SIEM (Security Information and Event Management) shipments are prone to clearance delays when the commercial description is limited to “server”, “security appliance” or “network device”. Incorrect HS classification, missing network information security import licence, model mismatch across invoice – catalogue – licence, or late C/O review may lead to customs document queries, channel inspection and DEM/DET exposure. This article provides an end-to-end map for enterprises to review before shipment arrival: HS code, duties, C/O, sectoral policies, customs dossier, clearance process and pre-ETA risk controls.

QUICK FACTS

Item	Review point	Operational note
Applicable product	SIEM appliance/complete equipment used for log collection, event correlation, security monitoring and alerting.	Not automatically applicable to firewall, NAC, IPS/IDS, DDoS appliance, UTM or SIEM software delivered digitally.
Reference HS	8471.30.90 / 8471.41.90 / 8471.49.90 or 8517.62.43 / 8517.62.49 depending on structure: ADP machine/system or data transmission/reception equipment.	Circular 10/2022/TT-BTTTT lists SIEM under the import-licence list with HS codes 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43 and 8517.62.49.
Reference duties	MFN 0%; ordinary import duty 5%; VAT baseline 10%, with 8% to be reviewed only if eligible during the applicable VAT reduction period.	Check the tariff schedule on the declaration date, together with C/O, origin and VAT policy status.
Key sectoral policy	May be subject to an import licence for network information security products if it is a complete device in the statutory list.	Do not conclude licence exemption without catalogue, datasheet, model, functions and actual import purpose.
Critical dossier	Invoice, Packing List, B/L/AWB, C/O if any, catalogue/datasheet, model/serial list, SIEM function description, and sectoral dossier if triggered.	Commodity description, model, function and HS code must be consistent across commercial documents, technical documents, licence and customs declaration.

Legal note: This content is an operational review framework only. Enterprises must review the catalogue, datasheet, model, security functions, hardware/software configuration, goods condition and actual import purpose before applying it to a specific shipment.

SCOPE OF APPLICATION

This article applies only to SIEM imported as a complete hardware appliance with embedded software or firmware for network information security monitoring. It does not automatically apply to firewall, NAC, IPS/IDS, DDoS appliance, UTM, Network Monitoring, bare servers without SIEM functions, software licences delivered by email, or SaaS services.

Applicable SIEM appliance

Equipment with CPU, memory, network ports, operating system/firmware and functions for log collection, event correlation, alerting and security monitoring.

No group-wide conclusion

Firewall/NAC/IPS/IDS/DDoS/UTM/Network Monitoring may sit in the same menu group but have different functions, sectoral policies and HS review points.

Goods condition must be separated

New, refurbished, used, sample, warranty or project shipments may require different customs and sectoral treatment.

Additional functions must be checked

Encryption, key management, VPN, RF modules, Wi‑Fi/Bluetooth/4G/5G, batteries or adapters may trigger separate policy review.

CLASSIFICATION & TECHNICAL IDENTIFICATION

SIEM must be identified by its main function and technical configuration, not merely by trade name. A model may be marketed as a “security appliance”, “log management appliance” or “SIEM platform”, while import documentation must prove the nature of the goods through catalogue, datasheet, user manual, licence sheet, hardware configuration and functional description.

Criteria to check	Documents to compare	Risk if described incorrectly	Suggested goods description
Main function	Catalogue, datasheet, technical brochure, user manual	A generic “server” or “network device” description may misstate HS and information security policy.	SIEM appliance – security information and event management device, model…, brand…, brand-new.
Physical structure	Datasheet, product photos, CPU/RAM/storage/network ports	Failure to determine whether it is a portable, single-housing or system-type ADP machine.	SIEM appliance integrating dedicated hardware and software.
Security functions	Feature list, admin guide, licence module	Customs may question whether it falls under the licensed network information security product list.	State log collection, event correlation, alerting and security monitoring functions.
Model/serial	Model list, serial list, original label, packing list	Model mismatch against licence/documents may trigger amendment or clarification.	Use the full model name exactly as shown in the catalogue.
Accessories	Packing List, adapter/power cord/module datasheets	Accessories may trigger separate policy if they are RF modules, adapters or standalone devices.	Separate main unit and accessories where applicable.

