Tiếng Việt
中文 (中国)
IMPORT PROCEDURES FOR WEB APP SECURITY APPLIANCE
A web app security appliance is a dedicated device used to protect web applications, block application-layer attacks, control access and monitor HTTP/HTTPS traffic. The main import risk is not transportation itself, but incorrect functional description, wrong HS classification, missing network information security import licence, model mismatch across invoice – packing list – catalogue, or late compliance preparation before ETA (Estimated Time of Arrival). This article provides an E2E (End-to-End) review map covering HS code, duties, C/O, specialized policy, customs documents and clearance decision points.
| Item | Quick review content | Operational note |
|---|---|---|
| Product scope | Web app security appliance / Web Application Firewall appliance / web application protection appliance | Do not automatically apply this article to Email Security or WAF cloud/SaaS licence without imported hardware. |
| Reference HS code | 8517.62.43 where the device is a network gateway/adaptor/router-type appliance; 8471.30.90 / 8471.41.90 / 8471.49.90 where the product is essentially an automatic data processing machine or a specialized computer system. | Review catalogue, datasheet, model, ports, CPU, storage, OS, routing/proxy/firewall functions and actual import purpose. |
| Reference taxes | MFN is commonly 0% for the above reference codes; ordinary import duty is generally 5%; VAT should be budgeted at 10%, with a review for possible 8% VAT during 01 July 2025–31 December 2026 if eligible. | Do not finalize tax treatment without checking the tariff schedule on the customs declaration date. |
| Specialized policy | May fall under the list of network information security products imported under licence; ICT Group 2 conformity should also be reviewed if the model falls within the listed scope. | Important where the appliance performs attack prevention, intrusion detection, security monitoring or web application security assessment. |
| Authority / portal | Department of Cybersecurity and Hi-tech Crime Prevention – Ministry of Public Security; Ministry of Public Security Public Service Portal/National Public Service Portal; National Single Window if applicable. | The actual submission channel should be checked at the processing time; current administrative procedure information is published on the Ministry of Public Security Public Service Portal. |
SCOPE OF APPLICATION
This article applies to a web app security appliance, namely a hardware or dedicated appliance used to protect web applications, filter/block application-layer attacks, control HTTP/HTTPS traffic, detect anomalies and enforce security policies for web/API systems.
Applicable products
- Hardware Web Application Firewall appliance.
- Web/API protection appliance deployed before application servers, secure reverse proxy or application-layer gateway.
- Dedicated hardware with firmware/licence used to operate security functions.
Not automatically covered
- Email Security, cloud/SaaS WAF licence, or downloadable software without imported hardware.
- Network firewall, UTM, DDoS appliance or VPN gateway where the main function is different.
- General server not configured as a web application security appliance at importation.
Variants requiring separate review
- New, refurbished, warranty return, sample or project cargo.
- Device with Wi‑Fi/Bluetooth/4G/5G module, adaptor, backup battery or special accessories.
- Device with encryption, key management, VPN, SSL inspection or advanced security features.
Application principle
Review by catalogue, datasheet, model and actual import purpose. Do not group all network security equipment into one conclusion because policy may vary by main function and HS code.
CLASSIFICATION & TECHNICAL IDENTIFICATION
The goods should be identified by technical nature, not only by commercial name. A web app security appliance may be described as a network security appliance, application delivery security gateway, reverse proxy appliance, WAF hardware or secure web gateway. Each description may affect HS classification and specialized policy.
