Vietnam Verification Intelligence

Verification in Vietnam is compliance-driven.
Access is consent-based and permission-controlled.

What's in place
  • Law 91/2025 establishes a data protection framework
  • BHXH tracks social insurance contributions
  • CCCD national identity system is rolling out
What shapes outcomes
  • Verification requires candidate consent at every step
  • Institutional access depends on permission, not process
  • 63 provinces operate independent record systems
Request a Vietnam programme review
Who this is for
Procurement
Cost model and commercial terms.
Talent Acquisition
Turnaround and exception handling.
TPRM & Compliance
Audit-defensible evidence chain.
Information Security
Data path, encryption, controls.

Vietnam's verification environment is shaped by regulation, not infrastructure

FDI manufacturers, GCC operators, IT/BPO firms, and multinationals hiring in Vietnam face a verification environment where compliance requirements define the boundaries of what can be checked, confirmed, and documented.

FDI and manufacturing

Vietnam is a primary destination for FDI manufacturing, with industrial zones across 63 provinces. Screening workers across multiple facilities and provinces means navigating fragmented record systems with no centralised access.

Manufacturing corridors

Industrial zones in Binh Duong, Dong Nai, Bac Ninh, and Hai Phong each operate within their provincial administrative systems. Verification pathways differ by location, not just by check type.

IT/BPO and GCC operations

Ho Chi Minh City and Hanoi host growing IT outsourcing and shared services centres. These operations handle sensitive client data and face dual compliance requirements from Vietnamese law and client-country standards.

Regulatory framework

Law 91/2025 and Decree 356/2025 establish Vietnam's data protection regime. Consent is not optional. Every verification step requires documented candidate authorisation. The framework treats consent as a constraint, not a formality.


What programmes expect vs what the environment produces

Vietnam's regulatory structure creates the appearance of an organised system. In practice, access is permission-gated at every level. The gap between expectation and outcome is shaped by consent, provincial fragmentation, and institutional response.

What the programme expects What the environment often produces
Expectation
Criminal records confirmed through a national database
Reality
Criminal record certificates (Ly lich tu phap) are issued by the Provincial Department of Justice. There is no centralised criminal database accessible to employers or verification vendors. The candidate must apply personally.
Expectation
Employment history confirmed through institutional records
Reality
BHXH confirms social insurance contributions but not roles, responsibilities, or performance. Direct employer verification depends on whether the former employer responds. Many private-sector employers have no formal HR records process.
Expectation
Education credentials verified through centralised systems
Reality
No centralised education verification system exists. Degree confirmation requires direct contact with the issuing university. Response times vary widely. Provincial institutions are often less responsive than universities in Hanoi or Ho Chi Minh City.
Expectation
Identity verified through a single national ID system
Reality
Vietnam is transitioning from CMND (9-digit) to CCCD (12-digit, chip-based). Both formats remain in circulation. The transition is province-dependent. Matching identity across systems requires handling both formats and verifying issuance status.
Expectation
One verification workflow covers all candidate types
Reality
Vietnamese nationals, foreign workers with work permits, and candidates with cross-border employment history each follow different verification pathways. MPS registration requirements for foreign nationals add a separate layer.

Information may exist within the system.
Access depends on consent, permission, and provincial cooperation.

Vietnam's verification environment is not defined by whether records exist. It is defined by whether those records can be accessed, confirmed, and documented within the constraints of the consent and permission framework.


Where verification outcomes are shaped by consent, access, and provincial fragmentation

Each check type in Vietnam operates within its own permission chain. Completeness is determined by what the candidate consents to, what institutions are willing to confirm, and which province holds the records.

Candidate consent

Law 91/2025 requires explicit, documented consent before any personal data can be collected or verified. Consent is not a box to check. It is a legal prerequisite that gates every verification step. Without it, the check cannot proceed.

Consent is not a formality. It is the first constraint in every verification chain.

Institutional access

BHXH, universities, and provincial agencies hold records but are not obligated to share them with private verification vendors. Access depends on whether the institution responds and whether the request meets their internal procedures.

The institution holds the record. Whether it confirms depends on permission, not process.

Provincial fragmentation

Vietnam's 63 provinces maintain independent administrative systems. Criminal records, identity documents, and civil records are managed at the provincial level. There is no centralised national database that verification vendors can query.

The province where the record was created determines the access pathway.

Identity transition

The CMND-to-CCCD transition creates a period where two identity formats coexist. Not all provinces have completed the rollout. Matching a candidate's identity across employment records, education credentials, and criminal certificates requires handling both formats.

Two systems, one candidate. Verification must bridge both until transition completes.

Vietnam's verification environment is permission-based. Every check depends on consent from the candidate, cooperation from the institution, and access within the province that holds the record. The process does not control the outcome.


How these conditions affect FDI, GCC, IT/BPO, and cross-border operations

Each operating model interacts with Vietnam's consent-based, permission-controlled verification environment differently. The structured regulatory framework can mask situations where access limitations produced less coverage than what was assumed.

FDI manufacturers

FDI operations hiring across multiple provinces face verification pathways that differ by location. A programme designed around a single verification workflow will produce inconsistent coverage when workers are sourced from Binh Duong, Bac Ninh, and Hai Phong simultaneously. Each province controls its own record access.

GCC and shared services

GCCs serving multiple business units face dual compliance pressure: Law 91/2025 requirements for Vietnamese data protection and client-country standards (GDPR, SOC 2, ISO 27001). When verification outputs do not align with the parent organisation's expectations, the GCC carries the compliance gap. Consent documentation must satisfy both frameworks.

IT/BPO outsourcing

IT and BPO operators in Ho Chi Minh City and Hanoi handle sensitive client data. Screening requirements from client contracts may exceed what Vietnamese verification infrastructure can confirm. The gap between what the client expects and what the environment produces is often invisible until an audit or incident forces examination.

Cross-border compliance

Candidates with employment history across Vietnam, China, South Korea, Japan, or Singapore require multi-jurisdictional verification. Each country adds a separate consent requirement, access pathway, and documentation standard. Law 91/2025 restricts cross-border transfer of personal data, adding a compliance layer to every outbound verification request.

These conditions are not exceptions. They represent the operating reality for every verification programme in Vietnam.

Vietnam's verification system is not broken.
It is consent-based, permission-controlled, and provincially fragmented.

Understanding the gap between regulatory structure and verification completeness is the first step toward a programme that produces defensible outcomes.

Decision intelligence

The full Vietnam verification environment, mapped

Our Vietnam Decision Intelligence Report covers every check type, consent requirement, provincial access constraint, and operational dependency. Built for decision-makers who need to understand what their programme actually confirms.

Read the Vietnam deep dive

Consent framework. Provincial access. Regulatory constraints. Updated May 2026.

If this reflects your operating environment, we can walk through your current verification approach.

Start a conversation Estimate programme cost
Share this