Vietnam's draft AI law: what managers need to know
27/11/2025 - Vietnam's National Assembly is set to debate three draft laws, including a new Law on Artificial Intelligence (AI). Minister of Science and Technology Nguyen Manh Hung presented the draft, which seeks to formalise state views on AI, open a clear legal pathway for innovation and competitiveness, manage risk, and protect national interests, human rights, and digital sovereignty.
The proposal outlines a risk-based approach and a clear governance structure for how AI is built, deployed, and used across the economy. For leaders, the signal is clear: AI governance is moving from "best practice" to baseline compliance.
What the draft covers
The draft includes eight chapters and 36 articles. It regulates AI research, development, provision, deployment, and use; defines the rights and obligations of organisations and individuals; and sets state management responsibilities for AI in Vietnam.
- Risk levels for AI systems, including classification and notification duties
- Transparency, labelling, and explanation responsibilities
- Incident management and response requirements
- Oversight across the full AI lifecycle (from foundational models to applications)
Penalties and enforcement
The bill sets a maximum administrative fine of 2 billion VND (over 75,800 USD) for organisations and 1 billion VND for individuals. For serious violations, fines may reach up to 2% of the violating organisation's prior-year revenue.
Implications for business leaders
- Map your AI footprint: build a system inventory, rate risk, and identify high-impact use cases. Keep a live registry and be ready to notify where required.
- Assign ownership: name an accountable executive and form a cross-functional AI governance board spanning product, legal, risk, and security.
- Data controls: track data sources, consent, and security. Maintain logs for training and inference to support audits and explanations.
- Transparency and UX: label AI interactions, give clear user notices, and provide explanations where mandated. Keep documentation current.
- Incident readiness: establish detection, playbooks, escalation paths, and reporting timelines. Test them.
- Third-party oversight: vet platforms and model providers. Add contract clauses for risk, transparency, and incident response. Monitor intermediary entities across the value chain.
- Harmonise across markets: if you operate in the EU, compare obligations to the AI Act to reduce duplicate work. EU AI Act overview
- Budget and metrics: fund audits and monitoring. Track risk reduction, model performance, and incident rates.
- Upskill teams: product, legal, security, and operations need shared fundamentals. Practical AI courses by job role
Committee signals
The NA Committee on Science, Technology and Environment supports adopting the law to strengthen the current legal framework. It calls for a unified, coherent, and flexible management mechanism suited to AI's specifics, enabling integration and mutual recognition of technology, improving Vietnam's position in global value chains, and expanding international cooperation.
The committee also recommends refining the scope to avoid overlap with existing laws and expanding coverage to intermediary entities. This would ensure end-to-end oversight of platforms and foundational models, not just downstream applications.
What to watch
As the draft advances, expect continued focus on risk classification, transparency duties, and incident response. Organisations that establish inventories, governance, and vendor controls now will move faster when the rules become law.
Your membership also unlocks:
