Data security legalized, closing the legal gap in the digital era

In recent years, the Ministry of Public Security (MPS), the drafting agency, has proactively completed the dossier for the Cybersecurity Law 2025 Project to submit to the National Assembly. This draft adds many important regulations to build a solid legal foundation that helps Vietnam effectively respond to cybersecurity challenges, protect national security, and ensure citizens’ rights in the digital age. A strategically significant element is the legalization of data security.

The draft officially adds and defines “data security” as an important component of national cybersecurity. This is the first time data – the core element of digital transformation – is placed at the center of the cybersecurity legal framework. Data security refers to ensuring that the collection, updating, adjustment, and processing of data serve national digital transformation and the development of the digital economy.

Instead of scattered storage, agencies can access data directly from national databases or use trusted data services from qualified state agencies or businesses. This approach reduces leakage risks, optimizes operating costs, and enhances long-term data governance capacity for organizations and enterprises.

Data security tied to national digital transformation

According to Lieutenant Colonel Nguyen Dinh Do Thi, Deputy Head of Network Information Security, Department of Cybersecurity and High-Tech Crime Prevention, the draft Cybersecurity Law 2025 identifies the State’s key cybersecurity and data-security policies.

First, prioritizing cybersecurity protection in national defense, security, socio-economic development, science and technology, and foreign affairs.

Second, building a safe cyberspace that does not harm national security or social order.

Third, gathering resources on developing specialized forces, high-quality human resources, and promoting cybersecurity R&D.

Fourth, encouraging organizations and individuals to participate in risk handling and cooperate with authorities.

Fifth, prioritizing using Vietnam-made cybersecurity industrial products and services.

Sixth, strengthening international cooperation in cybersecurity.

According to Vu Ngoc Son from National Cybersecurity Association, making “data security” a core element reflects a global trend. Data is considered the “new oil” of the digital economy. When data is leaked or stolen, damage extends beyond economics and affects national security and public trust. Treating data as a strategic resource that must be protected at the highest standards is a constructive step, showing Vietnam’s modern governance mindset.

Data-related risks must be strictly controlled. Highlighting data security in the law reflects forward-thinking management in a context where data has become essential to every organization. This is a strategic, timely, and highly necessary move. It not only fills the legal gap but also demonstrates Vietnam’s vision in proactively shaping a safe and transparent cyberspace, viewing data protection as the core foundation for sustainable development in the digital era.

"One of the new points of the Draft Cyber Security Law 2025 is the emphasis on the special role and responsibility of the head of the agency, organization, or enterprise in ensuring cyber security. 

The head is not only responsible for deploying protection activities within their management scope but must also meet the requirements for knowledge and skills related to cyber security,” Son said. 

What do enterprises say about the law?

According to Tran Cong Quynh Lan, Deputy General Director of VietinBank, early compliance with the Cyber Security Law 2025 helps the bank consolidate its pioneering position in information safety, creating a competitive advantage over units that have not yet completed their monitoring and data protection procedures. This is also an opportunity for VietinBank to standardize data governance according to international standards, develop a Data Governance Framework, and create a firm foundation for future AI application and data analysis programs.

From a telecommunications-infrastructure perspective, Le Cong Trung, Head of Cybersecurity BU at MobiFone, noted that human resources remain the key to system protection. Technical teams must deeply understand core networks, devices, and protocols, be able to respond quickly to incidents, and strictly follow security discipline. According to him, “infrastructure-level cybersecurity” is the foundation for protecting national cyberspace, especially during Vietnam’s strong digital-transformation. 

MobiFone affirms continued investment in infrastructure modernization, cybersecurity services, and accompanying agencies and organizations to build a safe and trustworthy digital environment.

All speakers agreed that to effectively implement the new regulations, authorities need to promptly issue standards and technical regulations on cybersecurity. Meanwhile, enterprises must actively develop cybersecurity governance models and especially comprehensive data governance, including classification, encryption, safe storage, monitoring, and incident response. 

Thai Khang