Technical Requirements under Decree 337/2025/ND-CP: What criteria should businesses set when selecting an electronic labor contract system?

Core requirement groups to evaluate

When selecting an electronic labor contract system, businesses often make a classic mistake: they evaluate based on UI, signing speed, or package price. But for labor contracts, the right evaluation criteria should map to 5 capability groups, because these are what determine compliance, the ability to prove a valid end-to-end agreement, and long-term operability:

1. Identity verification and signer authentication: answers “who signed”.

2. Digital signatures and timestamping: answers “when was it signed, and how is validity established”.

3. Data and information security: answers “is the data safe, leaked, or altered”.

4. Evidence governance: answers “can you trace and produce proof”.

5. Integration and operations: answers “can it run inside the company’s real systems”.

A practical evaluation approach is to ask the vendor to demo using one real HR scenario, then require them to export an audit-ready dossier after signing. If they only demo signing a PDF but cannot export evidence, that is a risk signal.

Criteria for identity verification and signer authentication

The goal is to prove the signer is the right person, with the right authority and role.

Recommended technical checklist:

• Multi-layer authentication for signers, at minimum able to prevent and control shared accounts and “log in on behalf” behavior.

• Role-based identity governance: HR drafts the contract, Legal approves templates, the employee signs, and leadership signs according to delegated authority.

• Authentication evidence attached to the transaction: login timestamp, device, and send/receive events, plus evidence the document was accessed or reviewed before signing.

• Delegation and signer substitution mechanisms for leave or staffing changes, while maintaining clear logs.

What to avoid: authentication based only on an email link, or signing using a shared departmental account.

Criteria for digital signatures and timestamping

This layer establishes enforceability and proves the contracting moment. In labor contracts, timestamping is especially important because it anchors the signing time and reduces disputes about whether signing happened before or after a specific cutoff.

Recommended technical checklist:

• Support for compliant digital signature standards, with verifiability when needed.

• Timestamp is applied to the final version at the actual signing event, not manually added later.

• Lifecycle state management: draft, pending approval, pending signature, signed, effective, expired, replaced by an addendum.

• Ability to validate signature and timestamp within the system, and export them as part of the dossier.

What to avoid: signing first and uploading later into a different storage system, because that breaks the process evidence trail.

Criteria for data and information security

Encryption

Labor contracts contain sensitive data such as compensation, job title, and personal information. The system must protect data both in transit and at rest.

Recommended technical checklist:

• Encryption in transit and at rest.

• Key management and security policies aligned to enterprise standards.

• Tamper resistance and post-sign modification detection.

Access control

A common failure is that “everyone can view labor contracts in a shared folder”. Labor contracts should follow the principle of least privilege.

Recommended technical checklist:

• Role-based and object-based permissions, for example HR can only view employees in their managed unit.

• Audit trail for access, downloads, and sharing.

• SSO support when the enterprise requires centralized identity governance.

Storage and backup

Storage determines long-term proofability. Companies must ensure contracts remain retrievable after many years, even if systems change.

Recommended technical checklist:

• Centralized repository with retention policies aligned to internal governance and relevant legal requirements.

• Backup, recovery, and service continuity capabilities.

• Search across multiple indexed fields: employee ID, department, term, status, contract type.

Criteria for evidence governance

Trace logs

Logs must answer the chain of questions: who did what, when, on which version, and with what outcome.

Recommended technical checklist:

• Event-based logs covering the full lifecycle: create, edit, approve, send, view, sign, cancel, replace, download.

• Logs are tamper-resistant and exportable per contract.

Document versioning and action history

Labor contracts often generate frequent addenda. Without version control, you end up with multiple “almost identical” copies with one-line differences, which creates dispute risk.

Recommended technical checklist:

• Version management with a clear indication of which version is currently effective.

• Change history and rationale, including who approved the change.

Audit-ready export

During inspections or disputes, there is no time to manually assemble artifacts.

Recommended technical checklist:

• Export an evidence package that includes the contract, addenda, digital signatures, timestamps, trace logs, and approval history.

• Periodic summary reporting by time period, unit, and completion status.

Criteria for integration and operations

SSO, HRM, ERP

If HR data lives in HRM, the contract system should connect to reduce re-entry and errors.

Recommended technical checklist:

• Sync at least core HR fields: full name, employee ID, unit, job title, reporting line, employment status.

• SSO support for centralized identity management.

• APIs or integration mechanisms compatible with the enterprise’s infrastructure.

Approval workflows and segregation of duties

Labor contract signing is rarely a one-person action. It often includes management approval, Legal template control, and HR oversight.

Recommended technical checklist:

• Flexible approval workflows by contract type, employee level, and business unit.

• Separation of roles: drafting, approval, signing, archiving.

• Exception handling: change signer, re-sign, recall, cancel, replace addendum.

How Kyta Platform meets these criteria: mapping by evaluation logic

Below is a mapping from the technical requirements to Kyta Platform capabilities using the same lens that IT and Legal typically use when evaluating systems:

1. Identity verification and signer authentication
   Kyta supports role-based contracting workflows with segregation of duties and end-to-end event capture. The goal is to help enterprises prove the right person, right role, and right authority, supported by logs.

2. Digital signatures and timestamping
   Kyta supports digital signing and timestamping as an embedded step inside the workflow, which helps lock the final version at the signing event. It also supports lifecycle state management for contracts and addenda.

3. Data and information security
   Kyta supports role-based access control, centralized storage, and operational mechanisms that reduce the risk of lost or scattered contracts. For high-control enterprises, Kyta is a fit when integration with existing identity governance and enterprise systems is required.

4. Evidence governance
   Kyta is designed around being audit-ready: trace logs, action histories, and the ability to export evidence as a dossier for inspections, compliance checks, or disputes.

5. Integration and operations
   Kyta can connect via workflow integration and integrate into HRM, SSO, and ERP depending on the enterprise’s digital maturity. The key point is that Kyta is not limited to the signing step. It runs across drafting, approval, signing, and centralized storage as one continuous process.