The number that stands out in Vietnam's new high-risk AI list is 31. Thirty-one of the 46 classified systems are in transportation. For a country that has been quietly building one of Southeast Asia's more ambitious AI regulatory frameworks, the transportation-heavy list is a signal about where the government sees the real risk: autonomous vehicles, traffic management systems, and logistics infrastructure that could affect public safety at scale.
On June 30, 2026, Vietnam's prime minister issued Decision No. 33/2026/QD-TTg, establishing the official list of high-risk AI systems under the Law on Artificial Intelligence and Decree No. 142/2026/ND-CP. The list takes effect August 15, 2026. For multinationals with AI products operating in Vietnam, the window to determine exposure is short.
TL;DR: Vietnam published its official list of 46 high-risk AI systems on June 30, 2026, effective August 15. Systems in banking (automated high-value transactions, credit scoring), healthcare (surgical robots), and education (automated student grading) face mandatory third-party certification before deployment. Foreign providers must establish a local presence in Vietnam. Compliance deadlines are March 1, 2027 for most sectors and September 1, 2027 for healthcare, education, and finance. If you sell or operate AI in Vietnam in any of these six sectors, you need to check Decision 33 against your product portfolio now.
Why this matters beyond Vietnam
Vietnam's AI Law is the first standalone national AI law in Southeast Asia. It predates similar framework laws in the Philippines, Indonesia, and Thailand, which are still in consultation or draft phases. The high-risk classification system follows the EU AI Act's structural approach: define which AI applications carry the highest risk to individuals and society, then attach the heaviest compliance obligations to those applications specifically.
For multinationals, this matters in two ways. First, if you operate AI products in Vietnam across banking, healthcare, education, or transportation, the August 15 effective date is real. Second, the Vietnam framework is likely to be the template other ASEAN members adapt when they move from AI strategy documents to binding law. Understanding what Vietnam requires now is understanding what the region will require next.
The EU AI Act defined high-risk AI across eight broad domains, including education, employment, essential services, and law enforcement. Vietnam's list is narrower but more sector-specific. The full classification by sector:
The 46 high-risk AI systems by sector
Banking (2 systems)
| System | Description |
|---|---|
| Automated high-value transaction execution | AI systems that automatically execute high-value electronic banking transactions without requiring human approval at the point of execution |
| Credit scoring and automated lending decisions | AI-powered systems that make automated credit decisions, including loan approvals and rejections, without human review of individual determinations |
These two banking systems carry the strictest pre-deployment requirements. Automated credit decisions without human oversight, in particular, map directly to concerns that Vietnam's Central Bank has raised about AI-driven lending discrimination. Third-party certification is mandatory before deployment.
Healthcare (2 systems)
| System | Description |
|---|---|
| AI-powered surgical assistance | AI systems that provide real-time guidance, control, or decision support during surgical procedures |
| Surgical robots | Robotic systems using AI to perform or assist with surgical interventions on patients |
Both healthcare systems require third-party certification before clinical deployment. The compliance deadline for healthcare is September 1, 2027, the longest transitional period, reflecting the complexity of clinical validation requirements.
Education (3 systems)
| System | Description |
|---|---|
| Self-learning content from uncontrolled sources | AI systems that curate or deliver educational content drawn from data sources without controlled curation or review |
| Automated student assessment | AI systems that automatically assess student performance without educator review |
| Automated student grading and ranking | AI systems that produce final grades or rankings for students without human educator validation |
The education category is the one most likely to catch software providers who did not expect to fall under Vietnam's high-risk framework. Learning management systems with AI-powered auto-grading features, adaptive learning platforms that surface unvetted content, and any system that generates student performance records automatically are all potentially in scope.
Litigation (1 system)
| System | Description |
|---|---|
| AI in legal proceedings | AI systems used to support, inform, or participate in legal dispute resolution, court proceedings, or judicial decision-making |
A single system, but a significant one. Vietnam's courts have been cautious about AI in legal contexts, and this classification puts any legal AI product operating in Vietnamese proceedings under the highest regulatory scrutiny.
Ethnicity and religion (7 systems)
The seven systems in this category relate to AI applications that could affect individuals based on ethnic or religious characteristics. Vietnam has not published the full English-language descriptions of each system, but the category covers AI used in monitoring, classification, or decision-making that involves ethnicity or religion as a data dimension. See the official Decision 33 text at vietnam.vn for the complete list.
Transportation (31 systems)
The transportation category contains the majority of classified systems, 31 of 46. The full list covers autonomous vehicle systems, traffic signal management AI, logistics routing systems, aviation AI applications, and rail control systems, among others. The complete technical descriptions are available in the official Decision 33 text; the official English translation is at vietnam.vn.
For transportation AI providers, the compliance deadline is March 1, 2027, with systems deployed before August 15, 2026 eligible for the transitional period.
