Skip to content
Bizzi AI Governance Framework
Pillar II: Legal and Regulatory · § 04

Data residency and Vietnamese sovereignty

For enterprise and banking tenants, all inference and all vector database storage must occur inside data centers located within Vietnamese territory. This is a contractual commitment, not a marketing position. It is citable in RFPs, security reviews, and DPAs.

Context

Section titled “Context”

The Cybersecurity Law (2018) Article 26 requires in-country storage for certain service categories. Decree 13/2023 Articles 24 and 25 govern cross-border transfers of personal data. Beyond the law, banking customers operating under SBV Circular 09/2020 cannot accept their accounting AI runs on an offshore region. Residency is both a legal and a commercial gate. You hold it at the architecture level.

How we implement

Section titled “How we implement”

The Vietnamese residency commitment covers.

  • OLTP. The operational database holding transaction-level data and the placeholder-to-real-value PII mapping.
  • OLAP. The analytics warehouse.
  • Vector database. Embeddings and the RAG corpus.
  • Inference. Every LLM call touching tenant data.
  • Audit logs. Full logs through the observability layer.
  • Backups. Replicated to the technically feasible boundary.

It does not cover, without a separate written agreement.

  • Cold object storage for archives older than 5 years. Allowed to sit in another cloud region with customer-held encryption keys.
  • Operational metadata (timestamps, request counts). Allowed to flow through an international observability vendor, but never carries content.

The three deployment options

Section titled “The three deployment options”

Option 1. Private LLM, self-hosted in Vietnam. For tenants requiring absolute independence, you run an OSS model (Llama, Qwen, or a fine-tune) on infrastructure located in Vietnamese data centers. Trade-off. Higher cost, lower model quality than flagship LLMs, but data never leaves the country.

Option 2. Regional LLM provider with residency commitment. Certain commercial providers allow inference to be pinned to an Asia-Pacific region with a binding “data does not leave region” clause. Pick the region closest to Vietnam. Singapore, Southeast Asia. Residency is verified through the DPA plus audit evidence.

Option 3. Multi-region routing (default tenants only). For tenants without a contractual residency requirement, you route across regions to optimize cost and quality. This option is unavailable to enterprise and banking tenants by default.

Every enterprise and banking contract picks Option 1 or Option 2 in writing.

Verifiability

Section titled “Verifiability”

Customers request the following evidence at any point.

  • Topology document. The tenant-specific architecture diagram.
  • DPA. The Data Processing Addendum stating the region.
  • Sub-processor list. The full list of third-party processors and their regions.
  • Audit trail. Logs recording the inference region per call, available for spot-checks.

When a tenant chooses Option 3

Section titled “When a tenant chooses Option 3”

A tenant waives residency to use a flagship offshore model. When that happens, three controls become mandatory.

  • The customer’s DPO approves the waiver in writing.
  • The DPA states the regions and the data categories explicitly.
  • The LLM vendor holds a Zero Data Retention commitment.

Standards mapping

Section titled “Standards mapping”