As Vietnam accelerates its digital transformation, the protection and control of personal data have emerged as critical national priorities. In response, innovative solutions are being developed to empower citizens with greater autonomy over their digital identities. Among these, NDAKey stands out as a groundbreaking platform that redefines how individuals interact with and safeguard their personal information in the digital age.
In an increasingly digitized society, the secure management and ethical utilization of personal data have become critical concerns. Against this backdrop, Vietnam is taking decisive steps to enhance the autonomy of its citizens in managing their digital identities. One of the most significant innovations in this direction is the deployment of NDAKey, a decentralized identity solution designed to place full control of personal data into the hands of individuals. Developed by the Center for Innovation and Data Exploitation, under the National Data Center, in collaboration with the National Data Association, NDAKey stands out among six core technology projects that are being prioritized for national digital infrastructure development. The solution represents a comprehensive and privacy-first approach to identity management, marking a transformative shift in how digital identities are created, authenticated, and shared in Vietnam’s emerging digital ecosystem.
NDAKey is based on a self-sovereign identity model and is developed on a dual technological foundation comprising the NDAChain blockchain platform and the NDADID decentralized identity infrastructure. This architecture enables citizens to store all their sensitive personal information and key documents directly on their personal devices, in the form of Verifiable Credentials (VCs). Instead of relinquishing full data sets to service providers or governmental agencies, users retain the ability to selectively disclose only those attributes that are strictly necessary for a given transaction. By doing so, NDAKey addresses two major challenges in today’s data economy: the overexposure of personal data and the risk of unauthorized access due to centralized data storage models.
The operational framework of NDAKey is structured around three primary entities: issuers, holders, and verifiers. Issuers consist of authorized governmental and private organizations that generate and authenticate Verifiable Credentials, thus ensuring the initial reliability and trustworthiness of the data. Credential holders, namely the users, receive and manage these credentials within their own identity wallets, exercising complete autonomy over when and how they share this information. Verifiers, which may include financial institutions, healthcare providers, educational bodies, insurers, and public utility agencies, request proof of specific information through Verifiable Presentations (VPs). Crucially, these verifiers do not access or store the original credentials. Instead, they validate the digital signature and integrity of the VP presented by the user, which ensures the authenticity of the claim without compromising the underlying personal data.
The cornerstone of NDAKey’s security model is its use of advanced cryptographic techniques, particularly Zero-Knowledge Proof (ZKP) and Selective Disclosure protocols. Zero-Knowledge Proof enables the user to prove a certain fact — such as being above a certain age, possessing a valid professional license, or meeting a residency requirement — without revealing any additional information beyond the minimum required for verification. Selective Disclosure allows granular control over which data attributes are shared, enabling context-specific verification. Together, these technologies ensure that users can participate in digital interactions and fulfill identity verification requirements while preserving their privacy and minimizing the risk of data leaks, profiling, or unauthorized secondary use of personal information.
In contrast to conventional systems where personal data is stored and managed by centralized authorities or third-party platforms, NDAKey enforces a decentralized data model. All personal information is encrypted end-to-end and resides exclusively on the user’s own device. This significantly reduces the vulnerability surface for potential data breaches, unauthorized access, or mass surveillance, while reinforcing the principle of data minimization. Furthermore, by eliminating the need for citizens to repeatedly provide scanned copies of identity documents or fill out extensive application forms, NDAKey facilitates a paperless administrative process, enhances user experience, and improves the overall efficiency of digital service delivery.
This decentralized model not only benefits individuals but also presents substantial operational and regulatory advantages for organizations and public institutions. By shifting the burden of data custody away from service providers, NDAKey reduces the financial and legal risks associated with data retention, breach liability, and compliance with emerging data protection frameworks. This is particularly relevant in the context of the upcoming Personal Data Protection Law of 2025, which mandates that all data processing activities be carried out with the explicit and transparent consent of the data subject. NDAKey’s architecture is inherently compliant with this regulatory mandate, offering a scalable and legally robust solution that aligns with both national priorities and international best practices in data governance.
According to Nguyen Phu Dung, CEO of PILA Group Joint Stock Company, NDAKey represents a foundational layer for building a trusted digital economy. As Vietnam’s digital transformation advances into more sensitive domains such as digital finance, e-government, and online health services, the demand for secure and user-centric identity verification mechanisms has grown considerably. NDAKey responds to this demand by creating a privacy-respecting infrastructure that balances the imperatives of accessibility, authenticity, and individual rights. Its relevance extends beyond individual users and administrative agencies, providing a critical tool for the entire digital ecosystem to function more transparently and securely.
Looking ahead, the Vietnamese government envisions a nationwide implementation of NDAKey beginning in 2026. Once operational at scale, it is expected to serve as the national infrastructure for digital identity management, supporting secure interactions across both public and private sectors. As more citizens and institutions adopt this solution, Vietnam will move closer to a paradigm where digital transactions are rooted in trust, personal autonomy, and strong data protection standards. NDAKey is thus not merely a technological application, but a strategic enabler of the broader legislative goals embodied in the Personal Data Protection Law and the forthcoming Data Law. It aims to protect and empower over 100 million Vietnamese citizens by offering them the tools and frameworks needed to control their digital lives in an era where data sovereignty is synonymous with individual freedom and national resilience.