Vietnam – Cybersecurity – Online Gaming – Latest update

1. Key Legal framework governing online gaming:

The current policy is Decree No. 27/2018/ND-CP of the Government dated 1 March 2018 (which amended Decree No. 72/2013/ND-CP 2013 regulating social networks, electronic information, and electronic gaming).

The Law on Cybersecurity came into effect as from 1 January 2019 (Law on Cybersecurity). On 15 August 2022, the Government issued Decree 53 which will become effective on 1 October 2022, which will have significant impact upon the business operations of both local and foreign entities in the specific sectors, including mobile gaming.

2. Online Game Classification and License/Certificate

Online Game Classification and License-Certificate;

3. Virtual Goods/Items

Virtual items are not recognized as assets under Vietnamese laws. Virtual items, as well as bonus points, are not allowed to be exchanged into money, game cards, coupons or other items having transaction value outside of the game.

Game providers must not adopt the designs of virtual items, virtual currency, game points for game unless they conform with the ones approved by competent authority. Players may use game points or virtual currency in his/her account’s budget to exchange for virtual items designed by the game providers.

4. Data must be stored and Commercial Presence

Data: personal information of users in Vietnam, data created by users in Vietnam and data of users’ relation in Vietnam.

Sectors: Foreign enterprises having business operation in Vietnam in online games and other certain sectors (e.g., telecommunications services; storage and sharing of data in cyberspace; provision of national or international domain names for service users in Vietnam; e-commerce; online payment; payment intermediaries; services of connection and transportation in cyberspace; social media and social communication; other services related to the provision, management, or operation of information in cyberspace in the form of messages, calls, video calls, emails, online chat).

Conditions: (i) having received a written notice of the Department of Cybersecurity under the Ministry of Public Security requesting to coordinate, prevent, investigate or enforce any cybersecurity measure and (ii) having failed to comply with such request or inadequately complied with such request, or prevent, obstruct, invalidate any cybersecurity measure.

Foreign entities as above will be required to store the Data in Vietnam for a period of at least 24 months.

Foreign entities as above shall establish a representative office or branch in Vietnam within 12 months as from the date of the Request.

Please do not hesitate to contact Dr. Oliver Massmann at if you have any questions. Dr. Oliver Massmann is General Director of Duane Morris Vietnam LLC.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress