Law on Data, No. 60/2024/QH15

 LAW

On Data

Pursuant to the Constitution of the Socialist Republic of Vietnam;

The National Assembly promulgates the Law on Data.

Chapter I

GENERAL PROVISIONS

Article 1. Scope of regulation

This Law prescribes digital data; the establishment, development, protection, administration, processing, and use of digital data; the National Data Center; the National Integrated Database; products and services related to digital data; the State management of digital data; and the rights, obligations, and responsibilities of relevant authorities, organizations, and individuals involved in digital data activities.

Article 2. Subjects of application

1. Vietnamese authorities, organizations, and individuals.

2. Foreign authorities, organizations, and individuals in Vietnam.

3. Foreign authorities, organizations, and individuals directly engaged in or related to digital data activities in Vietnam.

Article 3. Interpretation of terms

In this Law, the terms below are construed as follows:

1. Digital data means data on objects, phenomena, and events, including one or a combination of sound, image, digital, written, and symbolic forms presented in digital format (hereinafter referred to as data).

2. Shared data means data that is accessed, shared, utilized, and used jointly among the Party, State, Vietnam Fatherland Front, and socio-political organizations.

3. Private data means data that is accessed, shared, utilized, and used within the internal scope of the Party, State, Vietnam Fatherland Front, and socio-political organizations.

4. Open data means data that all authorities, organizations, and individuals in need can access, share, utilize, and use.

5. Source data means data created during the operation of authorities, organizations, and individuals or collected and created from digitizing original documents, materials, and other physical forms.

6. Important data means data that can impact national defense, security, diplomacy, macroeconomic stability, social stability, public health, and safety, as prescribed in the list issued by the Prime Minister.

7. Core data means important data that directly impacts national defense, security, diplomacy, macroeconomic stability, social stability, public health, and safety, as prescribed in the list issued by the Prime Minister.

8. Data processing means the process of receiving, transforming, organizing data, and other data-related activities for the operations of authorities, organizations, and individuals.

9. Database means a collection of data that is arranged and organized for access, utilization, sharing, management, and updating.

10. National Integrated Database means a database that combines data from national databases, specialized databases, and other databases.

11. Data sharing and coordination platform means the infrastructure for connecting, integrating, sharing, and coordinating data between the National Data Center and authorities, organizations, and individuals.

12. Data subject means an authority, organization, or individual that is reflected by the data.

13. Data administrator means an authority, organization, or individual that carries out the establishment, management, operation, and utilization of data as required by the data owner.

14. Data owner means an authority, organization, or individual that has the right to decide on the establishment, development, protection, administration, processing, use, and exchange of the value of the data they own.

15. Rights of the data owner regarding data are property rights in accordance with the law on civil matters.

16. Data encryption means the application of encryption methods, algorithms, or technical solutions to transform data from a recognizable format to an unrecognizable format.

17. Data decryption means the application of encryption methods, algorithms, or technical solutions to transform encrypted data from an unrecognizable format to a recognizable format.

18. Data coordination means the activity of organizing the mobilization and distribution of data, managing, monitoring, and optimizing the flow of shared data between information systems and databases.

Article 4. Application of the Law on Data

1. In cases where another law enacted before the effective date of the Law on Data contains regulations on the activities of establishing, developing, protecting, administrating, processing, and using data; products and services related to data; State management of data, and the responsibilities of relevant authorities, organizations, and individuals involved in data activities that do not contradict the principles of this Law, the regulations of such other law shall prevail.

2. In cases where another law enacted after the effective date of the Law on Data contains regulations different from those of the Law on Data, such other law shall explicitly delineate the regulations of the Law on Data which are to be observed or disregarded, as well as the regulations of such other law which are to be given effect.

Article 5. Principles for the establishment, development, protection, administration, processing, and use of data

1. Complying with the regulations of the Constitution, the regulations of this Law, and other relevant laws; ensuring human rights, citizens' rights, and other legitimate rights and interests of authorities, organizations, and individuals.

2. Ensuring publicity, transparency, and equality in accessing, utilizing, and using data in accordance with law regulations.

3. Collecting, updating, and adjusting data accurately, with inheritance; ensuring integrity, reliability, security, and safety.

4. Protecting data in line and consonance with establishing and developing data.

5. Storing, connecting, coordinating, sharing, utilizing, and using data to ensure efficiency, simplicity, and convenience for authorities, organizations, and individuals in the implementation of public services, administrative procedures, and other activities.

