Frequently Asked Questions (FAQ) – Digital Signature

Guidance for Suppliers and Business Partners

NSRP is currently implementing digital signatures for procurement documents, purchase orders, contracts, and related agreements.

Following online discussion sessions with suppliers and business partners, NSRP has received several frequently asked questions regarding the use, legal validity, and signing process of digital signatures.

This section provides guidance and clarification on the use of digital signatures in transactions and documentation with NSRP.

Q1: Is an enterprise digital signature different from an individual digital signature?

Answer:

Yes. An organization digital signature represents a legal entity , while an individual digital signature represents a specific person. For business transactions,the digital signature of the organization’s legal representative or an individual who has been validly authorized by the organization must be used together with the organization’s digital signature. Both digital and wet signatures have equal legal validity, but digital signatures must be supported by a valid digital certificate.

Q2: Can a digital certificate (CA) be registered and used under the company name, or must it belong to an individual signer (legal representative/authorized person)?
If the certificate displays only the company name and not the legal representative’s name, how can the valid signer information be reflected on the document?

Answer:

Digital certificates may be issued in the name of the enterprise. If the certificate displays only the company name, suppliers must ensure that the authorized signer’s information is clearly reflected through the document signature block, e-signature system information, or supporting authorization documents (if applicable).

NSRP will determine the validity of the signature based on the combined assessment of the certificate data, document content, and supporting legal records.

Q3: If the legal representative or authorized CA signer cannot sign directly and wants to delegate signing authority to another person, is it acceptable to simply forward the email, or must the signing flow be configured from the beginning?

Answer:

NSRP recommends that suppliers inform NSRP in advance if another person will sign under delegated authority. This allows NSRP to configure the correct signer and signing workflow from the beginning, helping avoid resend requests, rework, or issues affecting legal validity and audit traceability.

Q4: If a company has multiple digital certificates (e.g., using Certificate 1 for one PO and Certificate 2 for another), does the system record the certificate serial number, or can any company certificate be used?

Answer:

Each digital certificate has a unique serial number, and signing systems typically record details such as the certificate serial number, CA, signing time, and validity status. There is no requirement to use a fixed certificate any valid, effective, and authorized enterprise certificate can be used and has equal legal value. However, for governance and audit purposes, companies should define internal rules on which certificate to use for each type of document.

Q5: On the supplier signing section, will the company seal image be uploaded manually, or will it be automatically generated like the NSRP signing template?

Answer:

NSRP will configure the signing template on DocuSign. For enterprise digital signatures, NSRP will predefine the signature fields and allow suppliers to input the signer’s title/position. Suppliers will provide the required company information, and NSRP will set up the template accordingly.

However, if the supplier wants to manually add a customized signature image or company seal/stamp, the supplier will need to configure and manage that setup on their own side.

Q6: If the supplier uses an enterprise digital signature workflow with two signing levels (e.g. one person approves the document and another person applies the company digital seal), can NSRP configure this workflow directly on DocuSign instead of sending the PDF manually?

Answer:

Yes. Suppliers may proactively inform the NSRP DocuSign setup team about their required signing workflow. NSRP can configure multiple signing levels directly on DocuSign instead of handling documents manually via PDF. This helps improve efficiency, reduce manual effort, and maintain traceability in the signing process.

Q7: Does the supplier need to install DocuSign software on their computer, or just click the signing link sent by NSRP?

Answer:

Suppliers are not required to install DocuSign or any additional software. Signing is performed directly through the secure signing link sent from the NSRP DocuSign system. The supplier only needs to click the link in the email and sign online.

Q8: In cases where suppliers normally use a CA token, but some suppliers do not have their own signing system, how should they perform the signing process to ensure legal compliance?

Answer:

Suppliers are not required to deploy their own CA system or install additional signing software. Signing can be completed directly through the secure DocuSign link sent by NSRP. Suppliers only need to access the link in the email and follow the provided instructions to complete the signing process in compliance with applicable regulations.

Q9: If the supplier uses a different CA system from DocuSign, will there be any impact on the signing process?

Answer:

Suppliers may use a different CA, provided that the certificate is valid and lawfully issued. The supplier can still access the NSRP DocuSign signing link and complete the signing process using their own enterprise CA without additional registration requirements with DocuSign.

Q10: How can suppliers verify that the email containing the NSRP signing link is secure and officially sent by NSRP?

Answer:

Suppliers should verify that the email is sent through the DocuSign system (e.g. dse@eumail.docusign.net). The email will clearly show the authorized NSRP sender information, such as “Le Thi Ha via DocuSign” and the NSRP contact email address (ha.lt2@nsrp.com.vn). This will be the official contact point for sending Contract/PO signing requests from NSRP.

Q11: Does the supplier need to send a hard copy from overseas to Vietnam, or is uploading the signed document enough?

Answer:

If both parties complete digital signing through the DocuSign system, no hard copy is required.

However, in cases where the supplier signs by wet ink (hybrid signing), the supplier must send the signed document via email and also send the original hard copy to NSRP for record retention and compliance purposes.

Q12: Is it possible to send the DocuSign request to someone other than the signature holder?

Answer:

The signing request shall be sent to the correct email address of the organization’s legal representative or the individual who has been lawfully authorized by the organization in order to minimize potential disputes that may arise . A delegated coordinator or recipient designated by the supplier may be copied on the email for informational purposes.

The information provided in this FAQ is for general guidance purposes only.