HS CODE – DUTIES – C/O

For SIEM, HS code should be determined by the actual nature of the imported goods: portable ADP machine, single-housing ADP machine or ADP system. Do not classify solely by the trade name “SIEM” before verifying structure, quantity, configuration and packaging. Appendix I to Circular 10/2022/TT-BTTTT lists SIEM with security monitoring function and reference HS codes under heading 8471.

Reference HS code	Applicable condition	Risk if misapplied	Documents to review
8471.30.90	Portable ADP machine not over 10 kg, with at least CPU, keyboard and display; uncommon for rackmount SIEM appliance.	Incorrect if the actual product is a rackmount appliance/server or multi-unit system.	Datasheet, photos, weight, dimensions, configuration, packing list.
8471.41.90	Other ADP machine in the same housing, with at least CPU, input and output units, other type.	Must prove the product is a complete single unit, not a multi-unit system or pure transmission equipment.	Catalogue, CPU/RAM/storage configuration, I/O ports, user manual.
8471.49.90	Other ADP system, when imported as a system or multiple functional units.	Declaring a standalone device as a system may lead to customs queries.	Packing list, system diagram, contract, device set configuration, model list.
8517.62.43	Control/adaptor units, gateways, bridges, routers or similar apparatus designed for connection with ADP machines of heading 84.71.	Incorrect if the actual product is an independent ADP machine but declared as data transmission/reception equipment.	Datasheet, network port diagram, routing/switching/gateway functions, catalogue, front/rear photos.
8517.62.49	Other equipment in the data transmission/reception group, where the SIEM appliance is technically a data transmission/reception device.	Risky if used solely based on trade name without evidence of principal transmission/reception function.	Catalogue, network interface specification, user manual, data flow description and device configuration.
Other code by actual file	Only if the dossier proves it is not a SIEM appliance under the above codes or is merely component/software/media.	Over-expanding HS codes without grounds may distort licensing policy and duties.	Catalogue, software licence, delivery method, media/licence sheet, classification memo if needed.

Suggested reference duty table

Tax item	Reference rate	Condition	Review note
MFN import duty	0%	For reference HS 8471.30.90 / 8471.41.90 / 8471.49.90 / 8517.62.43 / 8517.62.49 where MFN conditions are met.	Check the MFN tariff schedule on the declaration date.
Ordinary import duty	5%	Where preferential or special preferential rates are not applicable.	Review Decision 15/2023/QD-TTg and any amendments.
VAT	10% baseline; review 8% only if eligible during the VAT reduction period.	Based on HS code, goods group, import purpose and VAT regulations at declaration time.	Do not default to 8%; check exclusion lists, especially telecom/IT-related groups.
Special preferential duty under C/O	May be 0% or lower than MFN depending on the FTA.	Only if C/O is valid, correct form, correct origin, correct HS and origin criteria are met.	Do not state as default without export country, C/O form and relevant FTA tariff.

C/O checklist

C/O checkpoint	Common risk	Pre-ETA control
C/O form and exporting country	Wrong form or no corresponding FTA route.	Confirm exporting country, origin, Incoterms and C/O form before issuing documents.
Goods description on C/O	Generic wording or mismatch with invoice/catalogue/licence.	Ensure description shows SIEM appliance, model and brand.
HS code on C/O	HS differs from declaration or is not acceptable under the FTA.	Align expected HS with exporter before C/O application.
Origin criterion	RVC/CTH/WO or other criterion not satisfied.	Check origin criterion and supporting records before ETA.

