Decree 278/2025/ND-CP mandatory data connection and sharing among agencies within the political system

DECREE

Prescribing mandatory data connection and sharing among agencies within the political system^[1]

Pursuant to Law No. 63/2025/QH15 on Organization of the Government;

Pursuant to Law No. 60/2024/QH15 on Data;

Pursuant to Law No. 20/2023/QH15 on E-Transactions;

At the proposal of the Minister of Public Security;

The Government promulgates the Decree prescribing mandatory data connection and sharing among agencies within the political system.

Chapter I

GENERAL PROVISIONS

Article 1. Scope of regulation

This Decree prescribes mandatory data connection and sharing among agencies within the political system from the central to local levels; the National Data Architecture Framework; the National Data Governance and Management Framework and the Shared Data Dictionary.

Article 2. Subjects of application

This Decree applies to ministries, ministerial-level agencies, government-attached agencies, central bodies of political organizations, the Supreme People’s Procuracy, the Supreme People’s Court, the State Audit Office of Vietnam, the Office of the President, the Office of the National Assembly, central bodies of the Vietnam Fatherland Front,  and People’s Committees at all levels (below collectively referred to as ministries, central agencies and localities), and agencies, organizations and individuals directly involved in or related to the connection and sharing of data between databases and the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary.

Article 3. Interpretation of terms

1. Data auditing means the process of systematically, independently and objectively evaluating data and data management/exploitation activities to ensure the completeness, accuracy, timeliness, legality, confidentiality and traceability of data throughout the data life cycle, ensuring compliance with the National Data Architecture Framework, the Data Governance and Management Framework, and the Shared Data Dictionary.

2. Shared Data Dictionary means a system of documents and technical tools providing unified definitions of names, descriptions, formats, units of measurement, links and usage of data fields commonly used among agencies and organizations within the political system to ensure effective data connection, interconnection and sharing.

3. National master data means master data that is connected, shared, exploited and shared-used in agencies of the Party, the State, the Vietnam Fatherland Front and socio-political organizations.

4. Specialized master data means master data that is connected, shared, exploited and used within an agency of the Party, the State, the Vietnam Fatherland Front or a socio-political organization.

5. Mandatory data connection and sharing means the establishment of a compulsory technical connection between information systems and databases within the political system to share, exploit and use data as authorized according to regulations without relying on private agreements between agencies or organizations.

6. Data key means specific data points that help accurately identify a specific object and standardize de-duplication mechanisms; are standardized in format, encrypted, described and classified in a uniform manner; are scalable, integrable and interconnectable; and are periodically updated and subject to quality control according to the master data governance process.

Article 4. General principles

1. Data connection and sharing shall be performed in a timely and complete manner for the proper purposes, ensuring safety, confidentiality and compliance with functions, tasks and powers, effectively serving the provision of public services, governance, administration and the exploitation of the value of data.

2. All mandatory data connection and sharing activities shall be conducted through the data sharing and coordination platform for monitoring, tracing and performance evaluation.

3. Data sharing shall be conducted according to the list of mandatory databases, the list of mandatory data, and technical standards and mechanisms prescribed by competent agencies, ensuring uniformity, efficiency and safety throughout the entire system.

4. Data connection and sharing must fully comply with the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary.

5. Database-managing agencies shall disclose information about the data they manage, including data descriptions, data scope, data quality, the managing agency and conditions for accessing data in the cyber environment.

6. The sharing of data between state agencies must neither affect the rights and responsibilities of related organizations and individuals nor infringe upon the right to privacy, personal secrets or family secrets, except otherwise prescribed by law.

7. Data that is connected and shared must be updated and accurate as prescribed by law.

8. The connection and sharing of other data among agencies within the political system shall be conducted in accordance with the laws on personal data protection, and e-transactions.