Article 6. Policies of the State on data

1. Data is a resource; the State has policies to mobilize all resources to enrich data and develop data into an asset.

2. Priority shall be given to the establishment and development of data in socio-economic fields for national digital transformation and digital economy development in association with ensuring national defense, security, diplomacy, and cipher.

3. Investment shall be made in the establishment and development of the National Integrated Database and the National Data Center to meet the requirements of building a digital Government, digital economy, and digital society.

4. Due attention shall be paid to training and improving capacity and qualifications of those working in the field of data; mechanisms shall be adopted to attract highly qualified personnel to establish and develop national data.

5. Domestic and foreign authorities, organizations, and individuals are encouraged and facilitated to invest in, research, and develop technology, products, services, innovation, and applications in the field of data; establish data storage and processing centers in Vietnam; and develop the data market.

6. The operations of national databases, specialized databases, and other databases managed by the Party, State, Vietnam Fatherland Front, and socio-political organizations are ensured by State resources and other legitimate sources. The State encourages domestic and foreign organizations and individuals to sponsor and support the establishment, administration, and operation of databases.

Article 7. International cooperation regarding data

1. It shall comply with Vietnamese law, treaties to which the Socialist Republic of Vietnam is a member, and international agreements on data based on equality, mutual benefit, respect for independence, sovereignty, and territorial integrity.

2. International cooperation on data includes: human resource training; scientific research, application of science and technology in the establishment, development, protection, administration, processing, and use of data; transfer of advanced technology, investment in building data center infrastructure; participation in the development of international rules and standards on data; and other activities related to cross-border data exchange.

3. The handling of requests for data provision from foreign law enforcement or judicial authorities regarding data of Vietnamese organizations and individuals shall be considered and decided by competent Vietnamese authorities.

Article 8. State management of data

1. The State management of data covers the following:

a) Formulating, enacting, and organizing the implementation of the National Data Strategy; legal documents on data; standards, technical regulations, economic-technical norms, and data quality;

b) Propagating and disseminating policies and laws on data; guiding authorities managing databases and information systems in the establishment, development, protection, administration, processing, and use of data;

c) Managing and supervising activities of establishing, developing, protecting, governing, processing, and using data, ensuring data security and safety;

d) Reporting and statistics on data; research and application of science and technology on data; products and services related to data; managing, supervising, and developing the data market;

dd) Inspecting, examining, settling complaints and denunciations, and handling law violations with respect to data;

e) Training, improving, developing human resources, and international cooperation on data.

2. Responsibilities for State management of data are prescribed as follows:

a) The Government performs the unified State management of data.

b) The Ministry of Public Security shall act as the focal point and take responsibility before the Government for performing the State management of data, except for the regulations prescribed at Point c of this Clause;

c) The Ministry of National Defense shall take responsibility before the Government for performing the State management of data under their management.

 The Minister of National Defense shall take responsibility before the Government for performing the State management of cryptographic data within the scope of management in accordance with the law on cipher;

d) Ministries, ministerial-level agencies, and Government-attached agencies, within the scope of their functions, duties, and powers, shall establish and develop databases; coordinate with the Ministry of Public Security in performing the State management of data;

dd) Provincial-level People's Committees shall establish and develop databases; perform the State management of data within their localities.

Article 9. Establishment and development of data in affiliates of the Communist Party of Vietnam, the Vietnam fatherland front, and socio-political organizations

1. The establishment, development, protection, administration, processing, and use of data in affiliates of the Communist Party of Vietnam, the Vietnam Fatherland Front, and socio-political organizations shall be decided by competent authorities.

2. Party Committees of provinces and municipalities shall carry out the establishment, development, protection, administration, processing, and use of data with respect to their duties and powers.

Article 10. Prohibited acts

1. Taking advantage of data processing, data administration, development, trading, and circulation of products and services related to data to infringe upon national interests, national defense, security, social order and safety, public interests, and the legitimate rights and interests of authorities, organizations, and individuals.

2. Obstructing or illegally preventing the process of data processing, data administration, or attacking, appropriating, or destroying databases and information systems serving the management, processing, administration, and protection of data.

3. Falsifying, intentionally distorting, losing, or damaging data in the databases of affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations.

4. Intentionally providing inaccurate data or failing to provide data in accordance with law regulations.

Chapter II
ESTABLISHMENT, DEVELOPMENT, PROTECTION, ADMINISTRATION, PROCESSING, AND USE OF DATA; NATIONAL FUND FOR DATA DEVELOPMENT

Article 11. Data collection and creation

1. Data is collected and created from the following sources: direct creation; digitization of documents, materials, and other physical forms.

Source data created has the same validity as the original documents, materials, and other physical forms that were digitized.

