Tiếng Việt
中文 (中国)
IMPORT PROCEDURE FOR CYBER INFORMATION SECURITY PRODUCTS
Cyber information security products may be held at clearance when the commercial name does not prove the anti-intrusion, monitoring, security assessment, HS classification, import license and technical dossier requirements. This article provides an E2E control map from pre-ETA review to post-clearance file retention.
KEY TERMS BEFORE REVIEWING CYBER SECURITY PRODUCTS
Products protecting information systems through anti-intrusion, monitoring, assessment or risk control functions.
A specialized approval required for listed cyber information security products before customs clearance or market use.
Technical documents proving model, function, connection standard, hardware/software configuration and security features.
Customs classification code. It must not be decided only by commercial names such as firewall, SIEM or WAF.
Certificate of Origin used to examine preferential tariff treatment and origin compliance.
Estimated Time of Arrival. For this product group, the dossier should be locked before ETA to reduce storage and demurrage risk.
PRODUCT CLASSIFICATION & TECHNICAL IDENTIFICATION
This article applies to imported cyber information security products under specialized management, including hardware devices integrated with security software, appliances, gateways, monitoring systems, anti-intrusion devices, assessment tools and similar variants. It does not automatically apply to every ordinary IT device if the model does not have a cyber security function listed in the applicable catalogue.
The actual review must be based on catalogue, datasheet, model, function, deployment architecture, accompanying software license, import purpose and actual condition of the goods.
| Product group/situation | Technical signs to check | Example model/function | Proof documents | Possible policy | Dossier to compare | Application note |
|---|---|---|---|---|---|---|
| Endpoint security products | Protection for PC, server, mobile device or endpoint gateway; centralized anti-intrusion/security engine. | PC/server protection appliance, mobile security, endpoint protection gateway. | Catalogue, datasheet, user manual, license description, model list. | Cyber security import license if listed; review ICT/QC if wireless modules exist. | Invoice, Packing List, B/L/AWB, catalogue, business license if required. | Do not conclude from names such as “server” or “gateway” without security function evidence. |
| Network security products | Access control, firewall, IPS/IDS, DDoS prevention, UTM, VPN, network monitoring. | Firewall, NAC, IPS/IDS, DDoS appliance, SIEM, UTM, Network Monitoring, VPN gateway. | Datasheet, topology, function description, port list, software module list. | Cyber security license; civil cryptography review may arise if encryption functions fall under a separate list. | Model/serial list, technical function documents, license contract, C/O if used. | Ordinary network equipment and cyber security equipment may share HS groups but differ in specialized policy. |
| Application layer security | Web application protection, email security, monitoring/assessment of application security. | WAF, Email Security, Web App Security appliance. | Datasheet, deployment guide, anti-spam/anti-phishing/WAF rules, license description. | Cyber security import license if included in the list. | Catalogue, import license, declaration, commercial documents. | Separate physical appliance import from electronically delivered software/license. |
| Data protection products | Data loss prevention, database security, storage security. | Database Security, Storage Security, DLP appliance. | Technical file, architecture diagram, encryption/monitoring functions, license scope. | Cyber security; civil cryptography may arise where encryption is the core feature. | Datasheet, function description, relevant licenses. | Separate data security, encryption, storage and transmission functions. |
| Sample, POC, warranty or project goods | Import purpose, quantity, intended use period, commercial sale or internal test only. | Demo appliance, POC device, replacement unit. | Contract, purpose confirmation, project documents, model/serial. | A license may still be required if the product is listed. | PO/contract, explanation letter, catalogue, technical file. | “Sample” status should not be used to bypass licensing unless a valid exemption exists. |
HS CODE – DUTY – C/O
HS classification should reflect the actual nature of the product: automatic data processing machine, data transmission/reception device, router/switch/gateway, software-integrated appliance, or parts/accessories. The cyber security list includes reference HS codes; final customs declaration still depends on the Vietnam Import-Export Nomenclature, actual description, technical file and customs classification principles.
