You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

December 11, 2025

Vietnam Issues New Cybersecurity Law

Subscribe to Updates
 

On December 10, 2025, the National Assembly of Vietnam passed a new Cybersecurity Law, which will take effect on July 1, 2026. The new Cybersecurity Law was developed based on the consolidation of the 2018 Cybersecurity Law and the 2015 Law on Network Information Security.

While the final approved version of the new Cybersecurity Law has not yet been published, according to official reports, the following notable requirements are confirmed to be included:

  • The new Cybersecurity Law dedicates a specific article to prohibited acts related to cybersecurity, under which it strictly prohibits posting or disseminating information online that propagandizes against the Socialist Republic of Vietnam. The law also prohibits, among other things, (i) the appropriation, trading, seizure, or intentional disclosure of information classified as state secrets, work secrets, business secrets, personal secrets, family secrets, and private life; (ii) intentionally eavesdropping, recording, or filming online conversations without authorization; and (iii) the use of artificial intelligence (AI) or new technologies to conduct prohibited acts.
  • The Ministry of Public Security (MPS) has the authority to require enterprises providing telecommunications, internet, and online services, as well as system administrators, to remove information violating cybersecurity laws from systems under their management. The MPS is also assigned responsibility for ensuring information security in cyberspace and data security, establishing mechanisms for IP address identity management, verifying digital account registration information, and issuing warnings and sharing information on cybersecurity threats.
  • Information systems are classified into five levels (similar to the 2015 Law on Network Information Security) based on the degree of harm to national security and social order if an incident occurs.
  • The MPS is the lead agency assisting the government in state management of cybersecurity. The Ministry of National Defense is responsible for managing military information systems, and the Government Cipher Committee manages cryptographic and cipher information systems.

Interestingly, while the last publicly circulated draft version of the new Cybersecurity Law submitted to the National Assembly for approval had reinstated controversial data localization requirements, the official reports have not mentioned this aspect. It remains to be seen whether the data localization requirements have survived and are included in the official version of the new Cybersecurity Law.

