According to Art. 83(5) of the Companies Act, as amended in December 2018, requires companies to ensure that at least one director must be a natural person who ordinarily resides in Vanuatu.

Vanuatu is not a signatory of the 1996 World Trade organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

Pursuant to Art. 12 of the Government Contracts and Tenders Regulation (Consolidation Edition 2021), the head of a government agency must publish an open tender notice outside Vanuatu only where the Board or the head of the agency is satisfied that the relevant goods, services, or works are unlikely to be sourced from within Vanuatu at the best price or quality. Moreover, pursuant to Art. 39, irrespective of whether procurement is conducted through an open tender, a limited tender, or a request-for-quotation process, computer hardware, software, and accessories must be purchased only from a supplier authorised by the Office of the Government Chief Information Officer.

In 2015, the State Bank of Vietnam issued Circular 39/2014/TT-NHNN to regulate payments via intermediaries, and the Circular was then replaced by Circular 23/2019/TT-NHNN in 2019. E-payments made via intermediaries such as e-wallets are regulated under this Circular. According to the Circular, owners of e-wallets must link the wallet to a bank account created in Vietnam or via branches of foreign banks in Vietnam in order to make payments in Vietnam.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 43, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

In February 2020, the Vietnamese government issued Decree No. 15/2020/ND-CP to regulate administrative violations in several sectors including the telecommunications sector, IT and electronic transactions. Art. 44.1.(d) of the Decree regulates penalties for electronic newspapers, general websites or web portals, and social networks for not using the Vietnamese national domain name ".vn" and not storing information in the server system with an IP address in Vietnam. In addition, according to Art. 45.3.(d) of the Decree, these companies shall be fined if they do not use primary domain name servers (DNS) using the Vietnamese national domain name ".vn".

Art. 25.3 of the Law on Cybersecurity stipulates that certain foreign enterprises must establish a branch or a representative office in Vietnam. This obligation extends to foreign enterprises that provide services via telecommunications networks, the Internet, and value‑added services in cyberspace within Vietnam, and that collect, utilise, analyse, or process personal data, data concerning user relationships, and data generated by users in Vietnam. A comparable requirement previously appeared in Art. 26.3 of the earlier Law on Cybersecurity.

The Law on Protection of Consumer Rights provides a comprehensive framework for consumer protection that also applies to online transactions.

Vietnam has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Vietnam has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Vietnam has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Self-certification is allowed in the country for radio transmission, electromagnetic interference (EMI) or electromagnetic compatibility (EMC). Vietnam allows foreign companies to self-certify that they comply with these standards, through a Supplier Declaration of Conformity (SDoC). The National technical regulation QCVN 118:2018/BTTTT requires conformity testing and conformity declaration. The supplier or manufacturer of the equipment declares the equipment meets the technical and administrative requirements. A testing laboratory recognized by the regulator tests the equipment, and the supplier registers this equipment with the regulator. These procedures are based on ISO/IEC 17050, with some modifications and requirements to be in line with the legislation framework of goods and products quality control of Vietnam.

Art. 9 of the Law on Cybersecurity provides that national security information systems must undergo cybersecurity appraisal and certification of compliance prior to their deployment and operation, be subject to periodic inspection and continuous cybersecurity supervision during use, and ensure the prompt detection, response to, and remediation of cybersecurity incidents. Such systems are defined as those information systems of strategic and particular importance in the fields of politics, national defence, security, diplomacy, the economy, and broader social activities, where cybersecurity incidents or legal breaches may adversely affect national security or seriously disrupt social order and public safety, and which are included in a list promulgated by the Prime Minister of Vietnam. These encompass, inter alia, systems relating to military, security, diplomatic, and cryptographic functions; systems for the storage and processing of state secrets; systems preserving artefacts and documents of exceptional importance; systems safeguarding hazardous materials; systems supporting the preservation, manufacture, and management of critical infrastructure associated with national security; key systems serving central governmental bodies and organisations; national information systems in sectors such as energy, finance, banking, telecommunications, transport, agriculture, natural resources and the environment, chemicals, healthcare, and culture; and automated control and monitoring systems at critical works and national security sites. Furthermore, Art. 15.4.b assigns to the Ministry of Public Security responsibility for conducting cybersecurity inspections of equipment, products, telecommunications services, and digital and electronic devices prior to their deployment within such national security information systems. Similar requirements were also contained in the previous Law on Cybersecurity.

Art. 36 of Law No. 86/2015/QH13 states that the responsibilities of users of cryptographic products and services include providing the necessary information on cryptographic keys to the competent state authorities upon request. The Law also introduces licensing requirements for tools that offer encryption as a primary function.