HÀ NỘI — Deputy Prime Minister Nguyễn Chí Dũng has signed a decision outlining data sets that must be strictly protected during the processes of data collection, storage and usage.

The Prime Minister's Decision 20/2025/QĐ-TTg, which was signed on Wednesday, stipulates 26 core data sets and 43 critical data sets that require extra protection.

According to the decision, core data refers to types of data that could seriously affect key national sectors if illegally collected or misused.

These sectors include national defence, security, cryptographic affairs, foreign relations, macroeconomics, social stability, public health, and public safety.

Although not classified as state secrets, these data sets require high levels of protection due to their sensitive nature and far-reaching impacts.

The Government identified a total of 26 types of core data, including information related to national borders, sovereignty, and unpublished strategies or scientific research projects in the fields of national defence, security, and cryptographic affairs.

In addition, data related to the defence industry, as well as investment and procurement activities in the fields of security, national defence, and national reserves, are also included in the list of data requiring protection.

Information related to military facilities, cybersecurity infrastructure, radio frequency planning for defence purposes, and meteorological, hydrological and environmental data serving national defence, is also classified as core data.

Non-public information on the activities of the Communist Party, foreign affairs of state agencies, data transferred by international organisations under treaties to which Việt Nam is a signatory, and data concerning Vietnamese diplomatic missions abroad are also on the list.

The list includes organisational structure plans of ministries, sectors and local authorities; personnel data of civil servants, public employees, and the armed forces; information on ethnic groups and religions; strategic natural resources such as water and rare minerals; and geospatial data and satellite imagery of critical areas.

Also considered core data is information related to land, seas and islands; state finance and budgets; details on fisheries activities; development plans for ethnic minority regions; data from the judicial sector; information on nuclear energy and national energy strategies; as well as health-related data and non-public information about individuals and organisations.

In addition to the 26 core data types, the Government has also established 17 additional types of data to form the list of 43 critical data sets.

These types of data may not cause immediate impacts like core data; however, they still pose significant risks if breached or misused.

This category includes data related to inspections, complaint and denunciation resolution and anti-corruption efforts; information concerning criminal investigations, crime prevention and handling of administrative violations; and data in the fields of internal affairs, transportation, and information and communications.

Additionally, it encompasses data on copyright and ownership rights of works and performances for which the State is the legal representative; data on scientific and technological activities outside the scope of national defence; preliminary environmental data; financial and banking information; data concerning social insurance, health insurance and unemployment insurance; as well as information in the fields of industry, strategic materials, agriculture, foreign investment, education and training, biosafety, labour and social affairs.

Any non-public information about organisations and citizens is also included in this category, though classified at a lower sensitivity level compared to core data.

To ensure effective implementation of the decision, the Prime Minister has assigned the Ministry of Public Security to take the lead in organising, guiding and supervising its enforcement nationwide.

The ministry is also responsible for coordinating with relevant agencies to review, update and propose amendments or additions to the lists of critical and core data when necessary.

The Ministry of National Defence is assigned to guide and oversee the implementation of data protection measures concerning military, national defence and cryptographic sectors.

At the same time, ministries, ministerial-level agencies, Government-affiliated bodies and People’s Committees of provinces and centrally governedcities are responsible for translating the guidelines into specific actions, classifying and managing data within their respective domains and closely coordinating with the Ministry of Public Security to ensure consistency and comprehensiveness in applying the classifications of core and critical data. — VNS