We are delighted to present the first issue of our Asia TMT Bulletin for 2026!
Happy new year! We thank you for your support in 2025 and look forward to working with you in 2026. As we enter 2026, the regulatory landscape across Asia continues to evolve at pace, and this year promises to be particularly significant for technology regulation in the region.
Vietnam is leading the charge with a comprehensive regulatory overhaul, as new laws on personal data protection, cybersecurity, artificial intelligence, and e-commerce all take effect throughout the first half of this year.
Online safety remains a key regulatory priority across jurisdictions, with Australia's social media ban for under-16s recently commencing, UAE introducing new legislation to protect children, and Hong Kong's privacy regulator publishing guidance addressing AI deepfake risks for children.
Data Privacy
Vietnam: Decree guiding the Law on Personal Data Protection effective 1 January
The Decree guiding the Law on Personal Data Protection replaces the Personal Data Protection Decree. It introduces strict criteria for valid consent, periodic updates of data processing impact assessments, and data protection rules in financial services activities, metaverse, blockchain, and big data.
Cybersecurity
Vietnam: New Law on Cybersecurity effective 1 July
The Law on Cybersecurity 2025, replaces the Law on Cybersecurity 2018 and the Law on Cyberinformation Security 2015, consolidates the principles and requirements for cybersecurity and cyberinformation protection under the existing regulations, and introduces new regulations prohibiting the use of AI for illegal purposes.
UAE: New federal decree-law to protect children online
The UAE has issued a federal decree-law imposing obligations on internet service providers and digital platforms to protect children and promote responsible use of age-appropriate digital content, such as by implementing age verification mechanisms and default privacy settings.
China: Draft measures on network data security risk assessments
The Cyberspace Administration of China has issued draft measures on network data security risk assessments, requiring regular assessments and reporting by important data processors, enabling regulator‑mandated third‑party assessments, and aligning assessments with national data security standards and existing cybersecurity compliance frameworks.
Thailand: New measures to prevent digital payment fraud and mule accounts
The Bank of Thailand has issued a notification under the law on payment systems on standards and measures to prevent cybercrime against service providers. This notification aims to combat technology‑related crime targeting licensed payment service providers, including e‑money and card providers.
Intellectual Property
Vietnam: Law amending the Law on Intellectual Propertyenacted, effective 1 April
The Amendments to the Law on Intellectual Property address AI-related IP issues, allowing lawful use of published data for AI training if IP rights holders are not unreasonably affected. Provisions for using IP rights as collateral are also introduced.
Indonesia: Decision on payment responsibility for performing right royalties
The Constitutional Court affirmed that event organisers, rather than performers, are responsible for paying performing right royalties, resolving disputes between composers and performers over this obligation. Revisions to Indonesian copyright laws are anticipated to further clarify the payment mechanism.
Digital Platform Services
Australia: Social media ban for children under 16 commences
Australia’s ban on social media for under-16s took effect on 10 December. Platforms, including Facebook, Instagram, Snapchat, TikTok, X, and YouTube, must take “reasonable steps” to prevent minors from accessing their services. Breaches can attract penalties up to AUD$49.5 million. Read more.
Artificial Intelligence
Vietnam: Law on Artificial Intelligence is officially released
The National Assembly enacted the Law on Artificial Intelligence, effective 1 March. This law provides a framework for AI development and use, including risk-based classification, responsibilities for AI developers and suppliers, and measures to promote AI development such as a national AI Development Fund.
Hong Kong: Office of the Privacy Commissioner for Personal Data publishes guidance on Deepfakes
The regulator published a toolkit addressing AI deepfake risks for children and young people. It provides guidance for schools and parents on preventing malicious deepfakes, protecting personal data privacy, handling incidents, as well as providing common types and examples of deepfakes.
Digital Economy
Vietnam: Law on E-commerce passed, effective 1 July
The Law on E-commerce introduces rules on automated contracts, auxiliary services, and affiliate marketing in e-commerce. Moreover, foreign e-commerce platform providers must either establish or appoint a local entity, or maintain a deposit in Vietnamese bank, when operating in Vietnam.
Singapore: IMDA signs new memorandum of understanding with Chongqing government
IMDA and Chongqing Municipal People’s Government have signed an MOU to strength digital and data policy information sharing, as well as promote business collaboration in AI, blockchain and data analytics. The parties will also explore the development of a “Digital New International Land-Sea Trade Corridor”.
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/2025-11-18-11-52-26-962-691c5dfa104d74a7c40dcb41.jpg)
/Passle/5c4b4157989b6f1634166cf2/SearchServiceImages/2026-01-13-12-37-35-768-69663c8f966611ff708e0fc1.jpg)
