Vietnam’s Law on Artificial Intelligence (No. 134/2025/QH15) classifies AI systems into three risk tiers: high, medium, and low. Your tier determines your compliance obligations — from mandatory pre-market conformity assessment at the top to minimal requirements at the bottom. But here is the problem: the detailed classification criteria have not been published yet. The Prime Minister’s high-risk AI systems list is still in inter-ministerial consultation. Providers must self-classify their systems under Article 10, and they are doing so with an incomplete rulebook.
This article breaks down each tier based on what the law’s text establishes, explains the obligations attached to each level, and provides a provisional decision framework for self-classification while the implementing regulations catch up.
How Does Vietnam Classify AI Risk?
Article 9 of the AI Law establishes three risk levels based on the potential impact of an AI system on human rights, safety, security, and public interests. The classification determines which regulatory obligations apply.
| Tier | Vietnamese Term | Definition (Art. 9) | Obligations |
|---|---|---|---|
| High risk (Rui ro cao) | Rui ro cao | Systems that “can cause significant damage to life, health, rights” or threaten national security | Conformity assessment, registration, documentation, human oversight, incident reporting, continuous monitoring |
| Medium risk (Rui ro trung binh) | Rui ro trung binh | Systems that “can cause confusion, influence, or manipulate users regarding AI interaction” | Transparency, disclosure, accountability on request |
| Low risk (Rui ro thap) | Rui ro thap | Systems that do not fall into either category above | Accountability only when violation indicators exist |
[Source: Law 134/2025/QH15, Art. 9; primary text read in Vietnamese from chiakhoaphapluat.vn]
A common error in English-language analysis is describing Vietnam’s system as having four tiers, mirroring the EU AI Act’s structure. Vietnam has three tiers. The confusion arises because the EU AI Act treats “unacceptable risk” (prohibited practices) as a fourth category. Vietnam handles its prohibited practices separately in Article 7. They are not part of the classification system. They are outright bans, enforceable immediately since March 1, 2026 with no transition period.
What AI Practices Does Vietnam Prohibit? (Art. 7)
Six categories of activity are banned outright, regardless of risk tier. These are not “high-risk with extra requirements.” They are illegal.
- Exploitation for illegal purposes: using AI systems to commit crimes or violate rights (Art. 7(1))
- Harmful AI development and deployment: four sub-categories including deceptive deepfakes, exploiting vulnerable groups, and creating fake content threatening national security (Art. 7(2))
- Unlawful data use: collecting or processing data for AI in violation of data protection, IP, or cybersecurity laws (Art. 7(3))
- Blocking human oversight: obstructing, disabling, or falsifying human supervision mechanisms (Art. 7(4))
- Information concealment: hiding information that must be public, transparent, or accountable (Art. 7(5))
- Abuse of research activities: using research or testing as cover for illegal acts (Art. 7(6))
[Source: Law 134/2025/QH15, Art. 7; IAPP analysis, February 2026]
Note: Some English-language summaries count seven prohibited activities. The Vietnamese primary source has six numbered items. Item 2 contains four sub-provisions (a-d), which some analysts counted separately. For the full AI Law overview, see our Vietnam AI Law guide.
What Qualifies as High-Risk AI in Vietnam?
High-risk AI systems face the strictest obligations under the law. Article 9 defines high risk as systems that “can cause significant damage to life, health, rights” or threaten national security. The Prime Minister maintains and updates the official high-risk list, but that list has not been finalized.
Status of the high-risk list
MOST released a draft for consultation on February 4, 2026. The draft contains five groups of criteria for high-risk classification and three groups of systems requiring mandatory conformity certification before deployment. On March 3, MOST issued Official Letter 1101 requesting all ministries to propose specific AI systems for inclusion. Inter-ministerial consultation is ongoing. The final list is expected mid-2026 but no official deadline has been published. [Source: MLex, February 4, 2026; baomoi.com / Voice of Vietnam, March 4, 2026]
Likely high-risk domains
Based on the law’s text, the draft list criteria, and Vietnam’s stated policy priorities, the following domains are likely to contain high-risk systems:
- Healthcare — AI diagnostic tools, treatment recommendation systems, medical imaging analysis. Vietnam explicitly grants healthcare AI an extended 18-month transition period (Art. 35), signaling regulatory awareness of the sector’s risk profile.
