Directive 57: A legal catalyst propelling “Make in Vietnam” cybersecurity into a new growth phase

The cybersecurity landscape in Vietnam is undergoing a rapid transformation as several new policies and laws officially take effect throughout the 2025-2026 period. Most notable among these is Directive 57-CT/TW, alongside key legislation concerning data and cybersecurity.

The synchronized emergence of this regulatory framework tightens security requirements and creates an entirely new market centered on compliance. For Vietnamese technology enterprises, especially startups and SMEs, this represents a golden window to transition from supporting roles to providing core solutions within the national cybersecurity ecosystem.

The compliance wave: Opening new service markets

As regulations on personal data, cybersecurity, and data governance simultaneously take effect, businesses will have no choice but to invest seriously in security. This creates a massive, mandatory demand spanning from solution consulting to technical implementation.

Instead of focusing solely on isolated solutions, the market is shifting toward integrated services. Enterprises require partners who can assist in everything from establishing data protection processes to deploying monitoring systems and Incident Response. This is why models such as shared SOC services or "compliance-as-a-service" are becoming particularly relevant, especially for resource-constrained SMEs.

In parallel, "Make in Vietnam" products hold a distinct advantage by meeting domestic legal requirements while offering customization tailored to the specific needs of Vietnamese businesses. Solutions such as data encryption, personal data lifecycle management, and automated user request processing will quickly become the new standard rather than just optional enhancements.

Financial resources and Policy: Levers for domestic growth

Another significant highlight is the establishment of the National Data Development Fund, with an initial scale of 1,000 billion VND. This fund does not merely provide financial support; it serves as "seed capital" to activate the entire data technology and cybersecurity ecosystem.

The government's direct investment indicates a clear strategic direction: developing domestic capabilities rather than relying on foreign solutions. In particular, startups and SMEs will be granted the resources to test, refine, and commercialize products—especially in sectors previously dominated by foreign providers, such as Cloud Security, eID (Electronic Identification), and security monitoring platforms.

Furthermore, the prioritization of digital transformation in rural and disadvantaged areas opens a high-potential niche market where businesses can deploy lightweight, cost-optimized solutions that still meet fundamental security requirements.

Cybersecurity is becoming a True Industry

Previously viewed primarily as an operational cost, cybersecurity is now evolving into a full-fledged industry with clear economic contributions. According to reports from the Ministry of Information and Communications (now the Ministry of Science and Technology), in 2024, Vietnam’s information security revenue reached 7,179 billion VND, a 30% increase. This growth rate demonstrates that demand is surging not only from the corporate sector but also from the government and national infrastructure.

On a global scale, research from Mordor Intelligence expects the market size to double by 2030, reflecting a strong trend of investment in security amid rapid digital transformation. Vietnam is not an outsider to this trend; in fact, the country holds an advantage as the market is still in its formative stages.

More importantly, cybersecurity is now intrinsically linked to the concept of digital sovereignty. Developing domestic products and platforms not only reduces technological dependence but also enhances the national standing on international information security rankings.

Four legal pillars shaping the new game

The hallmark of the current period is the synchronized appearance of four legal documents, creating a complete regulatory ecosystem rather than the fragmented approach of the past.

• The Data Law: For the first time, this lays the foundation for treating data as an economic asset, opening new pathways for data-driven business models.

• The Personal Data Protection Law: Focuses on user rights, imposing stricter requirements on the collection, processing, and storage of information.

• The Cybersecurity Law (Amended): Acts to consolidate and standardize regulations, helping businesses easily define their compliance roadmaps.

• Directive 57: Functions as a strategic coordinator, emphasizing the development of "Make in Vietnam" technology, building multi-layer protection systems, and promoting human resource training.

This combination not only creates compliance pressure but also clearly defines the developmental direction of the entire industry for years to come.

Great opportunities, but not for everyone

It is evident that the Vietnamese cybersecurity market is entering a new growth cycle, driven by both policy and practical demand. However, this opportunity does not guarantee success for everyone.

The businesses best positioned to capitalize on this will be those that pivot their mindset early-moving beyond providing technical services to offering holistic solutions tied to compliance and operational challenges. Simultaneously, investing in domestic products with deep technological foundations will be the deciding factor for long-term competitiveness.

In this context, Directive 57 is not merely a guiding document, it is a catalyst propelling Vietnamese cybersecurity toward the status of a strategic national industry.