DPO Radio

Measure Value, Not Just Traffic Explore new features in AesirX Analytics

AesirX ComplianceOne | Decree 142/2026/NĐ-CP AI Law Compliance

Overview Image

Decree 142/2026/NĐ-CP: Scope and Current Status

Decree 142/2026/NĐ-CP was issued on 30 April 2026 and took effect on 1 May 2026. It is an active implementing decree beneath Law 134/2025/QH15 and is led operationally by the Ministry of Science and Technology.

The decree converts the parent law’s governance principles into detailed processes. It covers risk classification, reclassification, high-risk conformity and risk management, transparency and labeling, serious incidents, monitoring, state-agency impact assessment, and controlled testing.

Decree 142 does not provide a statutory monetary fine schedule. Operational risk records should not be presented as enacted fine amounts.

Overview Image

How Decree 142 Relates to the Vietnam AI Law

The AI Law remains the parent framework and source of the primary obligations. Decree 142 supplies the implementing detail, official forms, and procedural evidence needed to operate those obligations.

The decree is not a standalone parent law and is not a draft. Official Dispatch 36 is not treated as a customer-facing framework; future AI instruments remain roadmap matters until promulgated.

Explore the Vietnam AI Law

Technical Provisions and Compliance Obligations

AreaOperational RequirementEvidence to Maintain
AI system classificationClassify systems using risk-based criteria and review material changesSystem context, rationale, evidence, reviewer, and approval
High-risk AIMaintain conformity assessment and risk-management recordsAssessment, controls, findings, remediation, and monitoring
Transparency and labelingSupport disclosure, explanation, technical marking, and visible labeling where applicablePublished notices, labels, design decisions, and test evidence
Serious incidentsAssess, report, investigate, and remediate serious AI incidentsIncident record, notification proof, investigation, and closure
Ongoing monitoringReview system behavior, changes, and risk after deploymentMonitoring results, alerts, decisions, and reclassification history
Controlled testingManage sandbox application, monitoring, reporting, incidents, extensions, and completionApplication, authority outcome, reports, and completion evidence
Ecosystem supportTrack participation in support or infrastructure programs where relevantEligibility, application, participation, and outcome records

Official Forms

Decree 142 introduces eighteen official forms, Mẫu AI01a through Mẫu AI09b. They cover serious incidents, state-agency impact assessment, controlled-testing applications and extensions, authority-issued certificates or confirmations, periodic reporting, limit exceedance, and completion.

Authority-generated forms are retained as authority outcome evidence rather than treated as organization-completed forms.

Overview Image

How ComplianceOne Supports Decree 142 Compliance

ComplianceOne maintains an owned AI system record with classification context, rationale, evidence, review, and approval. Changes in purpose, data, users, deployment, or behavior can trigger a reassessment rather than leaving the original classification untouched.

High-risk controls, conformity assessment, transparency, labeling, and monitoring work can be assigned to responsible contributors. Findings and remediation remain linked to the system and the applicable review.

Serious incidents can be managed with linked evidence, notifications, investigation, and closure. Controlled-testing records connect the official forms to supporting evidence and authority outcomes throughout the sandbox lifecycle.

Human approval remains required for formal evidence and submissions, including where Forseti AI assists with analysis or drafting.

Related Modules

Incident Operations

Manages AI incident evidence, investigation, remediation, and closure.

Explore Incident Operations

Data Classification

Records risk classification, rationale, and reclassification history.

Explore Data Classification

Program Governance

Coordinates assessments, controls, monitoring, and ownership.

Explore Program Governance

Compliance Forms

Supports eighteen official Decree 142 forms and authority outcomes.

Explore Compliance Forms

Audit Trail

Preserves evidence, change, review, approval, and submission history.

Explore Audit Trail

Compliance Readiness Checklist

Organizations implementing Decree 142 compliance should confirm:

Every in-scope AI system has an owner and current system record.

Risk classifications include rationale, evidence, review, and approval.

Material changes can trigger reassessment and reclassification.

High-risk conformity and risk-management evidence is linked to the system.

Transparency, labeling, explanation, and monitoring decisions are recorded.

Serious incident processes connect notification, investigation, and remediation.

Controlled-testing cases use the applicable official forms and retain authority outcomes.

Human approval is required before formal evidence or submission.

Background Image

Book a Demo

Ready to see how ComplianceOne's command center, guided setup, platform administration, and AI advisor work together in practice? Request a personalized demo with your compliance scenarios.

Demo Image
Ronni K. Gothard Christiansen

Ronni K. Gothard Christiansen - Technical Privacy Engineer & CEO

Technical Compliance Expert, 32+ Years Open Source Advocate, X-BoD Open Source Matters Inc.

Or contact via

ronni@aesirx.io+84 909 500 760

Frequently Asked Questions

Decree 142 is active. It was issued on 30 April 2026 and took effect on 1 May 2026 as the implementing decree beneath Vietnam’s AI Law.

It includes eighteen official forms, Mẫu AI01a through Mẫu AI09b, covering serious incidents, state-agency impact assessment, and controlled-testing processes.

No. The decree uses risk-based classification and includes additional requirements for higher-risk systems. The system’s purpose, context, data, users, and changes all matter to the governance record.

No. The decree establishes obligations, procedures, forms, and reporting expectations but does not provide a monetary fine schedule.

No. Forseti AI may assist with analysis or drafting, but a human reviewer must approve formal evidence and submission material.

Next Steps

Icon Image

Start a Compliance Pilot

Test AI classification, high-risk controls, incidents, and sandbox evidence.

Icon Image

Discuss Your Compliance Needs

Review your Decree 142 scope, forms, controls, and evidence readiness.