| Criterion to check | Document to compare | Risk if described incorrectly | Suggested goods description on documents/declaration |
|---|---|---|---|
| Main function | Catalogue, datasheet, user manual, product brief | A generic “server” or “network device” description may miss the security import licence requirement. | “Web app security appliance, model…, used for web application protection/application-layer attack prevention, brand new”. |
| Hardware configuration | CPU, RAM, storage, interface, throughput and power adaptor datasheet | May be misclassified between ADP machines under heading 84.71 and data transmission devices under heading 85.17. | State the number/type of network ports and gateway/proxy/firewall functions if any. |
| Security functions | Licence sheet, security function list, administrator guide | Attack prevention, intrusion detection, monitoring or web application security assessment functions may be omitted. | Describe the main security functions clearly and avoid vague wording. |
| Encryption/VPN/SSL inspection | Feature document, encryption statement, datasheet | May trigger review of civil cryptography or network information security controls. | Separate encryption for secure communication from web application protection functions. |
| Condition of goods | Invoice, packing list, serial photos, contract | Used/refurbished goods may trigger a different policy from brand-new goods. | State brand-new 100% or the actual condition based on documents. |
HS CODE – DUTY – C/O
HS classification for a web app security appliance should be based on main function, structure and operating principle. If the device is a network appliance processing, forwarding, filtering and protecting data traffic, heading 85.17 should be reviewed. If it is essentially an automatic data processing machine or a specialized computer system, heading 84.71 may need to be considered. Software-only or licence-only imports should be reviewed separately.
| Reference HS code | Condition of application | Risk if applied incorrectly | Documents to compare |
|---|---|---|---|
| 8517.62.43 | Gateway/adaptor/router-type device designed to connect with ADP machines and transmit/receive data while protecting web applications. | Misclassification as a general server may create policy and licence discrepancies. | Port datasheet, network diagram, gateway/reverse proxy/WAF functions. |
| 8471.30.90 / 8471.41.90 / 8471.49.90 | Device essentially operates as an ADP machine or data processing system with CPU, storage, OS and pre-installed security software. | Customs may request explanation if the main function is a security appliance rather than a general computer. | Catalogue, CPU/RAM/storage configuration, OS, label photo and model list. |
| Bundled licence/software | Applicable where the appliance is imported with activation licence, subscription or management software. | Incorrect split of hardware/software value may affect customs valuation. | Invoice, contract and manufacturer licensing documents. |
| Tax item | Reference rate | Condition | Review note |
|---|---|---|---|
| MFN import duty | 0% | Reference for 8517.62.43 and 8471.30.90 / 8471.41.90 / 8471.49.90. | Recheck on the declaration date and according to the final HS code. |
| Ordinary import duty | 5% | Applies where preferential/special preferential treatment is not available and the corresponding ordinary tariff is used. | Not a substitute for MFN if MFN conditions are satisfied. |
| VAT | Default budget rate 10%; review possible 8% during 01 July 2025–31 December 2026 if the goods are eligible and not excluded. | Review Decree 174/2025/ND-CP, exclusion appendices and customs/tax guidance at the declaration date. | Telecommunication or excluded goods may not be eligible for VAT reduction. |
| Special preferential duty under C/O | May be 0% depending on FTA, HS code and origin | C/O must use the correct form, origin criterion, goods description and HS code. | Incorrect C/O form, criterion, HS or description may lead to denial of preference. |
APPLICABLE SPECIALIZED POLICIES
| Goods scenario | Potential policy | Documents to check | Authority/portal if identifiable | Recommended timing | Risk note |
|---|---|---|---|---|---|
| WAF / web application security appliance | May be subject to network information security import licence under Circular 10/2022/TT-BTTTT. | Catalogue, datasheet, attack/intrusion prevention functions, HS code, licence application dossier. | Department of Cybersecurity and Hi-tech Crime Prevention – Ministry of Public Security; Ministry of Public Security Public Service Portal/National Public Service Portal; NSW if applicable. | Before ETA, ideally before shipment. | Do not wait until arrival to determine licence requirement. |
