DPO Radio

Decree 142/2026/NĐ-CP was issued on 30 April 2026 and took effect on 1 May 2026. It is an active implementing decree beneath Law 134/2025/QH15 and is led operationally by the Ministry of Science and Technology.
The decree converts the parent law’s governance principles into detailed processes. It covers risk classification, reclassification, high-risk conformity and risk management, transparency and labeling, serious incidents, monitoring, state-agency impact assessment, and controlled testing.
Decree 142 does not provide a statutory monetary fine schedule. Operational risk records should not be presented as enacted fine amounts.

The AI Law remains the parent framework and source of the primary obligations. Decree 142 supplies the implementing detail, official forms, and procedural evidence needed to operate those obligations.
The decree is not a standalone parent law and is not a draft. Official Dispatch 36 is not treated as a customer-facing framework; future AI instruments remain roadmap matters until promulgated.
| Area | Operational Requirement | Evidence to Maintain |
|---|---|---|
| AI system classification | Classify systems using risk-based criteria and review material changes | System context, rationale, evidence, reviewer, and approval |
| High-risk AI | Maintain conformity assessment and risk-management records | Assessment, controls, findings, remediation, and monitoring |
| Transparency and labeling | Support disclosure, explanation, technical marking, and visible labeling where applicable | Published notices, labels, design decisions, and test evidence |
| Serious incidents | Assess, report, investigate, and remediate serious AI incidents | Incident record, notification proof, investigation, and closure |
| Ongoing monitoring | Review system behavior, changes, and risk after deployment | Monitoring results, alerts, decisions, and reclassification history |
| Controlled testing | Manage sandbox application, monitoring, reporting, incidents, extensions, and completion | Application, authority outcome, reports, and completion evidence |
| Ecosystem support | Track participation in support or infrastructure programs where relevant | Eligibility, application, participation, and outcome records |
Decree 142 introduces eighteen official forms, Mẫu AI01a through Mẫu AI09b. They cover serious incidents, state-agency impact assessment, controlled-testing applications and extensions, authority-issued certificates or confirmations, periodic reporting, limit exceedance, and completion.
Authority-generated forms are retained as authority outcome evidence rather than treated as organization-completed forms.

ComplianceOne maintains an owned AI system record with classification context, rationale, evidence, review, and approval. Changes in purpose, data, users, deployment, or behavior can trigger a reassessment rather than leaving the original classification untouched.
High-risk controls, conformity assessment, transparency, labeling, and monitoring work can be assigned to responsible contributors. Findings and remediation remain linked to the system and the applicable review.
Serious incidents can be managed with linked evidence, notifications, investigation, and closure. Controlled-testing records connect the official forms to supporting evidence and authority outcomes throughout the sandbox lifecycle.
Human approval remains required for formal evidence and submissions, including where Forseti AI assists with analysis or drafting.
Manages AI incident evidence, investigation, remediation, and closure.
Explore Incident OperationsRecords risk classification, rationale, and reclassification history.
Explore Data ClassificationCoordinates assessments, controls, monitoring, and ownership.
Explore Program GovernanceSupports eighteen official Decree 142 forms and authority outcomes.
Explore Compliance FormsPreserves evidence, change, review, approval, and submission history.
Explore Audit TrailOrganizations implementing Decree 142 compliance should confirm:
Ready to see how ComplianceOne's command center, guided setup, platform administration, and AI advisor work together in practice? Request a personalized demo with your compliance scenarios.

Decree 142 is active. It was issued on 30 April 2026 and took effect on 1 May 2026 as the implementing decree beneath Vietnam’s AI Law.
It includes eighteen official forms, Mẫu AI01a through Mẫu AI09b, covering serious incidents, state-agency impact assessment, and controlled-testing processes.
No. The decree uses risk-based classification and includes additional requirements for higher-risk systems. The system’s purpose, context, data, users, and changes all matter to the governance record.
No. The decree establishes obligations, procedures, forms, and reporting expectations but does not provide a monetary fine schedule.
No. Forseti AI may assist with analysis or drafting, but a human reviewer must approve formal evidence and submission material.

Test AI classification, high-risk controls, incidents, and sandbox evidence.

Review your Decree 142 scope, forms, controls, and evidence readiness.