DPO Radio

Measure Value, Not Just Traffic Explore new features in AesirX Analytics

AesirX ComplianceOne | Vietnam Compliance

Feature IconAESIRX COMPLIANCEONE REGULATORY FRAMEWORKS

Operational Compliance for Vietnam's 6 Overlapping Regulatory Frameworks

Built Vietnam-first with local forms, MPS filing workflows, and multi-department coordination for real regulatory operations.

Icon Image
Overview Image

Why Compliance Operations Matter in Vietnam

Vietnam has enacted six overlapping regulatory frameworks covering personal data protection, cybersecurity, telecommunications, e-commerce, data governance, and AI. Each framework is administered by a different authority – the Ministry of Public Security (MPS) for personal data, the Ministry of Industry and Trade (MOIT) for e-commerce, the Ministry of Information and Communications (MIC) for telecommunications – and each imposes distinct filing obligations, dossier formats, and response deadlines. Organizations operating across sectors must comply with multiple frameworks simultaneously.

Policy documents alone do not satisfy these obligations. Vietnam's regulatory model requires operational proof: filed dossiers with official form labels (Mau so, Phu luc), submission packages validated for completeness, breach notifications within statutory windows, and cross-border transfer impact assessments routed through defined authority channels. An organization that has a privacy policy but cannot produce a properly labeled DPIA dossier for MPS has not met its obligations.

The operational challenge is compounded by multi-department dependencies. A single DPIA filing may require input from legal, IT security, HR, marketing, and procurement – each contributing specific sections under a shared deadline. When departments work in isolation using disconnected tools, sections get missed, contributor accountability is lost, and the organization cannot demonstrate to regulators who did what or when.

Western GRC tools assume GDPR-derived patterns – supervisory authority notifications, DPO-centric workflows, and EU-standard templates. Vietnam's filing model is structurally different: dossier-based submissions to MPS with annexed forms prescribed by decree, authority interaction channels specific to each framework, and administrative procedures governed by Decision 778. ComplianceOne is built for these operational patterns from the ground up, with Vietnamese-language forms, official template IDs, and workflows that match how Vietnamese regulatory compliance actually works.

Regulatory Frameworks

ComplianceOne regulatory frameworks are structured to reflect how Vietnam’s obligations are enforced, so teams can move from high-level requirements to the exact filings, workflows, and evidence needed.

Vietnam Personal Data Protection Law (PDPL)

Comprehensive personal data protection – filing, rights, cross-border transfers, breach notification.

Vietnam's primary personal data protection law (91/2025/QH15) establishes obligations for data controllers and processors including DPIA dossier filing to MPS, data subject rights fulfillment, cross-border transfer impact assessments, and breach notification within statutory deadlines. Administered by the Ministry of Public Security.

Vietnam Personal Data Protection Law (PDPL)

Vietnam Data Law

Umbrella data governance – inventory, classification, sharing, cross-border governance.

The Vietnam Data Law (60/2024/QH15) establishes enterprise-wide data governance obligations including data inventory and classification, sharing agreements, cross-border data governance, and annual attestation cycles. Implementing decree (ND 165) defines 11 official form templates.

Vietnam Data Law

Vietnam Telecom Law

Telecommunications sector overlay – confidentiality, disclosure controls, authority cooperation.

The Telecommunications Law 2023 (43/2023/QH15) imposes sector-specific obligations on telcos, ISPs, and platform companies including subscriber data confidentiality, lawful disclosure controls, and authority request response procedures. Administered by the Ministry of Information and Communications.

Vietnam Telecom Law

Vietnam Law on Cybersecurity

Consolidated cybersecurity obligations – incident response, authority cooperation, data localization.

The Law on Cybersecurity (116/2025/QH15) consolidates cybersecurity obligations including incident response and authority cooperation, in-scope system determination, data localization requirements, and security assessment obligations. Effective 2026-07-01, replacing the previous cybersecurity law.

Vietnam Law on Cybersecurity

Vietnam AI Law 2026

AI system governance – registration, impact assessment, incident reporting, sandbox applications

Vietnam's AI Law establishes governance requirements for AI systems including system registration and classification, impact assessments, incident reporting obligations, and regulatory sandbox applications. Currently active and awaiting its implementing decree for detailed procedural requirements.

Vietnam AI Law 2026

Vietnam Law on E-Commerce

E-commerce platform obligations – registration, consumer data, marketplace compliance.

The Law on Electronic Commerce (122/2025/QH15) establishes obligations for e-commerce platforms including marketplace registration, consumer data protection, and platform classification requirements. Administered by the Ministry of Industry and Trade with provisional form templates for registration filings.

Vietnam Law on E-Commerce
Background Image

See Vietnam Compliance in Action

Ready to see how ComplianceOne handles Vietnamese regulatory obligations operationally? Request a demo tailored to your regulatory landscape.

Demo Image
Tu Pham

Tu Pham - Country Manager, AesirX

Head of Risk with 15+ years in fintech and banking across ERM, compliance, fraud, audit, and regulatory frameworks.

Or contact via

tu@aesirx.io+84 918098010

Regulatory Frameworks

Icon Image
Vietnam Personal Data Protection Law (91/2025/QH15)
Decree 356/2025/ND-CP (PDPL Implementation)
MPS A05 Administrative Procedures (Decision 778/QĐ-BCA-A05)
Vietnam PDPL (Decree 13/2023 era)
Decree 13 – PDPL Operational Baseline
Draft Enforcement Decree 2026
Icon Image
Vietnam Data Law
Icon Image
Vietnam Telecom Law 2023
Icon Image
Vietnam Cybersecurity Law (116/2025/QH15)
Vietnam Cybersecurity Law (24/2018 era)
Decree 53 – Cybersecurity Law Implementation
Draft Enforcement Decree 2026
Icon Image
Vietnam AI Law (134/2025/QH15)
Icon Image
Vietnam E-Commerce Law (122/2025/QH15)

Legend

Active

In-platform now for active compliance work

Upcoming

Tracked early for impact assessment and planning

Draft

Prepared and ready for go-live at effective date

Superseded

Retained for historical traceability and audits

Modules Included

Organizations can explore ComplianceOne by regulatory framework or by operational modules. This allows teams to understand what each regulation requires and how those requirements are executed in practice.

Data Privacy & Rights

Data Privacy & Rights

Vendor & Third- Party Management

Vendor & Third- Party Management

Risk & Assessment

Risk & Assessment

Operations & Automation

Operations & Automation

Task & Workflow Management

Task & Workflow Management

Explore the Modules

Explore the regulatory frameworks, then speak with us about the obligations your organization needs to operationalize first

Icon Image

Start a Compliance Pilot

Test ComplianceOne with your applicable Vietnamese frameworks - PDPL, Data Law, Cybersecurity, or all seven configured together.

Icon Image

Discuss Your Compliance Needs

Walk through your Vietnamese regulatory obligations with our team and identify which frameworks and workflows apply to your organization.

Symbol Image
Footer logo

The evolution of Aesir is Aesir + AesirX Icon (the Norse symbol for Necessity)"Needed in order to achieve a particular result"

Join the AesirX Privacy Newsletter. Stay Informed. Stay Compliant.

Solutions

Resources

Support

Partnership Opportunities

Terms of ServicePrivacy PolicyRefund Policy

Copyright @ 2026 AesirX
My Data Awards TechMy Data Awards BusinessMicrosoft Logo
Join our Community