| Web application security monitoring/assessment system | May fall under web application control/monitoring/assessment security systems requiring review. | Function description, monitoring module, log/report feature, assessment function if any. | Department of Cybersecurity and Hi-tech Crime Prevention – Ministry of Public Security. | Before customs declaration. | Insufficient functional description may trigger supplementary requests. |
| Device with Wi‑Fi/Bluetooth/4G/5G | May require conformity certification/declaration under Circular 29/2025/TT-BKHCN if HS and description fall within the list. | Test report, applicable QCVN, radio module, frequency and transmission power. | ICT/telecom quality management authority as applicable. | Before ETA. | Policy depends on integrated modules and specifications. |
| Device with encryption/VPN/SSL inspection | Civil cryptography and/or network information security review may arise. | Encryption statement, crypto module, licence features, algorithm description if available. | Relevant specialized authority. | Before contracting or ordering. | Do not assume exemption without technical documents. |
| Used/refurbished/warranty goods | May trigger specific policy on used equipment, import conditions and warranty/return documentation. | Contract, RMA, condition certificate, serial list and photos. | Customs and specialized authority if any. | Before shipment. | May require value and condition explanation. |
| Goods for EPE/FDI/factory/project | Customs regime, end-use, project contract, asset management and post-clearance record keeping. | PO, project contract, equipment list, place of use and incentive documents if any. | Managing customs authority/EPE authority if applicable. | Before ETA and before declaration. | Import purpose should match accounting and operational records. |
LEGAL DOCUMENTS TO REVIEW
| Document group | Document name/number | Issuing authority | Effective timing | Role in procedure | Key part to note | Review note |
|---|---|---|---|---|---|---|
| Law | Law on Customs 2014 | National Assembly | Currently applicable; amendments should be checked | General framework for customs declaration, inspection and supervision. | Customs dossier, physical inspection and post-clearance audit rules. | Review by import regime. |
| Law | Law on Network Information Security 2015 | National Assembly | Currently applicable | Legal basis for controlling imported network information security products. | Rules on network information security products/services. | Relevant where security/encryption functions exist. |
| Circular | Circular 10/2022/TT-BTTTT amending Circular 13/2018/TT-BTTTT | Ministry of Information and Communications | Effective from 15 September 2022 | List, procedures and dossier for import licence of network information security products. | Appendix I: Web Application Firewall; web application security control/monitoring/assessment systems. | Core legal document for this product; actual handling authority/portal should be checked against the current administrative procedure. |
| Circular | Circular 29/2025/TT-BKHCN | Ministry of Science and Technology | Effective from 31 December 2025 | ICT and telecom Group 2 product list. | Articles 1–5 and Appendices I, II. | Only applies where both HS and description are within the list. |
| Decree | Decree 43/2017/ND-CP and Decree 111/2021/ND-CP | Government | Currently applicable; effect should be checked | Goods labelling and Vietnamese supplementary labels for circulation. | Mandatory label contents and labelling responsibility. | Check original label, model, origin and manufacturer. |
| Tariff/VAT | Decree 26/2023/ND-CP; Decision 15/2023/QD-TTg; Decree 174/2025/ND-CP | Government / Prime Minister | Applicable by period | MFN duty, ordinary duty and VAT/VAT reduction review. | Tariff schedules and VAT reduction exclusion appendices. | Check on the customs declaration date. |
VIEW / DOWNLOAD ORIGINAL LEGAL TEXTS
Enterprises should additionally compare the legal texts on the national legal database or the issuing authority’s website before application.
CUSTOMS CLEARANCE DOCUMENT SET
Commercial documents
- Commercial Invoice.
- Packing List.
- Bill of Lading/Air Waybill.
- Sales Contract/Purchase Order if any.
- C/O if special preferential duty is claimed.
- Catalogue, datasheet, product photos, original label, model list and serial list.
Specialized documents if triggered
- Import licence for network information security product.
- Quality inspection registration/conformity certification/conformity declaration if ICT Group 2 applies.
- Test report, technical documents and user manual.
- Goods label dossier, Vietnamese supplementary label and conformity mark if applicable.
- Explanatory documents for encryption/VPN/SSL inspection if any.
| Dossier group | Required documents | Used for | Usually prepared by | Common mistake | Pre-ETA check |
|---|---|---|---|---|---|
| Commercial | Invoice, Packing List, Contract/PO | Value, quantity and Incoterms declaration | Importer/Procurement/Supplier | Generic description, incomplete model suffix, wrong origin | Compare with catalogue, label, C/O and contract. |
| Transport | B/L or AWB, arrival notice, pre-alert | Delivery order, manifest and declaration | Forwarder/Carrier/Docs | Wrong consignee, package count or missing pre-alert | Approve draft B/L/AWB before issuance. |
| Technical | Catalogue, datasheet, model list, serial list | HS classification and licence screening | Supplier/Technical team | Datasheet does not show WAF/security function | Request full technical documents before shipment. |
| Specialized | Information security licence, test report/conformity if any | Supplementary customs/specialized dossier | Importer/Compliance/Service provider | Licence prepared after ETA or missing functional documents | Review from the booking stage. |
| C/O | Suitable C/O form and transport evidence if required | Special preferential duty claim | Supplier/Exporter/Importer | Wrong HS, description, late issuance or missing stamp/signature | Compare draft C/O with invoice, packing list and declaration. |
Document consistency rule: Goods name, quantity, model, serial, origin and specifications must match across commercial documents, catalogue, labels, specialized dossier and customs declaration.
CLEARANCE DECISION POINTS THAT MAY HOLD THE SHIPMENT
| Decision point | Question to answer | Evidence | Consequence if unclear | Recommended handling |
|---|---|---|---|---|
| HS code | Should the device fall under 85.17 or 84.71? | Catalogue, datasheet, hardware configuration and network diagram | Explanation request, channel escalation or duty adjustment | Prepare an HS classification note before ETA. |
| Information security licence | Is it a Web Application Firewall or web application security monitoring/assessment system? | Security function documents, product list and model list | Clearance may be blocked if the goods are licensable | Screen/licence before arrival. |
| Model and licence | Do invoice model and device/licence model match? | Invoice, packing list, licence sheet and serial list | Suspected incorrect type/value declaration | Lock model and serial list before booking. |
| Goods label | Does the original label show manufacturer, model, origin and basic specifications? | Label photos, artwork and packing photos | Supplementary label may be required before circulation | Prepare Vietnamese supplementary label if sold domestically. |
| C/O | Is the C/O form, HS and goods description correct? | C/O, invoice, transport documents and declaration | Special preferential duty may be denied | Check draft C/O before official issuance. |
PRACTICAL E2E PROCESS
Pre-ETA review
Confirm HS, duty, C/O, labels, security functions, information security licence risk and ICT Group 2 policy.
Lock technical documents
Finalize invoice, packing list, B/L/AWB, catalogue, datasheet, model list and serial list; request WAF function documents.
Prepare specialized dossier
If licence/conformity is triggered, prepare the dossier before arrival to avoid storage costs.
Submit customs declaration
Handle Green/Yellow/Red channels and prepare explanations on HS, value, origin, model and specialized policy.
Clearance and record keeping
Deliver to warehouse, complete supplementary labels/conformity marks if any, keep shipment file for post-clearance audit.
PRE-ETA RISK CHECKLIST
| Risk | Consequence | Pre-ETA control | Documents to check |
|---|---|---|---|
| Generic name such as “network device” or “server” | Wrong HS, wrong licence policy and supplementary requests | Describe web app security/WAF function clearly | Catalogue, datasheet, product brief |
| Information security licence not screened | Clearance may not proceed if goods are licensable | Review Circular 10/2022/TT-BTTTT before shipment | Product list, model list and security functions |
| Wrong C/O form or HS | Loss of preferential duty and C/O query | Approve draft C/O with supplier | Draft C/O, invoice, packing list |
| Model mismatch | Channel escalation/explanation and clearance delay | Lock model and serial list before document issuance | Invoice, packing list, label, datasheet |
| Unclear licence/hardware value split | Customs valuation risk | Ask invoice to clearly state device, licence and subscription components | Invoice, contract, licence sheet |
| Radio module not declared | Potential conformity/quality inspection omission | Review radio module, frequency, power and QCVN | Datasheet, test report, module specification |
FAQ – COMMON BUSINESS QUESTIONS
Does a web app security appliance require an import licence?