Chapter II

MANDATORY DATA CONNECTION AND SHARING AMONG AGENCIES WITHIN THE POLITICAL SYSTEM AND ASSURANCE OF READINESS FOR DATA CONNECTION AND SHARING

Article 5. National master data

1. The integration, synchronicity and use of national master data are mandatory for agencies and organizations within the political system when establishing, updating or operating databases and information systems.

2. The source of national master data shall be established or initiated in adherence to the principle of a “single source of truth.” A single piece of data has only one single source of trust.

3. Master data shall be established or initiated from a set of data keys. The Minister of Public Security shall announce the list of national master data on the Shared Data Dictionary system after reaching consensus with agencies within the political system.

4. The Ministry of Public Security shall grant master data keys and compile, manage, operate and update the list of national master data, ensuring accuracy, consistency and technical interconnection.

Article 6. Specialized master data

1. Ministries and central agencies shall identify, announce and update their sets of specialized master data and integrate them into the Shared Data Dictionary system.

2. Specialized master data must comply with the principles prescribed in Clause 4, Article 5 of this Decree and ensure scalability, integration, interconnection and retrieval with national master data.

3. The Ministry of Public Security shall provide technical guidance, and inspect and supervise the compilation, updating and use of specialized master data to ensure consistency and the ability to integrate and retrieve data in the entire system.

Article 7. Methods of mandatory data connection, sharing, exploitation and use

1. Mandatory data connection and sharing between databases shall be conducted in a consistent and synchronous manner and in conformity with the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary.

2. Methods of mandatory data connection and sharing:

a/ The information system of the data-using/exploiting agency shall be connected to that of the data-sharing agency to query data through the Data Sharing and Coordination Platform. The Data Sharing and Coordination Platform shall perform authentication and authorize data exchange between the two parties (on-demand data sharing and connection);

b/ The information system of the data-sharing agency shall synchronize part or the whole of its data to the information system of the data-using/exploiting agency through the Data Sharing and Coordination Platform;

c/ The information system of the data-sharing agency shall synchronize data to the National Synthetic Database through the Data Sharing and Coordination Platform to facilitate coordination for the data-using/exploiting agency;

d/ Shared data shall be packaged and stored on information storage media.

3. An agent node is a component of the Data Sharing and Coordination Platform that has the function of ensuring connection points security serving the exchange and sharing of data between databases and information systems, specifically as follows:

a/ Ministries, central agencies and localities shall connect directly to the Data Sharing and Coordination Platform through the agent nodes installed at the ministries, central agencies or localities;

b/ Data sharing platforms at ministries, central agencies or localities shall be connected directly to the Data Sharing and Coordination Platform through the agent nodes installed at the ministries, central agencies or localities;

c/ Other data connection and sharing forms and databases of ministries, sectors and localities shall be connected directly to the Data Sharing and Coordination Platform through the agent nodes installed at the ministries, sectors and localities;

d/ Agent nodes connected with the Data Sharing and Coordination Platform that are located at ministries, sectors and localities shall be established, configured and installed by the National Data Center.

Article 8. List of databases subject to mandatary connection and sharing

1. National databases that are subject to compulsory connection, synchronization, sharing and exploitation of data within the political system must comply with the law on data, the law on personal data protection and other relevant laws.

2. National databases and key specialized databases prioritized for deployment as provided in Appendix I to this Decree are subject to mandatory connection, synchronization and sharing to serve the exploitation and use of shared-use data.

3. Databases of agencies within the political system that are subject to mandatory connection and sharing are provided in Appendix II to this Decree.

4. The Ministry of Public Security shall update, adjust and supplement database connection and sharing results to the Shared Data Dictionary system.

Article 9. Data subject to mandatory connection and sharing for exploitation and use

1. All master data and shared-use data of databases of ministries, central agencies and localities as well as other data prescribed in Clause 1, Article 34 of the Law on Data shall be connected, shared and synchronized with the National Synthetic Database for sharing to ministries, central agencies and localities under the Ministry of Public Security’s coordination through the Data Sharing and Coordination Platform.

