Encryption devices/modules are high-compliance-risk products because they may involve HS classification and civil cryptography import licensing. If the shipment is described only as “IT appliance”, “security module”, “HSM”, “crypto box” or “key management device” without clarifying key generation, key storage, key management, digital signature, authentication or data encryption functions, the shipment may face license requests, model clarification, encryption-function explanation, C/O preference refusal or DEM/DET cost after ETA. This guide provides an E2E checklist for HS code, duty, C/O, specialized policies, customs documents and pre-ETA risk control.

QUICK FACT

Item	Recommended approach for encryption device/module	Operational note
Goods description	Encryption device/module; key management device; crypto appliance, model…, used for key generation/key storage/key management/digital signature/data encryption	Avoid generic “security device” descriptions when the catalogue shows cryptographic functions.
HS codes to review	8471.30.90 / 8471.41.90 / 8471.49.90 / 8471.80.90; if it is a network transmission appliance with encryption, also review heading 8517	The appendix to Decree 211/2025/ND-CP refers to HSM, PKI Token and products for cryptographic key generation, management or storage.
Suggested duty matrix	General import duty 5%; MFN 0%; VAT 10%; FTA duty may be 0% if valid C/O is accepted	Recheck the tariff schedule on the declaration date based on the finally confirmed HS code.
Core licensing policy	Likely subject to civil cryptography import license review; if it is also a cybersecurity product, review cybersecurity import licensing separately	Do not conclude “no license required” before reviewing catalogue, datasheet, model and functions.
Minimum technical file	Catalogue, datasheet, user/admin manual, security target/whitepaper, model list, serial list, encryption statement, license sheet, test report/certification if any	The file should clarify algorithms, key functions, usage scope and import purpose.

Legal note: This guide is a pre-import operational checklist and does not replace formal HS classification, licensing conclusion or competent authority opinion. Products with cryptographic functions must be reviewed against the actual catalogue, datasheet, model and import purpose.

SCOPE OF APPLICATION

This article applies to encryption devices/modules, key management devices, crypto appliances, HSM (Hardware Security Module), PKI Token or devices for cryptographic key generation, key storage, key management, digital signature, signature verification, authentication or data encryption.

In scope

HSM, crypto appliance, key management appliance, secure key vault, encryption module, PKI token or dedicated cryptographic device.
Imports for trading, projects, data centers, banking, finance, e-commerce, FDI/EPE enterprises or internal systems.
Products whose documents show encryption, key management, digital signature, authentication or transaction protection.

Not automatically covered

Do not merge with firewall, VPN appliance, secure router or DLP where the core function and policy are different.
Pure software license/cloud subscription without physical imported goods is outside the scope of this hardware import guide.
Do not apply the conclusion of a standalone key management device to an embedded module before clarifying the imported goods.

Separate review needed

Used/refurbished goods, samples, warranty replacement, project cargo or temporary import/re-export.
Devices with Wi‑Fi/Bluetooth/4G/5G modules, battery, adapter, charger, VPN or cybersecurity functions.
Products for military, security, cipher or export-controlled purposes from the selling country.

Handling principles

Do not state “no license required” before reviewing model, functions and technical documents.
If multiple policies may apply, clearly state that actual documents must be reviewed.
Freeze the file before ETA to avoid storage/demurrage and post-arrival amendments.

PRODUCT CLASSIFICATION & TECHNICAL IDENTIFICATION

The key identifier is not only the outer box but the cryptographic function: key generation, key storage, key management, private-key protection, digital signature, signature verification, encryption/decryption, authentication or transaction protection. Distinguish a standalone encryption device/module from a normal server running security software or a network appliance with basic security features.

Technical criterion	Documents to check	Risk if misdescribed	Suggested wording on documents/declaration
Core cryptographic function	Catalogue, datasheet, admin manual, security whitepaper, encryption statement	Civil cryptography import license may be missed	Encryption device/module, model…, used for cryptographic key generation/storage/management.
Product type	Datasheet, port photos, CPU/RAM/storage, form factor	Confusion among HSM, server, embedded module, USB token or network appliance	State HSM/crypto appliance/key management device/PKI token according to manufacturer documents.
Algorithms and key mechanism	Security target, FIPS/Common Criteria if any, algorithm document, license sheet	Request for explanation on encryption function and usage scope	State key management/digital signature/authentication/data encryption if supported by evidence.
Import purpose	Contract, PO, project description, system deployment note	Wrong purpose may affect license dossier and customs explanation	State trading/project/internal/warranty purpose clearly.
Goods condition	Invoice, contract, photos, serial list, brand-new confirmation	Used/refurbished IT policy may arise	Declare brand-new only when evidence supports it.