APPLICABLE SECTORAL POLICY MATRIX

Goods scenario	Possible policy	Documents to check	Authority/portal if identifiable	Recommended timing	Risk note
Complete SIEM appliance in the list	Import licence for network information security products.	Catalogue, datasheet, SIEM functions, ATTT business licence if required, application dossier.	Under Circular 10/2022/TT-BTTTT, the Authority of Information Security – Ministry of Information and Communications is the licensing authority; verify the actual submission portal before filing.	Before ETA, preferably at PO stage.	Missing licence may hold the shipment or require supplement before clearance.
Bare server without SIEM function	Do not conclude ATTT list applicability without security function.	Configuration, software/licence, contract, import purpose.	Customs and sectoral authority where clarification is needed.	Before customs declaration.	Do not describe as SIEM if actually only a bare server.
Encryption/VPN/key management module	May trigger civil cryptography or other security policy review.	Encryption datasheet, algorithms, VPN module, key management documents.	Relevant sectoral authority; review case by case.	Before purchase/shipment.	Attach civil cryptography policy only when the actual model has listed functions.
Wi‑Fi/Bluetooth/4G/5G capability	May trigger ICT/telecom conformity or quality inspection if HS and description are listed.	RF specs, frequency, power, radio module, test report.	Public service portal/NSW or competent authority under Circular 29/2025/TT-BKHCN if applicable.	Before ETA.	Typical rackmount SIEM does not automatically have radio; verify model.
Used/refurbished goods	May trigger used-goods controls and additional technical evidence.	Year of manufacture, condition, serials, inspection certificate if required.	Customs and relevant authority.	Before shipment.	Do not handle as new if documents/labels show refurbished.
Sample, warranty, project, EPE/FDI	Import purpose, value, exemption/reduction and internal records may differ.	PO/contract, warranty/RMA note, project records, purpose.	Customs office and sectoral authority if any.	Before ETA.	Import purpose must be consistent across documents.

LEGAL DOCUMENTS TO REVIEW

Document group	Document name/number	Issuing authority	Effective time	Role in procedure	Key article/appendix	Review note
Law	Law on Network Information Security No. 86/2015/QH13	National Assembly	Effective from 01 July 2016	Legal basis for management of network information security products/services.	Provisions on ATTT business and product management.	Review where importing for ATTT business/service provision.
Decree	Decree 108/2016/ND-CP	Government	Effective from 01 July 2016	Details conditions for network information security product/service business.	Business conditions, dossier and enterprise obligations.	Relevant where the importer trades in ATTT products.
Circular	Circular 13/2018/TT-BTTTT	Ministry of Information and Communications	Effective from 01 December 2018	Provides the licensed import list and licensing procedure.	Articles 2, 3 and Appendix list.	Amended by Circular 10/2022/TT-BTTTT.
Circular	Circular 10/2022/TT-BTTTT	Ministry of Information and Communications	Effective from 15 September 2022	Replaces appendices and includes SIEM.	Appendix I: SIEM products; HS 8517.62.43 applies from 01 December 2022 under Article 2.	Review model, functions, HS and goods condition.
Public procedure	Import licence procedure for network information security products	Authority of Information Security – Ministry of Information and Communications; submission portal to be verified at implementation time	Under Circular 10/2022/TT-BTTTT and current public administrative procedure	Electronic filing channel for licensing.	Articles 6, 8 and 9 of Circular 13/2018/TT-BTTTT as amended by Circular 10/2022/TT-BTTTT.	Prioritise the legal text and verify the actual filing portal before implementation.
Circular/QCVN	Circular 29/2025/TT-BKHCN and related QCVN/TCVN if the model is ICT/telecom group 2	Ministry of Science and Technology	Effective from 31 December 2025	Conformity/quality review if integrated functions are listed.	Appendix I/II and applicable technical regulations.	Not automatically applicable to every SIEM; apply only where the model falls in the list.
Tariff/VAT	Decree 26/2023/ND-CP; Decision 15/2023/QD-TTg; Decree 174/2025/ND-CP if reviewing VAT reduction	Government / Prime Minister	According to each document	Basis for MFN, ordinary duty, VAT and VAT reduction review.	Heading 8471 tariff; VAT exclusion list if any.	Re-check at declaration date.

