When companies think about data protection, they usually focus on “visible” data like names, email addresses, or bank details. However, there is a hidden layer called metadata - essentially “data about data” - that often gets ignored.

Under Vietnam’s new personal data protection rules, overlooking metadata is a major risk. If metadata can be used to identify a specific person, it falls under the same strict rules as regular personal data.

What is Metadata? The “Digital Footprint”

Metadata is information that describes the context of a file or a message rather than the content itself. Even if you remove a person’s name from a file, the metadata can still point directly to them.

Vietnam is currently at a pivotal stage of infrastructure modernization. To meet the immense demand for capital, the State has moved to revitalize private sector participation, most notably through the “Build – Transfer” (BT) model.

In a typical BT arrangement, a private investor finances and constructs an infrastructure project, then transfers it to the State upon completion. In return, the State “pays” the investor with land funds, allowing them to develop a “reciprocal project” (dự án đối ứng) to recover their capital and generate profit. While this mechanism is essential to stimulate private sector participation, the recent new legal framework for BT projects may raise significant concern regarding the land access privileges granted to BT investors compared to their counterparts in the general real estate market. In particular,

The recently issued Case Law No. 81/2024/AL (CL 81) introduces a precedent that allows creditors to bypass the standard statute of limitations by re-characterizing an unpaid contractual debt as a property reclamation claim upon the mutual termination of the contract and an agreement on the payable amount. Below are a few of our observations regarding CL 81.

Summary of the Case

The dispute originated from a service contract between Company M (the Service Provider) and Company A (the Client). After the Service Provider performed its services, the parties mutually agreed to terminate the contract. Subsequently, the Client explicitly confirmed in writing the specific amount of the service fee it owed to the Service Provider and the late payment interest but ultimately failed to make the payment. When the Service Provider filed a lawsuit to recover the unpaid amount, the Client requested the court to dismiss the case, arguing that the 3-year statute of limitations for a contractual dispute had already expired.

For investors in Vietnam, "contributing capital" to a company can mean two very different things: becoming a legal owner (member/shareholder of a company) or simply being a business partner. A recent case law no. 78/2025/AL clarifies this distinction and indicates that several pieces of evidence may be considered to prove company member/shareholder status.

Case Summary

In this dispute, Mr. H, the plaintiff, provided significant funds to D Limited Liability Company, which was managed by his relatives. Although Mr. H received the profit distribution for over a decade and signed minutes acknowledging his contribution, Mr. H was never officially recorded as a member of the company in the enterprise registration certificates (ERC) or the company’s charter.

When partnering with government agencies (G2B), the risks often come from policy changes and the adoption of new legislation, causing obstacles, delays, and payment backlogs in PPP contracts (especially BT contracts). Following the establishment of Steering Committee 751 (Ban Chỉ Đạo 751) to resolve investment projects with pending legal issues, the Government has recently prepared a Resolution Draft (the Draft) to address approximately 160 transitional BT projects still facing legal obstacles (such projects, “Pending BT Project”).

Focusing specifically on Pending BT Projects where land-use rights serve as the State’s payment mechanism, the following analysis highlights critical issues arising from the proposed changes introduced by this Draft:

On 31 December 2025, the Government issued Decree 356/2025 guiding the implementation of the PDPL 2025, which took effect on 1 January 2026. Decree 356/2025 provides critical detailed guidance and, notably, resolves several ambiguities under the PDPL 2025 framework. This post highlights the key takeaways from this new regulation.

1.         Expansion of "sensitive personal data": ID Cards and login credentials

As compared to the Draft PDPL Decree, Decree 356/2025 expands the scope of sensitive personal data to explicitly include:

On 11 December 2025, the National Assembly adopted new investment law (Investment Law 2025). On this blog, we discuss some key changes in the new Investment Law 2025.

Clarification of business investment conditions

The Investment Law 2025 refines the definition of business investment conditions (Điều kiện đầu tư kinh doanh) by introducing an explicit exclusion: these conditions no longer encompass technical standards and regulations issued by competent authorities concerning product or service quality. This addition narrows the scope of what constitutes a "conditional business line", distinguishing administrative market-entry conditions from mere technical product standards.

In a significant move to streamline the execution of the Land Law 2024, the National Assembly of Vietnam recently passed Resolution 254/2025 on specific policies and mechanism to resolve obstacles in implementation of the Land Law 2024. Effective from 1 January 2026, Resolution 254/2025 is intended to apply alongside the Land Law 2024 and prevails in case of conflict. In essence, Resolution 254/2025 could be considered as an amendment to the Land Law 2024.

In this post, we will summarize the key changes introduced under Resolution 254/2025.

1.           Expanded Scope for Land Recovery

Resolution 254/2025 introduces three additional scenarios under which the State may recover land to promote socio-economic development. Specifically, it now includes:

On 18 December 2025, the Vietnamese government issued Decree 323/2025 on the establishment of Vietnam International Financial Center (VIFC). Decree 323/2025 takes effect immediately and provides guidance for Article 8 and 9 of Resolution 222/2025 of the National Assembly on VIFC. In this post, we discuss some interesting points of Decree 323/2025

1. Single or multiple units

The National Assembly intends that VIFC is one single unit. To confirm this intention, Decree 323/2025 provides that VIFC is a unified legal unit (thực thể pháp lý thống nhất in Vietnamese). However, Vietnamese law does not have definition of legal unit (thực thể pháp lý). In addition, this provision of Decree 323/2025 also seems to contradict with Resolution 222/2025 which defines VIFC as an area with defined geographical boundaries.

However, by locating that single unit into two separate location, putting it under management of multiples authorties, and giving each location a different set of priorities, it is doubtful on how the operation of VIFC can be unified. This is evidenced by:

• The VIFC is oddly named as “Viet Nam International Financial Center in Ho Chi Minh City (VIFC-HCMC) and Viet Nam International Financial Center in Da Nang City (VIFC-DN)” which compries two individual names within one single entity name.

• The Operating Authority and Supervisory Authority of VIFC have legal person status, which implied that these authorities’ legal responsibility is independent with VIFC’s legal responsibility.

The Law on Artificial Intelligence (AI Law), which was passed by the National Assembly on 10 December 2025, is arguably among the most anticipated pieces of legislation of Vietnam in 2025.

Unfortunately, similar to the Law on Digital Technology Industry, Vietnam’s AI Law still feels like a half-baked legislation, which makes it hard to clearly identifying the key players in the artificial intelligence (AI) value chain. This article would examine several key terminologies under the AI Law.