| Reference HS | Suitable group | Classification basis | Application condition | Ordinary duty | MFN duty | VAT | C/O/FTA | Dossier to check |
|---|---|---|---|---|---|---|---|---|
| 8471.30.90 | Portable ADP machines; may apply to certain security appliances if the description fits. | ADP configuration, processor, keyboard/screen if any, main function. | Only when the product fits heading 84.71 and no more specific heading applies. | 0% reference where ordinary tariff follows MFN 0%; verify on declaration date. | 0% reference commonly reviewed for ADP group. | 10% | ATIGA, ACFTA/RCEP, AKFTA/VKFTA, AJCEP/VJEPA/CPTPP/RCEP, EVFTA, UKVFTA if origin qualifies. | Catalogue, datasheet, photos, invoice, packing list, C/O, configuration explanation. |
| 8471.41.90 | ADP machines in the same housing with at least CPU, input and output units. | ADP structure, hardware configuration, processing capacity and packaging. | For integrated ADP-type cyber security systems. | 0% reference; check current tariff. | 0% reference; finalize by final HS. | 10% | C/O may evidence origin even when MFN already equals 0%. | Datasheet, BOM if any, model/serial list, security function description. |
| 8471.49.90 | ADP machines presented as systems. | Integrated system, processing unit, I/O modules, connection method and use. | When the product is an ADP system rather than a pure transmission device. | 0% reference; check current tariff. | 0% reference. | 10% | Check C/O form and origin criteria by import route. | Catalogue, topology, project contract, module list. |
| 8517.62.43 | Controllers, adaptors, gateways, bridges, routers or similar devices designed for ADP connection. | Transmission/reception/conversion function, ports, protocols and network configuration. | May fit firewall, IPS/IDS, UTM, VPN gateway, WAF appliance if technical description matches. | 0% reference; code applies in the cyber security list from 01/12/2022; check tariff. | 0% reference. | 10% | Check C/O by route; product description must match network/cyber security equipment. | Datasheet, port list, model list, C/O, cyber security import license. |
| 8517.62.49 | Other data receiving, converting, transmitting or regenerating devices, including switches/routers. | Data transmission/reception function and role in network. | Often reviewed for network-layer cyber security devices, monitoring and anti-intrusion appliances. | 0% reference; check current ordinary tariff. | 0% reference. | 10% | Check ATIGA, ACFTA/RCEP, AKFTA/VKFTA/RCEP, AJCEP/VJEPA/CPTPP/RCEP, EVFTA/UKVFTA where applicable. | Catalogue, datasheet, import license, C/O, invoice/packing list. |
Tax note: the above rates are operational references for common HS groups. For real shipments, verify the tariff schedule, amendments on the customs declaration date, origin, C/O and final classification.
SPECIAL PREFERENTIAL C/O/FTA REVIEW BY ROUTE
| Route/origin | FTA | C/O form or origin proof | Preferential rate if basis exists | Condition | Dossier | Note |
|---|---|---|---|---|---|---|
| ASEAN | ATIGA | Form D | Often reviewed at 0% if HS qualifies. | Origin criteria and direct consignment. | C/O, invoice, packing list, B/L, HS description. | Compare with MFN if MFN already 0%. |
| China | ACFTA or RCEP | Form E or RCEP proof | Check by final HS. | Correct form, origin criterion, third-party invoice if any. | C/O, invoice, B/L, catalogue. | Description and HS must match customs file. |
| Korea | AKFTA, VKFTA or RCEP | Form AK, Form VK or RCEP proof | Check by agreement. | Origin criteria and transport evidence. | C/O, invoice, packing list, B/L. | Select the agreement with suitable duty and documentation. |
| Japan | VJEPA, AJCEP, CPTPP or RCEP | Form VJ, Form AJ, CPTPP/RCEP proof | Check by route. | Agreement-specific origin rules. | Origin proof, invoice, catalogue. | Origin criteria may differ among agreements. |
| EU/UK | EVFTA or UKVFTA | EUR.1 or self-certification if eligible. | Check EVFTA/UKVFTA schedules. | Proper origin proof and direct transport. | Origin proof, invoice, transport document. | Check self-certification eligibility. |
| Australia/New Zealand | AANZFTA or CPTPP | Form AANZ or CPTPP proof | Check corresponding schedule. | Origin rule and transport proof. | C/O or origin proof, invoice, B/L. | Country of shipment is not always country of origin. |
| India/Hong Kong | AIFTA or AHKFTA | Form AI or AHKFTA proof | Check by HS and agreement. | Correct form, origin criterion and itinerary. | C/O, transport documents, invoice. | Technical description must be consistent. |
DOSSIER & SUBMISSION METHOD
The dossier should be separated into commercial documents, technical/specialized documents and authority submission files. Product name, model, serial, quantity, origin, security function and HS must match across commercial documents, catalogue, license and customs declaration.
