Vietnam

Yes. Financial institutions in Vietnam are permitted to use cloud services, provided that they comply with applicable legal and regulatory requirements, such as those described below. 

State Bank of Vietnam (SBV) supervises financial services institutions including Vietnamese state-owned banks, credit institutions, commercial (private) banks, foreign banks, financial leasing companies, foreign exchange companies, and non-bank financial institutions providing intermediary payment services.

Financial Institutions in Vietnam may be subject to a number of different legal and regulatory requirements when they use cloud services.

Regulations issued by the SBV together with relevant guidelines, provide a framework for financial institutions in Vietnam when they are planning to use cloud services. Key legislation and guidelines include the following:

• S​BV Circular 9/2020 Prescribing
  Information System Security in Banking Operations

The above framework covers a variety of contractual and operational areas, including due diligence, risk management, business continuity, and monitoring and oversight.

Other relevant regulations are:

• The Law on Cybersecurity (LOCS) is in effect since January 2019 (LOCS) and  Decree 53/2022/ND-CP guides the implementation of LOCS  
• Decree No. 13/2023/ND-CP regarding the Personal Data Protection Law
• The Vietnam Data Law (Law No. 60/2024/QH15). The law is effective as of July 2025. Implementation decrees are: Decree 165/2025/ND-CP and Decree No. 169/2025/ND-CP 

These decrees include requirements on personal data protection, data storage, and transfer requirements across companies.

Customers that have questions about the applicable regulations, and how these may apply to their use of AWS services, can reach out to their account representative.

Regulations are changing rapidly in this space, and AWS is working to help customers proactively respond to new rules and guidelines. AWS encourages its financial institutions customers to obtain appropriate advice on their compliance with all regulatory and legal requirements that are relevant to their business, including other local regulations, guidelines and laws.

AWS is committed to offering customers a strong compliance framework and advanced tools and security measures that customers can use to evaluate meet, and demonstrate compliance with applicable legal and regulatory requirements.

Financial institutions who are using or planning to use AWS services can take the following steps to better understand their compliance needs:

1. Consider the purpose of the workload(s) under consideration and the relevant categories of data in order to anticipate which legal and regulatory requirements may apply.

2. Assess the materiality or criticality of the relevant workload(s) in light of local requirements.

3. Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each AWS service that will be used. Customers can also use AWS Artifact to access AWS’s audit reports and conduct their assessment of the control responsibilities.

4. Customers who have further questions about how AWS services can enable their security and compliance needs, or who would like more information, can contact their account representative.

Financial institutions in Vietnam using AWS should also consider applicable privacy requirements. The AWS whitepaper Using AWS in the Context of Common Privacy and Data Protection Considerations provides useful information to customers using AWS cloud services to store or process personal data.

If customers process or are planning to process the personal data of data subjects in the European Union (EU), they should visit AWS’s General Data Protection Regulation (GDPR) Center . More information on these requirements is included in Navigating GDPR Compliance on AWS .