2. The collection and creation of data for affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations are regulated as follows:

a) Data shall be collected and created to establish databases in accordance with law regulations or decisions of competent authorities, using a uniform common code chart which is consistent with master data in the national database;

b) Data available in connected and shared databases shall not be collected again;

c) Data for the purposes of State management, national defense, security, diplomacy, cipher, implementation of administrative procedures, and provision of public services must be created and digitized in accordance with law regulations;

d) Data shall be collected from the results of administrative procedure resolution; collected from digitizing documents, materials, and other physical forms; collected via electronic means; collected directly from organizations and individuals;

dd) The conversion of digitized documents and materials into data must comply with law regulations on archives; data may only be collected from original documents, originals, or legal copies in the absence of originals; collected and created data must ensure authentication and traceability to the digitized version of documents and materials.

3. The rights and responsibilities of organizations and individuals regarding data collection and creation activities are regulated as follows:

a) They are entitled to collect and create data for their operations in accordance with law regulations;

b) They are entitled to the protection of rights as data owners in accordance with this Law, law on civil matters, and other relevant laws;

c) They are responsible for the data they collect and create in accordance with law regulations.

4. Authorities managing national databases and specialized databases shall decide on the roadmap for creating and digitizing data for digital transformation activities according to the National Data Strategy issued by the Prime Minister.

5. The Ministry of Public Security shall assume the prime responsibility for and coordinate with relevant authorities in compiling and publishing a list of data-providing authorities, a list of data provided, and common code chart for authorities, organizations, and individuals to look up and utilize.

Article 12. Data quality assurance

1. Data quality assurance means ensuring the accuracy, validity, integrity, completeness, timeliness, and consistency of data.

2. State authorities managing databases have the following responsibilities:

a) Guiding, deploying, and synchronously applying national standards, technical regulations on data quality assurance, and data quality assurance processes to be applied to databases managed by the authority;

b) Regularly inspecting, monitoring, and correcting errors; synchronizing data within the scope of the authority and coordinating with relevant authorities and organizations to regularly update, adjust, and ensure data quality in utilization and use.

Article 13. Data classification

1. State authorities must classify data based on the requirements of administration, processing, and data protection, including:

a) Classification by the nature of data sharing, including: shared data, private data, and open data;

b) Classification by the importance of data, including: core data, important data, and other data;

c) Classification by other criteria to meet the requirements of administration, processing, and data protection as decided by the data administrator.

2. Data owners and data administrators not prescribed in Clause 1 of this Article must classify data in accordance with law regulations prescribed at Point b, Clause 1 of this Article and may classify data according to other criteria.

3. The Government shall specify the criteria for determining core data and important data.

Article 14. Data storage activities

1. State authorities are responsible for organizing secure data storage.

2. Organizations and individuals not prescribed in Clause 1 of this Article who are data owners have the right to decide on the storage of data they collect, create, and own; in the case of storing core data or important data, they must comply with the regulations of Clause 3, Article 27 of this Law.

3. National databases must be stored on the infrastructure of the National Data Center.

4. Specialized databases and other databases of State authorities may be stored on the infrastructure of the National Data Center or the infrastructure of other authorities and organizations that meet the standards for data centers. For private data and data in the fields of national defense, security, diplomacy, and cipher, data storage on the infrastructure of the National Data Center shall be carried out with the consent of the data owner.

Organizations and individuals not prescribed in Clause 1 of this Article who are data owners may agree to store data on the infrastructure of the National Data Center through a service contract between that organization or individual and the organization providing data utilization services and infrastructure at the National Data Center.

5. The Government shall detail this Article.

Article 15. Data administration and management

1. Data administration includes: developing policies, plans, programs, processes, and standards on data by data owners and data administrators to manage data continuously, effectively, ensuring completeness, accuracy, integrity, consistency, standardization, security, confidentiality, and timeliness of data.

2. Data management is the implementation of data administration as prescribed in Clause 1 of this Article.

3. Data owners and data administrators that are State authorities are responsible for coordinating with the National Data Center to carry out data administration and management as prescribed in Clauses 1 and 2 of this Article.

4. Data owners and data administrators that are organizations and individuals not prescribed in Clause 3 of this Article shall, based on actual conditions, carry out data administration and management of the data they collect, create, and own.

5. The Government shall detail Clause 3 of this Article.

Article 16. Data access and retrieval

1. Data access and retrieval must comply with regulations and technical procedures for data access and retrieval; ensure security, safety, and the correct purpose.

2. State authorities must provide tools and authorize data access and retrieval to ensure security, safety, and data protection. Data owners and other data administrators are encouraged to provide data access and retrieval tools.