| Dossier group | Documents | Used for | Prepared by | Common errors | Pre-ETA check |
|---|---|---|---|---|---|
| Commercial | Commercial Invoice, Packing List, Sales Contract/PO, B/L or AWB. | Booking, customs declaration, customs value. | Buyer, seller, Docs, Forwarder. | Inconsistent name, wrong model, missing serial, wrong Incoterms. | Compare PO, invoice, packing list and catalogue in one master sheet. |
| Technical | Catalogue, datasheet, user manual, topology, model/serial list, license description. | HS classification, ATTT/MMDS/ICT identification, customs explanation. | Supplier, technical team, Compliance. | Datasheet does not show security function or model mismatch. | Ask supplier to confirm model, firmware, software modules and security functions. |
| Specialized cyber security | Application form, business license for cyber security products/services if required, certificate/declaration of conformity if any, technical documents in Vietnamese/English. | Import license application. | Importer, Legal/Compliance, customs consultant. | Missing business license, missing technical file, unclear product function. | Check enterprise conditions and product list before shipment. |
| Origin | C/O or origin proof, third-party invoice if any, through B/L. | Preferential duty and origin evidence. | Seller, shipper, importer. | Wrong form, HS, description, stamp/signature or origin country. | Compare C/O with invoice, packing list, B/L and HS before declaration. |
| Customs | Customs declaration, VNACCS attachments, cyber security license, catalogue, transport documents. | Declaration and channel handling. | Customs broker, Docs, Importer. | Overly short product description not showing model/function. | Standardize description: product name + model + function + condition + origin. |
Submission may be made directly, by post or online via the competent authority’s public service portal/national public service portal. Due to administrative restructuring, enterprises should verify the active receiving portal at the time of filing.
LEGAL BASIS & SPECIALIZED POLICY MATRIX
LEGAL BASIS TO REVIEW
| Document group | Name/number | Issuing authority | Effective timing | Role | Key article/appendix | Review note |
|---|---|---|---|---|---|---|
| Law | Law on Cyber Information Security 2015 | National Assembly | Verify current validity. | Legal basis for cyber security products/services and import licensing. | Conditions relating to cyber security products and licensing. | Read with decrees and circulars. |
| Law | Law on Foreign Trade Management 2017 | National Assembly | Verify current validity. | General framework for import/export goods subject to license or conditions. | Specialized management measures. | Read with Decree 69/2018/ND-CP. |
| Decree | Decree 108/2016/ND-CP | Government | Effective from 01/07/2016; check amendments. | Regulates cyber security business conditions and products imported under license. | Article 4: assessment, monitoring and anti-intrusion products. | Does not cover civil cryptography business. |
| Decree | Decree 69/2018/ND-CP | Government | Verify current validity. | Details the Law on Foreign Trade Management. | Goods controlled by license/conditions. | General import management basis. |
| Circular | Circular 13/2018/TT-BTTTT | MIC | Amended by Circular 10/2022/TT-BTTTT. | Original list and import license procedure. | List, dossier and procedure. | Read with amendments. |
| Circular | Circular 10/2022/TT-BTTTT | MIC | Effective from 15/09/2022; HS 8517.62.43 applies from 01/12/2022. | Amends procedure and replaces the list of cyber security products imported under license. | Appendix I and 05 working-day appraisal timeline. | Check product list by model. |
| Administrative procedure | Decision 1557/QD-BTTTT in 2022 | MIC | Check active public service portal. | Announces import license administrative procedure. | Dossier, submission method, timeline and fee. | Portal may be updated after restructuring. |
| Institutional structure | Decree 55/2025/ND-CP | Government | Effective from 01/03/2025 per published information; verify receiving authority. | Defines functions and structure of the Ministry of Science and Technology. | Review transition of information, communications and cyber security functions if applicable. | Do not rewrite old legal text; verify current portal. |
| Tariff | Current import-export tariffs and special preferential tariff schedules | Government/MOF | Customs declaration date. | Determines ordinary duty, MFN, VAT and FTA preferential duty. | HS 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43, 8517.62.49. | Finalize by actual dossier and final HS. |
SPECIALIZED POLICY MATRIX BY GOODS SITUATION
| Goods situation | Legal basis to compare | Possible policy | Authority/portal if identified | Trigger condition |
|---|---|---|---|---|
