Effective May 10, 2026, Vietnam’s Ministry of Industry and Trade (MOIT), in coordination with the General Department of Standards, Metrology and Quality (STAMEQ), has implemented a new import requirement for biometric readers—significantly reshaping market access conditions for Chinese manufacturers targeting Vietnam’s public-sector and financial security procurement channels.

Event Overview

Starting May 10, 2026, all imports of biometric readers—including fingerprint, facial, and iris recognition devices—into Vietnam must be accompanied by an anti-spoofing test report issued by a China National Accreditation Service for Conformity Assessment (CNAS)-accredited laboratory. The report must comply strictly with ISO/IEC 30107-3:2023, covering resistance to photo, video, and 3D mask attacks. No exemptions or transitional allowances have been announced.

Industries Affected

Direct trading enterprises: Export-oriented distributors and OEM/ODM trade agents face immediate customs clearance delays if reports are missing, incomplete, or non-CNAS-aligned. Pre-shipment verification now requires active coordination with certified labs—adding lead time and documentation overhead. Customs valuation and tariff classification may also be challenged pending report validation.

Raw material procurement enterprises: Firms sourcing optical sensors, liveness-detection ICs, or AI inference modules from upstream suppliers must now verify whether component-level certifications support downstream system-level anti-spoofing validation. Procurement contracts increasingly require traceable compliance clauses tied to ISO/IEC 30107-3 testing scope.

Manufacturing enterprises: Device integrators and system assemblers must revalidate their product firmware and hardware configurations against the full ISO/IEC 30107-3:2023 test matrix—not just basic liveness detection. This includes revising test protocols, updating technical files, and potentially redesigning sensor fusion logic to meet attack-resistance thresholds defined in Annex A of the standard.

Supply chain service enterprises: Third-party conformity assessment consultants, customs brokers specializing in electronics, and lab accreditation facilitators are seeing rising demand for end-to-end report preparation support—from test planning and sample submission to CNAS report translation and STAMEQ format alignment. However, no official Vietnamese translation or notarization requirement has been published; STAMEQ accepts English-language CNAS reports as-is.

Key Focus Areas and Recommended Actions

Confirm CNAS lab scope before test initiation

Not all CNAS-accredited labs hold current scope for ISO/IEC 30107-3:2023. Enterprises must verify lab accreditation certificate annexes for explicit inclusion of “anti-spoofing testing for biometric presentation attack detection (PAD)” under Clause 6.2 of the standard—and ensure test reports cite the 2023 edition, not prior versions.

Align device labeling and user manuals with PAD claims

Vietnamese customs may cross-check reported PAD capability (e.g., “Level 2 PAD per ISO/IEC 30107-3:2023”) against on-device markings and bilingual (English-Vietnamese) user documentation. Inconsistencies risk rejection even with valid reports.

Prepare for cascading regional ripple effects

While currently Vietnam-specific, the policy sets a precedent. Thailand’s TISI and Indonesia’s BSN are reviewing similar requirements for 2027–2028. Enterprises should treat this as a pilot case for harmonized ASEAN biometric import rules—not an isolated national measure.

Editorial Perspective / Industry Observation

Analysis shows this is less a technical barrier than a procedural institutionalization: Vietnam is shifting from outcome-based evaluation (“does it work?”) to process-anchored assurance (“was it tested correctly, by whom, and against what?”). Observably, the choice of CNAS—not local or international alternatives—reflects pragmatic alignment with China’s dominant supply base, rather than protectionism. From an industry perspective, the real bottleneck lies not in test capability (most Tier-1 Chinese labs already offer ISO/IEC 30107-3:2023 services), but in SMEs’ awareness of report validity conditions—particularly version control, scope granularity, and signature authenticity verification by STAMEQ.

Conclusion

This regulation marks a maturation point in Vietnam’s biometric infrastructure governance—prioritizing verifiable resilience over functional deployment speed. For global suppliers, it signals that Southeast Asian markets are increasingly adopting EU-style conformity infrastructure, where certification integrity matters as much as technical performance. A rational interpretation is that compliance readiness—not product innovation alone—now defines competitive entry advantage.

Source Attribution

Official notice published in Vietnamese Government Gazette No. 42/2026/TT-BCT (MOIT) and STAMEQ Circular 18/2026/QĐ-STAMEQ, both effective May 10, 2026. Full texts available via moit.gov.vn and stameq.gov.vn. Pending clarification: STAMEQ’s internal validation procedure for foreign-issued CNAS reports, including potential requirement for digital signature verification via CNAS’s public key infrastructure (PKI)—under review as of May 2026.