Stronger legal framework for cybersecurity
The new law consolidates and updates relevant provisions of the 2018 Law on Cybersecurity and the 2015 Law on Cyberinformation Security, creating a more coherent legal foundation for cybersecurity governance.
It further strengthens regulations on protecting national sovereignty, jurisdiction, and interests in cyberspace, requiring all online activities to comply with Vietnam's Constitution and laws and preventing cyberspace from being exploited to undermine national security, State interests, or the legitimate rights and interests of organizations and individuals.
    |
 |
|
Vietnam's 2025 Law on Cybersecurity takes effect on July 1. |
The law also introduces more comprehensive provisions on data security, information system protection, and measures to prevent, detect, and address cybersecurity violations. It prioritizes prevention, enhances early warning and incident response capabilities, and links cybersecurity with maintaining social order and security amid rapid digital transformation.
In addition, the law clarifies the responsibilities of government agencies, businesses, and citizens, placing people and data at the center of cybersecurity while strengthening the protection of human rights, civil rights, and vulnerable groups in the digital environment.
To combat high-tech crime, it establishes a clearer legal framework with well-defined responsibilities and authority, enabling specialized cybersecurity forces to proactively prevent, detect, and effectively tackle cybercrime.
Tougher rules on AI, deepfake and digital identity
In response to the growing misuse of artificial intelligence (AI) and deepfake technology to create and spread false information, the law imposes strict penalties on both the creation and dissemination of AI-generated fake content. Digital platforms will also be held accountable if they fail to verify, monitor, or remove illegal content as required by competent authorities. Violations involving personal data will be subject to severe penalties in line with international practice.
The legislation also tightens oversight of social media groups, requiring administrators to monitor content and bear responsibility for violations occurring within their communities.
For electronic know-your-customer (e-KYC) verification, the law mandates authentication mechanisms for social media accounts, bank accounts, and cell phone numbers to combat anonymous SIM cards and bank accounts registered under false identities. Cross-border service providers will also face stricter compliance obligations.
Putting people at the center of cybersecurity
The 2025 Law on Cybersecurity places strong emphasis on protecting human rights, civil rights, and the lawful rights and interests of organizations and individuals, with particular attention given to vulnerable groups such as children, adolescents, and older adults.
According to Lieutenant General Le Xuan Minh, Director of the Ministry of Public Security’s Department of Cybersecurity and High-Tech Crime Prevention, while the digital environment offers enormous opportunities, it also exposes people to growing risks, including online fraud, personal data breaches, disinformation, and online child abuse.
To ensure the law is effectively implemented, he stressed the need to strengthen public awareness campaigns, legal education, and digital literacy, while promoting the role of families, schools, and organizations in guiding the safe use of the internet and helping detect and prevent online exploitation, grooming, and other cyber-related offenses.
Online service providers are also required to fulfill their responsibilities by issuing risk warnings, detecting and removing illegal content, and establishing accessible reporting mechanisms, particularly for vulnerable users.
Minh also underscored the importance of equipping people with practical skills to identify fake news, online scams, data theft, and account hijacking, alongside promoting basic cybersecurity practices to help citizens better protect themselves in the digital environment.
He added that combining public education with stricter inspection and enforcement would enhance deterrence, strengthen public confidence in cybersecurity law enforcement, and contribute to building a safer, healthier, and more secure cyberspace for all.
Source: VNA