It may require a network information security product import licence if the model falls under Web Application Firewall or web application security control/monitoring/assessment systems. Review actual documents.
Is conformity or quality inspection required?
Only if the device has HS code and description within the ICT Group 2 list or integrates radio/telecom modules subject to applicable QCVN.
Should the HS code be 8517.62.43 or 8471?
There is no default code for all models. Network/gateway-type appliance points toward 8517.62.43; ADP machine/system type may require 8471 review.
Can C/O reduce duty?
Possibly, if the relevant FTA offers preferential duty and the C/O satisfies form, origin criterion, description, HS code and validity requirements.
Are sample/warranty goods processed like commercial goods?
Not automatically. Samples, warranty/RMA and project goods may differ in value, import purpose and explanatory documents.
What if the invoice model differs from the catalogue?
Ask the supplier to revise documents or provide model mapping evidence. Do not submit the declaration before model and serial list are locked.
RELATED ARTICLES
TGIMEX EXECUTION SUPPORT
This article provides a map of HS code, duties, documents and specialized policy for web app security appliance. In an actual shipment, enterprises still need to review catalogue, datasheet, model, documents, origin and import purpose.
Pre-ETA review
- HS code, information security policy, C/O, duty, VAT and goods label.
- Cross-check catalogue, datasheet, model, serial and security functions.
Compliance document control
- Compare Invoice, Packing List, B/L/AWB, C/O, catalogue, test report and licence sheet.
- Standardize goods description before declaration.
International logistics & customs
- Coordinate agents, carriers/airlines, ETA, pre-alert and transport documents.
- Support customs declaration, channel handling and specialized policy explanation.
Post-clearance records
- Keep shipment files and review supplementary labels/conformity marks if applicable.
- Prepare post-clearance explanation dossier.
For shipments potentially involving specialized inspection, licensing, C/O or labelling, enterprises should not wait until cargo arrival to start document review. A small mismatch among Invoice, Packing List, catalogue, datasheet, C/O or labels may lead to supplementary requests, delayed clearance or unexpected storage costs.
TGIMEX supports an E2E import approach: pre-ETA policy review, document checking, international transport coordination, customs declaration, clearance handling, inland delivery and post-clearance record keeping.
NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?
Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.
Law 41/2013/QH13 on Plant Protection and Quarantine – notes for import/export businesses
Law on Veterinary Medicine 79/2015/QH13: Notes for Import-Export and Logistics Businesses
Law on Veterinary Medicine No. 79/2015/QH13: quarantine compliance notes for import-export logistics
Law No. 41/2013/QH13 on Plant Protection and Quarantine: Operational Notes for Importers, Exporters and Logistics Teams
Vietnam Law on Veterinary Medicine No. 79/2015/QH13: Compliance notes for animal quarantine, animal products and import-export logistics
Import procedure for electric, battery-powered and technology-based beauty devices
Import procedure guide for cosmetic samples, testers, exhibition and research products
Import Procedure Guide for Non-electric Beauty Packaging / Tools / Accessories
Import procedure for cosmetic ingredients and raw materials
IMPORT PROCEDURE GUIDE FOR COSMETIC GIFT SETS AND PRODUCT COMBOS
Import procedure for general finished cosmetic products in Vietnam
IMPORT PROCEDURE FOR COSMETICS WITH DANGEROUS GOODS RISK IN TRANSPORTATION
Import procedure guide for cosmetics with borderline claims / functions
Import Procedure Guide for Makeup and Color Cosmetics
IMPORT PROCEDURE FOR HAIR DYE, BLEACHING, PERMING AND STRAIGHTENING PRODUCTS