According to Art. 23 of Decree No. 72/2013/ND-CP, social networks must prevent any information from being published that defames the state of Vietnam and have human resources that meet the criteria of the Ministry of Information and Communication (MIC). However, such criteria or demands by MIC have not been clarified.

Reports indicate that the government restricts access to several websites, including those of Radio Free Asia, Voice of America, the BBC Vietnamese news service, and the 88 Project. Access to international websites such as those of Human Rights Watch has been characterised by instability and unpredictability. According to Nikkei Asia, which monitors online censorship, half of the 1,000 websites it tested in 2022 were inaccessible within the country. The majority of these blocked websites were related to politics (33%), news outlets (27%), and human rights (15%).
It is also reported that content on social media is removed at an alarming rate due to the government's use of the Cybersecurity Law, which took effect in January 2019. Among other requests, in October 2022, Netflix removed a Korean drama and a Chinese series from viewing in Vietnam.

According to Art. 25 of Decree No. 72/2013/ND-CP and its amendment and extension of Decree No. 27/2018/ND-CP, Internet Services Providers (ISPs) have to coordinate with the State the removing or blocking information that contains prohibited acts, which include: State opposition, undermining national security and social order, conducting propaganda; propagating obscenity, pornography and harming national traditions and customs; providing information offending organisations or individuals; and advertising banned suitable and services, prohibited newspapers, works and publications. Various press reports have highlighted the controversial nature of Decree 72 and its broad scope regarding the capacity to block websites.

Decree No. 13/2023/ND-CP provides a comprehensive regime of data protection in Vietnam. The Decree establishes data protection principles, data subject rights, and data controller and data processor obligations, among other things. More specifically, the Decree introduces restrictions on cross-border data transfers and obligations for data processing, including the purchase and sale of personal information, as well as marketing and advertising. The Decree is accompanied by other legislation which provides personal data protection, including the Law on Cyber Information Security No. 86/2015/QH13, the Law on Cybersecurity No. 24/2018/QH14, and Law No. 59/2010QH12 of 17 November 2010 on Protection of Consumers' Rights.

According to Art. 13 of Decree 181/2013/ND-CP, Vietnamese companies and individuals who want to place online advertisements on foreign websites or platforms must advertise via agents in Vietnam. In addition, Pursuant to Art. 14 of the Decree, foreign companies and individuals who want to place online advertisements on Vietnamese websites or platforms must do so via Vietnamese agents.

According to Decree No. 72 of 2013, aggregated information websites are required to store the information for at least 90 days from the date it is posted on the website (Article 24). An electronic information page (website) is an information system used to establish one or more information pages presented in the form of symbols, numbers, words, images, sounds and other forms of information in service of the provision and use of information on the Internet (Art. 3.21). In March 2018, the Vietnamese government issued Decree No. 27/2018/ND-CP to partially amend and enhance Decree No. 72. Requirement on data retention remains at least 90 days from the date it is posted on the website. Also, the data processing log is required to be stored for at least two years.

According to Art. 95.3 of Decree No.15/2020/ND-CP, a fine ranging from VND 50,000,000 to VND 70,000,000 (approx. 2,040 USD to 2,860 USD) shall be imposed for advertising email and internet message services using servers not located in Vietnam.

Decree No. 72 establishes the management of Internet service and online networks. In March 2018, the Vietnamese government issued Decree No.27/2018/ND-CP to amend and enhance Decree 72 partially. Data retention requirements for online networks are listed in Art. 23(c). The regulation requires data on account users, log-in and log-off time, user IP address, and data processing log to be stored for at least two years.

Vietnam has licensing requirements from the Ministry of Information and Communication (MIC) in place for online social networks, general information websites, mobile telecoms network-based services, and certain online games services under Decree No. 72/2013/ND-CP and its amendment Decree No. 27/2018/ND-CP. These contemplate that companies must be established in Vietnam in order to fulfil the licensing and registration requirements. According to Arts. 22, 25, 28, and 34 of Decree No. 72, providers of websites, social networks, information on the mobile network, and online games, respectively, have to have at least one server inside the country "serving the inspection, storage, and provision of information at the request of competent state management agencies".

Art. 28 of Decree No. 13/2023/ND-CP requires a data controller and/or a data processor to appoint a department to protect personal data and to appoint a DPO if there is sensitive personal data involved. The information of such DPO must be notified to the Cybersecurity Department.

Art. 19 of Decree No. 72 of 2013, and its extension in Decree 27/2018, regulates that "organisations and individuals that use Internet resources shall provide information and cooperate with competent state management agencies at the latter’s request".

The Law on Cybersecurity stipulates that businesses have to provide users’ data to the Ministry of Public Security upon receipt of requests in writing in cases where any infringement of the cybersecurity law is being investigated (Art. 26).

There are three big corporations dominating the Vietnamese telecommunication markets: VNPT, Viettel, and Mobifone. All these three corporations are owned or partially owned by the government and dominate more than 96% of the market.

It is reported that there is no requirement for functional or accounting separation required for operators with significant market power.

Arts. 19-21 of Decree No. 25/2011/ND-CP outline the requirements for enterprises applying for a license in the telecom sector in Vietnam. These requirements vary across types of service and geographical coverage. They include minimum capital requirements from VND 5 Billion (approx. 218,000 USD) to VND 500 Billion (approx. 21.8 million USD) and investment plans from VND 15 billion (approx. 700,00 USD) to 7,500 VND Billion (approx. 322.5 million USD) among other requirements.