2. Data serving the settlement of administrative procedures, provision of public services, and direction and governance activities of ministries, central agencies and localities shall be connected, shared and synchronized with the National Synthetic Database for sharing to ministries, central agencies and localities under the Ministry of Public Security’s coordination through the Data Sharing and Coordination Platform.

3. The connection and sharing of data categorized as state secrets must comply with the law on protection of state secrets and the law on cipher.

Article 10. Assurance of infrastructure for data connection and sharing

1. The Data Sharing and Coordination Platform shall coordinate, integrate and control data flows between information systems within the political system in the digital environment, ensuring uniform, uninterrupted, safe and effective connection.

2. The connection and sharing of data on the list of data subject to mandatory connection and sharing shall be carried out through the Data Sharing and Coordination Platform, except cases of direct connection between two agencies, which requires reaching consensus with the Ministry of Public Security.

3. The connection and sharing of data must comply with the laws on data, personal data protection, cyberinformation security, and cybersecurity, and the following provisions:

a/ Entities managing the information systems participating in the connection, sharing, exploitation and use of data shall ensure information security when data is managed, stored, processed and transmitted in their systems;

b/ Data-exploiting agencies shall ensure information security when connecting and receiving shared data according to the regulations of data-providing agencies and other regulations.

Article 11. Data connected and shared between Vietnam and foreign countries or international partners

1. Data connected and shared between Vietnam and foreign countries or international partners include data of a transnational nature, serving state management requirements, implementation of treaties, bilateral/multilateral cooperation agreements and sustainable development goals.

2. Cross-border data sharing must adhere to the following principles:

a/ To comply with the laws on data, cyberinformation security, and safeguarding of national sovereignty;

b/ To assure the control of access, authorization of use rights, logging and confidentiality throughout the sharing process.

3. Ministries, central agencies and localities shall, when conducting cross-border data connection and sharing, update the results on the Shared Data Dictionary system; the transfer and processing of core data and important data must comply with the law on data.

Article 12. Connection and sharing of data within ministries, central agencies and localities

1. The heads of ministries, central agencies and localities shall direct the management, connection and sharing of data within the scope of their management according to the guidance of the Ministry of Public Security, ensuring conformity and compliance with the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary.

2. Specialized digital transformation and information technology units of ministries, central agencies and localities shall:

a/ Guide the management, connection and sharing of data within the scope of their management;

b/ Monitor, urge, evaluate and examine data connection and sharing among their agencies and units; assist their heads in settlement of difficulties and obstacles related to data management, connection and sharing;

c/ Report results on the system of state management of data established by the Ministry of Public Security.

Article 13. Monitoring of data processing activities

1. Principles of monitoring data processing activities:

a/ Mandatory connection and sharing of data among agencies within the political system are subject to constant and public monitoring and must be traceable;

b/ The monitoring shall be conducted through technical systems and management mechanisms prescribed by competent state agencies;

c/ The handling of violations shall be carried out in an objective and transparent manner by competent authorities and in commensurate with the nature and extent of the violations.

2. The Ministry of Public Security shall assume the prime responsibility for, and coordinate with relevant agencies in, examining and evaluating the compliance with connection standards and technical standards, assurance of information security, the progress of connection, sharing, exploitation and use of data subject to mandatory connection and sharing, and compliance with regulations on cybersecurity, information security, and the laws on data and personal data protection; and in operating the technical system for monitoring data connection and sharing, except the case prescribed in Clause 3 of this Article.

3. Agencies of the Party, the National Assembly, the Vietnam Fatherland Front and the Ministry of National Defense shall monitor data connection and sharing activities within the ambit of their assigned functions and tasks or coordinate with the Ministry of Public Security in monitoring.

4. Results of evaluation of data connection and sharing levels between databases serve as a basis for ranking the level of completion of tasks concerning digital transformation, administrative reform and digital government building of each agency and publicized and updated periodically on the National Data Portal and sent to related agencies.

