Law on Data, No. 60/2024/QH15

LAW

On Data^[1]

Pursuant to the Constitution of the Socialist Republic of Vietnam;

The National Assembly promulgates the Law on Data.

Chapter I

GENERAL PROVISIONS

Article 1. Scope of regulation

This Law provides digital data; building, development, protection, administration, processing and use of digital data; the National Data Center; the National Synthetic Database; digital data products and services; state management of digital data; and rights, obligations and responsibilities of agencies, organizations and individuals related to activities concerning digital data.

Article 2. Subjects of application

1. Vietnamese agencies, organizations and individuals.

2. Foreign agencies, organizations and individuals in Vietnam.

3. Foreign agencies, organizations and individuals directly engaged in, or related to, activities concerning digital data in Vietnam.

Article 3. Interpretation of terms

In this Law, the terms below are construed as follows:

1. Digital data means data about objects, phenomena and events that are expressed in the form of sound, image, numeral, script or sign or in a combination of these forms and stored in the digital format (below referred to as data).

2. Shared data means data that are accessed, shared, exploited and available for shared use among Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations.

3. Private data means data that are accessed, shared, exploited and used internally within Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations.

4. Open data means data that all agencies, organizations and individuals in need can access, share, exploit and use.

5. Original data means data that are created during the operation of agencies, organizations and individuals or is collected and created by digitizing original documents, papers and other forms of material.

6. Important data means data that are likely to impact national defense, security, external relations, the macro-economy, social stability, and community well-being and safety and are included in a list issued by the Prime Minister.

7. Core data means important data that directly impact national defense, security, external relations, the macro-economy, social stability, and community well-being and safety and are included in a list issued by the Prime Minister.

8. Data processing means the process of receiving, converting and organizing data and other activities related to data to serve the operation of agencies, organizations and individuals.

9. Database means a collection of data that are arranged and organized for the purpose of access, exploitation, sharing, management and updating.

10. National Synthetic Database means a database that is synthesized from national databases, specialized databases and other databases.

11. Data Sharing and Coordination Platform means an infrastructure that connects, integrates, shares and coordinates data between the National Data Center and agencies, organizations and individuals.

12. Data subject means an agency, organization or individual that is reflected by the data.

13. Data administrator means an agency, organization or individual that carries out the building, management, operation and exploitation of data at the request of the data owner.

14. Data owner means an agency, organization or individual that has the right to decide on the building, development, protection, administration, processing, use and exchange of the value of, the data under its/his/her ownership.

15. Data owner’s rights to data means the property rights as provided by the civil law.

16. Data encryption means the application of encryption methods and algorithms or technical solutions to convert data from a recognizable format to an unrecognizable format.

17. Data decryption means the application of encryption methods and algorithms or technical solutions to convert encrypted data from an unrecognizable format to a recognizable format.

18. Data coordination means activities of mobilizing and distributing data, and managing, monitoring and optimizing the flow of data shared between information systems and databases.

Article 4. Application of the Law on Data

1. In case another law that is promulgated before the effective date of the Law on Data has provisions on building, development, protection, administration, processing and use of data; data products and services; state management of data, and responsibilities of agencies, organizations and individuals related to activities concerning data that are not contrary to the principles of this Law, the provisions of that law shall prevail.

2. In case another law that is promulgated after the effective date of the Law on Data has provisions different from those of the Law on Data, it is required to specifically determine the issues to which provisions of the Law on Data shall apply or not apply and the issues to which the provisions of that law shall apply.

Article 5. Principles of building, development, protection, administration, processing and use of data

1. To abide by the Constitution, this Law and other relevant laws; to guarantee human rights, civil rights, and other lawful rights and interests of agencies, organizations and individuals.

2. To ensure publicity, transparency and equality in access, exploitation and use of data in accordance with law.

3. To collect, update and adjust data, ensuring accuracy and inheritability; to ensure integrity, reliability, security and safety.

4. To carry out data protection in synchrony and closed combination with data building and development.

5. To store, connect, coordinate, share, exploit and use data, ensuring efficiency, simplicity and convenience for agencies, organizations and individuals in performing public services, administrative procedures and other activities.

Article 6. The State’s policies on data

1. Data constitute a resource; the State shall adopt policies to mobilize all resources to enrich data and develop data into assets.

2. To prioritize the building and development of data in socio-economic fields to serve national digital transformation and develop the digital economy in association with ensuring national defense, security, external relations, and cryptographical work.

3. To invest in the building and development of the National Synthetic Database and the National Data Center to meet the requirements of building the digital government, digital economy and digital society.

