Introduction

With the unique characteristics of blockchain technology — where all transactions are publicly recorded, transparent, and cannot be modified or deleted — the digital asset ecosystem gains a significant advantage in ensuring trust and traceability. Notably, the Vietnam Blockchain and Digital Asset Association (VBA) recently announced that its tool ChainTracer, developed in-house, successfully assisted authorities in tracing multiple transactions from three years ago related to the AntEx project.

Thanks to these strengths, the digital asset market is an inevitable trend, driven by technological advances and increasing investor interest. Recognizing both opportunities and challenges, the Government of Vietnam proactively issued Resolution 05/2025/NQ-CP, establishing a pilot legal framework for Non-Fungible Tokens (NFT). The objective of this Resolution is both to regulate and to encourage innovation in the NFT sector, while minimizing risks such as financial instability and illegal activities.

Part I — Legal requirements and licensing procedures

1. Capital requirements

According to the Resolution, only Vietnamese enterprises are eligible for licensing to organize a digital asset trading market, under two legal forms: limited liability company or joint stock company. The minimum charter capital is set at VND 10,000 billion (approximately USD 400 million), and must be contributed in cash (VND).

Regarding shareholder/member structure, at least 65% of the capital must be held by institutions; within that, more than 35% must be contributed by at least two institutions (e.g. commercial banks, securities companies, investment funds, insurance companies, or technology enterprises). Foreign investors may participate in contributing capital or purchasing shares but may not exceed 49% of charter capital. Contributing institutions must demonstrate at least two consecutive years of profitability through audited financial statements with an unqualified opinion.

2. Personnel and technology requirements

The Resolution sets out requirements on personnel and technology including:

• The General Director (Director) must have at least 2 years’ experience in finance, securities, or banking.

• The Chief Technology Officer (or equivalent position) must have at least 5 years’ experience in the FinTech sector.

• At least 10 IT staffs must hold information security certificates, and 10 staffs must hold securities practice certificates to operate trading, market operation and risk management.

• The IT system must meet Level 4 security standards.

3. Two-Stage Licensing Process: A Screening Mechanism and an Advantage for First Players

Unlike other Fintech models (including intermediary payment services), which are licensed through a single-stage process led by the State Bank of Vietnam, the licensing procedure for NFT exchanges is conducted in two stages, under the leadership of the Ministry of Finance, in coordination with the Ministry of Public Security and the State Bank of Vietnam.

Specifically:

• Stage 1: Enterprises submit preliminary applications to be reviewed for validity within 20 days.

• Stage 2: Once the application is confirmed as valid, the enterprise has up to 12 months to complete the remaining documentation, including proof of capital contribution and assessment of its Level-4 information security system.

When the dossier is complete, the Ministry of Finance and relevant authorities will issue a decision within 30 days. After receiving the license, the enterprise must publicly disclose information within 7 working days and commence operations within 30 days, failing which the license may be revoked.

During Stage 1, the applicant submits to the Ministry of Finance the following basic documents: (i) Application form and company charter; (ii) Enterprise registration certificate; (iii) List of personnel, personal profiles, and employment contracts; (iv) Internal operational procedures as required by law.

If the dossier is deemed valid, within 20 days the Ministry of Finance will issue written confirmation allowing the enterprise to proceed to Stage 2, which includes: (i)List of shareholders and capital contributors; (ii) Documentation of facilities, proof of office ownership or lease; (iii) Assessment report by the Ministry of Public Security on Level-4 information security; (iv) Evidence of capital contribution in VND and the most recent audited financial statements.

From the structure of the process, it is clear that Stage 1, though short (only 20 days) and not granting any direct legal rights, still provides several practical benefits for businesses:

First, reducing early investment risks: This stage allows enterprises to verify the legal validity of their business model, charter, and personnel before committing significant costs to build technical systems (particularly those meeting Level-4 information security standards, which are highly expensive), lease long-term premises, or make substantial capital contributions.

If the application is rejected early, the enterprise can avoid unnecessary financial losses.

Second, allowing phased investment: After passing Stage 1, the enterprise has up to 12 months to prepare technical, financial, and human resource documentation enabling a phased investment approach rather than full upfront expenditure.

