According to Art. 95.3 of Decree No.15/2020/ND-CP, a fine ranging from VND 50,000,000 to VND 70,000,000 (approx. 2,040 USD to 2,860 USD) shall be imposed for advertising email and internet message services using servers not located in Vietnam.

Vietnam has licensing/registration requirements in place for online social networks, general information websites, mobile telecoms network-based services, and certain online games services under Decree No. 72/2013/ND-CP and its amendment Decree No. 27/2018/ND-CP. These contemplate that companies must be established in Vietnam in order to fulfill the licensing and registration requirements. According to Arts. 22, 25, 28, and 34 of Decree No. 72, providers of websites, social networks, information on the mobile network, and online games, respectively, have to have at least one server inside the country "serving the inspection, storage, and provision of information at the request of competent state management agencies".

According to Art. 13 of Decree 181/2013/ND-CP, Vietnamese companies and individuals who want to place online advertisements on foreign websites or platforms must advertise via agents in Vietnam. In addition, Pursuant to Art. 14 of the Decree, foreign companies and individuals who want to place online advertisements on Vietnamese websites or platforms must do so via Vietnamese agents.

According to Document No. 1513/BBCVT-VT of August 2003 of the Ministry of Post and Telematics Ministry (now, Ministry of Information and Communications), the State determines how Internet connectivity in Vietnam is organized and managed, and it is reported to facilitate Internet content filtering by limiting external access points that must be controlled. Only Internet Exchange Points (IXPs) can connect to the Internet, while Online Service Providers (OSPs) and Internet Content Providers (ICPs) may connect to Internet Service Providers (ISPs) and IXPs. Vietnam National Internet eXchange (VNIX) is a system of transferring domestic Internet traffic between Internet service providers (ISPs). VNIX was constructed, operated, and managed by VNNIC according to Document No. 1513/BBCVT-VT of August 2003 of the Ministry of Post and Telematics Ministry (now, Ministry of Information and Communications). Internet filtering happens at the Domain Name System (DNS) level, which means that instead of blocking a site, ISPs simply configure domain names to resolve to an invalid address or remove blocked websites from their DNS servers.

According to Art. 25 of Decree No.72/2013/ND-CP and its amendment and extension of Decree No. 27/2018/ND-CP, Internet Services Providers (ISPs) have to coordinate with the State the removing or blocking information that contains prohibited acts, which include: State opposition, undermining national security and social order, conducting propaganda; propagating obscenity, pornography and harming national traditions and customs; providing information offending organizations or individuals; and advertising banned suitable and services, prohibited newspapers, works and publications. Various press reports have highlighted the controversial nature of Decree 72 and its broad scope regarding the capacity to block websites.

According to Art. 41 of the Vietnam's Cybersecurity Law, Internet service providers (ISPs), websites and information systems administrators/owners are responsible for:
- Controlling information content transmitted by users, so that such content will not harm or prejudice children or the children’s rights; and
- Preventing the sharing of content and deleting any content that harms or prejudices children or the children’s rights.
In addition, pursuant to Art. 16 of the law, information system administrators/owners, telecoms and Internet service providers are required to closely coordinate with the competent authorities to handle illegal content. The ISPs have 24h to remove content after they receive a notice by the government authorities.

Intermediary liability was formalized in 2013 with Decree 72 on the Management, Provision, Use of Internet Services and Internet Content Online. According to the Decree, intermediaries—including those based overseas— are required to regulate third-party contributors in cooperation with the state, and to “eliminate or prevent information” that opposes the republic, threatens national security and the social order, or defies national traditions, among other broadly worded provisions. The decree holds cybercafé owners responsible if their customers are caught surfing “bad” websites. The regulation process was articulated in Circular 09/2014/TT-BTTTT, issued in 2014, which requires website owners to eliminate “incorrect” content “within three hours” of its detection or receipt of a request from a competent authority in the form of an email, text message, or phone call.

According to Art. 26 of the Vietnam's Law on Cybersecurity (entered into force in January 2019), owners or organizations in charge of websites must: authenticate information when a user registers a digital account; ensure confidentiality of user information and accounts; provide user information to the task force in charge of network security protection under the Ministry of Public Security upon written request to serve the investigation and handling of violations of the law on network security.

According to Art. 3.16 and 25.9 of the Decree No.72/2013/ND-CP and its amendment and extension of Decree No.27/2018/ND-CP, online social network service suppliers are required to ensure that only individuals who have supplied "accurate and complete personal information as required by law", including the government-issued card number, may create blogs or provide information on online social networks.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Vietnam's law and jurisprudence.

Art. 17.1.c of the Law on Cyber Information Security No. 86/2015/QH13 requires technology companies to share user data at the request of competent state agencies. It also mandates that authorities be given decryption keys on request and it introduces licensing requirements for tools that offer encryption as a primary function. There is no mention of a requirement for a court order.

The Joint Circular on the Liabilities of Intermediary Service Suppliers in Protection of Copyrights and Related Rights on the Internet and Telecommunications Network Environment No. 07/2012/TTLT-BTTTT-BVHTTDL establishes a safe harbour regime for intermediaries for copyright infringements. According to the Joint Circular No.7, internet intermediaries are only liable for infringing content in limited circumstances, e.g. when they initiate the posting, transmission or provision of the infringing content over the Internet; modify or copy the content, deliberately circumvent technology measures applied by rights owners or operate as secondary distributors of the infringing content.

Art. 19 of the Decree No. 72 of 2013, and its extension in Decree 27/2018, regulates that "organizations and individuals that use Internet resources shall provide information and cooperate with competent state management agencies at the latter’s request".

The Law on Cybersecurity, which entered into force in January 2019, stipulates that businesses have to provide users’ data to the Ministry of Public Security upon receipt of requests in writing, in cases where any infringement of the cybersecurity law is being investigated (Art. 26).

Decree No. 72 establishes the management of Internet service and online network. In March 2018, Vietnamese government issued Decree No.27/2018/ND-CP to partially amend and enhance Decree 72. Data retention requirements for online networks are listed in Art. 23(c). The regulation requires data on account users, log-in and log-off time, user IP address, and data processing log to be stored for at least two years.