| Anti-intrusion product | Cyber Information Security Law, Decree 108/2016/ND-CP, Circular 10/2022/TT-BTTTT. | Cyber security import license. | Authority named in the specialized document; verify current portal. | Datasheet shows anti-intrusion function and listed product. |
| Cyber security monitoring product | Circular 10/2022/TT-BTTTT, Appendix I. | Import license and function explanation. | Public service portal of competent authority or national portal. | SIEM, network monitoring, threat intelligence or centralized monitoring. |
| Assessment/testing product | Decree 108/2016/ND-CP, Circulars 13/2018 and 10/2022. | Cyber security import license if listed. | Cyber security authority/current portal. | Scanning, vulnerability assessment or security evaluation function. |
| Encryption/data security device | Cyber security and civil cryptography regulations if cryptography falls under a separate scope. | May require both cyber security and civil cryptography review. | Relevant cyber security and cryptography authorities. | Encryption module, key management, data encryption in storage/transmission. |
| Wi-Fi/Bluetooth/4G/5G device | ICT/telecom group-2 product lists and relevant QCVN if any. | Quality inspection/conformity certification/declaration may arise in addition to cyber security license. | Telecom/conformity bodies under current policy. | Wireless transceiver module or wireless connection standard. |
| Used/refurbished goods | Policy on used goods, prohibited/restricted lists and technical dossier. | Additional import conditions or explanation may arise. | Customs and specialized authority if any. | Documents show used/refurbished status, year of manufacture, import purpose. |
| EPE/FDI/factory/project import | Customs law, specialized management policy and project dossier. | License/policy review still applies if the product is listed. | Customs, specialized authority, management board if any. | Import purpose, declaration type, user, project documents. |
PROCESSING TIME, FEES & RISK COSTS
Processing time depends on dossier completeness, clarity of product function and the active receiving portal. The following timeline is for operational planning and does not replace the authority’s actual acceptance result.
| Step | Reference timeline/fee | Condition to avoid delay | Risk cost if delayed |
|---|---|---|---|
| Prepare technical and commercial documents | Preferably at least 05–07 working days before ETA for licensed shipments. | Full catalogue, datasheet, model list, business license if required. | DEM/DET, storage, document amendment, project delay. |
| Completeness check | Public service portal indicates around 02 working days. | Correct forms, sufficient technical file, consistent enterprise information. | Dossier supplement, delayed declaration or customs explanation. |
| Appraisal and license issuance | Valid dossier processing around 05 working days. | Listed product, qualified enterprise, clear technical function. | Container/storage costs and project implementation delay. |
| State fee | National public service portal currently shows approximately VND 200,000; verify at filing time. | File via correct channel and complete payment instruction. | Dossier may remain pending if fee obligation is incomplete. |
| Clearance and post-clearance obligations | Depends on customs channel and document status. | License, HS, C/O, label, catalogue and declaration match. | Post-clearance audit, tax arrears, penalties, project acceptance difficulties. |
PRACTICAL E2E PROCEDURE
Pre-check HS, product list, C/O, label, enterprise condition and possible MMDS/ICT overlap.
Lock invoice, packing list, B/L/AWB, catalogue, datasheet, model/serial list and consistent product function.
Branch into cyber security, civil cryptography, ICT/QC or ordinary customs based on function and list.
File via active receiving channel and monitor supplementation requests and timeline.
Green: conditional clearance; Yellow: document check; Red: document and physical inspection.
Explain HS, model, function, license, C/O and value; coordinate trucking when conditions are met.
Retain declaration, license, catalogue, C/O, transport and explanation files by shipment.
FAQ
1. Which cyber security products require an import license?
Products for cyber security assessment, monitoring and anti-intrusion, and specific products in the current list, must be reviewed by actual model and function.
2. Do firewall, IPS/IDS, WAF and SIEM always require licensing?
They are common triggers for review, but the final conclusion depends on datasheet, function, import mode, goods condition and the effective list.
3. Is electronically delivered software license treated as physical imported goods?
If no physical goods cross the border, treatment differs from imported appliances. However, business conditions, contract, payment and tax issues still need review.
4. Are samples or POC devices exempt?
Do not assume exemption. Check applicable rules, import purpose, quantity, use period, commercial sale status and proof documents.
