A Nationwide Lockout, Enforced by Face Scan
At midnight on June 15, 2026, Vietnam's three largest mobile operators — Viettel, VinaPhone, and MobiFone — cut outgoing service to roughly 10.6 million subscriptions whose holders had not re-verified their identity through the VNeID national ID app. Viettel alone restricted more than 5 million accounts, VinaPhone nearly 3 million, and MobiFone about 2.6 million (SGGP English Edition). The action enforces Circular 08/2026/TT-BKHCN, issued by Vietnam's Ministry of Science and Technology, which requires every SIM to be tied to a real-time facial scan cross-checked against the National Population Database. Subscribers now have 60 days to comply before a full two-way suspension, followed by five days before operators terminate the contract and reclaim the number outright (SGGP). A related provision, in force since April 15, 2026, gives telcos just two hours to detect a SIM moved into a new device and block outbound calls until the new user completes facial re-verification (Biometric Update).
The Case for It
Vietnam's rationale deserves a fair hearing before it gets a critique. SIM-swap fraud is a genuine and costly problem: unregistered or fraudulently registered numbers are a favored vector for hijacking bank and e-wallet accounts, and "garbage SIMs" fuel scam-call networks region-wide. Tying every number to a verified, living person and requiring biometric confirmation on device change closes a real gap that passwords and SMS OTPs cannot. Banking-grade authentication for telecom access is not an unreasonable ambition, and Vietnam is hardly alone in mandating SIM registration — some 160 countries now require it in some form. Framed narrowly, this is a fraud-control measure, not a speech-control one.
Where the Design Becomes Coercive
The problem is not that Vietnam verifies identity — nearly every jurisdiction does — but the architecture of enforcement: an opt-out-free biometric mandate, enforced through service denial and eventual contract termination, with no non-biometric fallback offered to existing subscribers who registered lawfully under prior rules. A person who cannot or will not submit a live facial scan loses their phone number entirely, including for subscribers whose original registration was never in question. That collapses identity verification and biometric enrollment into a single non-negotiable transaction, with the national population database as the backstop. There is no visible independent oversight body publishing necessity or proportionality findings before the mandate took effect, and no mechanism disclosed for a subscriber to challenge a false non-match.
The EU's Contrasting Bet: Consent by Design
The European Union is running its own large-scale digital-identity rollout on almost the opposite architecture. Regulation (EU) 2024/1183, which established the European Digital Identity Wallet framework, requires every member state to offer citizens a free wallet by the end of 2026 — but explicitly as something "any EU citizen, resident, and business who wants to use it" may adopt, not a compulsory replacement for existing access (European Commission). The regulation's own text builds proportionality into the mechanism rather than treating it as an afterthought: any relying-party request for wallet data "should be necessary for, and proportionate to, the intended use," personal data tied to wallet provision must be "kept logically separate from any other data," and users retain a dashboard to track and revoke what they've shared, plus a right to request erasure (EUR-Lex, Regulation 2024/1183). Biometric onboarding exists in the EU model too, at the wallet's "high" assurance level — but it authenticates access to a wallet a person chose to obtain, not a phone number they already owned.
That is not to say the EU's approach is problem-free. Rollout has been uneven enough that the Commission itself has voiced doubt whether every member state will meet the 2026 deadline, and a voluntary system risks leaving exactly the fraud gaps Vietnam is trying to close, since adoption depends on citizens choosing to enroll. A purely opt-in wallet that most people ignore solves little. But that is a design trade-off made transparently, not a coercive lockout imposed unilaterally on tens of millions of already-registered customers with days-long grace periods before permanent account loss.
What Proportionate Regulation Actually Requires
Fraud prevention and biometric mandates are not inherently in tension with rights-respecting regulation — the EU's own eIDAS2 framework proves a biometric-backed identity layer can be built with consent, data minimization, and erasure rights baked in rather than bolted on. Vietnam's Circular 08 pursues a legitimate end through a maximalist means: no opt-out, no non-biometric alternative, and termination as the default consequence of non-compliance rather than a last resort. As European regulators consider any future telecom-integrity or SIM-swap-fraud measures of their own — a live concern given the same fraud typology exists here — Vietnam's rollout is worth studying not as a template but as the proportionality test case it has inadvertently become: identity verification and biometric enrollment should stay two separable choices, not one compulsory transaction enforced by service denial.