Legal Basis: Insurance as a Legitimate and Practical Risk Safeguard

According to Chapter III – Section 1 – Article 18 – Clause 1 – Point b of Decree No. 23/2025/NĐ-CP, service providers may choose to:

"Purchase liability insurance to cover damages arising from the provision of trust services, in order to protect the interests of subscribers during the entire service period."

This provision confirms that insurance is a legally recognized and mandatory financial safeguard, aligned with the high-risk, highly technical nature of trust service operations. While companies may opt for alternative financial guarantees such as bank deposits, insurance offers significant advantages in terms of flexibility, risk transfer, and cost-efficiency.

Risk Transfer Is a Strategic Move — Not Just Legal Compliance

Beyond regulatory compliance, real-world operations in electronic signature and trust services present numerous risks, such as:

- Errors in identity verification or digital certificate issuance

- Technical failures leading to invalid transactions or data leaks

- Legal claims due to system glitches or incomplete consultancy

- Cyberattacks causing service disruption or data loss

- Insider mistakes or poor training resulting in security breaches

When such incidents occur, the costs of remediation, compensation, and legal dispute resolution may far exceed the cost of insurance. Therefore, purchasing liability insurance is not only an obligation but also a strategic investment in financial protection, brand reputation, and operational resilience.

Professional Indemnity Insurance: A Legal Shield for Service Providers

Professional Indemnity (PI) insurance is designed to protect businesses from financial losses arising from professional errors, negligence, or omissions during service delivery.

Typical coverage includes:

- Professional errors and omissions

-  Legal defense and dispute resolution expenses

- Reputation protection and crisis management

This type of insurance is highly specialized and considered essential for technical and legally intensive sectors such as digital signing, certification, and authentication services.

Extended Protection with Cyber Insurance

A key consideration for client is that PI insurance does not cover cyberattacks. Meanwhile, trust service infrastructure is fully digital—making it inherently vulnerable to cybersecurity threats.

Cyber Insurance is a necessary supplement to safeguard businesses against:

- Ransomware and malware attacks

- Subscriber or certificate data leaks and breaches

- Distributed Denial of Service (DDoS) attacks impacting systems

- Incident response and system recovery costs

- Crisis communication and brand reputation restoration

Cyber Insurance can be purchased separately or bundled with PI insurance as part of a comprehensive risk management program, with clearly defined terms and dedicated liability limits.

Specialized Advisory Is Essential

PI and Cyber Insurance are complex, technical insurance products that require in-depth consultation from professionals with a deep understanding of technology, legal frameworks, and sector-specific operations.

Currently, only a limited number of insurance brokers and carriers in Vietnam possess the expertise to:

- Analyze technology and trust service-specific risks

- Design compliant insurance programs based on international best practices

- Negotiate clear, transparent, and effective policy terms

If your business needs a tailored insurance solution aligned with Decree No. 23/2025/NĐ-CP and your operational realities, contact Indochine Insurance Brokers (IIB) for specialized consultation and end-to-end program implementation that is compliant, cost-effective, and risk-appropriate.