Vietnam Enforces Dual Compliance for Digital Signage Imports

Vietnam’s Ministry of Industry and Trade (MOIT) has introduced a new regulatory requirement effective 1 July 2026, mandating that all imported digital signage terminals—including AI-powered commercial displays and interactive kiosks—must concurrently submit two documents at customs declaration: (1) a valid ISO/IEC 27001:2022 Information Security Management System (ISMS) certification, and (2) an official receipt confirming Vietnamese-language UI and content strategy localization review备案. This development directly affects manufacturers, importers, distributors, and system integrators operating in or exporting to Vietnam’s digital out-of-home (DOOH), retail tech, smart city infrastructure, and public information sectors.

Event Overview

On 31 May 2026, MOIT issued Circular No. 32/2026/TT-BCT, stipulating that, starting 1 July 2026, digital signage imports into Vietnam must include both ISO/IEC 27001:2022 certification and localisation review confirmation at the time of customs filing. Products failing to meet both requirements will be suspended from clearance and referred to the Vietnam National Information Security Center (VNISS) for re-evaluation.

Industries Affected

Direct Importers & Trading Enterprises
These entities face immediate operational impact as compliance is now a hard gate at customs entry. The dual-submission requirement adds coordination complexity between technical certification bodies and local Vietnamese regulatory reviewers—potentially extending lead times and increasing documentation overhead.

Hardware Manufacturers & OEMs
Manufacturers supplying branded or white-label digital signage devices must ensure their products’ firmware, embedded OS interfaces, and default content templates comply with Vietnamese language and cultural norms—and that their ISMS scope explicitly covers device firmware, cloud management platforms, and remote update mechanisms. Certification validity must extend to Vietnam-specific deployment configurations.

System Integrators & Solution Providers
Companies bundling hardware with custom software, CMS platforms, or managed services must verify whether their end-to-end solution—including third-party components—is covered under the submitted ISO/IEC 27001 certificate. Localisation review applies not only to UI but also to content governance policies, meaning editorial workflows and approval hierarchies may require formal documentation for submission.

Distribution & Channel Partners
Distributors handling multiple brands must now assess each product line for dual-compliance readiness before committing to inventory. Stocking non-compliant units risks port-side detention, storage fees, and contractual liability toward downstream resellers—especially where ‘ship-to-stock’ models are used.

Key Focus Areas and Recommended Actions

Monitor Official Guidance on Scope Interpretation

While Circular 32/2026/TT-BCT names ‘digital signage terminals’, its application to adjacent categories—such as video wall controllers, media players without display panels, or SaaS-only CMS offerings—remains unclarified. Stakeholders should track MOIT and VNISS updates for formal scope guidance or FAQs, expected by mid-June 2026.

Validate Certification Coverage and Localisation Documentation

ISO/IEC 27001 certificates must be issued by an IAF-accredited body and explicitly reference digital signage hardware/software systems deployed in Vietnam. Localisation submissions must include annotated UI screenshots, glossary alignment reports, and documented content moderation rules—not just translated text. Pre-submission consultation with licensed Vietnamese review agencies is advisable.

Distinguish Between Policy Signal and Operational Readiness

The regulation signals Vietnam’s broader shift toward data sovereignty and digital infrastructure control—but enforcement rigor in the first quarter post-implementation remains uncertain. Early adopters may encounter administrative delays rather than outright rejection; however, reliance on ‘grandfathering’ or transitional allowances is unsupported by the text of the circular.

Adjust Procurement and Inventory Planning Now

Importers should confirm certification status and localisation readiness with suppliers before placing Q2 2026 orders. For products already en route, consider holding shipments until documentation is verified. Where possible, consolidate shipments to align with certified batches and avoid mixed-compliance consignments.

Editorial Perspective / Industry Observation

Observably, this measure reflects Vietnam’s growing emphasis on cybersecurity governance in connected physical infrastructure—not merely as a trade barrier, but as a foundational layer for national digital resilience. Analysis shows it aligns with parallel developments in ASEAN, including Thailand’s PDPA-aligned IoT device guidelines and Indonesia’s upcoming cybersecurity certification for smart city hardware. However, the tight linkage between ISMS certification and linguistic localisation is novel: it treats information security and cultural compliance as interdependent regulatory pillars. This suggests future Vietnamese ICT regulations may increasingly bundle technical, legal, and sociolinguistic requirements—making holistic compliance planning more critical than siloed certification efforts.

From an industry perspective, the rule is best understood not as a one-time compliance hurdle, but as an early indicator of Vietnam’s evolving digital market access framework. Its implementation pace and enforcement consistency will determine whether it becomes a procedural checkpoint—or a structural filter reshaping supply chain partnerships in the region.

Conclusion
This regulation marks a material shift in Vietnam’s digital signage market access criteria. It introduces enforceable, cross-domain requirements—spanning information security standards and linguistic localisation—that go beyond typical product conformity assessments. Rather than representing a temporary adjustment, it signals a longer-term recalibration of regulatory expectations for intelligent, networked physical devices. Current stakeholders are advised to treat it as an operational baseline—not an exception—and to prioritise coordinated, documentation-first preparation across technical, legal, and linguistic domains.

Information Sources
Primary source: Vietnam Ministry of Industry and Trade (MOIT), Circular No. 32/2026/TT-BCT, dated 31 May 2026.
Note: Implementation details—including accepted accreditation bodies for ISO/IEC 27001, list of authorised localisation review agencies, and VNISS re-evaluation timelines—remain pending official publication and are subject to ongoing observation.