New draft on the national firewall 2026: A turning point in Vietnam's network infrastructure management

In the context of the exploding digital era, the Vietnamese government is taking decisive steps to tighten national cybersecurity.

Most recently, in March 2026, the Ministry of Public Security (MPS) released a detailed draft regarding technical requirements for the national firewall system. This regulation not only affects Internet Service Providers (ISPs) but also poses significant challenges in terms of technical infrastructure and compliance for the entire business community operating in Vietnam.

1. Key technical requirements from the Ministry of Public Security draft

According to the draft content, the new firewall system is designed with the capability for deep monitoring and intervention in data traffic

Below are the mandatory technical specifications and requirements that businesses and organizations operating network infrastructure must note:

• Deep Packet Inspection (DPI) technology: Firewall devices must be capable of traffic filtering, performing DPI, and allowing the extraction of the entire data stream through the Ministry of Public Security's monitoring system.

• Identification management and control policies: The system requires linking real user identities to establish personalized control policies. This aims to strictly manage online behavior and cross-reference with subscriber profiles.

• Blacklist-based web filtering mechanism: The firewall must integrate web filtering functions based on blacklists, with the capacity to store at least 100,000 restricted domains, IP addresses, and Uniform Resource Identifiers (URLs).

• Connection logging: Every network device must log all user connection sessions, including: timestamp, source IP address, destination IP address, protocol, matched signature, and executed action.

• Risk level classification: Online behavior will be analyzed and ranked according to "risk levels." Upon reaching certain thresholds, the system will automatically apply control policies and issue alerts to the authorities.

2. The intersection with the Cybersecurity Law 2025

This firewall draft is part of the roadmap for implementing Cybersecurity Law No. 116/2025/QH15 (passed on December 10, 2025), which is expected to officially take effect on July 1, 2026.

The new law strictly regulates the timeframe for removing infringing content: a maximum of 24 hours for standard requests and no more than 6 hours for emergency cases from the Ministry of Public Security. Concurrently, regulations on data localization in Vietnam have been clarified, requiring the retention of information such as account names, service usage duration, and access IP addresses.

3. Cybersecurity landscape 2026: Challenges from AI and geopolitics

The cybersecurity situation in Vietnam in 2026 is evolving in a complex manner. According to a report from VNETWORK, only 33.7% of businesses are currently deploying truly integrated multi-layered security solutions. This creates "blind spots" for sophisticated attacks.

Furthermore, the rise of Deepfake AI services is pushing social engineering attacks and Business Email Compromise (BEC) to new heights. Cyber warfare and geopolitical conflicts are no longer distant issues, requiring Chief Information Security Officers (CISOs) to be prepared for severe infrastructure disruption scenarios.

4. Security solutions and compliance roadmap for businesses

To meet the new regulations from the 2026 firewall draft and the Cybersecurity Law 2025, businesses need to implement the following infrastructure optimization roadmap:

• Upgrade to Next-Generation Firewalls (NGFW): Invest in devices that support high-performance DPI and have the capability for flexible integration with data gateways of the authorities.

• Deploy Identity and Access Management (IAM) solutions: Ensure all network access is accurately identified, supporting the log extraction and reporting process when requested by the Ministry of Public Security.

• Build resilience: Assuming that incidents are inevitable, businesses should invest in network segmentation and continuous redundancy systems.

• Leverage Managed Security Service Providers (MSSP): Services such as centralized firewall management and 24/7 security monitoring from reputable entities like IPSIP will help businesses alleviate resource burdens and ensure the highest level of legal compliance.

Reference sources:

• The Vietnamese Magazine: Vietnam’s new proposal on firewall: What the MPS draft reveals (03/2026).

• Ministry of Public Security Portal: Legislative development program 2026.

• Library of Law: Cybersecurity Law No. 116/2025/QH15.

• VNETWORK: Vietnam business cybersecurity landscape report 2026.