As artificial intelligence (AI) is increasingly deployed in critical sectors such as finance, healthcare, and public services, risks arising from AI-related incidents have become a central legal concern. In response, Vietnam’s AI Law not only regulates the development and deployment of AI systems but also establishes a structured framework for incident handling and reporting obligations, aimed at ensuring safety and protecting users and public interests.
1. What is a serious AI incident?
According to Article 3(8) of the AI Law, a “serious incident” refers to an event occurring during the operation of an AI system that causes, or poses a risk of causing, significant harm to human life, health, fundamental rights, property, cybersecurity, public order, the environment, or disrupts critical information systems related to national security.
While this definition provides a broad legal foundation, the law does not yet specify detailed criteria for assessing the threshold of “seriousness”. Consequently, whether an incident qualifies as serious must be interpreted in light of the Law’s risk-based approach, taking into account the scale and nature of harm, risks to fundamental rights, and the likelihood and severity of adverse impacts.
2. Reporting obligations and deadlines
Under Article 12, the AI Law establishes a clear allocation of responsibilities for incident management and reporting across different actors within the AI ecosystem.
As a baseline obligation, developers, providers, deployers, and users are all required to ensure the safety, security, and reliability of AI systems, as well as to promptly detect and address incidents that may cause harm to individuals, property, data, or social order.
In the event of a serious incident:
- Developers and providers must immediately implement technical measures to mitigate the issue, including suspension or withdrawal of the system where necessary, and notify the competent authorities without delay;
- Deployers and users are required to record and promptly report incidents, and to cooperate fully in remediation efforts.
- The notification and reporting shall be conducted via the National One-stop AI Portal.
In addition, competent state authorities are responsible for receiving reports, verifying incidents, and providing guidance on handling measures. Where necessary, they may require the suspension, withdrawal, or reassessment of the AI system.
3. Introduction of the One-Stop AI Portal
A key institutional feature of the AI Law is the establishment of a National One-stop AI portal, as provided under Article 8 of AI Law.
This portal serves as a centralized digital platform to:
- Support AI systems’ risk classification;
- Receive notifications, including AI system classification results, periodic reports, and reports of serious incidents;
- Support the registration and participation in regulatory sandbox mechanisms;
- Publicly disclose relevant information, such as conformity assessment results and enforcement actions;
- Facilitate access to support programs, shared infrastructure, and data resources.
In parallel, a National Database on AI Systems is established and managed in a unified manner to support regulatory oversight, supervision, and transparency.
Data sharing and disclosure through this portal must comply with requirements on information security, and ensure the protection of state secrets, trade secrets, and personal data.
Overall, the portal functions not merely as a technical tool, but as a core mechanism for operationalizing accountability, enabling efficient communication between businesses and regulators while enhancing transparency.
4. Implications for enterprise in Vietnam
For enterprises, incident handling and reporting obligations go beyond simple legal compliance and play a direct role in shaping internal risk management and governance structures.
In practice, enterprises should:
- Establish systems to detect, record, and monitor AI-related incidents;
- Develop clear internal procedures to assess the severity of incidents and determine when reporting obligations are triggered;
- Clearly assign responsibilities across technical, legal, and operational teams to ensure a coordinated response;
- Ensure readiness to communicate and cooperate with regulators through the one-stop AI portal.
More importantly, effective compliance with these requirements not only reduces legal and regulatory exposure but also strengthens corporate credibility and builds user trust, particularly in high-risk or highly regulated sectors.
- Connect with Humane-AI Asia to operationalize AI accountability and turn compliance into a foundation for responsible and sustainable innovation.
For more information about our services, visit: https://humane-ai.asia/en
Humane-AI Asia
Tran Vu Ha Minh | 0938801587
minh.tran@humane-ai.asia | info@humane-ai.asia