- Finance/banking — Credit scoring, automated lending decisions, fraud detection. The State Bank of Vietnam is already drafting sector-specific AI rules.
- Education — Student assessment, personalized learning, age-appropriate content filtering. Also covered by the 18-month transition.
- Law enforcement — Facial recognition, predictive systems, surveillance tools. The law’s national security provisions in Art. 7 and Art. 9 signal heightened attention here.
- Critical infrastructure — AI systems managing energy, transportation, or telecommunications networks.
[Source: Law 134/2025/QH15, Art. 9, Art. 35; Baker McKenzie analysis, February 2026]
These are analytical assessments, not official classifications. Until the PM signs the high-risk list, no system is definitively classified as high-risk under the formal framework. Providers should treat these domains as probable high-risk for planning purposes.
What Falls Under Medium-Risk AI?
Medium-risk systems are those that “can cause confusion, influence, or manipulate users regarding AI interaction” (Art. 9). This tier maps roughly to the EU AI Act’s “limited risk” category and focuses primarily on transparency obligations.
Likely medium-risk systems include chatbots and virtual assistants that interact directly with users, AI-generated content tools that produce text, images, or audio, recommendation engines that influence purchasing or browsing decisions, and sentiment analysis tools used in customer service. The common thread: these systems affect how people perceive information or interact with technology, but do not directly threaten life, health, or rights.
Medium-risk obligations (Art. 15)
Medium-risk AI systems must comply with the transparency requirements in Article 11:
- AI interaction disclosure — users must be able to recognize they are interacting with AI (Art. 11(1))
- Content marking — AI-generated audio, image, and video must be marked in machine-readable format (Art. 11(2))
- Public content labeling — deployers must clearly notify audiences when publicly providing AI-generated content (Art. 11(3))
- Deepfake labeling — content simulating the appearance of real persons must carry “easily recognizable marks” (Art. 11(4))
- Accountability on request — medium-risk providers must respond to accountability inquiries when requested
[Source: Law 134/2025/QH15, Art. 11, Art. 15]
What Obligations Apply to Low-Risk AI?
Low-risk AI systems carry the lightest regulatory burden. Article 15 requires accountability only when “violation indicators exist,” meaning regulators must have a reason to investigate before they can demand information from low-risk operators.
The state “encourages” voluntary application of technical standards for all risk levels (Art. 15), but for low-risk systems this is not mandatory. Typical low-risk systems include spam filters, basic autocomplete features, inventory optimization tools, and other AI applications with minimal direct human impact.
Low risk does not mean no risk. All AI systems, including low-risk, are still subject to the prohibited activities in Article 7, the general data protection obligations under the PDPL (Law 91/2025), and cybersecurity requirements. The classification affects AI-specific obligations, not the broader regulatory stack.
How Do You Classify Your AI System? (Decision Framework)
Article 10 requires providers to self-classify before placing their AI system on the Vietnamese market. Here is a provisional framework based on the law’s text.
Step 1: Check prohibited activities first
Review your system against all six categories in Article 7. If your system falls within any prohibited category, classification is irrelevant. The system cannot legally operate in Vietnam. This check applies regardless of sector or risk tier.
Step 2: Assess impact level
Ask these questions about your AI system:
- Could it cause significant damage to life, health, or rights? If yes, likely high-risk.
- Does it operate in healthcare, finance, education, or law enforcement? If yes, likely high-risk (based on the 18-month transition sectors and MOST’s inter-ministerial consultation focus areas).
- Could it cause confusion about whether users are interacting with AI? If yes but it does not threaten life/health/rights, likely medium-risk.
- Does it generate content that could be mistaken for human-created content? If yes, likely medium-risk at minimum.
- Is its impact limited to operational efficiency without direct human-facing decisions? If yes, likely low-risk.
Step 3: Notify MOST
Medium and high-risk systems must notify MOST of their classification result (Art. 10(3)). If you are uncertain about your classification, Article 10(4) allows you to request MOST guidance. The notification format has not been published (Art. 10(7) delegates this to the implementing decree).
