Regulations on receipt of data messages with digital signature in Vietnam

Regulations on receipt of data messages with digital signature in Vietnam​ (Image from the Internet)

Obligations of the recipient when receiving a data message with digital signature in Vietnam

According to Article 16 of Decree 23/2025/ND-CP, the obligations of the recipient when receiving a data message with digital signature are specified as follows:

(1) Before accepting the digital signature of the signer, the recipient must verify the following information:

- The status of the digital signature certificate, its usage scope, liability limits, and the information on the signer's digital signature certificate must ensure identification according to legal regulations on electronic identification and authentication;

- The digital signature must be generated by a private key corresponding to the public key on the signer's digital signature certificate;

- For digital signatures generated by a foreign digital signature certificate recognized in Vietnam, the recipient must verify the validity of the digital signature certificate both on the national electronic authentication service provider's trustworthy system and on the electronic signature authentication service provider's system for foreign organizations.

(2) The recipient must perform the procedure to check the status of the digital signature certificate as follows:

- Check the status of the digital signature certificate at the time of signing, its usage scope, liability limits, and the information on that digital signature certificate according to Article 6 of Decree 23/2025/ND-CP on the information system of the agency or organization that created, granted, and issued that digital signature certificate;

- In the case where the signer uses a public digital signature certificate issued by a public electronic signature authentication service provider: check the status of the public digital signature certificate of the service provider who issued that public digital signature certificate at the time of signing on the national electronic authentication service provider's trustworthy system;

- The digital signature on the data message is only valid when the verification result is simultaneously valid.

(3) The recipient is responsible for accepting the digital signature certificate in the following cases:

- Failure to comply with regulations on checking information, the status of the digital signature;

- Being aware or informed of the suspension, revocation, or expiration of the subscriber's digital signature certificate.

(4) Use software to verify digital signatures that meet the requirements.

Requirements for digital signature software, digital signature verification software in Vietnam

According to Article 17 of Decree 23/2025/ND-CP, the requirements for digital signature software, and digital signature verification software are specified as follows:

(1) Digital signature software and digital signature verification software must comply with technical standards for digital signatures on data messages; they must not use technical or technological barriers to limit the verification of digital signature validity.

(2) Digital signature software must have the following functions:

- Authentication of the signer and digital signing functions;

- Verification of the validity of the digital signature certificate where the information within the digital signature certificate is ensured to be identified according to legal regulations on electronic identification and authentication; a connection function with the public digital signature authentication service connection portal;

- Storage and cancellation functions for information accompanying the data message with digital signature;

- Functions to change (add, remove) digital signature certificates of agencies or organizations that created, granted, and issued the digital signature certificate;

- Notification functions (by text or symbol) for the signer to know whether the digital signing of the data message was successful or unsuccessful.

(3) Digital signature verification software must have the following functions:

- Checking the validity of the digital signature on the data message;

- Storage and cancellation functions for information accompanying the data message with digital signature;

- Functions to change (add, remove) digital signature certificates of agencies or organizations that created, granted, and issued the digital signature certificate;

- Notification functions (by text/symbol) whether the digital signature validity check is valid or invalid.

The above is the regulation content when receiving a data message with digital signature.

Le Quang Nhat Minh

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE