Decree 341/2025 fines for unlicensed software: a detailed breakdown

Background: why Decree 341/2025 was issued

From 1 January 2026, Decree 341/2025/NĐ-CP officially took effect, replacing earlier regulations on administrative penalties for copyright infringement. This is the most significant overhaul of the software copyright penalty framework in Vietnam in nearly a decade. What surprises many executives is not the existence of the penalty schedule — it is how specific and how escalating it has become.

Decree 341 was issued in the context of Vietnam's efforts to improve its standing in the USTR's Special 301 Report and to fulfil its commitments under CPTPP and the EVFTA. In parallel, Official Dispatch 38/CĐ-TTg dated 05/05/2026 on combating intellectual property violations — with the software inspection campaign led by the Ministry of Culture, Sports and Tourism from 07/05/2026 — creates a meaningful enforcement mechanism to accompany the new legal framework.

Penalty tiers by type of violation

Decree 341 categorises violations into multiple conduct groups, each with its own penalty range. Fines are applied per infringing software title, not aggregated across all machines — a 30-person company running pirated Office, Adobe, and AutoCAD on the same machine may face three separate penalties.

• Group 1 — Fewer than 5 unauthorised copies: fine of 10–20 million VND for individuals, doubled for organisations.
• Group 1 — 5 to fewer than 20 unauthorised copies: fine of 30–50 million VND for organisations.
• Group 1 — 20 or more unauthorised copies: fine of 50–100 million VND for organisations, plus confiscation of infringing material.
• Group 2 — Pre-installing pirated software on computers sold to customers: fine of 100–200 million VND, mandatory destruction of infringing goods.
• Group 2 — Selling cracked keys or cracks online for profit: fine of 200–500 million VND, possible criminal referral.
• Group 3 — Importing devices with pre-installed unlicensed software: fine of 50–150 million VND, mandatory re-export or destruction.

Aggravating circumstances and criminal liability

Under Article 225 of the Penal Code 2015 (as amended in 2017), commercial legal entities that commit serious violations may be fined up to 3 billion VND, suspended from operations for 6 months to 2 years, or permanently banned from operating in the relevant field.

• Organised infringement or clear division of roles within a group.
• Previously subject to administrative penalties for the same conduct within the past 2 years.
• Unlawful financial gain from the infringing activity (calculated licence cost savings exceeding the threshold).
• Violations involving security, defence, or critical national infrastructure software.

Key changes from the previous rules

Compared to its predecessor, Decree 341/2025 introduces three critical changes that every enterprise must understand immediately:

• Public disclosure of violators: competent authorities may publish the name of the enterprise and the nature of the violation on official portals — with a direct impact on brand reputation.
• Personal liability for managers: directors and IT department heads may be individually penalised in parallel with the organisation if awareness of the violation can be demonstrated.
• Statute of limitations extended from 1 to 2 years: conduct occurring within the past two years remains subject to enforcement action.

What enterprises need to prepare

Before inspectors arrive, a minimum compliance dossier must contain all four components below. One important principle when dealing with an inspection team: proactively presenting a complete dossier is far better than being found to have gaps — enterprises that are in the process of remediation are typically given more lenient consideration.

• Software inventory: a list of each title, version, number of installed machines, and licence source.
• Valid licence documentation: registration confirmation emails from Microsoft/Adobe/Autodesk, purchase contracts, and corresponding electronic VAT invoices.
• Internal software use policy: a document stipulating that employees may only install approved software, signed by the legal representative.
• Record of remediated violations (if applicable): documentation confirming that unlicensed software has been removed and replaced with legitimate versions.

Conclusion

Decree 341/2025 does not merely raise fines — it changes the nature of the game. With provisions for public disclosure, personal managerial liability, and a two-year statute of limitations, the risk is no longer just a monetary penalty but encompasses reputational damage and individual legal exposure.

Vietnamese SMEs still have the opportunity to self-remediate before inspectors arrive. The cost of purchasing adequate genuine licences, while not trivial, is considerably lower than the total fines plus reputational harm if proceedings are made public.