Last, creating a “first come, first served” advantage: Once a Stage 1 application is confirmed as valid, the enterprise effectively “reserves a position” in the list of applicants to be considered for final licensing. As NFT exchanges fall within a pilot regulatory framework, it is likely that the authorities will limit the number of initial licenses (for instance, only 3–5 entities to assess the model’s effectiveness) and prioritize those with early valid submissions. This offers a clear competitive advantage for early entrants similar to the “first come, first served” approach previously seen in licensing for banking, fintech, and renewable energy sectors in Vietnam.

Part II — Practical application and implementation notes

1. Capital raising strategy

The current pilot mechanism is better suited for centralized exchanges (CEX) — a safer and more reliable model, but one that entails significant investment and strict compliance costs. The minimum charter capital requirement of VND 10,000 billion poses a major barrier, far exceeding international standards (for example, Singapore requires only SGD 100,000–250,000, while the EU does not impose a fixed threshold, instead requiring “sufficient own funds to cover risks”). As a result, market participation will likely be limited to banks, major financial groups, or large-scale joint ventures.

An effective partnership structure may include:

• Commercial banks, ensuring liquidity and payment connectivity;

• Fintech enterprises, developing IT infrastructure and cybersecurity systems;

• Securities firms or investment funds, providing risk management and market expertise.

The Resolution also caps total foreign ownership at 49%, creating challenges in capital structuring, foreign exchange conversion, and profit repatriation. Therefore, investors often rely on service agreements, technology transfer contracts, or business cooperation arrangements to maintain flexibility within legal limits.

In addition, each organization may invest in only one NFT exchange, a measure designed to prevent cross-ownership, though it also limits opportunities for mergers, acquisitions, and capital restructuring.

2. Stringent cybersecurity and Level 4 information security requirements

Compared to Level 3, which is currently applied to other Fintech solutions (including intermediary payment services) and assessed by the Information Technology Department of the State Bank of Vietnam, a centralized exchange (CEX) is considered a prime target for cyberattacks. Therefore, Resolution No. 05 requires that CEX platforms must meet Level 4 information security standards, the level applicable to systems whose compromise could cause particularly serious harm to public interests, social order, or national security.

Based on our practical experience assisting clients in obtaining intermediary payment licenses, to meet Level 3 information security standards, enterprises must submit a technical explanatory dossier demonstrating, among other things: Information security policies; Organizational structure for information security management; Processes for managing, designing, building, testing, and accepting IT systems; Procedures for system operation, management, and monitoring.

However, demonstrating compliance with Level 4 information security standards is significantly more demanding and requires that:

• The system operates continuously 24/7 without interruption;

• There is continuous cybersecurity monitoring and automated incident response mechanisms;

• Multi-layer encryption, comprehensive data protection, and strict access control are implemented;

• The technical dossier must be jointly appraised by three ministries — the Ministry of Science and Technology, the Ministry of Public Security, and the Ministry of National Defense. To obtain the “Appraisal document from the Ministry of Public Security regarding Level 4 information system security,” the applicant must follow a separate procedure under the Law on Cyberinformation Security and its guiding regulations. This step is often complex and time-consuming, requiring strict compliance with cybersecurity regulations, personal data protection and other legal requirements, as well as instructions from competent state authorities.

In summary, while Level 3 certification is evaluated solely by the State Bank’s IT Department, achieving Level 4 certification is far more complex and time-consuming, requiring highly detailed technical documentation, rigorous assessment procedures, and multi-ministerial coordination among the three key ministries listed above.

Conclusion

Resolution No. 05/2025/NQ-CP marks a significant milestone in establishing a legal framework for Vietnam’s digital asset market opening new opportunities for players, while also imposing substantial challenges in terms of financial capacity, governance, and technology.

Key highlights include:

• High entry threshold: A minimum charter capital of VND 10,000 billion, a 49% cap on foreign ownership, and a requirement that institutional shareholders possess strong financial capacity.

• Focus on management and security: The centralized exchange (CEX) model is prioritized to ensure risk control and system stability.

• Level-4 information security, a core standard: This is the most critical and technically demanding requirement, necessitating an ultra-secure IT infrastructure, stringent evaluation procedures, and joint appraisal by the Ministry of Science and Technology, the Ministry of Public Security, and the Ministry of National Defense.

Resolution No. 05 serves not only as a “passport” for entry into Vietnam’s digital asset market but also as a comprehensive test of capability for any enterprise seeking to participate.