3. The Government shall detail this Article.

Article 17. Data connection, sharing, and coordination

1. Data owners and data administrators shall connect and share data with data users in accordance with law regulations or by agreement, either directly or through an intermediary.

2. State authorities shall coordinate data within their management scope, ensuring that shared data is secure, synchronized, and effective, serving socio-economic development, ensuring national defense, security, and diplomacy; ready to connect, share, and coordinate data for authorities, organizations, and individuals authorized to utilize data in accordance with this Law and other relevant laws.

3. The Prime Minister shall decide on the sharing of private data managed by Ministries, ministerial-level authorities, Government-attached authorities, and provincial-level People's Committees in cases of emergency, urgency in preventing and combating natural disasters, epidemics, fires, explosions, or other necessary cases to address issues arising in practice.

4. The Government shall prescribe the support for data owners not prescribed in Clause 2 of this Article when connecting and sharing data with State authorities in accordance with this Law.

Article 18. Providing data to State authorities

1. Domestic and foreign organizations and individuals are encouraged to provide data they own to State authorities.

2. Organizations and individuals must provide data to State authorities upon request from competent authorities without the consent of the data subject in the following cases:

a) Response to an emergency;

b) When there is a threat to national security but not to the extent of declaring a state of emergency;

c) Disasters;

d) Prevention and combat of riots and terrorism.

3. State authorities receiving data have the following responsibilities:

a) Using data for appropriate purposes.

b) Ensuring data security, data protection, and other legitimate interests of data subjects, organizations, and individuals providing data in accordance with law regulations.

c) Deleting data immediately when it is no longer necessary for the requested purpose and notifying the data subject, organization, or individual that provided the data.

d) Notifying the storage and use of data upon request from the organization or individual providing the data, except in cases of protecting state secrets and work secrets.

4. The Government shall detail this Article.

Article 19. Data analysis and aggregation

1. State authorities must analyze and aggregate data from data sources they create or are shared, provided, utilized, and used for leadership, direction, State management, and socio-economic development.

2. Organizations and individuals not prescribed in Clause 1 of this Article may analyze and aggregate data from data sources they are authorized to access and use.

3. Data owners and data administrators are encouraged to develop utilities, tools, and applications for data analysis and aggregation to provide to State authorities, other organizations, and individuals for socio-economic development and other activities.

Article 20. Data verification and authentication

1. Data verification is carried out by the data owner, data administrator, or an electronic authentication service provider.

Confirmed data has the value of proving the existence, time, and storage location of the data in the network environment in accordance with this Law and other relevant laws.

2. Data authentication is carried out by the data owner, data administrator that created the source data, an electronic authentication service provider, or the National Data Center. Authenticated data has a value equivalent to the source data stored in national databases, specialized databases, and other databases within a specific scope and time.

3. The Government shall detail this Article.

Article 21. Data disclosure

1. Data disclosure shall ensure accurate representation of the data from the source data and facilitate the utilization, use, and sharing by organizations and individuals.

2. The classification of data as public, conditionally public, or non-public shall be based on the information reflected by the data, in accordance with the law on access to information.

3. Forms of data disclosure include: posting data on data portals, web portals, websites, mass media, and other forms as prescribed by law.

4. State authorities shall be responsible for publishing a catalog of open data and organizing the publication of open data in accordance with the provisions of this Article to enable exploitation, use, and sharing by organizations and individuals. The timing of data disclosure for each specific field shall comply with law regulations.

5. The Government shall detail this Article.

Article 22. Data encryption and decryption

1. Data classified as state secrets must be encrypted using cryptographic codes when stored, transmitted, received, and shared on computer networks.

2. Authorities, organizations, and individuals are permitted to use one or more encryption solutions and encryption and decryption processes appropriate to their data administration and management activities.

3. Data owners and data administrators shall decide on the encryption and decryption of data.

4. Competent State authorities have the right to apply measures to decrypt data without the consent of the data owner or data administrator in the following cases:

a) Emergencies;

b) When there is a threat to national security but not to the extent of declaring a state of emergency;

c) Disasters;

d) Prevention and combat of riots and terrorism.

5. The Government shall detail Clause 2 and Clause 4 of this Article.

Article 23. Cross-border data transfer and processing

1. Authorities, organizations, and individuals are free to transfer data from abroad to Vietnam, process foreign data in Vietnam, and are protected by the State in terms of their legitimate rights and interests in accordance with law regulations.

