Key points under Decree 356/2025 guiding the Personal Data Protection Law (PDPL 2025)

On 31 December 2025, the Government issued Decree 356/2025 guiding the implementation of the PDPL 2025, which took effect on 1 January 2026. Decree 356/2025 provides critical detailed guidance and, notably, resolves several ambiguities under the PDPL 2025 framework. This post highlights the key takeaways from this new regulation.

1.         Expansion of "sensitive personal data": ID Cards and login credentials

As compared to the Draft PDPL Decree, Decree 356/2025 expands the scope of sensitive personal data to explicitly include:

Read MoreInfo
Comment
Written by Lawyers VNLaw On In

Key Terminologies under Vietnam’s AI Law

The Law on Artificial Intelligence (AI Law), which was passed by the National Assembly on 10 December 2025, is arguably among the most anticipated pieces of legislation of Vietnam in 2025.

Unfortunately, similar to the Law on Digital Technology Industry, Vietnam’s AI Law still feels like a half-baked legislation, which makes it hard to clearly identifying the key players in the artificial intelligence (AI) value chain. This article would examine several key terminologies under the AI Law.

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In

Compliance Burdens For Vietnamese Companies Under New Conditional Data-Related Business Lines

Under Data Law 2024 and the Law on Personal Data Protection 2025 (PDPL 2025), several data-related services, including “personal data processing service” (dịch vụ xử lý dữ liệu cá nhân), personal data protection service (DPO Service), data intermediary service, data trading floor and data synthesis and analysis service (collectively, New Data-Related Services) are now designated as conditional business sectors. The New Data-Related Services (which could include dozen of sub-services) are subject to specific licenses and operational conditions. In the past, data processing or exploitation services in Vietnam were not classified as conditional business lines, allowing providers to operate with limited regulatory prerequisites.

In short, the Government has arguably created (or at least intended to create) more than just a regulatory system; it has established a complex compliance economy. This new framework tethers businesses to a costly ecosystem of mandatory intermediaries, from licensing consultants to training centers and credit rating agencies. To remain operational, enterprises must now absorb the dual burden of initial licensing fees and the recurring costs of maintaining qualified staff and ratings. As these obligations mount, the pressing question remains: will this expensive bureaucracy actually reduce the daily scam calls and messages suffered by Vietnamese citizens, or simply increase the cost of doing business?

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In ,

A few comments on Vietnam’s Legal Concept of Digital Assets

In recent years, digital assets have been at the forefront of regulatory discussions worldwide. Vietnam is also making an effort to create a legal framework for its 100-billion-dollar market with the issuance of the 2025 Law on Digital Technology Industry – which is the first to introduce the legal definition of “digital assets”, and the Resolution 05/2025/NQ-CP greenlighting pilot program for the cryptographic digital assets market (Resolution 05/2025).

With the effective date of the Law on Digital Technology Industry fast approaching, we have a few comments on the current legal concept of digital assets in Vietnam, which we find to be rudimentary and raises more questions than answers.

Read MoreInfo
Comment
Written by Lawyers VNLaw On In ,