What "high-risk" classification triggers
Being listed in Decision 33 is not a blanket prohibition. It triggers three layers of obligation:
Conformity assessment pathway. Providers must follow one of three routes:
- Third-party certification: mandatory for the highest-risk systems, particularly in banking and healthcare. A registered or recognized conformity assessment body must certify the system before deployment. The certifying body must be authorized under Decree 142.
- Self-assessment: allowed for certain systems where the provider can maintain comprehensive risk management documentation and demonstrate compliance through internal review. The documentation standard is high: risk management frameworks, data quality governance, technical documentation, and operational logs.
- Voluntary engagement: providers may choose to engage a conformity assessment body for additional assurance even when self-assessment is permitted.
Documentation and governance requirements. All high-risk system providers must maintain:
- Risk management mechanisms covering the AI system's full lifecycle
- Data quality governance frameworks for training and operational data
- Technical documentation describing system design, capabilities, and limitations
- Operational logs capturing system decisions and performance metrics
- Incident-handling procedures with defined response timelines
Human oversight. High-risk systems must implement meaningful human oversight throughout operation. For automated banking transactions and credit decisions, this means human approval at decision points. For healthcare systems, it means clinician validation. The requirement is not satisfied by a theoretical override capability that users cannot practically exercise.
Local presence requirement for foreign providers
Foreign AI providers that deploy high-risk systems in Vietnam must establish a local presence: a reachable legal entity in Vietnam that is responsible for the system's compliance performance under the AI Law and Decree 142. This requirement is not satisfied by a regional APAC office in Singapore or Hong Kong; the entity must be in Vietnam and must be capable of receiving regulatory correspondence and responding to enforcement actions.
This mirrors a requirement that has appeared in other Southeast Asian AI frameworks. The Philippines' DICT AI framework and Indonesia's MoCominfo circulars both include local contact or representative requirements for foreign AI providers. Vietnam's version is more explicit because it is statutory rather than advisory.
For providers currently operating in Vietnam without a local entity, the August 15 effective date creates urgency. Establishing a representative entity or local subsidiary takes time, and the transitional period for pre-existing systems does not extend the local presence requirement indefinitely.
Compliance deadlines by sector
| Sector | Compliance deadline | Notes |
|---|---|---|
| Healthcare | September 1, 2027 | Longest transition; clinical validation complexity |
| Education | September 1, 2027 | Grouped with regulated sectors |
| Banking | September 1, 2027 | Grouped with regulated sectors |
| Transportation | March 1, 2027 | 31 systems; deadline applies to full technical conformity |
| Ethnicity and religion | March 1, 2027 | 7 systems |
| Litigation | March 1, 2027 | 1 system |
Systems that were deployed and in operation before August 15, 2026 are eligible for the transitional period and may continue operating while completing compliance obligations by the applicable deadline. New deployments after August 15 face immediate compliance requirements.
Practical checklist for multinationals operating in Vietnam
- Inventory check: identify every AI product or feature operating in Vietnam. Map each against the six Decision 33 sectors: banking, healthcare, education, litigation, ethnicity and religion, transportation.
- Classification review: for any product that falls within a sector, determine whether it matches a specific system description. Use the official Decision 33 text (vietnam.vn) for the full technical descriptions, particularly for the 31 transportation systems.
- Conformity pathway decision: for each covered system, determine whether third-party certification or self-assessment applies. Banking and healthcare systems require third-party certification. Other sectors may qualify for self-assessment with sufficient documentation.
- Local presence assessment: confirm whether you have a legal entity in Vietnam responsible for AI compliance. If not, determine whether your product volume and classification level require establishing one before August 15.
- Documentation gap analysis: audit your risk management documentation, data quality governance, technical documentation, and operational logs against the Decree 142 requirements. Identify gaps and timelines to close them.
- Human oversight review: for automated decision systems in banking, education, and healthcare, verify that human oversight mechanisms are functionally accessible and not merely theoretical.
- Deadline tracking: calendar the sector-specific deadlines. Healthcare, education, and finance: September 1, 2027. All others: March 1, 2027. Build backward from each deadline to set documentation and certification milestones.
Related Reading
- EU AI Act Annex III: High-Risk AI Systems Classification Guide
- EU AI Act Conformity Assessment: Step-by-Step Process Guide
- China's AI Companion Law Takes Effect July 15: What It Requires
- AI Vendor Due Diligence Checklist 2026
- Multi-State AI Compliance Strategy 2026
- EU AI Act Compliance Checklist 2026
Sources: Vietnam Briefing, "Vietnam Identifies 46 High-Risk AI Systems Under New AI Law", Mondaq, "Vietnam Introduces Sectoral List Of High-Risk AI Systems", Official list at vietnam.vn, Baker McKenzie ConnectOnTech, "Vietnam's first standalone AI Law: An overview of key provisions, future implications", The Star, "Vietnam releases list of 'high-risk' AI systems".
