Nguyễn Tiến Đức. — Photo courtesy of Nguyễn Tiến Đức

HÀ NỘI — Captain Nguyễn Tiến Đức from the Cybersecurity and High-Tech Crime Prevention Department under the Ministry of Public Security speaks to Việt Nam News and Law reporter Thu Trang about notable new provisions in the 2025 Law on Cybersecurity.

What are the breakthroughs and significance of the law?

As global digital transformation accelerates, cyberspace has become a critical environment for socio-economic development, public service delivery, business operations and people’s everyday lives. With more than 85 million internet users, over 127 million active mobile subscriptions and approximately 7.7 billion networked devices, Việt Nam’s cyberspace is not only a growth engine for the digital economy but also a strategic domain for defence and security.

However, alongside these opportunities, cyberspace continues to present numerous challenges. Cybercrime is becoming increasingly sophisticated, distortions and attacks on cybersecurity persist, online fraud and personal data theft continue and false, harmful and malicious information spreads rapidly. The misuse of artificial intelligence (AI) and Deepfake technologies to falsify information and manipulate public perception is also increasing in both scale and sophistication.

This situation creates an urgent need not only to build a secure digital ecosystem but also to protect personal data, honour, dignity, the right of access to information and citizens’ safety, while enhancing trust in the digital environment and preserving national stability.

The adoption of the 2025 Law on Cybersecurity by the 15th National Assembly, which will take effect on July 1 this year, is therefore highly significant. The law not only completes the legal framework on cybersecurity but also demonstrates the Party and State’s determination to build a safe, healthy, stable and sustainable cyberspace in support of national development and international integration.

One of the law’s breakthroughs is the establishment of a unified, coherent and modern legal framework for state management of cybersecurity.

Previously, cybersecurity-related provisions were scattered across various legal instruments, resulting in fragmentation and overlap in governance. The new law seeks to standardise the legal framework by clearly defining its scope, management principles and coordination mechanisms among relevant agencies and organisations.

Notably, it introduces a significant shift in state management from a respond-and-remedy approach to proactive prevention, early detection and remote pre-emptive disruption of cybersecurity threats.

Importantly, the concept of data security is, for the first time, enshrined as a central element of cybersecurity policy and legislation.

As data increasingly becomes a strategic asset, the law introduces numerous provisions aimed at strengthening the protection of personal data, important data and core data related to national security.

It strictly prohibits the unlawful collection, trade or transfer of personal data and establishes a legal framework to support the development of digital services that protect user information and ensure data safety in online environments.

The law also establishes a rapid-response accountability mechanism for digital platforms. Under this mechanism, intermediary online service providers are required to remove or otherwise handle unlawful content within a maximum of 24 hours after receiving a lawful request from a competent authority. In emergencies affecting national security, the response time is shortened to six hours.

This provision is considered particularly important for improving the prevention and suppression of fraud, online scams, harmful information and acts that infringe the legitimate rights and interests of organisations and individuals online.

At the same time, the new Law on Cybersecurity establishes an initial legal framework governing AI and other emerging digital technologies. It expressly prohibits the misuse of AI and Deepfake technologies to fabricate images, voices or false information for unlawful purposes.

This demonstrates Việt Nam’s proactive and timely legislative response to emerging digital challenges while reaffirming the consistent view that technological development must go hand in hand with social responsibility, technological ethics and the protection of people in the digital environment.

How does the law protect citizens’ rights and promote international integration?

As digital data becomes a core resource of the digital economy, rights relating to information and personal privacy are assuming an increasingly important role. The law prohibits the unlawful collection, sale, exchange or use of personal data and strengthens online protection mechanisms for users, particularly children, older people, women and other vulnerable groups.

In addition, the law emphasises the responsibility of online service providers to implement appropriate protective measures in accordance with the principles of safety, security, confidentiality, transparency and accountability. It also enables citizens to access accurate and reliable information while promoting the healthy development of Việt Nam’s cyberspace.

Notably, on March 23 this year, the Prime Minister approved Decision No. 468/QĐ-TTg endorsing the programme Protecting and Supporting Children’s Healthy and Creative Interaction in Cyberspace for the 2026–2030 Period.

The decision is considered highly significant and reflects the Government’s strong commitment to building a safe and healthy online environment for children, improving digital skills and self-protection abilities and supporting children’s safe and responsible internet use.

It is also seen as a clear illustration of Việt Nam’s consistent position that technological development must be linked to protecting people, especially children, who represent the country’s future.

As cybercrime increasingly transcends national borders, no country can effectively address cybersecurity challenges alone without international cooperation.

Việt Nam’s enactment of the 2025 Law on Cybersecurity, together with its active participation in international cooperation mechanisms, demonstrates its role as a responsible member of the international community.

Việt Nam’s early ratification of the United Nations Convention against Cybercrime, along with the incorporation of many compatible provisions into the new Law on Cybersecurity, reflects the country’s proactive approach to international integration and participation in shaping global principles and rules.

Through the law, Việt Nam continues to expand international cooperation in investigating and handling cross-border cybercrime, sharing information and early warnings on cyber threats, cooperating on capacity building and technology transfer and coordinating data protection and legal governance in the digital environment.

Through these measures, Việt Nam sends a clear message: safeguarding cyberspace is not intended to restrict human rights, but to create a safe and trustworthy digital environment in which every citizen can fully enjoy their lawful rights and interests in the digital era.

The National Assembly Standing Committee gives an opinion on the Law on Cybersecurity 2025 in a session on September 23, 2025. — VNA/VNS Photo Doãn Tấn

What should people do to ensure the law is effectively implemented in practice?

For the law to be effectively implemented in practice, concerted participation is required from the entire political system, the business community and society as a whole.

Going forward, attention should focus on several key tasks.

First, the system of detailed legal documents and implementation guidelines must be urgently completed to ensure consistency, feasibility and uniformity before the law comes into force.

Second, communication and public education on cybersecurity law should be strengthened, particularly on issues related to personal data protection, child protection and skills for preventing and combating online fraud.

Third, investment in technical infrastructure should be increased alongside the development of human resources and stronger technological self-reliance, while promoting a Made-in-Việt Nam ecosystem for cybersecurity products and services.

Fourth, citizens’ digital resilience should be enhanced, particularly among pupils, students, older people, ethnic minority communities living in remote areas and other vulnerable groups in cyberspace.

Fifth, international cooperation should continue to expand through stronger information sharing, coordinated responses to cybersecurity incidents and joint efforts to combat transnational cybercrime.

The adoption of the law marks an important step in completing the digital governance framework and protecting national sovereignty in cyberspace.

The law not only provides a legal foundation for ensuring cybersecurity but also clearly reflects the Party and State’s consistent stance on protecting human and civil rights, promoting digital economic development and strengthening international integration.

With the motto of placing the people at the centre, security as the foundation and sustainable development as the goal, there are strong grounds to believe that the 2025 Law on Cybersecurity will contribute to building a Vietnamese cyberspace that is safe, trustworthy, healthy and humane, effectively serving national construction and defence in the new era. — VNS