Chapter 2 of the Law on Cybersecurity, which entered into force in January 2019, regulates information systems for national security. Article 10.2 defines important information systems for national security, including:
- Military, security, diplomatic and cypher information systems;
- Information systems that store and process information belonging to state secrets;
- The information system serving the storage and preservation of artefacts and documents of significant value;
- Information systems serving the preservation of materials and substances particularly dangerous to humans and the ecological environment;
- Information systems serving the preservation, manufacturing and management of facilities of other special importance related to national security;
- Important information systems serving operations of central agencies and organisations;
- National information systems in the fields of energy, finance, banking, telecommunications, transportation, natural resources and environment, chemicals, health, culture, and journalism;
- Automatic control and monitoring systems at important works related to national security, an important goal of national security.
According to Arts. 11-13, important information systems need impact assessment, inspection, and control conducted by special forces to protect network security from the Ministry of Public Security, the Ministry of Defence, and the Government Cipher Committee.

Art. 36 of Law No. 86/2015/QH13 states that the responsibilities of users of cryptographic products and services include providing the necessary information on cryptographic keys to the competent state authorities upon request. The Law also introduces licensing requirements for tools that offer encryption as a primary function.

Sections 35 and 60 of Decree No. 52/2013/ND-CP provide that certain E-commerce services need to be licensed by the Ministry of Industry and Trade: E-commerce websites that permit participants to sell and purchase goods according to the method of goods exchange; evaluation and certification of personal data protection policies of traders, organisations and individuals participating in e-commerce activities; and certification of e-contracts.
In addition, Art. 44 states that traders and organisations providing online auction services must register the provision of auction services, and under Art. 52, traders, organisations or individuals may set up sales e-commerce websites if, among other conditions, they have notified the Ministry of Industry and Trade. Also, pursuant to the provisions of Art. 61, one of the conditions for conducting credit rating of e-commerce websites is being a trader or an organisation established under Vietnamese law.

The Ministry of Industry and Trade (MOIT) issued Circular No.59/2015/TT-BCT to regulate the management of e-commerce activities via mobile applications. The circular strictly regulates the operation of e-commerce on mobile applications, which requires registration to MOIT. The circular applies to all Vietnamese individuals and organisations, foreigners who reside in Vietnam, and foreigners and organisations who have a presence in Vietnam through investment, setting up branches, or representative offices.

In 2015, the State Bank of Vietnam issued Circular 39/2014/TT-NHNN to regulate payments via intermediaries, and the Circular was then replaced by Circular 23/2019/TT-NHNN in 2019. E-payments made via intermediaries such as e-wallets are regulated under this Circular. According to the Circular, owners of e-wallets must link the wallet to a bank account created in Vietnam or via branches of foreign banks in Vietnam in order to make payments in Vietnam.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 43, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Chapter 2 of Decree No. 72/2013/ND-CP on ".vn" domain service regulates that foreign companies that provide ".vn" domain registration must either establish the business in Vietnam according to Vietnamese law or have a contract with ICANN-accredited registrars. In addition, foreign companies that provide ".vn" domain registration services must have a contract with the Vietnam Internet Network Information Center to provide ".vn" domain registration services.

It is reported that Vietnam prohibits commercial importation of some products, including encryption devices and encryption software. This applies despite Vietnam's agreement in its WTO Accession Protocol to the principle of no restriction or regulation on commercially traded goods equipped with encryption technology.

In November 2013, the Government of Vietnam issued Decree No. 187/2013/ND-CP, implementing the Commercial Law on international trade in goods and the activities of international agents involved in buying, selling, outsourcing, and transiting goods. The Decree outlined products that were either banned from importation or required an import licence, assigning regulatory oversight to specific entities. Annex 1 of the Decree identified goods banned from import, including:
(i) Used electronic products, regulated by the Ministry of Industry and Trade (MOIT);
(ii) Used IT products, regulated by the Ministry of Information and Communications (MIC);
(iii) Specific radio equipment and radio wave-applied devices, also regulated by MIC.
To facilitate the implementation of this Decree, MOIT issued Circular No. 04/2014/TT-BCT in January 2014, which provided additional details and a more specific list of used products prohibited from import. Annexe 1 of the Circular included:
(i) Personal laptops (HS 8471);
(ii) Cellphones (HS 8517);
(iii) Digital cameras (HS 8525);
(iv) Video game consoles and machines (HS 9504).
In May 2018, the Government introduced Decree No. 69/2018/ND-CP, which replaced Decree No. 187/2013/ND-CP and reallocated the list of import licensing requirements to Annex 3. Subsequently, on 15 June 2018, MOIT replaced Circular No. 04/2014/TT-BCT with Circular No. 12/2018/TT-BCT, though the list of banned electronic products remained unchanged.

