In Vietnam the adoption of blockchain in general and non-fungible tokens (NFTs) in particular remains nascent, but a number of local enterprises have begun experimenting with this form of technology, most prominently in the gaming and art industries.

In mid-2020, a popular blockchain-based game titled "Axie Infinity" was first released, and was characterized by a sense of true ownership over in-game items.^[1] By 2021, Sky Gate (known in Vietnamese as "Cong Troi") and KardiaChain partnered to create a blockchain-based digital platform focusing on a digital marketplace connecting artists and traditional collectors.^[2]

It is expected that this initial development in the gaming and art industries will encourage the ownership of cryptoassets, which has so far been impractical. Until recently, title to virtual goods could almost never be verifiable because it would be impossible to identify the original owner and to ensure the authenticity of the transacted item. The uniqueness of each NFT and the use of blockchain technology have enabled ownership of cryptoassets produced in cyberspace.^[3]

^[1] Tech in Asia: Thu Huong Le, Meet the Vietnamese developer behind blockchain game Axie Infinity (2020); and readers can find more information about the game Axie Infinity at axieinfinity.com

^[2] Readers could find more information about Sky Gate Application at the following link: congtroi.org

^[3] Blockchain Gaming and the Rise of Axie Infinity, Niko (2021) 

Generally, there are currently no laws or regulations specific to NFTs, and therefore NFTs remain unregulated in Vietnam. Report No. 70/BC-BTP dated March 23, 2020 issued by the Ministry of Justice reviewed the current legal framework on blockchain, noting that there is no legal framework on either: (a) raising capital via the issuance of cryptoassets or cryptocurrencies (e.g., ICO, ITO, STO) or (b) trading cryptoassets or cryptocurrencies, through the operation of centralized exchanges.

Future regulations are expected to impose market entry and business restrictions limiting investment in NFTs, in addition to current generally applicable requirements in relevant sectors such as telecommunications, data centers, digital authentication and identification. For example, draft decree which amends Decree No. 72/2013/ND-CP on management, provision and use of internet services and online information published by the Government proposes that data center services will include co-location services (i.e., server, space, data storage rental) and cloud computing services, and may require local service providers to obtain a ministerial-level approval for operations. In the absence of express governmental guidance, investors may address uncertainty through consulting with the competent authorities on an ad-hoc basis, which is time-consuming and lacks binding effect.

NFT businesses are subject to generally applicable relevant local regulations on data privacy and cybersecurity. Although the Government has not yet adopted the final version of the guiding decree on data privacy, it is possible that NFT businesses in Vietnam may soon be required to comply with data storage localization, more onerous data protection requirements, and requirements to register cross-border data transfers.

On a related note, digital accounts transacting "other transferable assets in cyberspace" are within the applicable scope of a recent draft decree on administrative penalties in cybersecurity published by the Ministry of Public Security. In particular, this draft decree proposes requiring: (1) use of valid identification documents to authenticate digital accounts; (2) suspension of the use of digital accounts at the request of competent authorities; and (3) storage of device information, IP address, and login time of digital accounts for at least 90 days.

The Ministry of Information and Telecommunications has also published a new draft "Law on the Digital Technology Industry" addressing cryptoassets and blockchains, which is targeted for enactment in 2023. The draft law contemplates the introduction of specialized regulations for NFTs and blockchains shortly thereafter.

Whilst an NFT itself is likely not subject to copyright, NFTs can be based on artistic works, and the artistic works underlying the NFTs are protected by copyright. However, as NFTs are currently unregulated in Vietnam, there is still uncertainty as to whether an acquisition of an NFT is considered an assignment or a license of the artistic works underlying the NFTs, and if this is the case, which rights are transferred together with the transfer of the NFTs. This would need to be further defined in future local law and regulation.

In the meantime, the current law provides that whilst other plastic-art works (e.g., works of fine arts, sculpture arts, installation arts, etc.) must be available in unique copies, graphic art works may be presented in as many as 50 copies which are ordinally numbered and bear the author's signature.^[4] To that end, the application of NFTs may be useful to number, identify and manage the limited copies of graphic art works as stipulated by law.

^[4]  Article 13.1 of Decree 22/2018/ND-CP.

As NFTs are closely linked with blockchain and cryptocurrencies, potential investors should be well aware that using cryptocurrencies to make purchases remains illegal in Vietnam since cryptocurrencies are not considered as a lawful type of legal tenders. In Vietnam, legal tender consists of cash and non-cash payment methods defined in non-cash payment regulations (including cheques, payment orders, collection orders, bank cards and other payment instruments as prescribed by the State Bank of Vietnam). Since NFTs are not clearly recognized as a type of asset, the possession and trading of NFTs are unlikely to be protected under the current laws of Vietnam. Accordingly, rights and obligations relating to NFT transactions may not be recognized under the Vietnamese Civil Code or other local law.

