Vietnam’s draft Personal Data Protection Law (PDPL) continues to evolve, with significant implications for businesses operating in the region. The latest draft, released to the public in March 2025, contains several noteworthy changes from the previous draft that businesses with operations in Vietnam should be aware of when developing their data protection strategies and compliance frameworks. The draft PDPL will be submitted to the vote of the National Assembly in May 2025 with a tentative entry into force on January 1, 2026. Key Changes in the Latest Draft PDPL 1. Redefined Categories of Personal Data The draft PDPL has made important revisions to personal data classifications: Basic personal data: An individual’s image is no longer classified as basic personal data. Sensitive personal data: Bank account information has been removed from this classification (and is now considered basic personal data), but two new categories have been added: (i) salary, allowances, and other income sources, and (ii) information on land users and information on land containing such information. Organizations should review their data classification schemes and update protection measures accordingly, particularly for salary and compensation information. 2. Data Encryption Requirements The draft PDPL explicitly states that encrypted data remains classified as personal data. Additionally, it mandates that sensitive personal data must be encrypted when stored, transmitted, received, or shared in cyberspace. Organizations and individuals can freely opt for one or more encryption solutions and encryption/decryption processes suitable for their personal data management and administration activities. 3. Biometric Data Processing The latest draft PDPL adds new protection requirements for biometric data. Organizations processing biometric data (such as fingerprints) must: Implement physical security measures for devices storing and transmitting biometric data. Use strong encryption methods during transmission and storage. Restrict access to biometric data. Have early-detection monitoring systems to detect violations of biometric

After making revisions to the initial draft notification released in November 2024, Thailand’s Electronic Transactions Development Agency (ETDA) has released an updated draft Notification on Additional Obligations for Digital Platform Service Operators of Online Marketplaces for Goods with Specific Characteristics under Section 18(2) of the Royal Decree on the Operation of Digital Platform Service Businesses Subject to Prior Notification B.E. 2565 (2022) B.E. … . A focus group session was also held to gather feedback from business operators. Below is a summary of key provisions in the new draft. Unchanged Items Some key concerns that remain unchanged from the previous version of the draft notification include the following: Offshore business operators running online marketplaces that act as intermediaries for the sale or exchange of goods and provide facility services for the sale of goods (referred to as “specific marketplace operators” in the draft) are required to establish a local entity in Thailand. However, the criteria for determining which operators are specific marketplace operators are still under discussion due to feedback from business operators. Specific marketplace operators must submit a compliance report to the ETDA along with their annual report each year. Specific marketplace operators must verify that “business users” (e.g., merchants) provide complete details about goods in accordance with product standardization requirements. Removed Obligations The updated draft notification has removed specific marketplace operators’ obligations to: Conduct Identity Assurance Level 2 (IAL2) verification of business users before onboarding them on their platforms. Submit a registry of business users’ information to the ETDA. Retain business users’ information for a specified retention period. Implement measures to filter reviews of products subject to specific standards. Revisions Key revisions made to the draft notification include the following: The effective date has been extended to 120 days after the notification’s publication in the Government Gazette,

On March 3, 2025, the government of Vietnam issued Decree No. 57/2025/ND-CP, regulating the direct power purchase agreement (DPPA) mechanism between renewable energy generators and large electricity consumers (“Decree 57”). Decree 57 took immediate effect and replaces Decree No. 80/2024/ND-CP on the same subject. The new regulations enable investors to kickstart their investment plans for DPPAs in Vietnam. Below are the key changes and provisions of Decree 57. Participants in On-Grid DPPAs Decree 57 expands the eligibility criteria for participating in DPPAs via the national grid (on-grid DPPAs): Sellers: In addition to wind and solar power generators, biomass energy generators with a capacity of 10 MW or more can now participate. Buyers: Electric vehicle charging businesses are now eligible to participate, broadening the scope beyond just production businesses. Large Electricity Consumers Instead of setting definite criteria at the government decree level, Decree 57 defines large electricity consumers based on average electricity consumption as set out in wholesale electricity market regulations to be issued by the Ministry of Industry and Trade (MOIT). Although the threshold for DPPA participation remains for now at 200,000 kWh per month, Decree 57 will allow the MOIT to adjust this threshold as deemed necessary. Decree 57 also provides specific guidance for large electricity consumers based on their consumption period. To participate in both private off-grid DPPA (selling electricity directly via a grid system separate from the national grid) and on-grid DPPA models, large electricity consumers must meet the minimum threshold for electricity consumption set by the MOIT under the Vietnam wholesale electricity market regulations (“Minimum Consumption Threshold”). Consumers with a consumption history of at least 12 months must have already met the Minimum Consumption Threshold at the time of registration or notification, while those whose consumption period is less than 12 months must commit to

Insurance specialists from Tilleke & Gibbins have provided an update to the Vietnam chapter of Thomson Reuters’ Practical Law guide to insurance and reinsurance. The guide is a Q&A-style overview of insurance and reinsurance law in jurisdictions worldwide. The Vietnam chapter provides a detailed overview of the legal framework for the insurance and reinsurance market in the country, covering the following issues: Regulatory framework for insurance and reinsurance Authorization for insurers, reinsurers, and insurance intermediaries Ownership restrictions Ongoing requirements Penalties for noncompliance Sales and marketing of insurance and reinsurance Transfer of risk Reinsurance contracts and risks Contracts and policies Claims Dispute resolution Insolvency Tax Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The insurance and reinsurance guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the guide, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.