Article 14. Data auditing

1. Data auditing shall be conducted to detect distortions, duplications or shortages or technical errors in data; evaluate the level of compliance with laws, technical standards and the National Data Architecture Framework; and formulate plans to process data, improve data quality and enhance data governance efficiency.

2. Data auditing includes checking the completeness, accuracy and timeliness of data; evaluating the ability to share, interconnect and reuse data; checking the compliance with technical standards/technical regulations and current laws; and evaluating data access control, protection and backup processes.

3. All data governance activities specified in the National Data Governance and Management Framework are subject to data auditing by competent agencies.

4. The Ministry of Public Security is the agency in charge of conducting periodical and ad-hoc data auditing for data of ministries, central agencies and localities, except those managed by the Ministry of National Defense.

5. Data auditing results constitute one of the criteria for evaluating the data maturity and data governance efficiency of each agency or organization, covering compliance audit, data quality audit, and data governance capacity audit results.

Article 15. Database ranking

1. The ranking of databases shall be conducted every year.

2. Criteria for database ranking include:

a/ Ratio of data on the list of data subject to mandatory connection and sharing that has been connected and shared in accordance with regulations and on schedule;

b/ Degree of internal data use and sharing of data with authorized third parties;

c/ Ratio of public services utilizing shared data and the degree of data automation and reuse;

d/ Data quality (completeness, accuracy, updating and standardization according to the Shared Data Dictionary);

dd/ Level of compliance with technical standards, information security, personal data protection and data rights;

e/ Technical operation efficiency and the capacity for automated monitoring and warning of data sharing activities;

g/ Data auditing results;

h/ Value of exploited and used data.

3. Databases shall be classified into the following three grades:

a/ Grade A (Excellent): meeting all criteria and exceeding evaluation indicators;

b/ Grade B (Satisfactory): meeting all criteria and fulfilling evaluation indicators;

c/ Grade C (Unsatisfactory): failing to meet criteria or failing to fulfill evaluation indicators.

4. Ranking results constitute one of the criteria for adjusting public investment plans, the state budget and technical assistance programs, and serve the inspection, examination, supervision and provision of guidance on the implementation of data-related tasks according to assigned functions and tasks.

5. The ranking levels specified in Clause 3 of this Article shall be taken into account when considering and evaluating the performance of tasks and emulation and commendation achievements for collectives and individuals of relevant agencies and units.

6. The Ministry of Public Security shall develop and issue the set of indicators for ranking data connection and sharing; organize independent evaluation or coordinate with relevant functional agencies to evaluate data connection and sharing and announce annual evaluation and ranking results on the National Data Portal for the databases specified in Appendices I and II to this Decree.

7. Ministries, central agencies and localities shall evaluate data connection and sharing based on the set of indicators issued by the Ministry of Public Security and announce the ranking results of databases within the scope of their management, except those specified in Clause 6 of this Article.

Article 16. Expenses for data sharing and use

1. The sharing of data between databases of ministries, central agencies and localities to serve state management, supervision, direction and administration, administrative reform and the provision of public services is not liable to fees in any forms, unless otherwise provided by law.

2. In case of sharing data to serve commercial purposes or the exploitation of added value, data-managing agencies may propose financial plans for data exploitation in accordance with law.

Chapter III

THE NATIONAL DATA ARCHITECTURE FRAMEWORK, NATIONAL DATA GOVERNANCE AND MANAGEMENT FRAMEWORK AND THE SHARED DATA DICTIONARY

Article 17. The National Data Architecture Framework

1. The National Data Architecture Framework is a system setting overall orientations on the structure and layering of, technical standards on, and models of, data sharing between national, specialized and local databases and information systems of agencies within the political system.

2. The National Data Architecture Framework must ensure that the connection, sharing, exploitation and use of data are carried out in a synchronous, consistent and non-redundant manner; support effective integration between layers of core data, specialized data and open data; and ensure scalability, technical compatibility, and data safety and confidentiality during the sharing process.