2. Cross-border transfer and processing of core data and important data include:

a) Transferring data stored in Vietnam to data storage systems located outside the territory of the Socialist Republic of Vietnam;

b) Vietnamese authorities, organizations, and individuals transferring data to foreign organizations and individuals;

c) Vietnamese authorities, organizations, and individuals using platforms outside the territory of the Socialist Republic of Vietnam to process data.

3. The transfer and processing of data prescribed in Clauses 1 and 2 of this Article must ensure national defense, security, protect national interests, public interests, and the legitimate rights and interests of data subjects and data owners in accordance with Vietnamese law and treaties to which the Socialist Republic of Vietnam is a member.

4. The Government shall elaborate the details of this Article.

Article 24. Scientific, technological, and innovation activities in the establishment, development, protection, administration, processing, and use of data

1. Scientific, technological, and innovation activities in the establishment, development, protection, administration, processing, and use of data must be in accordance with the national data development strategy; promote internal resources in scientific, technological, and innovation activities; and comply with the principles of establishment, development, protection, administration, processing, and use of data in accordance with this Law.

2. The scientific and technological platforms in the establishment, development, protection, administration, processing, and use of data include: artificial intelligence, cloud computing, blockchain, data communication, Internet of Things, big data, and other modern technologies.

3. Focus national resources on the development and application of scientific and technological platforms in the establishment, development, protection, administration, processing, and use of data for national digital transformation, ensure national defense, security, and socio-economic development.

4. The Government shall prescribe the management, development, and controlled testing of research, application of science, technology, and innovation activities in the establishment, development, protection, administration, processing, and use of data.

Article 25. Identification and management of risks arising in data processing

1. Risks arising in data processing include: privacy risks, cybersecurity risks, identification and access management risks, and other risks in data processing.

2. State authorities must identify and establish early warning mechanisms for risks arising in data processing and develop measures to protect data.

3. Data administrators not prescribed in Clause 2 of this Article shall self-assess, identify risks, and implement measures to protect data; promptly address arising risks and notify data subjects, relevant authorities, organizations, and individuals.

4. Administrators of core data and important data must periodically conduct risk assessments for the processing activities of such data in accordance with law regulations and notify the specialized units on cybersecurity and information security under the Ministry of Public Security, the Ministry of National Defence, and relevant authorities to coordinate the implementation of data security and safety protection.

5. The Government shall detail this Article.

Article 26. Other activities in data processing

1. Data subjects have the right to request data owners and data administrators to retrieve, delete, or destroy their data that has been provided, unless otherwise provided by law. Data administrators are responsible for establishing procedures, implementing measures, and methods to retrieve, delete, or destroy data as requested by data subjects.

2. State authorities shall organize the regular and continuous adjustment and updating of data; decide to store the history of the process of combining, adjusting, updating, copying, transmitting, transferring, retrieving, deleting, and destroying data under their management.

3. Data owners and data administrators not prescribed in Clause 2 of this Article shall carry out the combination, adjustment, updating, copying, transmission, and transfer of data in accordance with this Law and other relevant laws.

4. The Government shall detail this Article.

Article 27. Data protection

1. Data protection measures are applied throughout the entire data processing process, including:

a) Developing and organizing the implementation of data protection policies and regulations;

b) Managing data processing activities;

c) Developing and deploying technical solutions;

d) Training, fostering, developing, and managing human resources;

dd) Other data protection measures as prescribed by law.

2. State authorities must protect data in the sectors and fields under their management, comply with general policies on national defense and security; establish a unified data protection system to assess data security risks, monitor, and provide early warnings.

3. Data owners and data administrators managing core data and important data must comply with data protection regulations.

4. The Government shall detail this Article.

Article 28. Data standards and technical regulations

1. Data standards include standards for information systems, hardware, software, management systems, operation, processing, data quality assurance, and data protection that are published and recognized for application in Vietnam.

2. Technical regulations on data include technical regulations for information systems, hardware, software, management systems, operation, processing, data quality assurance, and data protection that are developed, issued, and applied in Vietnam.

3. The Ministry of Public Security shall assume the prime responsibility for and coordinate with relevant authorities in issuing a list of standards and technical regulations on data, except for the list of standards and technical regulations on data in the fields of national defense and cipher.

4. Authorities managing national databases and specialized databases must develop standards and technical regulations on data according to the list issued in accordance with Clause 3 of this Article.

Article 29. The National Fund for Data Development

1. The National Fund for Data Development is an off-budget State-run financial fund, established at the central level to promote the development, utilization, application, and administration of national data.

2. The National Fund for Data Development is formed from the following financial sources:

a) Financial assistance from the State Budget;

b) Voluntary contributions from domestic and foreign organizations and individuals;

c) Other lawful financial sources in accordance with law regulations.

