Vietnam's 46 item schedule mirrors the EU AI Act's risk tier approach. The test is whether the science ministry can inspect credit, healthcare, biometrics, and education AI at once.
Vietnam's Prime Minister has signed an official list of 46 high-risk AI system types, from biometric identification and credit scoring to healthcare diagnostics and education scoring. The list is published. The bureaucracy that would police it has barely started.
Decision 33/2026/QD-TTG, signed on June 30, 2026, is Vietnam's first enumerated high-risk AI schedule and one of the first such annexes in Southeast Asia, per the government's English portal. Its Vietnamese primary text on the government news service and the official legal database entry for Decision 33 give the 46 categories the force of a prime-ministerial decision, not a guidance note.
The mechanism Vietnam adopted is structurally familiar. It is the EU AI Act's risk-tier approach, ported: enumerate what counts as high-risk, attach conformity, documentation, monitoring, and incident-reporting obligations to deployers, and task a single ministry with oversight. The novelty is jurisdictional. Vietnam is the first major Southeast Asian economy to attach those obligations to a published list rather than a principle, according to the state-affiliated English-language coverage.
The enforcing ministry is the Ministry of Science and Technology (MST). That is where the mechanism meets its limit. MST's own announcement of the 46-category list lays out what high-risk deployers must do: conformity assessment, technical documentation, post-market monitoring, and incident reporting. It does not say how MST will inspect a hospital's diagnostic algorithm in Hanoi and a bank's credit-scoring model in Ho Chi Minh City in the same quarter.
The 46 categories cover sectors that are not currently regulated in the same way. Biometric identification sits next to education scoring; critical infrastructure sits next to autonomous decisioning affecting rights. The EU routes the same span through a centralized EU database, notified bodies, and post-market authorities that have spent years building capacity. Vietnam is starting from a press-release-shaped compliance page, per the legal trade publication Tilleke's analysis of the parent decree.
A single bank operating both a credit-scoring model and a biometric ID system has two high-risk obligations under the same list. A hospital running a diagnostic model and a university using education scoring has the same exposure. The 46-item schedule does not adjust for sector size or deployer maturity; it treats a state-owned utility and a Hanoi startup the same way on paper, as the international trade coverage notes.
The decision takes effect August 15, 2026, with two distinct grace periods. Existing high-risk AI systems in healthcare, education, and banking have until September 1, 2027 to comply. All other existing high-risk systems have until March 1, 2027, per VietnamNews. Inspection quotas and sectoral rollout sequencing remain unpublished. Until MST names the agencies that will inspect, the metrics that count as conformity, and the sanction schedule for non-compliant deployers, the list is a definition, not a regime.
The next test is therefore not a court case. It is a procedural one: whether MST publishes the enforcement architecture that determines whether the 46 categories protect anyone or merely describe them.