VIEW / DOWNLOAD ORIGINAL LEGAL DOCUMENTS

Enterprises should search by document number on official legal portals, the Government portal or the issuing authority’s website/public service portal. Enterprises should also cross-check the documents on official legal portals or authority websites before application.

Circular 10/2022/TT-BTTTT ATTT import licence procedure Circular 29/2025/TT-BKHCN

CUSTOMS CLEARANCE DOSSIER

Commercial documents

Commercial Invoice.
Packing List.
Bill of Lading / Air Waybill.
Sales Contract / Purchase Order if any.
C/O if claiming preferential duty.
Catalogue/datasheet, product photos, original label, model/serial list.

Sectoral documents if triggered

Import licence for network information security products if applicable.
Business licence for ATTT products/services if required.
SIEM function description, technical documents, user manual.
Test report/conformity dossier if ICT/telecom policy is triggered.
Product labelling dossier, Vietnamese supplementary label, CR mark if applicable.
Explanation dossier for used/warranty/sample/project goods if any.

Dossier group	Required documents	Used for	Prepared by	Common error	Pre-ETA check
Commercial	Invoice, Packing List, Contract/PO	Value, quantity, goods description, Incoterms	Importer, procurement, shipper	Generic description, incomplete model, wrong origin	Compare with catalogue, original label and expected licence.
Transport	B/L or AWB, arrival notice, pre-alert	D/O, declaration, ETA tracking	Forwarder/agent, shipper	Wrong consignee, package mismatch, late pre-alert	Lock B/L data before ETA.
Technical	Catalogue, datasheet, user manual, licence sheet	HS classification and sectoral policy	Supplier, project technical team, importer	SIEM function or configuration not visible	Request official datasheet for exact model.
Sectoral	ATTT import licence/dossier if applicable	Clearance and policy explanation	Compliance/legal/importer	Licence application starts after cargo arrival; model mismatch	Prepare immediately after PO confirmation.
Origin	C/O and transport evidence if required	Special preferential duty	Shipper/exporter/importer	Wrong form, wrong HS, wrong description	Review C/O draft before issuance.

DECISION POINTS THAT MAY HOLD THE SHIPMENT

Decision point	Question to answer	Evidence	Consequence if unclear	Recommended handling
Nature of goods	Is it a complete SIEM appliance or server/licence/software only?	Catalogue, datasheet, licence sheet, product photos	Wrong HS and licensing policy	Standardise technical description before issuing invoice.
ATTT policy	Is the model in the licensed ATTT product list?	Circular 10/2022/TT-BTTTT appendix and product functions	Missing licence at declaration stage	Review before ETA and prepare licence dossier if triggered.
HS code	Which of 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43 or 8517.62.49 applies?	Datasheet, configuration, packaging, photos	Channel inspection, tax adjustment or query	Prepare an HS classification memo with technical evidence.
C/O	Is C/O valid in form, HS, description and origin criterion?	Draft C/O, invoice, packing list, B/L	Loss of special preferential duty	Review draft before goods arrive.
Labelling	Does original label show model, origin and manufacturer?	Label photos, catalogue, packing list	Supplementary labelling/explanation requested	Prepare Vietnamese supplementary label before circulation.
New/used status	Is it refurbished, RMA, warranty or demo goods?	Invoice, packing list, serial list, RMA note	Wrong policy, value or customs dossier	State goods condition clearly in documents.

PRACTICAL E2E PROCESS

1. Pre-ETA review

Confirm expected HS, ATTT policy, possible licence, MFN/ordinary duty/VAT, C/O and labelling before cargo arrival.

2. Lock documents and technical files

Cross-check invoice, packing list, B/L/AWB, catalogue, datasheet, model list, serial list, goods description, quantity, origin and specifications.

3. Prepare licence/sectoral dossier if any

If SIEM falls under the licensed ATTT list, prepare the licence dossier before ETA; do not wait until the cargo reaches port.