4. To focus on training and further training to improve capacity and qualifications of persons performing data-related work; to adopt mechanisms to attract highly qualified human resources to build and develop national data.

5. To encourage and create conditions for agencies, organizations and individuals at home and abroad to make investment in, research and develop, technologies, products, services, innovation activities and applications in the field of data; to build data storage and processing centers in Vietnam; to develop the data market.

6. Funds for operation of national databases, specialized databases and other databases managed by Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations shall be covered by the State’s resources and other lawful sources. The State shall encourage domestic and foreign organizations and individuals to provide donations and support for the building, administration and operation of databases.

Article 7. International cooperation on data

1. To comply with Vietnam’s laws, treaties to which the Socialist Republic of Vietnam is a contracting party and international agreements on data on the basis of ensuring equality, mutual benefit, and respect for independence, sovereignty and territorial integrity.

2. International cooperation on data covers: human resource training; scientific research and application of science and technology in building, development, protection, administration, processing and use of data; transfer of advanced technologies and investment in building infrastructure of data centers; participation in formulation of international rules and standards on data, and other activities regarding cross-border data exchange.

3. The settlement of requests for data provision by foreign law enforcement or justice agencies concerning data of Vietnamese organizations and individuals shall be considered and decided by competent agencies of Vietnam.

Article 8. State management of data

1. Contents of state management of data:

a/ Formulating, promulgating, and organizing the implementation of, the National Data Strategy; legal documents on data; and standards, technical regulations, and techno-economic norms on data quality;

b/ Disseminating policies and laws on data; guiding agencies managing databases and information systems in building, developing, protecting, administering, processing and using data;

c/ Managing and supervising activities of building, developing, protecting, administering, processing and using data, ensuring data security and safety;

d/ Making reports and statistics on data; researching and applying science and technology on data; data products and services; managing, supervising and developing the data market;

dd/ Inspecting, examining, resolving complaints and denunciations, and handling violations of the law on data;

e/ Training, further training and developing human resources and conducting international cooperation on data.

2. Responsibilities for state management of data:

a/ The Government shall perform the unified state management of data;

b/ The Ministry of Public Security shall act as the focal-point agency responsible to the Government for performing the state management of data, except the case specified at Point c of this Clause;

c/ The Ministry of National Defense shall be held responsible to the Government for performing the state management of data within its scope of management.

The Minister of National Defense shall be held responsible to the Government for performing the state management of cryptographic data within the scope of his/her management in accordance with the law on cryptography;

d/ Ministries, ministerial-level agencies and government-attached agencies shall, within the ambit of their functions, tasks and powers, build and develop databases; and coordinate with the Ministry of Public Security in performing the state management of data;

dd/ Provincial-level People’s Committees shall build and develop databases; and perform the state management of data in their localities.

Article 9. Building and development of data in Party agencies, Vietnam Fatherland Front Committees and socio-political organizations

1. The building, development, protection, administration, processing and use of data in Party agencies, Vietnam Fatherland Front Committees and socio-political organizations shall be decided by competent authorities.

2. Provincial-level Party Committees shall build, develop, protect, administer, process and use data according to their tasks and powers.

Article 10. Prohibited acts

1. Taking advantage of data processing, data administration, and development, trading and circulation of data products and services to infringe upon national interests, national defense, security, social order and safety, public interests, and the lawful rights and interests of agencies, organizations, and individuals.

2. Illegally obstructing or preventing the process of data processing or data administration, or attacking, appropriating or destroying databases and information systems serving the management, processing, administration and protection of data.

3. Forging, intentionally distorting, losing or damaging data in databases of Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations.

4. Intentionally providing false data or failing to provide data in accordance with law.

Chapter II

BUILDING, DEVELOPMENT, PROTECTION, ADMINISTRATION, PROCESSING AND USE OF DATA; THE NATIONAL DATA DEVELOPMENT FUND

Article 11. Collection and creation of data

1. Data shall be collected and created through direct creation; digitization of documents, papers and other forms of material.

Created original data has the same value as original documents and papers and other forms of digitized materials.

2. Collection and creation of data by Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations:

a/ The collection and creation of data to build databases must comply with regulations or decisions of competent authorities, using a shared category code table consistent with master data in national databases;

b/ Data available in connected and shared databases may not be collected again;

c/ Data serving state management, assurance of national defense, security, external relations, cryptographical work, performance of administrative procedures, and provision of public services shall be created and digitized in accordance with law;

d/ Data shall be collected from the results of settlement of administrative procedures; by digitizing papers, documents and other forms of material; via electronic means; and directly from organizations and individuals;

dd/ The conversion of digitized documents and papers into data must comply with the law on archives; data may only be collected from papers and documents that are primary-source and original papers and documents or lawful copies in case the primary-source or original papers and documents are no longer available; collected and created data must ensure authentication and traceability to the digitized versions of documents and papers.