HS CODE – DUTY – C/O

Do not classify an encryption device/module solely by the trade name “crypto appliance”. Review whether the goods are automatic data processing equipment, ADP functional units, input/output/data processing devices, HSM hardware or data transmission/receiving equipment with encryption. The appendix to Decree 211/2025/ND-CP lists HSM, PKI Token and products with cryptographic key generation, management or storage functions under HS codes including 8471.30.90, 8471.41.90, 8471.49.90 and 8471.80.90.

HS code to review	Condition of application	Risk if wrongly applied	Documents to check
8471.30.90	Applicable where the goods fit the technical nature of portable ADP equipment under heading 8471.30	Wrong when the product is actually a module, system appliance or network transmission device	Catalogue, datasheet, hardware configuration, product photos.
8471.41.90	ADP equipment/system with CPU and input/output units in the same housing, not more specifically classified elsewhere	Wrong specialized policy if the actual nature is a cryptographic network device	Datasheet, block diagram, port layout, CPU/RAM/storage, user manual.
8471.49.90	Other ADP systems, where the product includes multiple units or a system configuration based on actual documents	Risk if declared simply as “server” while the main function is cryptographic	Catalogue, model list, system configuration, license sheet.
8471.80.90	Other units of ADP machines, often reviewed for modules or dedicated units not falling under the above codes	Likely queried if function and interface are unclear	Module datasheet, photos, interface description, integration manual.
Heading 8517 where network appliance applies	Review when the product transmits/receives/switches/routes data as a network appliance with encryption	Wrong if the product is an HSM/key management appliance rather than network equipment	Network diagram, ports, throughput, routing/switching functions, security features.

HS code	General import duty	MFN duty	VAT	FTA duty with valid C/O	Application note
8471.30.90	5%	0%	10%	May be 0% if valid C/O is accepted under the applicable FTA	Apply only where the product fits the relevant ADP classification.
8471.41.90	5%	0%	10%	May be 0% if valid C/O is accepted under the applicable FTA	Support with CPU/input-output/function evidence.
8471.49.90	5%	0%	10%	May be 0% if valid C/O is accepted under the applicable FTA	Commonly reviewed for specialized ADP systems/appliances.
8471.80.90	5%	0%	10%	May be 0% if valid C/O is accepted under the applicable FTA	Carefully substantiate modules/functional units and avoid generic descriptions.

SPECIALIZED POLICY MATRIX

Goods scenario	Potential policy	Documents to check	Authority/portal if identified	Recommended timing	Risk note
HSM/crypto appliance/key management device	Civil cryptography import license review under Decree 211/2025/ND-CP	Catalogue, datasheet, encryption statement; application form No. 07 under Appendix III; civil cryptography business license; certificate of conformity for imported civil cryptography products	Government Cipher Committee; submission may be direct, postal or online as provided	Before ETA, ideally after PO/model is fixed; under Decree 211/2025/ND-CP, processing is 07 working days from receipt of a valid dossier	Missing license or missing conformity certificate may stop clearance or trigger dossier supplement.
Device with both cryptography and cybersecurity functions	Also review cybersecurity product import license policy	Function list, admin guide, model list, license sheet	Authority of Information Security – MIC if listed	Before ETA	Cybersecurity and civil cryptography licenses are not mutually substitutable if both scopes apply.
Embedded cryptographic module	Determine whether imported as separate module, component, accessory or part of main equipment	Module datasheet, BOM, integration diagram, invoice line item	Customs/specialized authority depending on case	Before issuing shipping documents	Wrong line description may change HS and license requirement.
Device with Wi‑Fi/Bluetooth/4G/5G	Review ICT/telecom conformity if radio module exists	Radio specifications, test report, QCVN, manual, label	Relevant ICT/telecom authority if applicable	Before cargo arrival	Do not apply radio policy without a radio module, but keep evidence.
Used/refurbished goods	Review used IT import policy	Invoice, contract, photos, serial list, year of manufacture, goods condition	Customs/specialized authority	Before purchase	High risk where documents cannot prove brand-new condition.
EPE/FDI/factory/project import	Review import purpose, customs regime, license and internal compliance file	PO, project file, contract, invoice, model list, technical file	Customs office and specialized authority if applicable	Before ETA	Wrong customs regime or purpose may cause post-clearance explanations.

