Draft of Vietnam’s Consolidated 2025 Cybersecurity Law Released

Summary

Vietnam’s Ministry of Public Security has recently released a draft for the 2025 Cybersecurity Law, which aims to replace the previous 2018 Cybersecurity Law and the 2015 Law on Network Information Security (LNIS). This reform seeks to centralise and streamline the legal framework governing cybersecurity and data protection, now entirely under the Ministry of Public Security, enhancing enforcement efficiency.

The draft law incorporates and builds upon principles from the previous laws, introducing new amendments aimed at reducing legal fragmentation across areas such as data protection, IT system classification, and cybercrime prevention. Key changes include stricter service provider obligations, improved information transmission controls, and a clearer classification of IT systems.

Key Points

The 2025 draft consolidates the previous cybersecurity regulations into a single framework.
New definitions for “service providers” now encompass a wider range of businesses and online services.
Stricter obligations for service providers include facilitating cybersecurity investigations and managing digital account verifications.
Classification of online information based on confidentiality levels is now mandated.
Previous requirements for data localisation and maintaining a local presence in Vietnam have been removed.
A new focus on preventing high-tech cybercrime highlights the need for updated responses to digital threats.

Why should I read this?

If you’re in the tech field or involved in online business in Vietnam, you’ll want to catch up on this draft because it could significantly affect how you operate. Knowing these upcoming changes will help you stay compliant and prepared for what’s ahead in Vietnam’s evolving legal landscape.