Vietnam: New decree regulating civil encryption products and services

28 Aug 2025    3 minute read
New Decree Civil Encryption 52 HS Codes

In brief

On 25 July 2025, the Vietnamese government issued Decree 211/2025/ND-CP regulating civil encryption activities ("Decree 211"). Decree 211 will take effect on 9 September 2025, replacing the current regulations on civil encryption under Decree 58/2016/ND-CP (as amended) ("Decree 58").

Notably, Decree 211 narrows the regulatory scope over certain civil encryption products by removing the business licensing requirements and import/export permit for specific products. In addition, Decree 211 introduces several highlights on registration dossiers and administrative sanctions.

Contents

Key takeaways

Decree 211 introduces the following notable changes:

  • Narrowing of the scope of civil encryption products subject to business licensing requirements
  • Removal of 52 HS codes from the list of civil encryption products subject to import/export permits
  • Introduction of three regulatory templates in the business license application dossier
  • Other noteworthy amendments

In more detail

  1. Narrowing of the scope of civil encryption products subject to business licensing requirements

Pursuant to the Law on Cyberinformation Security 2015, businesses engaging in the civil encryption products and services mentioned in the list provided in Appendix I of Decree 58 are subject to business licensing requirements.

Decree 211 introduces the following amendments to Appendix I:

  • Removal of certain civil encryption products from the scope of the business licensing requirement, including, for example, cryptographic components of a PKI system and channel security products
  • Revision of the list of exempted products, whereby five additional categories of civil encryption products are exempted from the business licensing requirement, while two categories that were previously exempted have been removed
  1. Removal of 52 HS codes from the list of civil encryption products subject to import/export permits

Certain civil encryption products are subject to import and export licensing requirements. The list of these products is currently set out in Appendix II of Decree 58. Decree 211 amended this list by removing 52 HS codes from the catalogue of civil encryption products requiring import/export permits.

  1. Introduction of three regulatory templates in the business license application dossier

A notable change introduced under Decree 211 is the addition of three new templates in Appendix III. These are to be included in the application dossier for obtaining a business license for civil encryption products and services. Specifically, the following templates have been introduced:

  • Technical Plan (Form No. 3)
  • Business Plan (Form No. 4)
  • Network Information Security and Safety Plan (Form No. 5)
  1. Other noteworthy amendments

In addition to the changes outlined above, Decree 211 introduces several further noteworthy provisions.

  • Under Appendix II (i.e., List of civil encryption products subject to import/export permits), technical encryption characteristics and product descriptions are now specified for each HS code, rather than only the product name and functional description as currently provided.
  • Decree 211 clearly specifies the sequence and deadlines for receiving dossiers, checking validity, supplementing dossiers and issuing licenses upon receiving a complete and valid dossier.
  • Enterprises are no longer required to submit copies of certain licenses or certificates (i.e., enterprise registration certificate, investment registration certificate, the business license for civil encryption products and services, and the certificate of conformity for imported civil encryption products). Instead, the Government Cipher Committee will verify this information through the National Database.
  • Decree 211 supplements new provisions regarding the responsibilities, procedures and formalities for the conformity assessment and declaration of conformity for civil encryption products.
  • Administrative fines for various violations relating to the business of civil encryption products and services will be increased, such as the following:
  • Engaging in business without a business license may be subject to a fine of VND 50 million to VND 180 million (previously VND 40 million to VND 50 million).
  • Conducting business activities that are inconsistent with the contents of the business license may be subject to a fine of VND 50 million to VND 60 million (previously VND 20 million to VND 30 million).

* * * * *

Ngoc Trung Tran, Senior Regulatory Advisor, and Trung Kien Nguyen, Tax Practitioner have contributed to this legal update.

Contact Information
Manh Hung Tran
Partner at BakerMcKenzie
Hanoi
Read my Bio
tmh@bmvn.com.vn
Thanh Vinh Nguyen
Partner at BakerMcKenzie
Ho Chi Minh City
Read my Bio
thanhvinh.nguyen@bmvn.com.vn

Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.