LEGAL DOCUMENTS TO REVIEW

Document group	Document name/number	Issuing authority	Effective timing	Role in the procedure	Key articles/appendices	Review note
Law	Law on Cyberinformation Security No. 86/2015/QH13	National Assembly	Effective 01/07/2016	Legal basis for civil cryptography and cybersecurity	Provisions on civil cryptography products/services and import/export	Check consolidated/amended texts if any.
Decree	Decree 211/2025/ND-CP	Government	Issued 25/07/2025; effective 09/09/2025	Core regulation on civil cryptography, import/export license and conformity assessment	Article 7 on dossier and licensing procedure; Appendix II product list; Appendix III forms No. 07/08	Review the exact appendix item and product model.
Circular	Circular 10/2022/TT-BTTTT amending Circular 13/2018/TT-BTTTT	Ministry of Information and Communications	Effective 15/09/2022	Additional review where the product is also a cybersecurity product imported under license	Appendix on cybersecurity products imported under license	Apply only if actual functions fall under the listed categories.
Circular	Circular 26/2025/TT-BKHCN	Ministry of Science and Technology	Effective 31/10/2025	Review used/refurbished IT goods	Used IT goods list/policy	Only relevant where goods are not brand-new.
Tariff	Import/export tariff schedule effective on declaration date	Ministry of Finance/Government	Applicable at declaration time	Determine general duty, MFN, VAT and FTA rates	Final HS code and accepted C/O	Do not rely on outdated duty rates.
Labeling	Current import goods labeling regulations	Government/sectoral authorities	As effective	Review original and Vietnamese supplementary labels	Goods name, model, origin, manufacturer, responsible entity	Review based on circulation purpose and actual dossier.

VIEW / DOWNLOAD ORIGINAL LEGAL DOCUMENTS

Enterprises can search legal documents by number on official legal document portals, the Government Portal or the website of the issuing authority. Enterprises should also verify the applicable text on official legal document portals or issuing authority websites before implementation.

Decree 211/2025/ND-CP Appendix to Decree 211/2025/ND-CP Law 86/2015/QH13 Circular 10/2022/TT-BTTTT Circular 26/2025/TT-BKHCN

CUSTOMS CLEARANCE DOCUMENT SET

Commercial documents

Commercial Invoice.
Packing List.
Bill of Lading/Air Waybill.
Sales Contract/Purchase Order if any.
Certificate of Origin – C/O if claiming preferential duty.
Catalogue/Datasheet, product photos, original label, model list/serial list.

Specialized documents if applicable

Civil cryptography product import license.
Civil cryptography product/service civil cryptography business license.
Encryption statement, security whitepaper, admin/user manual.
Test report/conformity assessment documents and conformity declaration if applicable.
Labeling file, technical documents and cybersecurity license dossier if applicable.

Dossier group	Required documents	Used for step	Usually prepared by	Common error	Pre-ETA check
Commercial	Invoice, Packing List, B/L/AWB, Contract/PO	Customs declaration, value and quantity review	Importer, seller, forwarder	Generic description, missing model/serial, quantity mismatch	Cross-check each line against catalogue and license scope.
Technical	Catalogue, datasheet, admin manual, encryption statement, model list	HS classification, civil cryptography license and policy explanation	Importer, manufacturer, IT/compliance team	No algorithm/key-management evidence	Ask manufacturer for confirmation before shipment.
Civil cryptography	Application form, product list, relevant license, technical file	Import license application	Importer/compliance/legal	Late submission after ETA or missing model/HS/origin	Prepare in parallel with PO finalization.
C/O	Relevant C/O form, invoice, B/L/AWB, origin criteria	FTA duty claim	Seller, importer, forwarder	Wrong description, HS or origin criterion	Review draft C/O before issuance.
Labeling	Original label, supplementary label, product photos, manufacturer information	Physical inspection/circulation/post-clearance	Importer, seller	Mismatch in model/origin/responsible entity	Obtain label photos before shipment.

DECISION POINTS THAT MAY HOLD THE SHIPMENT

Decision point	Question to answer	Evidence	Consequence if unclear	Recommended action
HS code	Is it ADP equipment, an ADP functional unit or encrypted network equipment?	Datasheet, block diagram, port photos, manual	Classification query or duty adjustment	Prepare HS rationale before ETA.
Cryptographic function	Does it generate, store or manage keys, sign, authenticate or encrypt data?	Encryption statement, security whitepaper, admin manual	Civil cryptography import license may be required	Obtain manufacturer confirmation and review Decree 211 before shipment.
License	Is the product under the licensed import/export list?	Appendix to Decree 211, model list, technical file	Clearance may be stopped or documents supplemented	Do not declare before license status is clear.
Parallel cybersecurity policy	Is the device also a cybersecurity product imported under license?	Function list, security documents, Circular 10 list	Cybersecurity license/explanation may be requested	Review civil cryptography and cybersecurity policies in parallel.
Model/document consistency	Do invoice, catalogue, license and label show the same model?	Invoice, Packing List, license, catalogue, label photo	Amendment, inspection or refusal risk	Freeze model/serial list before shipping documents.
Goods condition	Brand-new, refurbished or used?	Contract, invoice, photos, serial list	Used IT policy risk	Confirm condition at procurement stage.

