Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Analysis

Vietnam becomes the first Southeast Asian state to adopt a standalone AI law

Adopted 2026-06-14 · ≈ 3 min read · Dirk Baaijen

On 1 March 2026 Vietnam's Law on Artificial Intelligence (134/2025/QH15) took effect — the first standalone, horizontal AI law in Southeast Asia. It borrows the EU's risk-based structure but binds from day one, while keeping an innovation-promotion layer of its own.

Until recently the map of binding AI legislation in Asia held just one horizontal statute: South Korea's AI Basic Act. On 1 March 2026 a second one joined it. Vietnam's Law on Artificial Intelligence (Law No. 134/2025/QH15), passed by the National Assembly on 10 December 2025, is the first standalone, horizontal AI law in Southeast Asia. Unlike Korea, which leads with promotion and defers sanctions, and unlike China, which keeps its binding rules sectoral, Vietnam borrows the risk-based grammar of the EU regulation — but with obligations that apply from the moment the law takes effect.

A horizontal law with a risk-based core

The law runs to eight chapters and 35 articles and governs the research, development, provision, deployment and use of AI systems by both Vietnamese and foreign parties in Vietnam. Activities serving exclusively national defence, state security and cryptography fall outside it, per Article 1.

Its core is a three-tier classification (Article 9): high-risk systems that can cause significant damage to life, health and lawful rights and interests; medium-risk systems that can confuse, influence or manipulate users; and low-risk systems that fall into neither category. What is notable is what is absent: unlike the EU, Vietnam has no separate "unacceptable risk" category. Instead, Article 7 lists prohibited acts that stand apart from the risk classification — deploying AI for unlawful purposes, creating forged elements or simulations of real people to deceive, exploiting the vulnerabilities of vulnerable groups (children, the elderly, persons with disabilities), or generating content that seriously endangers national security and public order.

What providers of high-risk systems must do

High-risk systems carry obligations a European reader will recognise: risk management across the whole lifecycle, human-oversight mechanisms, technical documentation, and a prior conformity assessment for the systems on a list to be set by the Prime Minister. Providers must self-classify their systems and notify medium- and high-risk systems to the Ministry of Science and Technology before deployment, and register in a national AI database. Incidents causing serious harm must be reported through the prescribed information system.

The law reaches across the border: foreign providers of high-risk systems subject to the prior assessment must have a commercial presence or appoint an authorised representative; other high-risk providers must at least maintain a lawful local contact point. Existing systems get a transition period of twelve to eighteen months depending on the sector (eighteen for finance, healthcare and education).

Marking synthetic content

Article 11 requires that AI-generated audio, images and video be marked in a machine-readable format, with a clear notice where the content is likely to cause confusion about the authenticity of events or persons. Vietnam thus arrives at the same problem as the EU's Article 50 transparency duties and China's content-marking rules — making synthetic media recognisable — again from a regulatory tradition of its own.

The implementing decree makes it workable

A law without implementing rules stays a framework. Decree 142/2026/ND-CP, issued on 30 April 2026 and effective from 1 May 2026, fills in the mechanics: it confirms the three risk levels, establishes a one-stop AI portal and the national AI database under the Ministry of Science and Technology, and sets reporting deadlines — within 72 hours for emergency incidents and within five working days for the rest. The penalty provisions themselves (Article 29 of the law provides for administrative, civil and possibly criminal liability) receive their figures through separate sanctioning rules.

A fourth accent on the global map

Vietnam confirms that the EU's risk-based form is spreading, but not without local colouring. Where the EU regulates horizontally and bindingly, Korea leads the horizontal form with promotion, and China keeps its binding rules vertical, Vietnam opts for a binding risk-based law with a pronounced innovation-promotion layer — sandboxes, funding and the principle that the human remains the final arbiter. For organisations delivering across jurisdictions this is again the lesson from our Asia-Pacific comparison and the analysis of international AI governance: the goals converge — safety, transparency, accountability — but the instruments, thresholds and enforcement routes must be read on each legal order's own terms.

Sources

  1. https://english.luatvietnam.vn/law-no-134-2025-qh15-dated-december-10-2025-of-the-national-assembly-on-artificial-intelligence-422299-doc1.html
    Official text of Law 134/2025/QH15 (10 Dec 2025): 8 chapters, 35 articles; Art. 7 prohibited acts, Art. 9 risk tiers, Art. 11 marking, Art. 1 defence exclusion.
  2. https://connectontech.bakermckenzie.com/vietnams-first-standalone-ai-law-an-overview-of-key-provisions-future-implications/
    Baker McKenzie: three risk tiers (Art. 9); notification to the Ministry of Science and Technology; local contact point for foreign providers.
  3. https://www.vilaf.com.vn/blog/vietnam-enacts-its-first-law-on-artificial-intelligence-key-regulatory-obligations-from-1-march-2026/
    VILAF: high-risk obligations (conformity assessment, human oversight, registration), local presence for foreign providers, 12–18 month transition period.
  4. https://vietanlaw.com/decree-142-2026-nd-cp-guiding-the-artificial-intelligence-law-in-vietnam/
    Decree 142/2026/ND-CP (issued 30 Apr 2026, effective 1 May 2026): one-stop portal, national AI database, incident reporting within 72h or 5 working days.

Share on LinkedIn

Read next

A

AI regulation in Brazil: the approach in brief

With bill PL 2338/2023 Brazil opts for a horizontal, risk-based framework on the EU model. The Senate adopted the text on 10 December 2024; since March 2025 it has been before the Chamber of Deputies and is therefore not yet in force.

A

India chooses guidelines over a statute — a principle-based AI governance framework

On 15 February 2026 India's MeitY released its AI Governance Guidelines — a principle-based framework on seven 'sutras'. The defining choice is what it declines: not a new horizontal AI law, but a bet on existing statutes, new institutions and an innovation-first posture.

A

China writes AI into its Cybersecurity Law: a third model of AI regulation

On 1 January 2026 China's amended Cybersecurity Law took effect, adding an article that lifts AI into foundational legislation. But the new AI clause is promotional — China's binding AI rules stay sectoral, a third model beside the EU's and Korea's horizontal laws.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.