3. Rights and responsibilities of organizations and individuals regarding data collection and creation:

a/ To collect and create data to serve their activities in accordance with law;

b/ To have the rights of data owners protected in accordance with this Law, the civil law and other relevant laws;

c/ To be responsible for the data they collect and create in accordance with law.

4. Agencies managing national databases and specialized databases shall decide on the roadmap for creating and digitizing data to serve digital transformation activities according to the National Data Strategy issued by the Prime Minister.

5. The Ministry of Public Security shall assume the prime responsibility for, and coordinate with related agencies in, synthesizing and publicizing the list of data-providing agencies, list of to-be-provided data and the shared category code table for agencies, organizations and individuals to look up and exploit data.

Article 12. Assurance of data quality

1. Assurance of data quality means assurance of the accuracy, validity, integrity, completeness, timely updating, and consistency of data.

2. State agencies managing databases have the following responsibilities:

a/ To guide, implement and synchronously apply national standards and technical regulations on assurance of data quality, and procedures for assurance of data quality for the databases they manage;

b/ To regularly check, monitor, and correct errors; to synchronize data within the agencies and coordinate with related agencies and organizations to regularly update, adjust, and ensure the quality of, data in exploitation and use.

Article 13. Data classification

1. State agencies shall classify data based on data administration, processing and protection requirements, specifically as follows:

a/ Data classified based on the nature of data sharing include: shared data, private data and open data;

b/ Data classified based on the importance of data include: core data, important data and other data;

c/ Data classification based on other criteria to meet the requirements of data administration, processing and protection as decided by data administrators.

2. Data owners and data administrators other than those specified in Clause 1 of this Article shall classify data according to Point b, Clause 1 of this Article and may classify data based on other criteria.

3. The Government shall prescribe criteria for determining core data and important data.

Article 14. Data storage

1. State agencies shall organize data storage, ensuring safety.

2. Organizations and individuals other than those specified in Clause 1 of this Article that are data owners have the right to decide on the storage of the data they collect, create and own; those storing core data and important data shall comply with Clause 3, Article 27 of this Law.

3. National databases must store their data on the infrastructure of the National Data Center.

4. Specialized databases and other databases of state agencies may store data on the infrastructure of the National Data Center or the infrastructure of other agencies and organizations that meet the standards on data centers. Private data and data in the fields of national defense, security, external relations and cryptography, shall be stored on the infrastructure of the National Data Center when data owners so agree.

Organizations and individuals other than those specified in Clause 1 of this Article that are data owners may reach agreement on storage of data on the infrastructure of the National Data Center in the form of service provision contracts between such organizations or individuals and the organization providing data exploitation services and infrastructure at the National Data Center.

5. The Government shall detail this Article.

Article 15. Data administration and management

1. Data administration covers formulating policies, plans, programs, processes and standards on data by data owners and data administrators in order to manage data continuously and effectively, ensuring the completeness, accuracy, integrity, consistency, uniformity, standardization, safety, security and timeliness of data.

2. Data management means organizing the performance of data administration as specified in Clause 1 of this Article.

3. Data owners and data administrators that are state agencies shall coordinate with the National Data Center to perform data administration and management as specified in Clauses 1 and 2 of this Article.

4. Data owners and data administrators that are organizations and individuals other than those specified in Clause 3 of this Article shall, based on actual conditions, perform administration and management of data they collect, create and own.

5. The Government shall detail Clause 3 of this Article.

Article 16. Data access and retrieval

1. Data access and retrieval must comply with regulations and technical procedures on data access and retrieval; and ensure security, safety and proper purposes.

2. State agencies shall provide tools and authorize data access and retrieval to ensure data security, safety and protection. Other data owners and data administrators are encouraged to provide data access and retrieval tools.

3. The Government shall detail this Article.

Article 17. Data connection, sharing and coordination

1. Data owners and data administrators shall connect and share data to data users as provided by law or as agreed, directly or through an intermediary party.

2. State agencies shall perform the coordination of data under their management, ensuring that data are shared in a safe, synchronous and effective manner, serving socio-economic development, national defense, security and external relations; and shall be ready to connect, share and coordinate data for agencies, organizations and individuals permitted to exploit data in accordance with this Law and other relevant laws.

3. The Prime Minister shall decide on the sharing of private data managed by ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees in cases of emergency or urgent circumstances to prevent and control disasters, epidemics, fires and explosions, or in other necessary cases to resolve issues arising in realities.

4. The Government shall prescribe the provision of support for data owners other than those specified in Clause 2 of this Article when connecting and sharing data to state agencies in accordance with this Law.

Article 18. Provision of data to state agencies

1. Domestic and overseas organizations and individuals are encouraged to provide data under their ownership to state agencies.

2. Organizations and individuals shall provide data to state agencies when requested by competent authorities without having to obtain the consent of data subjects in the following cases:

a/ Responding to a state of emergency;

b/ There is a threat to national security which, however, is not serious enough for declaring a state of emergency;

c/ Disasters occur;

d/ Preventing and combating riots and terrorism.

3. State agencies receiving data have the following responsibilities:

a/ To use data for proper purposes;

b/ To ensure data security and safety, data protection, and other lawful interests of data subjects and organizations and individuals providing data in accordance with law;

c/ To destroy data immediately when the data are no longer needed for the intended purpose and notify thereof to data subjects and organizations and individuals that provided the data;

d/ To inform the organizations or individuals that have provided the data of the storage and use of data when requested by the latter, except cases of protecting state secrets or work secrets.

4. The Government shall detail this Article.

Article 19. Data analysis and synthesis

1. State agencies shall analyze and synthesize data from the self-created data sources, or may share, provide, exploit and use data to serve leadership, direction, state management and socio-economic development.

2. Organizations and individuals other than those specified in Clause 1 of this Article may analyze and synthesize data from the data sources they are permitted to access and use.

3. Data owners and data administrators are encouraged to develop utilities, tools and applications for analyzing and synthesizing data for provision to state agencies and other organizations and individuals to serve socio-economic development and other activities.

Article 20. Data confirmation and validation

1. Data confirmation shall be carried out by data owners, data administrators or organizations providing electronic authentication services.

Confirmed data are valid for proving the existence, time and location of storage of data in the cyberspace in accordance with this Law and other relevant laws.

2. Data validation shall be performed by data owners and data administrators creating original data, organizations providing electronic authentication services, and the National Data Center. Validated data are valid as original data stored in national databases, specialized databases and other databases within a certain scope and period of time.

3. The Government shall detail this Article.

Article 21. Data disclosure

1. The disclosure of data must accurately reflect data from original data sources and facilitate the exploitation, use and sharing of data by organizations and individuals.

2. Data that are allowed for disclosure, are subject to conditional disclosure, or are not allowed for disclosure shall be decided based on the information reflected by the data in accordance with the law on access to information.

3. Forms of data disclosure include: posting data on data portals, web portals and websites, and in the mass media, and other forms in accordance with law.

4. State agencies shall publicize the list of open data and organize the disclosure of open data according to this Article for organizations and individuals to exploit, use and share data. The time of disclosure of data for each field must comply with law.

5. The Government shall detail this Article.

Article 22. Data encryption and decryption

1. Data on the list of state secrets shall be encrypted using cryptographic codes when stored, transmitted, received and shared on computer networks.

2. Agencies, organizations and individuals may use one or more than one encryption solution and encryption and decryption process suitable for their data administration and management activities.

3. Data owners and data administrators shall decide on data encryption and decryption.

4. Competent state agencies may apply measures to decrypt data without having to obtain the consent of data owners or data administrators in the following cases:

a/ Responding to a state of emergency;

b/ When there is a threat to national security which, however, is not serious enough for declaring a state of emergency;

c/ Disasters occur;

d/ Preventing and combating riots or terrorism.

5. The Government shall detail Clauses 2 and 4 of this Article.

Article 23. Cross-border data transfer and processing

1. Agencies, organizations and individuals are free to transfer data from abroad to Vietnam and process foreign data in Vietnam, and have their lawful rights and interests protected by the State in accordance with law.

2. Cross-border transfer and processing of core data and important data include:

a/ Transfer of data currently stored in Vietnam to data storage systems located outside the territory of the Socialist Republic of Vietnam;

b/ Transfer of data by Vietnamese agencies, organizations and individuals to foreign organizations and individuals;

c/ Use by Vietnamese agencies, organizations and individuals of platforms located outside the territory of the Socialist Republic of Vietnam to process data.