Related Professionals

Industries

Technology

Location

RELATED INSIGHTS​

December 4, 2025
Thailand has expanded the circumstances under which state agencies may bypass competitive bidding procedures to address urgent security challenges. On November 28, 2025, Thailand’s Ministry of Finance published the Ministerial Regulation Determining Cases of Procurement by Specific Method (No. 6) B.E. 2568 in the Royal Gazette, introducing a new pathway for procuring supplies and services needed to address cyber and military threats that may affect the stability of government agencies or the nation. For technology vendors, cybersecurity firms, and defense contractors, this regulatory change creates immediate opportunities to engage directly with government buyers facing urgent security challenges. New Fast-Track Category for Security Threats The regulation amends Thailand’s Public Procurement and Supplies Management Act B.E. 2560 (2017) to add a new category of procurement that qualifies for the “specific method”—a noncompetitive, direct selection process. Previously, agencies could use this expedited method only in limited circumstances, such as emergencies, cases with proprietary technology requirements, or national security operations. The new provision explicitly covers procurement of supplies related to preventing or resolving cyber or military threats that could impact the stability of a state agency or the country. This addition recognizes the urgent nature of modern security challenges, where competitive bidding timelines may leave agencies vulnerable during critical threat windows. State agencies dealing with active cyberattacks, preparing defensive measures against anticipated threats, or responding to military security concerns can now move directly to negotiate with qualified vendors rather than conducting lengthy public tender processes. Vendor Considerations Vendors offering cybersecurity solutions now have a regulatory avenue to work directly with government clients when stability concerns are present. These solutions include threat detection systems, anti-ransomware tools, incident response services, firewalls, and security consulting. Similarly, defense contractors providing military equipment or specialized security supplies can pursue direct engagement channels where traditional procurement methods would create
Read More
December 3, 2025
Thailand’s Civil Court has issued a regulation targeting the use of artificial intelligence (AI) in the preparation of pleadings and other documents submitted to the court. Effective November 17, 2025, the regulation aligns with September 2025 guidance from the president of the Supreme Court, and aims to safeguard accuracy, transparency, and public confidence in civil adjudication. The regulation applies to all parties submitting pleadings or any documents to the Civil Court that are prepared using AI tools or contain AI-generated content. It subjects AI used for these purposes to strict requirements on verification, disclosure, and accountability. Core Obligations The regulation imposes four principal obligations: Lawyers who use AI remain subject to duties of honesty, responsibility to the court, professional standards, and legal ethics, including the duty to assess the appropriateness of the AI tool for the work. Parties and lawyers must verify the accuracy and completeness of all facts, legal provisions, and citations in AI-generated content before submission. Parties and lawyers must disclose to the court any AI-generated content by clearly marking the beginning and end of the AI-generated portion with prescribed statements (see below). Additionally, a certification confirming the use of AI must be provided at the end of the pleading or document, stating that AI was used for certain portions and that the party has reviewed and certifies the accuracy of factual and legal content. Parties and lawyers bear the same full legal and ethical responsibility for AI-generated content as they do for personally authored documents; they cannot evade responsibility or avoid liability by citing AI-related errors. Likewise, parties must ensure that any AI-generated content is truthful, accurate, and unbiased. Prescribed Disclosure Language Each instance of AI-generated content must be preceded by the statement “[The following content was prepared using artificial intelligence]” and must end with “[End
Read More
November 24, 2025
A recent warning from the Central Bank of Myanmar (CBM) against cryptocurrency use upholds the country’s ongoing strategy of enforcing strict prohibitions on unauthorized cryptocurrency activities while also promoting the controlled development of a central bank digital currency (CBDC). The CBM’s warning, issued November 16, 2025, reminded the public of announcements in May 2019 and a notification in May 2020 confirming that all online and offline cryptocurrency transactions are strictly prohibited. The CBM also clarified that no financial institution in Myanmar is authorized to deal with digital currencies. The warning highlighted global risks, such as money laundering, scams, tax evasion, hacking, and severe financial losses caused by price volatility and insufficient regulation. The CBM urged the public to use only legitimate banking channels and avoid illegal cryptocurrency activities. The warning comes five months after the CBM issued a notification announcing the formation of the Central Committee for the Issuance of a Central Bank Digital Currency. This committee includes senior CBM officials, representatives from relevant ministries and the banking sector, and technology experts. Its main role is to research CBDC models, test secure digital payment systems, and ensure that any future implementation aligns with Myanmar’s monetary policy and financial stability objectives. Taken together, these two actions illustrate the CBM’s continued pursuit of its dual strategy to promote innovation through CBDC development while prohibiting cryptocurrency use. Businesses should note that while CBDC pilot programs may appear in the future, cryptocurrencies remain off-limits.
Read More
November 14, 2025
Interest in data center land acquisition has increased significantly over the past year, with a notable rise in inquiries from investors seeking to establish digital infrastructure in Thailand. Although the sector is still in its early stages, this emerging wave of development represents a significant shift in Thailand’s technology infrastructure landscape, driven primarily by multinational technology companies and operators looking to expand their regional presence. Project Development The data center sector in Thailand is attracting a diverse range of international investors, though with clear geographic patterns. Most investors are from China, Singapore, and Japan, with some additional interest from countries outside Asia, including the United States and Europe. This investor base consists primarily of multinational tech companies and operators seeking to establish new facilities rather than acquire existing assets. Data center business activities are also a sector promoted by Thailand’s Board of Investment (BOI), which offers investors both tax and nontax privileges as well as exemptions to foreign investment and land-ownership restrictions. Projects currently underway are still largely in the land acquisition and construction phase. Unlike more mature markets where many facilities are operational and generating revenue, the predominant focus in Thailand remains on securing suitable land and beginning the building process. This means that while interest is high and land assembly is accelerating, the sector as a whole has not yet reached the operational phase that will ultimately drive licensing applications and full regulatory compliance. The licensing process itself remains at an early stage, as most projects must first complete their facilities before applying for the specific licenses required from the telecommunications authority. Once the facilities are built, the next critical step will be obtaining these telecommunications licenses, which are mandatory for data center operations. Legal and Regulatory Considerations The complexity of data center development in Thailand requires
Read More