NEW YORK, MARCH 13, 2026 - AesirX today announced AesirX ComplianceOne, a self-hosted Governance, Risk and Compliance (GRC) platform designed for organizations operating under Vietnam’s evolving regulations, including the Personal Data Protection Law (PDPL) and its implementing decree, the Data Law, cybersecurity legislation, the AI Law, the Telecommunications Law, and the Law on E-Commerce.
ComplianceOne is built for how Vietnamese banks, telcos, payment institutions, and large enterprises must operate in practice - with standardized dossier expectations, workflow-driven compliance, audit-grade evidence, and cross-border governance that must hold up under scrutiny. It connects web consent to back-end compliance execution so organizations can move from ‘policy compliance’ to ‘operational proof.’’
“Vietnam’s enforcement direction is becoming process-driven and evidence-driven,” said Ronni K. Gothard Christiansen, Technical Privacy Engineer and CEO of AesirX. “ComplianceOne is built for that reality - dossiers, registers, workflows, and audit-grade evidence that can be produced consistently when regulators, procurement, or incidents demand it.”
Why Now
Vietnam's regulatory environment has shifted from documentation to demonstrable execution. With the PDPL effective from 2026 and accompanied by implementing rules and standardized administrative procedures, organizations increasingly need to show active compliance programs – structured records, traceable workflows, exportable evidence packs, and rights-request handling that can be measured against timelines.
In parallel, the Data Law expands governance obligations at the system level and increases pressure on cross-border governance discipline.
Spreadsheets and email chains do not scale to this enforcement reality, especially when incidents occur, vendors change, cross-border flows evolve, or authorities request evidence in specific formats.
What ComplianceOne Is
ComplianceOne is a self-hosted GRC (governance, risk, and compliance) platform - built for Vietnam and deployed inside the customer’s own infrastructure so data remains within the organization’s control.
Key capabilities include:
- Rights Requests (DSR/DSAR) case management with structured workflows, SLA tracking, identity checks, evidence collection, and exportable response packs.
- Data Mapping and RoPA inventory of systems, data categories, purposes, retention, and data flows with cross-border indicators.
- DPIA and Assessments with scoring, mitigation tracking, approvals, and dossier exports.
- Vendor Governance with sub-processor tracking, cross-border documentation, drift detection, and deletion playbooks.
- Consent Governance with version-controlled policies, CMP integration, and drift detection between approved policy and deployed runtime.
- Incident Response intake, triage, severity scoring, timelines, and evidence packs prepared for submission.
- Audit Trail with timestamped actor logs for sensitive operations, including view, export, approve, and delete events.
Modules operate as one connected system with a unified task engine, shared audit trail, and compliance program dashboard.
Proof by Design
ComplianceOne generates audit logs for sensitive actions and supports role-based access controls and separation of duties. Sensitive fields can be masked and revealed only through controlled exception paths. For high-assurance environments, optional cryptographic anchoring is available to strengthen integrity guarantees for exported evidence packs.
The result: when a regulator asks for evidence, or an enterprise RFP requires traceable workflows, organizations can export a structured dossier rather than assembling ad hoc document folders.
Availability
ComplianceOne is available now. A live demo environment is accessible for evaluation , and AesirX will release updated landing pages and three ready-to-deploy packages this Friday as part of its official market rollout.
Vietnam contact:
Tu Pham, Country Manager - tu@aesirx.io | +84 918 098 010
To learn more, visit: https://aesirx.io/compliance-one
About AesirX
AesirX builds privacy-first, self-hosted compliance infrastructure for regulated organizations. Its platforms are designed to help enterprises run governance workflows, produce audit-grade evidence, and maintain data sovereignty across complex vendor and cross-border environments.
References
- PDPL Law No. 91/2025/QH15 effective 01/01/2026
- Decree 356/2025/ND-CP effective 01/01/2026
- Decision 778/QĐ-BCA-A05 dated 09/02/2026 (admin procedures)
- Data Law No. 60/2024/QH15 effective 01/07/2025
- AI Law No. 134/2025/QH15 effective 01/03/2026
- E-Commerce Law No. 122/2025/QH15 effective 01/07/2026
- Cybersecurity Law No. 116/2025/QH15 effective 01/07/2026