4. Submit customs declaration

Declare HS, value, C/O, goods description, model and sectoral policy. Prepare explanations for Green/Yellow/Red channels.

5. Clearance and delivery

Track customs result, release cargo, deliver to warehouse and complete supplementary labelling or conformity marking if applicable.

6. Post-clearance records

Archive shipment documents, licence, catalogue, C/O, HS/policy explanation dossier for post-clearance audit readiness.

PRE-ETA RISK CHECKLIST

Risk	Consequence	Pre-ETA control	Documents to check
Goods described only as server/security appliance	Wrong HS or missed ATTT licence	Standardise description according to SIEM function and exact model	Invoice, catalogue, datasheet
Missing ATTT import licence where applicable	Shipment hold, supplementary dossier, storage cost	Review Circular 10/2022/TT-BTTTT at PO stage	Catalogue, model, functions, licence dossier
Model mismatch across invoice, packing list, licence and catalogue	Document amendment or explanation required	Use one model naming convention across all files	Model list, serial list, label photos
Incorrect C/O form/HS/description	Loss of FTA preference	Review C/O draft before issuance	C/O draft, invoice, B/L
Unreviewed refurbished/warranty/project status	Wrong policy, value or import purpose	Confirm goods condition and purpose before shipment	RMA, warranty note, PO, invoice
Lack of technical documents under Yellow/Red channel	Clearance delay and document query	Prepare technical explanation and HS memo	Datasheet, user manual, technical memo

FAQ – COMMON ENTERPRISE QUESTIONS

Does SIEM import require a licence?

It may require an import licence for network information security products if it is a complete device in the SIEM list. Review model, function and technical dossier.

Which HS code should be used for SIEM?

Key reference codes include 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43 or 8517.62.49 depending on structure and function. Do not classify based only on trade name.

Is VAT 10% or 8%?

Use 10% as baseline and apply 8% only if the goods are eligible at declaration time and not excluded under current VAT reduction rules.

Can C/O reduce import duty?

Yes, if the C/O is valid, correct in form, origin, HS, description and origin criterion under the relevant FTA.

Are sample or warranty goods handled like commercial goods?

Do not assume so. Sample, warranty, RMA or project goods require separate review of purpose, value and sectoral policy.

What if the model on invoice differs from the catalogue?

Amend or supplement documents before ETA. After declaration, customs may request explanation or amendment.

Is SIEM software licence delivered by email covered here?

No. This article covers tangible goods/appliance import. Digital licence or SaaS should be reviewed as a separate software/service transaction.

IMPLEMENTATION SUPPORT FROM TGIMEX

This article provides a review map for HS code, duties, C/O, customs dossier and sectoral policy for SIEM. In an actual shipment, enterprises should still verify the catalogue, datasheet, model, security functions, documents, origin and import purpose.

Pre-ETA review

Check HS code, network information security policy, C/O, duties, labelling, catalogue/datasheet and model list before arrival.

Compliance dossier control

Cross-check invoice, packing list, B/L/AWB, C/O, licence, catalogue, test report if any, labels and technical documents.

International logistics coordination

Coordinate with agents, carriers/airlines, monitor ETA, pre-alert and transport documents to protect the timeline.

Customs and post-clearance

Prepare customs dossier, manage Green/Yellow/Red channel responses, support HS/value/origin/policy explanations and archive records.

For SIEM shipments that may involve licences, C/O or labelling requirements, enterprises should not wait until cargo arrival to start document review. Even a small mismatch among Invoice, Packing List, catalogue, datasheet, C/O or labels may lead to document queries, clearance delay or unexpected storage costs.

Có liên quan

QUICK CONSULTATION

NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?

Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.

CALL NOW

HOTLINE 0963 856 664 / 0982 135 393

EMAIL info@tgimex.com

SUITABLE FOR International shipping · Customs procedures · Import licenses · B2B logistics

ELECTRICAL – ELECTRONICS – IT EQUIPMENT

F&B

MACHINERY

HOUSEHOLD GOODS

COSMETICS – PERSONAL CARE