the National Integrated Database.
  • Regulations on the National Data Center.
  • Regulations on data-related products and services. 

These main policies serve as a critical bridge toward a unified framework for regulating and harmonising existing provisions on databases. These are currently scattered across over 69 legal documents. They also lay the ground for the effective implementation, utilisation, and management of the current nine national databases and 105 specialised databases. 

The new Data Law defines digital data as information “…about objects, phenomena, or events, comprising one or a combination of audio, visual, numerical, written, or symbolic forms expressed in digital format”, with the introduction of three new concepts: 

  • data subjects” refers to individuals, agencies, and organisations reflected by data; 
  • data owners” refers to agencies, organisations, and individuals with the right to decide on the creation, development, protection, administration, processing, use, and exchange of the value of data under their ownership; 
  • data administrators” refers to agencies, organisations, and individuals engaging in data creation, management, operation, and utilisation under requests from data owners. 

Notably, the law marks the first explicit recognition of data ownership rights as economic rights under civil law. 

New rights and responsibilities

The Data Law will impose new obligations on private entities to sort digital data into three categories: (i) “core data” (that which has direct impacts on national defense and security, foreign affairs, macroeconomic situations, social stability, and community health and safety); (ii) “important data” (that which has potential impacts on the above areas), and; (iii) “other data”. 

In addition, regarding cross-border data transfers, the Data Law authorises the Government to issue further guidance, aiming to adopt a more stringent regulatory approach. Under the latest Draft Decree on Detailed Regulations and Implementation Measures (Article 12.2), data administrators wishing to transfer core or important data outside of Vietnam may be required to conduct a self-assessed risk evaluation and an impact assessment on cross-border data transfers, in accordance with applicable laws.  

The Data Law will also regulate data-related products and services, including “intermediary data exchange”, “data analysis and aggregation”, and “data platform services”. It is notable that providing “data platform services” is restricted to state-owned enterprises or public institutions with the relevant permits and permissions. In short, the law would exclude private companies from this space. 

Furthermore, following changes to the Law on Investment in 2024, companies providing these products and services could be required to meet certain conditions or operate under specific restrictions. 

For instance, according to Articles 23, 29, and 34 of the draft Decree on Scientific, Technological, and Innovation Activities, and Data-Related Products and Services, companies operating in “intermediary data exchange”, “data analysis and aggregation”, and “data platform services”, where investors must meet certain conditions for reasons of national defense, social order, or public health, must keep VND 5 billion (about USD 200,000) in escrow at a Vietnamese commercial bank. This deposit is intended to cover potential risks and compensation arising from service errors, as well as the costs of data reception and maintenance in the event of license revocation. 

Streamlining administrative procedures and building e-government

The Data Law envisages the establishment of a National General Database housed within the National Data Center (according to Resolution No. 175/NQ-CP), bringing together data from across government. This central resource, accessible to state agencies, aims to accelerate the adoption of digital government and streamline administrative procedures. 

Meanwhile, Article 18.2 of the Data Law also outlines the conditions under which government agencies can request data from organisations and individuals without the consent of the data user. These include states of national emergency, natural disasters, or to prevent social unrest. However, authorities must use this data for the right purposes; ensure it is safe, secure, and protected; and dispose of the data when it is no longer required for the purposes for which it was requested.

Further details to be disclosed

The Data Law is set to enter into force this Summer. However, some of the provisions set out in the law require further clarification through implementing regulations. Therefore, in January, the government put three draft decrees and a draft decision out for public consultation, closing in mid-March. 

These include a Draft Decree on Detailed Regulations and Implementation Measures; a Draft Decree on Scientific, Technological, and Innovative Activities and Data-related Services; a Draft Decree on the National Data Development Fund; and a Draft Decision on Core and Important Data Classification.

The team at APFL Partners in Vietnam will continue to monitor these implementing regulations once their final versions are published and keep our clients informed of how the Data Law will impact on their investment projects and commercial operations. For more information on the Data Law in Vietnam, just contact us on: contact@apflpartners.com.

Disclaimer: This article and its content are for information only and are not given as legal or professional advice. they do not necessarily reflect all relevant legal provisions with respect to the subject matter. Readers should seek legal or professional advice before taking or refraining to take any action.

Related Posts

POSITIVE ECONOMIC OUTLOOK ON THE HORIZON

HCMC RISES IN INTERNATIONAL FINANCIAL CENTER RANKINGS

Leave a Reply