DPO Radio
AESIRX COMPLIANCEONE REGULATORY FRAMEWORKS
Understand how Vietnam's active laws, implementing decrees, temporary procedures, and draft instruments fit together, and how ComplianceOne turns regulatory obligations into structured workflows and audit trails.


Vietnam has enacted six overlapping regulatory frameworks covering personal data protection, cybersecurity, telecommunications, e-commerce, data governance, and AI. Each framework is administered by a different authority, for example, the Ministry of Public Security (MPS) for personal data or the Ministry of Industry and Trade (MOIT) for e-commerce; each imposes distinct obligations, formats, and response deadlines.
Organizations operating across sectors must comply with multiple frameworks simultaneously, providing operational proof through dossiers, official form labels (Mau so, Phu luc), submission packages, statutory notifications, and other evidence that matches each framework's legal and procedural requirements.
The legal stack is also dynamic. Active parent laws sit alongside implementing decrees, administrative decisions, temporary procedural overlays, and drafts. Good regulatory operations depend on knowing which layer is in force, which is temporary, and which remains preparatory.
When departments work in isolation using disconnected tools, sections get missed, contributor accountability is lost, and the organization cannot demonstrate to regulators who did what or when. Teams across legal, IT, security, HR, marketing, and procurement must coordinate evidence, reviews, approvals, and submissions while maintaining a complete audit history.
ComplianceOne reflects how Vietnam's regulatory system operates and turns those distinctions into governed work. Teams can assign owners, prepare forms and dossiers, collect evidence, review decisions, track authority interactions, and preserve an audit history, while distinguishing active legal requirements from draft and future obligations.
ComplianceOne regulatory frameworks are structured to reflect how Vietnam’s obligations are enforced, so teams can move from high-level requirements to the exact filings, workflows, and evidence needed.
Comprehensive personal data protection framework with a multi-layer operating stack.
Vietnam's primary personal data protection law (91/2025/QH15) establishes obligations for data controllers and processors.
Manage processing and transfer impact assessments, responsible personnel, rights, consent, incidents, evidence packs, and authority interactions. The stack includes Implementation Decree 356, Decision 778, temporary NQ22 procedures, and a separate shared enforcement draft.
Data governance, inventory, classification, sharing, and cross-border data management.
The Vietnam Data Law (60/2024/QH15) establishes enterprise-wide data governance obligations including data inventory and classification, sharing agreements, cross-border data governance, and annual attestation cycles.
Manage data governance workflows, the eleven active Decree 165 forms, and clearly separated readiness for the Draft Decree on Data Exchange Operations.
Telecommunications sector overlay, confidentiality, disclosure controls, and authority cooperation.
Vietnam’s Telecommunications Law (24/2023/QH15) regulates the country's telecom sector, expanding its scope to include modern digital infrastructure. Governed alongside implementation guidance like Decree 163, it brings data centers, cloud computing, and OTT services (e.g., messaging and calls) within the regulatory framework under proportionate obligations.
Maintain sector-specific records for subscriber data, disclosures, authority requests, and responsible handling.
Consolidated cybersecurity obligations, incident response, authority cooperation, and data localization.
The Law on Cybersecurity (LoCS - 116/2025/QH15) effective 1 July 2026, consolidates cybersecurity obligations including incident response and authority cooperation, in-scope system determination, data localization requirements, and security assessment obligations.
Manage incident evidence, authority cooperation, localization readiness, and transition records across the parent law and its implementing, protection, and enforcement instruments.
Risk-based AI governance, system classification, high-risk controls, transparency, and conformity.
Vietnam's AI Law (134/2025/QH15) effective May 1 2026, its Implementing Decree (142/2026/NĐ-CP), and Decision 33/2026/QĐ-TTg establish Vietnam's risk-based AI governance framework.
Manage AI system classification, high-risk controls, conformity evidence, transparency, incidents, monitoring, controlled testing, and the decree’s official forms.
E-commerce governance, marketplace compliance, consumer protection, and digital transaction oversight.
The Law on Electronic Commerce (122/2025/QH15) establishes Vietnam's e-commerce framework. Implementation Decree 248/2026/NĐ-CP provides the operational requirements, while Decision 776/2026/QĐ-TTg sets the implementation roadmap.
Together, they cover platform classification, marketplace governance, consumer protection, transaction transparency, cross-border obligations, and digital commerce compliance.
Manage registration, seller and livestreamer verification, livestream selling, takedowns, complaints, reporting, and accountable marketplace operations.
Ready to see how ComplianceOne handles Vietnamese regulatory obligations operationally? Request a demo tailored to your regulatory landscape.







Legend
In-platform now for active compliance work
Tracked early for impact assessment and planning
Prepared and ready for go-live at effective date
Organizations can explore ComplianceOne by regulatory framework or by operational modules. This allows teams to understand what each regulation requires and how those requirements are executed in practice.
Explore the regulatory frameworks, then speak with us about the obligations your organization needs to operationalize first

Test ComplianceOne with your applicable Vietnamese frameworks - PDPL, Data Law, Cybersecurity, or all seven configured together.

Walk through your Vietnamese regulatory obligations with our team and identify which frameworks and workflows apply to your organization.