On 30/04/2026, the Government issued Decree 142/2026/NĐ-CP setting out detailed rules for Artificial Intelligence (AI) activities in Vietnam, effective from 01/05/2026. This is the first time Vietnam has had a legal framework dedicated to AI: a 4-tier risk classification, a conformity assessment requirement for high-risk systems, a controlled testing mechanism (sandbox), and business support policies. This article summarizes the key points and what businesses need to prepare.
Quick summary
- Document: Decree 142/2026/NĐ-CP, issued 30/04/2026, effective 01/05/2026.
- Structure: 8 chapters, 46 articles, 17 appendix templates.
- 4-tier AI risk classification: negligible · medium · high · unacceptable.
- Who is covered: AI providers, developers, deployers and users — including foreign organizations/individuals carrying out AI activities in Vietnam.
- Support: the sandbox mechanism + the National AI Development Fund (compute infrastructure, data, Vietnamese-language LLMs).
What is Decree 142/2026?
According to the summary, the Decree sets out detailed rules on: the operation of the AI one-stop information portal, the risk-level classification of AI systems, conformity assessment, management of high-risk systems, the controlled testing mechanism (sandbox), and the responsibilities of agencies, organizations and individuals.
The scope is very broad: providers, developers, deployers, users of AI systems, and people affected by AI systems; it also includes foreign organizations and individuals taking part in AI activities in Vietnam. The Decree comprises 8 chapters, 46 articles and 17 appendix templates.
The 4-tier AI risk classification and the classification dossier
AI systems are classified into 4 risk tiers: negligible, medium, high and unacceptable. For high- or medium-risk AI, businesses must prepare a risk classification dossier, comprising: system identification information; a description of the system and its context of use; information on input data; and risk management content.
A point of interest for businesses: according to the summary, the dossier does not require disclosure of source code, model parameters, raw training data, or state/business secrets — easing concerns about exposing intellectual property.
Obligations for high-risk AI systems
High-risk systems must undergo a conformity assessment before use, either through a licensed assessment body or via self-assessment with legal liability. In operation, businesses must establish a risk management system throughout the lifecycle, provide human oversight, keep operational logs and report incidents.
On reviews: if a system is reclassified to a higher risk tier, this must be notified within 15 working days from the date the review is completed.
The sandbox and business support
The Decree introduces a controlled testing mechanism (sandbox) — helping businesses test AI using a set of 17 appendix templates and a mechanism to adjust compliance obligations within the scope of the test. This is a space to innovate while remaining within legal control.
On support: the Decree prioritizes technology companies, SMEs and innovative startups, with support vouchers from the National AI Development Fund for compute infrastructure, data and Vietnamese-language large language models.
What do businesses need to prepare?
What to do early: review the AI systems currently in use, determine their risk level, and prepare a classification dossier. For high-risk AI, you need operational logs, human oversight and lifecycle risk management processes ready.
This is where on-premise (in-house) AI has a clear compliance advantage: when the model and data run on the company's own infrastructure, you control the input data, keep full logs, supervise and manage access — exactly what Decree 142/2026 requires — without depending on a third party. That is the direction of Namtech's private in-house AI platform.
Frequently asked questions
When does Decree 142/2026 take effect?
According to the summary, Decree 142/2026/NĐ-CP was issued on 30/04/2026 and takes effect from 01/05/2026. This is reference information and does not replace reading the original document.
Who must comply with this Decree?
Providers, developers, deployers and users of AI systems — including foreign organizations and individuals taking part in AI activities in Vietnam.
What must a 'high-risk' AI system do?
It must undergo a conformity assessment before use, establish lifecycle-wide risk management, provide human oversight, keep operational logs and report incidents.
Do you have to submit source code or training data?
According to the summary, the risk classification dossier does not require disclosure of source code, model parameters, raw training data, or state/business secrets.
How does in-house AI help with compliance?
When AI runs on-premise, the business controls input data, keeps full operational logs, supervises and manages access — aligning with the Decree's requirements for high-risk systems.
Ready for the new AI legal framework
Namtech deploys a private in-house AI platform that helps you control data, keep logs and supervise — making it easier to comply with Decree 142/2026.
Book a free consultationNote: This article is compiled from publicly available sources as of 23/06/2026; the information is for reference and may change.