Software Outsourcing Contract Disputes Between Vietnamese Companies and Foreign Clients
1) Legal Framework Governing Software Outsourcing Disputes
Applicable Laws
Most software outsourcing contracts are categorized as commercial service contracts and are primarily governed by the Law on Commerce 2005, which regulates the formation, performance, and remedies for breach (penalties, compensation, suspension, termination, or cancellation).
General contract principles—such as legal capacity, form, validity, liability for damages, and interest on late payments—are derived from the Civil Code 2015.
Arbitration and Court Proceedings
For contracts involving foreign elements, arbitration is commonly preferred due to its flexibility and international enforceability. In Vietnam, the Law on Commercial Arbitration 2010 allows disputes arising from commercial activities to be resolved by arbitration if there is a valid arbitration agreement.
If the parties choose VIAC (Vietnam International Arbitration Centre), the proceedings will follow the VIAC Arbitration Rules (effective from March 1, 2017), which specify the requirements for the statement of claim, appointment of arbitrators, interim measures, and arbitration costs.
When no governing law is specified, the arbitral tribunal will apply the law it deems most appropriate.
Electronic Contracts and Execution
Since July 1, 2024, the Law on Electronic Transactions 2023 has granted full legal validity to data messages and electronic signatures. It also recognizes foreign e-signatures if certain conditions are met. This is particularly crucial for remote outsourcing contracts between Vietnamese companies and overseas clients.
Personal Data and Cybersecurity in Software Outsourcing
If the contract involves handling personal data, the enterprise must comply with Decree No. 13/2023/NĐ-CP on Personal Data Protection (PDPD) and related obligations.
In some cases involving network services or applications, companies must also comply with Decree No. 53/2022/NĐ-CP (guiding the Cybersecurity Law 2018) concerning data localization and establishment of local branches or representative offices.
In summary, when disputes arise in Vietnam, the applicable framework usually includes the Law on Commerce, Civil Code, dispute resolution mechanisms (arbitration or court), electronic transaction laws, and special regimes governing IP, data, and cybersecurity.
2) Common Risks Leading to Software Outsourcing Disputes
Scope Creep: Vague description of functions or acceptance criteria; absence of a detailed Statement of Work (SOW) or performance/security KPIs; no change request mechanism or cost/timeline adjustment procedure.
Timeline Delays: Missing milestone commitments, lack of proper extension mechanisms, or absence of penalty and compensation clauses. (Vietnamese law allows both penalties and damages in commercial contracts; businesses should specify the rate, calculation method, and relationship between the two.)
Payment & Acceptance: Payments not linked to acceptance reports; undefined terms such as “completion,” “critical defect,” or “warranty period.”
Intellectual Property (IP) Rights: Absence of clear clauses on ownership/licensing of source code, documents, and designs; unclear treatment of works made for hire; missing mechanisms to address IP infringement under the amended IP Law 2022.
Confidentiality & Data Protection: Weak NDAs, no data classification, and failure to incorporate PDPD/Cybersecurity obligations—leading to disputes or administrative sanctions.
Governing Law and Jurisdiction: Ambiguous clauses (e.g., “subject to international law”) or invalid arbitration wording may render the agreement unenforceable.
3) Preventive Strategies from Negotiation to Signing
Standardize Specifications & Change Management: Attach a detailed SOW with KPI benchmarks (speed, security, scalability), testing and acceptance criteria, and SLA if maintenance is included. All modifications should follow a Change Request process (description → estimation → approval → update).
Milestone-Based Payments: Link payments to deliverables and add retainage (a small percentage withheld until warranty expiry) to encourage timely defect fixes.
Penalties & Compensation: Clearly define calculation methods for delay penalties and compensation (including replacement and remediation costs). The Law on Commerce 2005 provides the legal foundation for these remedies.
Crystal-Clear IP Clauses: Define ownership of source code, licensing scope (exclusive/non-exclusive, territory, duration), and indemnity obligations in case of third-party IP claims. Refer to the amended IP Law 2022.
Confidentiality & Data: Classify data; describe technical safeguards (encryption, access control, audit logs); and set incident response and notification duties. For processing Vietnamese users’ data, comply with Decree 13/2023 and Decree 53/2022.
Cross-Border E-Signatures: Use platforms compliant with the Law on Electronic Transactions 2023; ensure recognition of foreign e-signatures under its implementing regulations.
Sample Dispute Resolution Clause:
Arbitration at VIAC, in English or Vietnamese, seated in Ho Chi Minh City or Hanoi, with one or three arbitrators, applying the VIAC Rules (2017);
Governing Law: Vietnamese law (or another clearly specified law).
4) Step-by-Step Approach When a Dispute Arises
Step 1 – Evidence Preservation & Compliance
Activate a legal hold on repositories (Git, Jira, CI/CD), emails, and chats. Take snapshots of source code and testing logs.
Review confidentiality and data clauses to minimize liability under PDPD/Cybersecurity regulations.
Step 2 – Review Contracts & Appendices
Check notice requirements, cure periods, definitions of “material breach,” acceptance and warranty mechanisms.
Quantify claims under the Law on Commerce 2005 and Civil Code 2015.
Step 3 – Strategic Negotiation
Propose a remediation roadmap with milestones, prioritize minimum viable features (MVP) to limit damages, and prepare alternative suppliers (cover purchase) to substantiate loss claims.
Step 4 – Arbitration or Litigation
If an arbitration clause exists: file a Request for Arbitration per VIAC Rules and consider interim measures (e.g., restraining use of disputed source code or IP).
If no valid arbitration clause: file a lawsuit before the Vietnamese court with an application for interim relief.
Step 5 – Enforcement
Domestic arbitral awards can be enforced under the Law on Commercial Arbitration 2010; foreign awards may be recognized and enforced in Vietnam under relevant treaties and the Civil Procedure Code.
5) Key “Golden Clauses” in a Software Outsourcing Contract (in Vietnam)
Definitions & Scope: Clear terminology, coding standards, development/testing/production environments, detailed SOW, and acceptance checklist.
Timeline & Acceptance: Sprint/milestone delivery schedule, acceptance/rejection period, UAT mechanism, warranty scope and duration.
Payment & Security: Payment linked to acceptance; retainage; suspension rights for non-payment; performance bond if required.
Remedies: Penalty rates, damage calculation, right to suspend/terminate for material breach. (Legal basis: Law on Commerce 2005.)
IP & Licensing: Ownership and exploitation rights for source code, documents, and designs; IP indemnity; open-source license management; registration of software copyrights under the IP Law.
Confidentiality & Data: Security standards (equivalent to ISO 27001), data classification, PDPD/Cybersecurity compliance, incident reporting, and audit rights.
Electronic Signature & Storage: Identify signing platform, e-signature standard, and logging requirements per the Law on Electronic Transactions 2023.
Governing Law & Arbitration: Vietnamese law (or specific chosen law) and VIAC arbitration, specifying language, seat, and number of arbitrators.
6) Frequently Asked Questions
Does the CISG apply?
No. The CISG governs international sales of goods, while software outsourcing is typically a service contract. Only when the transaction involves selling a packaged software product (“goods-like”) might CISG be relevant. Clear governing law clauses remain essential.
Are online contracts valid in Vietnam?
Yes. Under the Law on Electronic Transactions 2023, data messages and e-signatures have full legal effect. Foreign e-signatures can also be recognized if they meet statutory conditions.
Where must Vietnamese user data be stored?
Depending on the service model, some entities must store data in Vietnam or conduct cross-border data transfer assessments under Decree 53/2022, while fully complying with Decree 13/2023 (PDPD) on data subject rights and confidentiality obligations.
7) Conclusion
As software outsourcing continues to grow in Vietnam, businesses must ensure their contracts are legally robust, precisely drafted, and operationally structured to prevent disputes and protect their interests.
When risks arise, companies should rely on the Law on Commerce, Civil Code, VIAC arbitration mechanism, Electronic Transactions Law 2023, PDPD, and Cybersecurity Law to handle matters effectively in Vietnam.
By standardizing contracts, managing change, clarifying IP and data obligations, and selecting the right governing law and jurisdiction, Vietnamese companies can preserve both their competitive advantage and international clients’ trust within the thriving software outsourcing market in Vietnam.
Contact DEDICA Law Firm for expert legal consultation!
📞 Hotline: (+84) 39 969 0012 (Available on WhatsApp, WeChat, and Zalo)
🏢 Head Office: 144 Vo Van Tan Street, Xuan Hoa Ward, Ho Chi Minh City (144 Vo Van Tan Street, Vo Thi Sau Ward, District 3, Ho Chi Minh City)
🕒 Business Hours: Monday – Friday (8:30 AM – 6:00 PM)
Reach out today for a free initial consultation with our team of professional lawyers!