3. The transfer and processing of data specified in Clauses 1 and 2 of this Article must ensure national defense, security, and protection of national interests and public interests, and lawful rights and interests of data subjects and data owners in accordance with Vietnam’s law and treaties to which the Socialist Republic of Vietnam is a contracting party.

4. The Government shall detail this Article.

Article 24. Scientific and technological activities and innovation in building, development, protection, administration, processing and use of data

1. Scientific and technological activities and innovation in building, development, protection, administration, processing and use of data must be consistent with the national data development strategy; promote internal strengths in scientific and technological activities and innovation; and adhere to the principles of building, development, protection, administration, processing and use of data in accordance with this Law.

2. Scientific and technological platforms in building, developing, protecting, administering, processing and using data include: artificial intelligence, cloud computing, blockchain, data communications, the Internet of Things, big data, and other modern technologies.

3. To concentrate national resources on activities to develop and apply scientific and technological platforms in building, developing, protecting, administering, processing and using data to serve national digital transformation, ensuring national defense, security and socio-economic development.

4. The Government shall prescribe the management and development of, and application of regulatory sandbox mechanisms to, scientific and technological research and application and innovation in building, developing, protecting, administering, processing and using data.

Article 25. Identification and management of risks arising in data processing

1. Risks arising in data processing include: privacy risks, cyber security risks, identification and access management risks, and other risks.

2. State agencies shall identify and establish an early warning mechanism for risks arising in data processing, and develop measures to protect data.

3. Data owners other than those specified in Clause 2 of this Article shall themselves assess and identify risks, and implement measures to protect data; promptly remedy arising risks and notify thereof to data subjects and related agencies, organizations and individuals.

4. Core data and important data administrators shall periodically assess risks related to the processing of such data according to regulations and notify the results thereof to specialized cyber security and information security units under the Ministry of Public Security and the Ministry of National Defense and related agencies for coordination in the protection of data safety and security.

5. The Government shall detail this Article.

Article 26. Other activities in data processing

1. Data subjects may request data owners and data administrators to recall, delete or destroy the data they have provided, unless otherwise prescribed by law. Data administrators shall establish procedures and implement measures and methods to recall, delete or destroy data at the request of data subjects.

2. State agencies shall adjust and update data in a regular and continuous manner; decide to store the history logs of the process of combining, adjusting, updating, copying, transmitting, transferring, recalling, deleting and destroying data under their management.

3. Data owners and data administrators other than those specified in Clause 2 of this Article shall combine, adjust, update, copy, transmit and transfer data in accordance with this Law and other relevant laws.

4. The Government shall detail this Article.

Article 27. Data protection

1. Data protection measures shall be applied throughout the entire process of data processing, including:

a/ Formulating, and organizing the implementation of, data protection policies and regulations;

b/ Managing data processing activities;

c/ Developing and deploying technical solutions;

d/ Training, further training, developing and managing human resources;

dd/ Other data protection measures as prescribed by law.

2. State agencies shall protect data in the sectors and fields under their management, abide by general policies on national defense and security; and establish a unified data protection system to assess data security risks, carry out monitoring and provide early warnings.

3. Data owners and data administrators that manage core data and important data shall comply with data protection regulations.

4. The Government shall detail this Article.

Article 28. Standards and technical regulations on data

1. Standards on data include standards for information systems, hardware, software, systems for data management, operation and processing, data quality assurance, and data protection that are published and recognized for application in Vietnam.

2. Technical regulations on data include technical regulations for information systems, hardware, software, systems for data management, operation and processing, data quality assurance, and data protection that are formulated, promulgated and applied in Vietnam.

3. The Ministry of Public Security shall assume the prime responsibility for, and coordinate with related agencies in, promulgating a list of standards and technical regulations on data, except the list of standards and technical regulations on data in the fields of national defense and cryptography.

4. Agencies managing national databases and specialized databases shall formulate standards and technical regulations on data according to the list promulgated under Clause 3 of this Article.

Article 29. The National Data Development Fund

1. The National Data Development Fund is an off-budget state financial fund established at the central level to promote the development, exploitation, application and administration of national data.

2. The National Data Development Fund shall be formed from the following financial sources:

a/ Support from the state budget;

b/ Voluntary contributions of organizations and individuals at home and abroad;

c/ Other lawful financial sources as specified by law.

3. The National Data Development Fund shall operate in adherence to the following principles:

a/ Operating not for profit;

b/ Being managed and used for proper purposes in accordance with law and in a prompt, effective, public and transparent manner;

c/ Supporting the building, development, protection, administration, processing and use of data;

d/ Being spent on activities when state budget allocations do not meet demands.