3. The National Fund for Data Development operates according to the following principles:

a) Not for profit;

b) Managed and used for the right purposes, in accordance with the law, promptly, effectively, ensuring publicity and transparency;

c) Supporting activities of establishment, development, protection, administration, processing, and use of data;

d) May be used for activities when the state budget allocation does not meet the requirements.

4. The Government shall prescribe the establishment, management, and use of the National Fund for Data Development.

Chapter III
ESTABLISHMENT AND DEVELOPMENT OF THE NATIONAL DATA CENTER; NATIONAL INTEGRATED DATABASE

Section 1
ESTABLISHMENT AND DEVELOPMENT OF THE NATIONAL DATA CENTER

Article 30. Infrastructure of the National Data Center

1. The infrastructure of the National Data Center is designed, built, and used to meet the following requirements:

a) Ensuring standards and technical regulations on data centers; international technical requirements; in accordance with the planning of information and communication infrastructure; ensuring protection against bombs, terrorism, and natural disasters; environmental protection; energy saving;

b) Having security and confidentiality solutions to control, detect, and prevent attacks, intrusions, and sabotage; ensuring the level of system availability, designing the system with a level of redundancy to be ready for expansion when necessary;

c) Ensuring the main information technology components of the National Data Center, including: National Integrated Database; Data Sharing and Coordination Platform; National Public Service Portal; data processing technology infrastructure and resource allocation; data analysis system for management, direction, and administration; systems and software for managing, utilizing, and providing data services, open data portal, data service portal; other platforms, software, and professional systems decided by the Government and the Prime Minister.

2. National databases must use the infrastructure of the National Data Center.

Based on needs, databases in the fields of national defense, security, diplomacy, cipher, and specialized databases, other databases may use the infrastructure of the National Data Center.

3. The Government shall detail this Article.

Article 31. Responsibilities of the National Data Center

1. Integrating, synchronizing, storing, analyzing, and utilizing data of State authorities in accordance with law regulations in order to establish and govern the National Integrated Database.

2. Managing and operating the technical infrastructure, information technology infrastructure, and data platform at the National Data Center; providing technical infrastructure and information technology infrastructure to affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations when they need to use it.

3. Organizing the operation, administration, storage, management, utilization, and coordination of data in the National Integrated Database for affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations to perform their assigned functions and tasks or as requested by data owners, data administrators, and data subjects in accordance with law regulations.

4. Monitoring the assurance of data quality and data coordination activities; developing index systems to measure and evaluate the performance of data administration activities.

5. Taking measures to protect data.

6. Conducting scientific research on data, applying technology in data processing, providing technology infrastructure, products, and services on data; supporting organizations and individuals in data processing; establishing an innovation center, supporting innovation in data science; developing innovation activities in data science; developing a startup ecosystem for innovation in science and technology based on the data of the National Integrated Database.

7. Organizing the implementation of international cooperation contents on data.

8. The Government shall detail this Article.

Article 32. Ensuring resources for the establishment and development of the National Data Center

1. The State prioritizes investment in infrastructure, facilities, land, headquarters, works, technology, ensuring the budget for the establishment and State management of data, data administration, establishment, management, and operation of the National Data Center and the National Integrated Database.

2. The operations of the National Data Center use the state budget and other legitimate funding sources.

3. The State ensures human resources for the activities of the National Data Center; has a mechanism to attract and treat high-quality human resources.

4. The National Data Center is ensured resources to carry out upgrades, maintenance, and repairs of infrastructure and equipment invested by the National Data Center.

Section 2
NATIONAL INTEGRATED DATABASE

Article 33. Development of the National Integrated Database

The National Integrated Database is established and managed centrally and uniformly by the Government at the National Data Center and meets the following requirements:

1. Complying with the standards, technical regulations, and economic-technical norms on data and relevant information technology;

2. Ensuring information security and safety, protecting personal data, facilitating the collection, updating, adjustment, utilization, and use;

3. Ensuring stable, continuous operation, connection, and sharing with national databases, specialized databases, other databases, and other information systems;

4. Ensuring the right to utilize data of authorities, organizations, and individuals in accordance with law regulations;

5. Ensuring the requirements for integration, synchronization, storage, utilization, sharing, and coordination of integrated data from databases and performing in-depth analysis of data, supporting the development of mechanisms and policies, and serving socio-economic development;

6. Serving the support and development of data products and services.

Article 34. Collection, updating, and synchronization of data into the National Integrated Database

1. Data collected, updated, and synchronized into the National Integrated Database includes:

a) Open data;

b) Shared data of State authorities;

c) Private data of State authorities as decided by the Prime Minister for the tasks of national defense, security, diplomacy, cipher, socio-economic development, digital transformation, national interests, and public interests;

d) Data of affiliates of the Communist Party of Vietnam, the Vietnam Fatherland Front, and socio-political organizations when agreed upon by the data owner;

dd) Other data provided by organizations and individuals.