Step 4: Monitor for reclassification
Deployers can inherit the provider’s classification (Art. 10(2)), but if your deployment context differs significantly from the intended use, reassess. Misclassification or dishonest declaration triggers mandatory reclassification by regulators (Art. 10(6)).
This framework is analytical, not authoritative. The official classification criteria under Article 9(3) and the PM’s high-risk list will supersede this provisional approach. Track their status on our Vietnam Implementing Decrees Tracker.
What Obligations Attach to Each Risk Tier?
The obligations differ significantly by tier. Here is a consolidated view.
| Obligation | High Risk | Medium Risk | Low Risk |
|---|---|---|---|
| Pre-market conformity assessment (Art. 13) | Mandatory | No | No |
| Registration in National AI Database (Art. 8, Art. 14) | Mandatory | No | No |
| Risk management measures (Art. 14(1)(a)) | Mandatory, regularly reviewed | No | No |
| Technical documentation and activity logs (Art. 14(1)(c)) | Mandatory | No | No |
| Human oversight mechanisms (Art. 14(1)(d)) | Mandatory | No | No |
| Incident reporting (Art. 12) | Mandatory | Best practice | Best practice |
| Transparency / AI interaction disclosure (Art. 11) | Mandatory | Mandatory | Encouraged |
| Content marking and labeling (Art. 11(2-4)) | Mandatory | Mandatory | Encouraged |
| Accountability on request (Art. 15) | Mandatory | On request | Only with violation indicators |
| Local legal representative — foreign providers (Art. 14(6)) | Mandatory | Recommended | Optional |
| Conformity assessment organization review (Art. 13(5)) | Mandatory — independent | No | No |
| Cooperation with state inspections (Art. 14(1)(g)) | Mandatory | Mandatory | On request |
| Civil liability insurance (Art. 14) | Encouraged | Voluntary | Voluntary |
[Source: Law 134/2025/QH15, Art. 11-15]
Vietnam defines four distinct roles in the AI value chain: developer, provider, deployer, and user (Art. 3). This is more granular than the EU (which merges developer into provider) or South Korea (which has two roles). Obligations in the table above apply primarily to providers and deployers. Users must comply with operating procedures. For the full role definitions and their Vietnamese terms, see our Vietnam AI Law guide.
How Does This Compare to EU and Korean Classification?
| Dimension | Vietnam | EU AI Act | South Korea AI Basic Act |
|---|---|---|---|
| Number of tiers | 3 (high, medium, low) | 4 (unacceptable, high, limited, minimal) | 2 (high-impact + everything else) |
| Prohibited practices | Separate (Art. 7) — 6 categories | Part of risk framework (Art. 5) — “unacceptable risk” | Not explicitly listed |
| Who defines high-risk | PM decision (deferred) | Annex III (listed in statute) | 11 domains listed in Art. 2(4) |
| Classification method | Provider self-classification (Art. 10) | Provider self-assessment against Annex III | Government notification system |
| Pre-market assessment | Mandatory for high-risk (Art. 13) | Mandatory for high-risk (Art. 43) | Voluntary |
| Regulatory guidance if uncertain | Yes — can request MOST guidance (Art. 10(4)) | No direct equivalent | No direct equivalent |
[Source: Law 134/2025/QH15; Regulation (EU) 2024/1689; Korea AI Basic Act (2024)]
Vietnam’s approach sits between the EU’s prescriptive detail and Korea’s lighter framework. The key structural difference: Vietnam defers specificity to executive decisions (PM list) rather than embedding it in statute (EU Annex III) or statute-level domains (Korea Art. 2(4)). This gives the Vietnamese government flexibility to update the high-risk list without legislative amendment, but it also means the rules are less predictable until the list is published.
For a full side-by-side analysis of how Vietnam’s AI Law compares to the EU AI Act across all dimensions, see our Vietnam vs EU AI Act comparison.
Reg Intel is not a law firm and does not provide legal services. This content is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for jurisdiction-specific guidance.
Last verified: March 26, 2026
Reg Intel is not a law firm and does not provide legal services. This content is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for jurisdiction-specific guidance.
Last verified: March 26, 2026