With the recent surge in electronic transactions, electronic signatures have become a vital tool, offering significant advantages for both parties. These include resource savings and the ability to securely express the will of the transaction parties. Unsurprisingly, there has been a growing number of inquiries from both domestic and foreign entities regarding the use of e-signatures for legal documents.

In Vietnam, it is important to use electronic signatures carefully and ensure compliance with Vietnamese law. Any non-compliance can jeopardize the validity of the e-signature and potentially impact the entire transaction process.

The brochure addresses the key legal framework for the valid and effective use of e-signatures in various types of electronic transactions conducted within the Vietnamese jurisdiction. This information is crucial for both Vietnamese and international entities engaged in or considering electronic transactions in Vietnam.

1. The Legal Frameworks

Electronic signatures have been governed by the Law on E-Transaction (“LOET”) 2005, which was replaced by the LOET 2023, effective from 01 July 2024.

Within the transmission of these laws, the following regulations have remained valid at this brochure's time.

  • Decree 52/2013/ND-CP amended by Decree 85/2021/NĐ-CP;
  • Decree 130/2018/ND-CP;
  • Decree 165/2018/ND-CP;
  • Decree 166/2016/ND-CP, amended by Decree 140/2018/ND-CP.

The new and updated regulation has been promulgated to guide the implementation of the new LOET 2023, including:

  • Decree 68/2024/ND-CP regulating digital signatures for public service effective from 15 August 2024, and
  • Circular 06/2024/TT-BTTTT on recognition of foreign electronic signature certification organizations; recognition of foreign electronic signatures.

In general, the LOET 2023 fundamentally remains unchanged in terms of principles but amends and supplements the specific provisions for more clearance and completion of electronic signatures, advanced electronic signatures, and digital signatures, the recognition of foreign organizations providing electronic signature certification services, and the recognition of foreign electronic signatures and electronic certificates.

2.  What is an E-Signature?

According to the LOET 2023, E-signature is defined as a signature created in the form of electronic data that is attached to or logically combined with a data message to authenticate the signatory and confirm his/her approval of the data message.

The definition of E-signatures under LOET 2023 is no different from that of LOET 2005 in terms of the function of the e-signatures regarding the determination of the signatory and confirmation of the signatory’s approval of the data message. However, LOET 2023 provides a more generalized definition of electronic signatures, stating that it is a signature created in the form of “electronic data” logically linked or associated with the data message, rather than enumerating specific data forms such as “words, letters, numbers, symbols, sounds, or other forms in electronic media” as the 2005 LOET did. Besides keeping the given definition of the “data message”, “data” as LOET 2005, and LOET 2023 also define the other components of an electronic signature, including “electronic”, “electronic environment”, and “electronic data”. In combination with all the elements in the definition of e-signature, it is understood that an E-signature has the following characteristics:

  • The form of E-signature can be symbols, scripts, numerals, images, sounds, and the like that are created, processed, and stored by electronic means which includes[1] hardware, software, information systems, or other means designed using information technology, electrical technology, electronic technology, digital technology, magnetic technology, wireless transmission technology, optical technology, electromagnetic technology, or other similar technologies[2]. And,
  • The e-signature must be attached to or logically combined with a data message to authenticate the signatory and confirm his/her approval of the data message which means information created, sent, received, and stored by electronic means.

3. What are digital signatures?

In practice, there are some misunderstandings that E-signatures are digital signatures. It is noticeable that digital signatures are one of the forms of E-signatures. The legal aspect under the Law on E-Transaction has a different definition for digital signature, which is defined as an e-signature using asymmetric key algorithms consisting of a private key and a public key. The private key is used to make a digital signature, while the public key is used to verify the digital signature. A digital signature ensures the authenticity, integrity, and undeniability but cannot guarantee the confidentiality of the data message.

4. What are the types of E-Signatures?

LOET 2023 categorizes E-signatures based on the scope of use, including Specialized e-signatures, Public digital signatures, and Public duty-specialized digital signatures.

4.1 Specialized e-signature

  • Definition: Specialized e-signature is an e-signature created by an agency or organization, and exclusively used for its activities in conformity with its functions and tasks.[1]
  • Subjected user: agency or organization.
  • Validity Conditions: The following conditions must be fully satisfied to have specialized e-signatures validated:
    • To certify the signatory and confirm his/her approval of the data message;
    • Data to create a specialized e-signature is solely associated with the content of the approved data message;
    • Data to create a specialized e-signature is only under the control of the signatory at the time of signing;
    • The validity of the specialized e-signature can be checked according to the conditions agreed upon by the parties to the agreement.
  • Validated scope of Usage: For internal use purposes, the specialized e-signature is validated. However, to use for conducting transactions with other organizations and individuals, a secured specialized e-signature is required.
  • Secured specialized e-signature: It is a specialized e-signature for which the Ministry of Information and Communications (“MIC”) grants secured specialized e-signature certificates. The government has promulgated the Decree on Regulations on Electronic Signatures and Trust Services has been developed, containing detailed guidance on the requirements and process for obtaining secured specialized e-signature certificates.
  • Restrictions: Agencies and organizations creating specialized e-signatures are not allowed to provide specialized e-signature services.

