Vietnam advances cybersecurity law to boost digital sovereignty and business resilience

DNHN - In a significant step towards strengthening Vietnam’s digital defenses, the National Assembly Standing Committee convened on September 23 to review the draft revised Cybersecurity Law.

At its 49th session on September 23, the National Assembly Standing Committee deliberated the revised draft of the Cybersecurity Law — a pivotal move aimed at reinforcing national security, promoting the use of domestic cybersecurity solutions, and addressing critical gaps in data protection amid Vietnam’s accelerating digital transformation.

In a significant step towards strengthening Vietnam’s digital defenses, the National Assembly Standing Committee convened on September 23 to review the draft revised Cybersecurity Law. The updated legislation aims to build a more robust legal foundation to protect national cybersecurity while also enhancing the self-reliance of Vietnamese enterprises in an increasingly complex digital landscape.

The revised draft not only retains foundational regulations but also introduces crucial updates — particularly in the realm of data protection, an issue of growing urgency in the digital age. Experts note that existing frameworks tend to focus more on how data is used and exploited rather than on securing it comprehensively from cyber threats.

A key highlight in the draft law is the provision that encourages political institutions and State-owned enterprises to prioritize the use of cybersecurity products and services developed by Vietnamese companies. This initiative is expected to foster the growth of the domestic cybersecurity industry while reducing dependence on foreign technologies. However, for this policy to succeed, businesses must significantly improve their product quality and align with national standards and security protocols.

The proposed law also outlines new responsibilities for service providers operating in cyberspace. It introduces stricter regulations on funding mechanisms for cybersecurity protection, mandating higher compliance from businesses and placing particular pressure on those lacking trained cybersecurity personnel. Notably, leaders of national-security-critical information systems will be required to pass exams and obtain cybersecurity certifications — a move aimed at improving governance and preparedness.

Despite these opportunities, the draft law also presents significant challenges. Compliance with new regulations could impose financial burdens on small and medium-sized enterprises. There are also concerns that overly broad definitions of prohibited acts could create operational hurdles for businesses if not clearly outlined.

Cybersecurity experts have expressed concern that many organizations still lack adequate technological capacity and skilled human resources to respond effectively to cyber incidents. This shortfall poses potential risks not only to business continuity but also to national security and public safety. As such, raising awareness and enhancing training in cybersecurity have become urgent priorities.

The draft legislation further addresses the protection of critical national information infrastructure and outlines clearer obligations for entities that manage sensitive data systems.

In conclusion, the Standing Committee has urged the Government to ensure the drafting body quickly incorporates expert feedback and finalizes the law. This reflects the Government’s commitment to modernizing the cybersecurity legal framework while fostering an ecosystem in which Vietnamese businesses can thrive securely in the digital age.

Anh Nguyen