State Bank of Vietnam outlines Open API legal and security requirements to support open banking at Fintech Connection event

The State Bank of Vietnam hosted a Fintech Connection event in Hanoi focused on data sharing for financial inclusion and innovation, positioning Open API as core connectivity infrastructure for open banking in Vietnam. Officials used the forum to set out how the Open API framework is intended to enable safer, standardised data connectivity between banks and third parties. The State Bank of Vietnam linked Open API implementation to its banking sector digital transformation agenda, including a digital transformation plan issued in 2021 and the Banking Sector Digital Transformation Strategy to 2030 and the Banking Sector Data Strategy to 2030 issued on 3 November 2025. Circular 64/2024 on Open API, effective from 1 March 2025, was presented as the first sector-specific legal instrument directly governing Open API and as aligned with cross-sector laws on credit institutions, electronic transactions, information security, cybersecurity and personal data protection. The circular clarifies roles in data sharing, with banks as data controllers and ultimately legally responsible, third parties as data processors limited to agreed and customer-consented use, and customers as data subjects with rights to consent, view sharing history and withdraw consent at any time. It also sets technical and security requirements including REST architecture, JSON data format, OAuth 2.0 authentication, TLS version 1.2 or higher, JWS-standard electronic signatures, and a minimum information system security level of 3 for banks, alongside security assessment and commitments for connecting third parties.