Vietnam: Policy Foundations Focused on National Development

Vietnam made history in December 2025 when the National Assembly passed Law No. 134/2025/QH15 — the country's first comprehensive AI legislation and one of the earliest binding AI laws in Southeast Asia. Effective March 1, 2026, the law establishes a risk-based regulatory framework governing AI development, deployment, and use across both public and private sectors. It applies to domestic and foreign entities operating AI systems in Vietnam, covering everything from algorithmic transparency and data governance to high-risk AI classification and cross-border data flows. The law positions Vietnam as a regional leader in AI governance, moving beyond voluntary guidelines to enforceable regulation with clear compliance timelines and penalties.

Vietnam's AI landscape has shifted from fragmented policy guidance to a unified legal framework. The 2025 AI Law introduces mandatory risk assessments for high-risk AI systems in sectors like finance, healthcare, education, and public safety. Organizations must register high-risk AI systems with the Ministry of Science and Technology (MOST) and conduct impact assessments before deployment. The law mandates algorithmic transparency requirements, giving individuals the right to know when they are interacting with AI and to request human review of automated decisions that significantly affect them. A new National AI Committee has been established to coordinate policy implementation across ministries, while sector-specific guidance is being developed for priority industries. The law also creates a regulatory sandbox program to allow controlled testing of innovative AI applications under supervised conditions.

The law applies broadly to any organization developing, deploying, or operating AI systems within Vietnam — including foreign companies serving Vietnamese users. Technology firms, startups, financial institutions, hospitals, educational platforms, and government agencies all fall under its scope. Multinational companies with Vietnamese operations face new compliance obligations around data localization for sensitive AI training data and mandatory incident reporting. The law introduces tiered compliance timelines: high-risk sectors (finance, healthcare, education) have an 18-month grace period until September 2027 to achieve full compliance, while other sectors have 12 months until March 2027. Small and medium enterprises (SMEs) with fewer than 200 employees receive extended timelines and simplified reporting requirements, reflecting Vietnam's commitment to balancing regulation with its thriving startup ecosystem.

The law is built on five foundational principles: human-centric AI development that prioritizes safety and well-being; transparency and explainability in automated decision-making; fairness and non-discrimination in AI outputs; accountability through clear chains of responsibility from developers to deployers; and national security and data sovereignty protections. Vietnam's framework draws on elements of both the EU AI Act's risk-based approach and China's targeted AI regulations, while incorporating ASEAN-specific considerations around digital economic integration. The law establishes four risk tiers — minimal, limited, high, and unacceptable — with progressively stricter obligations. Prohibited AI applications include social scoring systems, real-time mass biometric surveillance without judicial authorization, and AI systems designed to exploit vulnerable populations. The framework also emphasizes AI literacy and workforce development as national priorities.

For businesses operating in Vietnam, the AI Law creates both compliance obligations and strategic opportunities. Companies deploying high-risk AI must appoint a designated AI compliance officer, maintain detailed documentation of training data and model decisions, and submit to periodic audits by MOST. Foreign technology providers must establish a local legal representative if they serve more than 100,000 Vietnamese users. However, the law also introduces significant incentives: tax breaks for AI research and development, streamlined licensing for AI companies operating in designated innovation zones, and government-backed funding for AI startups through the National AI Development Fund. Vietnam's regulatory sandbox allows companies to test new AI products with relaxed requirements for up to 24 months. The compliance cost is expected to be moderate for large enterprises but may challenge smaller firms, prompting the government to announce subsidized compliance consulting programs for SMEs in partnership with industry associations.

Several developments will shape how Vietnam's AI governance evolves through 2026 and beyond. MOST is expected to release detailed implementing regulations and sector-specific guidelines by mid-2026, which will clarify compliance requirements for high-risk AI categories. The establishment of the National AI Committee's operational framework and enforcement mechanisms will signal how aggressively Vietnam intends to regulate. Watch for the first regulatory sandbox approvals, expected in Q3 2026, which will indicate the government's appetite for innovation-friendly implementation. Vietnam's approach to cross-border data flow requirements for AI training data — particularly how it balances data localization with international interoperability — will be closely watched by multinational companies. The country is also actively participating in ASEAN-level discussions on harmonized AI governance standards, and its domestic law may influence regional frameworks. Finally, enforcement actions after the March 2027 general compliance deadline will reveal whether Vietnam follows a collaborative or punitive regulatory approach.