Vietnam has strengthened its legal framework in recent years to ensure data security amid growing cyber threats targeting data.
In the digital era, data has emerged as a strategic resource underpinning the digital economy, national competitiveness, and social stability. Consequently, it has become a prime target for cybercriminals seeking to manipulate behaviour, steal financial assets, undermine public trust, and weaken a nation’s digital sovereignty.
Vietnam’s cybersecurity landscape has witnessed a notable shift in recent years. While the number of cyberattacks recorded in 2025 showed signs of decline, the proportion of organisations suffering actual damage rose to 52.3%. Cyberattacks increasingly target critical sectors, including banking, finance, energy, telecommunications, and government agencies.
According to the Cybersecurity and High-Tech Crime Prevention Department under the Ministry of Public Security (A05), more than 502 million data records were exposed during the third quarter of 2025 alone, the highest figure ever recorded in the country. Such data breaches not only threaten privacy and information security but also provide raw material for increasingly sophisticated AI-powered fraud schemes.
Vu Duy Hien, Deputy Secretary-General and Chief of Office of the National Cybersecurity Association, noted that cyberattacks have evolved from disrupting systems to stealing data, exploiting digital identities, and manipulating user behaviour. As a result, cybersecurity incidents now pose risks that extend beyond economic losses, affecting social trust, national security, and the legitimate rights of citizens in cyberspace.
Experts attribute many recent data leaks to weaknesses in data governance. Common shortcomings include excessive data collection without adequate safeguards, weak access-control mechanisms, insufficient monitoring and early-warning systems, and inadequate assessment of risks associated with data storage, processing, and transfer across multiple platforms and environments.
Against this backdrop, data protection must be integrated into risk governance and management, and security strategies of every public institution, organisation, and enterprise. Effective protection requires comprehensive oversight throughout the entire data lifecycle - from collection and storage to processing, sharing, and deletion - while ensuring transparency, accountability, and traceability.
The National Assembly’s adoption of the Law on Data, effective from July 1, 2025, the Law on Personal Data Protection, effective from January 1, 2026, and the Cybersecurity Law 2025, which will take effect on July 1, 2026, marks a significant step toward building a modern, responsible, and secure data governance system.
These legal documents establish a unified mechanism for regulating data collection, processing, storage, sharing, and cross-border transfers, while addressing fragmentation in data management across sectors. They also provide a stronger foundation for international cooperation, foster trust in Vietnam’s data environment, support digital economic development, and better protect the lawful rights and interests of citizens.
Alongside legal safeguards, technological self-reliance remains essential to strengthening national resilience in cyberspace. Experts stress that enhancing domestic cybersecurity capabilities and promoting responsible digital behaviour among users are equally important. As observed by Nguyen Le Thanh, founder and CEO of cybersecurity firm Verichains, the simple act of taking a few seconds to verify information before sharing it remains a vital line of defence that no artificial intelligence system can fully replace.
Ensuring data security in the digital era therefore requires a comprehensive approach that combines robust legal frameworks, technological autonomy, and heightened public awareness. Only through such coordinated efforts can countries effectively safeguard data sovereignty and maintain public trust in an increasingly interconnected world.