PRACTICAL E2E PROCESS

Step 1: Pre-ETA review

Fix HS, review civil cryptography policy, cybersecurity policy if any, duty, C/O, labeling and goods condition.

Step 2: Lock documents and technical file

Finalize Invoice, Packing List, B/L/AWB, catalogue, datasheet, model list, serial list, encryption statement and function documents.

Step 3: Apply for license/specialized dossier if applicable

Prepare civil cryptography import license and/or cybersecurity license before arrival; do not wait until after ETA.

Step 4: Lodge customs declaration

Green channel may clear under system conditions; Yellow channel checks documents; Red channel checks documents and goods. Key questions: HS, value, model, C/O, license, catalogue and cryptographic function.

Step 5: Clearance, delivery and post-clearance completion

Deliver cargo, complete supplementary labeling/conformity mark if applicable, archive shipment file and prepare post-clearance explanation pack.

Step 6: Compliance recordkeeping

Keep license, declaration, transport documents, C/O, technical file, label photos, serial list and all manufacturer/authority correspondence.

PRE-ETA RISK CHECKLIST

Risk	Consequence	How to block before ETA	Documents to check
Cryptographic function not identified	Missing license or post-arrival explanation	Request encryption statement and admin manual from manufacturer	Catalogue, datasheet, whitepaper, license sheet.
HS selected by trade name	Wrong duty, policy or consultation request	Classify by structure and principal function	Datasheet, block diagram, port photos.
Late license application	Delay and DEM/DET cost	Prepare license dossier immediately after model is fixed	Application, product list, relevant business license, technical file.
Model mismatch between documents and license	Amendment or refusal risk	Freeze model/serial list before shipment	Invoice, Packing List, license, catalogue, label.
Incorrect C/O description or HS	FTA duty preference may be refused	Review draft C/O before issuance	C/O draft, invoice, B/L/AWB, confirmed HS.
Used/refurbished condition not reviewed	Used IT import policy risk	Obtain brand-new confirmation or review separate policy	Contract, invoice, photos, serial list.

FAQ

Does an encryption device/module require an import license?

Possibly yes, if it falls under civil cryptography products imported under license under Decree 211/2025/ND-CP. Review the model, function and technical file.

Is HSM subject to civil cryptography review?

Yes. HSM with key generation, storage, management, digital certificates, signing and signature verification functions must be reviewed under the civil cryptography list.

Does it require quality inspection/conformity certification?

No absolute conclusion should be made. QCVN/TCVN, wireless modules, adapters, batteries or ICT/cybersecurity policy may require separate review.

Can C/O reduce import duty?

Yes, if the C/O is valid under the applicable FTA and consistent in form, origin criterion, goods description and HS code.

Do samples or warranty replacements follow the same procedure?

Not automatically. They still need correct declaration by nature, value, import purpose, condition and applicable license policy.

What if invoice says “security appliance” while catalogue says HSM?

Revise the goods description before declaration so the documents reflect the actual nature of the device.

IMPLEMENTATION SUPPORT FROM TGIMEX

This guide provides a map of HS code, duties, documents and specialized policies for encryption devices/modules. In actual shipments, importers should still review catalogue, datasheet, model, documents, origin and import purpose.

Support scope

Pre-ETA review: HS, civil cryptography/cybersecurity policy, C/O, duties, labeling and technical file.
Compliance file control: Invoice, Packing List, B/L/AWB, C/O, license, catalogue, test report, label and technical documents.
Coordinate international logistics, agents, carriers/airlines, pre-alert, ETA and transport documents.

Operational risk control

Prepare customs declaration and handle Green/Yellow/Red channel questions on HS, value, origin and license.
Review civil cryptography and cybersecurity licensing file if the device is regulated.
Archive shipment file and review supplementary label/conformity mark if applicable.

For shipments likely to involve licenses, C/O or labeling requirements, importers should not wait until cargo arrival to start document review. Small discrepancies among Invoice, Packing List, catalogue, datasheet, C/O or label may lead to document supplement requests, delayed clearance or unplanned storage costs.

Có liên quan

QUICK CONSULTATION

NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?

Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.

CALL NOW

HOTLINE 0963 856 664 / 0982 135 393

EMAIL info@tgimex.com

SUITABLE FOR International shipping · Customs procedures · Import licenses · B2B logistics

ELECTRICAL – ELECTRONICS – IT EQUIPMENT

F&B

MACHINERY

HOUSEHOLD GOODS

COSMETICS – PERSONAL CARE