light-check Regulations in details on requirements of cybersecurity

Decree No. 53/2022/NĐ-CP dated August 15th, 2022 of the Government on elaborating a number of Articles of the Law on Cybersecurity of Vietnam
Posted: 18/8/2022 7:32:54 AM | Latest updated: 31/8/2022 10:02:43 AM (GMT+7) | LuatVietnam: 5521 | Vietlaw: 576

This Decree regulates in details the Law on Cybersecurity of Vietnam pertaining to

1. Measures to protect cybersecurity; appraise cybersecurity; assess cybersecurity criteria; test cybersecurity; supervise cybersecurity; respond to and remedy cybersecurity incidents; use codes to protect cyber information security; request the removal of illegal information or false information;

2. Procedures for appraisal, assessment, inspection, supervision, response, and remedy to cybersecurity incidents regarding major national security information systems.

3. Cybersecurity criteria for major national security information systems.

4. Contents of the implementation of cybersecurity protection activities in state agencies.

5. Procedures for cybersecurity testing regarding information systems of agencies, organizations, and individuals

6. The storage of data and establishment of branches or representative offices in Vietnam with regard to foreign enterprises

7. The assignment and cooperation in implementing measures to protect cybersecurity, and prevent and handle acts of infringing on cybersecurity in case of state management contents are related to the management scope of many Ministries and central authorities.

Notably, according to Article 26 of this Decree, enterprises conducting business in Vietnam must store personal information of service users, including: account names, service use time, information on credit cards, emails, IP addresses of the last login or logout session, and registered phone numbers in association with accounts or data; data on relationships of service users in Vietnam: friends and groups such users have connected or interacted with, etc.

Foreign enterprises conducting business in Vietnam in one of the following fields are also required to store data according to the aforesaid regulations: telecommunications services; storage and sharing of data in cyberspace; provision of national or international domain names for service users in Vietnam; e-commerce; online payment; payment intermediaries; services of connection and transportation in cyberspace; social media and social communication; online games; services of provision, management, or operation other information in cyberspace in forms of messages, calls, video calls, emails, online chatting.

In addition, foreign enterprises may be required to establish branches or representative offices in Vietnam by the Department of Cyber Security for cooperation in investigation, handling of violations of laws on cybersecurity in case services provided by such foreign enterprises are used for violations of laws

This Decree takes effect from October 1st, 2022.


Related documents

Not found

Penalty document



Effective date 1-Oct-2022
Expired date Unknown
Published Vietlaw's Newsletter No. 576

Files attachment

enflag pdficon ND53-15082022CP[EN].pdf


No data

Information Technology

light-check Regulations in details on requirements of cybersecurity
blue-check Addition of cyberinformation security products imported under license
blue-check List of information technology products subject to certification of conformity
blue-check Regarding development of digitalization and cashless payment in schools, hospitals
blue-check Plan for development of personnel for national digital transformation by 2025
blue-check Digitalizaiton program in vocational education
blue-check Guidelines on recognition of and fighting spam messages, spam emails, and spam calls
blue-check New List of key information technology products
blue-check Basic technical requirements of SOAR products
blue-check Explanation for acts of infiltrating another person's computer network
blue-check Regarding organization of cybersecurity management drills
blue-check Cybersecurity requirements for consumer Internet of Things (CIoT)
blue-check It is required to withhold 10% withholding tax upon hiring customer data management services from foreign organizations
blue-check Criteria for determining IT projects given investment or procurement priority
blue-check Processing of IT products banned from import must be licensed by the Ministry of Information and Communications
blue-check Regarding withholding tax on cloud computing services
blue-check Approval of "Scheme for creation of digital transformation indexes"
blue-check Regulation on use of e-mail and website in public education facilities
blue-check Standards mandatory or recommended to be applied to information and communications products for the disabled