On 15 August 2022, the Government of Vietnam (GoV) issued Decree No. 53/2022/ND-CP elaborating several articles under the Law on Cybersecurity. The long-awaited decree was first released for public opinion on 31 October 2018, shortly following the signing of the Law on Cybersecurity 2018. The Decree comprises 30 articles under six chapters covering, among others, cybersecurity protection measures; critical information infrastructure (CII) for national security; storage of data and establishment of branch offices or representative offices in Vietnam; and procedures for establishing, monitoring, and violation handling related to cybersecurity measures. The Decree will take effect from 01 October 2022.
Data localization is considered as the most important point of Decree 53. The foreign enterprises that conduct business in Vietnam such as: Telecommunications services; services of data storage and sharing in cyberspace; supply of national or international domain names to service users in Vietnam; ecommerce; online payment services; payment intermediary; services of transport connectivity via cyberspace; social networks and social media; online video games; and services of provision, management, or operation of other information in cyberspace in the forms of messages, phone calls, video calls, emails or online chat, are obliged to comply with the data localization requirements and set up a branch or a representative office in Vietnam.