4.2 Public digital signature and Public duty-specialized digital signature

  • Definition
    • A public digital signature is a digital signature used in public activities and secured by a public digital signature certificate.
    • A public duty-specialized digital signature is a digital signature used in public-duty activities and secured by a certificate of public duty-specialized digital signature.
  • Subjected user
    • A public duty-specialized digital signature is used by (i) Agencies and organizations belonging to state agencies; political organizations; social and political organizations; and business units-public; (ii) Cadres, civil servants, public employees, people working in the people's armed forces and people working in secret organizations.
    • A public digital signature is used by non-state entities/organizations/agencies/individuals.
  • Validity Conditions: the following conditions must be fully satisfied to have the Public digital signature validated:
    • Meets the same conditions as a specialized e-signature excluding the validity of the e-signature can be verified according to parties’ agreed-upon conditions;
    • All data changes after signing are detectable.
    • Secured by a public digital signature certificate issued by a licensed organization providing the authentication service for public duty-specialized digital signatures.
    • Means of Signature creation protects data from disclosure, collection, or use of counterfeiting signatures; ensures data to create digital signatures can be used only once; and ensures to-be-digitally-signed data is not changed.

5. Legal validity of e-signatures

LOET 2005 outlines the general standards that an e-signature must meet to have the same legal validity as a handwritten signature in cases where the law requires a document to be signed or sealed. These standards are named:

  • The method of creating the e-signature permits to identification of the signatory and indicates his/her approval of the contents of the data message;
  • Such a method is sufficiently reliable and appropriate to the purpose for which the data message was originated and sent.

It can be seen that LOET 2005 only gives a general legal framework for the validity of e-signatures so the validity of the e-signatures has to be proved. LOET 2023 supplements and amends this perspective with more details and clearance, the legal validity of e-signatures is strengthened and recognized that:

  • The legal validity of an e-signature cannot be denied because it is displayed in the form of an e-signature.
  • The e-signature displayed as a secured specialized e-signature or digital signature of an individual is as legally valid as his/her signature on a paper document.
  • In case the law requires a document to be certified by an agency or organization, a data message is deemed to meet such requirement if it is signed by a secured specialized e-signature or digital signature of such agency or organization.

6. Foreign e-signatures and e-signature certificates

E-signatures and e-signature certificates of foreign nationals accepted in international transactions in the specified conditions (i) belong to foreign organizations and individuals who are not present in Vietnam, (ii) are effective on data messages sent to Vietnamese organizations and individuals.

Organizations and individuals shall select and take responsibility for accepting e-signatures and e-signature certificates of foreign nationals on data messages to be used in international transactions.

The foreign e-signatures and e-signature certificates facilitating cross-border e-transactions are recognized in Vietnam under specific conditions.

Conditions for Recognition: Foreign e-signatures and certificates are recognized if they meet the following criteria:

  • Compliant legality: They adhere to Vietnamese e-signature regulations or recognized international standards/treaties in Vietnam participates.
  • Verified Identity: They are created based on complete and authenticated identification information of foreign organizations and individuals.

Recognized Objects:

  • Foreign organizations and individuals
  • Vietnamese organizations and individuals wishing to conduct e-transactions with organizations and individuals of countries where e-signatures and e-signature certificates issued by domestic service providers are not recognized.

Recognition outcome:

  • Successful:
    • A recognition certificate is issued;
    • The recognized foreign e-signature certificate is added to the trusted list and published on the Trusted Service Certification System.
  • Unsuccessful:
    • The Ministry will notify the applicant with reasons for denial.

Recognition Validity Period: is valid for 05 years, but not exceeding the e-signature certificate's validity period.

Changes and Re-Recognition: Organizations and individuals must report changes affecting recognized foreign e-signatures and certificates and request re-recognition.

7. Other forms of electronic authentication

Under LOET 2005, other common forms of e-signatures can be named, such as scanned signatures, email signatures, and image signatures. While the law doesn't explicitly define these types, as long as they meet the requirements for e-signatures, they are considered valid as e-signatures. However, with the new classification of E-signatures under LOET 2023, these forms are not considered e-signatures but are recognized as the other certification methods by electronic means for indicating the signatory’s approval of the data message other than e-signatures. The use of these forms must comply with other relevant laws. This approach is consistent with the Civil Code 2015 (i.e. Article 400.4), besides signing, the time of entry into a written contract can be the time when the last party expresses his/her/its acceptance in writing.

Disclaimer: This Newsletter contains only brief notes and includes legislation in force as of October 2024. The information herein is general and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one is entitled to rely on this information, and no one should act on such information without appropriate professional advice obtained after a thorough examination of the particular situation.

[1] Point a, Clause 1, Article 22 Law on E-Transaction 2023

[1] Clause 6, Article 3 Law on E-Transaction 2023

[2] Clause 2, Article 3 Law on E-Transaction 2023