4. The Government shall specify the establishment, management and use of the National Data Development Fund.

Chapter III

BUILDING AND DEVELOPMENT OF THE NATIONAL DATA CENTER; THE NATIONAL SYNTHETIC DATABASE

Section 1

BUILDING AND DEVELOPMENT OF THE NATIONAL DATA CENTER

Article 30. Infrastructure of the National Data Center

1. The infrastructure of the National Data Center shall be designed, built and used to meet the following requirements:

a/ Meeting standards and technical regulations on data centers and international technical requirements; conforming with the master plan on information and communication infrastructure; ensuring safety against bombardment, terrorism and disasters; protecting the environment; and saving energy;

b/ Having security and confidentiality solutions to control, detect, and prevent attacks, intrusions and sabotage; ensuring the readiness of the system, and designing the system with a backup plan so as to be ready in case of expansion when necessary;

c/ Ensuring the main information technology components of the National Data Center, including: the National Synthetic Database; the Data Sharing and Coordination Platform; the National Public Service Portal; data processing and resource allocation technology infrastructure; data analysis system serving management, direction and administration work; systems and software for management, exploitation and provision of data services, open data portals and data service portals; and other platforms, software and professional systems as decided by the Government and the Prime Minister.

2. National databases must use the infrastructure of the National Data Center.

Databases in the fields of national defense, security, external relations and cryptographic work as well as specialized databases and other databases may use the infrastructure of the National Data Center, depending on their demand.

3. The Government shall detail this Article.

Article 31. Responsibilities of the National Data Center

1. To integrate, synchronize, store, analyze and exploit data of state agencies in accordance with law in order to create and manage the National Synthetic Database.

2. To administer and operate technical infrastructure, information technology infrastructure and data exchanges at the National Data Center; to provide technical infrastructure and information technology infrastructure to Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations when they so need.

3. To operate, administer, store, manage, exploit and coordinate data in the National Synthetic Database for Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations to perform their assigned functions and tasks or at the request of data owners, data administrators and data subjects in accordance with law.

4. To monitor data quality assurance and data coordination activities; to develop systems of performance measurement and evaluation indices for data administration activities.

5. To implement data protection measures.

6. To conduct scientific research on data, apply technology in data processing, provide technology infrastructure and products and services related to data; to support organizations and individuals in data processing; to build innovation centers and support innovation activities in data science; to develop innovation activities in data science; to develop an innovative startup ecosystem in science and technology based on the data platform of the National Synthetic Database.

7. To organize the implementation of international cooperation activities on data.

8. The Government shall detail this Article.

Article 32. Assurance of resources for the building and development of the National Data Center

1. The State shall prioritize investment in infrastructure, facilities, land, head offices, works and technology, and ensure budget funds for the building and state management of data, data administration, and building, management and operation of the National Data Center and the National Synthetic Database.

2. Funds for operation of the National Data Center shall come from the state budget and other lawful sources.

3. The State shall ensure human resources for activities of the National Data Center; and adopt mechanisms to attract and preferentially treat high-quality human resources.

4. Resources for the National Data Center to upgrade, maintain and repair infrastructure and equipment it has invested in shall be guaranteed.

Section 2

THE NATIONAL SYNTHETIC DATABASE

Article 33. Building of the National Synthetic Database

The National Synthetic Database shall be built and managed by the Government in a centralized and unified manner at the National Data Center and must meet the following requirements:

1. To comply with relevant standards, technical regulations and techno-economic norms on data and information technology;

2. To ensure information security and safety, protect personal data, and facilitate data collection, updating, adjustment, exploitation and use;

3. To ensure stable and continuous operation, connection and sharing of data with national databases, specialized databases, other databases and other information systems;

4. To ensure the right of agencies, organizations and individuals to exploit data in accordance with law;

5. To meet the requirements for integration, synchronization, storage, exploitation, sharing and coordination of data synthesized from databases and perform in-depth analysis of data in support of the formulation of mechanisms and policies and serving socio-economic development;

6. To serve the provision of support to, and development of, data products and services.

Article 34. Collection, updating and synchronization of data into the National Synthetic Database

1. Data that are collected, updated and synchronized into the National Synthetic Database include:

a/ Open data;

b/ Shared data of state agencies;

c/ Private data of state agencies according to the Prime Minister’s decisions to serve the tasks concerning national defense, security, external relations, cryptography, socio-economic development, digital transformation, national interests and public interests;

d/ Data of Party agencies, Vietnam Fatherland Front Committees and socio-political organizations when agreed by data owners;

dd/ Other data provided by organizations and individuals.

