The draft 2025 Cybersecurity Law is currently under discussion at the National Assembly and is expected to be passed at the end of its 10th plenary session.
After a period of implementation, the 2018 Cybersecurity Law and the 2015 Law on Network Information Security have revealed a number of shortcomings due to overlaps, particularly in regulations on management authority, classifications of critical information systems, and data protection.
Meanwhile, cyber-attacks, the trading of personal data, the dissemination of anti-state propaganda, and high-tech crime are becoming increasingly sophisticated, causing significant damages and posing direct threats to national security and social order.
The rapid development of digital technologies, especially AI, has also given rise to new types of violations such as fraud and the manipulation of faces, voices and images — tactics that are difficult to detect and which severely affect citizens’ rights.
In this context, formulating the 2025 Cybersecurity Law 2025 on the basis of comprehensively revising the 2018 Cybersecurity Law and the 2015 Law on Network Information Security is an urgent requirement to perfect the legal framework, unify management mechanisms, and enhance the capacity for the prevention, response, and handling of violations.
Commenting on the draft law, many deputies noted that while the draft pays attention to protecting children online, other vulnerable groups such as the elderly, persons with disabilities, and those with limited civil act capacity also need to be included as they have become common targets of various forms of fraud, notably including impersonation of competent authorities for the purpose of asset appropriation.
Deputy Le Thi Ngoc Linh from Ca Mau proposed adding the elderly and persons with limited civil act capacity to the list of protected groups. She noted that, alongside children, these two groups are also highly vulnerable, particularly in an increasingly complex online environment.
According to several reports, the elderly account for around half of victims in online fraud cases, involving sophisticated tactics such as impersonating police agencies, using deepfake technology for investment scams or low-cost travel offers, or exploiting stolen personal data to manipulate emotions. Meanwhile, persons with limited civil act capacity often lack the ability to protect themselves and can be easily exploited in electronic transactions.
To ensure comprehensiveness and consistency with the Law on the Elderly and the Civil Code, the deputy proposed adding the elderly and persons with limited civil act capacity to the protected groups under the new law.
She also recommended specifying the responsibilities of online platforms, telecommunications service providers, and banks in detecting, warning, and coordinating actions against violations and fraud targeting these groups.
Expanding the scope of protection not only aligns with legal principles but also reflects the state’s humanitarian commitment to safeguarding the legitimate rights of vulnerable populations, thereby contributing to a safe and healthy cyberspace in the digital transformation era.
Amid growing risks relating to the exploitation of children’s data and behavioural manipulation online, Deputy Nguyen Huu Dan from Quang Tri suggested adding a separate clause strictly prohibiting the design of applications and online platforms containing addictive elements, behavioural manipulation features, or data-collection mechanisms targeting children for commercial, advertising, or age-inappropriate consumption-driven purposes.
He noted that although the draft law addresses child protection, it has not yet incorporated emerging risks such as behavioural manipulation, harmful content suggestions, or the collection of children’s data through games, learning apps, or social networks. These issues have attracted significant public attention both domestically and internationally (especially following incidents related to TikTok, YouTube, online gaming, and similar platforms).
From another perspective, Deputy Nguyen Thi Thuy Ngoc from Ninh Binh proposed adding four prohibited acts to meet the demands of cyber-security management in the context of rapid technological development.
She called for a strict ban on the use of AI and deepfake technologies — techniques for synthesising multimedia content to impersonate individuals or organisations — for disseminating false information to commit fraud, defamation or infringe upon the honour and reputation of organisations and individuals, as well as to threaten national security or social order.
The deputy also stressed the need to prohibit the collection, exploitation, analysis, and trading of children’s personal data without the consent of their legal guardians, as well as to prevent the abuse of cryptocurrencies, anonymous wallets, and decentralised finance (DeFi) platforms for money laundering, fraud, asset appropriation, or illegal transactions.
Additionally, she emphasised the necessity of banning the production, importation and use of Internet of Things (IoT) devices without cyber-security certification, as they could serve as gateways for hackers, creating security vulnerabilities, data leaks, or facilitating unauthorised access to information systems.
According to the deputy, these proposals would help improve the legal corridor, strengthen the capacity to prevent and respond to emerging cyber-security threats and protect the legitimate rights of citizens in the digital era.
