DPO Radio

Measure Value, Not Just Traffic Explore new features in AesirX Analytics

AesirX ComplianceOne | Decision 33 High-Risk AI List

Overview Image

Decision 33/2026/QĐ-TTg: Scope and Current Status

Decision 33/2026/QĐ-TTg was issued by the Prime Minister on 30 June 2026 and takes effect on 15 August 2026. It is an active child instrument beneath Law 134/2025/QH15, issued under the AI Law and Decree 142/2026/NĐ-CP. 

Decision 33 issues Vietnam's official national list of high-risk AI systems. The appendix contains 46 high-risk AI system categories grouped across six sectors: education, ethnic and religious affairs, health, banking, proceedings, and transport. Transport holds the most, with 31 listed categories.

Overview Image

How Decision 33 Relates to the AI Law and Decree 142

The AI Law remains the parent framework. Decree 142 provides the implementing duties and official forms. Decision 33 supplies the official identification layer — the list that determines which AI systems are high-risk.

Decision 33 does not replace Decree 142. When a system matches Decision 33, that match triggers the Decree 142 high-risk workflows: AI system dossier, conformity assessment and risk-management system, transparency and labeling, monitoring, and serious-incident readiness.

Explore the Vietnam AI Law

How High-Risk Status Is Determined

High-risk status is not automatic from sector alone. A system is high-risk where:

  1. It matches a listed Decision 33 category, and
  2. Its applicability conditions are met, it may cause significant harm to life, health, lawful rights and interests, national/public interests, or national security under the AI Law and Decree 142, and it is not excluded under the Decree 142 exclusion rule.

Being superficially similar to a listed category is not sufficient on its own.

SectorListed categoriesExamples
Education3Self-learning content on uncontrolled data; automated testing/ranking of learners; learner-behavior monitoring
Ethnic and religious affairs7Automated scoring/decisions on policy beneficiaries; identity/belief classification for management measures
Health2Surgery-supporting AI / surgical robots; AI-controlled surgical robots
Banking2Automated electronic banking transactions; automated credit-granting decisions
Proceedings1Wide-scale biometric identification for case resolution
Transport31Autonomous road-vehicle control; automated air-traffic management; runway/incursion monitoring; airport security screening

The full 46-category list, with sector grouping and appendix references, is maintained in the regulatory pack and preserved for source traceability. English category titles are platform-prepared translations of the Vietnamese source.

SituationDeadline
Decision 33 effective date15 August 2026
Existing systems (healthcare, education, finance/banking) operating before 15 August 20261 September 2027
Existing systems (other listed sectors) operating before 15 August 20261 March 2027
Systems put into operation within six months of 15 August 20261 March 2027

During transition, listed high-risk systems may continue operating unless a competent authority determines a serious-harm risk and requires suspension or termination under the AI Law.

Overview Image

How ComplianceOne Supports Decision 33 Compliance

ComplianceOne uses Decision 33 as the primary high-risk screening list. Each in-scope AI system can be screened against the 46 categories and their applicability conditions, with the screening decision, rationale, and reviewer recorded.

When a system is classified high-risk, ComplianceOne triggers the Decree 142 high-risk workflows and reuses the existing AI Law / Decree 142 templates — AI system dossier, conformity readiness, transparency and labeling, monitoring, and serious-incident reporting — rather than duplicating them. Sector cross-links connect the system to banking, PDPL, Data Law, cybersecurity, or transport-infrastructure obligations where relevant.

Transition deadlines are tracked per system and sector, and human oversight is preserved: use of a listed system must not change, transfer, or exclude the authority and responsibility of competent agencies, organizations, or individuals. Human review remains required before formal evidence or submission.

Related Modules

Data Classification

Records high-risk screening outcome, rationale, and reclassification history.

Explore Data Classification

DPIA & Assessments

Supports high-risk conformity and risk-management readiness.

Explore Assessments

Program Governance

Coordinates transition deadlines, human oversight, and sector cross-links.

Explore Program Governance

Incident Operations

Manages serious-incident readiness for matched high-risk systems.

Explore Incident Operations

Audit Trail

Preserves screening, classification, and oversight history.

Explore Audit Trail

Compliance Readiness Checklist

Each in-scope AI system is screened against the 46 Decision 33 categories.

High-risk matches record rationale, applicability conditions, and reviewer.

A match triggers the Decree 142 high-risk workflows (dossier, conformity,

monitoring, incidents).

Transition deadlines are tracked per system and sector.

Human oversight, control, and intervention capability is preserved and evidenced.

Sector cross-framework links are recorded where relevant.

Human approval is required before formal evidence or submission.

Background Image

See Decision 33 Compliance in Action

See how ComplianceOne screens AI systems against the high-risk list and triggers the Decree 142 workflows.

Demo Image
Ronni K. Gothard Christiansen

Ronni K. Gothard Christiansen - Technical Privacy Engineer & CEO

Technical Compliance Expert, 32+ Years Open Source Advocate, X-BoD Open Source Matters Inc.

Or contact via

ronni@aesirx.io+84 909 500 760

Frequently Asked Questions

Decision 33 is active. It was issued on 30 June 2026 and takes effect on 15 August 2026.

No. Decision 33 issues an official list of high-risk AI systems. It does not specify fines or penalties and is not a sanctions decree.

No. Decree 142 remains the implementing decree. Decision 33 identifies which systems are high-risk; a match triggers the Decree 142 high-risk workflows.

The appendix lists 46 high-risk AI system categories across six sectors: education, ethnic and religious affairs, health, banking, proceedings, and transport (transport has 31 categories).

Not by itself. High-risk status depends on matching a listed category and its applicability conditions, including significant-harm potential and not being excluded under the Decree 142 exclusion rule.

Next Steps

Icon Image

Start a Compliance Pilot

Test high-risk screening, Decree 142 workflow triggers, and transition-deadline tracking with your team.

Icon Image

Discuss Your Compliance Needs

Review which of your AI systems match the Decision 33 list and what evidence they require.