2. Data shall be collected, updated and synchronized in the National Synthetic Database through:

a/ Performing administrative procedures and providing public services;

b/ Being updated, shared and synchronized from other databases;

c/ Being digitized, provided and integrated by individuals and organizations;

d/ Other sources as prescribed by law.

3. The National Data Center shall coordinate with related agencies, organizations and individuals to check data upon collection, updating and synchronization to ensure accuracy and consistency. In case the data in a national database, specialized database or another database are inconsistent with the data in the National Synthetic Database, the National Data Center shall coordinate with relevant agencies to check, cross-check, update and synchronize the data in the databases.

4. The Prime Minister shall decide on the roadmap for building and developing national databases and specialized databases, and the roadmap for collecting, updating and synchronizing data into the National Synthetic Database.

Article 35. Exploitation and use of the National Synthetic Database

1. The National Synthetic Database shall be built to serve the exploitation and shared use of data to meet operational requirements of Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations; to serve the performance of administrative procedures, provision of public services, and the direction and administration work of the Government; to serve the making of statistics, policymaking, and formulation of master plans and strategies for socio-economic development, national defense, security, external relations, cryptographical work, crime prevention and combat, and handling of violations; and to serve organizations’ and individuals’ demand for data exploitation, use and application.

2. Data in the National Synthetic Database are valid for exploitation and use as original data.

3. Subjects may exploit and use data in the National Synthetic Database according to the following provisions:

a/ Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations are allowed to exploit and use data in conformity with their functions and tasks;

b/ Data subjects are allowed to exploit and use data reflecting such data subjects;

c/ Organizations and individuals other than those specified at Points a and b of this Clause are allowed to exploit and use data as follows: they are free to exploit and use open data; may exploit and use personal data after obtaining the consent of the National Data Center and individuals who are the subjects of the to-be-exploited data; and may exploit and use other data after obtaining the consent of the National Data Center.

4. Data exploitation and use shall be carried out by the following methods:

a/ Connecting and sharing data between national databases, specialized databases and other databases and information systems and the National Synthetic Database;

b/ The National Data Portal, the National Public Service Portal, web portals, and information systems for settlement of administrative procedures;

c/ The electronic identification and authentication platform;

d/ The national identification application;

dd/ Equipment, means and software provided by the National Data Center;

e/ Other methods.

5. The Government shall detail this Article.

Article 36. Connection and sharing of data with the National Synthetic Database

1. Other national databases, specialized databases and other information systems of Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations shall be connected to the National Synthetic Database through the Data Sharing and Coordination Platform; the National Data Integration and Sharing Platform; ministerial- and provincial-level data integration and sharing platforms, the Internet, computer networks and information systems.

2. The connection and sharing of data between the National Synthetic Database and other databases must ensure efficiency, safety and consistency with the functions, tasks and powers of related agencies, organizations and individuals as prescribed by law.

3. The connection and sharing of data between the National Synthetic Database and other information systems shall be carried out on the basis of a written agreement between the Ministry of Public Security and the data owners.

4. The Government shall detail this Article.

Article 37. Provision of data to the National Synthetic Database

1. Agencies managing national databases, specialized databases and other databases shall provide data to the National Synthetic Database in accordance with Clause 1, Article 34 of this Law.

2. The State shall ensure necessary conditions for receipt of data provided by agencies, organizations and individuals.

3. The Government shall detail this Article.

Article 38. Charge for exploitation and use of data in the National Synthetic Database and other databases managed by state agencies

1. Party agencies, state agencies, Vietnam Fatherland Front Committees and socio-political organizations shall, when exploiting and using information in the National Synthetic Database and other databases managed by state agencies, not be required to pay charge.

2. Organizations and individuals shall, when exploiting and using their data in the National Synthetic Database and other databases managed by state agencies, not be required to pay charge.

3. Organizations and individuals other than those specified in Clauses 1 and 2 of this Article shall, when exploiting and using data in the National Synthetic Database and other databases managed by state agencies, pay charge in accordance with the law on charges and fees.

Chapter IV

DATA PRODUCTS AND SERVICES

Article 39. Data products and services

1. Data products and services in activities concerning data intermediation, data analysis and synthesis, electronic authentication, and data exchanges must comply with this Law and other relevant laws.

2. Electronic authentication services for data validation in national databases, specialized databases, and electronic identification and authentication systems shall be provided by qualified public non-business units and state enterprises.