On a related note, the Government is currently contemplating a catch-all regulatory sandbox for all forms of fintech in the banking sector. The first draft regulation published in June 2020 allows the participation of payment, credit, peer-to-peer lending, Know-Your-Customer support, Open API, solutions applying innovative technologies (e.g., blockchain), and other services supporting banking activities (e.g., credit scoring, savings, fundraising). The use of NFTs may benefit from implementation of a regulatory sandbox, but the State Bank of Vietnam is still developing the final regulation for implementation.

Although Vietnam has passed various legislation on data privacy and cybersecurity in recent years, the Government has not officially promulgated any specific guidelines. The Ministry of Public Security is collecting opinions from various state agencies and organizations in order to finalize the draft data privacy regulations but there is no certainty around the final date of promulgation.

One consistent key principle throughout the currently effective data privacy legislation is that a data subject must consent to any collection, processing, use and/or transfer (including cross-border transfer) of his/her personal information, and any use of his/her information should be limited to the purposes as informed to and agreed by the data subject.

Although a data subject is permitted to request the deletion of his/her personal data and the data processors must carry out this request in a timely and prudent manner, it may become impossible to do this in respect of personal data stored on the blockchain since such personal data will be permanently recorded in the blockchain ledger.

In the absence of a detailed cybersecurity framework, local authorities have limited flexibility and increased risk exposure. The recent prominent data breach resulting in the disclosure of 17GB of Vietnamese identification card information on Raid Forums was arguably linked with the Know-Your-Customer regime imposed by the digital currency platform Pi Network.^[5] Although this particular incident does not directly relate to NFTs, it illustrates the practical implications of data breaches involving offshore elements, where the Government seemingly did not take any specific action against the alleged data breach and the lawful interests and obligations of the relevant parties were left unaddressed.

On 1 October 2022, Decree No. 53/2022/ND-CP providing guidance on implementation of certain articles of the Law on Cybersecurity (2018) (“Decree 53”)entered into effect, requiring domestic entities to localize storage of certain data and requiring foreign entities to do the same upon occurrence of a series of conditions. Decree 53 generally requires that data of organizations and individuals using cyberspace in the Vietnam territory (service users), including personal information of service users, data created by service users and data on relationships among service users, must be stored in Vietnam. However, data localization requirements differ depending on whether an organization is a domestic or a foreign enterprise. Domestic enterprises (which are enterprises established or registered in accordance with Vietnamese law and having their head-offices in Vietnam) must store data within the territory of Vietnam. Foreign enterprises (which are enterprises established or registered in accordance with foreign laws), only have a conditional obligation to store data in Vietnam and to establish a branch or representative office in Vietnam which is triggered if all of the following conditions are met: (i) the products/services provided by the relevant foreign enterprise fall within one of ten categories of regulated services;^[6] (ii) a breach of cybersecurity regulations is committed using the services provided; (iii) the enterprise receives a written notice from Vietnam’s Department for Cybersecurity and Prevention of High-Tech Crime under the Ministry of Public Security notifying it of breach(es) under the Law on Cybersecurity and requiring rectification; and (iv) the foreign enterprise fails to comply with the requests set out in the notice, and as a result the Ministry of Public Security issues a decision requiring data localization and establishment of a branch or a representative office within twelve (12) months from the date of the written notice. Decree 53 does not specify whether the data must be stored exclusively in Vietnam, and does not include express provisions restricting cross-border data transfer to servers located outside of Vietnam.  

^[5] VNExpress: Luu Quy & Phuong Son, Personal data leak affects thousands of Vietnamese

^[6] Article 26.3(a) of Decree 53 provides that the ten categories are: (1) telecommunication services; (2) storage and sharing data services on cyberspace; (3) providing national or international domain names for service users in Vietnam; (4) e-commerce; (5) online payment; (6) payment intermediation; (7) transport connection services through cyberspace; (8) social networks and social media; (9) online video games; and (10) provision, administration or operating other information services on cyberspace in the form of messages, audio and video calls, emails, or online messaging Services.

As the Government is still in the process of exploring feasible approaches to crypto-related matters, there will be continuing difficulties against domestic trading of NFTs. Although the potential uses of NFTs are endless, it remains to be seen how the Government will monitor the trading of NFTs in absence of any ad-hoc precedent or guidelines. Newcomers such as Axie Infinity and Sky Gate and their users may become unwitting guinea pigs for the local authorities to better evaluate and decide on the legality of NFTs and the corresponding legal framework.

Other use cases of NFTs such as OpenLive NFT and Crystabaya are already gaining momentum. OpenLive NFT is a decentralized platform designed by a Vietnamese team where users can generate, store, buy and sell NFTs. This is quite well-known in Vietnam, and many NFT transactions have been conducted on this platform. Crystabaya is an online trading platform for tourism developed by Crystal Bay Travel Group (a tourism corporation in Vietnam) and Beowulf Blockchain Technology Group which allows NFT online trading for hotel accommodations and other travel products. As modern history has shown with internet technologies: the future is unpredictable and the opportunities are limitless.