The Framework

Vietnam’s Ministry of Information and Communications (MIC) has established a regulatory framework through Official Letter No. 1145/BTTTT-CATTT that creates technical criteria and specifications for cloud computing solutions for e-government deployment.^[1] While technically voluntary, these standards are expected to be adopted throughout the Vietnamese public sector, effectively mandating compliance for any cloud provider seeking government contracts. The MIC recommends that state agencies prioritize cloud service providers that meet technical criteria and are on the list announced by the MIC, creating preferential treatment for certified domestic providers.^[2] Additionally, the original document indicates that Decree 53 on the Law on Cybersecurity expands data retention requirements for both domestic and foreign enterprises operating cloud services, preventing full market access to the technology and security choices typically available in competitive cloud marketplaces. Vietnam’s domestic cloud providers currently hold only 20 percent of the market, yet the government has certified five Vietnamese firms as meeting e-government criteria while foreign providers face additional hurdles.^[3]

Implications for U.S. Technology Leadership

These cloud service restrictions directly undermine U.S. technology leadership by forcing American providers to abandon their core competitive advantages. U.S. cloud leaders like Amazon Web Services, Microsoft Azure, and Google Cloud have invested billions in developing globally standardized, secure, and efficient cloud infrastructure that delivers economies of scale to customers worldwide. Vietnam’s localized technical standards force these companies to create market-specific configurations that fragment their services and prevent them from delivering the full benefits of their global platforms. Data localization requirements are estimated to reduce GDP by 0.7 to 1.7 percent in Brazil, China, the European Union, India, Indonesia, Korea, and Vietnam, while causing cloud service prices in Brazil and the European Union to increase between 10.5 and 54 percent.^[4] The requirement to meet arbitrary local specifications rather than compete on service quality, security, and innovation fundamentally distorts market competition.

The regulatory framework diverts substantial resources from innovation to compliance, weakening American technological competitiveness. Instead of investing in next-generation cloud capabilities, U.S. providers must allocate engineering resources to meet Vietnam-specific technical requirements that offer no genuine security or performance benefits. ITIF analysis shows that data localization precludes cloud service providers from using cybersecurity best practices such as “sharding,” wherein data is spread over multiple data centers for enhanced security—a capability that large-scale cloud computing providers are uniquely positioned to offer.^[5] This regulatory fragmentation multiplies across markets as other countries adopt similar protectionist measures, creating a patchwork of incompatible standards that prevent U.S. cloud providers from achieving optimal efficiency. By blocking American companies from government contracts through discriminatory procurement preferences, Vietnam denies its own public sector access to world-class cloud services while forcing U.S. firms to compete with one hand tied behind their backs. These restrictions ultimately weaken the global position of American cloud providers at a time when cloud infrastructure forms the foundation of digital competitiveness.

Endnotes