This Circular aims to perfect the legal framework, strengthen state management and strengthen the trust of people and businesses in electronic transactions.
The Circular is applied to organizations and individuals participating in or related to technical audits of information systems, procedures for providing safety-assured electronic signature services, electronic signature certificates, digital signatures and other trust services.
A noteworthy point is that organizations and agencies using or providing electronic signatures to ensure safety are encouraged to proactively conduct technical audits, self-assess the level of safety and comply with technical standards instead of just waiting for periodic inspections. In particular, reliable service providers will have to conduct a periodic technical audit every 2 years to ensure that the system always meets security and quality requirements.
According to regulations, technical audit includes 2 stages: assessing information and documents during the planning stage and conducting field inspections at audited organizations. Each audit has a maximum duration of 6 months, and can be extended to a maximum of 45 days if necessary to complete the remedial actions.
After completion, the auditing organization must prepare a Technical Audit Report with a decision on whether or not to issue a certificate. The report needs to fully include information about the assessment method, system testing results, security risk analysis and technical recommendations.
The appointment of technical auditing organizations is carried out by the National Committee for Standards, Metrology and Quality (under the Ministry of Science and Technology). This agency receives, appraises the dossier and proposes to the Minister to appoint competent units. The National Electronic Certificate Center (NEAC) is responsible for receiving and synthesizing audit reports from organizations, and at the same time preparing periodic reports to the Minister to serve state management work.
According to the Ministry of Science and Technology, the promulgation of technical auditing regulations for electronic signatures and trust services is an important step in ensuring safety, security and transparency in digital transactions. This regulation not only standardizes the independent assessment process, enhances risk control capability but also promotes technological autonomy, contributing to building a safe, reliable digital environment and sustainable development. The Circular takes effect from January 1, 2026.
