DMEC / MoH
Vietnam — DMEC / MoH
Decree 98/2021/ND-CP + Decree 07/2023 + cybersecurity overlay
Authority
Department of Medical Equipment and Construction, Ministry of Health
Enforced
Jan 2022
Legal framework
Decree 98/2021 + Decree 07/2023 + Cybersecurity Law 2018 + PDPD 2023
Scope
All medical devices in Vietnam; risk-class A/B/C/D registration regime.
Pre-market
Risk-class registration dossier; ASEAN CSDT template; FDA / CE accepted as supporting evidence.
Post-market
Adverse-event reporting to MoH; cyber-incident reporting under Cybersecurity Law.
SBOM
RecommendedEncouraged for SaMD; mirrors IMDRF N60.
Vulnerability disclosure
VNCERT/CC coordinated disclosure recommended.
Penalty
Registration cancellation; PDPD fines; criminal liability under Cybersecurity Law.
Unique requirements
- 01Vietnamese Registration Holder
- 02Vietnamese-language IFU and labelling
- 03Data localisation for personal data
Highlights
- PDPD 2023 introduced GDPR-style data rules
- Data localisation for connected devices
- ASEAN CSDT template alignment
Aligns with
Timeline
-
Jan 2022
Decree 98/2021 effective
-
Mar 2023
Decree 07/2023 amends transition rules
-
Jul 2023
PDPD 2023 effective
Key documents
Related markets
Frequently asked about Vietnam
Is SBOM required for medical devices in Vietnam?
Recommended. Encouraged for SaMD; mirrors IMDRF N60.
What does DMEC / MoH require for pre-market cybersecurity?
Risk-class registration dossier; ASEAN CSDT template; FDA / CE accepted as supporting evidence.
What are the post-market cybersecurity obligations under DMEC / MoH?
Adverse-event reporting to MoH; cyber-incident reporting under Cybersecurity Law.
What is the penalty for non-compliance with DMEC / MoH cybersecurity rules?
Registration cancellation; PDPD fines; criminal liability under Cybersecurity Law.
How much of my FDA cybersecurity package is reusable in Vietnam?
Roughly 70% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).