The Law on Artificial Intelligence No. 134/2025/QH15, promulgated by the National Assembly on 10 December 2025 and effective as of 01 March 2026 (the “Law on AI 2025”), primarily governs core issues relating to the development and application of AI. It serves as a testament to Vietnam’s pioneering efforts in establishing a dedicated legal framework for AI and clearly reflects the country’s strategic orientation in the digital era. Key highlights of the Law on AI 2025 are as follows:
1. Establishment of a system of legal definitions for AI activities and stakeholders
In addition to defining the concept of AI, the Law introduces a unified framework of legal definitions applicable to entities and activities in fields such as AI systems, developers, providers, deployers, users, and affected persons, etc.[1]
2. Formulation of fundamental principles governing AI
The Law on AI 2025 establishes 04 core principles that govern all activities related to the research, development, and application of AI, emphasizing a human-centered approach, positioning humans at the central position throughout the entire life cycle of AI systems.[2] Specifically:
First, positioning humans as the center: AIs must not be operated outside the legal framework nor cause damage to fundamental values, by way of ensuring human rights and privacy rights, as well as not infringe upon national security interests or public interests.
Second, AIs are to serve humans, not to replace their authority or responsibilities: to always maintain human control and the ability to intervene in AI with respect to every decision and action generated by the AI system; and to ensure safety for the system, data security, information confidentiality, and operation process.
Third, AIs must ensure fairness, transparency, impartiality, non-discrimination, and must not cause harm to humans and society.
Fourth, promoting inclusive and sustainable development of green AIs, encourages efficient use of energy, resource saving and reduction of negative impacts on the environment.
3. Risk-based classification of AI and establishment of appropriate assessment and management mechanisms
The Law on AI 2025 establishes a mechanism for managing AI systems based on risk levels, specifically: [3]
- High risk: systems that have the ability to cause significant damage to human life, health, human rights, national security, or public interests.
- Medium risk: systems that have the ability to cause confusion or manipulation of users, especially in cases where users are not clearly aware that they are interacting with AI; in which applications that have the risk of affecting behavior or perception are classified into this group.
- Low risk: systems that do not fall into the above two groups, usually having simple support functions or limited scope of impact.
It can be seen that, instead of tightening management, the Law relies on the level of impact and influence on humans and human-related issues, aiming to encourage creativity while still ensuring mitigation of risks affecting human rights, social order and safety, as well as national security.
On that basis, the Law on AI 2025 has established appropriate assessment and management mechanisms. In particular, high-risk AI systems must undergo conformity assessment before being put into use and when there are significant changes in the operation process. The assessment must be carried out by a conformity assessment organization or by the provider itself in certain cases. The assessment results are a mandatory condition for the system to be permitted for use and serve as a basis for inspection and supervision activities by the authorities.[4]
For medium-risk and low-risk AI systems, the management mechanism primarily focuses on requirements for transparency and accountability in the event of risks or upon request by the competent authorities.[5]
4. Prohibited acts in AI activities
The Law on AI 2025 strictly prohibits any exploitation of AI for the purpose of deceiving or manipulating human perception; exploiting vulnerable groups such as children, elderly persons, and persons with disabilities; as well as the creation or dissemination of falsified content that seriously affects national security, public order, or social safety.[6]
The Law further prohibits unlawful collection, processing, or use of data; interference with or distortion of human oversight and control mechanisms over AI systems; and the concealment of information that is legally required to be disclosed in a transparent manner during AI operations.[7]
5. Establishment of the one-stop electronic information portal on AI and the national database on AI systems
The Law on AI 2025 provides that the one-stop electronic information portal has the function of handling procedures related to AI such as registration for controlled testing, notification of risk classification, incident and periodic reporting, as well as public disclosure of information related to AI systems;[8] meanwhile, the National database on AI systems has the task of uniformly storing information on AI systems for the purpose of monitoring, post-inspecting and ensuring transparency of AI activities.[9]
According to the Law, the disclosure and sharing of data on the mentioned systems must comply with requirements on information security, protection of state secrets, business secrets, and personal data; at the same time, the operation and connection mechanisms of these systems shall be prescribed by the Government.[10]
It can be seen that, beyond serving as an instrument of integration in the digital technology era, the Law also takes into consideration supporting practical implementation and ensuring uniformity in administrative management.
6. Compliance roadmap for AI systems in the transitional period
Article 35 of the Law on AI 2025 clearly stipulates the transitional roadmap for AI systems that have been put into operation before the effective date of the Law, specifically: (i) AI systems in the fields of healthcare, education and finance have a time limit of 18 months; while (ii) systems in other fields have a time limit of 12 months – to fully comply with the obligations prescribed by law. At the same time, during the transitional period, these systems are still allowed to operate, except in cases where the managing authority determines that there is a risk of causing serious damage and thus decides to suspend or terminate their operation.
7. State incentives for AI activities
Article 20 of the Law on AI 2025 stipulates that AI enterprises are entitled to the highest level of incentives available under the laws on science and technology, high technology, digital transformation, and investment. In addition, such enterprises shall be facilitated in accessing computing infrastructure, data, and testing environments. In particular, startup enterprises, small-sized and medium-sized enterprises shall be given priority in accessing computing infrastructure, data, and controlled testing mechanisms (sandbox).
It is evident that the State has clearly defined its objective to position AI as a key driving force for economic growth, innovation, and the sustainable development of the country. The Law on AI 2025 not only holds legal significance but also carries long-term strategic importance in the context of international integration as well as the digital technology era.
[1] Article 3 of the Law on AI 2025.
[2] Article 4 of the Law on AI 2025.
[3] Article 9 of the Law on AI 2025.
[4] Article 13 of the Law on AI 2025.
[5] Article 15 of the Law on AI 2025.
[6] Clause 2 Article 7 of the Law on AI 2025.
[7] Clauses 3, 4, 5 Article 7 of the Law on AI 2025.
[8] Clause 1 Article 8 and Article 12 of the Law on AI 2025.
[9] Clause 2 Article 8 of the Law on AI 2025.
[10] Clause 3, 4 Article 8 of the Law on AI 2025.