2. Sources of data to be collected, updated and synchronized in the National Integrated Database include:

a) Sourced from the process of implementing administrative procedures and public services;

b) Updated, shared, and synchronized from other databases;

c) Digitized, provided, and integrated by individuals and organizations;

d) Other sources as prescribed by law.

3. The National Data Center shall coordinate with relevant authorities, organizations, and individuals to check data when collecting, updating, and synchronizing to ensure accuracy and consistency. In case the data in national databases, specialized databases, and other databases are not consistent with the data in the National Integrated Database, the National Data Center shall coordinate with relevant authorities to check, compare, and update and synchronize the data in the databases.

4. The Prime Minister shall decide on the roadmap for the establishment and development of national databases, specialized databases, and the roadmap for the implementation of data collection, updating, and synchronization into the National Integrated Database.

Article 35. Utilization and use of the National Integrated Database

1. The National Integrated Database is established for the common utilization and use to meet the operations of affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations; for the implementation of administrative procedures, public services, for the direction and administration of the Government; for statistical work, policy making, planning, strategy development for socio-economic, national defense, security, diplomacy, cipher, combating crimes, and handling law violations; for the needs of utilization, use, and application of data by organizations and individuals.

2. Data in the National Integrated Database has the value of utilization and use as source data.

3. Subjects utilizing and using data in the National Integrated Database include:

a) Affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations are entitled to utilize and use data in accordance with the functions and tasks of that authority or organization;

b) Data subjects are entitled to utilize and use data reflecting on that data subject;

c) Organizations and individuals not prescribed at Points a and b of this clause are entitled to utilize and use data as follows: freely utilize and use open data; utilize and use personal data with the consent of the National Data Center and the individual who is the data subject being utilized; utilize and use other data with the consent of the National Data Center.

4. The utilization and use of data are carried out through the following methods:

a) Connection and sharing of data between national databases, specialized databases, other databases and information systems with the National Integrated Database;

b) National Data Portal, National Public Service Portal, web portals, and information systems for handling administrative procedures;

c) Electronic identification and authentication platform;

d) National identification application;

dd) Equipment, means, and software provided by the National Data Center;

e) Other methods.

5. The Government shall detail this Article.

Article 36. Connection and sharing of data with the National Integrated Database

1. Other national databases, specialized databases, and other information systems of affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations connect to the National Integrated Database through the Data Sharing and Coordination Platform; the National Data Integration and Sharing Platform; the data integration and sharing platforms at the ministerial and provincial levels, the Internet, computer networks, and information systems.

2. The connection and sharing of data between the National Integrated Database and other databases must ensure efficiency, security, and suitability with the functions, tasks, and powers of authorities, organizations, and individuals in accordance with law regulations.

3. The connection and sharing of data between the National Integrated Database and other information systems are implemented on the basis of a written agreement between the Ministry of Public Security and the data owner.

4. The Government shall detail this Article.

Article 37. Providing data to the National Integrated Database

1. Authorities managing national databases, specialized databases, and other databases shall provide data to the National Integrated Database in accordance with law regulations prescribed in Clause 1, Article 34 of this Law.

2. The State ensures the necessary conditions to implement the receipt of data provided by authorities, organizations, and individuals.

3. The Government shall detail this Article.

Article 38. Fees for utilizing and using data in the National Integrated Database and other databases managed by State authorities

1. Affiliates of the Communist Party of Vietnam, State authorities, the Vietnam Fatherland Front, and socio-political organizations utilizing and using information in the National Integrated Database and other databases managed by State authorities are not required to pay fees.

2. Organizations and individuals utilizing and using their data in the National Integrated Database and other databases managed by State authorities are not required to pay fees.

3. Organizations and individuals not prescribed in Clauses 1 and 2 of this Article utilizing and using data in the National Integrated Database and other databases managed by State authorities must pay fees in accordance with the law on fees and charges.

Chapter IV
PRODUCTS AND SERVICES RELATED TO DATA

Article 39. Products and services related to data

1. Products and services related to data in data intermediary activities, data analysis and aggregation, electronic authentication, and data platforms shall comply with the regulations of this Law and other relevant laws.