5. Is the HS code in the circular the final customs HS?
Not always. Listed HS codes are for specialized management reference; customs classification still follows the nomenclature, actual description and classification rules.
6. Can C/O reduce duty for cyber security products?
It may, if final HS and origin meet the relevant tariff schedule. Where MFN is already 0%, C/O may mainly support origin compliance rather than reduce duty.
7. Can a cyber security product also be civil cryptography?
Yes, if encryption, key management or cryptographic functions fall under civil cryptography management. Separate the functions in the technical dossier.
8. What should be retained after clearance?
Declaration, license, invoice, packing list, B/L/AWB, C/O, catalogue, datasheet, model/serial list, HS/policy explanation and delivery records.
FINAL OUTPUTS & POST-CLEARANCE OBLIGATIONS
Import license if applicable, cleared customs declaration, submitted specialized dossier, tax/C/O documents and technical explanation file.
Retain shipment files, labels, technical documents, licenses and explanation materials for post-clearance audit or project acceptance.
GIẢI PHÁP TỪ TGIMEX
For cyber information security products, import control should be handled as one integrated workflow before ETA: technical identification, document locking, specialized licence review, HS – duty – C/O verification, and port/warehouse execution planning. The objective is to reduce storage risk, repeated dossier supplementation and delivery delays for enterprise or project cargo.
Check whether the product falls under cyber security import licensing, overlaps with civil cryptography or ICT group-2 controls, and verify the competent authority/filing portal at the time of submission.
Review catalogue, datasheet, user manual, model/serial list, security functions, encryption functions, data transmission modules, software licences and accessories to avoid incorrect goods description.
Compare the reference HS with the final customs HS, MFN duty, VAT, FTA/C/O preferential treatment, origin criteria and description consistency across C/O, invoice, packing list and catalogue.
Prepare the import licence dossier for cyber security products when applicable, including authorization, technical description, enterprise information and supporting documents before online filing.
Synchronize overseas agent, carrier, customs broker, port/warehouse and trucking schedule to reduce DEM/DET risks caused by delayed specialized documentation.
Complete shipment-level retention records: declaration, licence, commercial documents, C/O, catalogue, datasheet, HS/policy explanation and delivery records for audit and post-clearance review.
| Support stage | Core control tasks | Operational output |
|---|---|---|
| Before cargo departure | Review model, function, HS, C/O, cyber security/MMDS/ICT triggers and documents required from supplier. | Pre-ETA risk review and supplier document request list. |
| Before ETA | Lock invoice, packing list, B/L/AWB, catalogue, datasheet, model/serial list and specialized dossier. | Standardized document pack for filing, customs declaration and technical explanation. |
| During clearance | Monitor specialized dossier, customs channel, HS/policy explanation, C/O, valuation and cargo release plan. | Issue-by-issue handling route for licence, customs dossier, C/O, model and trucking schedule. |
| After clearance | Complete records, verify labelling/technical obligations and prepare post-clearance explanation files. | Shipment-level compliance file for project handover, internal audit and post-clearance inspection. |
NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?
Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.
Law 41/2013/QH13 on Plant Protection and Quarantine – notes for import/export businesses
Law on Veterinary Medicine 79/2015/QH13: Notes for Import-Export and Logistics Businesses
Law on Veterinary Medicine No. 79/2015/QH13: quarantine compliance notes for import-export logistics
Law No. 41/2013/QH13 on Plant Protection and Quarantine: Operational Notes for Importers, Exporters and Logistics Teams
Vietnam Law on Veterinary Medicine No. 79/2015/QH13: Compliance notes for animal quarantine, animal products and import-export logistics
Import procedure for electric, battery-powered and technology-based beauty devices
Import procedure guide for cosmetic samples, testers, exhibition and research products
Import Procedure Guide for Non-electric Beauty Packaging / Tools / Accessories
Import procedure for cosmetic ingredients and raw materials
IMPORT PROCEDURE GUIDE FOR COSMETIC GIFT SETS AND PRODUCT COMBOS
Import procedure for general finished cosmetic products in Vietnam
IMPORT PROCEDURE FOR COSMETICS WITH DANGEROUS GOODS RISK IN TRANSPORTATION
Import procedure guide for cosmetics with borderline claims / functions
Import Procedure Guide for Makeup and Color Cosmetics
IMPORT PROCEDURE FOR HAIR DYE, BLEACHING, PERMING AND STRAIGHTENING PRODUCTS