Experts have emphasized that combining Vietnam’s Cybersecurity Law and the Law on Network Information Security is necessary to improve management consistency, build a unified legal framework, reduce regulatory overlap, and enhance enforcement efficiency in the fast-evolving digital age.

Since officially connecting to the internet 28 years ago, Vietnam has seized the opportunities of telecommunications and internet development to accelerate its industrialization and modernization process.

The country has actively developed and implemented a range of national programs and strategic plans aimed at fostering IT and digital transformation. These include the National Program on IT, the ICT Development Master Plan to 2025 with a vision to 2030, and the 2020 National Digital Transformation Program.

Policies and laws promoting IT application, digital economy growth, and cybersecurity have gradually been refined.

A major milestone came on December 22, 2024, when the Politburo issued Resolution 57-NQ/TW on a national breakthrough in science, technology, innovation, and digital transformation - marking a new strategic vision to advance national development in the digital age.

The growing urgency of cybersecurity

In the modern digital environment, cybersecurity and network information security are critical for every country. While technology brings opportunity, cyberspace has also become a source of risk, posing growing threats to national security and public order.

The 13th National Party Congress acknowledged that “cybersecurity now has wide-ranging impacts and poses serious threats to the stability and sustainability of nations and regions, including Vietnam.”

Cyberattacks, espionage, and data leaks have grown increasingly dangerous and sophisticated.

Hostile forces exploit cyberspace to spread anti-government propaganda, attack national ideology, and undermine state institutions. Cybercriminals use high-tech tools for fraud, illegal gambling, trafficking, and the trade of illicit goods and fake documents.

Complex and persistent threats to information systems

In recent years, Vietnam has witnessed increasingly complex cyberattacks and espionage targeting critical sectors like finance, energy, and telecom. These attacks, often conducted by international hacker groups, have encrypted data and demanded ransoms, causing operational disruptions and major economic damage.

Many network systems still lack robust cybersecurity frameworks. Infrastructure investments reveal security loopholes, and operational protocols are often inconsistent. Some system administrators remain unprepared to respond to or mitigate incidents.

There are continuing cases of classified government data leaks and the illegal collection and sale of personal information.

Some companies, both domestic and foreign, use specialized software to quietly collect and monetize user data - building massive databases for analysis and sale, often without user consent or proper oversight. Employees with privileged access have exploited this data for personal gain.

On social media and underground forums, illegal data trading networks involving thousands of members operate openly.

Meanwhile, digital anti-government propaganda continues to rise, especially amid global and domestic turbulence, political tensions, and leadership transitions. Adversarial groups intensify disinformation campaigns through social platforms during such events.

Legal reform towards unified governance

To address these growing threats, Vietnam passed the Law on Network Information Security in 2015 and the Cybersecurity Law in 2018. These laws have contributed to improving national cybersecurity and countering digital crime.

In line with Resolution 18-NQ/TW (October 25, 2017), the Government issued Decree 02/2025/ND-CP (effective March 1, 2025), which redefines the Ministry of Public Security’s structure for more efficient, centralized governance.

This decree transferred state management of network information security from the Ministry of Information and Communications to the Ministry of Public Security. The Cybersecurity and High-Tech Crime Prevention Department is now responsible for licensing, data regulation, and network safety oversight.

Ten administrative procedures across three public service areas - network security business licensing, import permits for cybersecurity products, and domain name certification - have been reassigned accordingly.

Given this institutional restructuring, revising and merging legal documents has become an urgent priority.

The integration of the two laws must uphold the following principles: no change to agency roles or functions; no introduction of new policies; compliance with the “single-responsibility” rule in Resolution 18-NQ/TW; and clear delegation of tasks to avoid overlap.

The unified law will only include matters under the National Assembly’s authority, leaving specific implementation guidelines to government ministries.

A fast-tracked but thorough legislative process

The National Assembly's Committee on National Defense, Security, and Foreign Affairs has approved the revised draft law, which merges the 2018 and 2015 statutes into a single, streamlined cybersecurity law.

Although the law is being developed under a fast-track procedure, it still follows all legislative standards. The Ministry of Public Security has conducted public consultations, solicited feedback from 58 government bodies, received legal review from the Ministry of Justice, and engaged with various parliamentary and advisory bodies.

At the 10th session of the 15th National Assembly, the draft law received dozens of detailed suggestions in both plenary and committee sessions.

Why the two laws must be merged

Cybersecurity typically refers to protecting systems from attacks that aim to destroy, steal, or disrupt data and critical national infrastructure. Meanwhile, network information security focuses more on safeguarding data integrity and confidentiality during transmission and processing.

While conceptually distinct, these two areas are deeply interrelated and mutually reinforcing.

Unifying the laws will eliminate legal conflicts, enhance operational efficiency, and create a more comprehensive framework for defending against increasingly complex cyber threats.

It will also foster digital economic growth by providing a transparent legal environment for online services and transactions.

From a global perspective, a consolidated law will help Vietnam better cooperate with international partners on cybercrime prevention and investigation - essential in combating transnational digital threats.

Furthermore, it will enhance the protection of citizens’ personal data and increase legal clarity and compliance for both individuals and businesses.

What’s new in the 2025 Cybersecurity Law

The updated law introduces several notable changes, including a unified definition system and a single lead cybersecurity agency.

Only matters under National Assembly jurisdiction are included, cutting down on repetitive, procedural language to streamline administrative processes.

Key new provisions include:

Mandatory identification of IP addresses by online service providers for cybersecurity authorities

Budget allocations for cybersecurity tasks within government bodies and state-owned enterprises

Promotion of domestic cybersecurity products to build national technological self-reliance

Requirement for cybersecurity certification of individuals managing critical national systems

Strengthened international cooperation, including threat information sharing and joint defense protocols

These reforms will provide Vietnam with a solid legal foundation to meet future digital challenges, safeguard national security, and protect the rights of its citizens in the connected world.

PV