State Bank of Vietnam issues 2026 directive to accelerate banking digital transformation and mandate stronger information security controls

The State Bank of Vietnam has issued Directive No. 02/CT-NHNN setting 2026 priorities for digital transformation alongside tighter information security and safety requirements across the banking sector. The directive applies to SBV units, credit institutions and foreign bank branches, payment intermediary service providers, and credit information companies. The measures include continued implementation of national and SBV digital transformation strategies and plans, and developing implementation plans for forthcoming legal frameworks on digital transformation, artificial intelligence and cybersecurity. Governance and capability-building requirements focus on senior accountability for digital transformation and security, and periodic training linked to digital competency assessment. On security, the directive calls for a shift from passive defence to early detection and timely handling of risks, stronger protection of networks, databases and information systems including important payment systems, core banking and internet-facing customer systems, and “security by design” for data centres, digital platforms and new applications, backed by vulnerability remediation and mandatory inclusion of cybersecurity, information security and data security requirements in all information technology programmes and projects. It also sets a minimum budget expectation, requiring at least 15% of implementation budgets to be allocated to cybersecurity and information and data security products and services, and asks the sector to strengthen the Banking Cyber Security and Safety Incident Response Network and deepen domestic and international cooperation.