Europe's AI Act Has Company: What Vietnam's Binding AI Law Means for EU Operators

What the Law Actually Requires

Phase one, now live, establishes the baseline. Any organisation developing or deploying AI systems inside Vietnam must register high-risk use cases, maintain documented technical and governance records, and designate a named local accountable officer registered with the Ministry of Science and Technology. The tiered classification tracks risk by use case, placing Vietnam directionally alongside the EU AI Act rather than the lighter-touch approaches seen elsewhere in the region.

Phase two, scheduled for 2027, extends conformity assessments to providers of general-purpose AI models and introduces mandatory transparency markers for synthetic media. Phase three in 2028 adds third-party audit requirements. Phase four in early 2030 activates the full penalties regime, with fines of up to VND 500 million for serious non-compliance and the possibility of revoked operating licences for repeat breaches.

The structure will look recognisable to anyone who has spent time with the EU AI Act's tiered obligations. Sandra Wachter, Professor of Technology and Regulation at the Oxford Internet Institute, has argued consistently that risk-based classification is the only durable architecture for AI law precisely because it survives model generations. Vietnam's Ministry of Science and Technology appears to have reached the same conclusion independently, and the structural parallel matters for European multinationals trying to build unified global compliance programmes rather than jurisdiction-by-jurisdiction patchworks.

Why This Matters to EU and UK Operators

Vietnam is not a peripheral market for European technology firms. Major European semiconductor equipment suppliers, including ASML, whose cleanrooms underpin global chip supply chains, have customers and logistics partners operating in Vietnam's growing manufacturing corridor. French, German, and Dutch enterprise software vendors have regional deployments there. Fintech firms regulated by the Financial Conduct Authority or the Bundesanstalt fur Finanzdienstleistungsaufsicht (BaFin) operate regional hubs in Ho Chi Minh City. Every one of those operations now has Phase 1 obligations to discharge.

Dragoș Tudorache, the Romanian MEP who served as co-rapporteur for the EU AI Act through its parliamentary passage, has repeatedly made the case that the Act's extraterritorial logic means European firms effectively export compliance culture wherever they operate. Vietnam's law tightens that relationship: a European AI product team designing for the EU AI Act now has strong incentives to align that design with Vietnamese requirements simultaneously, because the risk categories and documentation obligations overlap significantly.

The business case for early action is straightforward. Hanoi has been explicit about its strategy: Vietnam wants AI capital, data centre investment, and sovereign model partnerships, and views legal clarity as a competitive advantage rather than a barrier. The calculation is that multinational AI investors prefer a jurisdiction with clear rules, even strict ones, over an unregulated market where policy risk is opaque. European firms that have lobbied for precisely that kind of regulatory predictability at home should recognise the logic immediately.

How It Compares to Other Frameworks

The comparison table makes one thing clear: Vietnam is now the most EU-aligned AI legal framework outside Europe itself. That is not a coincidence. Vietnamese regulators studied the EU AI Act closely during drafting, and the structural similarities in risk categorisation, documentation requirements, and phased application timelines reflect deliberate design choices rather than convergence by accident.

What EU and UK Teams Should Do Now

The practical checklist is short, but each item has real resource implications:

• Map AI use cases against Vietnam's risk classification and identify which qualify as high-risk under Phase 1. Teams that have completed this exercise for the EU AI Act will find much of the groundwork reusable.
• Appoint a named accountable officer with authority to respond to regulator queries and register them with the Ministry of Science and Technology.
• Stand up a documentation pipeline for model cards, data lineage, and post-deployment monitoring, built to survive audit. EU AI Act-compliant documentation structures transfer well.
• Prepare synthetic media transparency tooling now, even though Phase 2 obligations do not arrive until 2027.
• Align board reporting so that material AI risks in Vietnamese operations feed into enterprise risk committees, not only technology committees.
• Instruct legal counsel to draft a gap analysis between existing EU AI Act compliance documentation and Vietnamese Phase 1 requirements before 30/06/2026.

European firms that treat Vietnam as a jurisdiction requiring its own standalone compliance effort will spend more money and create more organisational friction than those that build a unified global framework anchored on the EU AI Act and extended to cover Vietnamese specifics. The overlap is substantial enough to make that architecture genuinely efficient rather than merely tidy in theory.

The broader signal is this: the EU AI Act catalysed a global wave of risk-based AI legislation. Vietnam is the clearest proof yet that the wave is real, not rhetorical. European operators with any international footprint should expect to add further jurisdictions to their compliance matrix over the next 24 months, and they should be building the infrastructure to absorb those additions now rather than reacting to each one in isolation.