As part of the implementation of its November 2015 Law on Network Information Security, Vietnam is planning to impose an import licensing scheme for certain cyber information security products with specified core functions. However, at the request of the Office of the U.S. Trade Representative Vietnam has agreed to delay this requirement pending additional clarification on the products and companies that will be affected. In the meantime USTR is soliciting comments and concerns on the potential impact of this requirement on U.S. exporters.
Items covered by the import licensing requirement are classified under various HTS 8471 subheadings. While it remains unclear which items will be considered to have the required core function for cyber security information, a release from Vietnam’s Ministry of Information and Communication details three categories.
- products that scan, check, and/or analyze the architecture, status, and record data of an information system, detect its flaws and weaknesses, and examine risks to information safety
- products that supervise and analyze data in an information system, collect and analyze record data in real time, and detect and alert on unusual events or those with potential danger to information safety
- products that stop attacks and intrusions into information systems (a category that could be broadly interpreted to include many products that have standard mechanisms to deter cyber attacks)
Currently available information indicates that spare parts and components will not be subject to import licensing.
Covered products will also likely require a Vietnam business license to be imported or exported.
For more information, or for assistance in developing or submitting comments to USTR, please contact Sandler, Travis & Rosenberg’s Export Controls and Economic Sanctions group.