The Law on Cybersecurity stipulates that businesses have to provide users’ data to the Ministry of Public Security upon receipt of requests in writing in cases where any infringement of the cybersecurity law is being investigated (Art. 26).

In July 2012, the Vietnamese Ministry of Information and Communications introduced Circular No.11/2012/TT-BTTTT, which amended the list of prohibited imported IT products, with some exceptions. This was further extended and detailed by Circular 31/2015/TT-BTTTT, effective from December 15, 2015. This extension included additional guidelines for implementing the ban. Subsequently, on October 15, 2018, following Decree 69/2018/ND-CP, the Vietnamese Ministry of Information and Communications issued Circular No. 11/2018/TT-BTTTT, providing a comprehensive list of banned imported IT products. This new circular replaced Annex 1 of Circular 31/2015/TT-BTTTT and prohibited the import of the following items:
- HS8443: Printing machinery used for printing using plates, cylinders, and other printing components, excluding certain machines.
- HS8470: Calculating machines, pocket-size data recording and reproducing machines with calculating functions, and similar machines, excluding specific categories.
- HS8471: Automatic data processing machines, magnetic or optical readers, machines for transcribing data, and machines for processing data.
- HS8517: Telephone sets, wireless communication apparatus, and other transmission or reception devices, excluding specific categories.
- HS8518: Microphones, loudspeakers, headphones, amplifiers, and related devices.
- HS8525: Transmission apparatus for radio and television, as well as radar and radio remote control apparatus.
- HS8526: Radar apparatus, radio navigational aid apparatus, and radio remote control apparatus.
- HS8527: Reception apparatus for radio and broadcasting, with or without sound recording apparatus.
- HS8528: Reception apparatus for television and related devices.
- HS8534: Printed circuits.
- HS8540: Thermionic, cold cathode, or photocathode valves and tubes, including cathode-ray television picture tubes.
- HS8544: Insulated wires, cables, and other electric conductors, including optical fibre cables.

Art. 17.1.c of the Law on Cyber Information Security No. 86/2015/QH13 requires technology companies to share user data at the request of competent state agencies. It also mandates that authorities be given decryption keys on request, and it introduces licensing requirements for tools that offer encryption as a primary function. There is no mention of a requirement for a court order.

In November 2013, the Government of Vietnam issued Decree No. 187/2013/ND-CP on the implementation of Commercial Law regarding international trade in goods and activities of international agents relating to buying, selling, outsourcing, and transiting of goods. The Decree detailed a list of products to be banned from importation or to be required with an import license. Annex 2 of Decree 187/2013/ND-CP listed goods that require an import license. These include (i) Goods that need import control according to the provisions of international treaties to which Vietnam is a member; (ii) Radio transmitting and receiving equipment with a frequency band from 9 KHz to 400 GHz, with a capacity of 60 mW or more. In May 2018, the Government of Vietnam issued Decree No. 69/2018/ND-CP on Detailed provisions on a number of articles of the Commercial Law. The Decree replaced Decree No. 187. However, the list of import licensing requirements is reallocated to Annex 3 of the Decree 69/2018/ND-CP.

Decree No. 17/2023/ND-CP establishes a safe harbour regime for intermediaries for copyright infringements. According to the Decree, to benefit from this safe harbour, Internet Service Providers (ISPs) must act promptly to remove or block content upon acquiring "knowledge" of copyright infringement. While Decree No. 17 does not define "knowledge," it considers takedown notices from authorities or rights holders as evidence of ISPs' "knowledge" without specifying whether such notices must be substantiated (Arts. 113.3 and 114.5).
Additionally, Decree No. 17 outlines the required information and documents for takedown notices and counter-responses, indicating that ISPs must take appropriate action—such as removal, blocking, or restoration—upon receipt of the complete set of required information and documents (Art. 111.4).

Vietnam's Law on Network Information Security (Law 86/2015/QH13), effective from July 1, 2016, places restrictions and conditions on entities involved in the import, export, and trade of network information security products with encryption capabilities. This law requires importers to navigate a complex process for obtaining import permits involving licenses, certificates of conformity, product specifications, commercial invoices, and contracts.

Decree No.108/2016/ND-CP further outlines the conditions for trading network information security products and services in accordance with Law No. 86/2015/QH13. Art. 4.2 designates the Vietnamese Ministry of Information and Communications (MIC) to compile a list of network information security products requiring import licenses. Following the issuance of the decree, MIC introduced Circular No.13/2018/TT-BTTTT, which details the list of network information security products necessitating import licenses and outlines the associated procedures and required documentation. The specific network information security products subject to import licensing include (i) HS847130 (portable digital automatic data processing machines); (ii) HS847141 (automatic data processing machines and units); (iii) HS847149 (digital automatic data processing machines and units)