Unifying the law to build a solid cybersecurity shield

Cyber security affects every citizen

After 28 years since officially connecting to the Internet, Vietnam has become one of the countries with the fastest Internet growth rate in the world, with extensive digital infrastructure, explosive online services and an increasingly large digital economy contributing to GDP. However, along with development opportunities are a series of risks and threats that are constantly increasing. More than at any time, cyberspace is becoming a hot front, where data encryption attacks of blackmail, security infrastructure intrusion, personal data theft and the dissemination of malicious information take place on a large scale, with increasingly high levels of sophistication. Many important agencies and enterprises in the fields of finance, energy, and telecommunications have been targets of international cybercrime groups. Some attacks paralyzed the system, causing transactions to stagnate, the governance process was interrupted, causing damage of up to hundreds of billions of VND. Meanwhile, the sale of personal data, financial data, and identification information is carried publicly on many platforms, forming large-scale networks that are very difficult for authorities to control.

Along with cybercrime, hostile forces and opposing subjects thoroughly take advantage of cyberspace to distort, incite, defame, and sabotage the Party and the State, especially in times of political and social sensitivity. Many incidents took place in organized form, coordinating across borders, taking advantage of social platforms to spread false information at an uncontrollable speed. That shows that cybersecurity is not only a problem for the engineering industry but has become an important component of national security.

An inevitable step

In that context, the merger of the two current laws into the 2025 Cyber Security Law is an inevitable step. The change in the organizational apparatus according to Resolution 18, especially the Ministry of Public Security receiving the entire task of State management of network information security from the Ministry of Information and Communications (before the merger), requires the legal system to be quickly adjusted to unify. A cybersecurity management focal point helps avoid overlapping functions, improve coordination efficiency, optimize resources and ensure transparency and clarity in responsibilities. This is also an important condition to increase the speed of network incident response, proactively detect, prevent and handle threats in the shortest time.

The draft Law on Cyber Security 2025 shows many notable innovations. One of the important contents is to encourage State agencies and businesses to use domestic cybersecurity products and solutions, thereby promoting Vietnam's technological autonomy. The development of Make in Vietnam security tools not only meets the need to protect information systems but also significantly reduces dependence on foreign suppliers - a sensitive factor in the context of complicated geopolitical competition and cyber war.

The draft law also clearly stipulates for the first time the funding for cybersecurity protection tasks in agencies, organizations and state-owned enterprises. For many years, cybersecurity has often been considered a side cost, leading to a situation of broken, unsynchronized investment. When a cyberattack occurs, the consequences are often much heavier than the cost of prevention. The legalization of financial responsibility in cybersecurity protection is a necessary step to change the mindset of "losing a cow is a concern for the barn".

Another improvement is the requirement for heads of key national information systems to have a cybersecurity certificate. Many recent cyber attacks have shown that the leaders of many units do not have basic knowledge of information security but still approve the purchase of systems and database operations, leading to management loopholes and serious risks. Requiring a certificate is not a barrier, but a prerequisite to improve management capacity, increase individual responsibility and minimize errors.

No delay

With data - the " Strategic resource" of the digital age - the draft law adds a separate chapter on ensuring data security, covering the entire data life cycle from creation, storage, transmission, processing to sharing and reuse. This regulation promptly meets reality when a series of personal data, positioning data, financial information, and even sensitive data of State agencies are collected and transferred abroad through digital platforms or IoT devices without control. An unsafe data platform means a threat to digital sovereignty and national sovereignty.

The draft law also has an important step forward in protecting children in cyberspace. Children are the group most at risk of harmful information, fraud, attack and illegal data collection. Requiring parents to register accounts and be responsible for monitoring children's online activities is a solution in line with the modern management trend of many countries, contributing to creating a healthy and safe cyberspace for future generations.

If the law is passed late, Vietnam will continue to face a large legal gap in data management and cybercrime prevention. The attacks may continue to cause heavy damage, sabotage activities are at risk of escalating, and businesses and people will be unsafe in the digital environment that is increasingly becoming a pillar of the socio-economy.