3. The National Data Architecture Framework includes:

a/ The overall architecture of the foundation data layer, comprising master data, layered data, linked data, analytical data and open data;

b/ Modeling data layers based on their functions: storing, sharing, exploiting and analyzing data to serve direction and administration activities and provision of public services;

c/ Identifying data sharing and coordination platforms and data connection between information systems and databases of ministries, central agencies and localities with the National Data Center.

4. The National Data Architecture Framework must adhere to the principle of consistency from central to local levels, ensuring that data is exploited and used under a unified, synchronous and consistent framework among agencies within the political system.

Article 18. The National Data Governance and Management Framework

1. The National Data Governance and Management Framework is a system of principles, mechanisms, processes and organizational structures to ensure that the collection, storage, connection, sharing, exploitation, opening and protection of national data are performed in a uniform and effective manner.

2. The National Data Governance and Management Framework includes:

a/ Assignment of responsibilities among entities within the political system;

b/ Data life cycle management processes;

c/ Mechanisms for data coordination and sharing, and authorization of data exploitation;

d/ A system of technical standards and data confidentiality, safety and protection;

dd/ Models for inspection, supervision, auditing and evaluation of data efficiency, safety and quality.

3. The National Data Governance and Management Framework provides models of data governance and management layering and classification; specialized units for data governance and management according to the layering and classification model; and compliance regulations and processes to ensure data is unified and interconnected among ministries, central agencies and localities.

Article 19. The Shared Data Dictionary

1. The Shared Data Dictionary comprises a set of definitions, data structures, semantic models and data standardization rules.

2. The Shared Data Dictionary system shall be established and updated for use as a technical basis for different information systems and databases to interconnect, share and use data synchronously; standardize administrative information, identifiers, and catalogs of specialized data and shared-use data; and support data quality control and prevent semantic conflicts and data redundancy during connection.

3. The Shared Data Dictionary provides the overall model of the dictionary system, core and sector-specific data vocabularies and data system modeling to ensure connection and sharing between systems and databases and international data integration.

Chapter IV

ORGANIZATION OF IMPLEMENTATION

Article 20. Responsibilities of the Ministry of Public Security

1. To guide mandatory data connection and sharing to ensure compliance with the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary.

2. To coordinate activities of data management, connection, sharing, exploitation and protection throughout the political system, ensuring synchronicity, efficiency, non-redundancy and compliance with law.

3. To supervise, examine and handle violations in case of failure to implement or delay data connection and sharing as prescribed by law.

4. To assume the prime responsibility for examining and evaluating mandatory data connection, sharing, exploitation and use as well as the law on data connection and sharing; to operate the technical system for monitoring data connection and sharing.

5. To organize preliminary and final reviews and annual evaluation of the results of data connection, sharing, exploitation and use; to propose commendations for collectives and individuals with outstanding achievements or handle violations.

Article 21. Responsibilities of ministries, central agencies and localities

1. To assume the prime responsibility for, and coordinate with the Ministry of Public Security in, promulgating specialized master data lists, open data lists and shared data lists (from the initial design stage), data strategies and digital transformation strategies within the scope of their management, detailed data governance and management framework and technical processes for data access, retrieval and storage.

2. To review, build and improve databases under their management as prescribed in Appendix II to this Decree.

3. To conduct data connection and sharing with the Ministry of Public Security and related information systems in accordance with law, the guidance of this Decree and relevant laws.

4. To direct subordinate units to synchronously implement, ensuring the schedule and quality of data connection, sharing, exploitation and use.

5. To review the current status of databases and public services they manage or provide and of existing information systems so as to coordinate with the National Data Center for unified implementation.

6. To perform data standardization and clean and restructure the processes of providing public services and connecting and exploiting data in association with the needs of units.

7. Entities managing information systems participating in the process of data connection, sharing, exploitation and use shall ensure information security and cybersecurity before and during the process of data connection and sharing.

8. To conduct preliminary and final reviews of the connection and sharing of data between databases under their management and update the results through the Shared Data Dictionary system for the Ministry of Public Security to synthesize.

Article 22. Responsibilities of the National Data Center

1. To establish, manage and operate the Data Sharing and Coordination Platform; to provide technical support to ministries, central agencies and localities in carrying out mandatory data connection and sharing.

2. To assume the prime responsibility for formulating and submitting the National Data Architecture Framework, the National Data Governance and Management Framework, and the Shared Data Dictionary to competent authorities for promulgation, amendment, supplementation and updating. To build a system to manage the National Data Architecture Framework, the National Data Governance and Management Framework, and the Shared Data Dictionary. To guide agencies in implementation in an appropriate manner according to levels and sectors.

3. To coordinate with data-managing agencies to perform standardization, integration and interconnection and ensure mandatory data connection and sharing within the political system.

4. To provide technical guidance on connection and periodically monitor and examine data connection and sharing; to regularly and periodically update and upgrade agent nodes and the Data Sharing and Coordination Platform system to ensure information security and optimization during data exploitation.

5. To assume the prime responsibility for, and coordinate with relevant agencies in, examining and evaluating the compliance with connection standards, technical standards, and requirements on information security and progress of mandatory data connection, sharing, exploitation and use, and with regulations on cybersecurity and information security and the law on data by units conducting data connection directly   through the Data Sharing and Coordination Platform; to operate the technical system for monitoring of data connection and sharing.

To propose measures for handling cases of failure to fulfil or failure to fully fulfill data connection and sharing obligations.

6. To advise leaders of the Ministry of Public Security on developing and issuing a set of indicators for data connection and sharing ranking; to organize independent evaluation or coordinate with relevant functional agencies in evaluating data connection and sharing and announce annual results on the National Data Portal.

Chapter V

IMPLEMENTATION PROVISIONS

Article 23. Effect

1. This Decree takes effect on the date of its signing.

2. The Government’s Decree No. 47/2020/ND-CP of April 9, 2020, on the management, connection and sharing of digital data of state agencies, ceases to be effective on the effective date of this Decree.

3. To amend Clauses 1 and 2, Article 14 of the Government’s Decree No. 165/2025/ND-CP of June 30, 2025, detailing a number of articles of, and providing measures to implement, the Law on Data, as follows:

“1. The Prime Minister shall issue the National Data Governance and Management Framework for general application by state agencies connecting and sharing data to the National Data Center.

2. Agencies managing databases that connect and share data with the National Data Center shall build detailed data governance and management frameworks applicable to the databases they manage, ensuring consistency with the National Data Governance and Management Framework.”

Article 24. Transitional provisions

1. Ministries, central agencies and localities shall perform data standardization and issue specialized master data lists, open data lists and shared-use data lists based on the National Data Architecture Framework, the National Data Governance and Management Framework and the Shared Data Dictionary for databases provided in Appendix I to this Decree before December 31, 2025.

2. For databases and information systems already standardized according to this Decree, data connection and sharing shall be conducted through the Data Sharing and Coordination Platform. For the remaining databases and information systems, standardization under this Decree shall be completed before December 31, 2026.

3. By December 31, 2026, mandatory data connection and sharing among agencies within the political system shall be conducted in a uniform manner through the Data Sharing and Coordination Platform.

Article 25. Implementation responsibility

1. The Minister of Public Security shall guide, inspect and urge the implementation of this Decree.

2. Ministers, heads of ministerial-level agencies, heads of government-attached agencies and chairpersons of provincial-level People’s Committees shall, within the ambit of their functions and powers, guide and implement this Decree.-

On behalf of the Government
For the Prime Minister
Deputy Prime Minister
NGUYEN CHI DUNG

* The Appendices to this Decree are not translated.