Vietnam does not have an independent telecom authority. The Authority of Telecommunications is a ministerial unit which performs the advisory and regulatory functions over the telecommunications sectors nationwide.

In February 2020, the Vietnamese government issued Decree No. 15/2020/ND-CP to regulate administrative violations on postal services, telecommunications, radio frequencies, IT and electronic transactions. Art. 44.1(d) of the Decree regulates penalties for not storing information at the server system with an IP address in Vietnam for electronic newspapers, general websites or web portals and social networks subject to the license. Art. 95.3 regulates penalties for advertising email and internet message services using servers not located in Vietnam.

Art. 26.3 of the Cybersecurity Law stipulates a mandatory requirement for the local storage of data on servers within Vietnam. This obligation is further elaborated in Chapter V of Decree 53. Under Art. 26 of Decree 53, all Vietnamese companies and certain foreign enterprises are required to store regulated data within Vietnam. This mandate extends to foreign enterprises if they engage in business activities within Vietnam in specific fields, including: telecommunication services; data sharing and storage; provision of national or international domains for Vietnamese users; e-commerce; social networking and social marketing; online gaming; and the provision, management, or operation of other internet-based information in forms such as messaging, telephone calls, video calls, email, or online gaming.
Art. 26 delineates the categories of regulated data as follows:
- Personal data of users based in Vietnam;
- Data generated by Vietnam-based users, including account name, time of usage, credit card details, email address, IP address, most recent log-out time, and registered phone number;
- Data pertaining to the relationships of Vietnam-based users, such as connections with friends or other individuals with whom users interact.

Decree No. 72 establishes the management of Internet services and online networks. Arts. 22, 25, 28 and 34 require providers of websites, social networks, information on mobile networks and online games, respectively, to have at least one server inside the country "serving the inspection, storage, and provision of information at the request of competent state management agencies". In March 2018, the Vietnamese government issued Decree No. 27/2018/ND-CP to partially amend and enhance Decree No. 72. Requirements on local servers remain.

Under Art. 25 of Decree No. 13/2023/ND-CP, any entity or individual that transfers personal data offshore within the scope of the Decree has to prepare, maintain, and file a Transfer Impact Assessment (TIA) with the Department of Cybersecurity and Prevention of Cyber-Crimes under the Ministry of Public Security (MPS A05 Department) within 60 days after the transferor begins to process personal data. The offshore transfer of personal data is defined as using the internet, digital means or digital equipment or other means to transfer personal data of Vietnamese nationals to a location outside of the territory of Vietnam or using a location outside of the territory of Vietnam to process personal data of Vietnamese nationals (Art. 2.14).
The TIA must include, among other things:
- details of transferor and receiver(s); description and explanation of the purposes of the processing activities to be performed after such transfer;
- types of data to be transferred;
- assessment of the impact of the data processing activities;
- potential consequences, mitigation and/or prevention measures;
- consent of the data subjects with the mechanism for the data subjects to respond to or claim upon the occurrence of any incident; and
- a binding document between the transferor and the receiver of the personal data, outlining the rights, obligations and responsibilities of each party, etc. (Art. 25.2).
After the transfer is completed, the transferor must notify the MPS A05 Department (Art. 25.4).

Vietnam has joined an agreement with binding commitments to open transfers of data across borders: the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11). However, the country has been given a period of five years to comply with the requirement.

Decree No. 13/2023/ND-CP provides a comprehensive regime of data protection in Vietnam. The Decree establishes data protection principles, data subject rights, and data controller and data processor obligations, among other things. More specifically, the Decree introduces restrictions on cross-border data transfers and obligations for data processing, including the purchase and sale of personal information, as well as marketing and advertising. The Decree is accompanied by other legislation which provides personal data protection, including the Law on Cyber Information Security No. 86/2015/QH13, the Law on Cybersecurity No. 24/2018/QH14, and Law No. 59/2010QH12 of 17 November 2010 on Protection of Consumers' Rights.

Vietnam has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

According to Decree No. 72 of 2013, aggregated information websites are required to store the information for at least 90 days from the date it is posted on the website (Article 24). An electronic information page (website) is an information system used to establish one or more information pages presented in the form of symbols, numbers, words, images, sounds and other forms of information in service of the provision and use of information on the Internet (Art. 3.21). In March 2018, the Vietnamese government issued Decree No. 27/2018/ND-CP to partially amend and enhance Decree No. 72. Requirement on data retention remains at least 90 days from the date it is posted on the website. Also, the data processing log is required to be stored for at least two years.

Law No. 50/2005/QH11 and Decree 54/2000/ND-CP provide a framework for the effective protection of trade secrets. The law defines trade secrets as information obtained from activities of financial or intellectual investment that has not yet been disclosed and can be used in business. A trade secret is eligible for protection when it meets certain criteria: it is not commonly known or easily accessible, it provides advantages to its holder in business activities, and its owner takes necessary measures to maintain its secrecy. The Intellectual Property Law identifies actions that infringe on trade secret rights, such as unauthorised access or disclosure of trade secret information,and breaching security contracts. However, there are limitations to trade secret rights, including instances where the trade secret was unknowingly acquired illegally, disclosure is necessary to protect the public, or the use is non-commercial or independent creation.

Decree No. 72 establishes the management of Internet service and online networks. In March 2018, the Vietnamese government issued Decree No.27/2018/ND-CP to amend and enhance Decree 72 partially. Data retention requirements for online networks are listed in Art. 23(c). The regulation requires data on account users, log-in and log-off time, user IP address, and data processing log to be stored for at least two years.

Vietnam is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA). However, the country has been an observer of the WTO GPA since 2012.

It is reported that restrictions on foreign direct investment are applicable to cryptocurrency trading. When cryptocurrencies are traded as securities, such activity is considered regulated and requires a licence under the Capital Markets and Services Act, with a maximum of 70% foreign equity ownership permitted.

Art. 17 of the Law on Telecommunications regulates that the State holds the controlling shares in telecommunication companies considered particularly important to the operation of the entire national telecommunications infrastructure. Therefore, there are limits to foreign ownership in these companies. According to Art. 1 of Decision No. 55/2011/QD-TTg, these include the Vietnam Post and Telecommunications Group (VNPT), the Viettel Group (VIETTEL), Global Telecommunications Corporation (GTEL), and Indochina Telecom Joint Stock Company (INDOCHINA TELECOM).

Under Decree No. 121/2008/ND-CP, equity caps applicable to foreign investment are based on WTO commitments. That is, for fixed and mobile communications, as well as Internet services, the maximum foreign equity shares are set at 49% in facilities-based services (i.e. telecom sector with infrastructure facilities). The threshold may increase up to 65% for non-facilities-based services (i.e. telephony services with no network infrastructure) and 70% for VPN services after a three-year investing period in Vietnam.