3. Organizations providing products and services concerning data intermediation and data analysis and synthesis shall be entitled to incentives as for enterprises operating in the fields of high technology, innovation, innovative startups, and digital technology industry.

4. Other data products and services in electronic transactions, telecommunications, cyber security, cyberinformation security, digital technology industry, cryptography, national defense and security industry and industrial mobilization must comply with relevant laws.

5. The Government shall detail this Article.

Article 40. Data intermediation products and services

1. Data intermediation products and services are products and services that establish commercial relationships between data subjects, data owners and product and service users through agreements for the purposes of exchanging, sharing and accessing data, and exercising the rights of data subjects, data owners and data users.

2. Organizations providing data intermediation products and services shall register their operation and be managed in accordance with the law on investment, except cases of providing data intermediation products and services internally within the organizations.

3. The Government shall detail this Article.

Article 41. Data analysis and synthesis products and services

1. Data analysis and synthesis products are the results of the process of analyzing and synthesizing data into useful in-depth information at different levels as requested by product users. Data analysis and synthesis services are activities of analyzing and synthesizing data at the request of service users.

2. Organizations dealing in data analysis and synthesis products and services that are likely to cause harms to national defense, security, social order and safety, social ethics, and community well-being shall register their operation and be managed in accordance with the law on investment.

Cases of connecting to or sharing data with national databases or specialized databases for dealing in data analysis and synthesis products and services shall be managed in accordance with law.

3. The Government shall detail this Article.

Article 42. Data exchanges

1. A data exchange is a platform providing data-related resources to serve startup research and development and innovation activities; providing data-related products and services to serve socio-economic development; and being an environment for trading and exchanging data and data-related products and services.

2. Organizations providing data exchange services are public non-business units and state enterprises that meet the conditions for service provision and are granted establishment licenses in accordance with law.

3. Data not allowed to be traded in include:

a/ Data that cause harms to national defense, security, external relations, and cryptographic work;

b/ Data not allowed by the concerned data subjects to be provided, unless otherwise provided by law;

c/ Other data that are prohibited from trading in accordance with law.

4. The Government shall detail this Article.

Article 43. Responsibilities of organizations providing products and services related to data intermediation, data analysis and synthesis, and data exchanges

1. To provide services to organizations and individuals as agreed in service provision contracts.

2. To ensure that information receiving channels operate and services are provided in a smooth and continuous manner.

3. To regularly manage, inspect and monitor data safety and security; to prevent, stop and handle data risks; to monitor behaviors that are likely to affect data protection.

4. To comply with the law on cyberinformation security, the law on cyber security, the law on e-transactions, and other relevant laws.

5. The Government shall detail this Article.

Chapter V

IMPLEMENTATION PROVISIONS

Article 44. Amendments and supplements to a number of articles of relevant laws

1. To amend and supplement Appendix No. 01 on the List of charges and fees issued together with Law No. 97/2015/QH13on Fees and Charges, which has a number of articles amended and supplemented under Law No. 09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14, Law No. 16/2023/QH15, Law No. 20/2023/QH15, Law No. 24/2023/QH15, Law No. 33/2024/QH15 and Law No. 35/2024/QH15, as follows:

a/ To add serial number 6 after serial number 5 of Section IV, Part A as follows:

b/ To add serial number 5 after serial number 4.2 of Section XIII, Part A as follows:

2. To amend, supplement or annul a number of points, clauses and articles of the Law No. 20/2023/QH15 on E-Transactions as follows:

a/ To amend and supplement Point a, Clause 4, Article 42 as follows:

“a/ To connect and share data through intermediary systems, including: the National Data Center’s Data Sharing and Coordination Platform; the National Data Integration and Sharing Platform; and ministerial- and provincial level data connection and sharing infrastructure according to the National Digital Architecture Framework;”;

b/ To annul Clause 8, Article 3, and Article 41.

Article 45. Effect

This Law takes effect on July 1, 2025.

Article 46. Transitional provisions

1. Agencies managing national databases that have invested in the building of, or hired, data infrastructure services before the effective date of this Law may continue to use the systems and equipment they have invested in or hired until the National Data Center is qualified to receive and provide infrastructure for national databases in accordance with this Law.

2. The Prime Minister shall prescribe the roadmap for receiving, converting and using the infrastructure of the National Data Center for national databases according to Clause 1 of this Article.

This Law was passed on November 30, 2024, by the 15^th National Assembly of the Socialist Republic of Vietnam at its 8^th session.-

Chairman of the National Assembly
TRAN THANH MAN