2. Electronic authentication services shall perform data authentication in national databases, specialized databases, and electronic identification and authentication systems provided by public non-business units and state-owned enterprises that meet the conditions for providing services.

3. Organizations providing products and services for data intermediaries, data analysis and aggregation are entitled to incentives like enterprises operating in the fields of high technology, innovation, creative startups, and digital technology industry.

4. Other products and services related to data in electronic transactions, telecommunications, cybersecurity, network information security, digital technology industry, cipher, national defense industry, security, and industrial mobilization shall comply with relevant laws.

5. The Government shall detail this Article.

Article 40. Data intermediary products and services

1. Data intermediary products and services are products and services aimed at establishing a commercial relationship between data subjects, data owners, and users of products and services, through agreements for the purpose of exchanging, sharing, accessing data, and exercising the rights of data subjects, data owners, and data users.

2. Organizations providing data intermediary products and services must be registered for operation and managed in accordance with the law on investment, except for the case of providing data intermediary products and services within the organization.

3. The Government shall detail this Article.

Article 41. Data analysis and aggregation products and services

1. Data analysis and aggregation products are the result of the process of analyzing and aggregating data into useful in-depth information at different levels as required by the product user. Data analysis and aggregation services are activities of analyzing and aggregating data as required by the service user.

2. Organizations trading in data analysis and aggregation products and services that may harm national defense, national security, social order and safety, social ethics, and public health must register their operations and be managed in accordance with the law on investment.

In case of connection and sharing with national databases and specialized databases for trading in data analysis and aggregation products and services, they must be managed in accordance with law regulations.

3. The Government shall detail this Article.

Article 42. Data platforms

1. Data platform means a platform that provides resources related to data for research, development of startups, and innovation; provides products and services related to data for socio-economic development; is an environment for trading and exchanging data and products and services related to data.

2. Organizations providing data platform services are public non-business units and state-owned enterprises that meet the conditions for providing services and are licensed to be established in accordance with law regulations.

3. Data that is not allowed to be traded includes:

a) Data that harms national defense, security, diplomacy, and cipher;

b) Data that is not agreed upon by the data subject, unless otherwise provided by law;

c) Other data of which the trading is prohibited in accordance with law regulations.

4. The Government shall detail this Article.

Article 43. Responsibilities of organizations providing data intermediary products and services, data analysis and aggregation, and data platforms

1. Providing services to organizations and individuals on the basis of an agreement through a service contract.

2. Ensuring that the information receiving channel and the use of services are smooth and continuous.

3. Implementing management, inspection, and regular monitoring of data security and data confidentiality; preventing, blocking, and handling data risks; monitoring behaviors that may affect data protection.

4. Complying with law regulations on cyberinformation security, cybersecurity, and electronic transactions, and other relevant laws;

5. The Government shall detail this Article.

Chapter V
IMPLEMENTATION PROVISIONS

Article 44. Amendment and supplementation of a number of articles of relevant laws

1. To amend and supplement Appendix No. 01 on the List of Fees and Charges attached to the Law on Fees and Charges No. 97/2015/QH13, which has a number of articles amended and supplemented under Law No. 09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14, Law No. 16/2023/QH15, Law No. 20/2023/QH15, Law No. 24/2023/QH15, Law No. 33/2024/QH15 and Law No. 35/2024/QH15 as follows:

a) To add item 6 after item 5, section IV, part A as follows:

b) To add item 5 after item 4.2, section XIII, part A as follows:

2. To amend, supplement and annul a number of points, clauses, and articles of the Law No. 20/2023/QH15 on Electronic Transactions as follows:

a) To amend and supplement Point a, Clause 4, Article 42 as follows:

"a) Connection and sharing through intermediary systems including: Data Sharing and Coordination Platform of the National Data Center; National Data Integration and Sharing Platform; connection and data sharing infrastructure at the ministerial and provincial levels according to the National Digital Architecture Framework;"

b) To annul Clause 8, Article 3 and Article 41.

Article 45. Effect

This Law takes effect on July 1, 2025.

Article 46. Transitional provisions

1. Authorities managing national databases that have invested in building or hiring data infrastructure services before the effective date of this Law may continue to use the systems and equipment that they have invested in or hired until the National Data Center is able to receive and provide infrastructure for national databases in accordance with this Law.

2. The Prime Minister shall regulate the roadmap for implementing the receipt, conversion, and use of the infrastructure of the National Data Center for national databases as prescribed in Clause 1 of this Article.

^{____________________________________________________________________________________________}

This Law was passed on November 30, 2024, by the 15^th National Assembly of the Socialist Republic of Vietnam at its 8^th session.